{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,14]],"date-time":"2026-04-14T05:42:48Z","timestamp":1776145368285,"version":"3.50.1"},"reference-count":261,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T00:00:00Z","timestamp":1774310400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100018693","name":"Horizon Europe","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100018693","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000780","name":"European Commission","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100000780","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100007352","name":"Staatssekretariat f\u00fcr Bildung, Forschung und Innovation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100007352","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100004152","name":"Spine Education and Research Institute","doi-asserted-by":"publisher","award":["101192749"],"award-info":[{"award-number":["101192749"]}],"id":[{"id":"10.13039\/100004152","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computer Science Review"],"published-print":{"date-parts":[[2026,8]]},"DOI":"10.1016\/j.cosrev.2026.100963","type":"journal-article","created":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T04:53:18Z","timestamp":1773895998000},"page":"100963","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Beyond vulnerabilities: A comprehensive survey of adversarial attacks across domains"],"prefix":"10.1016","volume":"61","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-6439-0857","authenticated-orcid":false,"given":"Dimitrios Christos","family":"Asimopoulos","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1605-9413","authenticated-orcid":false,"given":"Panagiotis","family":"Radoglou-Grammatikis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1686-421X","authenticated-orcid":false,"given":"Georgios Th.","family":"Papadopoulos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6042-0355","authenticated-orcid":false,"given":"Panagiotis","family":"Sarigiannidis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"78","reference":[{"key":"10.1016\/j.cosrev.2026.100963_bib0005","author":"Szegedy"},{"key":"10.1016\/j.cosrev.2026.100963_bib0010","doi-asserted-by":"crossref","first-page":"151","DOI":"10.1007\/s11633-019-1211-x","article-title":"Adversarial attacks and defenses in images, graphs and text: a review","volume":"17","author":"Xu","year":"2020","journal-title":"Int. J. Autom. Comput."},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib0015","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1049\/cit2.12028","article-title":"A survey on adversarial attacks and defences","volume":"6","author":"Chakraborty","year":"2021","journal-title":"CAAI Trans. Intell. Technol."},{"key":"10.1016\/j.cosrev.2026.100963_bib0020","doi-asserted-by":"crossref","first-page":"155161","DOI":"10.1109\/ACCESS.2021.3127960","article-title":"Advances in adversarial attacks and defenses in computer vision: a survey","volume":"9","author":"Akhtar","year":"2021","journal-title":"IEEE Access"},{"issue":"4","key":"10.1016\/j.cosrev.2026.100963_bib0025","doi-asserted-by":"crossref","first-page":"329","DOI":"10.1080\/00031305.2021.2006781","article-title":"A review of adversarial attack and defense for classification methods","volume":"76","author":"Li","year":"2022","journal-title":"Am. Stat."},{"key":"10.1016\/j.cosrev.2026.100963_bib0030","author":"Chakraborty"},{"key":"10.1016\/j.cosrev.2026.100963_bib0035","doi-asserted-by":"crossref","first-page":"14410","DOI":"10.1109\/ACCESS.2018.2807385","article-title":"Threat of adversarial attacks on deep learning in computer vision: a survey","volume":"6","author":"Akhtar","year":"2018","journal-title":"IEEE Access"},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib0040","doi-asserted-by":"crossref","DOI":"10.1155\/2021\/4907754","article-title":"A survey on adversarial attack in the age of artificial intelligence","volume":"2021","author":"Kong","year":"2021","journal-title":"Wirel. Commun. Mob. Comput."},{"key":"10.1016\/j.cosrev.2026.100963_bib0045","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102847","article-title":"A survey on adversarial attacks in computer vision: taxonomy, visualization and future directions","volume":"121","author":"Long","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cosrev.2026.100963_bib0050","doi-asserted-by":"crossref","first-page":"102266","DOI":"10.1109\/ACCESS.2022.3208131","article-title":"Adversarial deep learning: a survey on adversarial attacks and defense mechanisms on image classification","volume":"10","author":"Khamaiseh","year":"2022","journal-title":"IEEE Access"},{"key":"10.1016\/j.cosrev.2026.100963_bib0055","author":"Shayegani"},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib0060","doi-asserted-by":"crossref","first-page":"467","DOI":"10.1109\/COMST.2022.3225137","article-title":"A survey of adversarial attack and defense methods for malware classification in cyber security","volume":"25","author":"Yan","year":"2022","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"10.1016\/j.cosrev.2026.100963_bib0065","author":"Wang"},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib0070","doi-asserted-by":"crossref","first-page":"538","DOI":"10.1109\/COMST.2022.3233793","article-title":"Adversarial machine learning for network intrusion detection systems: a comprehensive survey","volume":"25","author":"He","year":"2023","journal-title":"IEEE Commun. Surv. Tutorials"},{"issue":"11","key":"10.1016\/j.cosrev.2026.100963_bib0075","doi-asserted-by":"crossref","first-page":"18951","DOI":"10.1109\/JIOT.2024.3349381","article-title":"Vulnerability of machine learning approaches applied in iot-based smart grid: a review","volume":"11","author":"Zhang","year":"2024","journal-title":"IEEE Internet Things J."},{"key":"10.1016\/j.cosrev.2026.100963_bib0080","series-title":"Proceedings of the IEEE\/CVF International Conference on Computer Vision","first-page":"4510","article-title":"Lea2: a lightweight ensemble adversarial attack via non-overlapping vulnerable frequency regions","author":"Qian","year":"2023"},{"key":"10.1016\/j.cosrev.2026.100963_bib0085","doi-asserted-by":"crossref","first-page":"7633","DOI":"10.1109\/TIFS.2024.3430508","article-title":"Enhancing transferability of adversarial examples through mixed-frequency inputs","volume":"19","author":"Qian","year":"2024","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"6","key":"10.1016\/j.cosrev.2026.100963_bib0090","doi-asserted-by":"crossref","first-page":"7877","DOI":"10.1109\/TDSC.2025.3601232","article-title":"A multimodal adversarial attack method via frequency domain enhancement and fine-grained cross-modal guidance","volume":"22","author":"Qian","year":"2025","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"10.1016\/j.cosrev.2026.100963_bib0095","author":"Ye"},{"key":"10.1016\/j.cosrev.2026.100963_bib0100","author":"Agnihotri"},{"key":"10.1016\/j.cosrev.2026.100963_bib0105","series-title":"2020 54th Annual Conference on Information Sciences and Systems (CISS)","first-page":"1","article-title":"Model evasion attack on intrusion detection systems using adversarial machine learning","author":"Ayub","year":"2020"},{"key":"10.1016\/j.cosrev.2026.100963_bib0110","series-title":"Proceedings of the 38th Annual Computer Security Applications Conference","first-page":"171","article-title":"Spacephish: the evasion-space of adversarial attacks against phishing website detectors using machine learning","author":"Apruzzese","year":"2022"},{"issue":"11","key":"10.1016\/j.cosrev.2026.100963_bib0115","doi-asserted-by":"crossref","first-page":"2346","DOI":"10.3390\/electronics12112346","article-title":"Black-box evasion attack method based on confidence score of benign samples","volume":"12","author":"Wu","year":"2023","journal-title":"Electronics"},{"key":"10.1016\/j.cosrev.2026.100963_bib0120","series-title":"Proceedings of the Genetic and Evolutionary Computation Conference Companion","first-page":"1827","article-title":"Black-box adversarial attacks using evolution strategies","author":"Qiu","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0125","doi-asserted-by":"crossref","first-page":"285","DOI":"10.1016\/j.ins.2020.10.028","article-title":"Black-box adversarial attacks by manipulating image attributes","volume":"550","author":"Wei","year":"2021","journal-title":"Inf. Sci."},{"issue":"3","key":"10.1016\/j.cosrev.2026.100963_bib0130","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3469659","article-title":"Modeling realistic adversarial attacks against network intrusion detection systems","volume":"3","author":"Apruzzese","year":"2022","journal-title":"Digit. Threats Res. Pract."