Computer Engineering and Applications ›› 2020, Vol. 56 ›› Issue (5): 34-42.DOI: 10.3778/j.issn.1002-8331.1909-0228

Previous Articles     Next Articles

State of the Art on Adversarial Example Generation Methods for Attacking Classifier

YE Qisong, DAI Xuchu   

  1. School of Cyberspace Security, University of Science and Technology of China, Hefei 230026, China
  • Online:2020-03-01 Published:2020-03-06



  1. 中国科学技术大学 网络空间安全学院,合肥 230026


Adversarial example generation is a hot topic in the security field of deep learning recently. It mainly investigates the mechanism, method and implementation of adversarial example generation, which is helpful to better understand and deal with the vulnerability and security of the deep learning system. Emphasis is placed on the adversarial example generation methods for deep neural network classifier. Firstly, the concept of adversarial example is introduced. Then, according to attack conditions and attack targets, the attacks for deep neural network classifier are classified into four categories, including the targeted attack under white-box condition, the non-targeted attack under white-box condition, the targeted attack under black-box condition and the non-targeted attack under black-box condition.Moreover, some typical methods for adversarial example generation are characterized, such as their basic ideas, methods, and implementation algorithms. Furthermore, from the perspectives of applicable scenario, advantage and disadvantage, the comparison of these methods is also presented. Through the analysis of the state of the art, it is shown that there exist the diversity and regularity in those adversarial example generation methods, as well as the similarities and differences among different methods, which can provide a useful help for further developing the adversarial example generation technology and improving the security of deep learning systems.

Key words: deep learning, security, adversarial example, attack, classifier, vulnerability



关键词: 深度学习, 安全, 对抗样本, 攻击, 分类器, 脆弱性