This collection highlights research on adversarial threats and corresponding defense mechanisms in AI systems. It covers theoretical and applied work on attack vectors, vulnerability assessments, and approaches to building robust, resilient, and trustworthy AI solutions.
| Title | Publisher | Year | Description | Link |
|---|---|---|---|---|
| Hardening Interpretable Deep Learning Systems: Investigating Adversarial Threats and Defenses | IEEE Transactions on Dependable and Secure Computing | 2024 | This paper surveys adversarial attacks and defenses in machine learning-powered networks, categorizing attack methods and defense strategies, and highlighting challenges in balancing robustness, performance, and transferability. | IEEE Explore |
| Quantization Aware Attack: Enhancing Transferable Adversarial Attacks by Model Quantization | IEEE Transactions on Information Forensics and Security | 2024 | This paper presents a comprehensive survey of adversarial machine learning, focusing on attacks and defenses across the machine learning lifecycle, and introduces a unified framework to understand and compare various attack methods. | IEEE Explore |
| Undermining Live Feed ML Object Detection Accuracy with EMI on Vehicular Camera Sensors | 2024 IEEE 99th Vehicular Technology Conference (VTC2024-Spring) | 2024 | This paper presents a comprehensive survey of adversarial machine learning, focusing on attacks and defenses across the machine learning lifecycle, and introduces a unified framework to understand and compare various attack methods. | IEEE Explore |
| David and Goliath: An Empirical Evaluation of Attacks and Defenses for QNNs at the Deep Edge | 9th IEEE European Symposium on Security and Privacy (Euro&SP) | 2024 | This paper presents a comprehensive survey of adversarial machine learning, focusing on attacks and defenses across the machine learning lifecycle, and introduces a unified framework to understand and compare various attack methods. | IEEE Explore |
| Properties that allow or prohibit transferability of adversarial attacks among quantized networks | 5th ACM/IEEE International Conference on Automation of Software Test | 2024 | This paper investigates how quantization affects the transferability of adversarial attacks among neural networks, revealing that while quantization generally reduces transferability, certain attack methods can still effectively transfer across models with varying bitwidths and architectures. | ACM Library |
| Overload Latency Attacks on Object Detection for Edge Devices | arXiv | 2024 | This paper introduces Overload, a latency attack framework that significantly increases inference time in object detection models on edge devices by exploiting the computational complexity of Non-Maximum Suppression (NMS) through adversarial inputs. | arXiv |
| Adversarial ML for DNNs, CapsNets, and SNNs at the Edge | arXiv | 2023 | This paper surveys adversarial machine learning in text analysis and generation, focusing on attack types, defense strategies, and the role of generative models like GANs in natural language processing. | arXiv |
| Are Vision Transformers Robust to Patch Perturbations | arXiv | 2022 | This paper introduces a framework for adversarial machine learning in text analysis and generation, focusing on research trends, attack types, and defense strategies in natural language processing. | arXiv |
| Evaluating Adversarial Attacks on Driving Safety in vision-Based Autonomous Vehicles | arXiv | 2021 | This paper evaluates how adversarial perturbation and patch attacks affect the driving safety of vision-based autonomous vehicles. It introduces an end-to-end framework with safety metrics and finds that attack impact on safety can be decoupled from detection precision, with DSGN showing greater robustness than Stereo R-CNN. | arXiv |
| Robustness and Transferability of Universal Attacks on Compressed Models | arXiv | 2020 | This paper analyzes how compression techniques like pruning and quantization affect the robustness and transferability of universal adversarial perturbations (UAPs), revealing that certain methods, such as Soft Filter Pruning, can reduce vulnerability to transfer attacks, while quantization may introduce gradient masking, offering a false sense of security. | arXiv |
| Impact of Low-Bitwidth Quantization on the Adversarial Robustness for Embedded Neural Networks | arXiv | 2019 | This paper examines the adversarial robustness of low-bitwidth quantized neural networks, revealing that while quantization does not inherently enhance robustness and may introduce gradient masking, it significantly reduces the transferability of adversarial examples due to quantization-induced value shifts and gradient misalignments. | arXiv |
| One pixel attack for fooling deep neural networks | arXiv | 2019 | This paper introduces a black-box adversarial attack method that alters just a single pixel in an image to mislead deep neural networks, achieving notable success rates on datasets like CIFAR-10 and ImageNet by leveraging differential evolution optimization. | arXiv |
