Adversarial examples:
- Goodfellow et al. 2015
- Szegedy et al. 2014
- Targeted vs untargeted
- White box vs black box vs no box
- Imperceptible vs perceptible
- Digital vs physical
- Specific vs universal
- Attack vs defense
White box attacks:
- Projected Gradient Descent
- Fast gradient sign method (FGSM, Goodfellow et al. 2015)
- Carlini-Wagner attack (Carlini and Wagner et al. 2017)
- Universal Adversarial Perturbations (Moosavi and Dezfooli et al. 2017)
Black box attacks:
- Zeroth order optimization (ZOO)
- Stochastic Coordinate Descent
- w/ logits (Chen et al. 2017)
- w/ only class labels (Cheng et al. 2018)
- Transferability attacks
- (Liu et al. 2017)
Real world attacks:
- (Brown et al. 2018)
- (Sharif et al. 2016)
- (Wu et al. 2019)
- (Eykholt et al. 2018)
Adversarial training;
- (Goodfellow et al. 2015)