Skip to main content
SpringerLink
Log in

A state-of-the-art review on adversarial machine learning in image classification

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Computer vision applications like traffic monitoring, security checks, self-driving cars, medical imaging, etc., rely heavily on machine learning models. It raises an essential growing concern regarding the dependability of machine learning algorithms, which cannot be entirely trusted due to their fragile nature. This leads us to a dire need for systematic analysis of adversarial settings in neural networks. Hence, this article presents a comprehensive study of vulnerabilities, possible attacks such as data poisoning and data access during training, evasion, and oracle attacks at the test time, and their defensive and preventive measures using novel taxonomies. The survey has covered the complete scenario where an adversary can make malicious manipulations and elaborated more on the most potent threat, i.e., test time evasion attack using an adversarial image (maliciously perturbed image). It expounds an intuition behind generating an adversarial image, covering all relevant adversarial attack algorithms and strategies for increasing robustness against adversarial images. The existence and effect of adversarial images, as well as their transferability, are also examined. The article guides the reader with an approach on building new models to enhance their reliability. Additionally, the survey presents the procedures that still demand further exploration with limitations in existing methods, enhancing future research directions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24
Fig. 25
Fig. 26
Fig. 27
Fig. 28
Fig. 29
Fig. 30
Fig. 32
Fig. 31
Fig. 33
Fig. 34
Fig. 35
Fig. 36
Fig. 37
Fig. 38

Similar content being viewed by others

Notes

  1. https://www.youtube.com/watch?v=_1MHGUC_BzQ

  2. https://www.youtube.com/watch?v=TIUU1xNqI8w

References

  1. Abbasi M, Gagné C (2019) Robustness to adversarial examples through an ensemble of specialists, in 5th International Conference on Learning Representations, ICLR 2017 - Workshop Track Proceedings, pp. 1–9

  2. Ahmad S, Mehfuz S, Mebarek-Oudina F, Beg J (2022) RSM analysis based cloud access security broker: a systematic literature review. Clust Comput 25(5):3733–3763. https://doi.org/10.1007/s10586-022-03598-z

    Article  Google Scholar 

  3. Ahmadi MA, Dianat R, Amirkhani H (2021) An adversarial attack detection method in deep neural networks based on re-attacking approach. Multimed Tools Appl 80(7). https://doi.org/10.1007/s11042-020-10261-5

  4. Akhtar N, Liu J, Mian A (2018) Defense against universal adversarial perturbations. Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition 2017:3389–3398

    Google Scholar 

  5. Akhtar N, Mian A, Kardan N, Shah M (2021) Advances in Adversarial Attacks and Defenses in Computer Vision: A Survey. IEEE Access, vol. 9. Institute of Electrical and Electronics Engineers Inc., pp. 155161–155196. https://doi.org/10.1109/ACCESS.2021.3127960

  6. Alcorn MA et al (2019) Strike (with) a pose: Neural networks are easily fooled by strange poses of familiar objects, in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, vol. 2019-June. https://doi.org/10.1109/CVPR.2019.00498

  7. Alsmadi I et al (2022) Adversarial machine learning in text processing: a literature survey. IEEE Access, vol. 10, https://doi.org/10.1109/ACCESS.2022.3146405

  8. Alsuwat E, Alsuwat H, Valtorta M, Farkas C (2020) Adversarial data poisoning attacks against the PC learning algorithm. Int J Gen Syst 49(1). https://doi.org/10.1080/03081079.2019.1630401

  9. Alzantot M, Sharma Y, Chakraborty S, Zhang H, Hsieh C-J, Srivastava M (2019) GenAttack: practical black-box attacks with gradient-free optimization, in GECCO 2019 - Proceedings of the 2019 Genetic and Evolutionary Computation Conference, May 2019, pp 1111–1119

  10. Andriushchenko M, Croce F, Flammarion N, Hein M (2020) Square attack: a query-efficient black-box adversarial attack via random search, in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12368 LNCS. https://doi.org/10.1007/978-3-030-58592-1_29

  11. Athalye A, Carlini N, Wagner D (2018) Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples. In: 35th International Conference on Machine Learning, ICML 2018, pp 274–283

  12. Athalye A, Engstrom L, Ilyas A, Kwok K (2018) Synthesizing robust adversarial examples. In: 35th International Conference on Machine Learning, ICML 2018, pp 1–20

  13. Bakhti Y, Fezza SA, Hamidouche W, Deforges O (2019) DDSA: a defense against adversarial attacks using deep Denoising sparse autoencoder. IEEE Access 7:160397–160407. https://doi.org/10.1109/ACCESS.2019.2951526

    Article  Google Scholar 

  14. Baluja S, Fischer I (nd) Adversarial transformation networks: learning to generate adversarial examples, in Proceedings of AAAI-2018, AAAI, pp. 2687–2695. [Online]. Available: http://arxiv.org/abs/1703.09387

  15. Bao Z, Lin Y, Zhang S, Li Z, Mao S (2021) Threat of adversarial attacks on DL-based IoT device identification. IEEE Internet Things J. https://doi.org/10.1109/JIOT.2021.3120197

  16. Barbu A et al. (2019) ObjectNet: a large-scale bias-controlled dataset for pushing the limits of object recognition models, in Advances in Neural Information Processing Systems, vol. 32

  17. Barreno M, Nelson B, Joseph AD, Tygar JD (2010) The security of machine learning. Mach Learn 81(2):121–148. https://doi.org/10.1007/s10994-010-5188-5

    Article  MathSciNet  Google Scholar 

  18. Bhagoji AN, Cullina D, Sitawarin C, Mittal P (2018) Dimensionality reduction as a defense against evasion attacks on machine learning classifier, 2018 52nd Annual Conference on Information Sciences and Systems, CISS 2018, no. 1

  19. Bickel S, Brückner M, Scheffer T (2009) Discriminative learning under covariate shift. J Mach Learn Res 10:2137–2155

    MathSciNet  Google Scholar 

  20. Biggio B, Fumera G, Roli F (2010) Multiple classifier systems for robust classifier design in adversarial environments. Int J Mach Learn Cybern 1(1–4). https://doi.org/10.1007/s13042-010-0007-7

  21. Biggio B, Corona I, Fumera G, Giacinto G, Roli F (2011) Bagging classifiers for fighting poisoning attacks in adversarial classification tasks, in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6713 LNCS. https://doi.org/10.1007/978-3-642-21557-5_37

