人工智能安全相关整理

根据方滨兴院士的《人工智能安全》的体系观念与引用进行的整理，该部分为原博客整理备份。

基础相关

理论相关

1. ImageNet Classification with Deep Convolutional Neural Networks
2. Distributed Representations of Words and Phrases and their Compositionality
3. Generative Adversarial Nets*
4. Adam: Method for Stochastic Optimization
5. Deep Residual Learning for Image Recognition
6. Attention Is All You Need*
7. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding
8. A Style-Based Generator Architecture for Generative Adversarial Networks*
9. Analyzing and Improving the Image Quality of StyleGAN*
10. Reinforcement learning: An introduction
11. Human-level control through deep reinforcement learning
12. Mastering the game of Go with deep neural networks and tree search
13. Hybrid computing using a neural network with dynamic external memory
14. Domain Adaptation via Transfer Component Analysis
15. Communication-efficient learning of deep networks from decentralized data
16. Parallelized Stochastic Gradient Descent
17. Large scale distributed deep networks
18. Deep learning with COTS HPC system
19. Representation Learning: A Review and New Perspectives
20. Learning to learn
21. Autolearn--Automated feature generation and selection
22. An explainable artificial intelligence system for small-unit tactical behavior
23. Explainable artificial intelligence(XAI)
24. Neural image caption generation with visual attention
25. Neural module networks
26. Network dissection: Quantifying interpretability of deep visual representations
27. Large scale GAN training for high fidelity natural image synhesis
28. Video-to-video synthesis
29. Classification with Quantum Neural Networks on Near Term Processors
30. Meta-Learning a Dynamical Language Model
31. Context-dependent pre-trained deep neural networks for large-vocabulary speech recognition
32. LSTM neural networks for language modeling
33. Towards end-to-end speech recognition with recurrent neural networks
34. Hybrid speech recognition with deep bidirectional LSTM
35. Brain Emotional Learning Based Intelligent Controller

框架相关

训练框架：

1. Tensorflow：轻松构建、直接具体应用、研究实验
2. MXNet：开源、灵活、支持分布式训练、
3. Caffe2：PyTorch脚本、分布式训练、丰富的工具和库、支持云开发
4. CNTK：微软的
5. 飞桨：百度的

推断框架：Tensorflow Lite、NCNN、Core ML、Paddle-Mobile、TensorRT

适配：

1. 中间表示层可移植问题：NNVM/TVM、XLA
2. 模型转换与格式交换：TFRecord、ONNX、NNEF
3. 深度学习编译器解决适应性问题：CUDA、nGraph

强化学习：Google Dopamine

分布式机器学习：LightLDA、MoE、Distbelief

元学习：Google AutoML、Auto-Keras、MetaQNN、Weight Agnostic Neural Networks

人工智能助力安全

安全挑战相关

1. The New Frontiers of CyberSecurity

人工智能助力安全防御相关

1. AI2：Training a Big Data Machine to Defend
2. Generative Adversarial Networks for Distributed Intrusion Detection in the Internet of Things*
3. Detecting Malicious PowerShell Commands using Deep Neural Networks
4. ATT&CK Matrix for Enterprise
5. How machine learning in G Suite makes people more productive
6. Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables
7. DeepLocker: How AI Can Power a Stealthy New Breed of Malware
8. VulDeePecker: A Deep Learning-Based System for Vulnerability Detection
9. Coverage-based greybox fuzzing as markov chain
10. Directed greybox fuzzing

AI+Blockchain: Audit Trail、AI DAO

人工智能助力安全攻击相关

1. Another Text Captcha Slover: A Generative Adversarial Network Based Approach
2. Automatic Machine Learning Penetration Test Tool: Deep Exploit
3. Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN*
4. Face2Face: Real-Time Face Capture and Reenactment of RGB Videos*
5. Everybody dance now
6. Talking face generation by adversarially disentangled audio-visual representation
7. DeepLocker - Concealing Targeted Attacks with AI locksmithing
8. Attacking and defending with intelligent botnets
9. Trojaning attack on neural networks
10. Automatically evading classifiers*
11. Evading classifiers b morphing in the dark*
12. Generating Adeversarial Malware Examples for Black-Box Attacks Based on GAN*
13. Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning
14. A deep learning approach for password guessing
15. DeepmasterPrint: Fingerprint Spoofing via Latent Variable Evolution
16. The malicious use of artificial intelligence: Forecasting, prevention, and mitigation
17. Automated crowdturfing attacks and defenses in online review system

漏洞挖掘：Mayhem、VulDeePecker、AFLFast、AFLGo

身份认证：PassGAN、DeepMasterPrints

内容安全：Perspective

Deepfake类：FaceSwap、FakeApp、Deepfacelab、ZAO

人工智能内生安全

数据安全相关

1. Intriguing properties of neural networks
2. Explaining and Harnessing Adversarial Examples
3. Adversarial machine learning at scale
4. Adversarial examples in physical world
5. DeepFool: simple and accurate method to fool deep neural networks
6. The Limitations of Deep learning in Adversarial Settings
7. One pixel attack for fooling deep neural networks
8. UPSET and ANGRI: reaking High Performance Image Classifiers
9. Audio Adversarial Examples: Targeted Attacks on Speech-to-Text*
10. Transferable Adversarial Attacks for Image and Video Object Detection
11. Poison Frogs!Targeted Poisoning Attack on Neural Networks

白盒攻击：FGSM、BIM、ILCM、DeepFool、JSMA

黑盒攻击：One Pixel Attack、UPSET

框架安全

CVE：2018-9635、2018-10055、2017-9782、2017-12599等

算法安全

对抗样本体现出人工智能算法缺乏可解释性

模型安全

模型存储和管理的安全、开源模型被攻击篡改的安全问题

1. Stealing Machine Learning Models via Prediction APIs

运行安全

客观原因造成的安全问题和主观原因造成的安全问题

1. TBT: Targeted Neural Network Network Attack with Bit Trojan

保险箍

在驱动装置和决策系统之间的保险箍，以保证决策的安全性

人工智能衍生安全

自动驾驶汽车失效、人工智能武器、人对技术的安全忧虑、人工智能行为体（AIA）失控三要素。

根据总结：行为能力与破坏力、不可解释的决策能力、进化能力与自主系统

相关预防举措：人机协作国际规范、阿西洛马人工智能原则、自我终结机制

人工智能行为体的安全评估与检测

安全管理

最小风险设计、采用安全装置、采用告警装置

相关标准：机器人安全总则和指导规范

安全评估

动能安全：对AIA的动能评估，包括机械性能、电气性能、辐射性能、化学性质、生物性质几方面

决策安全：对决策系统的安全评估，控制能力、决策单调性、决策依赖的可控性、决策系统的脆弱性、决策系统的进化评估

自主安全：对AIA自主能力失控风险的评估，服从性意识评估、确认性意识评估、自我保护意识评估、社交能力评估、协同组织能力评估

方法与指标

动能安全

评估方法：安全回路组件评估、整体行为评估

评估指标：安全完整性、性能等级

决策安全

评估方法：黑盒与白盒不同场景下，差分测试评估、变异测试评估

评估指标：决策结果是否符合预期

自主安全

评估方法：图灵测试+是否有摆脱人类控制的意识

评估指标：判断是否出现失控可能

检测能力与检测方法

针对动能的检测：安全控制方面的功能是否健全、是否会出现失控

针对决策的检测：留出法、交叉验证、自助法，还有其他方面的检测包括算法稳定性、系统测试、接口测试

针对自主的检测：使用保险箍

人工智能伦理安全

这一块不是技术性的安全，属于交叉领域的安全讨论了。