[1] BENGIO Y,COURVILLE A,VINCENT P.Representation learning:a review and new perspectives[J].IEEE Transactions on Pattern Analysis and Machine Intelligence,2013,35(8):1798-1828. [2] AKHTAR N,MIAN A.Threat of adversarial attacks on deep learning in computer vision:a survey[J].IEEE Access,2018,6:14410-14430. [3] 何英哲,胡兴波,何锦雯,等.机器学习系统的隐私和安全问题综述[J].计算机研究与发展,2019,56(10):2049-2070. HE Y Z,HU X B,HE J W,et al.Privacy and security issues in machine learning systems:a survey[J].Journal of Computer Research and Development,2019,56(10):2049-2070.(in Chinese) [4] GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[EB/OL].[2020-08-05].https://arxiv.org/abs/1412.6572. [5] SU J W,VARGAS D V,SAKURAI K.One pixel attack for fooling deep neural networks[J].IEEE Transactions on Evolutionary Computation,2019,23(5):828-841. [6] MOOSAVI-DEZFOOLI S M,FAWZI A,FAWZI O,et al.Universal adversarial perturbations[C]//Proceedings of 2017 IEEE Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2017:86-94. [7] SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[EB/OL].[2020-08-05].https://arxiv.org/abs/1312.6199. [8] XIAO C W,LI B,ZHU J Y,et al.Generating adversarial examples with adversarial networks[EB/OL].[2020-08-05].https://www.researchgate.net/publication/322328780_Generating_adversarial_examples_with_adversarial_networks. [9] XU H,MA Y,LIU H C,et al.Adversarial attacks and defenses in images,graphs and text:a review[J].International Journal of Automation and Computing,2020,17(2):151-178. [10] DZIUGAITE G K,GHAHRAMANI Z,ROY D M.A study of the effect of JPG compression on adversarial images[EB/OL].[2020-08-05].https://arxiv.org/abs/1608.00853. [11] LUO Y,BOIX X,ROIG G,et al.Foveation-based mechanisms alleviate adversarial examples[EB/OL].[2020-08-05].https://arxiv.org/abs/1511.06292v1. [12] ROSS A S,DOSHI-VELEZ F.Improving the adversarial robustness and interpretability of deep neural networks by regularizing their input gradients[EB/OL].[2020-08-05].https://arxiv.org/abs/1711.09404v1. [13] LI X,JI S H.Defense-VAE:A fast and accurate defense against adversarial attacks[C]//Proceedings of 2019 Joint European Conference on Machine Learning and Knowledge Discovery in Databases.Berlin,Germany:Springer,2019:191-207. [14] DUBEY A,VAN DER MAATEN L,YALNIZ Z,et al.Defense against adversarial images using Web-scale nearest-neighbor search[C]//Proceedings of 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2019:8767-8776. [15] LIU C R,YE D P,SHANG Y Y,et al.Defend against adversarial samples by using perceptual hash[J].Computers,Materials & Continua,2020,62(3):1365-1386. [16] SUN B,TSAI N H,LIU F C,et al.Adversarial defense by stratified convolutional sparse coding[C]//Proceedings of 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2019:11439-11448. [17] 吴立人,刘政浩,张浩,等.聚焦图像对抗攻击算法PS-MIFGSM[J].计算机应用,2020,40(5):1348-1353 WU L R,LIU Z H,ZHANG H,et al.PS-MIFGSM:focus image adversarial attack algorithm[J].Journal of Computer Applications,2020,40(5):1348-1353.(in Chinese) [18] DONG Y P,LIAO F Z,PANG T,et al.Boosting adversarial attacks with momentum[C]//Proceedings of 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.Washington D.C.,USA:IEEE Press,2018:9185-9193. [19] YAN X D,CUI B J,XU Y,et al.A method of information protection for collaborative deep learning under GAN model attack[J].IEEE/ACM Transactions on Computational Biology and Bioinformatics,2021,18(3):871-881. [20] DENG L.The MNIST database of handwritten digit images for machine learning research[J].IEEE Signal Processing Magazine,2012,29(6):141-142. [21] STALLKAMP J,SCHLIPSING M,SALMEN J,et al.The German traffic sign recognition benchmark:a multi-class classification competition[C]//Proceedings of 2011 International Joint Conference on Neural Networks.Washington D.C.,USA:IEEE Press,2011:1453-1460. [22] SIMONYAN K,ZISSERMAN A.Very deep convolutional networks for large-scale image recognition[EB/OL].[2020-08-05].https://arxiv.org/abs/1409.1556v4. |