Adversarial Examples - A Complete Characterisation of the Phenomenon

TL;DR

This paper thoroughly characterizes adversarial examples in machine learning, covering their existence, implications, generation methods, defenses, and transferability, serving as a comprehensive survey and reference in the field.

Contribution

It provides a complete overview of adversarial examples, including conjectures, security concerns, generation and defense techniques, and transferability, consolidating knowledge into a self-contained resource.

Findings

Comprehensive catalog of attack and defense methods

Analysis of transferability of adversarial examples

Discussion on security and robustness implications

Abstract

We provide a complete characterisation of the phenomenon of adversarial examples - inputs intentionally crafted to fool machine learning models. We aim to cover all the important concerns in this field of study: (1) the conjectures on the existence of adversarial examples, (2) the security, safety and robustness implications, (3) the methods used to generate and (4) protect against adversarial examples and (5) the ability of adversarial examples to transfer between different machine learning models. We provide ample background information in an effort to make this document self-contained. Therefore, this document can be used as survey, tutorial or as a catalog of attacks and defences using adversarial examples.