[1] KRIZHEVSKY A,SUTSKEVER I,HINTON G E.ImageNet classification with deep convolutional neural networks[J].Communications of the ACM,2017,60(6):84-90. [2] HE K M,ZHANG X Y,REN S Q,et al.Deep residual learning for image recognition[C]//Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2016:770-778. [3] HUANG G,LIU Z,VAN DER MAATEN L,et al.Densely connected convolutional networks[C]//Proceedings of 2017 IEEE Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2017:4700-4708. [4] GIRSHICK R,DONAHUE J,DARRELL T,et al.Rich feature hierarchies for accurate object detection and semantic segmentation[C]//Proceedings of 2014 IEEE Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2014:580-587. [5] GIRSHICK R. Fast R-CNN[C]//Proceedings of IEEE International Conference on Computer Vision.Washington D.C.,USA:IEEE Press,2015:1440-1448. [6] REN S,HE K,GIRSHICK R,et al.Faster R-CNN:towards real-time object detection with region proposal networks[C]//Proceedings of Advances in Neural Information Processing Systems.Washington D.C.,USA:IEEE Press,2015:91-99. [7] GRAVES A,MOHAMED A,HINTON G.Speech recognition with deep recurrent neural networks[C]//Proceedings of IEEE International Conference on Acoustics,Speech and Signal Processing.Washington D.C.,USA:IEEE Press,2013:6645-6649. [8] GRAVES A,JAITLY N.Towards end-to-end speech recognition with recurrent neural networks[C]//Proceedings of International Conference on Machine Learning.Washington D.C.,USA:IEEE Press,2014:1764-1772. [9] ZHANG Y,PEZESHKI M,BRAKEL P,et al.Towards end-to-end speech recognition with deep convolutional neural networks[EB/OL].[2020-07-20].https://arxiv.org/abs/1701.02720. [10] CHEN Yufei,SHEN Chao,WANG Qian,et al. Artificial intelligence system security and privacy risks[J].Computer Research and Development,2019,56(10):2135-2150.(in Chinese)陈宇飞,沈超,王骞,等.人工智能系统安全与隐私风险[J].计算机研究与发展,2019,56(10):2135-2150. [11] SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[EB/OL].[2020-07-20].https://arxiv.org/abs/1312.6199. [12] GOODFELLOW I J,SHLENS J,SZEGEDY C. Explaining and harnessing adversarial examples[EB/OL].[2020-07-20].http://de.arxiv.org/pdf/1412.6572. [13] BARRENO M,NELSON B,JOSEPH A,et al.The security of machine learning[J].Machine Learning,2010,81(2):121-148. [14] PAPERNOT N,MCDANIEL P,SINHA A,et al.Towards the science of security and privacy in machine learning[EB/OL].[2020-07-20].https://arxiv.org/abs/1611.03814. [15] XIE C H,TAN M,GONG B,et al.Adversarial examples improve image recognition[C]//Proceedings of IEEE/CVF Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2020:819-828. [16] DUAN R J,MA X J,WANG Y S,et al.Adversarial camouflage:hiding physical-world attacks with natural styles[C]//Proceedings of 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2020:1000-1008. [17] WANG Lu,ZENG Guohui,HUANG Bo.Implementation of style transfer algorithm based on deep learning[J].Intelligent Computer and Application,2020,10(2):57-60,65.(in Chinese)王鹿,曾国辉,黄勃.基于深度学习的风格迁移算法的研究与实现[J].智能计算机与应用,2020,10(2):57-60,65. [18] GOODFELLOW I,BENGIO Y,COURVILLE A.Deep learning[M].Cambridge,USA:MIT Press,2016. [19] SU Jiongming,LIU Hongfu,XIANG Fengtao,et al. Survey of interpretation methods for deep neural networks[J].Computer Engineering,2020,46(9):1-15.(in Chinese)苏炯铭,刘鸿福,项凤涛,等.深度神经网络解释方法综述[J].计算机工程,2020,46(9):1-15. [20] ZHAO Guosheng,CHAO Mianxing,XIE Baowen,et al.Application of deep belief network in cloud security situation prediction[J].Journal of Chinese Computer Systems,2020,41(6):1195-1202.(in Chinese)赵国生,晁绵星,谢宝文,等.深度信念网络在云安全态势预测中的应用[J].小型微型计算机系统,2020,41(6):1195-1202. [21] HONG Qifeng,SHI Weibin,WU Di,et al.Overview of the development of deep convolutional neural network models[J].Software Guide,2020,19(4):84-88.(in Chinese)洪奇峰,施伟斌,吴迪,等.深度卷积神经网络模型发展综述[J].软件导刊,2020,19(4):84-88. [22] CARLINI N,WAGNER D.Towards evaluating the robustness of neural networks[C]//Proceedings of 2017 IEEE Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2017:39-57. [23] PAPERNOT N,MCDANIEL P,GOODFELLOW I,et al.Practical black-box attacks against deep learning systems using adversarial examples[EB/OL].