  22. Brendel W, Bethge M (2019) Approximating cnns with bag-of-local-features models works surprisingly well on Imagenet, in 7th International Conference on Learning Representations, ICLR, 2019

  23. Brendel W, Rauber J, Bethge M (2017) Decision-based adversarial attacks: reliable attacks against black-box machine learning models. In: 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings (2018), pp 1–12

  24. Buckman J, Roy A, Raffel C, Goodfellow I (2018) Thermometer encoding: one hot way to resist adversarial examples, in 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp. 1–22

  25. Cao X, Gong NZ (2017) Mitigating evasion attacks to deep neural networks via region-based classification. ACM Int Conf Proceed Ser Part F132521:278–287. https://doi.org/10.1145/3134600.3134606

    Article  Google Scholar 

  26. Carlini N, Wagner D (2017) Towards evaluating the robustness of neural networks, in Proceedings - IEEE Symposium on Security and Privacy, 2017, pp. 39–57. [Online]. Available: http://nicholas.carlini.com/code/nn

  27. Carlini N, Wagner D (2018) Audio adversarial examples: targeted attacks on speech-to-text. In: Proceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018, pp 1–7. https://doi.org/10.1109/SPW.2018.00009

  28. Carlini N, Wagner D (nd) MagNet and ‘efficient defenses against adversarial attacks’ are not robust to adversarial examples. [Online]. Available: https://github.com/carlini/MagNet

  29. Carlini N et al (2019) On evaluating adversarial robustness, https://nicholas.carlini.com, pp 1–24, [Online]. Available: http://arxiv.org/abs/1902.06705. Accessed 09 Jun 2023

  30. Carrara F, Falchi F, Caldelli R, Amato G, Becarelli R (2019) Adversarial image detection in deep neural networks. Multimed Tools Appl 78(3):2815–2835. https://doi.org/10.1007/s11042-018-5853-4

    Article  Google Scholar 

  31. Chen PY, Zhang H, Sharma Y, Yi J, Hsieh CJ (2017) ZOO: Zeroth order optimization based black-box atacks to deep neural networks without training substitute models, in AISec 2017 - Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, co-located with CCS 2017, pp. 15–26. https://doi.org/10.1145/3128572.3140448

  32. Chen J, Meng Z, Sun C, Tang W, Zhu Y (2017) ReabsNet: detecting and revising adversarial examples, [Online]. Available: http://arxiv.org/abs/1712.08250. Accessed 09 Jun 2023

  33. Chen P-Y, Sharma Y, Zhang H, Yi J, Hsieh C-J (2018) EAD: elastic-net attacks to deep neural networks via adversarial examples. In: 32nd AAAI Conference on Artificial Intelligence, AAAI 2018, pp 10–17

  34. Chen J, Su M, Shen S, Xiong H, Zheng H (2019) POBA-GA: Perturbation optimized black-box adversarial attacks via genetic algorithm, in computers and security, pp. 89–106. https://doi.org/10.1016/j.cose.2019.04.014

  35. Chen J, Jordan MI, Wainwright MJ (2020) HopSkipJumpAttack: a query-efficient decision-based attack. In: Proceedings - IEEE Symposium on Security and Privacy, pp 1277–1294

  36. Chen J, Guo Y, Zheng Q, Chen H (2021) Protect privacy of deep classification networks by exploiting their generative power. Mach Learn 110(4). https://doi.org/10.1007/s10994-021-05951-6

  37. Cisse M, Adi Y, Neverova N, Keshet J (2017) Houdini: fooling deep structured prediction models. In: Proceedings of the 31st International Conference on Neural Information Processing Systems, pp 6980–6990

  38. Cisse M, Bojanowski P, Grave E, Dauphin Y, Usunier N (2017) Parseval networks: improving robustness to adversarial examples. 34th Int Conf Mach Learn, ICML 2017:854–863

  39. Cohen G, Sapiro G, Giryes R (2020) Detecting adversarial samples using influence functions and nearest neighbors, in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp. 14441–14450. https://doi.org/10.1109/CVPR42600.2020.01446

  40. Croce F, Hein M (2020) Minimally distorted adversarial examples with a fast adaptive boundary attack. In: 37th International Conference on Machine Learning, ICML 2020, PartF168147-3, pp 1–23

  41. Das N et al. (2017) Keeping the bad guys out: protecting and vaccinating deep learning with JPEG compression, [Online]. Available: http://arxiv.org/abs/1705.02900

  42. Dhillon GS et al (2018) Stochastic activation pruning for robust adversarial defense. In: Conference paper at ICLR, pp 1–10

  43. Dong Y et al. (2018) Boosting adversarial attacks with momentum, in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp. 9185–9193. https://doi.org/10.1109/CVPR.2018.00957

  44. Dubey A, van der Maaten L, Yalniz Z, Li Y, Mahajan D (2019) Defense against adversarial images using web-scale nearest-neighbor search, in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp. 8767–8776. [Online]. Available: https://www.robust-ml.org/defenses/

  45. Eykholt K, Evtimov I, Fernandes E, Li B, Rahmati A, Xiao C, Prakash A, Kohno T, Song D (2018) Robust physical-world attacks on deep learning visual classification. In: Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition (2018), pp 1625–1634. Available: https://iotsecurity.eecs.umich.edu/#roadsigns

  46. Fan W, Sun G, Su Y, Liu Z, Lu X (2019) Integration of statistical detector and Gaussian noise injection detector for adversarial example detection in deep neural networks. Multimed Tools Appl 78(14). https://doi.org/10.1007/s11042-019-7353-6

  47. Feinman R, Curtin RR, Shintre S, Gardner AB (2017) Detecting adversarial samples from artifacts, [Online]. Available: http://arxiv.org/abs/1703.00410. Accessed 09 Jun 2023

  48. Folz J, Palacio S, Hees J, Dengel A (2020) Adversarial defense based on structure-to-signal autoencoders, in Proceedings - 2020 IEEE Winter Conference on Applications of Computer Vision, WACV 2020, pp. 3568–3577. https://doi.org/10.1109/WACV45572.2020.9093310

