Advances in adversarial attacks and defenses in computer vision: A survey

TL;DR

This survey reviews recent advances in adversarial attacks and defenses in computer vision since 2018, highlighting new methods, challenges, and future directions in securing deep learning models against imperceptible perturbations.

Contribution

It provides a comprehensive overview of peer-reviewed research on adversarial attacks and defenses in computer vision post-2018, including technical definitions and future outlooks.

Findings

Significant progress in attack and defense techniques since 2018

Identification of key challenges in robustness and security

Discussion of future research directions and open problems

Abstract

Deep Learning (DL) is the most widely used tool in the contemporary field of computer vision. Its ability to accurately solve complex problems is employed in vision research to learn deep neural models for a variety of tasks, including security critical applications. However, it is now known that DL is vulnerable to adversarial attacks that can manipulate its predictions by introducing visually imperceptible perturbations in images and videos. Since the discovery of this phenomenon in 2013~[1], it has attracted significant attention of researchers from multiple sub-fields of machine intelligence. In [2], we reviewed the contributions made by the computer vision community in adversarial attacks on deep learning (and their defenses) until the advent of year 2018. Many of those contributions have inspired new directions in this area, which has matured significantly since witnessing the first generation methods. Hence, as a legacy sequel of [2], this literature review focuses on the advances in this area since 2018. To ensure authenticity, we mainly consider peer-reviewed contributions published in the prestigious sources of computer vision and machine learning research. Besides a comprehensive literature review, the article also provides concise definitions of technical terminologies for non-experts in this domain. Finally, this article discusses challenges and future outlook of this direction based on the literature reviewed herein and [2].