Abstract
Computer vision applications like traffic monitoring, security checks, self-driving cars, medical imaging, etc., rely heavily on machine learning models. It raises an essential growing concern regarding the dependability of machine learning algorithms, which cannot be entirely trusted due to their fragile nature. This leads us to a dire need for systematic analysis of adversarial settings in neural networks. Hence, this article presents a comprehensive study of vulnerabilities, possible attacks such as data poisoning and data access during training, evasion, and oracle attacks at the test time, and their defensive and preventive measures using novel taxonomies. The survey has covered the complete scenario where an adversary can make malicious manipulations and elaborated more on the most potent threat, i.e., test time evasion attack using an adversarial image (maliciously perturbed image). It expounds an intuition behind generating an adversarial image, covering all relevant adversarial attack algorithms and strategies for increasing robustness against adversarial images. The existence and effect of adversarial images, as well as their transferability, are also examined. The article guides the reader with an approach on building new models to enhance their reliability. Additionally, the survey presents the procedures that still demand further exploration with limitations in existing methods, enhancing future research directions.
Similar content being viewed by others
References
Abbasi M, Gagné C (2019) Robustness to adversarial examples through an ensemble of specialists, in 5th International Conference on Learning Representations, ICLR 2017 - Workshop Track Proceedings, pp. 1–9
Ahmad S, Mehfuz S, Mebarek-Oudina F, Beg J (2022) RSM analysis based cloud access security broker: a systematic literature review. Clust Comput 25(5):3733–3763. https://doi.org/10.1007/s10586-022-03598-z
Ahmadi MA, Dianat R, Amirkhani H (2021) An adversarial attack detection method in deep neural networks based on re-attacking approach. Multimed Tools Appl 80(7). https://doi.org/10.1007/s11042-020-10261-5
Akhtar N, Liu J, Mian A (2018) Defense against universal adversarial perturbations. Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition 2017:3389–3398
Akhtar N, Mian A, Kardan N, Shah M (2021) Advances in Adversarial Attacks and Defenses in Computer Vision: A Survey. IEEE Access, vol. 9. Institute of Electrical and Electronics Engineers Inc., pp. 155161–155196. https://doi.org/10.1109/ACCESS.2021.3127960
Alcorn MA et al (2019) Strike (with) a pose: Neural networks are easily fooled by strange poses of familiar objects, in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, vol. 2019-June. https://doi.org/10.1109/CVPR.2019.00498
Alsmadi I et al (2022) Adversarial machine learning in text processing: a literature survey. IEEE Access, vol. 10, https://doi.org/10.1109/ACCESS.2022.3146405
Alsuwat E, Alsuwat H, Valtorta M, Farkas C (2020) Adversarial data poisoning attacks against the PC learning algorithm. Int J Gen Syst 49(1). https://doi.org/10.1080/03081079.2019.1630401
Alzantot M, Sharma Y, Chakraborty S, Zhang H, Hsieh C-J, Srivastava M (2019) GenAttack: practical black-box attacks with gradient-free optimization, in GECCO 2019 - Proceedings of the 2019 Genetic and Evolutionary Computation Conference, May 2019, pp 1111–1119
Andriushchenko M, Croce F, Flammarion N, Hein M (2020) Square attack: a query-efficient black-box adversarial attack via random search, in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12368 LNCS. https://doi.org/10.1007/978-3-030-58592-1_29
Athalye A, Carlini N, Wagner D (2018) Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples. In: 35th International Conference on Machine Learning, ICML 2018, pp 274–283
Athalye A, Engstrom L, Ilyas A, Kwok K (2018) Synthesizing robust adversarial examples. In: 35th International Conference on Machine Learning, ICML 2018, pp 1–20
Bakhti Y, Fezza SA, Hamidouche W, Deforges O (2019) DDSA: a defense against adversarial attacks using deep Denoising sparse autoencoder. IEEE Access 7:160397–160407. https://doi.org/10.1109/ACCESS.2019.2951526
Baluja S, Fischer I (nd) Adversarial transformation networks: learning to generate adversarial examples, in Proceedings of AAAI-2018, AAAI, pp. 2687–2695. [Online]. Available: http://arxiv.org/abs/1703.09387
Bao Z, Lin Y, Zhang S, Li Z, Mao S (2021) Threat of adversarial attacks on DL-based IoT device identification. IEEE Internet Things J. https://doi.org/10.1109/JIOT.2021.3120197
Barbu A et al. (2019) ObjectNet: a large-scale bias-controlled dataset for pushing the limits of object recognition models, in Advances in Neural Information Processing Systems, vol. 32
Barreno M, Nelson B, Joseph AD, Tygar JD (2010) The security of machine learning. Mach Learn 81(2):121–148. https://doi.org/10.1007/s10994-010-5188-5
Bhagoji AN, Cullina D, Sitawarin C, Mittal P (2018) Dimensionality reduction as a defense against evasion attacks on machine learning classifier, 2018 52nd Annual Conference on Information Sciences and Systems, CISS 2018, no. 1
Bickel S, Brückner M, Scheffer T (2009) Discriminative learning under covariate shift. J Mach Learn Res 10:2137–2155
Biggio B, Fumera G, Roli F (2010) Multiple classifier systems for robust classifier design in adversarial environments. Int J Mach Learn Cybern 1(1–4). https://doi.org/10.1007/s13042-010-0007-7
Biggio B, Corona I, Fumera G, Giacinto G, Roli F (2011) Bagging classifiers for fighting poisoning attacks in adversarial classification tasks, in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6713 LNCS. https://doi.org/10.1007/978-3-642-21557-5_37
Brendel W, Bethge M (2019) Approximating cnns with bag-of-local-features models works surprisingly well on Imagenet, in 7th International Conference on Learning Representations, ICLR, 2019