  49. Fredrikson M, Jha S, Ristenpart T (2015) Model inversion attacks that exploit confidence information and basic countermeasures, in Proceedings of the ACM Conference on Computer and Communications Security, vol. 2015-October. https://doi.org/10.1145/2810103.2813677

  50. Galloway A, Taylor GW, Moussa M (2018) Attacking binarized neural networks, in 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings

  51. Gao J, Wang B, Lin Z, Xu W, Qi Y (2019) DeepCloak: masking deep neural network models for robustness against adversarial samples, in 5th International Conference on Learning Representations, ICLR 2017 - Workshop Track Proceedings, pp. 1–8. [Online]. Available: http://arxiv.org/abs/1702.06763

  52. Gao R et al. (2021) Maximum mean discrepancy test is aware of adversarial attacks, in Proceedings of the Workshop on Multilingual Linguistic Ressources, pp. 1–12

  53. Geirhos R, Rubisch P, Michaelis C, Bethge M, Wichmann F, Brendel W (2019) ImageNet-trained CNNs are biased towards texture, Iclr, no. c, pp. 1–22

  54. Geirhos R et al. (2020) Shortcut learning in deep neural networks. Nat Mach Intell 2(11), https://doi.org/10.1038/s42256-020-00257-z

  55. Gong Z, Wang W, Ku W.-S (2017) Adversarial and clean data are not twins, [Online]. Available: http://arxiv.org/abs/1704.04960. Accessed 09 Jun 2023

  56. Goodfellow IJ, Shlens J, Szegedy C (2015) Explaining and harnessing adversarial examples, in 3rd International Conference on Learning Representations, ICLR 2015 - Conference Track Proceedings, pp. 6562–6572

  57. Goodman D, Xin H, Yang W, Yuesheng W, Junfeng X, Huan Z (2020) Advbox: a toolbox to generate adversarial examples that fool neural networks, [Online]. Available: http://arxiv.org/abs/2001.05574. Accessed 09 Jun 2023

  58. Grosse K, Manoharan P, Papernot N, Backes M, McDaniel P (2017) On the (Statistical) detection of adversarial examples, [Online]. Available: http://arxiv.org/abs/1702.06280. Accessed 09 Jun 2023

  59. Gu S, Rigazio L (2015) Towards deep neural network architectures robust to adversarial examples, in 3rd International Conference on Learning Representations, ICLR 2015 - Workshop Track Proceedings. [Online]. Available: http://arxiv.org/abs/1412.5068

  60. Gu T, Dolan-Gavitt B, Garg S (2017) BadNets: identifying vulnerabilities in the machine learning model supply chain, [Online]. Available: http://arxiv.org/abs/1708.06733

  61. Guo C, Rana M, Cisse M, van der Maaten L (2018) Countering adversarial images using input transformations. In: 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp 1–12

  62. Ha T, Dang TK, Le H, Truong TA (2020) Security and privacy issues in deep learning: a brief review. SN Comput Sci 1(5). https://doi.org/10.1007/s42979-020-00254-4

  63. Hayes J, Danezis G (2018) Learning universal adversarial perturbations with generative models. In: Proceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018, pp 43–49

  64. He W, Wei J, Chen X, Carlini N, Song D (2017) “Adversarial example defenses: Ensembles of weak defenses are not strong,” in 11th USENIX Workshop on Offensive Technologies, WOOT 2017, co-located with USENIX Security 2017, pp. 15–25

  65. He W, Li B, Song D (2018) “Decision Boundary Analysis of Adversarial Examples,” in 6th International Conference on Learning Representations, ICLR 2018, pp. 1–15. [Online]. Available: https://github.com/MadryLab/cifar10_challenge

  66. Hendrycks D, Dietterich T (2019) Benchmarking neural network robustness to common corruptions and perturbations. 7th Int Conf Learn Represent, ICLR 2019:1–16

    Google Scholar 

  67. Hendrycks D, Gimpel K (2017) Early methods for detecting adversarial images, in 5th International Conference on Learning Representations, ICLR 2017 - Workshop Track Proceedings, 2019, pp. 1–9

  68. Hendrycks D, Zhao K, Basart S, Steinhardt J, Song D (2021) Natural adversarial examples, in Conference on Computer Vision and Pattern Recognition (CVPR), pp. 15262–15271. https://doi.org/10.1109/cvpr46437.2021.01501

  69. Hinton G, Vinyals O, Dean J (2015) Distilling the knowledge in a neural network. In: Proceedings of the Deep Learning and Representation Learning Workshop at NIPS 2014

  70. Ho J, Lee BG, Kang DK (2022) Attack-less adversarial training for a robust adversarial defense. Appl Intell 52(4). https://doi.org/10.1007/s10489-021-02523-y

  71. Huang Y, Yu Y, Zhang H, Ma Y, Yao Y (2020) Adversarial robustness of stabilized neuralODEs might be from obfuscated gradients. In: Proceedings of the 2nd Mathematical and Scientific Machine Learning Conference, PMLR 145:497–515, 2022, pp 1–18

  72. Ilyas A, Engstrom L, Athalye A, Lin J (2018) Black-box Adversarial Attacks with Limited Queries and Information. In: 35th International Conference on Machine Learning, ICML 2018 (2018), pp 2142–2151

  73. Ilyas A, Santurkar S, Tsipras D, Engstrom L, Tran B, Madry A (2019) Adversarial examples are not bugs, they are features – gradient science. Neural Information Processing Systems (NeurIPS), no. NeurIPS

  74. Jacobsen JH, Behrmann J, Zemel R, Bethge M (2019) Excessive invariance causes adversarial vulnerability, in 7th International Conference on Learning Representations, ICLR 2019

  75. Jagielski M, Oprea A, Biggio B, Liu C, Nita-Rotaru C, Li B (2018) Manipulating machine learning: poisoning attacks and countermeasures for regression learning, in Proceedings - IEEE Symposium on Security and Privacy, vol. 2018-May. https://doi.org/10.1109/SP.2018.00057

  76. Jiang H, Lin J, Kang H (2022) FGMD: a robust detector against adversarial attacks in the IoT network. Futur Gener Comput Syst 132. https://doi.org/10.1016/j.future.2022.02.019

  77. Kabilan VM, Morris B, Nguyen A (2021) VectorDefense: vectorization as a defense to adversarial examples, in Studies in Computational Intelligence, 2018. [Online]. Available: http://arxiv.org/abs/1804.08529