},{"issue":"10","key":"10.1016\/j.cosrev.2026.100963_bib0135","doi-asserted-by":"crossref","DOI":"10.1371\/journal.pone.0275971","article-title":"Adversarial attacks against supervised machine learning based network intrusion detection systems","volume":"17","author":"Alshahrani","year":"2022","journal-title":"PLoS One"},{"key":"10.1016\/j.cosrev.2026.100963_bib0140","series-title":"Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing: System Demonstrations","first-page":"119","article-title":"Textattack: a framework for adversarial attacks, data augmentation, and adversarial training in NLP","author":"Morris","year":"2020"},{"key":"10.1016\/j.cosrev.2026.100963_bib0145","series-title":"Proceedings of the IEEE\/CVF International Conference on Computer Vision","first-page":"31","article-title":"Evasion attack steganography: turning vulnerability of machine learning to adversarial attacks into a real-world application","author":"Ghamizi","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0150","series-title":"2025 IEEE International Conference on Cyber Security and Resilience (CSR)","first-page":"950","article-title":"Surrogate-guided adversarial attacks: enabling white-box methods in black-box scenarios","author":"Asimopoulos","year":"2025"},{"issue":"13","key":"10.1016\/j.cosrev.2026.100963_bib0155","doi-asserted-by":"crossref","first-page":"10327","DOI":"10.1109\/JIOT.2020.3048038","article-title":"Adversarial attacks against network intrusion detection in IOT systems","volume":"8","author":"Qiu","year":"2020","journal-title":"IEEE Internet Things J."},{"issue":"12","key":"10.1016\/j.cosrev.2026.100963_bib0160","doi-asserted-by":"crossref","first-page":"9310","DOI":"10.1109\/JIOT.2021.3130434","article-title":"Hierarchical adversarial attacks against graph-neural-network-based IOT network intrusion detection system","volume":"9","author":"Zhou","year":"2021","journal-title":"IEEE Internet Things J."},{"issue":"2","key":"10.1016\/j.cosrev.2026.100963_bib0165","doi-asserted-by":"crossref","first-page":"252","DOI":"10.3390\/jcp1020014","article-title":"Launching adversarial attacks against network intrusion detection systems for IOT","volume":"1","author":"Papadopoulos","year":"2021","journal-title":"J. Cybersecur. Priv."},{"key":"10.1016\/j.cosrev.2026.100963_bib0170","doi-asserted-by":"crossref","DOI":"10.1016\/j.adhoc.2020.102074","article-title":"A new provably secure certificateless signature scheme for internet of things","volume":"100","author":"Du","year":"2020","journal-title":"Ad Hoc Netw."},{"issue":"11","key":"10.1016\/j.cosrev.2026.100963_bib0175","doi-asserted-by":"crossref","first-page":"9012","DOI":"10.1109\/JIOT.2021.3120197","article-title":"Threat of adversarial attacks on dl-based IOT device identification","volume":"9","author":"Bao","year":"2021","journal-title":"IEEE Internet Things J."},{"issue":"22","key":"10.1016\/j.cosrev.2026.100963_bib0180","doi-asserted-by":"crossref","first-page":"22399","DOI":"10.1109\/JIOT.2021.3111024","article-title":"Adversarial attacks and defenses for deep-learning-based unmanned aerial vehicles","volume":"9","author":"Tian","year":"2021","journal-title":"IEEE Internet Things J."},{"issue":"23","key":"10.1016\/j.cosrev.2026.100963_bib0185","doi-asserted-by":"crossref","first-page":"23379","DOI":"10.1109\/JIOT.2022.3206276","article-title":"Adversarial attacks and defenses toward ai-assisted UAV infrastructure inspection","volume":"9","author":"Raja","year":"2022","journal-title":"IEEE Internet Things J."},{"issue":"2","key":"10.1016\/j.cosrev.2026.100963_bib0190","doi-asserted-by":"crossref","first-page":"802","DOI":"10.1109\/JIOT.2020.3008232","article-title":"Toward invisible adversarial examples against Dnn-based privacy leakage for internet of things","volume":"8","author":"Ding","year":"2020","journal-title":"IEEE Internet Things J."},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib0195","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1109\/JIOT.2023.3275161","article-title":"Practical feature inference attack in vertical federated learning during prediction in artificial internet of things","volume":"11","author":"Yang","year":"2023","journal-title":"IEEE Internet Things J."},{"issue":"7","key":"10.1016\/j.cosrev.2026.100963_bib0200","doi-asserted-by":"crossref","first-page":"5839","DOI":"10.1109\/JIOT.2020.3033171","article-title":"Secure collaborative deep learning against GAN attacks in the internet of things","volume":"8","author":"Chen","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"10.1016\/j.cosrev.2026.100963_bib0205","doi-asserted-by":"crossref","first-page":"138509","DOI":"10.1109\/ACCESS.2021.3118642","article-title":"Federated deep learning for cyber security in the internet of things: concepts, applications, and experimental analysis","volume":"9","author":"Ferrag","year":"2021","journal-title":"IEEE Access"},{"issue":"2","key":"10.1016\/j.cosrev.2026.100963_bib0210","doi-asserted-by":"crossref","first-page":"1260","DOI":"10.1109\/TII.2022.3173996","article-title":"Multitentacle federated learning over software-defined industrial internet of things against adaptive poisoning attacks","volume":"19","author":"Li","year":"2022","journal-title":"IEEE Trans. Ind. Inform."},{"issue":"16","key":"10.1016\/j.cosrev.2026.100963_bib0215","doi-asserted-by":"crossref","first-page":"6434","DOI":"10.3390\/su12166434","article-title":"Robustness evaluations of sustainable machine learning models against data poisoning attacks in the internet of things","volume":"12","author":"Dunn","year":"2020","journal-title":"Sustainability"},{"issue":"2","key":"10.1016\/j.cosrev.2026.100963_bib0220","doi-asserted-by":"crossref","first-page":"431","DOI":"10.1109\/TR.2022.3179491","article-title":"Attacking spectrum sensing with adversarial deep learning in cognitive radio-enabled internet of things","volume":"72","author":"Liu","year":"2022","journal-title":"IEEE Trans. Rel."},{"issue":"3","key":"10.1016\/j.cosrev.2026.100963_bib0225","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3517806","article-title":"Ei-mtd: moving target defense for edge intelligence against adversarial attacks","volume":"25","author":"Qian","year":"2022","journal-title":"ACM Trans. Priv. Secur."},{"issue":"5","key":"10.1016\/j.cosrev.2026.100963_bib0230","doi-asserted-by":"crossref","first-page":"273","DOI":"10.1007\/s12243-021-00854-y","article-title":"The robust deep learning\u2013based schemes for intrusion detection in internet of things environments","volume":"76","author":"Fu","year":"2021","journal-title":"Ann. Telecommun."},{"key":"10.1016\/j.cosrev.2026.100963_bib0235","doi-asserted-by":"crossref","first-page":"194","DOI":"10.1016\/j.future.2022.02.019","article-title":"Fgmd: a robust detector against adversarial attacks in the IOT network","volume":"132","author":"Jiang","year":"2022","journal-title":"Futur. Gener. Comput. Syst."},{"key":"10.1016\/j.cosrev.2026.100963_bib0240","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102783","article-title":"Adversarial training for deep learning-based cyberattack detection in iot-based smart city applications","volume":"120","author":"Rashid","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cosrev.2026.100963_bib0245","article-title":"Adversarial attacks on machine learning cybersecurity defences in industrial control systems","volume":"58","author":"Anthi","year":"2021","journal-title":"J. Inf. Secur. Appl."},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib0250","doi-asserted-by":"crossref","first-page":"134","DOI":"10.1109\/TCSS.2021.3063538","article-title":"Intrusion detection for secure social internet of things based on collaborative edge computing: a generative adversarial network-based approach","volume":"9","author":"Nie","year":"2021","journal-title":"IEEE Trans. Comput. Soc. Syst."},{"issue":"4","key":"10.1016\/j.cosrev.2026.100963_bib0255","doi-asserted-by":"crossref","first-page":"3094","DOI":"10.1109\/JIOT.2021.3112159","article-title":"Intelligent intrusion detection for Internet of Things security: a deep convolutional generative adversarial network-enabled approach","volume":"10","author":"Wu","year":"2021","journal-title":"IEEE Internet Things J."},{"issue":"2","key":"10.1016\/j.cosrev.2026.100963_bib0260","first-page":"1140","article-title":"An unsupervised generative adversarial network based-host intrusion detection system for Internet of things devices","volume":"25","author":"Idrissi","year":"2022","journal-title":"Indones. J. Electr. Eng. Comput. Sci."},{"issue":"12","key":"10.1016\/j.cosrev.2026.100963_bib0265","doi-asserted-by":"crossref","first-page":"9611","DOI":"10.1109\/JIOT.2020.3019225","article-title":"A robust deep-learning-enabled trust-boundary protection for adversarial industrial IOT environment","volume":"8","author":"Hassan","year":"2020","journal-title":"IEEE Internet Things J."},{"issue":"19","key":"10.1016\/j.cosrev.2026.100963_bib0270","doi-asserted-by":"crossref","first-page":"19147","DOI":"10.1109\/JIOT.2022.3163894","article-title":"Toward generative adversarial networks for the industrial internet of things","volume":"9","author":"Qian","year":"2022","journal-title":"IEEE Internet Things J."},{"key":"10.1016\/j.cosrev.2026.100963_bib0275","series-title":"2023 19th International Conference on Distributed Computing in Smart Systems and the Internet of Things (DCOSS-IoT)","first-page":"196","article-title":"Generative adversarial networks-driven cyber threat intelligence detection framework for securing internet of things","author":"Ferrag","year":"2023"},{"key":"10.1016\/j.cosrev.2026.100963_bib0280","series-title":"GLOBECOM 2022-2022 IEEE Global Communications Conference","first-page":"2788","article-title":"Adversarial attacks against IOT networks using conditional GAN based learning","author":"Benaddi","year":"2022"},{"key":"10.1016\/j.cosrev.2026.100963_bib0285","doi-asserted-by":"crossref","DOI":"10.1016\/j.adhoc.2021.102661","article-title":"Deep learning-based reliable routing attack detection mechanism for industrial internet of things","volume":"123","author":"Nayak","year":"2021","journal-title":"Ad Hoc Netw."