{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T10:54:15Z","timestamp":1775559255283,"version":"3.50.1"},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2022,1,17]],"date-time":"2022-01-17T00:00:00Z","timestamp":1642377600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,17]],"date-time":"2022-01-17T00:00:00Z","timestamp":1642377600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Prog Artif Intell"],"published-print":{"date-parts":[[2022,6]]},"DOI":"10.1007\/s13748-021-00269-9","type":"journal-article","created":{"date-parts":[[2022,1,17]],"date-time":"2022-01-17T00:04:05Z","timestamp":1642377845000},"page":"131-141","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":26,"title":["A survey on the vulnerability of deep neural networks against adversarial attacks"],"prefix":"10.1007","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7459-0988","authenticated-orcid":false,"given":"Andy","family":"Michel","sequence":"first","affiliation":[]},{"given":"Sumit Kumar","family":"Jha","sequence":"additional","affiliation":[]},{"given":"Rickard","family":"Ewetz","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,1,17]]},"reference":[{"key":"269_CR1","unstructured":"Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, IJ., Fergus, R.: Intriguing properties of neural networks. ICLR (2014b). arxiv:1312.6199"},{"key":"269_CR2","unstructured":"Xie, C., Tan, M., Gong, B., Yuille, A., Le, Q. V.: Smooth adversarial training. (2020). arXiv preprint arXiv:2006.14536"},{"key":"269_CR3","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: international conference on learning representations (2015)"},{"key":"269_CR4","volume-title":"Generative adversarial nets","author":"I Goodfellow","year":"2014","unstructured":"Goodfellow, I., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S., Courville, A., Bengio, Y.: Generative adversarial nets. Adv. Neural Inf. Process, Syst (2014)"},{"issue":"2","key":"269_CR5","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s11633-019-1211-x","volume":"17","author":"H Xu","year":"2020","unstructured":"Xu, H., Ma, Y., Liu, H.C., Deb, D., Liu, H., Tang, J.L., Jain, A.K.: Adversarial attacks and defenses in images, graphs and text: a review. Int. J. Automat. Comput. 17(2), 151\u2013178 (2020)","journal-title":"Int. J. Automat. Comput."},{"key":"269_CR6","unstructured":"Martin, A., Soumith, C., L\u00e9on, B.: n (2017).Wasserstein GAN. arXiv preprint arXiv:1701.07875"},{"issue":"9","key":"269_CR7","doi-asserted-by":"publisher","first-page":"829","DOI":"10.1038\/nbt.4233","volume":"36","author":"M Wainberg","year":"2018","unstructured":"Wainberg, M., Merico, D., Delong, A., Frey, B.J.: Deep learning in biomedicine. Nat. Biotechnol 36(9), 829\u2013838 (2018)","journal-title":"Nat. Biotechnol"},{"key":"269_CR8","unstructured":"Goodfellow, I., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S., Bengio, Y.: Generative adversarial nets. Adv. Neural Inf. Process. Syst. 27 (2014)"},{"key":"269_CR9","doi-asserted-by":"crossref","unstructured":"Collobert, R., Weston, J.: A unified architecture for natural language processing: deep neural networks with task learning. In: proceedings of the 25th international conference on machine learning, pp. 160-167. ACM (2008)","DOI":"10.1145\/1390156.1390177"},{"key":"269_CR10","doi-asserted-by":"publisher","unstructured":"Kaiming, H., Xiangyu, Z., Shaoqing, R., Jian, S.: Delving deep into rectifiers: surpassing human-level performance on imageNet classification. In: proceedings of the 2015 IEEE international conference on computer vision (ICCV) (ICCV \u201915). IEEE Computer Society, USA, 1026-1034. (2015) https:\/\/doi.org\/10.1109\/ICCV.2015.123","DOI":"10.1109\/ICCV.2015.123"},{"key":"269_CR11","unstructured":"Tram\u00e0r, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D.,and McDaniel, P. Ensemble adversarial training: attacks and defenses. arXiv preprint arXiv:1705.07204 (2017)"},{"key":"269_CR12","unstructured":"Samangouei, P., M. Kabkab, and R. Defense-GAN Chellappa. Protecting classifiers against adversarial attacks using generative models. arXiv 2018. arXiv preprint arXiv:1805.06605 (2018)"},{"key":"269_CR13","doi-asserted-by":"crossref","unstructured":"Carlini, N., Wagner, D.A.: Towards evaluating the robustness of neural networks. In: 2017 IEEE symposium on security and privacy (SP), pp. 39\u201357 (2017)","DOI":"10.1109\/SP.2017.49"},{"key":"269_CR14","doi-asserted-by":"crossref","unstructured":"Papernot, N. et\u00a0al.: The limitations of deep learning in adversarial settings. In: 2016 IEEE European symposium on security and privacy (EuroS&P), pp. 372\u2013387 (2016)","DOI":"10.1109\/EuroSP.2016.36"},{"key":"269_CR15","unstructured":"Athalye, A., Carlini, N., Wagner, D.: Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples. (2018)"},{"key":"269_CR16","unstructured":"Krizhevsky, A., Hinton, G.: Learning multiple layers of features from tiny images. Technical report, University of Toronto, (2009)"},{"issue":"11","key":"269_CR17","doi-asserted-by":"publisher","first-page":"2278","DOI":"10.1109\/5.726791","volume":"86","author":"Y Lecun","year":"1998","unstructured":"Lecun, Y., Bottou, L., Bengio, Y., Haffner, P.