关键词: 深度学习, 对抗攻击, 可见光图像, 红外图像, SAR图像, 对抗样本

Abstract: In recent years, there have been numerous breakthroughs in deep learning, leading to the expansion of applications based on deep learning into a wide range of fields. However, due to the vulnerability of deep neural networks, they are highly susceptible to threats from adversarial samples, posing significant security challenges in their application. As a result, adversarial attack has been a hot research area. Since deep neural networks are widely used in image-related tasks, extensive research has been conducted in addressing adversarial samples within the field of image processing. Existing studies on image attacks can mainly be categorized into three forms: visible light images, infrared images, and Synthetic Aperture Radar (SAR) images. The majority of existing work is concentrated in the domain of visible light images. To address this, the basic concept of image adversarial attacks will be introduced first, followed by a summary of the classification of adversarial attack methods for the three forms of images based on their attack principles. Furthermore, an analysis and comparison of attack methods for the three forms of images will be presented. Additionally, a brief supplemental overview of defensive strategies in the current field of image adversarial samples will be provided. Finally, a summary of the existing research status, identification of challenges faced in future research related to adversarial attacks in the image domain along with possible solutions, and an outlook on future research directions have been outlined.

Key words: Deep learning, Adversarial attack, visible light image, infrared image, SAR image, Adversarial examples