},{"issue":"10","key":"10.1016\/j.cosrev.2026.100963_bib0290","doi-asserted-by":"crossref","first-page":"8432","DOI":"10.1109\/JIOT.2022.3188583","article-title":"Iot-based Android malware detection using graph neural network with adversarial defense","volume":"10","author":"Yumlembam","year":"2022","journal-title":"IEEE Internet Things J."},{"key":"10.1016\/j.cosrev.2026.100963_bib0295","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102779","article-title":"Deep learning based cross architecture internet of things malware detection and classification","volume":"120","author":"Chaganti","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cosrev.2026.100963_bib0300","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1016\/j.comcom.2022.06.033","article-title":"Securing Internet of Things devices against code tampering attacks using return oriented programming","volume":"193","author":"Shrivastava","year":"2022","journal-title":"Comput. Commun."},{"key":"10.1016\/j.cosrev.2026.100963_bib0305","doi-asserted-by":"crossref","first-page":"243","DOI":"10.1016\/j.future.2021.05.030","article-title":"Asymmetric cryptographic functions based on generative adversarial neural networks for internet of things","volume":"124","author":"Hao","year":"2021","journal-title":"Futur. Gener. Comput. Syst."},{"issue":"19","key":"10.1016\/j.cosrev.2026.100963_bib0310","doi-asserted-by":"crossref","first-page":"16917","DOI":"10.1109\/JIOT.2023.3272334","article-title":"Toward federated Learning models resistant to adversarial attacks","volume":"10","author":"Hu","year":"2023","journal-title":"IEEE Internet Things J."},{"key":"10.1016\/j.cosrev.2026.100963_bib0315","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1016\/j.comcom.2020.12.013","article-title":"On deep reinforcement learning security for industrial internet of things","volume":"168","author":"Liu","year":"2021","journal-title":"Comput. Commun."},{"issue":"4","key":"10.1016\/j.cosrev.2026.100963_bib0320","doi-asserted-by":"crossref","first-page":"2602","DOI":"10.1109\/JIOT.2021.3138541","article-title":"Adversarial attack and defence strategies for deep-learning-based IOT device classification techniques","volume":"9","author":"Singh","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"10.1016\/j.cosrev.2026.100963_bib0325","doi-asserted-by":"crossref","DOI":"10.1016\/j.iot.2023.100851","article-title":"Robust detection of unknown Dos\/ddos attacks in IOT networks using a hybrid learning model","volume":"23","author":"Nguyen","year":"2023","journal-title":"Internet of Things"},{"issue":"4","key":"10.1016\/j.cosrev.2026.100963_bib0330","doi-asserted-by":"crossref","first-page":"2654","DOI":"10.1109\/COMST.2023.3317242","article-title":"Edge learning for 6G-enabled internet of things: a comprehensive survey of vulnerabilities, datasets, and defenses","volume":"25","author":"Ferrag","year":"2023","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"10.1016\/j.cosrev.2026.100963_bib0335","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s10916-016-0597-z","article-title":"Security attacks and solutions in electronic health (e-health) systems","volume":"40","author":"Zeadally","year":"2016","journal-title":"J. Med. Syst."},{"key":"10.1016\/j.cosrev.2026.100963_bib0340","doi-asserted-by":"crossref","DOI":"10.1016\/j.csi.2021.103522","article-title":"Privacy preservation of electronic health records with adversarial attacks identification in hybrid cloud","volume":"78","author":"Kanwal","year":"2021","journal-title":"Comput. Stand. Interfaces"},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib0345","doi-asserted-by":"crossref","first-page":"269","DOI":"10.1109\/TETC.2023.3268186","article-title":"Blockchain-based federated learning with smpc model verification against poisoning attack for healthcare systems","volume":"12","author":"Kalapaaking","year":"2023","journal-title":"IEEE Trans. Emerg. Top. Comput."},{"key":"10.1016\/j.cosrev.2026.100963_bib0350","series-title":"ICC 2021-IEEE International Conference on Communications","first-page":"1","article-title":"Federated intrusion detection in ng-Iot healthcare systems: an adversarial approach","author":"Siniosoglou","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0355","series-title":"2024 IEEE Opportunity Research Scholars Symposium (ORSS)","first-page":"75","article-title":"Securing AI of healthcare: a selective review on identifying and preventing adversarial attacks","author":"Ravikumar","year":"2024"},{"issue":"2","key":"10.1016\/j.cosrev.2026.100963_bib0360","doi-asserted-by":"crossref","first-page":"259","DOI":"10.3348\/jksr.2019.80.2.259","article-title":"Exploiting the vulnerability of deep learning-based artificial intelligence models in medical imaging: adversarial attacks","volume":"80","author":"Kim","year":"2019","journal-title":"J. Korean Soc. Radiol."},{"key":"10.1016\/j.cosrev.2026.100963_bib0365","series-title":"2021 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT)","first-page":"646","article-title":"A review of malicious altering healthcare imagery using artificial intelligence","author":"Hussain","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0370","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2022.116815","article-title":"Adversarial attacks and defenses on AI in medical imaging Informatics: a survey","volume":"198","author":"Kaviani","year":"2022","journal-title":"Expert Syst. Appl."},{"issue":"3","key":"10.1016\/j.cosrev.2026.100963_bib0375","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3702638","article-title":"Survey on adversarial attack and defense for medical image analysis: methods and challenges","volume":"57","author":"Dong","year":"2024","journal-title":"ACM Comput. Surv."},{"key":"10.1016\/j.cosrev.2026.100963_bib0380","doi-asserted-by":"crossref","DOI":"10.1016\/j.ejrad.2023.111085","article-title":"Adversarial attacks in radiology\u2013a systematic review","author":"Sorin","year":"2023","journal-title":"Eur. J. Radiol."},{"key":"10.1016\/j.cosrev.2026.100963_bib0385","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s12880-020-00530-y","article-title":"Universal adversarial attacks on deep neural networks for medical image classification","volume":"21","author":"Hirano","year":"2021","journal-title":"BMC Med. Imaging"},{"key":"10.1016\/j.cosrev.2026.100963_bib0390","series-title":"Trends and Applications in Information Systems and Technologies: Volume 1 9","first-page":"197","article-title":"One-pixel attacks against medical imaging: a conceptual framework","author":"Sipola","year":"2021"},{"issue":"17","key":"10.1016\/j.cosrev.2026.100963_bib0395","doi-asserted-by":"crossref","first-page":"4228","DOI":"10.3390\/cancers15174228","article-title":"Adversarial attacks on medical image classification","volume":"15","author":"Tsai","year":"2023","journal-title":"Cancers"},{"key":"10.1016\/j.cosrev.2026.100963_bib0400","doi-asserted-by":"crossref","first-page":"66478","DOI":"10.1109\/ACCESS.2024.3396566","article-title":"The impact of simultaneous adversarial attacks on robustness of medical image analysis","volume":"12","author":"Pal","year":"2024","journal-title":"IEEE Access"},{"issue":"12","key":"10.1016\/j.cosrev.2026.100963_bib0405","doi-asserted-by":"crossref","first-page":"9603","DOI":"10.1109\/JIOT.2020.3013710","article-title":"Adversarial examples\u2014security threats to Covid-19 deep learning systems in medical IOT devices","volume":"8","author":"Rahman","year":"2020","journal-title":"IEEE Internet Things J."},{"issue":"6","key":"10.1016\/j.cosrev.2026.100963_bib0410","doi-asserted-by":"crossref","first-page":"155","DOI":"10.3390\/jimaging8060155","article-title":"Digital watermarking as an adversarial attack on medical image analysis with deep learning","volume":"8","author":"Apostolidis","year":"2022","journal-title":"J. Imaging."},{"issue":"11","key":"10.1016\/j.cosrev.2026.100963_bib0415","doi-asserted-by":"crossref","first-page":"3922","DOI":"10.3390\/s21113922","article-title":"Adversarial attack and defence through adversarial training and feature fusion for diabetic retinopathy recognition","volume":"21","author":"Lal","year":"2021","journal-title":"Sensors"},{"key":"10.1016\/j.cosrev.2026.100963_bib0420","doi-asserted-by":"crossref","first-page":"103987","DOI":"10.1109\/ACCESS.2022.3210179","article-title":"Nsl-Mha-CNN: a novel CNN architecture for robust diabetic retinopathy prediction against adversarial attacks","volume":"10","author":"Daanouni","year":"2022","journal-title":"IEEE Access"},{"key":"10.1016\/j.cosrev.2026.100963_bib0425","series-title":"International Conference on Computational Intelligence in Data Science","first-page":"162","article-title":"Analysis of the impact of white box adversarial attacks in Resnet while classifying retinal fundus images","author":"Bharath Kumar","year":"2022"},{"key":"10.1016\/j.cosrev.2026.100963_bib0430","doi-asserted-by":"crossref","first-page":"144","DOI":"10.1016\/j.smhl.2018.07.015","article-title":"New attacks on RNN based healthcare learning system and their detections","volume":"9","author":"Xue","year":"2018","journal-title":"Smart Health"},{"key":"10.1016\/j.cosrev.2026.100963_bib0435","series-title":"Proceedings of the 1st ACM International Workshop on Security and Safety for Intelligent Cyber-Physical Systems","first-page":"6","article-title":"Hard-label black-box adversarial attack on deep electrocardiogram classifier","author":"Lam","year":"2020"},{"key":"10.1016\/j.cosrev.2026.100963_bib0440","doi-asserted-by":"crossref","DOI":"10.1016\/j.bspc.2023.105922","article-title":"Cardiodefense: defending against adversarial attack in ECG classification with adversarial distillation training","volume":"91","author":"Shao","year":"2024","journal-title":"Biomed. Signal Process. Control"},{"issue":"11","key":"10.1016\/j.cosrev.2026.100963_bib0445","doi-asserted-by":"crossref","first-page":"6807","DOI":"10.3390\/app13116807","article-title":"Detection of adversarial attacks against the hybrid convolutional long short-term memory deep learning technique for healthcare monitoring applications","volume":"13","author":"Albattah","year":"2023","journal-title":"Appl. Sci."