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278\u20132324 (1998). https:\/\/doi.org\/10.1109\/5.726791","journal-title":"Proc. IEEE"},{"key":"269_CR18","unstructured":"Xiao, H., Rasul, K., Vollgraf, R.: Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. arXiv preprint arXiv:1708.07747 (2017)"},{"key":"269_CR19","doi-asserted-by":"crossref","unstructured":"Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE symposium on security and privacy (SP), pp. 39-57. IEEE (2017b)","DOI":"10.1109\/SP.2017.49"},{"key":"269_CR20","unstructured":"Miyato, T., Dai, A. M., Goodfellow, I. (2016). Adversarial training methods for semi-supervised text classification. arXiv preprint arXiv:1605.07725"},{"key":"269_CR21","unstructured":"Goodfellow, I., Qin, Y., Berthelot, D.:Evaluation methodology for attacks against confidence thresholding models (2018)"},{"key":"269_CR22","doi-asserted-by":"crossref","unstructured":"Papernot, N. et\u00a0al.: Distillation as a defense to adversarial perturbations against deep neural networks. In: 2016 IEEE symposium on security and privacy (SP) (2016), pp. 582\u2013597","DOI":"10.1109\/SP.2016.41"},{"key":"269_CR23","unstructured":"Jha, S., Raj, S., Fernandes, S., Jha, S. K., Jha, S., Jalaian, B. Swami, A.:Attribution-based confidence metric for deep neural networks (2019)"},{"key":"269_CR24","doi-asserted-by":"crossref","unstructured":"Tian, Y., Pei, K., Jana, S., Ray, B.: Deeptest: automated testing of deep-neural-network-driven autonomous cars. In: proceedings of the 40th international conference on software engineering, pp. 303\u2013314 (2018)","DOI":"10.1145\/3180155.3180220"},{"key":"269_CR25","doi-asserted-by":"publisher","first-page":"569","DOI":"10.1613\/jair.1.11640","volume":"65","author":"S Ruder","year":"2019","unstructured":"Ruder, S., Vuli\u0107, I., S\u00f8gaard, A.: A survey of cross-lingual word embedding models. J. Artif. Intell. Res. 65, 569\u2013631 (2019)","journal-title":"J. Artif. Intell. Res."},{"key":"269_CR26","unstructured":"Sundararajan, M., Taly, A., Yan, Q.:Axiomatic attribution for deep networks. In: international conference on machine learning (pp. 3319-3328). PMLR (2017)"},{"key":"269_CR27","doi-asserted-by":"crossref","unstructured":"Szegedy, C., Liu, W., Jia, Y., Sermanet, P., Reed, S., Anguelov, D., ... Rabinovich, A.: Going deeper with convolutions. In: proceedings of the IEEE conference on computer vision and pattern recognition (pp. 1\u20139) (2015)","DOI":"10.1109\/CVPR.2015.7298594"},{"key":"269_CR28","unstructured":"Shrikumar, A., Greenside, P., Kundaje, A.: Learning important features through propagating activation differences. In: international conference on machine learning, pp. 3145\u20133153. PMLR (2017)"},{"key":"269_CR29","doi-asserted-by":"crossref","unstructured":"Binder, A., Montavon, G., Lapuschkin, S., M\u00fcller, K. R., Samek, W.: Layer-wise relevance propagation for neural networks with local renormalization layers. In: international conference on artificial neural networks, pp. 63\u201371. Springer, Cham (2016)","DOI":"10.1007\/978-3-319-44781-0_8"},{"key":"269_CR30","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: proceedings of the IEEE conference on computer vision and pattern recognition, pp. 770\u2013778 (2016)","DOI":"10.1109\/CVPR.2016.90"},{"key":"269_CR31","unstructured":"Malik, A., et\u00a0al. Calibrated model-based deep reinforcement learning. In: international conference on machine learning. PMLR, (2019)"},{"issue":"3","key":"269_CR32","first-page":"61","volume":"10","author":"J Platt","year":"1999","unstructured":"Platt, J.: Probabilistic outputs for support vector machines and comparisons to regularized likelihood methods. Adv. Large Margin Classif. 10(3), 61\u201374 (1999)","journal-title":"Adv. Large Margin Classif."},{"key":"269_CR33","unstructured":"Guo, C., et\u00a0al. On calibration of modern neural networks. In: international conference on machine learning (2017)"},{"key":"269_CR34","unstructured":"Park, S., et\u00a0al. PAC confidence sets for deep neural networks via calibrated prediction. In: 8th international conference on learning representations (ICLR) (2020)"},{"key":"269_CR35","unstructured":"Wang, W., Xingye, Q.: Learning confidence sets using support vector machines. NeurIPS (2018)"},{"key":"269_CR36","volume-title":"The elements of statistical learning","author":"J Friedman","year":"2001","unstructured":"Friedman, J., Hastie, T., Tibshirani, R.: The elements of statistical learning. Springer, New York (2001)"},{"key":"269_CR37","unstructured":"Naeini, M. P., Cooper, G., Hauskrecht, M.: Obtaining well calibrated probabilities using bayesian binning. In: twenty-ninth AAAI conference on artificial intelligence. (2015)"}],"container-title":["Progress in Artificial Intelligence"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13748-021-00269-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s13748-021-00269-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13748-021-00269-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,19]],"date-time":"2022-05-19T14:51:12Z","timestamp":1652971872000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s13748-021-00269-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,1,17]]},"references-count":37,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2022,6]]}},"alternative-id":["269"],"URL":"https:\/\/doi.org\/10.1007\/s13748-021-00269-9","relation":{},"ISSN":["2192-6352","2192-6360"],"issn-type":[{"value":"2192-6352","type":"print"},{"value":"2192-6360","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,1,17]]},"assertion":[{"value":"19 February 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 October 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 January 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}