{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T08:37:54Z","timestamp":1768984674166,"version":"3.49.0"},"publisher-location":"Cham","reference-count":49,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030602475","type":"print"},{"value":"9783030602482","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-60248-2_27","type":"book-chapter","created":{"date-parts":[[2020,9,29]],"date-time":"2020-09-29T09:03:14Z","timestamp":1601370194000},"page":"396-408","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Adversarial Attacks on Deep Learning Models of Computer Vision: A Survey"],"prefix":"10.1007","author":[{"given":"Jia","family":"Ding","sequence":"first","affiliation":[]},{"given":"Zhiwu","family":"Xu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,9,29]]},"reference":[{"key":"27_CR1","doi-asserted-by":"publisher","first-page":"14410","DOI":"10.1109\/ACCESS.2018.2807385","volume":"6","author":"N Akhtar","year":"2018","unstructured":"Akhtar, N., Mian, A.: Threat of adversarial attacks on deep learning in computer vision: a survey. IEEE Access 6, 14410\u201314430 (2018)","journal-title":"IEEE Access"},{"key":"27_CR2","doi-asserted-by":"crossref","unstructured":"Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 39\u201357. IEEE (2017)","DOI":"10.1109\/SP.2017.49"},{"key":"27_CR3","unstructured":"Chen, L., et al.: A survey of adversarial learning on graphs. arXiv preprint \narXiv:2003.05730\n\n (2020)"},{"key":"27_CR4","doi-asserted-by":"crossref","unstructured":"Chen, P., Zhang, H., Sharma, Y., Yi, J., Hsieh, C.: ZOO: zeroth order optimization based black-box attacks to deep neural networks without training substitute models. In: Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security (AISec@CCS 2017), pp. 15\u201326 (2017)","DOI":"10.1145\/3128572.3140448"},{"key":"27_CR5","doi-asserted-by":"crossref","unstructured":"Croce, F., Hein, M.: Sparse and imperceivable adversarial attacks. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 4724\u20134732 (2019)","DOI":"10.1109\/ICCV.2019.00482"},{"key":"27_CR6","doi-asserted-by":"crossref","unstructured":"Dong, Y., et al.: Boosting adversarial attacks with momentum. In: 2018 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 9185\u20139193 (2018)","DOI":"10.1109\/CVPR.2018.00957"},{"key":"27_CR7","doi-asserted-by":"crossref","unstructured":"Dong, Y., Pang, T., Su, H., Zhu, J.: Evading defenses to transferable adversarial examples by translation-invariant attacks. In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR 2019), pp. 4312\u20134321 (2019)","DOI":"10.1109\/CVPR.2019.00444"},{"key":"27_CR8","unstructured":"Engstrom, L., Tsipras, D., Schmidt, L., Madry, A.: A rotation and a translation suffice: fooling CNNs with simple transformations. CoRR abs\/1712.02779 (2017)"},{"issue":"6","key":"27_CR9","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1109\/MSP.2017.2740965","volume":"34","author":"A Fawzi","year":"2017","unstructured":"Fawzi, A., Moosavi-Dezfooli, S., Frossard, P.: The robustness of deep networks: a geometrical perspective. IEEE Signal Process. Mag. 34(6), 50\u201362 (2017)","journal-title":"IEEE Signal Process. Mag."},{"key":"27_CR10","doi-asserted-by":"crossref","unstructured":"Finlay, C., Pooladian, A., Oberman, A.M.: The logbarrier adversarial attack: making effective use of decision boundary information. In: 2019 IEEE\/CVF International Conference on Computer Vision (ICCV 2019), pp. 4861\u20134869 (2019)","DOI":"10.1109\/ICCV.2019.00496"},{"issue":"2","key":"27_CR11","doi-asserted-by":"publisher","first-page":"661","DOI":"10.1109\/LRA.2015.2509024","volume":"1","author":"A Giusti","year":"2016","unstructured":"Giusti, A., et al.: A machine learning approach to visual perception of forest trails for mobile robots. IEEE Robot. Autom. Lett. 1(2), 661\u2013667 (2016)","journal-title":"IEEE Robot. Autom. Lett."