| Adversarial Examples are Not Bugs, They Are Features | arXiv | 2019 | This paper argues that adversarial examples exploit non-robust but predictive features in data, showing that vulnerability stems from the features models learn rather than from model flaws. | arXiv |
| Combinatorial Attacks on Binarized Neural Networks | arXiv | 2018 | This paper introduces a Mixed Integer Linear Programming (MILP) formulation and a decomposition-based algorithm, IProp, to effectively generate adversarial examples against Binarized Neural Networks (BNNs), addressing the challenges posed by their discrete and non-differentiable nature. | arXiv |
| Synthesizing Robust Adversarial Examples | arXiv | 2018 | This paper introduces the Expectation Over Transformation (EOT) algorithm to generate adversarial examples that remain effective under various real-world transformations, demonstrating the creation of robust 2D and 3D adversarial objects that consistently mislead classifiers even when physically realized. | arXiv |
| The Space of Transferable Adversarial Examples | arXiv | 2017 | This paper investigates the phenomenon of adversarial example transferability between machine learning models, revealing that adversarial inputs occupy a high-dimensional subspace that often overlaps across different models, thereby facilitating transfer-based attacks. | arXiv |
| Delving into Transferable Adversarial Examples and Black-box Attacks | arXiv | 2017 | This paper investigates the transferability of adversarial examples across deep neural networks, introducing ensemble-based methods to generate targeted adversarial inputs that successfully transfer between models, thereby enabling effective black-box attacks. | arXiv |
| Title | Publisher | Year | Description | Link |
|---|---|---|---|---|
| Semantic Shield: Defending Vision-Language Models Against Backdooring and Poisoning via Fine-grained Knowledge Alignment | CVPR | 2024 | This paper introduces a defense mechanism for vision-language models that mitigates backdooring and poisoning attacks by aligning model attention with external knowledge elements extracted from captions, thereby enhancing model robustness without altering inference-time behavior. | CVPR |
| Robustness at Inference: Towards Explainability, Uncertainty, and Intervenability – CVPR Tutorial | CVPR | 2024 | This tutorial explores enhancing neural network robustness by focusing on explainability, uncertainty quantification, and the ability for human intervention during inference, aiming to make AI systems more trustworthy and adaptable in real-world applications. | CVPR |
| Improving Robustness Against Adversarial Attacks with Deeply Quantized Neural Networks | International Joint Conference on Neural Networks (IJCNN) | 2023 | This paper surveys adversarial attacks and defenses in machine learning-powered networks, categorizing attack methods and defense strategies, and highlighting challenges in balancing robustness, performance, and transferability. | IEEE Explore |
| Relative Robustness of Quantized Neural Networks Against Adversarial Attacks | International Joint Conference on Neural Networks (IJCNN) | 2020 | This paper provides a comprehensive survey of adversarial machine learning, focusing on attacks and defenses across the machine learning lifecycle, and introduces a unified framework to understand and compare various attack methods. | IEEE Explore |
| Detecting Adversarial Attacks via Subset Scanning of Autoencoder Activations and Reconstruction Error | International Joint Conference on Artificial Intelligence (IJCAI-20) | 2020 | This paper introduces an unsupervised method for detecting adversarial attacks by applying subset scanning to autoencoder activations and reconstruction errors, enabling identification of anomalous patterns without requiring labeled data or retraining. | IJCAI |
| Robust Vision Transformer Model Against Adversarial Attacks in Medical Image Classification | International Conference on Telecommunications and Signal Processing (TSP) | 2024 | This paper presents an optimized parallel pipelining approach for ETL processes, aiming to reduce execution time and improve performance in data warehousing systems. | IEEE Explore |
| Guarding Against Universal Adversarial Perturbations in Data-driven Cloud/Edge Services | IEEE International Conference on Cloud Engineering (IC2E) | 2022 | This paper presents a systematic survey of adversarial machine learning attacks across the model lifecycle (pre-training, training, post-training, deployment, and inference) offering a unified framework to categorize and understand various attack paradigms. | IEEE Explore |
| Cam-PC: A Novel Method for Camouflaging Point Clouds to Counter Adversarial Deception in Remote Sensing | IEEE Journal Of Selected Topics In Applied Earth Observations And Remote Sensing | 2023 | This paper introduces Cam-PC, a method that camouflages 3D point clouds to counter adversarial deception in remote sensing applications. | IEEE Explore |
