Adversarial Examples: Attacks and Defenses for Deep Learning
This addresses the risk of adversarial attacks in safety-critical applications of deep learning, but it is an incremental review paper.
The paper reviews the vulnerability of deep neural networks to adversarial examples, which are imperceptible inputs that can fool models, and summarizes methods for generating and defending against them, including a proposed taxonomy and exploration of challenges.
With rapid progress and significant successes in a wide spectrum of applications, deep learning is being applied in many safety-critical environments. However, deep neural networks have been recently found vulnerable to well-designed input samples, called adversarial examples. Adversarial examples are imperceptible to human but can easily fool deep neural networks in the testing/deploying stage. The vulnerability to adversarial examples becomes one of the major risks for applying deep neural networks in safety-critical environments. Therefore, attacks and defenses on adversarial examples draw great attention. In this paper, we review recent findings on adversarial examples for deep neural networks, summarize the methods for generating adversarial examples, and propose a taxonomy of these methods. Under the taxonomy, applications for adversarial examples are investigated. We further elaborate on countermeasures for adversarial examples and explore the challenges and the potential solutions.