  78. Kannan H, Kurakin A, Goodfellow I (2018) Adversarial logit pairing, [Online]. Available: http://arxiv.org/abs/1803.06373. Accessed 09 Jun 2023

  79. Kantaros Y, Carpenter T, Sridhar K, Yang Y, Lee I, Weimer J (2021) Real-time detectors for digital and physical adversarial inputs to perception systems, in ICCPS 2021 - proceedings of the 2021 ACM/IEEE 12th international conference on cyber-physical systems (with CPS-IoT week 2021). https://doi.org/10.1145/3450267.3450535

  80. Kantipudi J, Dubey SR, Chakraborty S (2021) Color channel perturbation attacks for fooling convolutional neural networks and a defense against such attacks. IEEE Trans Artif Intell 1(2). https://doi.org/10.1109/tai.2020.3046167

  81. Karmon D, Zoran D, Goldberg Y (2018) LaVAN: localized and visible adversarial noise, in 35th International Conference on Machine Learning, ICML 2018, pp. 2512–2520. [Online]. Available: http://arxiv.org/abs/1801.02608

  82. Kim J, Lee K, Lee H, Yang H, Oh SY (2021) Camouflaged adversarial attack on object detector, in International Conference on Control, Automation and Systems, vol. 2021-October. https://doi.org/10.23919/ICCAS52745.2021.9650004

  83. Koh PW, Steinhardt J, Liang P (2022) Stronger data poisoning attacks break data sanitization defenses. Mach Learn 111(1). https://doi.org/10.1007/s10994-021-06119-y

  84. Kong Z, Guo J, Li A, Liu C (2020) PhysGAN: generating physical-world-resilient adversarial examples for autonomous driving. In: Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp 14254–14263. https://doi.org/10.1109/CVPR42600.2020.01426

  85. Ku H, Susilo W, Zhang Y, Liu W, Zhang M (2022) [1], Comput Stand Interfaces, vol. 80, https://doi.org/10.1016/j.csi.2021.103583

  86. Kurakin A, Goodfellow IJ, Bengio S (2017) Adversarial machine learning at scale, in 5th International Conference on Learning Representations, ICLR 2017 - Conference Track Proceedings

  87. Kurakin A, Goodfellow I, Bengio S (2019) Adversarial examples in the physical world. In: 5th International Conference on Learning Representations, ICLR 2017 - Workshop Track Proceedings, pp 1–14

  88. Kurakin A, Goodfellow IJ, Bengio S (2017) Adversarial examples in the physical world. In: 5th International Conference on Learning Representations, ICLR 2017 - Workshop Track Proceedings, pp 1–14. https://doi.org/10.1201/9781351251389-8

  89. Laidlaw C, Feizi S (2019) Functional adversarial attacks, in Advances in Neural Information Processing Systems (2019), pp. 1–11. [Online]. Available: http://arxiv.org/abs/1906.00001

  90. Lamb A, Binas J, Goyal A, Serdyuk D, Subramanian S, Mitliagkas I, Bengio Y (2019) Fortified networks: improving the robustness of deep networks by modeling the manifold of hidden representations. In: ICLR 2019 Conference Paper, pp 1–14

  91. Lee JW et al. (2022) Privacy-preserving machine learning with fully homomorphic encryption for deep neural network. IEEE Access, vol. 10, https://doi.org/10.1109/ACCESS.2022.3159694

  92. Li X, Li F (2017) Adversarial examples detection in deep networks with convolutional filter statistics. In: Proceedings of the IEEE International Conference on Computer Vision, 2017-October, pp 5775–5783. https://doi.org/10.1109/ICCV.2017.615

  93. Li D, Yang Y, Song YZ, Hospedales TM (2017) Deeper, broader and artier domain generalization, in Proceedings of the IEEE International Conference on Computer Vision, vol. 2017-October. https://doi.org/10.1109/ICCV.2017.591

  94. Li C, Weng H, Ji S, Dong J, He Q (2019) DeT: Defending against adversarial examples via decreasing transferability. Lect Notes Comput Sci (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 11982(LNCS):307–322. https://doi.org/10.1007/978-3-030-37337-5_25

    Article  Google Scholar 

  95. Liang B, Li H, Su M, Li X, Shi W, Wang X (2021) Detecting adversarial image examples in deep networks with adaptive noise reduction. IEEE Trans Depend Secure Comput 18:72–85. https://doi.org/10.1109/TDSC.2018.2874243

    Article  Google Scholar 

  96. Liao F, Liang M, Dong Y, Pang T, Hu X, Zhu J (2018) Defense against adversarial attacks using high-level representation guided denoiser, in CVPR-2018, pp. 11778–1787. [Online]. Available: http://arxiv.org/abs/1712.02976

  97. Lin J, Gan C, Han S (2019) Defensive quantization: when efficiency meets robustness. In: conference paper at ICLR 2019, pp 1–14

  98. Ling X, Ji S, Zou J, Wang J, Wu C, Li B, Wang T (2019) Deepsec: a uniform platform for security analysis of deep learning model. In: Proceedings of the IEEE Symposium on Security and Privacy (SP’19). IEEE, pp 673–690

  99. Liu Q, Wang G, Liu X, Peng T, Wu J (2017) Achieving reliable and secure services in cloud computing environments. Comput Electr Eng:153–164. http://www.elsevier.com/open-access/userlicense/1.0/

  100. Liu Y, Chen X, Liu C, Song D (2017) Delving into transferable adversarial examples and black-box attacks, in 5th International Conference on Learning Representations, ICLR 2017 - Conference Track Proceedings

  101. Liu X, Cheng M, Zhang H, Hsieh C-J (2017) Towards robust neural networks via random self-ensemble, in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics, pp. 381–397. [Online]. Available: http://arxiv.org/abs/1712.00673

  102. Liu Z et al. (2018) Feature distillation: DNN-Oriented JPEG compression against adversarial examples, [Online]. Available: http://arxiv.org/abs/1803.05787

  103. Liu N, Yang H, Hu X (2018) Adversarial detection with model interpretation, in Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1803–1811. https://doi.org/10.1145/3219819.3220027

  104. Liu X, Li Y, Wu C, Hsieh C-J (2019) Adv-BNN: improved adversarial defense through robust Bayesian neural network, in ICLR 2019, pp. 1–13. [Online]. Available: http://arxiv.org/abs/1810.01279

