A Survey of Robustness and Safety of 2D and 3D Deep Learning Models against Adversarial Attacks-Reference-Cited by-同舟云学术

A Survey of Robustness and Safety of 2D and 3D Deep Learning Models against Adversarial Attacks

Published:2024-01-22 Issue:6 Volume:56 Page:1-37
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Li Yanjie¹^ORCID,Xie Bin¹^ORCID,Guo Songtao²^ORCID,Yang Yuanyuan³^ORCID,Xiao Bin¹^ORCID

Affiliation:

1. The Hong Kong Polytechnic University, Hong Kong

2. Chongqing University, China

3. Stony Brook University, USA

Abstract

Benefiting from the rapid development of deep learning, 2D and 3D computer vision applications are deployed in many safe-critical systems, such as autopilot and identity authentication. However, deep learning models are not trustworthy enough because of their limited robustness against adversarial attacks. The physically realizable adversarial attacks further pose fatal threats to the application and human safety. Lots of papers have emerged to investigate the robustness and safety of deep learning models against adversarial attacks. To lead to trustworthy AI, we first construct a general threat model from different perspectives and then comprehensively review the latest progress of both 2D and 3D adversarial attacks. We extend the concept of adversarial examples beyond imperceptive perturbations and collate over 170 papers to give an overview of deep learning model robustness against various adversarial attacks. To the best of our knowledge, we are the first to systematically investigate adversarial attacks for 3D models, a flourishing field applied to many real-world applications. In addition, we examine physical adversarial attacks that lead to safety violations. Last but not least, we summarize present popular topics, give insights on challenges, and shed light on future research on trustworthy AI.

Funder

HK RGC GRF

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3636551

Reference178 articles.

1. Akshay Agarwal, Mayank Vatsa, Richa Singh, and Nalini K. Ratha. 2020. Noise is inside me! generating adversarial perturbations with noise derived from natural filters. In IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops. 774–775.

2. There are no bit parts for sign bits in black-box attacks;Al-Dujaili Abdullah;arXiv preprint arXiv:1902.06894,2019

3. Rima Alaifari, Giovanni S. Alberti, and Tandri Gauksson. 2018. ADef: An iterative algorithm to construct adversarial deformations. In International Conference on Learning Representations.

4. Maksym Andriushchenko, Francesco Croce, Nicolas Flammarion, and Matthias Hein. 2020. Square attack: A query-efficient black-box adversarial attack via random search. In European Conference on Computer Vision. Springer, 484–501.

5. Anish Athalye, Nicholas Carlini, and David Wagner. 2018. Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. In International Conference on Machine Learning. PMLR, 274–283.