/attack-and-defense-methods

A curated list of papers of adversarial examples and defense methods.

MIT LicenseMIT

About

Inspired by this repo and ML Writing Month. Questions and discussions are most welcome!

Lil-log is the best blog I have ever read!

Papers

Survey

  1. TNNLS 2019 Adversarial Examples: Attacks and Defenses for Deep Learning
  2. IEEE ACCESS 2018 Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey
  3. 2019 Adversarial Attacks and Defenses in Images, Graphs and Text: A Review
  4. 2019 A Study of Black Box Adversarial Attacks in Computer Vision
  5. 2019 Adversarial Examples in Modern Machine Learning: A Review
  6. 2020 Opportunities and Challenges in Deep Learning Adversarial Robustness: A Survey
  7. 2020 Knowledge Distillation and Student-Teacher Learning for Visual Intelligence\ A Review and New Outlooks
  8. 2019 Adversarial attack and defense in reinforcement learning-from AI security view
  9. 2020 A Survey of Privacy Attacks in Machine Learning
  10. 2020 Learning from Noisy Labels with Deep Neural Networks: A Survey
  11. 2020 Optimization for Deep Learning: An Overview
  12. 2020 Backdoor Attacks and Countermeasures on Deep Learning: A Comprehensive Review
  13. 2020 Learning from Noisy Labels with Deep Neural Networks: A Survey
  14. 2020 Adversarial Machine Learning in Image Classification: A Survey Towards the Defender's Perspective
  15. 2020 Efficient Transformers: A Survey

Attack

2013

  1. ICLR Evasion Attacks against Machine Learning at Test Time

2014

  1. ICLR Intriguing properties of neural networks

2015

  1. ICLR Explaining and Harnessing Adversarial Examples

2016

  1. EuroS&P The limitations of deep learning in adversarial settings
  2. CVPR Deepfool
  3. SP C&W Towards evaluating the robustness of neural networks
  4. Arxiv Transferability in machine learning: from phenomena to black-box attacks using adversarial samples
  5. NIPS [Adversarial Images for Variational Autoencoders]

2017

  1. ICLR Delving into Transferable Adversarial Examples and Black-box Attacks
  2. CVPR Universal Adversarial Perturbations
  3. ICCV Adversarial Examples for Semantic Segmentation and Object Detection
  4. ARXIV Adversarial Examples that Fool Detectors
  5. CVPR A-Fast-RCNN: Hard Positive Generation via Adversary for Object Detection
  6. ICCV Adversarial Examples Detection in Deep Networks with Convolutional Filter Statistics
  7. AIS [Adversarial examples are not easily detected: Bypassing ten detection methods]
  8. ICCV UNIVERSAL [Universal Adversarial Perturbations Against Semantic Image Segmentation]

2018

  1. ICLR Generating Natural Adversarial Examples
  2. NeurlPS Constructing Unrestricted Adversarial Examples with Generative Models
  3. IJCAI Generating Adversarial Examples with Adversarial Networks
  4. CVPR Generative Adversarial Perturbations
  5. AAAI Learning to Attack: Adversarial transformation networks
  6. S&P Learning Universal Adversarial Perturbations with Generative Models
  7. CVPR Robust physical-world attacks on deep learning visual classification
  8. ICLR Spatially Transformed Adversarial Examples
  9. CVPRBoosting Adversarial Attacks With Momentum
  10. CVPR UNIVERSAL [Art of Singular Vectors and Universal Adversarial Perturbations]
  11. ARXIV [Adversarial Spheres]
  12. ICML [Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples]
  13. ECCV [Characterizing adversarial examples based on spatial consistency information for semantic segmentation]