[2020-07-20].https://arxiv.org/abs/1602.02697. [24] MOOSAVI-DEZFOOLI S M,FAWZI A,FROSSARD P.DeepFool:a simple and accurate method to fool deep neural networks[C]//Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2016:2574-2582. [25] SU J W,VARGAS D V,SAKURAI K.One pixel attack for fooling deep neural networks[J].IEEE Transactions on Evolutionary Computation,2019,23(5):828-841. [26] XIAO C W,LI B,ZHU J Y,et al.Generating adversarial examples with adversarial networks[EB/OL].[2020-07-20].https://arxiv.org/abs/1801.02610. [27] MOOSAVI-DEZFOOLI S M,FAWZI A,FAWZI O,et al.Universal adversarial perturbations[C]//Proceedings of 2017 IEEE Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2017:1765-1773. [28] ATHALYE A,CARLINI N,WAGNER D.Obfuscated gradients give a false sense of security:circumventing defenses to adversarial examples[EB/OL].[2020-07-20].https://arxiv.org/abs/1802.00420. [29] SHARIF M,BHAGAVATULA S,BAUER L,et al.Accessorize to a crime[C]//Proceedings of 2016 ACM SIGSAC Conference on Computer and Communications Security.New York,USA:ACM Press,2016:1528-1540. [30] EVTIMOV I,EYKHOLT K,FERNANDES E,et al.Robust physical-world attacks on machine learning models[EB/OL].[2020-07-20].https://arxiv.org/abs/1707.08945. [31] ARPIT D,JASTRZĘBSKI S,BALLAS N,et al.A closer look at memorization in deep networks[EB/OL].[2020-07-20].https://arxiv.org/abs/1706.05394. [32] JO J,BENGIO Y.Measuring the tendency of CNNs to learn surface statistical regularities[EB/OL].[2020-07-20].https://arxiv.org/abs/1711.11561. [33] LIU Fangyuan,WANG Shuihua,ZHANG Yudong.Survey of support vector machine models and applications[J].Computer System Application,2018,27(4):1-9.(in Chinese)刘方园,王水花,张煜东.支持向量机模型与应用综述[J].计算机系统应用,2018,27(4):1-9. [34] JING Zhuangwei,GUAN Haiyan,PENG Daifeng,et al. Survey of research in image semantic segmentation based on deep neural network[J].Computer Engineering,2020,46(10):1-17.(in Chinese)景庄伟,管海燕,彭代峰,等.基于深度神经网络的图像语义分割研究综述[J].计算机工程,2020,46(10):1-17. [35] PAPERNOT N,MCDANIEL P,GOODFELLOW I.Transferability in machine learning:from phenomena to black-box attacks using adversarial samples[EB/OL].[2020-07-20].https://arxiv.org/abs/1605.07277. [36] QIN Yan.Comparison of neural network model and multiple linear regression in predicting CT value of kidney stones[J].Imaging Research and Medical Applications,2020,4(6):26-28.(in Chinese)覃延.神经网络模型和多元线性回归预测肾结石CT值的比较[J].影像研究与医学应用,2020,4(6):26-28. [37] YIN Ru.Research on model decision tree method[D].Taiyuan:Shanxi University,2019.(in Chinese)尹儒.模型决策树方法研究[D].太原:山西大学,2019. [38] KURAKIN A,GOODFELLOW I,BENGIO S.Adversarial machine learning at scale[EB/OL].[2020-07-20].https://arxiv.org/pdf/1611.01236.pdf. [39] LIU Yanpei,CHEN Xinyun,LIU Chang,et al.Delving into transferable adversarial examples and black-box attacks[EB/OL].[2020-07-20].https://arxiv.org/pdf/1611.02770.pdf. [40] ZHANG X H,TRMAL J,POVEY D,et al.Improving deep neural network acoustic models using generalized maxout networks[C]//Proceedings of 2014 IEEE International Conference on Acoustics,Speech and Signal Processing.Washington D.C.,USA:IEEE Press,2014:215-219. [41] HOCHREITER S.Gradient flow in recurrent nets:the difficulty of learning long-term dependencies[EB/OL].[2020-07-20].http://www.bioinf.at/publications/older/ch7.pdf. [42] PASCANU R,MIKOLOV T,BENGIO Y.On the difficulty of training recurrent neural networks[C]//Proceedings of International Conference on Machine Learning.Washington D.C.,USA:IEEE Press,2013:1310-1318. [43] GILMER J,METZ L K,FAGHRI F,et al.Adversarial spheres[EB/OL].[2020-07-20].https://arxiv.org/abs/1801.02774. [44] GILMER J,METZ L,FAGHRI F,et al.The relationship between high-dimensional geometry and adversarial examples[EB/OL].[2020-07-20].https://arxiv.org/pdf/1801.02774v3.pdf. [45] DONG Yinpeng,LIAO Fangzhou,PANG Tainyu,et al.Boosting adversarial attacks with momentum[C]//Proceedings of 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2018:9185-9193. [46] POLYAK B T.Some methods of speeding up the convergence of iteration methods[J].USSR Computational Mathematics and Mathematical Physics,1964,4(5):1-17. [47] XIE Cihang,ZHANG Zhishuai,ZHOU Yuyin,et al.Improving transferability of adversarial examples with input diversity[C]//Proceedings of 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2019:2730-2739. [48] XIE Cihang,WANG Jianyu,ZHANG Zhishuai,et al.Mitigating adversarial effects through randomization[EB/OL].