  105. Liu X, Liu Q, Peng T, Wu J (2019) Dynamic access policy in cloud-based personal health record (PHR) Systems, [Online]. Available: https://www.sciencedirect.com/science/article/pii/S00200255163045714471c2261a00eeee8437283fbc65dca8https://www.elsevier.com/open-access/userlicense/1.0/

  106. Liu X et al. (2021) Privacy and security issues in deep learning: a survey. IEEE Access, vol. 9. https://doi.org/10.1109/ACCESS.2020.3045078

  107. Lu J, Issaranon T, Forsyth D (2017) SafetyNet: detecting and rejecting adversarial examples robustly, in Proceedings of the IEEE International Conference on Computer Vision, pp. 446–454

  108. Lyu C, Huang K, Liang HN (2016) A unified gradient regularization family for adversarial examples, in Proceedings - IEEE International Conference on Data Mining, ICDM, vol. 2016-January. https://doi.org/10.1109/ICDM.2015.84

  109. Ma X, Li B, Wang Y, Erfani SM, Wijewickrema S, Schoenebeck G, Song D, Houle ME, Bailey J (n.d.) Characterizing adversarial subspaces using local intrinsic dimensionality. ICLR 2018:1–15

  110. Ma S, Liu Y, Tao G, Lee W-C, Zhang X (2019) NIC: detecting adversarial samples with neural network invariant checking. Network and Distributed System Security:1–15. https://doi.org/10.14722/ndss.2019.23415

  111. Ma J, Deng J, Mei Q (2022) Adversarial attack on graph neural networks as an influence maximization problem, in WSDM 2022 - proceedings of the 15th ACM international conference on web search and data mining. https://doi.org/10.1145/3488560.3498497.

  112. Machado GR, Goldschmidt RR, Silva E (2019) MultiMagnet: A non-deterministic approach based on the formation of ensembles for defending against adversarial images. In: ICEIS 2019 - Proceedings of the 21st International Conference on Enterprise Information Systems, 1. https://doi.org/10.5220/0007714203070318

  113. Machado GR, Silva E, Goldschmidt RR (2023) Adversarial machine learning in image classification: a survey toward the Defender’s perspective. ACM Comput Surv 55(1):1–38. https://doi.org/10.1145/3485133

    Article  Google Scholar 

  114. Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A (2018) Towards deep learning models resistant to adversarial attacks, in 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp. 1–23

  115. Mattsson UT (2005) “A practical implementation of transparent encryption and separation of duties in enterprise databases: protection against external and internal attacks on databases,” in ICEIS 2005 - proceedings of the 7th international conference on Enterprise information systems. https://doi.org/10.5220/0002518001460153

  116. Meng D, Chen H (2017) MagNet: a two-pronged defense against adversarial examples. In: Proceedings of the ACM Conference on Computer and Communications Security, pp 135–147. https://doi.org/10.1145/3133956.3134057

  117. Meng MH et al. (2022) Adversarial robustness of deep neural networks: a survey from a formal verification perspective, IEEE Trans Depend Secure Comput , pp. 1–18, https://doi.org/10.1109/TDSC.2022.3179131

  118. Metzen JH, Kumar MC, Brox T, V. Fischer (2017) Universal adversarial perturbations against semantic image segmentation, in Proceedings of the IEEE International Conference on Computer Vision, vol. 2017-October. https://doi.org/10.1109/ICCV.2017.300

  119. Metzen JH, Genewein T, Fischer V, Bischoff B (2017) On detecting adversarial perturbations. In: 5th International Conference on Learning Representations, ICLR 2017 - Conference Track Proceedings, pp 1–12

  120. Michel A, Jha SK, Ewetz R (2022) A survey on the vulnerability of deep neural networks against adversarial attacks. Progress in Artif Intell 11(2). https://doi.org/10.1007/s13748-021-00269-9

  121. Miller DJ, Xiang Z, Kesidis G (2020) Adversarial learning targeting deep neural network classification: a comprehensive review of defenses against attacks. Proc IEEE 108(3). https://doi.org/10.1109/JPROC.2020.2970615

  122. Moosavi-Dezfooli S-M, Fawzi A, Frossard’ PF, Polytechnique F, de Lausanne F (2016) DeepFool: a simple and accurate method to fool deep neural networks,” in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2016, pp. 2574–2582. [Online]. Available: http://github.com/lts4/deepfool

  123. Moosavi-Dezfooli SM, Fawzi A, Fawzi O, Frossard P, Soatto S (2017) Analysis of universal adversarial perturbations. https://doi.org/10.48550/arXiv.2012.14352

  124. Moosavi-Dezfooli SM, Fawzi A, Fawzi O, Frossard P (2017) Universal adversarial perturbations, in Proceedings - 30th IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2017, vol. 2017-January. https://doi.org/10.1109/CVPR.2017.17

  125. Moosavi-Dezfooli S-M, Shrivastava A, Tuzel O (2018) Divide, denoise, and defend against adversarial attacks, [Online]. Available: http://arxiv.org/abs/1802.06806. Accessed 09 Jun 2023

  126. Mustafa A, Khan SH, Hayat M, Shen J, Shao L (2020) Image super-resolution as a defense against adversarial attacks. IEEE Trans Image Process 29:1711–1724. https://doi.org/10.1109/TIP.2019.2940533

    Article  MathSciNet  Google Scholar 

  127. Na T, Ko JH, Mukhopadhyay S (2017) Cascade adversarial machine learning regularized with a unified embedding, in ICLR 2018, pp. 1–16. [Online]. Available: http://arxiv.org/abs/1708.02582

  128. Narodytska N, Kasiviswanathan S (2017) Simple black-box adversarial attacks on deep neural networks, in IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops, vol. 2017-July, pp. 1310–1318. https://doi.org/10.1109/CVPRW.2017.172

  129. Naseer M, Khan S, Hayat M, Khan FS, Porikli F (2020) A self-supervised approach for adversarial robustness, in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp. 262–271. https://doi.org/10.1109/CVPR42600.2020.00034

  130. Nelson B, Barreno M, Jack Chi F, Joseph AD, Rubinstein BIP, Saini U, Sutton C, Tygar JD, Xia K (2009) Misleading learners: co-opting your spam filter. In: Machine Learning in Cyber Trust: Security, Privacy, and Reliability, pp 17–51. https://doi.org/10.1007/978-0-387-88735-7_2

  131. Nguyen L, Wang S, Sinha A(2018) A learning and masking approach to secure learning, in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11199 LNCS. https://doi.org/10.1007/978-3-030-01554-1_26

  132. Nicolae M-I et al. (2018) Adversarial robustness Toolbox v1.0.0, [Online]. Available: http://arxiv.org/abs/1807.01069

  133. Nyo MT, Mebarek-Oudina F, Hlaing SS, Khan NA (2022) Otsu’s thresholding technique for MRI image brain tumor segmentation. Multimed Tools Appl, https://doi.org/10.1007/s11042-022-13215-1.