Brendel W, Rauber J, Bethge M (2017) Decision-based adversarial attacks: reliable attacks against black-box machine learning models. In: 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings (2018), pp 1–12
Buckman J, Roy A, Raffel C, Goodfellow I (2018) Thermometer encoding: one hot way to resist adversarial examples, in 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp. 1–22
Cao X, Gong NZ (2017) Mitigating evasion attacks to deep neural networks via region-based classification. ACM Int Conf Proceed Ser Part F132521:278–287. https://doi.org/10.1145/3134600.3134606
Carlini N, Wagner D (2017) Towards evaluating the robustness of neural networks, in Proceedings - IEEE Symposium on Security and Privacy, 2017, pp. 39–57. [Online]. Available: http://nicholas.carlini.com/code/nn
Carlini N, Wagner D (2018) Audio adversarial examples: targeted attacks on speech-to-text. In: Proceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018, pp 1–7. https://doi.org/10.1109/SPW.2018.00009
Carlini N, Wagner D (nd) MagNet and ‘efficient defenses against adversarial attacks’ are not robust to adversarial examples. [Online]. Available: https://github.com/carlini/MagNet
Carlini N et al (2019) On evaluating adversarial robustness, https://nicholas.carlini.com, pp 1–24, [Online]. Available: http://arxiv.org/abs/1902.06705. Accessed 09 Jun 2023
Carrara F, Falchi F, Caldelli R, Amato G, Becarelli R (2019) Adversarial image detection in deep neural networks. Multimed Tools Appl 78(3):2815–2835. https://doi.org/10.1007/s11042-018-5853-4
Chen PY, Zhang H, Sharma Y, Yi J, Hsieh CJ (2017) ZOO: Zeroth order optimization based black-box atacks to deep neural networks without training substitute models, in AISec 2017 - Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, co-located with CCS 2017, pp. 15–26. https://doi.org/10.1145/3128572.3140448
Chen J, Meng Z, Sun C, Tang W, Zhu Y (2017) ReabsNet: detecting and revising adversarial examples, [Online]. Available: http://arxiv.org/abs/1712.08250. Accessed 09 Jun 2023
Chen P-Y, Sharma Y, Zhang H, Yi J, Hsieh C-J (2018) EAD: elastic-net attacks to deep neural networks via adversarial examples. In: 32nd AAAI Conference on Artificial Intelligence, AAAI 2018, pp 10–17
Chen J, Su M, Shen S, Xiong H, Zheng H (2019) POBA-GA: Perturbation optimized black-box adversarial attacks via genetic algorithm, in computers and security, pp. 89–106. https://doi.org/10.1016/j.cose.2019.04.014
Chen J, Jordan MI, Wainwright MJ (2020) HopSkipJumpAttack: a query-efficient decision-based attack. In: Proceedings - IEEE Symposium on Security and Privacy, pp 1277–1294
Chen J, Guo Y, Zheng Q, Chen H (2021) Protect privacy of deep classification networks by exploiting their generative power. Mach Learn 110(4). https://doi.org/10.1007/s10994-021-05951-6
Cisse M, Adi Y, Neverova N, Keshet J (2017) Houdini: fooling deep structured prediction models. In: Proceedings of the 31st International Conference on Neural Information Processing Systems, pp 6980–6990
Cisse M, Bojanowski P, Grave E, Dauphin Y, Usunier N (2017) Parseval networks: improving robustness to adversarial examples. 34th Int Conf Mach Learn, ICML 2017:854–863
Cohen G, Sapiro G, Giryes R (2020) Detecting adversarial samples using influence functions and nearest neighbors, in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp. 14441–14450. https://doi.org/10.1109/CVPR42600.2020.01446
Croce F, Hein M (2020) Minimally distorted adversarial examples with a fast adaptive boundary attack. In: 37th International Conference on Machine Learning, ICML 2020, PartF168147-3, pp 1–23
Das N et al. (2017) Keeping the bad guys out: protecting and vaccinating deep learning with JPEG compression, [Online]. Available: http://arxiv.org/abs/1705.02900
Dhillon GS et al (2018) Stochastic activation pruning for robust adversarial defense. In: Conference paper at ICLR, pp 1–10
Dong Y et al. (2018) Boosting adversarial attacks with momentum, in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp. 9185–9193. https://doi.org/10.1109/CVPR.2018.00957
Dubey A, van der Maaten L, Yalniz Z, Li Y, Mahajan D (2019) Defense against adversarial images using web-scale nearest-neighbor search, in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp. 8767–8776. [Online]. Available: https://www.robust-ml.org/defenses/
Eykholt K, Evtimov I, Fernandes E, Li B, Rahmati A, Xiao C, Prakash A, Kohno T, Song D (2018) Robust physical-world attacks on deep learning visual classification. In: Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition (2018), pp 1625–1634. Available: https://iotsecurity.eecs.umich.edu/#roadsigns
Fan W, Sun G, Su Y, Liu Z, Lu X (2019) Integration of statistical detector and Gaussian noise injection detector for adversarial example detection in deep neural networks. Multimed Tools Appl 78(14). https://doi.org/10.1007/s11042-019-7353-6
Feinman R, Curtin RR, Shintre S, Gardner AB (2017) Detecting adversarial samples from artifacts, [Online]. Available: http://arxiv.org/abs/1703.00410. Accessed 09 Jun 2023
Folz J, Palacio S, Hees J, Dengel A (2020) Adversarial defense based on structure-to-signal autoencoders, in Proceedings - 2020 IEEE Winter Conference on Applications of Computer Vision, WACV 2020, pp. 3568–3577. https://doi.org/10.1109/WACV45572.2020.9093310
Fredrikson M, Jha S, Ristenpart T (2015) Model inversion attacks that exploit confidence information and basic countermeasures, in Proceedings of the ACM Conference on Computer and Communications Security, vol. 2015-October. https://doi.org/10.1145/2810103.2813677
Galloway A, Taylor GW, Moussa M (2018) Attacking binarized neural networks, in 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings
Gao J, Wang B, Lin Z, Xu W, Qi Y (2019) DeepCloak: masking deep neural network models for robustness against adversarial samples, in 5th International Conference on Learning Representations, ICLR 2017 - Workshop Track Proceedings, pp. 1–8. [Online]. Available: http://arxiv.org/abs/1702.06763
