黄立峰  等:一种基于进化策略和注意力机制的黑盒对抗攻击算法                                                  3529


                [33]    Brendel W, Rauber J, Bethge M. Decision-based adversarial attacks: Reliable attacks against black-box machine learning models.
                     arXiv preprint arXiv:1712.04248, 2017.
                [34]     Dong Y, Su H, Wu B, et al. Efficient decision-based black-box adversarial attacks on face recognition. In: Proc. of the IEEE Conf.
                     on Computer Vision and Pattern Recognition. IEEE, 2019. 7714−7722.
                [35]     Zhou B, Khosla A, Lapedriza A, et al. Learning deep features for discriminative localization. In: Proc. of the Conf. on Computer
                     Vision and Pattern Recognition. IEEE, 2016. 2921−2929.
                [36]    Selvaraju RR, Cogswell M, Das A, Vedantam R,  Parikh  D, Batra D.  Grad-CAM: Visual explanations from deep  networks  via
                     gradient-based localization. In: Proc. of the IEEE Int’l Conf. on Computer Vision, Vol.7. 2017. 618−626.
                [37]     Liu A, Liu X, Fan J, et al. Perceptual-sensitive GAN for generating adversarial patches. In: Proc. of the AAAI Conf. on Artificial
                     Intelligence, Vol.33. 2019. 1028−1035.
                [38]     Hansen N, Ostermeier A. Completely derandomized self-adaptation in evolution strategies. Evolutionary Computation, 2001,9(2):
                     159−195.
                [39]    Dong Y, Liao F, Pang T, et al. Boosting adversarial attacks with momentum. In: Proc. of the Conf. on Computer Vision and Pattern
                     Recognition. IEEE, 2018. 9185−9193.
                [40]    Shi Y, Wang S, Han Y. Curls & Whey: Boosting black-box adversarial attacks. In: Proc. of the Conf. on Computer Vision and
                     Pattern Recognition. IEEE, 2019. 6519−6527.
                [41]    Deng J, Dong W, Socher R, et al. ImageNet: A large-scale hierarchical image database. In: Proc. of the Conf. on Computer Vision
                     and Pattern Recognition. IEEE, 2009. 248−255.
                [42]     Florian T, Alexey K, Nicolas P, Dan B, Patrick M. Ensemble adversarial training: Attacks and defenses. In: Proc. of the Int’l Conf.
                     on Learning Representations. 2018. 1−12.
                [43]    Xie C, Yuille A. Intriguing properties of adversarial training at scale. In: Proc. of the Int’l Conf. on Learning Representations. 2020.
                     1−14.
                [44]     Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A. Towards deep learning models resistant to adversarial attacks. In: Proc. of
                     the Int’l Conf. on Learning Representations. 2018. 1−28.

                 附中文参考文献:
                  [2]  黄继鹏,史颖欢,高阳.面向小目标的多尺度 Faster-RCNN 检测算法.计算机研究与发展,2019,56(2):319−327.
                  [3]  黄龙,杨媛,王庆军,郭飞,高勇.结合全卷积神经网络的室内场景分割.中国图像图形学报,2019,24(1):64−72.
                 [10]  王英,黄旭东,郭松涛.基于卷积神经网络的室内指纹定位算法.软件学报,2018,29:63−72. http://www.jos.org.cn/1000-9825/
                     18007.htm
                 [13]  马玉琨,毋立芳,简萌,刘方昊,杨洲.一种面向人脸活体检测的对抗样本生成算法.软件学报,2019,30(2):469−480. http://www.jos.
                     org.cn/1000-9825/5568.htm [doi: 10.13328/j.cnki.jos.005568]
                 [14]  王文琦,汪润,王丽娜,唐奔宵.面向中文文本倾向性分类的对抗样本生成方法.软件学报,2019,30(8):2415−2427. http://www.jos.
                     org.cn/1000-9825/5765.htm [doi: 10.13328/j.cnki.jos.005765]



                              黄立峰(1990－),男,博士生,CCF 学生会                     廖泳贤(1996－),女,硕士生,主要研究领域
                              员,主要研究领域为对抗学习,自主感知                           为对抗训练,计算机视觉.
                              定位.



                              庄文梓(1997－),男,硕士生,主要研究领域                      刘宁(1973－),男,博士,教授,博士生导师,
                              为对抗训练,计算机视觉.                                 CCF 专业会员,主要研究领域为对抗学习,
                                                                           自主感知定位.