},{"issue":"6","key":"10.1016\/j.cosrev.2026.100963_bib0450","doi-asserted-by":"crossref","first-page":"1893","DOI":"10.1109\/JBHI.2014.2344095","article-title":"Systematic poisoning attacks on and defenses for machine learning in healthcare","volume":"19","author":"Mozaffari-Kermani","year":"2014","journal-title":"IEEE J. Biomed. Health Inform."},{"key":"10.1016\/j.cosrev.2026.100963_bib0455","series-title":"Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining","first-page":"793","article-title":"Identify susceptible locations in medical records via adversarial attacks on deep predictive models","author":"Sun","year":"2018"},{"key":"10.1016\/j.cosrev.2026.100963_bib0460","series-title":"2022 IEEE International Conference on Bioinformatics and Biomedicine (BIBM)","first-page":"1777","article-title":"Medattacker: exploring black-box adversarial attacks on risk prediction models in healthcare","author":"Ye","year":"2022"},{"key":"10.1016\/j.cosrev.2026.100963_bib0465","series-title":"Intelligent Data Engineering and Analytics: Proceedings of the 9th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA 2021)","first-page":"501","article-title":"Safexai: explainable AI to detect adversarial attacks in electronic medical records","author":"Selvaganapathy","year":"2022"},{"key":"10.1016\/j.cosrev.2026.100963_bib0470","series-title":"GLOBECOM 2020-2020 IEEE Global Communications Conference","first-page":"1","article-title":"Adversarial attacks to machine learning-based smart healthcare systems","author":"Newaz","year":"2020"},{"key":"10.1016\/j.cosrev.2026.100963_bib0475","series-title":"Communication and Intelligent Systems: Proceedings of ICCIS 2020","first-page":"885","article-title":"Healthcare security: usage of generative models for malware adversarial attacks and defense","author":"Selvaganapathy","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0480","series-title":"International Conference of the Italian Association for Artificial Intelligence","first-page":"490","article-title":"Adversarial machine learning in e-health: attacking a smart prescription system","author":"Gaglio","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0485","series-title":"2020 IEEE 17th International Symposium on Biomedical Imaging (ISBI)","first-page":"1517","article-title":"Mitigating adversarial attacks on medical image understanding systems","author":"Paul","year":"2020"},{"key":"10.1016\/j.cosrev.2026.100963_bib0490","doi-asserted-by":"crossref","DOI":"10.1016\/j.patcog.2022.108923","article-title":"Robust convolutional neural networks against adversarial attacks on medical images","volume":"132","author":"Shi","year":"2022","journal-title":"Pattern Recognition"},{"issue":"10","key":"10.1016\/j.cosrev.2026.100963_bib0495","doi-asserted-by":"crossref","DOI":"10.1016\/j.heliyon.2022.e11209","article-title":"Defending against adversarial attacks on Covid-19 classifier: a denoiser-based approach","volume":"8","author":"Kansal","year":"2022","journal-title":"Heliyon"},{"key":"10.1016\/j.cosrev.2026.100963_bib0500","series-title":"2020 IEEE 17th International Symposium on Biomedical Imaging (ISBI)","first-page":"1154","article-title":"Robust detection of adversarial attacks on medical images","author":"Li","year":"2020"},{"key":"10.1016\/j.cosrev.2026.100963_bib0505","article-title":"Meff\u2013a model ensemble feature fusion approach for tackling adversarial attacks in medical imaging","volume":"22","author":"Alzubaidi","year":"2024","journal-title":"Intell. Syst. With Appl."},{"key":"10.1016\/j.cosrev.2026.100963_bib0510","series-title":"2020 25th International Conference on Pattern Recognition (ICPR)","first-page":"8180","article-title":"Attack-agnostic adversarial detection on medical data using explainable machine learning","author":"Watson","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0515","series-title":"2024 7th International Conference on Circuit Power and Computing Technologies (ICCPCT)","first-page":"1266","article-title":"Strengthening healthcare cybersecurity by optimizing adversarial attack defences in deep learning models using GPU and parallel processing technologies","volume":"vol. 1","author":"Venugopal","year":"2024"},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib0520","doi-asserted-by":"crossref","first-page":"5711","DOI":"10.1038\/s41467-022-33266-0","article-title":"Adversarial attacks and adversarial robustness in computational pathology","volume":"13","author":"Ghaffari Laleh","year":"2022","journal-title":"Nat. Commun."},{"key":"10.1016\/j.cosrev.2026.100963_bib0525","series-title":"2021 IEEE 93rd Vehicular Technology Conference (VTC2021-Spring)","first-page":"1","article-title":"Black-box testing for security-informed safety of automated driving systems","author":"Skoglund","year":"2021"},{"issue":"8","key":"10.1016\/j.cosrev.2026.100963_bib0530","doi-asserted-by":"crossref","first-page":"23873","DOI":"10.1007\/s11042-023-15405-x","article-title":"Untargeted white-box adversarial attack to break into deep learning based Covid-19 monitoring face mask detection system","volume":"83","author":"Sheikh","year":"2024","journal-title":"Multim. Tools Appl."},{"key":"10.1016\/j.cosrev.2026.100963_bib0535","doi-asserted-by":"crossref","DOI":"10.1016\/j.media.2021.102141","article-title":"Adversarial attack vulnerability of medical image analysis systems: unexplored factors","volume":"73","author":"Bortsova","year":"2021","journal-title":"Med. Image Anal."},{"key":"10.1016\/j.cosrev.2026.100963_bib0540","series-title":"2020 IEEE European Symposium on Security and Privacy (EuroS&P)","first-page":"139","article-title":"Jekyll: attacking medical image diagnostics using deep generative models","author":"Mangaokar","year":"2020"},{"key":"10.1016\/j.cosrev.2026.100963_bib0545","series-title":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","first-page":"506","article-title":"Practical black-box attacks against machine learning","author":"Papernot","year":"2017"},{"key":"10.1016\/j.cosrev.2026.100963_bib0550","doi-asserted-by":"crossref","first-page":"128250","DOI":"10.1109\/ACCESS.2020.3008433","article-title":"A brute-force black-box method to attack machine learning-based systems in cybersecurity","volume":"8","author":"Zhang","year":"2020","journal-title":"IEEE Access"},{"key":"10.1016\/j.cosrev.2026.100963_bib0555","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.103853","article-title":"Black-box adversarial transferability: an empirical study in cybersecurity perspective","volume":"141","author":"Roshan","year":"2024","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cosrev.2026.100963_bib0560","series-title":"2019 11th International Conference on Cyber Conflict (CyCon)","first-page":"1","article-title":"Addressing adversarial attacks against security systems based on machine learning","volume":"vol. 900","author":"Apruzzese","year":"2019"},{"key":"10.1016\/j.cosrev.2026.100963_bib0565","series-title":"2019 IEEE 18th International Symposium on Network Computing and Applications (NCA)","first-page":"1","article-title":"Evaluating the effectiveness of adversarial attacks against botnet detectors","author":"Apruzzese","year":"2019"},{"key":"10.1016\/j.cosrev.2026.100963_bib0570","series-title":"2019 IEEE Global Communications Conference (GLOBECOM)","first-page":"1","article-title":"Analyzing adversarial attacks against deep learning for intrusion detection in IOT networks","author":"Ibitoye","year":"2019"},{"key":"10.1016\/j.cosrev.2026.100963_bib0575","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102922","article-title":"Black box attack and network intrusion detection using machine learning for malicious traffic","volume":"123","author":"Zhu","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cosrev.2026.100963_bib0580","series-title":"2021 IEEE World AI IoT Congress (AIIoT)","first-page":"0034","article-title":"Adversarial black-box attacks against network intrusion detection systems: a survey","author":"Alatwi","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0585","series-title":"2020 International Joint Conference on Neural Networks (IJCNN)","first-page":"1","article-title":"Black box attacks on explainable artificial intelligence (XAI) methods in cyber security","author":"Kuppa","year":"2020"},{"key":"10.1016\/j.cosrev.2026.100963_bib0590","doi-asserted-by":"crossref","first-page":"4924","DOI":"10.1109\/TIFS.2021.3117075","article-title":"Adversarial XAI methods in cybersecurity","volume":"16","author":"Kuppa","year":"2021","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"5","key":"10.1016\/j.cosrev.2026.100963_bib0595","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3453158","article-title":"Adversarial machine learning attacks and defense methods in the cyber security domain","volume":"54","author":"Rosenberg","year":"2021","journal-title":"ACM Comput. Surv."