2019

  1. CVPR Feature Space Perturbations Yield More Transferable Adversarial Examples
  2. ICLR The Limitations of Adversarial Training and the Blind-Spot Attack
  3. ICLR Are adversarial examples inevitable? 💭
  4. IEEE TEC One pixel attack for fooling deep neural networks
  5. ARXIV Generalizable Adversarial Attacks Using Generative Models
  6. ICML NATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks💭
  7. ARXIV SemanticAdv: Generating Adversarial Examples via Attribute-conditional Image Editing
  8. CVPR Rob-GAN: Generator, Discriminator, and Adversarial Attacker
  9. ARXIV Cycle-Consistent Adversarial {GAN:} the integration of adversarial attack and defense
  10. ARXIV Generating Realistic Unrestricted Adversarial Inputs using Dual-Objective {GAN} Training 💭
  11. ICCV Sparse and Imperceivable Adversarial Attacks💭
  12. ARXIV Perturbations are not Enough: Generating Adversarial Examples with Spatial Distortions
  13. ARXIV Joint Adversarial Training: Incorporating both Spatial and Pixel Attacks
  14. IJCAI Transferable Adversarial Attacks for Image and Video Object Detection
  15. TPAMI Generalizable Data-Free Objective for Crafting Universal Adversarial Perturbations
  16. CVPR Decoupling Direction and Norm for Efficient Gradient-Based L2 Adversarial Attacks and Defenses
  17. CVPR [FDA: Feature Disruptive Attack]
  18. ARXIV [SmoothFool: An Efficient Framework for Computing Smooth Adversarial Perturbations]
  19. CVPR [SparseFool: a few pixels make a big difference]
  20. ICLR [Adversarial Attacks on Graph Neural Networks via Meta Learning]

2020

  1. ICLR Fooling Detection Alone is Not Enough: Adversarial Attack against Multiple Object Tracking💭
  2. ARXIV [Sponge Examples: Energy-Latency Attacks on Neural Networks]

Defence

2014

  1. ARXIV Towards deep neural network architectures robust to adversarial examples

2016

  1. NIPS Robustness of classifiers: from adversarial to random noise 💭

2017

  1. ARXIV Countering Adversarial Images using Input Transformations
  2. ICCV [SafetyNet: Detecting and Rejecting Adversarial Examples Robustly]
  3. Arxiv Detection Detecting adversarial samples from artifacts
  4. ICLR Detection On Detecting Adversarial Perturbations 💭

2018

  1. ICLR Defense-{GAN}: Protecting Classifiers Against Adversarial Attacks Using Generative Models
  2. . ICLR Ensemble Adversarial Training: Attacks and Defences
  3. CVPR Defense Against Universal Adversarial Perturbations
  4. CVPR Deflecting Adversarial Attacks With Pixel Deflection
  5. TPAMI Virtual adversarial training: a regularization method for supervised and semi-supervised learning 💭
  6. ARXIV Adversarial Logit Pairing
  7. CVPR Defense Against Adversarial Attacks Using High-Level Representation Guided Denoiser
  8. ARXIV Evaluating and understanding the robustness of adversarial logit pairing
  9. CCS Machine Learning with Membership Privacy Using Adversarial Regularization

2019

  1. NIPS Adversarial Training and Robustness for Multiple Perturbations
  2. NIPS Adversarial Robustness through Local Linearization
  3. CVPR Retrieval-Augmented Convolutional Neural Networks against Adversarial Examples
  4. CVPR Feature Denoising for Improving Adversarial Robustness
  5. NEURIPS A New Defense Against Adversarial Images: Turning a Weakness into a Strength
  6. ICML Interpreting Adversarially Trained Convolutional Neural Networks
  7. ICLR Robustness May Be at Odds with Accuracy💭
  8. IJCAI Improving the Robustness of Deep Neural Networks via Adversarial Training with Triplet Loss
  9. ICML Adversarial Examples Are a Natural Consequence of Test Error in Noise💭
  10. ICML On the Connection Between Adversarial Robustness and Saliency Map Interpretability
  11. NeurIPS Metric Learning for Adversarial Robustness
  12. ARXIV Defending Adversarial Attacks by Correcting logits
  13. ICCV Adversarial Learning With Margin-Based Triplet Embedding Regularization
  14. ICCV CIIDefence: Defeating Adversarial Attacks by Fusing Class-Specific Image Inpainting and Image Denoising
  15. NIPS Adversarial Examples Are Not Bugs, They Are Features
  16. ICML Using Pre-Training Can Improve Model Robustness and Uncertainty
  17. NIPS Defense Against Adversarial Attacks Using Feature Scattering-based Adversarial Training💭
  18. ICCV Improving Adversarial Robustness via Guided Complement Entropy
  19. NIPS Robust Attribution Regularization 💭
  20. NIPS Are Labels Required for Improving Adversarial Robustness?
  21. ICLR Theoretically Principled Trade-off between Robustness and Accuracy
  22. CVPR [Adversarial defense by stratified convolutional sparse coding]