  134. Pang T, Du C, Zhu J (2022) Robust deep learning via reverse cross-entropy training and thresholding test, ArXiv, 2017, Accessed: Apr. 25. [Online]. Available: arXiv:1706.00633v4

  135. Papernot N (2018) A marauder’s map of security and privacy in machine learning. In:  Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security, pp 1–1

  136. Papernot N, McDaniel P (2017) Extending defensive distillation, [Online]. Available: http://arxiv.org/abs/1705.05264

  137. Papernot N, McDaniel P (2018) Deep k-nearest neighbors: towards confident, interpretable and robust deep learning, [Online]. Available: http://arxiv.org/abs/1803.04765. Accessed 09 Jun 2023

  138. Papernot N, McDaniel P, Goodfellow I (2016) Transferability in machine learning: from phenomena to black-box attacks using adversarial samples, May, [Online]. Available: http://arxiv.org/abs/1605.07277. Accessed 09 Jun 2023

  139. Papernot N, McDaniel P, Wu X, Jha S, Swami A (2016) Distillation as a defense to adversarial perturbations against deep neural networks. Proceed 2016 IEEE Symp Secur Privacy, SP 2016:582–597. https://doi.org/10.1109/SP.2016.41

  140. Papernot N et al. (2016) Technical Rreport on the CleverHans v2.1.0 adversarial examples library, [Online]. Available: http://arxiv.org/abs/1610.00768. Accessed 09 Jun 2023

  141. Papernot N, McDaniel P, Goodfellow I, Jha S, Celik ZB, Swami A (2017) Practical black-box attacks against machine learning, in ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security, pp. 506–519. https://doi.org/10.1145/3052973.3053009

  142. Papernot N, Mcdaniel P, Jha S, Fredrikson M, Celik ZB, Swami A (2016) The limitations of deep learning in adversarial settings. Proceed 2016 IEEE Eur Symp Secur Privacy, EURO S and P (2016):372–387. https://doi.org/10.1109/EuroSP.2016.36

  143. Prakash A, Moran N, Garber S, DiLillo A, Storer J (2018) Deflecting adversarial attacks with pixel deflection, in CVPR-2018, pp. 8571–8580. [Online]. Available: http://arxiv.org/abs/1801.08926

  144. Ranjan R, Sankaranarayanan S, Castillo CD, Chellappa R (2017) Improving network robustness against adversarial attacks with compact convolution, [Online]. Available: http://arxiv.org/abs/1712.00699. Accessed 09 Jun 2023

  145. Rauber J, Brendel W, Bethge M (2017) Foolbox: a python toolbox to benchmark the robustness of machine learning models, [Online]. Available: http://arxiv.org/abs/1707.04131. Accessed 09 Jun 2023

  146. Ren H, Huang T, Yan H (2021) Adversarial examples: attacks and defenses in the physical world. Int J Mach Learn Cybern, https://doi.org/10.1007/s13042-020-01242-z

  147. Rivest RL, Adleman L, Dertouzos ML (1978) On data banks and privacy Homomorphisms, Found Secure Comput , pp. 169–179

  148. Ros AS, Doshi-Velez F (2018) Improving the adversarial robustness and interpretability of deep neural networks by regularizing their input gradients. 32nd AAAI Conf Artif Intell, AAAI 2018:1660–1669

    Google Scholar 

  149. Rozsa A, Rudd EM, Boult T. E (2016) Adversarial diversity and hard positive generation, in IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops, pp. 25–32. https://doi.org/10.1109/CVPRW.2016.58

  150. Ruan Y, Dai J (2018) TwinNet: a double sub-network framework for detecting universal adversarial perturbations. Future Int 10(3). https://doi.org/10.3390/fi10030026

  151. Rubinstein BIP et al. (2009) Antidote: Understanding and defending against poisoning of anomaly detectors, in Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC, pp. 1–14. https://doi.org/10.1145/1644893.1644895

  152. Ryu G, Park H, Choi D (2021) Adversarial attacks by attaching noise markers on the face against deep face recognition. J Inf Secu Appl 60. https://doi.org/10.1016/j.jisa.2021.102874

  153. Samangouei P, Kabkab M, Chellappa R (2018) Defense-Gan: protecting classifiers against adversarial attacks using generative models,” in 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp. 1–17

  154. Sankaranarayanan S, Chellappa R, Jain A, Lim SN (2018) Regularizing deep networks using efficient layerwise adversarial training. 32nd AAAI Conf Artif Intell AAAI 2018:4008–4015

    Google Scholar 

  155. Sarkar S, Bansal A, Mahbub U, Chellappa R (2017) UPSET and ANGRI : breaking high performance image classifiers. Available: http://arxiv.org/abs/1707.01159. Accessed 09 Jun 2023

  156. Schölkopf B, Janzing D, Peters J, Sgouritsa E, Zhang K, Mooij J (2012) On causal and anticausal learning, in Proceedings of the 29th International Conference on Machine Learning, ICML 2012, vol. 2

  157. Sengupta S, Chakraborti T, Kambhampati S (n.d.) MTDeep: boosting the security of deep neural nets against adversarial attacks with moving target defense. lecture notes in computer science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2019), pp 479–491

  158. Shaham U, Yamada Y, Negahban S (2018) Understanding adversarial training: increasing local stability of neural nets through robust optimization. Neurocomputing 307:195–204

    Article  Google Scholar 

  159. Shailaja GK, Rao CVG (2022) Robust and lossless data privacy preservation: optimal key based data sanitization. Evol Intell 15(2). https://doi.org/10.1007/s12065-019-00309-3