Gao R et al. (2021) Maximum mean discrepancy test is aware of adversarial attacks, in Proceedings of the Workshop on Multilingual Linguistic Ressources, pp. 1–12
Geirhos R, Rubisch P, Michaelis C, Bethge M, Wichmann F, Brendel W (2019) ImageNet-trained CNNs are biased towards texture, Iclr, no. c, pp. 1–22
Geirhos R et al. (2020) Shortcut learning in deep neural networks. Nat Mach Intell 2(11), https://doi.org/10.1038/s42256-020-00257-z
Gong Z, Wang W, Ku W.-S (2017) Adversarial and clean data are not twins, [Online]. Available: http://arxiv.org/abs/1704.04960. Accessed 09 Jun 2023
Goodfellow IJ, Shlens J, Szegedy C (2015) Explaining and harnessing adversarial examples, in 3rd International Conference on Learning Representations, ICLR 2015 - Conference Track Proceedings, pp. 6562–6572
Goodman D, Xin H, Yang W, Yuesheng W, Junfeng X, Huan Z (2020) Advbox: a toolbox to generate adversarial examples that fool neural networks, [Online]. Available: http://arxiv.org/abs/2001.05574. Accessed 09 Jun 2023
Grosse K, Manoharan P, Papernot N, Backes M, McDaniel P (2017) On the (Statistical) detection of adversarial examples, [Online]. Available: http://arxiv.org/abs/1702.06280. Accessed 09 Jun 2023
Gu S, Rigazio L (2015) Towards deep neural network architectures robust to adversarial examples, in 3rd International Conference on Learning Representations, ICLR 2015 - Workshop Track Proceedings. [Online]. Available: http://arxiv.org/abs/1412.5068
Gu T, Dolan-Gavitt B, Garg S (2017) BadNets: identifying vulnerabilities in the machine learning model supply chain, [Online]. Available: http://arxiv.org/abs/1708.06733
Guo C, Rana M, Cisse M, van der Maaten L (2018) Countering adversarial images using input transformations. In: 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp 1–12
Ha T, Dang TK, Le H, Truong TA (2020) Security and privacy issues in deep learning: a brief review. SN Comput Sci 1(5). https://doi.org/10.1007/s42979-020-00254-4
Hayes J, Danezis G (2018) Learning universal adversarial perturbations with generative models. In: Proceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018, pp 43–49
He W, Wei J, Chen X, Carlini N, Song D (2017) “Adversarial example defenses: Ensembles of weak defenses are not strong,” in 11th USENIX Workshop on Offensive Technologies, WOOT 2017, co-located with USENIX Security 2017, pp. 15–25
He W, Li B, Song D (2018) “Decision Boundary Analysis of Adversarial Examples,” in 6th International Conference on Learning Representations, ICLR 2018, pp. 1–15. [Online]. Available: https://github.com/MadryLab/cifar10_challenge
Hendrycks D, Dietterich T (2019) Benchmarking neural network robustness to common corruptions and perturbations. 7th Int Conf Learn Represent, ICLR 2019:1–16
Hendrycks D, Gimpel K (2017) Early methods for detecting adversarial images, in 5th International Conference on Learning Representations, ICLR 2017 - Workshop Track Proceedings, 2019, pp. 1–9
Hendrycks D, Zhao K, Basart S, Steinhardt J, Song D (2021) Natural adversarial examples, in Conference on Computer Vision and Pattern Recognition (CVPR), pp. 15262–15271. https://doi.org/10.1109/cvpr46437.2021.01501
Hinton G, Vinyals O, Dean J (2015) Distilling the knowledge in a neural network. In: Proceedings of the Deep Learning and Representation Learning Workshop at NIPS 2014
Ho J, Lee BG, Kang DK (2022) Attack-less adversarial training for a robust adversarial defense. Appl Intell 52(4). https://doi.org/10.1007/s10489-021-02523-y
Huang Y, Yu Y, Zhang H, Ma Y, Yao Y (2020) Adversarial robustness of stabilized neuralODEs might be from obfuscated gradients. In: Proceedings of the 2nd Mathematical and Scientific Machine Learning Conference, PMLR 145:497–515, 2022, pp 1–18
Ilyas A, Engstrom L, Athalye A, Lin J (2018) Black-box Adversarial Attacks with Limited Queries and Information. In: 35th International Conference on Machine Learning, ICML 2018 (2018), pp 2142–2151
Ilyas A, Santurkar S, Tsipras D, Engstrom L, Tran B, Madry A (2019) Adversarial examples are not bugs, they are features – gradient science. Neural Information Processing Systems (NeurIPS), no. NeurIPS
Jacobsen JH, Behrmann J, Zemel R, Bethge M (2019) Excessive invariance causes adversarial vulnerability, in 7th International Conference on Learning Representations, ICLR 2019
Jagielski M, Oprea A, Biggio B, Liu C, Nita-Rotaru C, Li B (2018) Manipulating machine learning: poisoning attacks and countermeasures for regression learning, in Proceedings - IEEE Symposium on Security and Privacy, vol. 2018-May. https://doi.org/10.1109/SP.2018.00057
Jiang H, Lin J, Kang H (2022) FGMD: a robust detector against adversarial attacks in the IoT network. Futur Gener Comput Syst 132. https://doi.org/10.1016/j.future.2022.02.019
Kabilan VM, Morris B, Nguyen A (2021) VectorDefense: vectorization as a defense to adversarial examples, in Studies in Computational Intelligence, 2018. [Online]. Available: http://arxiv.org/abs/1804.08529
Kannan H, Kurakin A, Goodfellow I (2018) Adversarial logit pairing, [Online]. Available: http://arxiv.org/abs/1803.06373. Accessed 09 Jun 2023
Kantaros Y, Carpenter T, Sridhar K, Yang Y, Lee I, Weimer J (2021) Real-time detectors for digital and physical adversarial inputs to perception systems, in ICCPS 2021 - proceedings of the 2021 ACM/IEEE 12th international conference on cyber-physical systems (with CPS-IoT week 2021). https://doi.org/10.1145/3450267.3450535
Kantipudi J, Dubey SR, Chakraborty S (2021) Color channel perturbation attacks for fooling convolutional neural networks and a defense against such attacks. IEEE Trans Artif Intell 1(2). https://doi.org/10.1109/tai.2020.3046167
Karmon D, Zoran D, Goldberg Y (2018) LaVAN: localized and visible adversarial noise, in 35th International Conference on Machine Learning, ICML 2018, pp. 2512–2520. [Online]. Available: http://arxiv.org/abs/1801.02608
Kim J, Lee K, Lee H, Yang H, Oh SY (2021) Camouflaged adversarial attack on object detector, in International Conference on Control, Automation and Systems, vol. 2021-October. https://doi.org/10.23919/ICCAS52745.2021.9650004