2020

  1. ICLR Jacobian Adversarially Regularized Networks for Robustness
  2. CVPR What it Thinks is Important is Important: Robustness Transfers through Input Gradients
  3. ICLR Adversarially Robust Representations with Smooth Encoders 💭
  4. ARXIV Heat and Blur: An Effective and Fast Defense Against Adversarial Examples
  5. ICML Triple Wins: Boosting Accuracy, Robustness and Efficiency Together by Enabling Input-Adaptive Inference
  6. CVPR Wavelet Integrated CNNs for Noise-Robust Image Classification
  7. ARXIV Deflecting Adversarial Attacks
  8. ICLR Robust Local Features for Improving the Generalization of Adversarial Training
  9. ICLR Enhancing Transformation-Based Defenses Against Adversarial Attacks with a Distribution Classifier
  10. CVPR A Self-supervised Approach for Adversarial Robustness
  11. ICLR Improving Adversarial Robustness Requires Revisiting Misclassified Examples 👍
  12. ARXIV Manifold regularization for adversarial robustness

4th-Class

  1. ICCV 2017 CVAE-GAN: Fine-Grained Image Generation Through Asymmetric Training
  2. ICML 2016 Autoencoding beyond pixels using a learned similarity metric
  3. ARXIV 2019 Natural Adversarial Examples
  4. ICML 2017 Conditional Image Synthesis with Auxiliary Classifier {GAN}s
  5. ICCV 2019 SinGAN: Learning a Generative Model From a Single Natural Image
  6. ICLR 2020 Robust And Interpretable Blind Image Denoising Via Bias-Free Convolutional Neural Networks
  7. ICLR 2020 Pay Attention to Features, Transfer Learn Faster CNNs
  8. ICLR 2020 On Robustness of Neural Ordinary Differential Equations
  9. ICCV 2019 Real Image Denoising With Feature Attention
  10. ICLR 2018 Multi-Scale Dense Networks for Resource Efficient Image Classification
  11. ARXIV 2019 Rethinking Data Augmentation: Self-Supervision and Self-Distillation
  12. ICCV 2019 Be Your Own Teacher: Improve the Performance of Convolutional Neural Networks via Self Distillation
  13. ARXIV 2019 Adversarially Robust Distillation
  14. ARXIV 2019 Knowledge Distillation from Internal Representations
  15. ICLR 2020 Contrastive Representation Distillation 💭
  16. NIPS 2018 Faster Neural Networks Straight from JPEG
  17. ARXIV 2019 A Closer Look at Double Backpropagation💭
  18. CVPR 2016 Learning Deep Features for Discriminative Localization
  19. ICML 2019 Noise2Self: Blind Denoising by Self-Supervision
  20. ARXIV 2020 Supervised Contrastive Learning
  21. CVPR 2020 High-Frequency Component Helps Explain the Generalization of Convolutional Neural Networks
  22. NIPS 2017 [Counterfactual Fairness]
  23. ARXIV 2020 [An Adversarial Approach for Explaining the Predictions of Deep Neural Networks]
  24. CVPR 2014 [Rich feature hierarchies for accurate object detection and semantic segmentation]
  25. ICLR 2018 [Spectral Normalization for Generative Adversarial Networks]
  26. NIPS 2018 [MetaGAN: An Adversarial Approach to Few-Shot Learning]
  27. ARXIV 2019 [Breaking the cycle -- Colleagues are all you need]
  28. ARXIV 2019 [LOGAN: Latent Optimisation for Generative Adversarial Networks]

Links