对抗攻击⽅法汇总(持续更新)
lousy
⾃从2014年Szegedy等⼈提出对抗样本以来,不断有研究者提出新的对抗攻击⽅法。本⽂汇总了当前已有的绝⼤多数算法,以抛砖引⽟⽤,并不断更新。
Adversarial Attacks Transparency Specificity
L-BFGS White box Targeted, Non targeted
FGSM White box Targeted, Non targeted英文童话故事
BIM White box Targeted, Non targeted
ILCM White box Targetedcreep什么意思
R+FGSM White box Targeted, Non targeted
AMDR White box Targeted, Non targeted
JSMA White box Targeted, Non targeted
SBA Black box Targeted, Non targeted
Hot/Cold White box Targeted
One-pixel Semi-blackbox Targeted, Non targeted
C&W White box Targeted, Non targeted
DeepFool White box Non targeted
UAP White box Non targeted
DFUAP White box Non targeted
VAE Attacks White box Targeted, Non targeted
过去式的构成ZOO Black box Targeted, Non targeted
UPSET Black box Targeted
ANGRI Black box Targeted
Houdini White, Black box Targeted, Non targeted
MI-FGSM White box Targeted, Non targeted
ATN White box Targeted
PGD White box Targeted
AdvGAN White box Targeted, Non targeted
Boundary Attack Black box Targeted, Non targeted
NAA Black box Non targeted
stAdv White box Targeted, Non targeted
EOT White box Targeted, Non targeted
BPDA White box Targeted, Non targeted
SPSA Black box Targeted, Non targeted
DDN White box Targeted, Non targeted Adversarial Attacks Transparency Specificity
CAMOU Black box Non targeted
L-BFGS: Intriguing properties of neural networks
FGSM: Explaining and Harnessing Adversarial Examples
BIM & ILCM: Adversarial examples in the physical world
R+FGSM: Enmble Adversarial Training: Attacks and Defens
AMDR: Adversarial Manipulation of Deep Reprentations
ybcJSMA: The Limitations of Deep Learning in Adversarial Settings
SBA: Practical Black-Box Attacks against Machine Learning
Hot/Cold: Adversarial Diversity and Hard Positive Generation
One-pixel: One pixel attack for fooling deep neural networks
C&W: Towards Evaluating the Robustness of Neural Networks
basto
DeepFool: DeepFool: a simple and accurate method to fool deep neural networks
UAP: Universal adversarial perturbations
DFUAP: Generalizable Data-free Objective for Crafting Universal Adversarial Perturbations
VAE Attacks: Adversarial examples for generative models
ZOO: ZOO: Zeroth Order Optimization Bad Black-box Attacks to Deep Neural Networks without Training Substitute Models
UPSET: UPSET and ANGRI : Breaking High Performance Image Classifiers
ANGRI: UPSET and ANGRI : Breaking High Performance Image Classifiers
三位外交官被驱逐Houdini: Houdini: Fooling Deep Structured Prediction Models
estimatesMI-FGSM: Boosting Adversarial Attacks With Momentum
ATN: Adversarial Transformation Networks: Learning to Generate Adversarial Examples
PGD: Towards Deep Learning Models Resistant to Adversarial Attacks
AdvGAN: ## Generating Adversarial Examples with Adversarial Networks
Boundary Attack: Decision-Bad Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models NAA: ## Generating Natural Adversarial Examples
stAdv: Spatially Transformed Adversarial Examples
EOT: Synthesizing Robust Adversarial Examples
anone
BPDA: Obfuscated Gradients Give a Fal Sen of Security: Circumventing Defens to Adversarial Examples
SPSA: Multivariate stochastic approximation using a simultaneous perturbation gradient approximation
DDN: Decoupling Direction and Norm for Efficient Gradient-Bad L2 Adversarial Attacks and Defens
CAMOU: CAMOU: Learning Physical Vehicle Camouflages to Adversarially Attack Detectors in the Wild
参考
[1] Akhtar N, Mian A. Threat of adversarial attacks on deep learning in computer vision: A survey[J]. IEEE Access, 2018, 6:
14410-14430.
[2] Yuan X, He P, Zhu Q, et al. Adversarial examples: Attacks and defens for deep learning[J]. IEEE transactions on neural
山东大学威海分校继续教育学院networks and learning systems, 2019, 30(9): 2805-2824.
[3] Wiyatno R R, Xu A, Dia O, et al. Adversarial Examples in Modern Machine Learning: A Review[J]. arXiv preprint
arXiv:1911.05268, 2019.
