摘要
Abstract
Deep learning techniques have been widely applied in core tasks of computer vision,such as image classifica-tion and object detection,achieving remarkable progress.However,owing to the complexity and inherent uncertainty of deep learning models,they are highly vulnerable to adversarial attacks.In these attacks,attackers subtly manipulate data by adding carefully designed perturbations that cause the model to make incorrect predictions with high confidence.Such adversarial examples pose significant challenges and potential threats to the reliability and security of models in real-world applications.For example,attackers can use adversarial glasses to mislead facial recognition systems,caus-ing identity misclassification,which could lead to illegal access or identity fraud,threatening public safety and personal privacy.Similarly,adversarial noise added to the monitoring data of autonomous driving systems,while not altering the characteristics of vehicles,may cause the system to miss detecting important vehicles,leading to traffic disruptions or even accidents with severe consequences.This paper reviews the current research on adversarial attacks and defense tech-niques.Specifically,it covers the following three aspects:1)It introduces the basic concepts and classifications of ad-versarial examples,analyzes various forms and strategies of adversarial attacks,and provides examples of classic adver-sarial example generation methods.2)It describes the defense methods against adversarial examples,systematically cat-egorizing algorithms that enhance model robustness from three directions,namely,model optimization,data optimiza-tion,and additional network structures.The innovation and effectiveness of each defense method are discussed.3)It presents application cases of adversarial attacks and defenses,expounding on the development status of adversarial at-tack and defense in the era of large model and analyzing the challenges encountered in real-world applications and pos-sible solutions.Finally,the paper summarizes and analyzes the current state of adversarial attack and defense methods and offers insights into future research directions in this domain.关键词
对抗攻击/对抗防御/深度学习/计算机视觉/可信人工智能Key words
adversarial attack/adversarial defense/deep learning/computer vision/trusty artificial intelligence分类
信息技术与安全科学
