Adversarial Examples: Attacks and Defenses for Deep Learning

TL;DR

This paper reviews the vulnerabilities of deep neural networks to adversarial examples, discusses methods for generating and defending against them, and explores future challenges and solutions in ensuring safety in critical applications.

Contribution

It provides a comprehensive taxonomy of adversarial attack methods, summarizes current defense strategies, and discusses future research directions.

Findings

Deep neural networks are vulnerable to imperceptible adversarial inputs.

Various methods exist for generating adversarial examples, categorized in a taxonomy.

Countermeasures and challenges for defending against adversarial attacks are discussed.

Abstract

With rapid progress and significant successes in a wide spectrum of applications, deep learning is being applied in many safety-critical environments. However, deep neural networks have been recently found vulnerable to well-designed input samples, called adversarial examples. Adversarial examples are imperceptible to human but can easily fool deep neural networks in the testing/deploying stage. The vulnerability to adversarial examples becomes one of the major risks for applying deep neural networks in safety-critical environments. Therefore, attacks and defenses on adversarial examples draw great attention. In this paper, we review recent findings on adversarial examples for deep neural networks, summarize the methods for generating adversarial examples, and propose a taxonomy of these methods. Under the taxonomy, applications for adversarial examples are investigated. We further elaborate on countermeasures for adversarial examples and explore the challenges and the potential solutions.