| Pasadena: Perceptually Aware and Stealthy Adversarial Denoise Attack | IEEE Transactions on Multimedia | 2024 | This paper introduces Pasadena, a method that embeds adversarial attacks within image denoising processes, simultaneously enhancing visual quality and misleading deep neural networks, validated through evaluations on challenging datasets. | IEEE Explore |
| Enhanced Model Robustness to Input Corruptions by Per-corruption Adaptation of Normalization Statistics | arXiv | 2024 | This paper introduces a method to enhance the robustness of vision systems in robotics by dynamically adapting normalization statistics based on identified input corruptions, leading to significant performance improvements in challenging environments. | arXiv |
| Adversarial Robustness in RGB-Skeleton Action Recognition: Leveraging Attention Modality Reweighter | arXiv | 2024 | This paper introduces an attention-based modality reweighting method to enhance the adversarial robustness of RGB-skeleton action recognition models. | arXiv |
| Quanta Video Restoration | arXiv | 2024 | This paper introduces QUIVER, an end-to-end deep learning framework designed to restore high-quality grayscale videos from noisy, low-bit single-photon sensor data, effectively handling strong motion and low-light conditions. The authors also present I2-2000FPS, a high-speed video dataset captured at 2000 frames per second, to support training and evaluation of such restoration methods. | arXiv |
| ODDR: Outlier Detection and Dimension Reduction Based Defense Against Adversarial Patches | arXiv | 2023 | This paper proposes a model-agnostic defense that uses outlier detection and dimension reduction to identify and mitigate adversarial patches, improving robustness in vision tasks. | arXiv |
| DefensiveDR Defending against Adversarial Patches using Adversarial Patches | arXiv | 2023 | This paper proposes a model-agnostic defense using dimensionality reduction to counter adversarial patch attacks effectively. | arXiv |
| Understanding Robustness of Transformers for Image Classification | arXiv | 2021 | This paper evaluates the robustness of Vision Transformers (ViTs) compared to ResNets, finding that with sufficient pretraining, ViTs match or exceed ResNets in resilience to input and model perturbations. | arXiv |
| Recent Advances in Adversarial Training for Adversarial Robustness | arXiv | 2021 | This paper presents a comprehensive survey of adversarial training methods aimed at enhancing the robustness of deep learning models. It introduces a novel taxonomy categorizing recent advancements, discusses generalization challenges from multiple perspectives, and outlines open problems and future research directions in the field. | arXiv |
| Fast is better than free: Revisiting adversarial training | arXiv | 2020 | This paper demonstrates that adversarial training using the Fast Gradient Sign Method (FGSM) with random initialization can match the robustness of more computationally intensive methods like Projected Gradient Descent (PGD), significantly reducing training time without sacrificing model resilience. | arXiv |
| To compress or not to compress: Understanding the Interactions between Adversarial Attacks and Neural Network Compression | arXiv | 2020 | This paper examines how neural network compression techniques, specifically pruning and quantization, affect the transferability of adversarial examples, finding that while such examples generally remain effective across compressed and uncompressed models, certain compression levels can marginally reduce their success. | arXiv |
| Deflecting Adversarial Attacks | arXiv | 2020 | This paper introduces a defense mechanism that leverages Capsule Networks to either detect adversarial attacks or cause them to produce inputs that semantically resemble their target class, effectively neutralizing the adversarial nature of the attacks. | arXiv |
| Detecting and Diagnosing Adversarial Images with Class-Conditional Capsule Reconstructions | arXiv | 2020 | This paper proposes a method to detect and diagnose adversarial images using class-conditional capsule reconstructions, demonstrating that Capsule Networks (CapsNets) can identify adversarial inputs by comparing reconstruction errors and are more aligned with human perception than traditional convolutional networks. | arXiv |
| Adversarial Training for Free! | arXiv | 2019 | This paper argues that adversarial examples exploit non-robust features that models learn for prediction, suggesting that such vulnerabilities are a natural consequence of the data rather than model flaws. | arXiv |
| Towards Deep Leaning Models Resistant to Adversarial Attacks | arXiv | 2019 | This paper proposes a robust optimization approach to adversarial training, significantly improving neural network resilience to adversarial attacks. | arXiv |
| Defensive Quantization: When Efficiency Meets Robustness | arXiv | 2019 | This paper introduces Defensive Quantization, a method that enhances the adversarial robustness of quantized neural networks by controlling the network’s Lipschitz constant, thereby mitigating error amplification effects and achieving improved robustness and efficiency. | arXiv |