},{"key":"27_CR12","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: 3rd International Conference on Learning Representations (ICLR 2015) (2015)"},{"key":"27_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"630","DOI":"10.1007\/978-3-319-46493-0_38","volume-title":"Computer Vision \u2013 ECCV 2016","author":"K He","year":"2016","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Identity mappings in deep residual networks. In: Leibe, B., Matas, J., Sebe, N., Welling, M. (eds.) ECCV 2016. LNCS, vol. 9908, pp. 630\u2013645. Springer, Cham (2016). \nhttps:\/\/doi.org\/10.1007\/978-3-319-46493-0_38"},{"issue":"10","key":"27_CR14","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1109\/MCOM.2019.1900006","volume":"57","author":"S Hu","year":"2019","unstructured":"Hu, S., Shang, X., Qin, Z., Li, M., Wang, Q., Wang, C.: Adversarial examples for automatic speech recognition: attacks and countermeasures. IEEE Commun. Mag. 57(10), 120\u2013126 (2019)","journal-title":"IEEE Commun. Mag."},{"key":"27_CR15","doi-asserted-by":"crossref","unstructured":"Huang, Q., Katsman, I., He, H., Gu, Z., Belongie, S., Lim, S.: Enhancing adversarial example transferability with an intermediate level attack. In: 2019 IEEE\/CVF International Conference on Computer Vision (ICCV 2019), pp. 4732\u20134741 (2019)","DOI":"10.1109\/ICCV.2019.00483"},{"key":"27_CR16","unstructured":"Huang, Z., Zhang, T.: Black-box adversarial attack with transferable model-based embedding. In: 8th International Conference on Learning Representations (ICLR 2020) (2020)"},{"key":"27_CR17","unstructured":"Ibitoye, O., Abou-Khamis, R., Matrawy, A., Shafiq, M.O.: The threat of adversarial attacks on machine learning in network security-a survey. arXiv preprint \narXiv:1911.02621\n\n (2019)"},{"key":"27_CR18","doi-asserted-by":"crossref","unstructured":"John, T.S., Thomas, T.: Adversarial attacks and defenses in malware detection classifiers. In: Handbook of Research on Cloud Computing and Big Data Applications in IoT, pp. 127\u2013150. IGI global (2019)","DOI":"10.4018\/978-1-5225-8407-0.ch007"},{"key":"27_CR19","doi-asserted-by":"crossref","unstructured":"Kanbak, C., Moosavi-Dezfooli, S., Frossard, P.: Geometric robustness of deep networks: analysis and improvement. In: 2018 IEEE Conference on Computer Vision and Pattern Recognition (CVPR 2018), pp. 4441\u20134449. IEEE Computer Society (2018)","DOI":"10.1109\/CVPR.2018.00467"},{"key":"27_CR20","unstructured":"Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. In: Advances in Neural Information Processing Systems 25: 26th Annual Conference on Neural Information Processing Systems 2012, pp. 1106\u20131114 (2012)"},{"key":"27_CR21","unstructured":"Kurakin, A., Goodfellow, I.J., Bengio, S.: Adversarial examples in the physical world. In: 5th International Conference on Learning Representations (ICLR 2017). OpenReview.net (2017)"},{"key":"27_CR22","unstructured":"Laidlaw, C., Feizi, S.: Functional adversarial attacks. In: Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019 (NeurIPS 2019), pp. 10408\u201310418 (2019)"},{"key":"27_CR23","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1038\/nature1453910.1038\/nature1453910.1038\/nature14539","volume":"521","author":"Y LeCun","year":"2015","unstructured":"LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521, 436\u201344 (2015). \nhttps:\/\/doi.org\/10.1038\/nature1453910.1038\/nature1453910.1038\/nature14539","journal-title":"Nature"},{"key":"27_CR24","unstructured":"Lin, J., Song, C., He, K., Wang, L., Hopcroft, J.E.: Nesterov accelerated gradient and scale invariance for adversarial attacks. In: 8th International Conference on Learning Representations (ICLR 2020). OpenReview.net (2020)"},{"key":"27_CR25","unstructured":"Liu, Y., Chen, X., Liu, C., Song, D.: Delving into transferable adversarial examples and black-box attacks. In: 5th International Conference on Learning Representations (ICLR 2017) (2017)"},{"key":"27_CR26","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. In: 6th International Conference on Learning Representations (ICLR 2018) (2018)"},{"key":"27_CR27","doi-asserted-by":"publisher","first-page":"35403","DOI":"10.1109\/ACCESS.2020.2974752","volume":"8","author":"N