},{"issue":"8","key":"10.1016\/j.cosrev.2026.100963_bib0600","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3547330","article-title":"Adversarial attacks and defenses in deep learning: from a perspective of cybersecurity","volume":"55","author":"Zhou","year":"2022","journal-title":"ACM Comput. Surv."},{"key":"10.1016\/j.cosrev.2026.100963_bib0605","doi-asserted-by":"crossref","first-page":"1721","DOI":"10.1007\/s10462-019-09717-4","article-title":"A review of generative adversarial networks and its application in cybersecurity","volume":"53","author":"Yinka-Banjo","year":"2020","journal-title":"Artif. Intell. Rev."},{"key":"10.1016\/j.cosrev.2026.100963_bib0610","series-title":"2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)","first-page":"0399","article-title":"Generative adversarial networks in security: a survey","author":"Dutta","year":"2020"},{"key":"10.1016\/j.cosrev.2026.100963_bib0615","doi-asserted-by":"crossref","first-page":"148","DOI":"10.1016\/j.future.2020.04.013","article-title":"Defending network intrusion detection systems against adversarial evasion attacks","volume":"110","author":"Pawlicki","year":"2020","journal-title":"Futur. Gener. Comput. Syst."},{"key":"10.1016\/j.cosrev.2026.100963_bib0620","series-title":"2024 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA)","first-page":"1","article-title":"Developing robust machine learning models to defend against adversarial attacks in the field of cybersecurity","author":"Khaleel","year":"2024"},{"key":"10.1016\/j.cosrev.2026.100963_bib0625","doi-asserted-by":"crossref","DOI":"10.1016\/j.simpa.2024.100681","article-title":"Adversarial attack defense analysis: an empirical approach in cybersecurity perspective","volume":"21","author":"Barik","year":"2024","journal-title":"Softw. Impacts"},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib0630","first-page":"51","article-title":"Adversarial machine learning in the context of network security: challenges and solutions","volume":"4","author":"Khan","year":"2024","journal-title":"J. Comput. Intell. Robot."},{"key":"10.1016\/j.cosrev.2026.100963_bib0635","doi-asserted-by":"crossref","first-page":"2493","DOI":"10.1016\/j.egyr.2024.02.010","article-title":"Enhancing cybersecurity in smart grids: deep black box adversarial attacks and quantum voting ensemble models for blockchain privacy-preserving storage","volume":"11","author":"Aurangzeb","year":"2024","journal-title":"Energy Rep."},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib0640","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1186\/s42400-018-0012-9","article-title":"A survey of practical adversarial example attacks","volume":"1","author":"Sun","year":"2018","journal-title":"Cybersecurity"},{"key":"10.1016\/j.cosrev.2026.100963_bib0645","series-title":"Proceedings of the 2nd Workshop on Smart Energy Grid Security","first-page":"13","article-title":"Targeted attacks against industrial control systems: is the power industry prepared?","author":"Line","year":"2014"},{"key":"10.1016\/j.cosrev.2026.100963_bib0650","series-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","first-page":"1092","article-title":"Limiting the impact of stealthy attacks on industrial control systems","author":"Urbina","year":"2016"},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib0655","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1109\/JPROC.2017.2725482","article-title":"A framework for attack-resilient industrial control systems: attack detection and controller reconfiguration","volume":"106","author":"Paridari","year":"2017","journal-title":"Proc. IEEE"},{"key":"10.1016\/j.cosrev.2026.100963_bib0660","author":"Feng"},{"key":"10.1016\/j.cosrev.2026.100963_bib0665","author":"Erba"},{"issue":"3","key":"10.1016\/j.cosrev.2026.100963_bib0670","doi-asserted-by":"crossref","first-page":"1810","DOI":"10.1109\/TDSC.2020.3037500","article-title":"Generating adversarial examples against machine learning-based intrusion detector in industrial control systems","volume":"19","author":"Chen","year":"2020","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"10.1016\/j.cosrev.2026.100963_bib0675","series-title":"Proceedings of the 15th ACM Asia Conference on Computer and Communications Security","first-page":"744","article-title":"I came, i saw, i hacked: automated generation of process-independent attacks for industrial control systems","author":"Sarkar","year":"2020"},{"key":"10.1016\/j.cosrev.2026.100963_bib0680","series-title":"2020 Global Smart Industry Conference (GloSIC)","first-page":"199","article-title":"Applying of generative adversarial networks for anomaly detection in industrial control systems","author":"Alabugin","year":"2020"},{"key":"10.1016\/j.cosrev.2026.100963_bib0685","series-title":"Proceedings of the 36th Annual Computer Security Applications Conference","first-page":"480","article-title":"Constrained concealment attacks against reconstruction-based anomaly detectors in industrial control systems","author":"Erba","year":"2020"},{"key":"10.1016\/j.cosrev.2026.100963_bib0690","series-title":"Proceedings of the 36th Annual ACM Symposium on Applied Computing","first-page":"116","article-title":"Poisoning attacks on cyber attack detectors for industrial control systems","author":"Kravchik","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0695","author":"Makrakis"},{"key":"10.1016\/j.cosrev.2026.100963_bib0700","doi-asserted-by":"crossref","first-page":"573","DOI":"10.1016\/j.procs.2021.03.072","article-title":"Crafting adversarial samples for anomaly detectors in industrial control systems","volume":"184","author":"G\u00f3mez","year":"2021","journal-title":"Proc. Comput. Sci."},{"key":"10.1016\/j.cosrev.2026.100963_bib0705","series-title":"Proceedings of the 2th Workshop on CPS&IoT Security and Privacy","first-page":"35","article-title":"Attack rules: an adversarial approach to generate attacks for industrial control systems using machine learning","author":"Umer","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0710","series-title":"2022 IEEE International Conference on Imaging Systems and Techniques (IST)","first-page":"1","article-title":"Adversarial attacks in industrial control cyber physical systems","author":"Figueroa","year":"2022"},{"key":"10.1016\/j.cosrev.2026.100963_bib0715","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102901","article-title":"Practical evaluation of poisoning attacks on online anomaly detectors in industrial control systems","volume":"122","author":"Kravchik","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cosrev.2026.100963_bib0720","series-title":"2023 20th ACS\/IEEE International Conference on Computer Systems and Applications (AICCSA)","first-page":"1","article-title":"Resilient machine learning (rml) against adversarial attacks on industrial control systems","author":"Yao","year":"2023"},{"issue":"4","key":"10.1016\/j.cosrev.2026.100963_bib0725","doi-asserted-by":"crossref","first-page":"6325","DOI":"10.1109\/TII.2023.3345472","article-title":"A black-box attack algorithm targeting unlabeled industrial AI systems with contrastive learning","volume":"20","author":"Duan","year":"2024","journal-title":"IEEE Trans. Ind. Inform."},{"key":"10.1016\/j.cosrev.2026.100963_bib0730","author":"Pozdnyakov"},{"key":"10.1016\/j.cosrev.2026.100963_bib0735","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.103750","article-title":"Adversarial sample attacks and defenses based on lstm-ed in industrial control systems","volume":"140","author":"Liu","year":"2024","journal-title":"Comput. & Secur."},{"key":"10.1016\/j.cosrev.2026.100963_bib0740","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2020.101826","article-title":"Spot evasion attacks: adversarial examples for license plate recognition systems with convolutional neural networks","volume":"95","author":"Qian","year":"2020","journal-title":"Comput. Secur."},{"issue":"6","key":"10.1016\/j.cosrev.2026.100963_bib0745","doi-asserted-by":"crossref","first-page":"4117","DOI":"10.1109\/TII.2020.3024643","article-title":"Adversarial attack against urban scene segmentation for autonomous vehicles","volume":"17","author":"Xu","year":"2020","journal-title":"IEEE Trans. Ind. Informat."},{"issue":"4","key":"10.1016\/j.cosrev.2026.100963_bib0750","doi-asserted-by":"crossref","first-page":"4439","DOI":"10.1109\/TVT.2020.2977378","article-title":"Poisoning and evasion attacks against deep learning algorithms in autonomous vehicles","volume":"69","author":"Jiang","year":"2020","journal-title":"IEEE Trans. Veh. Technol."},{"key":"10.1016\/j.cosrev.2026.100963_bib0755","series-title":"Proceedings of the IEEE\/CVF International Conference on Computer Vision","first-page":"7898","article-title":"Fooling lidar perception via adversarial trajectory perturbation","author":"Li","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0760","doi-asserted-by":"crossref","DOI":"10.1016\/j.comnet.2020.107388","article-title":"Towards cross-task universal perturbation against black-box object detectors in autonomous driving","volume":"180","author":"Zhang","year":"2020","journal-title":"Comput. Netw."},{"issue":"5","key":"10.1016\/j.cosrev.2026.100963_bib0765","doi-asserted-by":"crossref","first-page":"1023","DOI":"10.1109\/TMC.2019.2903048","article-title":"A secure shuffling mechanism for white-box attack-resistant unmanned vehicles","volume":"19","author":"Won","year":"2019","journal-title":"IEEE Trans. Mob. Comput."