Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

TL;DR

This survey reviews the vulnerability of deep learning models in computer vision to adversarial attacks, discussing attack methods, defenses, real-world implications, and future research directions.

Contribution

It provides the first comprehensive overview of adversarial attacks and defenses in computer vision, including real-world scenario evaluations.

Findings

Adversarial attacks can fool deep models with imperceptible perturbations.

Various defense strategies have been proposed to mitigate attacks.

Real-world evaluations confirm the practical threat of adversarial examples.

Abstract

Deep learning is at the heart of the current rise of machine learning and artificial intelligence. In the field of Computer Vision, it has become the workhorse for applications ranging from self-driving cars to surveillance and security. Whereas deep neural networks have demonstrated phenomenal success (often beyond human capabilities) in solving complex problems, recent studies show that they are vulnerable to adversarial attacks in the form of subtle perturbations to inputs that lead a model to predict incorrect outputs. For images, such perturbations are often too small to be perceptible, yet they completely fool the deep learning models. Adversarial attacks pose a serious threat to the success of deep learning in practice. This fact has lead to a large influx of contributions in this direction. This article presents the first comprehensive survey on adversarial attacks on deep learning in Computer Vision. We review the works that design adversarial attacks, analyze the existence of such attacks and propose defenses against them. To emphasize that adversarial attacks are possible in practical conditions, we separately review the contributions that evaluate adversarial attacks in the real-world scenarios. Finally, we draw on the literature to provide a broader outlook of the research direction.