Koh PW, Steinhardt J, Liang P (2022) Stronger data poisoning attacks break data sanitization defenses. Mach Learn 111(1). https://doi.org/10.1007/s10994-021-06119-y
Kong Z, Guo J, Li A, Liu C (2020) PhysGAN: generating physical-world-resilient adversarial examples for autonomous driving. In: Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp 14254–14263. https://doi.org/10.1109/CVPR42600.2020.01426
Ku H, Susilo W, Zhang Y, Liu W, Zhang M (2022) [1], Comput Stand Interfaces, vol. 80, https://doi.org/10.1016/j.csi.2021.103583
Kurakin A, Goodfellow IJ, Bengio S (2017) Adversarial machine learning at scale, in 5th International Conference on Learning Representations, ICLR 2017 - Conference Track Proceedings
Kurakin A, Goodfellow I, Bengio S (2019) Adversarial examples in the physical world. In: 5th International Conference on Learning Representations, ICLR 2017 - Workshop Track Proceedings, pp 1–14
Kurakin A, Goodfellow IJ, Bengio S (2017) Adversarial examples in the physical world. In: 5th International Conference on Learning Representations, ICLR 2017 - Workshop Track Proceedings, pp 1–14. https://doi.org/10.1201/9781351251389-8
Laidlaw C, Feizi S (2019) Functional adversarial attacks, in Advances in Neural Information Processing Systems (2019), pp. 1–11. [Online]. Available: http://arxiv.org/abs/1906.00001
Lamb A, Binas J, Goyal A, Serdyuk D, Subramanian S, Mitliagkas I, Bengio Y (2019) Fortified networks: improving the robustness of deep networks by modeling the manifold of hidden representations. In: ICLR 2019 Conference Paper, pp 1–14
Lee JW et al. (2022) Privacy-preserving machine learning with fully homomorphic encryption for deep neural network. IEEE Access, vol. 10, https://doi.org/10.1109/ACCESS.2022.3159694
Li X, Li F (2017) Adversarial examples detection in deep networks with convolutional filter statistics. In: Proceedings of the IEEE International Conference on Computer Vision, 2017-October, pp 5775–5783. https://doi.org/10.1109/ICCV.2017.615
Li D, Yang Y, Song YZ, Hospedales TM (2017) Deeper, broader and artier domain generalization, in Proceedings of the IEEE International Conference on Computer Vision, vol. 2017-October. https://doi.org/10.1109/ICCV.2017.591
Li C, Weng H, Ji S, Dong J, He Q (2019) DeT: Defending against adversarial examples via decreasing transferability. Lect Notes Comput Sci (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 11982(LNCS):307–322. https://doi.org/10.1007/978-3-030-37337-5_25
Liang B, Li H, Su M, Li X, Shi W, Wang X (2021) Detecting adversarial image examples in deep networks with adaptive noise reduction. IEEE Trans Depend Secure Comput 18:72–85. https://doi.org/10.1109/TDSC.2018.2874243
Liao F, Liang M, Dong Y, Pang T, Hu X, Zhu J (2018) Defense against adversarial attacks using high-level representation guided denoiser, in CVPR-2018, pp. 11778–1787. [Online]. Available: http://arxiv.org/abs/1712.02976
Lin J, Gan C, Han S (2019) Defensive quantization: when efficiency meets robustness. In: conference paper at ICLR 2019, pp 1–14
Ling X, Ji S, Zou J, Wang J, Wu C, Li B, Wang T (2019) Deepsec: a uniform platform for security analysis of deep learning model. In: Proceedings of the IEEE Symposium on Security and Privacy (SP’19). IEEE, pp 673–690
Liu Q, Wang G, Liu X, Peng T, Wu J (2017) Achieving reliable and secure services in cloud computing environments. Comput Electr Eng:153–164. http://www.elsevier.com/open-access/userlicense/1.0/
Liu Y, Chen X, Liu C, Song D (2017) Delving into transferable adversarial examples and black-box attacks, in 5th International Conference on Learning Representations, ICLR 2017 - Conference Track Proceedings
Liu X, Cheng M, Zhang H, Hsieh C-J (2017) Towards robust neural networks via random self-ensemble, in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics, pp. 381–397. [Online]. Available: http://arxiv.org/abs/1712.00673
Liu Z et al. (2018) Feature distillation: DNN-Oriented JPEG compression against adversarial examples, [Online]. Available: http://arxiv.org/abs/1803.05787
Liu N, Yang H, Hu X (2018) Adversarial detection with model interpretation, in Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1803–1811. https://doi.org/10.1145/3219819.3220027
Liu X, Li Y, Wu C, Hsieh C-J (2019) Adv-BNN: improved adversarial defense through robust Bayesian neural network, in ICLR 2019, pp. 1–13. [Online]. Available: http://arxiv.org/abs/1810.01279
Liu X, Liu Q, Peng T, Wu J (2019) Dynamic access policy in cloud-based personal health record (PHR) Systems, [Online]. Available: https://www.sciencedirect.com/science/article/pii/S00200255163045714471c2261a00eeee8437283fbc65dca8https://www.elsevier.com/open-access/userlicense/1.0/
Liu X et al. (2021) Privacy and security issues in deep learning: a survey. IEEE Access, vol. 9. https://doi.org/10.1109/ACCESS.2020.3045078
Lu J, Issaranon T, Forsyth D (2017) SafetyNet: detecting and rejecting adversarial examples robustly, in Proceedings of the IEEE International Conference on Computer Vision, pp. 446–454
Lyu C, Huang K, Liang HN (2016) A unified gradient regularization family for adversarial examples, in Proceedings - IEEE International Conference on Data Mining, ICDM, vol. 2016-January. https://doi.org/10.1109/ICDM.2015.84
Ma X, Li B, Wang Y, Erfani SM, Wijewickrema S, Schoenebeck G, Song D, Houle ME, Bailey J (n.d.) Characterizing adversarial subspaces using local intrinsic dimensionality. ICLR 2018:1–15
Ma S, Liu Y, Tao G, Lee W-C, Zhang X (2019) NIC: detecting adversarial samples with neural network invariant checking. Network and Distributed System Security:1–15. https://doi.org/10.14722/ndss.2019.23415
Ma J, Deng J, Mei Q (2022) Adversarial attack on graph neural networks as an influence maximization problem, in WSDM 2022 - proceedings of the 15th ACM international conference on web search and data mining. https://doi.org/10.1145/3488560.3498497.