[2020-07-20].https://arxiv.org/abs/1711.01991. [49] HENDRYCKS D,GIMPEL K.Visible progress on adversarial images and a new saliency map[EB/OL].[2020-07-20].https://arxiv.org/abs/1608.00530. [50] METZEN J H,GENEWEIN T,FISCHER V,et al.On detecting adversarial perturbations[EB/OL].[2020-07-20].https://arxiv.org/abs/1702.04267. [51] CARLINI N,WAGNER D.Adversarial examples are not easily detected:Bypassing ten detection methods[C]//Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security.New York,USA:ACM Press,2017:3-14. [52] GONG Z T,WANG W L,KU W.Adversarial and clean data are not twins[EB/OL].[2020-07-20].https://arxiv.org/abs/1704.04960. [53] FEINMAN R,CURTIN R,SHINTRE S,et al.Detecting adversarial samples from artifacts[EB/OL].[2020-07-20].https://arxiv.org/abs/1703.00410. [54] XU W L,EVANS D,QI Y J.Feature squeezing:detecting adversarial examples in deep neural networks[C]//Proceedings of 2018 Network and Distributed System Security Symposium.Washington D.C.,USA:IEEE Press,2018:15-26. [55] PAPERNOT N,MCDANIEL P,JHA S,et al.The limitations of deep learning in adversarial settings[C]//Proceedings of 2016 IEEE European Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2016:372-387. [56] PANG T Y,DU C,ZHU J.Robust deep learning via reverse cross-entropy training and thresholding test[EB/OL].[2020-07-20].https://arxiv.org/abs/1706.00633. [57] MADRY A,MAKELOV A,SCHMIDT L,et al.Towards deep learning models resistant to adversarial attacks[EB/OL].[2020-07-20].https://arxiv.org/abs/1706.06083. [58] TRAMER F,KURAKIN A,PAPERNOT N,et al.Ensemble adversarial training:attacks and defenses[EB/OL].[2020-07-20].https://arxiv.org/abs/1705.07204. [59] KANNAN H,KURAKIN A,GOODFELLOW I.Adversarial logit pairing[EB/OL].[2020-07-20].https://arxiv.org/abs/1803.06373. [60] XIE C H,WU Y,MAATEN L,et al.Feature denoising for improving adversarial robustness[C]//Proceedings of IEEE Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2019:501-509. [61] SCHOTT L,RAUBER J,BETHGE M,et al.Towards the first adversarially robust neural network model on MNIST[EB/OL].[2020-07-20].https://arxiv.org/abs/1805.09190. [62] YANG Y Z,ZHANG G,KATABI D,et al.ME-Net:towards effective adversarial robustness with matrix estimation[EB/OL].[2020-07-20].https://arxiv.org/abs/1905.11971. [63] GUO C,RANA M,CISSE M,et al.Countering adversarial images using input transformations[EB/OL].[2020-07-20].https://arxiv.org/abs/1711.00117. [64] BUCKMAN J,ROY A,RAFFEL C,et al. Thermometer encoding:one hot way to resist adversarial examples[EB/OL].[2020-07-20].https://machine-learning-and-security.github.io/papers/mlsec17_paper_26.pdf. [65] GU S,RIGAZIO L.Towards deep neural network architectures robust to adversarial examples[EB/OL].[2020-07-20].https://arxiv.org/pdf/1412.5068v1.pdf. [66] PAPERNOT N,MCDANIEL P,WU X,et al. Distillation as a defense to adversarial perturbations against deep neural networks[C]//Proceedings of IEEE Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2016:582-597. [67] HINTON G,VINYALS O,DEAN J.Distilling the knowledge in a neural network[EB/OL].[2020-07-20].https://arxiv.org/abs/1503.02531. [68] DHILLON G,AZIZZADENESHELI K,LIPTON Z,et al.Stochastic activation pruning for robust adversarial defense[EB/OL].[2020-07-20].https://arxiv.org/abs/1803.01442. [69] XIE C H,WANG J Y,ZHANG Z S,et al.Mitigating adversarial effects through randomization[EB/OL].[2020-07-20].https://arxiv.org/abs/1711.01991. [70] TEJ A R,SUKANTA HALDER S,SHANDEELYA A P,et al.Enhancing perceptual loss with adversarial feature matching for super-resolution[C]//Proceedings of 2020 International Joint Conference on Neural Networks.Washington D.C.,USA:IEEE Press,2020:168-198. [71] ZHANG X Y,MIAN A,GUPTA R,et al.Cassandra:detecting trojaned networks from adversarial perturbations[EB/OL].[2020-07-20].https://arxiv.org/abs/2007.14433. |