Jisuanji kexue yu tansuo (Dec 2024)

Review of Research on Adversarial Attack in Three Kinds of Images

  • XU Yuhui, PAN Zhisong, XU Kun

DOI
https://doi.org/10.3778/j.issn.1673-9418.2404001
Journal volume & issue
Vol. 18, no. 12
pp. 3080 – 3099

Abstract

Read online

In recent years, there have been numerous breakthroughs in deep learning, leading to the expansion of applications based on deep learning into a wide range of fields. However, due to the vulnerability of deep neural networks, they are highly susceptible to threats from adversarial samples, posing significant security challenges in their application. As a result, adversarial attack has been a hot research area. Since deep neural networks are widely used in image tasks, research on adversarial attacks in the image field is a key to enhancing security, and a lot of research from different perspectives has been carried out. Existing studies on image attacks can mainly be categorized into three forms: visible light images, infrared images, and synthetic aperture radar (SAR) images. Firstly, this paper introduces the basic concepts and adversarial sample terms related to image adversarial samples, and then summarizes the adversarial attack methods for three types of images according to their attack ideas. Meanwhile, the attack success rate (ASR), memory size, and applicable scenarios of the attack methods for three types of images are compared and analyzed. At the same time, a brief introduction is made to the defense strategy research in the field of image adversarial samples, mainly summarizing three existing defense methods. Finally, the current status of image adversarial samples is analyzed, the possible research directions of adversarial attacks in the future image field are prospected, the potential problems that may be encountered in the future are summarized, and corresponding solutions are provided.

Keywords