Machado GR, Goldschmidt RR, Silva E (2019) MultiMagnet: A non-deterministic approach based on the formation of ensembles for defending against adversarial images. In: ICEIS 2019 - Proceedings of the 21st International Conference on Enterprise Information Systems, 1. https://doi.org/10.5220/0007714203070318
Machado GR, Silva E, Goldschmidt RR (2023) Adversarial machine learning in image classification: a survey toward the Defender’s perspective. ACM Comput Surv 55(1):1–38. https://doi.org/10.1145/3485133
Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A (2018) Towards deep learning models resistant to adversarial attacks, in 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp. 1–23
Mattsson UT (2005) “A practical implementation of transparent encryption and separation of duties in enterprise databases: protection against external and internal attacks on databases,” in ICEIS 2005 - proceedings of the 7th international conference on Enterprise information systems. https://doi.org/10.5220/0002518001460153
Meng D, Chen H (2017) MagNet: a two-pronged defense against adversarial examples. In: Proceedings of the ACM Conference on Computer and Communications Security, pp 135–147. https://doi.org/10.1145/3133956.3134057
Meng MH et al. (2022) Adversarial robustness of deep neural networks: a survey from a formal verification perspective, IEEE Trans Depend Secure Comput , pp. 1–18, https://doi.org/10.1109/TDSC.2022.3179131
Metzen JH, Kumar MC, Brox T, V. Fischer (2017) Universal adversarial perturbations against semantic image segmentation, in Proceedings of the IEEE International Conference on Computer Vision, vol. 2017-October. https://doi.org/10.1109/ICCV.2017.300
Metzen JH, Genewein T, Fischer V, Bischoff B (2017) On detecting adversarial perturbations. In: 5th International Conference on Learning Representations, ICLR 2017 - Conference Track Proceedings, pp 1–12
Michel A, Jha SK, Ewetz R (2022) A survey on the vulnerability of deep neural networks against adversarial attacks. Progress in Artif Intell 11(2). https://doi.org/10.1007/s13748-021-00269-9
Miller DJ, Xiang Z, Kesidis G (2020) Adversarial learning targeting deep neural network classification: a comprehensive review of defenses against attacks. Proc IEEE 108(3). https://doi.org/10.1109/JPROC.2020.2970615
Moosavi-Dezfooli S-M, Fawzi A, Frossard’ PF, Polytechnique F, de Lausanne F (2016) DeepFool: a simple and accurate method to fool deep neural networks,” in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2016, pp. 2574–2582. [Online]. Available: http://github.com/lts4/deepfool
Moosavi-Dezfooli SM, Fawzi A, Fawzi O, Frossard P, Soatto S (2017) Analysis of universal adversarial perturbations. https://doi.org/10.48550/arXiv.2012.14352
Moosavi-Dezfooli SM, Fawzi A, Fawzi O, Frossard P (2017) Universal adversarial perturbations, in Proceedings - 30th IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2017, vol. 2017-January. https://doi.org/10.1109/CVPR.2017.17
Moosavi-Dezfooli S-M, Shrivastava A, Tuzel O (2018) Divide, denoise, and defend against adversarial attacks, [Online]. Available: http://arxiv.org/abs/1802.06806. Accessed 09 Jun 2023
Mustafa A, Khan SH, Hayat M, Shen J, Shao L (2020) Image super-resolution as a defense against adversarial attacks. IEEE Trans Image Process 29:1711–1724. https://doi.org/10.1109/TIP.2019.2940533
Na T, Ko JH, Mukhopadhyay S (2017) Cascade adversarial machine learning regularized with a unified embedding, in ICLR 2018, pp. 1–16. [Online]. Available: http://arxiv.org/abs/1708.02582
Narodytska N, Kasiviswanathan S (2017) Simple black-box adversarial attacks on deep neural networks, in IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops, vol. 2017-July, pp. 1310–1318. https://doi.org/10.1109/CVPRW.2017.172
Naseer M, Khan S, Hayat M, Khan FS, Porikli F (2020) A self-supervised approach for adversarial robustness, in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp. 262–271. https://doi.org/10.1109/CVPR42600.2020.00034
Nelson B, Barreno M, Jack Chi F, Joseph AD, Rubinstein BIP, Saini U, Sutton C, Tygar JD, Xia K (2009) Misleading learners: co-opting your spam filter. In: Machine Learning in Cyber Trust: Security, Privacy, and Reliability, pp 17–51. https://doi.org/10.1007/978-0-387-88735-7_2
Nguyen L, Wang S, Sinha A(2018) A learning and masking approach to secure learning, in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11199 LNCS. https://doi.org/10.1007/978-3-030-01554-1_26
Nicolae M-I et al. (2018) Adversarial robustness Toolbox v1.0.0, [Online]. Available: http://arxiv.org/abs/1807.01069
Nyo MT, Mebarek-Oudina F, Hlaing SS, Khan NA (2022) Otsu’s thresholding technique for MRI image brain tumor segmentation. Multimed Tools Appl, https://doi.org/10.1007/s11042-022-13215-1.
