Adversarial Attacks and Defences: A Survey

TL;DR

This survey reviews the landscape of adversarial attacks on deep learning systems, discussing various attack types, threat models, and the effectiveness of current defense strategies to enhance robustness.

Contribution

It provides a comprehensive overview of adversarial attack methods and evaluates the strengths and limitations of recent defense mechanisms in deep learning.

Findings

Adversarial attacks can deceive deep learning models with imperceptible perturbations.

Current defense strategies have limited effectiveness across all attack scenarios.

Understanding attack types and threat models is crucial for developing robust defenses.

Abstract

Deep learning has emerged as a strong and efficient framework that can be applied to a broad spectrum of complex learning problems which were difficult to solve using the traditional machine learning techniques in the past. In the last few years, deep learning has advanced radically in such a way that it can surpass human-level performance on a number of tasks. As a consequence, deep learning is being extensively used in most of the recent day-to-day applications. However, security of deep learning systems are vulnerable to crafted adversarial examples, which may be imperceptible to the human eye, but can lead the model to misclassify the output. In recent times, different types of adversaries based on their threat model leverage these vulnerabilities to compromise a deep learning system where adversaries have high incentives. Hence, it is extremely important to provide robustness to deep learning algorithms against these adversaries. However, there are only a few strong countermeasures which can be used in all types of attack scenarios to design a robust deep learning system. In this paper, we attempt to provide a detailed discussion on different types of adversarial attacks with various threat models and also elaborate the efficiency and challenges of recent countermeasures against them.