  160. Shane J (2018) Do neural nets dream of electric sheep? aiweirdness.com. Accessed 09 Jun 2023

  161. Sharif M, Bhagavatula S, Bauer L, Reiter MK (2016) Accessorize to a crime: real and stealthy attacks on state-of-the-art face recognition, in Proceedings of the ACM Conference on Computer and Communications Security, vol. 24-28-October-2016. https://doi.org/10.1145/2976749.2978392

  162. Sharma A, Bian Y, Munz P, Narayan A (2022) Adversarial patch attacks and defences in vision-based tasks: a survey, [Online]. Available: http://arxiv.org/abs/2206.08304

  163. Shen S, Jin G, Gao K, Zhang Y (2019) APE-GAN: adversarial perturbation elimination with GAN, in ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings, Jul. 2019, pp. 3842–3846. [Online]. Available: http://arxiv.org/abs/1707.05474

  164. Shokri R, Stronati M, Song C, Shmatikov V (2017) Membership inference attacks against machine learning models, in Proceedings - IEEE Symposium on Security and Privacy, pp. 3–18. https://doi.org/10.1109/SP.2017.41

  165. Singh A, Sikdar B (2022) Adversarial attack and defence strategies for deep-learning-based IoT device classification techniques. IEEE Internet Things J 9(4). https://doi.org/10.1109/JIOT.2021.3138541

  166. Sinha A, Namkoong H, Duchi J (2018) Certifying some distributional robustness with principled adversarial training, in International Conference on Learning Representations (ICLR), pp. 1–34

  167. Song Y, Nowozin S, Kushman N, Kim T, Ermon S (2018) PixelDefend: Leveraging generative models to understand and defend against adversarial examples. In: 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp 1–20

  168. Srinivasan V, Marban A, Müller K-R, Samek W, Nakajima S (2018) Counterstrike: Defending deep learning architectures against adversarial samples by langevin dynamics with supervised denoising autoencoder, arXiv

  169. Steinhardt J, Koh PW, Liang P (2017) Certified defenses for data poisoning attacks. In: Advances in Neural Information Processing Systems, 2017-December, pp 1–13

  170. Strauss T, Hanselmann M, Junginger A, Ulmer H (2018) Ensemble methods as a defense to adversarial perturbations against deep neural networks, in ICLR 2018 6th International Conference on Learning Representations, pp. 1–10. [Online]. Available: http://arxiv.org/abs/1709.03423

  171. Su J, Vargas DV, Sakurai K (2019) One pixel attack for fooling deep neural networks. IEEE Trans Evol Comput 23(5):828–841. https://doi.org/10.1109/TEVC.2019.2890858

  172. Sykes ER (2022) A deep learning computer vision iPad application for sales rep optimization in the field. Vis Comput 38(2):729–748, https://doi.org/10.1007/s00371-020-02047-5

  173. Szegedy C et al. (2014) Intriguing properties of neural networks, in 2nd International Conference on Learning Representations, ICLR 2014 - Conference Track Proceedings, , pp. 1–10

  174. Tanay T, Griffin L (2016) A boundary tilting persepective on the phenomenon of adversarial examples, [Online]. Available: http://arxiv.org/abs/1608.07690. Accessed 09 Jun 2023

  175. Torralba A, Efros AA (2011) Unbiased look at dataset bias. In: Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition. pp 1521–1528. https://doi.org/10.1109/CVPR.2011.5995347

  176. Tramèr F, Zhang F, Juels A, Reiter MK, Ristenpart T (2016) Stealing machine learning models via prediction APIs, in Proceedings of the 25th USENIX Security Symposium, pp. 601–618

  177. Tramèr F, Papernot N, Goodfellow I, Boneh D, McDaniel P (2017) The space of transferable adversarial examples, [Online]. Available: http://arxiv.org/abs/1704.03453. Accessed 09 Jun 2023

  178. Tramèr F, Kurakin A, Papernot N, Goodfellow I, Boneh D, McDaniel P (2018) Ensemble adversarial training: Attacks and defenses, in 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp. 1–20

  179. Tramèr F, Carlini N, Brendel W, Madry A (2020) On adaptive attacks to adversarial example defenses, in Advances in Neural Information Processing Systems, vol. 2020-December

  180. Tsipras D, Santurkar S, Engstrom L, Turner A, Madry A (2019) Robustness may be at odds with accuracy. 7th Int Conf Learn Represent, ICLR 2019:1–23

    Google Scholar 

  181. Tu C-C et al. (2019) AutoZOOM: Autoencoder-based Zeroth order optimization method for attacking black-box neural networks, in 33rd AAAI Conference on Artificial Intelligence, AAAI 2019, 31st Innovative Applications of Artificial Intelligence Conference, IAAI 2019 and the 9th AAAI Symposium on Educational Advances in Artificial Intelligence, EAAI 2019, pp. 742–749. [Online]. Available: http://arxiv.org/abs/1805.11770

  182. Turner A, Tsipras D, Madry A (2019) Clean-label backdoor attacks, The International Conference on Learning Representations

  183. Uesato J, O’Donoghue B, van den Oord A, Kohli P (2018) Adversarial risk and the dangers of evaluating against weak attacks, in 35th International Conference on Machine Learning, ICML, 2018, vol. 11

  184. Venkatesh Babu R (2020) Single-step adversarial training with dropout scheduling, in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp. 947–956

  185. Wang X, Li J, Kuang X, Tan YA, Li J (2019) The security of machine learning in an adversarial setting: a survey. J Parallel Distrib Comput 130:12–23. https://doi.org/10.1016/j.jpdc.2019.03.003

  186. Wang Y, Zou D, Yi J, Bailey J, Ma X, Gu Q (2020) “Improving Adversarial Robustness Requires Revisiting Misclassified Examples,” in International Conference on Learning Representations, ICLR- Conference Track Proceedings, pp. 1–14

  187. Wang Y et al (2021) Towards a physical-world adversarial patch for blinding object detection models. Inf Sci (N Y) 556. https://doi.org/10.1016/j.ins.2020.08.087

  188. Wang J, Shi L, Zhao Y, Zhang H, Szczerbicki E (2022) “Adversarial attack algorithm for traffic sign recognition,” Multimed Tools Appl, https://doi.org/10.1007/s11042-022-14067-5