Pang T, Du C, Zhu J (2022) Robust deep learning via reverse cross-entropy training and thresholding test, ArXiv, 2017, Accessed: Apr. 25. [Online]. Available: arXiv:1706.00633v4
Papernot N (2018) A marauder’s map of security and privacy in machine learning. In: Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security, pp 1–1
Papernot N, McDaniel P (2017) Extending defensive distillation, [Online]. Available: http://arxiv.org/abs/1705.05264
Papernot N, McDaniel P (2018) Deep k-nearest neighbors: towards confident, interpretable and robust deep learning, [Online]. Available: http://arxiv.org/abs/1803.04765. Accessed 09 Jun 2023
Papernot N, McDaniel P, Goodfellow I (2016) Transferability in machine learning: from phenomena to black-box attacks using adversarial samples, May, [Online]. Available: http://arxiv.org/abs/1605.07277. Accessed 09 Jun 2023
Papernot N, McDaniel P, Wu X, Jha S, Swami A (2016) Distillation as a defense to adversarial perturbations against deep neural networks. Proceed 2016 IEEE Symp Secur Privacy, SP 2016:582–597. https://doi.org/10.1109/SP.2016.41
Papernot N et al. (2016) Technical Rreport on the CleverHans v2.1.0 adversarial examples library, [Online]. Available: http://arxiv.org/abs/1610.00768. Accessed 09 Jun 2023
Papernot N, McDaniel P, Goodfellow I, Jha S, Celik ZB, Swami A (2017) Practical black-box attacks against machine learning, in ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security, pp. 506–519. https://doi.org/10.1145/3052973.3053009
Papernot N, Mcdaniel P, Jha S, Fredrikson M, Celik ZB, Swami A (2016) The limitations of deep learning in adversarial settings. Proceed 2016 IEEE Eur Symp Secur Privacy, EURO S and P (2016):372–387. https://doi.org/10.1109/EuroSP.2016.36
Prakash A, Moran N, Garber S, DiLillo A, Storer J (2018) Deflecting adversarial attacks with pixel deflection, in CVPR-2018, pp. 8571–8580. [Online]. Available: http://arxiv.org/abs/1801.08926
Ranjan R, Sankaranarayanan S, Castillo CD, Chellappa R (2017) Improving network robustness against adversarial attacks with compact convolution, [Online]. Available: http://arxiv.org/abs/1712.00699. Accessed 09 Jun 2023
Rauber J, Brendel W, Bethge M (2017) Foolbox: a python toolbox to benchmark the robustness of machine learning models, [Online]. Available: http://arxiv.org/abs/1707.04131. Accessed 09 Jun 2023
Ren H, Huang T, Yan H (2021) Adversarial examples: attacks and defenses in the physical world. Int J Mach Learn Cybern, https://doi.org/10.1007/s13042-020-01242-z
Rivest RL, Adleman L, Dertouzos ML (1978) On data banks and privacy Homomorphisms, Found Secure Comput , pp. 169–179
Ros AS, Doshi-Velez F (2018) Improving the adversarial robustness and interpretability of deep neural networks by regularizing their input gradients. 32nd AAAI Conf Artif Intell, AAAI 2018:1660–1669
Rozsa A, Rudd EM, Boult T. E (2016) Adversarial diversity and hard positive generation, in IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops, pp. 25–32. https://doi.org/10.1109/CVPRW.2016.58
Ruan Y, Dai J (2018) TwinNet: a double sub-network framework for detecting universal adversarial perturbations. Future Int 10(3). https://doi.org/10.3390/fi10030026
Rubinstein BIP et al. (2009) Antidote: Understanding and defending against poisoning of anomaly detectors, in Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC, pp. 1–14. https://doi.org/10.1145/1644893.1644895
Ryu G, Park H, Choi D (2021) Adversarial attacks by attaching noise markers on the face against deep face recognition. J Inf Secu Appl 60. https://doi.org/10.1016/j.jisa.2021.102874
Samangouei P, Kabkab M, Chellappa R (2018) Defense-Gan: protecting classifiers against adversarial attacks using generative models,” in 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp. 1–17
Sankaranarayanan S, Chellappa R, Jain A, Lim SN (2018) Regularizing deep networks using efficient layerwise adversarial training. 32nd AAAI Conf Artif Intell AAAI 2018:4008–4015
Sarkar S, Bansal A, Mahbub U, Chellappa R (2017) UPSET and ANGRI : breaking high performance image classifiers. Available: http://arxiv.org/abs/1707.01159. Accessed 09 Jun 2023
Schölkopf B, Janzing D, Peters J, Sgouritsa E, Zhang K, Mooij J (2012) On causal and anticausal learning, in Proceedings of the 29th International Conference on Machine Learning, ICML 2012, vol. 2
Sengupta S, Chakraborti T, Kambhampati S (n.d.) MTDeep: boosting the security of deep neural nets against adversarial attacks with moving target defense. lecture notes in computer science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2019), pp 479–491
Shaham U, Yamada Y, Negahban S (2018) Understanding adversarial training: increasing local stability of neural nets through robust optimization. Neurocomputing 307:195–204
Shailaja GK, Rao CVG (2022) Robust and lossless data privacy preservation: optimal key based data sanitization. Evol Intell 15(2). https://doi.org/10.1007/s12065-019-00309-3
Shane J (2018) Do neural nets dream of electric sheep? aiweirdness.com. Accessed 09 Jun 2023
Sharif M, Bhagavatula S, Bauer L, Reiter MK (2016) Accessorize to a crime: real and stealthy attacks on state-of-the-art face recognition, in Proceedings of the ACM Conference on Computer and Communications Security, vol. 24-28-October-2016. https://doi.org/10.1145/2976749.2978392
