网络与信息安全学报2024,Vol.10Issue(2):1-21,21.DOI:10.11959/j.issn.2096-109x.2024026
基于光学的物理域对抗攻防综述
Survey of optical-based physical domain adversarial attacks and defense
摘要
Abstract
Deep learning models are misled into making false predictions by adversarial attacks that implant tiny perturbations into the original input,which are imperceptible to the human eye.This poses a huge security threat to computer vision systems that are based on deep learning.Compared to digital-domain adversarial attacks,physical-domain adversarial attacks are enabled to introduce perturbations into the input before the adversarial input is captured by the acquisition device and converted into a binary image within the vision system,posing a real security threat to deep learning-based computer vision systems.Optical-based physical-domain adversarial attack techniques,such as those using projected irradiation as a typical example,are more likely to be overlooked and provided negligible protection due to their perturbations being very similar to effects produced by natural environments in the real world.Given their high degree of invisibility and executability,they could pose a significant or even fatal threat to real systems.Based on existing research work,the introduction and discussion of optical-based physical-domain adversarial attack techniques within computer vision systems were presented.The attack scenarios,tools,goals,and performances of these techniques were compared and analyzed.Potential future research directions for optical-based physical-domain adversarial attacks were also discussed.关键词
对抗攻击/深度学习/安全威胁/光学物理域对抗攻击Key words
adversarial attack/deep learning/security threat/optical physical domain adversarial attack分类
信息技术与安全科学引用本文复制引用
陈晋音,赵晓明,郑海斌,郭海锋..基于光学的物理域对抗攻防综述[J].网络与信息安全学报,2024,10(2):1-21,21.基金项目
国家自然科学基金(No.62072406) (No.62072406)
浙江省自然科学基金(No.LDQ23F020001)The National Natural Science Foundation of China(No.62072406),The Natural Science Foundation of Zhe-jiang province(No.LDQ23F020001) (No.LDQ23F020001)