  189. Wang W, Wang L, Wang R, Ye A, Ke J (2022) Better constraints of imperceptibility, better adversarial examples in the text. Int  J Intell Syst 37(6):3440–3459. https://doi.org/10.1002/int.22696

  190. Wenger E, Passananti J, Bhagoji AN, Yao Y, Zheng H, Zhao BY (2021) “Backdoor Attacks Against Deep Learning Systems in the Physical World,” in Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, pp. 6202–6211. https://doi.org/10.1109/CVPR46437.2021.00614

  191. Wiyatno RR, Xu A, Dia O, de Berker A (2019) “Adversarial examples in modern machine learning: A Review,”[Online]. Available: http://arxiv.org/abs/1911.05268

  192. Wu J, Chen B, Luo W, Fang Y (2020) Audio steganography based on iterative adversarial attacks against convolutional neural networks. IEEE Trans Inf Forensic Secur 15. https://doi.org/10.1109/TIFS.2019.2963764

  193. Xiao H, Biggio B, Nelson B, Xiao H, Eckert C, Roli F ((2015)) Support vector machines under adversarial label contamination, in Neurocomputing, pp. 97–112. [Online]. Available: http://pdfrate.com

  194. Xiao C, Li B, Zhu JY, He W, Liu M, Song D (2018) Generating adversarial examples with adversarial networks. In: Proceedings of the Twenty-Seventh International Joint Conference on Artificial Intelligence, vol. 2018-July, pp 3905–3911. https://doi.org/10.24963/ijcai.2018/543

  195. Xiao C, Zhu J-Y, Li B, He W, Liu M, Song D (2018) Spatially transformed adversarial examples, in 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp. 1–30. [Online]. Available: http://arxiv.org/abs/1801.02612

  196. Xie C, Wang J, Zhang Z, Ren Z, Yuille A (2018) Mitigating adversarial effects through randomization, in 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, pp. 1–16. [Online]. Available: http://arxiv.org/abs/1711.01991

  197. Xu W, Evans D, Qi Y (2018) Feature squeezing: detecting adversarial examples in deep neural networks. In: Proceedings 2018 Network and Distributed System Security Symposium. Network and Distributed System Security Symposium, San Diego, pp 1–16. https://doi.org/10.14722/ndss.2018.23198

  198. Xu R, Joshi JBD, Li C (2019) CryptoNN: training neural networks over encrypted data, in Proceedings - International Conference on Distributed Computing Systems, vol. 2019-July. https://doi.org/10.1109/ICDCS.2019.00121

  199. Xu K et al. (2020) Adversarial t-shirt! Evading person detectors in a physical world, in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12350 LNCS. https://doi.org/10.1007/978-3-030-58558-7_39

  200. Yan Z, Guo Y, Zhang C (2018) Deep defense: training DNNs with improved adversarial robustness, in Advances in Neural Information Processing Systems 31 (NeurIPS 2018), pp. 1–18. [Online]. Available: http://arxiv.org/abs/1803.00404

  201. Yan H, Du J, Tan VYF, Feng J (2019) On robustness of neural ordinary differential equations, [Online]. Available: http://arxiv.org/abs/1910.05513

  202. Yang Z, Chang EC, Zhang J, Liang Z (2019) Neural network inversion in adversarial setting via background knowledge alignment, in Proceedings of the ACM Conference on Computer and Communications Security, pp. 225–240. https://doi.org/10.1145/3319535.3354261

  203. Yang Y, Zhang G, Katabi D, Xu Z (2019) ME-Net: towards effective adversarial robustness with matrix estimation, in 36th International Conference on Machine Learning, ICML 2019. [Online]. Available: https://github.com/YyzHarry/ME-Net

  204. Yuan X, He P, Zhu Q, Li X (2019) Adversarial examples: attacks and defenses for deep learning. IEEE Trans Neural Netw Learn Syst 30(9):2805–2824. https://doi.org/10.1109/TNNLS.2018.2886017

    Article  MathSciNet  Google Scholar 

  205. Zantedeschi V, Nicolae M-I, Rawat A (2017) Efficient defenses against adversarial attacks, in Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, pp. 39–49. [Online]. Available: http://arxiv.org/abs/1707.06728

  206. Zhang C, Costa-Perez X, Patras P (2022) Adversarial attacks against deep learning-based network intrusion detection systems and defense mechanisms. IEEE/ACM Trans Networking, https://doi.org/10.1109/TNET.2021.3137084

  207. Zhao R (2021) The vulnerability of the neural networks against adversarial examples in deep learning algorithms, in Proceedings - 2021 2nd International Conference on Computing and Data Science, CDS 2021, pp. 287–295. https://doi.org/10.1109/CDS52072.2021.00057

  208. Zheng Z, Hong P (2018) Robust detection of adversarial attacks by modeling the intrinsic properties of deep neural networks. Adv Neural Inf Proces Syst:7924–7933

  209. Zhou Y, Han M, Liu L, He J, Gao X (2019) The adversarial attacks threats on computer vision: a survey. In: 2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems Workshops (MASSW), pp 25–30. https://doi.org/10.1109/MASSW.2019.00012

  210. Zhu C, Shao R, Zhang X, Gao S, Li B (2022) Application of virtual reality based on computer vision in sports posture correction. Wireless Communications and Mobile Computing ,2022, 1–15. https://doi.org/10.1155/2022/3719971

    Article  Google Scholar 

  211. Ziller A, Usynin D, Braren R, Makowski M, Rueckert D, Kaissis G (2021) Medical imaging deep learning with differential privacy. Sci Rep 11(1). https://doi.org/10.1038/s41598-021-93030-0

Download references

Author information

Authors and Affiliations

  1. Biometric Research Laboratory, Department of Information Technology, Delhi Technological University, Bawana Road, Delhi, 110042, India

    Ashish Bajaj & Dinesh Kumar Vishwakarma

Authors
  1. Ashish Bajaj
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dinesh Kumar Vishwakarma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dinesh Kumar Vishwakarma.

Ethics declarations

Competing interests

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bajaj, A., Vishwakarma, D.K. A state-of-the-art review on adversarial machine learning in image classification. Multimed Tools Appl 83, 9351–9416 (2024). https://doi.org/10.1007/s11042-023-15883-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-023-15883-z

Keywords

Search

Navigation