Sharma A, Bian Y, Munz P, Narayan A (2022) Adversarial patch attacks and defences in vision-based tasks: a survey, [Online]. Available: http://arxiv.org/abs/2206.08304
Shen S, Jin G, Gao K, Zhang Y (2019) APE-GAN: adversarial perturbation elimination with GAN, in ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings, Jul. 2019, pp. 3842–3846. [Online]. Available: http://arxiv.org/abs/1707.05474
Shokri R, Stronati M, Song C, Shmatikov V (2017) Membership inference attacks against machine learning models, in Proceedings - IEEE Symposium on Security and Privacy, pp. 3–18. https://doi.org/10.1109/SP.2017.41
Singh A, Sikdar B (2022) Adversarial attack and defence strategies for deep-learning-based IoT device classification techniques. IEEE Internet Things J 9(4). https://doi.org/10.1109/JIOT.2021.3138541
Sinha A, Namkoong H, Duchi J (2018) Certifying some distributional robustness with principled adversarial training, in International Conference on Learning Representations (ICLR), pp. 1–34
Song Y, Nowozin S, Kushman N, Kim T, Ermon S (2018) PixelDefend: Leveraging generative models to understand and defend against adversarial examples. In: 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp 1–20
Srinivasan V, Marban A, Müller K-R, Samek W, Nakajima S (2018) Counterstrike: Defending deep learning architectures against adversarial samples by langevin dynamics with supervised denoising autoencoder, arXiv
Steinhardt J, Koh PW, Liang P (2017) Certified defenses for data poisoning attacks. In: Advances in Neural Information Processing Systems, 2017-December, pp 1–13
Strauss T, Hanselmann M, Junginger A, Ulmer H (2018) Ensemble methods as a defense to adversarial perturbations against deep neural networks, in ICLR 2018 6th International Conference on Learning Representations, pp. 1–10. [Online]. Available: http://arxiv.org/abs/1709.03423
Su J, Vargas DV, Sakurai K (2019) One pixel attack for fooling deep neural networks. IEEE Trans Evol Comput 23(5):828–841. https://doi.org/10.1109/TEVC.2019.2890858
Sykes ER (2022) A deep learning computer vision iPad application for sales rep optimization in the field. Vis Comput 38(2):729–748, https://doi.org/10.1007/s00371-020-02047-5
Szegedy C et al. (2014) Intriguing properties of neural networks, in 2nd International Conference on Learning Representations, ICLR 2014 - Conference Track Proceedings, , pp. 1–10
Tanay T, Griffin L (2016) A boundary tilting persepective on the phenomenon of adversarial examples, [Online]. Available: http://arxiv.org/abs/1608.07690. Accessed 09 Jun 2023
Torralba A, Efros AA (2011) Unbiased look at dataset bias. In: Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition. pp 1521–1528. https://doi.org/10.1109/CVPR.2011.5995347
Tramèr F, Zhang F, Juels A, Reiter MK, Ristenpart T (2016) Stealing machine learning models via prediction APIs, in Proceedings of the 25th USENIX Security Symposium, pp. 601–618
Tramèr F, Papernot N, Goodfellow I, Boneh D, McDaniel P (2017) The space of transferable adversarial examples, [Online]. Available: http://arxiv.org/abs/1704.03453. Accessed 09 Jun 2023
Tramèr F, Kurakin A, Papernot N, Goodfellow I, Boneh D, McDaniel P (2018) Ensemble adversarial training: Attacks and defenses, in 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp. 1–20
Tramèr F, Carlini N, Brendel W, Madry A (2020) On adaptive attacks to adversarial example defenses, in Advances in Neural Information Processing Systems, vol. 2020-December
Tsipras D, Santurkar S, Engstrom L, Turner A, Madry A (2019) Robustness may be at odds with accuracy. 7th Int Conf Learn Represent, ICLR 2019:1–23
Tu C-C et al. (2019) AutoZOOM: Autoencoder-based Zeroth order optimization method for attacking black-box neural networks, in 33rd AAAI Conference on Artificial Intelligence, AAAI 2019, 31st Innovative Applications of Artificial Intelligence Conference, IAAI 2019 and the 9th AAAI Symposium on Educational Advances in Artificial Intelligence, EAAI 2019, pp. 742–749. [Online]. Available: http://arxiv.org/abs/1805.11770
Turner A, Tsipras D, Madry A (2019) Clean-label backdoor attacks, The International Conference on Learning Representations
Uesato J, O’Donoghue B, van den Oord A, Kohli P (2018) Adversarial risk and the dangers of evaluating against weak attacks, in 35th International Conference on Machine Learning, ICML, 2018, vol. 11
Venkatesh Babu R (2020) Single-step adversarial training with dropout scheduling, in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp. 947–956
Wang X, Li J, Kuang X, Tan YA, Li J (2019) The security of machine learning in an adversarial setting: a survey. J Parallel Distrib Comput 130:12–23. https://doi.org/10.1016/j.jpdc.2019.03.003
Wang Y, Zou D, Yi J, Bailey J, Ma X, Gu Q (2020) “Improving Adversarial Robustness Requires Revisiting Misclassified Examples,” in International Conference on Learning Representations, ICLR- Conference Track Proceedings, pp. 1–14
Wang Y et al (2021) Towards a physical-world adversarial patch for blinding object detection models. Inf Sci (N Y) 556. https://doi.org/10.1016/j.ins.2020.08.087
Wang J, Shi L, Zhao Y, Zhang H, Szczerbicki E (2022) “Adversarial attack algorithm for traffic sign recognition,” Multimed Tools Appl, https://doi.org/10.1007/s11042-022-14067-5