},{"key":"10.1016\/j.cosrev.2026.100963_bib0770","author":"Sobh"},{"key":"10.1016\/j.cosrev.2026.100963_bib0775","series-title":"2020 IEEE Applied Imagery Pattern Recognition Workshop (AIPR)","first-page":"1","article-title":"Black-box adversarial attacks in autonomous vehicle technology","author":"Kumar","year":"2020"},{"issue":"5","key":"10.1016\/j.cosrev.2026.100963_bib0780","doi-asserted-by":"crossref","first-page":"3443","DOI":"10.1109\/JIOT.2021.3099164","article-title":"Evaluating adversarial attacks on driving safety in vision-based autonomous vehicles","volume":"9","author":"Zhang","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"10.1016\/j.cosrev.2026.100963_bib0785","series-title":"29th USENIX Security Symposium (USENIX Security 20)","first-page":"877","article-title":"Towards robust {LiDAR-based} perception in autonomous driving: general black-box adversarial sensor attack and countermeasures","author":"Sun","year":"2020"},{"key":"10.1016\/j.cosrev.2026.100963_bib0790","series-title":"Proceedings of the 19th ACM Conference on Embedded Networked Sensor Systems","first-page":"329","article-title":"Adversarial attacks against lidar semantic segmentation in autonomous driving","author":"Zhu","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0795","series-title":"2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS)","first-page":"786","article-title":"A suspicion-free black-box adversarial attack for deep driving maneuver classification models","author":"Sarker","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0800","series-title":"2021 18th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON)","first-page":"1","article-title":"A context-aware black-box adversarial attack for deep driving maneuver classification models","author":"Sarker","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0805","series-title":"31st USENIX Security Symposium (USENIX Security 22)","first-page":"1903","article-title":"Security analysis of{Camera-LiDAR} fusion against {Black-Box} attacks on autonomous vehicles","author":"Hallyburton","year":"2022"},{"key":"10.1016\/j.cosrev.2026.100963_bib0810","series-title":"8th International Conference on Internet of Things, Big Data and Security","first-page":"131","article-title":"Analysis of sensor attacks against autonomous vehicles","author":"Jakobsen","year":"2023"},{"key":"10.1016\/j.cosrev.2026.100963_bib0815","series-title":"2020 IEEE International Conference on Pervasive Computing and Communications (PerCom)","first-page":"1","article-title":"An analysis of adversarial attacks and defenses on autonomous driving models","author":"Deng","year":"2020"},{"issue":"5","key":"10.1016\/j.cosrev.2026.100963_bib0820","first-page":"2209","article-title":"\u201cseeing is not always believing\u201d: detecting perception error attacks against autonomous vehicles","volume":"18","author":"Liu","year":"2021","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"10.1016\/j.cosrev.2026.100963_bib0825","series-title":"Proceedings of International Conference on Intelligent Cyber-Physical Systems: ICPS 2021","first-page":"207","article-title":"AI approach for autonomous vehicles to defend from adversarial attacks","author":"Dhawale","year":"2022"},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib0830","doi-asserted-by":"crossref","DOI":"10.1080\/08839514.2023.2193461","article-title":"Towards autonomous driving model resistant to adversarial attack","volume":"37","author":"Shibly","year":"2023","journal-title":"Appl. Artif. Intell."},{"key":"10.1016\/j.cosrev.2026.100963_bib0835","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2020.102150","article-title":"Cybersecurity for autonomous vehicles: review of attacks and defense","volume":"103","author":"Kim","year":"2021","journal-title":"Comput. Secur."},{"issue":"12","key":"10.1016\/j.cosrev.2026.100963_bib0840","doi-asserted-by":"crossref","first-page":"7897","DOI":"10.1109\/TII.2021.3071405","article-title":"Deep learning-based autonomous driving systems: a survey of attacks and defenses","volume":"17","author":"Deng","year":"2021","journal-title":"IEEE Trans. Ind. Informat."},{"key":"10.1016\/j.cosrev.2026.100963_bib0845","doi-asserted-by":"crossref","first-page":"90641","DOI":"10.1109\/ACCESS.2023.3307473","article-title":"An investigation of cyber-attacks and security mechanisms for connected and autonomous vehicles","volume":"11","author":"Gupta","year":"2023","journal-title":"IEEE Access"},{"key":"10.1016\/j.cosrev.2026.100963_bib0850","doi-asserted-by":"crossref","first-page":"417","DOI":"10.1109\/OJVT.2023.3265363","article-title":"Cybersecurity of autonomous vehicles: a systematic literature review of adversarial attacks and defense models","volume":"4","author":"Girdhar","year":"2023","journal-title":"IEEE Open J. Veh. Technol."},{"key":"10.1016\/j.cosrev.2026.100963_bib0855","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1109\/OJITS.2022.3142612","article-title":"Countering adversarial attacks on autonomous vehicles using denoising techniques: a review","volume":"3","author":"Kloukiniotis","year":"2022","journal-title":"IEEE Open J. Intell. Transp. Syst."},{"issue":"11","key":"10.1016\/j.cosrev.2026.100963_bib0860","doi-asserted-by":"crossref","first-page":"5293","DOI":"10.1007\/s00371-022-02660-6","article-title":"A survey on adversarial attacks and defenses for object detection and their applications in autonomous vehicles","volume":"39","author":"Amirkhani","year":"2023","journal-title":"The Visual Computer"},{"key":"10.1016\/j.cosrev.2026.100963_bib0865","series-title":"Information Security: 24th International Conference, ISC 2021, Virtual Event, November 10\u201312, 2021, Proceedings 24","first-page":"358","article-title":"Targeted universal adversarial perturbations for automatic speech recognition","author":"Zong","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0870","doi-asserted-by":"crossref","first-page":"526","DOI":"10.1109\/TIFS.2019.2925452","article-title":"Selective audio adversarial example in evasion attack on speech recognition system","volume":"15","author":"Kwon","year":"2019","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"10.1016\/j.cosrev.2026.100963_bib0875","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103168","article-title":"Multi-targeted audio adversarial example for use against speech recognition systems","volume":"128","author":"Ko","year":"2023","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cosrev.2026.100963_bib0880","series-title":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","first-page":"86","article-title":"Black-box adversarial attacks on commercial speech platforms with minimal information","author":"Zheng","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0885","doi-asserted-by":"crossref","first-page":"351","DOI":"10.1109\/TIFS.2022.3222963","article-title":"Query-efficient adversarial attack with low perturbation against end-to-end speech recognition systems","volume":"18","author":"Wang","year":"2022","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"10.1016\/j.cosrev.2026.100963_bib0890","doi-asserted-by":"crossref","first-page":"3981","DOI":"10.1109\/TASLP.2023.3304476","article-title":"Query-efficient black-box adversarial attacks on automatic speech recognition","volume":"31","author":"Tong","year":"2023","journal-title":"IEEE\/ACM Trans. Audio Speech Lang. Process."},{"key":"10.1016\/j.cosrev.2026.100963_bib0895","series-title":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","first-page":"630","article-title":"Zero-query adversarial attack on black-box automatic speech recognition systems","author":"Fang","year":"2024"},{"key":"10.1016\/j.cosrev.2026.100963_bib0900","doi-asserted-by":"crossref","first-page":"3647","DOI":"10.1109\/TIFS.2023.3283915","article-title":"Advddos: zero-query adversarial attacks against commercial speech recognition systems","volume":"18","author":"Ge","year":"2023","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"10.1016\/j.cosrev.2026.100963_bib0905","series-title":"33rd USENIX Security Symposium (USENIX Security 24)","first-page":"3945","article-title":"{LaserAdv}: laser adversarial attacks on speech recognition systems","author":"Zhang","year":"2024"},{"key":"10.1016\/j.cosrev.2026.100963_bib0910","series-title":"Asia-Pacific Web (APWeb) and Web-Age Information Management (WAIM) Joint International Conference on Web and Big Data","first-page":"349","article-title":"Impga: an effective and imperceptible black-box attack against automatic speech recognition systems","author":"Liang","year":"2022"},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib0915","article-title":"A robust adversarial attack against speech recognition with Uap","volume":"3","author":"Qin","year":"2023","journal-title":"High-Confid. Comput."},{"key":"10.1016\/j.cosrev.2026.100963_bib0920","first-page":"1","article-title":"Speech coding and audio preprocessing for mitigating and detecting audio adversarial examples on automatic speech recognition","author":"Rajaratnam","year":"2018","journal-title":"Mach. Learn. Comput. Vis. Nat. Lang. Process."