Adversarial Attack: A New Threat to Smart Devices and How to Defend It

摘要

This article introduces adversarial attack, a recently-unveiled security threat to consumer electronics, especially those utilizing machine learning techniques. We start with the fundamental knowledge including what are adversarial examples, how to realize such attacks, and common defense methods. Adversarial training enhances models' resilience to adversarial attacks by taking both regular and adversarial examples for training. However, applying adversarial examples under a single adversarial strength provide defense in a very limited effective range. We propose a multiple-strength adversarial training method. A random walk algorithm is adopted to optimize the selection of adversarial strengths, which is closely related to the design cost and training time. We also analyze the hardware cost and quantization loss to guide future consumer electronics designs.