DOI:10.19850/j.cnki.2096-4706.2021.22.024

中图分类号：TP18                                          文献标识码：A                               文章编号：2096-4706（2021）22-0082-04

Overview on Adversarial Sample Generation and Defense Methods

LIU Haiyan, LYU Han

(The Army Armored Military Academy of PLA, Beijing 100071, China)

Abstract: With the continuous development of artificial intelligence, machine learning has achieved good application effects in many fields. However, the emergence of adversarial samples poses a serious threat to the security of machine learning models and reduces the accuracy of machine learning model classification. This paper briefly describes the origin, concept and different adversarial attack methods of adversarial samples, studies typical adversarial sample generation methods and defense methods, and on this basis, puts forward the future development trend of adversarial attack and adversarial attack defense.

Keywords: machine learning; adversarial sample; neural network; adversarial attack

参考文献：

[1] SZEGEDY C,ZAREMBA W,SUTSKEVER I. Intriguing properties of neural networks [J/OL].arXiv:1312.6199 [cs.CV].(2013-12- 21).https://arxiv.org/abs/1312.6199.

[2] GOODFELLOW I J,SHLENS J,SZEGEDY C. Explaining and Harnessing Adversarial Examples [J/OL].arXiv:1412.6572 [stat.ML]. （2014-12-20）.https://arxiv.org/abs/1412.6572v3.

[3] KURAKIN A,GOODFELLOW I,BENGIO S. Adversarial examples in the physical world [J/OL].arXiv:1607.02533 [cs.CV].(2016- 07-08).https://arxiv.org/abs/1607.02533v1.

[4] 刘会 , 赵波 , 郭嘉宝 , 等 . 针对深度学习的对抗攻击综述 [J]. 密码学报 , 2021, 8(2): 202-214.

[5] CARLINI N,WAGNER D. Towards Evaluating the Robustness of Neural Networks [J/OL].arXiv:1608.04644 [cs.CR].(2016-08-16). https://arxiv.org/abs/1608.04644.

[6] BRENDEL W,RAUBER J,BETHGE M. Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models [J/OL].arXiv:1712.04248 [stat.ML].(2017-12-12). https://arxiv.org/abs/1712.04248.

作者简介：刘海燕（1970—），女，汉族，北京人，教授，博士，研究方向：信息安全与对抗技术；吕涵（1993—），女，汉族， 江苏连云港人，硕士研究生，研究方向：信息安全与对抗技术。