},{"key":"10.1016\/j.cosrev.2026.100963_bib0925","doi-asserted-by":"crossref","first-page":"357","DOI":"10.1016\/j.neucom.2020.07.101","article-title":"Acoustic-decoy: detection of adversarial examples through audio modification on speech recognition system","volume":"417","author":"Kwon","year":"2020","journal-title":"Neurocomputing"},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib0930","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1186\/s42400-023-00177-6","article-title":"Towards the universal defense for query-based audio adversarial attacks on speech recognition system","volume":"6","author":"Guo","year":"2023","journal-title":"Cybersecurity"},{"key":"10.1016\/j.cosrev.2026.100963_bib0935","author":"Huq"},{"key":"10.1016\/j.cosrev.2026.100963_bib0940","author":"Joshi"},{"key":"10.1016\/j.cosrev.2026.100963_bib0945","author":"Zhang"},{"key":"10.1016\/j.cosrev.2026.100963_bib0950","series-title":"2021 IEEE Symposium on Security and Privacy (SP)","first-page":"730","article-title":"Sok: the faults in our asrs: an overview of attacks against automatic speech recognition and speaker identification systems","author":"Abdullah","year":"2021"},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib0955","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1186\/s42400-024-00218-8","article-title":"Commanderuap: a practical and transferable universal adversarial attacks on speech recognition models","volume":"7","author":"Sun","year":"2024","journal-title":"Cybersecurity"},{"key":"10.1016\/j.cosrev.2026.100963_bib0960","series-title":"Proceedings of the 19th Annual Workshop of the Australasian Language Technology Association","first-page":"138","article-title":"Exploring the vulnerability of natural language processing models via universal adversarial texts","author":"Li","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0965","doi-asserted-by":"crossref","first-page":"17966","DOI":"10.1109\/ACCESS.2022.3148413","article-title":"A differentiable language model adversarial attack on text classifiers","volume":"10","author":"Fursov","year":"2022","journal-title":"IEEE Access"},{"key":"10.1016\/j.cosrev.2026.100963_bib0970","series-title":"Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing: System Demonstrations","first-page":"308","article-title":"Seqattack: on adversarial attacks for named entity recognition","author":"Simoncini","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0975","author":"Alzantot"},{"key":"10.1016\/j.cosrev.2026.100963_bib0980","author":"Zang"},{"key":"10.1016\/j.cosrev.2026.100963_bib0985","series-title":"Proceedings of the AAAI Conference on Artificial Intelligence","first-page":"13525","article-title":"Generating natural language attacks in a hard label black box setting","volume":"vol. 35","author":"Maheshwary","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib0990","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.103817","article-title":"Bfs2adv: black-box adversarial attack towards hard-to-attack short texts","volume":"141","author":"Han","year":"2024","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cosrev.2026.100963_bib0995","series-title":"International Conference on Parallel Problem Solving from Nature","first-page":"341","article-title":"Attention-based genetic algorithm for adversarial attack in natural language processing","author":"Zhou","year":"2022"},{"key":"10.1016\/j.cosrev.2026.100963_bib1000","series-title":"2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD)","first-page":"1716","article-title":"Generating valid and natural adversarial examples with large language models","author":"Wang","year":"2024"},{"key":"10.1016\/j.cosrev.2026.100963_bib1005","doi-asserted-by":"crossref","first-page":"1184","DOI":"10.1109\/TASLP.2021.3129339","article-title":"Advexpander: generating natural language adversarial examples by expanding text","volume":"30","author":"Shao","year":"2021","journal-title":"IEEE\/ACM Trans. Audio Speech Lang. Process."},{"key":"10.1016\/j.cosrev.2026.100963_bib1010","author":"Zhou"},{"issue":"4","key":"10.1016\/j.cosrev.2026.100963_bib1015","doi-asserted-by":"crossref","first-page":"655","DOI":"10.3233\/AIC-230279","article-title":"Token-modification adversarial attacks for natural language processing: a survey","volume":"37","author":"Roth","year":"2024","journal-title":"AI Commun."},{"key":"10.1016\/j.cosrev.2026.100963_bib1020","series-title":"Proceedings of the AAAI Conference on Artificial Intelligence","first-page":"14892","article-title":"Codeattack: Code-based adversarial attacks for pre-trained programming language models","volume":"vol. 37","author":"Jha","year":"2023"},{"key":"10.1016\/j.cosrev.2026.100963_bib1025","author":"Zhou"},{"key":"10.1016\/j.cosrev.2026.100963_bib1030","series-title":"Uncertainty in Artificial Intelligence","first-page":"823","article-title":"Natural language adversarial defense through synonym encoding","author":"Wang","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib1035","unstructured":"X. Dong, Adversarial attacks and defenses in natural language processing, PhD thesis, Nanyang Technological University, 2022."},{"issue":"2","key":"10.1016\/j.cosrev.2026.100963_bib1040","doi-asserted-by":"crossref","first-page":"395","DOI":"10.1162\/coli_a_00476","article-title":"Certified robustness to text adversarial attacks by randomized [mask]","volume":"49","author":"Zeng","year":"2023","journal-title":"Comput. Linguist."},{"issue":"3","key":"10.1016\/j.cosrev.2026.100963_bib1045","first-page":"1","article-title":"Adversarial attacks on deep-learning models in natural language processing: a survey","volume":"11","author":"Zhang","year":"2020","journal-title":"ACM Trans. Intell. Syst. Technol."},{"key":"10.1016\/j.cosrev.2026.100963_bib1050","author":"Huq"},{"key":"10.1016\/j.cosrev.2026.100963_bib1055","series-title":"2021 IEEE 5th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)","first-page":"1281","article-title":"Adversarial attacks and defenses on deep learning models in natural language processing","volume":"vol. 5","author":"Zhang","year":"2021"},{"issue":"4","key":"10.1016\/j.cosrev.2026.100963_bib1060","first-page":"12","article-title":"Advanced adversarial attack techniques on natural language processing systems: methods, impacts, and defense mechanisms","volume":"8","author":"Minh","year":"2023","journal-title":"Adv. Intell. Inf. Syst."},{"issue":"14s","key":"10.1016\/j.cosrev.2026.100963_bib1065","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3593042","article-title":"A survey of adversarial defenses and robustness in NLP","volume":"55","author":"Goyal","year":"2023","journal-title":"ACM Comput. Surv."},{"key":"10.1016\/j.cosrev.2026.100963_bib1070","series-title":"International Conference on Knowledge Science, Engineering and Management","first-page":"85","article-title":"Adversarial attacks on large language models","author":"Zou","year":"2024"},{"key":"10.1016\/j.cosrev.2026.100963_bib1075","doi-asserted-by":"crossref","first-page":"278","DOI":"10.1016\/j.neucom.2022.04.020","article-title":"Adversarial attack and defense technologies in natural language processing: a survey","volume":"492","author":"Qiu","year":"2022","journal-title":"Neurocomputing"},{"issue":"6","key":"10.1016\/j.cosrev.2026.100963_bib1080","doi-asserted-by":"crossref","first-page":"3089","DOI":"10.1109\/TCSS.2022.3218743","article-title":"Adversarial NLP for social network applications: attacks, defenses, and research directions","volume":"10","author":"Alsmadi","year":"2022","journal-title":"IEEE Trans. Comput. Soc. Syst."},{"key":"10.1016\/j.cosrev.2026.100963_bib1085","doi-asserted-by":"crossref","first-page":"86038","DOI":"10.1109\/ACCESS.2022.3197769","article-title":"Robust natural language processing: recent advances, challenges, and future directions","volume":"10","author":"Omar","year":"2022","journal-title":"IEEE Access"},{"key":"10.1016\/j.cosrev.2026.100963_bib1090","series-title":"Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing: Tutorial Abstracts","first-page":"22","article-title":"Robustness and adversarial examples in natural language processing","author":"Chang","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib1095","author":"Ballet"},{"key":"10.1016\/j.cosrev.2026.100963_bib1100","author":"Schreyer"},{"key":"10.1016\/j.cosrev.2026.100963_bib1105","series-title":"Proceedings of the 28th International Conference on Computational Linguistics","first-page":"6150","article-title":"Generating plausible counterfactual explanations for deep transformers in financial text classification","author":"Yang","year":"2020"},{"key":"10.1016\/j.cosrev.2026.100963_bib1110","series-title":"2021 20th IEEE International Conference on Machine Learning and Applications (ICMLA)","first-page":"813","article-title":"Evolutionary adversarial attacks on payment systems","author":"Kumar","year":"2021"},{"issue":"5","key":"10.1016\/j.cosrev.2026.100963_bib1115","doi-asserted-by":"crossref","first-page":"986","DOI":"10.1287\/ijoc.2023.1297","article-title":"Black-box attack-based security evaluation framework for credit card fraud detection models","volume":"35","author":"Xiao","year":"2023","journal-title":"Inf. J. Comput."},{"key":"10.1016\/j.cosrev.2026.100963_bib1120","series-title":"Communication and Intelligent Systems: Proceedings of ICCIS 2021","first-page":"713","article-title":"Alerting the impact of adversarial attacks and how to detect it effectively via machine learning approach: with financial and esg data","author":"Lee","year":"2022"},{"issue":"4","key":"10.1016\/j.cosrev.2026.100963_bib1125","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1109\/MIS.2024.3378923","article-title":"Effective adversarial examples identification of credit card transactions","volume":"39","author":"Tsai","year":"2024","journal-title":"IEEE Intell. Syst."