Martins","year":"2020","unstructured":"Martins, N., Cruz, J.M., Cruz, T., Abreu, P.H.: Adversarial machine learning applied to intrusion and malware scenarios: a systematic review. IEEE Access 8, 35403\u201335419 (2020)","journal-title":"IEEE Access"},{"issue":"7540","key":"27_CR28","doi-asserted-by":"publisher","first-page":"529","DOI":"10.1038\/nature14236","volume":"518","author":"V Mnih","year":"2015","unstructured":"Mnih, V., et al.: Human-level control through deep reinforcement learning. Nature 518(7540), 529\u2013533 (2015)","journal-title":"Nature"},{"key":"27_CR29","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli, S., Fawzi, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. In: 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 2574\u20132582 (2016)","DOI":"10.1109\/CVPR.2016.282"},{"key":"27_CR30","doi-asserted-by":"crossref","unstructured":"Moosavidezfooli, S., Fawzi, A., Fawzi, O., Frossard, P.: Universal adversarial perturbations. In: 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 86\u201394 (2017)","DOI":"10.1109\/CVPR.2017.17"},{"issue":"1","key":"27_CR31","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s40537-014-0007-7","volume":"2","author":"MM Najafabadi","year":"2015","unstructured":"Najafabadi, M.M., Villanustre, F., Khoshgoftaar, T.M., Seliya, N., Wald, R., Muharemagic, E.: Deep learning applications and challenges in big data analytics. J. Big Data 2(1), 1\u201321 (2015). \nhttps:\/\/doi.org\/10.1186\/s40537-014-0007-7","journal-title":"J. Big Data"},{"key":"27_CR32","first-page":"543","volume":"269","author":"Y Nesterov","year":"1983","unstructured":"Nesterov, Y.: A method for unconstrained convex minimization problem with the rate of convergence o(1\/k$$^{2}$$). Doklady AN USSR 269, 543\u2013547 (1983)","journal-title":"Doklady AN USSR"},{"key":"27_CR33","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-40065-5","volume-title":"Numerical Optimization","author":"J Nocedal","year":"2006","unstructured":"Nocedal, J., Wright, S.J.: Numerical Optimization, 2nd edn. Springer, New York (2006). \nhttps:\/\/doi.org\/10.1007\/978-0-387-40065-5","edition":"2"},{"key":"27_CR34","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., Celik, Z.B., Swami, A.: Practical black-box attacks against machine learning. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 506\u2013519 (2017)","DOI":"10.1145\/3052973.3053009"},{"key":"27_CR35","unstructured":"Papernot, N., McDaniel, P.D., Goodfellow, I.J.: Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. CoRR abs\/1605.07277 (2016)"},{"issue":"2","key":"27_CR36","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1109\/JPROC.2019.2948775","volume":"108","author":"K Ren","year":"2019","unstructured":"Ren, K., Wang, Q., Wang, C., Qin, Z., Lin, X.: The security of autonomous driving: threats, defenses, and future directions. Proc. IEEE 108(2), 357\u2013372 (2019)","journal-title":"Proc. IEEE"},{"key":"27_CR37","unstructured":"Ru, B., Cobb, A., Blaas, A., Gal, Y.: BayesOpt adversarial attack. In: 8th International Conference on Learning Representations (ICLR 2020) (2020)"},{"key":"27_CR38","unstructured":"Serban, A.C., Poll, E., Visser, J.: Adversarial examples-a complete characterisation of the phenomenon. arXiv preprint \narXiv:1810.01185\n\n (2018)"},{"issue":"5","key":"27_CR39","doi-asserted-by":"publisher","first-page":"828","DOI":"10.1109\/TEVC.2019.2890858","volume":"23","author":"J Su","year":"2019","unstructured":"Su, J., Vargas, D.V., Sakurai, K.: One pixel attack for fooling deep neural networks. IEEE Trans. Evol. Comput. 23(5), 828\u2013841 (2019)","journal-title":"IEEE Trans. Evol. Comput."