VIP内容
对抗样本攻击与防御是最近几年兴起的一个研究热点,攻击者通过微小的修改生成对抗样本来使深度神经网络预测出错。生成的对抗样本可以揭示神经网络的脆弱性,并可以修复这些脆弱的神经网络以提高模型的安全性和鲁棒性。对抗样本的攻击对象可以分为图像和文本两种,大部分研究方法和成果都针对图像领域,由于文本与图像本质上的不同,在攻击和防御方法上存在很多差异。该文对目前主流的文本对抗样本攻击与防御方法做出了较为详尽的介绍,同时说明了数据集、主流攻击的目标神经网络, 并比较了不同攻击方法的区别。最后总结文本对抗样本领域面临的挑战,并对未来的研究进行展望。
成为VIP会员查看完整内容
文本对抗样本攻击与防御技术综述
热门内容
最新内容
最新论文
During the last decade, Deep Neural Networks (DNN) have progressively been integrated on all types of platforms, from data centers to embedded systems including low-power processors and, recently, FPGAs. Neural Networks (NN) are expected to become ubiquitous in IoT systems by transforming all sorts of real-world applications, including applications in the safety-critical and security-sensitive domains. However, the underlying hardware security vulnerabilities of embedded NN implementations remain unaddressed. In particular, embedded DNN implementations are vulnerable to Side-Channel Analysis (SCA) attacks, which are especially important in the IoT and edge computing contexts where an attacker can usually gain physical access to the targeted device. A research field has therefore emerged and is rapidly growing in terms of the use of SCA including timing, electromagnetic attacks and power attacks to target NN embedded implementations. Since 2018, research papers have shown that SCA enables an attacker to recover inference models architectures and parameters, to expose industrial IP and endangers data confidentiality and privacy. Without a complete review of this emerging field in the literature so far, this paper surveys state-of-the-art physical SCA attacks relative to the implementation of embedded DNNs on micro-controllers and FPGAs in order to provide a thorough analysis on the current landscape. It provides a taxonomy and a detailed classification of current attacks. It first discusses mitigation techniques and then provides insights for future research leads.
