4826                                                      软件学报  2025  年第  36  卷第  10  期


                     113: 102555. [doi: 10.1016/j.cose.2021.102555]
                 [23]   Zhang J, Li B, Xu JH, Wu S, Ding SH, Zhang L, Wu C. Towards efficient data free blackbox adversarial attack. In: Proc. of the 2022
                     IEEE/CVF Conf. on Computer Vision and Pattern Recognition. New Orleans: IEEE, 2022. 15094–15104. [doi: 10.1109/CVPR52688.
                     2022.01469]
                 [24]   Dong YP, Liao FZ, Pang TY, Su H, Zhu J, Hu XL, Li JG. Boosting adversarial attacks with momentum. In: Proc. of the 2018 IEEE/CVF
                     Conf. on Computer Vision and Pattern Recognition. Salt Lake City: IEEE, 2018. 9185–9193. [doi: 10.1109/CVPR.2018.00957]
                 [25]   Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A. Towards deep learning models resistant to adversarial attacks. arXiv:1706.06083,
                     2019.
                 [26]   Krizhevsky A. Learning multiple layers of features from tiny images. 2009. https://www.cs.toronto.edu/~kriz/learning-features-2009-TR.
                     pdf
                 [27]   Stallkamp J, Schlipsing M, Salmen J, Igel C. The German traffic sign recognition benchmark: A multi-class classification competition. In:
                     Proc. of the 2011 Int’l Joint Conf. on Neural Networks. San Jose: IEEE, 2011. 1453–1460. [doi: 10.1109/IJCNN.2011.6033395]
                 [28]   Le Y, Yang X. Tiny ImageNet visual recognition challenge. CS 231N, 2015, 7(7): 3.
                 [29]   He KM, Zhang XY, Ren SQ, Sun J. Deep residual learning for image recognition. In: Proc. of the 2016 IEEE Conf. on Computer Vision
                     and Pattern Recognition. Las Vegas: IEEE, 2016. 770–778. [doi: 10.1109/CVPR.2016.90]

                 附中文参考文献:
                 [3]   潘文雯, 王新宇, 宋明黎, 陈纯. 对抗样本生成技术综述. 软件学报, 2020, 31(1): 67–81. http://www.jos.org.cn/1000-9825/5884.htm [doi:
                    10.13328/j.cnki.jos.005884]
                 [4]   任奎, 孟泉润, 闫守琨, 秦湛. 人工智能模型数据泄露的攻击与防御研究综述. 网络与信息安全学报, 2021, 7(1): 1–10. [doi:
                    10.11959/j.issn.2096-109x.2021001]

                             张锦弘(1999－), 男, 博士生, 主要研究领域为人                 董云云(1989－), 女, 讲师, CCF  专业会员, 主要
                            工智能模型安全, 多媒体数据隐私保护.                          研究领域为图像隐写, 数据隐私保护.




                             刘仁阳(1994－), 男, 博士, 主要研究领域为人工                 周维(1974－), 男, 博士, 教授, 博士生导师, CCF
                            智能模型安全, 多模态大模型遗忘学习, 数据隐                      专业会员, 主要研究领域为网络空间安全, 分布
                            私保护.                                         式云计算, 智能信息处理, 交叉学科研究.



                             韦廷楚(1997－), 男, 博士生, 主要研究领域为深
                            度学习, 图像隐写, 生物信息.