},{"key":"27_CR40","unstructured":"Sutskever, I., Martens, J., Dahl, G., Hinton, G.: On the importance of initialization and momentum in deep learning. In: International Conference on Machine Learning, pp. 1139\u20131147 (2013)"},{"key":"27_CR41","unstructured":"Sutskever, I., Vinyals, O., Le, Q.V.: Sequence to sequence learning with neural networks. In: Advances in Neural Information Processing Systems, pp. 3104\u20133112 (2014)"},{"key":"27_CR42","unstructured":"Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., Fergus, R.: Intriguing properties of neural networks. In: 2nd International Conference on Learning Representations (ICLR 2014) (2014)"},{"key":"27_CR43","doi-asserted-by":"crossref","unstructured":"Tu, C., et al.: AutoZOOM: autoencoder-based zeroth order optimization method for attacking black-box neural networks. In: The Thirty-Third AAAI Conference on Artificial Intelligence (AAAI 2019), The Thirty-First Innovative Applications of Artificial Intelligence Conference (IAAI 2019), The Ninth AAAI Symposium on Educational Advances in Artificial Intelligence (EAAI 2019), pp. 742\u2013749. AAAI Press (2019)","DOI":"10.1609\/aaai.v33i01.3301742"},{"key":"27_CR44","unstructured":"Vaswani, A., et al.: Attention is all you need. In: Advances in Neural Information Processing Systems, pp. 5998\u20136008 (2017)"},{"issue":"1","key":"27_CR45","first-page":"949","volume":"15","author":"D Wierstra","year":"2014","unstructured":"Wierstra, D., Schaul, T., Glasmachers, T., Sun, Y., Peters, J., Schmidhuber, J.: Natural evolution strategies. J. Mach. Learn. Res. 15(1), 949\u2013980 (2014)","journal-title":"J. Mach. Learn. Res."},{"key":"27_CR46","unstructured":"Xiao, C., Zhu, J., Li, B., He, W., Liu, M., Song, D.: Spatially transformed adversarial examples. In: 6th International Conference on Learning Representations (ICLR 2018). OpenReview.net (2018)"},{"key":"27_CR47","doi-asserted-by":"crossref","unstructured":"Xie, C., Zhang, Z., Zhou, Y., Bai, S., Wang, J., Ren, Z., Yuille, A.L.: Improving transferability of adversarial examples with input diversity. In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR 2019), pp. 2730\u20132739. Computer Vision Foundation\/IEEE (2019)","DOI":"10.1109\/CVPR.2019.00284"},{"issue":"5","key":"27_CR48","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3178115","volume":"9","author":"Z Zhang","year":"2018","unstructured":"Zhang, Z., Geiger, J., Pohjalainen, J., Mousa, A.E.D., Jin, W., Schuller, B.: Deep learning for environmentally robust speech recognition: an overview of recent developments. ACM Trans. Intell. Syst. Technol. (TIST) 9(5), 1\u201328 (2018)","journal-title":"ACM Trans. Intell. Syst. Technol. (TIST)"},{"key":"27_CR49","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Han, M., Liu, L., He, J., Gao, X.: The adversarial attacks threats on computer vision: a survey. In: 2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems Workshops (MASSW), pp. 25\u201330. IEEE (2019)","DOI":"10.1109\/MASSW.2019.00012"}],"container-title":["Lecture Notes in Computer Science","Algorithms and Architectures for Parallel Processing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-60248-2_27","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,9,29]],"date-time":"2020-09-29T10:42:41Z","timestamp":1601376161000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-60248-2_27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030602475","9783030602482"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-60248-2_27","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"29 September 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICA3PP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Algorithms and Architectures for Parallel Processing","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"New York, NY","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 October 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 October 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ica3pp2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.cloud-conf.net\/ica3pp2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"495","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"142","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"29% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"305","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}