Deep neural networks (DNNs) have been found to be vulnerable againset adversarial examples. Here I collected all the papers in the areas of adversarial example generation and the corresponding adversarial attack defense studies.
I would continue adding papers to this roadmap.
[0] Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, Rob Fergus. "Intriguing properties of neural networks." ArXiv 2013. [pdf] (Background in this area) ⭐⭐⭐⭐⭐
[1] Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. "Explaining and harnessing adversarial examples." ICLR 2015. [pdf] (First work in adversarial example generation.) ⭐⭐⭐⭐⭐
[2] Alexey Kurakin, Ian Goodfellow, and Samy Bengio. "Adversarial examples in the physical world." ICLR Workshop 2017. [pdf] (Based on FGSM, two additional algorithms) ⭐⭐
[3] Nicholas Carlini and David Wagner. "Towards evaluating the robustness of neural networks." IEEE Symposium on Security and Privacy 2017. [pdf] (Optimization based method) ⭐⭐⭐
[4] Yanpei Liu, Xinyun Chen, Chang Liu, and Dawn Song. "Delving into transferable adversarial examples and black-box attacks." ICLR 2017. [pdf] (Optimization based method) ⭐⭐⭐⭐
[5] Nicolas Papernot, Patrick McDaniel, Ian Goodfellow, Somesh Jha, Z. Berkay Celik, Ananthram Swami. "Practical Black-Box Attacks against Machine Learning." Asia CCS 2017. [pdf] (Optimization based method) ⭐⭐
[6] Nicolas Papernot, Patrick McDaniel, Ian Goodfellow. "Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples." ArXiv 2016. [pdf] (Optimization based method) ⭐⭐
[7] Anonymous Authors. "Generating Adversarial Examples with Adversarial Networks." ICLR 2018 (Rejected). [pdf] (GAN-based work) ⭐⭐⭐
[8] Zhengli Zhao, Dheeru Dua, and Sameer Singh. "Generating Natural Adversarial Examples." ICLR 2018. [pdf] (Natural adversarial image generation) ⭐⭐⭐⭐
[9] Weiwei Hu and Ying Tan. "Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN." ArXiv 2017. [pdf] (GAN-based work) ⭐⭐⭐⭐
This part will be finished soon.
[10] Robin Jia and Percy Liang. "Adversarial Examples for Evaluating Reading Comprehension Systems." EMNLP 2017. [pdf] (First work of adversarial example in QA) ⭐⭐⭐
[11] Volodymyr Kuleshov, Shantanu Thakoor, Tingfung Lau, Stefano Ermon. "Adversarial Examples for Natural Language Classification Problems." ICLR 2018 (Rejected). [pdf] (NLP work) ⭐
This part will be finished soon.