Wang W, Wang L, Wang R, Ye A, Ke J (2022) Better constraints of imperceptibility, better adversarial examples in the text. Int J Intell Syst 37(6):3440–3459. https://doi.org/10.1002/int.22696
Wenger E, Passananti J, Bhagoji AN, Yao Y, Zheng H, Zhao BY (2021) “Backdoor Attacks Against Deep Learning Systems in the Physical World,” in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp. 6202–6211. https://doi.org/10.1109/CVPR46437.2021.00614
Wiyatno RR, Xu A, Dia O, de Berker A (2019) “Adversarial examples in modern machine learning: A Review,”[Online]. Available: http://arxiv.org/abs/1911.05268
Wu J, Chen B, Luo W, Fang Y (2020) Audio steganography based on iterative adversarial attacks against convolutional neural networks. IEEE Trans Inf Forensic Secur 15. https://doi.org/10.1109/TIFS.2019.2963764
Xiao H, Biggio B, Nelson B, Xiao H, Eckert C, Roli F ((2015)) Support vector machines under adversarial label contamination, in Neurocomputing, pp. 97–112. [Online]. Available: http://pdfrate.com
Xiao C, Li B, Zhu JY, He W, Liu M, Song D (2018) Generating adversarial examples with adversarial networks. In: Proceedings of the Twenty-Seventh International Joint Conference on Artificial Intelligence, vol. 2018-July, pp 3905–3911. https://doi.org/10.24963/ijcai.2018/543
Xiao C, Zhu J-Y, Li B, He W, Liu M, Song D (2018) Spatially transformed adversarial examples, in 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp. 1–30. [Online]. Available: http://arxiv.org/abs/1801.02612
Xie C, Wang J, Zhang Z, Ren Z, Yuille A (2018) Mitigating adversarial effects through randomization, in 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp. 1–16. [Online]. Available: http://arxiv.org/abs/1711.01991
Xu W, Evans D, Qi Y (2018) Feature squeezing: detecting adversarial examples in deep neural networks. In: Proceedings 2018 Network and Distributed System Security Symposium. Network and Distributed System Security Symposium, San Diego, pp 1–16. https://doi.org/10.14722/ndss.2018.23198
Xu R, Joshi JBD, Li C (2019) CryptoNN: training neural networks over encrypted data, in Proceedings - International Conference on Distributed Computing Systems, vol. 2019-July. https://doi.org/10.1109/ICDCS.2019.00121
Xu K et al. (2020) Adversarial t-shirt! Evading person detectors in a physical world, in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12350 LNCS. https://doi.org/10.1007/978-3-030-58558-7_39
Yan Z, Guo Y, Zhang C (2018) Deep defense: training DNNs with improved adversarial robustness, in Advances in Neural Information Processing Systems 31 (NeurIPS 2018), pp. 1–18. [Online]. Available: http://arxiv.org/abs/1803.00404
Yan H, Du J, Tan VYF, Feng J (2019) On robustness of neural ordinary differential equations, [Online]. Available: http://arxiv.org/abs/1910.05513
Yang Z, Chang EC, Zhang J, Liang Z (2019) Neural network inversion in adversarial setting via background knowledge alignment, in Proceedings of the ACM Conference on Computer and Communications Security, pp. 225–240. https://doi.org/10.1145/3319535.3354261
Yang Y, Zhang G, Katabi D, Xu Z (2019) ME-Net: towards effective adversarial robustness with matrix estimation, in 36th International Conference on Machine Learning, ICML 2019. [Online]. Available: https://github.com/YyzHarry/ME-Net
Yuan X, He P, Zhu Q, Li X (2019) Adversarial examples: attacks and defenses for deep learning. IEEE Trans Neural Netw Learn Syst 30(9):2805–2824. https://doi.org/10.1109/TNNLS.2018.2886017
Zantedeschi V, Nicolae M-I, Rawat A (2017) Efficient defenses against adversarial attacks, in Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, pp. 39–49. [Online]. Available: http://arxiv.org/abs/1707.06728
Zhang C, Costa-Perez X, Patras P (2022) Adversarial attacks against deep learning-based network intrusion detection systems and defense mechanisms. IEEE/ACM Trans Networking, https://doi.org/10.1109/TNET.2021.3137084
Zhao R (2021) The vulnerability of the neural networks against adversarial examples in deep learning algorithms, in Proceedings - 2021 2nd International Conference on Computing and Data Science, CDS 2021, pp. 287–295. https://doi.org/10.1109/CDS52072.2021.00057
Zheng Z, Hong P (2018) Robust detection of adversarial attacks by modeling the intrinsic properties of deep neural networks. Adv Neural Inf Proces Syst:7924–7933
Zhou Y, Han M, Liu L, He J, Gao X (2019) The adversarial attacks threats on computer vision: a survey. In: 2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems Workshops (MASSW), pp 25–30. https://doi.org/10.1109/MASSW.2019.00012
Zhu C, Shao R, Zhang X, Gao S, Li B (2022) Application of virtual reality based on computer vision in sports posture correction. Wireless Communications and Mobile Computing ,2022, 1–15. https://doi.org/10.1155/2022/3719971
Ziller A, Usynin D, Braren R, Makowski M, Rueckert D, Kaissis G (2021) Medical imaging deep learning with differential privacy. Sci Rep 11(1). https://doi.org/10.1038/s41598-021-93030-0
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Competing interests
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Bajaj, A., Vishwakarma, D.K. A state-of-the-art review on adversarial machine learning in image classification. Multimed Tools Appl 83, 9351–9416 (2024). https://doi.org/10.1007/s11042-023-15883-z
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-023-15883-z