},{"key":"10.1016\/j.cosrev.2026.100963_bib1130","doi-asserted-by":"crossref","first-page":"50667","DOI":"10.1109\/ACCESS.2021.3068768","article-title":"Adversarial attacks against reinforcement learning-based portfolio management strategy","volume":"9","author":"Chen","year":"2021","journal-title":"IEEE Access"},{"key":"10.1016\/j.cosrev.2026.100963_bib1135","first-page":"12400","article-title":"Provably efficient black-box action poisoning attacks against reinforcement learning","volume":"34","author":"Liu","year":"2021","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"10.1016\/j.cosrev.2026.100963_bib1140","series-title":"2023 International Conference on Machine Learning and Applications (ICMLA)","first-page":"675","article-title":"Gray-box adversarial attack of deep reinforcement learning-based trading agents","author":"Ataiefard","year":"2023"},{"key":"10.1016\/j.cosrev.2026.100963_bib1145","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102933","article-title":"Investigating machine learning attacks on financial time series models","volume":"123","author":"Gallagher","year":"2022","journal-title":"Comput. & Secur."},{"key":"10.1016\/j.cosrev.2026.100963_bib1150","series-title":"Joint European Conference on Machine Learning and Knowledge Discovery in Databases","first-page":"221","article-title":"Taking over the stock market: adversarial perturbations against algorithmic traders","author":"Nehemya","year":"2021"},{"key":"10.1016\/j.cosrev.2026.100963_bib1155","author":"Xie"},{"key":"10.1016\/j.cosrev.2026.100963_bib1160","doi-asserted-by":"crossref","DOI":"10.1016\/j.frl.2023.103957","article-title":"Sentiment spin: attacking financial sentiment with gpt-3","volume":"55","author":"Leippold","year":"2023","journal-title":"Financ. Res. Lett."},{"key":"10.1016\/j.cosrev.2026.100963_bib1165","series-title":"Proceedings of the Second ACM Data Economy Workshop","first-page":"27","article-title":"Adversarial learning in real-world fraud detection: challenges and perspectives","author":"Lunghi","year":"2023"},{"key":"10.1016\/j.cosrev.2026.100963_bib1170","author":"Melo"},{"key":"10.1016\/j.cosrev.2026.100963_bib1175","series-title":"2023 IEEE Symposium on Security and Privacy (SP)","first-page":"2444","article-title":"Sok: decentralized finance (defi) attacks","author":"Zhou","year":"2023"},{"key":"10.1016\/j.cosrev.2026.100963_bib1180","series-title":"2024 IEEE 11th International Conference on Cyber Security and Cloud Computing (CSCloud)","first-page":"7","article-title":"An adversarial attack method against financial fraud detection model beta wavelet graph neural network via node injection","author":"Yang","year":"2024"},{"key":"10.1016\/j.cosrev.2026.100963_bib1185","series-title":"2021 IEEE 10th Global Conference on Consumer Electronics (GCCE)","first-page":"95","article-title":"Ensemble of key-based models: defense against black-box adversarial attacks","author":"MaungMaung","year":"2021"},{"issue":"2","key":"10.1016\/j.cosrev.2026.100963_bib1190","doi-asserted-by":"crossref","first-page":"314","DOI":"10.1109\/TC.2021.3066614","article-title":"Mitigating adversarial attacks based on denoising & reconstruction with finance authentication system case study","volume":"73","author":"Wang","year":"2024","journal-title":"IEEE Trans. Comput."},{"key":"10.1016\/j.cosrev.2026.100963_bib1195","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1016\/j.neucom.2022.12.013","article-title":"Asat: adaptively scaled adversarial training in time series","volume":"522","author":"Zhang","year":"2023","journal-title":"Neurocomputing"},{"key":"10.1016\/j.cosrev.2026.100963_bib1200","series-title":"The 8th International Scientific and Practical Conference \u201cPriority Areas of Research in the Scientific Activity of Teachers\u201d(February 27\u2013March 01, 2024) Zagreb, Croatia. International Science Group. 2024. 298 P","first-page":"174","article-title":"The application of deep learning in financial payment security and the challenge of generating adversarial network models","author":"Zhu","year":"2024"},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib1205","first-page":"54","article-title":"Securing the future of finance: how AI, blockchain, and machine learning safeguard emerging neobank technology against evolving cyber threats","volume":"1","author":"George","year":"2023","journal-title":"Partners Univ. Innov. Res. Publ."},{"issue":"1","key":"10.1016\/j.cosrev.2026.100963_bib1210","doi-asserted-by":"crossref","first-page":"20","DOI":"10.3390\/risks11010020","article-title":"Adversarial artificial intelligence in insurance: from an example to some potential remedies","volume":"11","author":"Amerirad","year":"2023","journal-title":"Risks"},{"key":"10.1016\/j.cosrev.2026.100963_bib1215","series-title":"Beyond AI: ChatGPT, Web3, and the Business Landscape of Tomorrow","first-page":"187","article-title":"Chatgpt in finance and banking","author":"Huang","year":"2023"},{"key":"10.1016\/j.cosrev.2026.100963_bib1220","doi-asserted-by":"crossref","DOI":"10.1016\/j.compchemeng.2024.108681","article-title":"A black-box adversarial attack on demand side management","volume":"186","author":"Cramer","year":"2024","journal-title":"Comput. Chem. Eng."},{"key":"10.1016\/j.cosrev.2026.100963_bib1225","article-title":"Adversarial attacks on medical large language models: safety risks in clinical decision-making","volume":"152","author":"Yang","year":"2025","journal-title":"J. Biomed. Inform."},{"key":"10.1016\/j.cosrev.2026.100963_bib1230","series-title":"Proceedings of the AAAI Conference on Artificial Intelligence","first-page":"14123","article-title":"Attackeval: a systematic evaluation framework for jailbreak attacks on large language models","author":"Shu","year":"2025"},{"key":"10.1016\/j.cosrev.2026.100963_bib1235","series-title":"Proceedings of the Conference on Empirical Methods in Natural Language Processing (EMNLP)","first-page":"5120","article-title":"Robustness benchmarking of large language models under adversarial prompt perturbations","author":"Zhu","year":"2024"},{"key":"10.1016\/j.cosrev.2026.100963_bib1240","series-title":"Proceedings of the 2023 Conference on Empirical Methods in Natural Language Processing (EMNLP)","first-page":"11401","article-title":"A holistic framework for assessing safety of large language models","author":"Mehrabi","year":"2023"},{"key":"10.1016\/j.cosrev.2026.100963_bib1245","series-title":"Proceedings of the Web Conference (WWW)","first-page":"2845","article-title":"Automatic generation of adversarial prompts for large language models","author":"Qin","year":"2024"},{"key":"10.1016\/j.cosrev.2026.100963_bib1250","series-title":"Proceedings of the 2024 Annual Meeting of the ACL","first-page":"842","article-title":"Semantic illusion attacks on language models","author":"Li","year":"2024"},{"key":"10.1016\/j.cosrev.2026.100963_bib1255","doi-asserted-by":"crossref","first-page":"112","DOI":"10.1038\/s41591-024-03445-1","article-title":"Vulnerability of medical large language models to targeted data poisoning","volume":"31","author":"Alber","year":"2025","journal-title":"Nat. Med."},{"key":"10.1016\/j.cosrev.2026.100963_bib1260","series-title":"Proceedings of the ACM Conference on Computer and Communications Security (CCS)","first-page":"843","article-title":"Instruction backdoor attacks against customized large language models","author":"Zhang","year":"2024"},{"key":"10.1016\/j.cosrev.2026.100963_bib1265","series-title":"Proceedings of the IEEE Symposium on Security and Privacy (S&P)","first-page":"1159","article-title":"Hidden multi-turn backdoor attacks on chat-based large language models","author":"Chen","year":"2024"},{"key":"10.1016\/j.cosrev.2026.100963_bib1270","series-title":"Proceedings of the International Joint Conference on Artificial Intelligence (IJCAI)","first-page":"3345","article-title":"Backdoor-based data stealing attacks against large language models","author":"He","year":"2024"},{"key":"10.1016\/j.cosrev.2026.100963_bib1275","series-title":"Proceedings of the SIAM International Conference on Data Mining (SDM)","first-page":"1015","article-title":"Poisoning retrieval-augmented generation via adversarial knowledge injection","author":"Zhao","year":"2025"},{"key":"10.1016\/j.cosrev.2026.100963_bib1280","first-page":"1","article-title":"Poisoning retrieval-augmented language models via adversarial document injection","volume":"12","author":"Lermen","year":"2024","journal-title":"Trans. Mach. Learn. Res."},{"key":"10.1016\/j.cosrev.2026.100963_bib1285","article-title":"Adversarial prompt detection using supervised classification for large language models","volume":"245","author":"Erg\u00fcn","year":"2025","journal-title":"Expert Syst. Appl."},{"key":"10.1016\/j.cosrev.2026.100963_bib1290","series-title":"Proceedings of the ACM Web Conference (The WebConf)","first-page":"2184","article-title":"Beat: a black-box defense against backdoor unalignment in large language models","author":"Yi","year":"2025"},{"key":"10.1016\/j.cosrev.2026.100963_bib1295","series-title":"Proceedings of NeurIPS 2023","first-page":"20123","article-title":"Universal and transferable adversarial attacks on aligned language models","author":"Zou","year":"2023"},{"key":"10.1016\/j.cosrev.2026.100963_bib1300","doi-asserted-by":"crossref","first-page":"884","DOI":"10.1109\/TITS.2023.3241069","article-title":"Mitigating jailbreak attacks via alignment smoothing in large language models","volume":"5","author":"Wang","year":"2024","journal-title":"IEEE Trans. Artif. Intell."},{"issue":"9","key":"10.1016\/j.cosrev.2026.100963_bib1305","doi-asserted-by":"crossref","first-page":"5201","DOI":"10.1109\/TKDE.2025.3580116","article-title":"F22at: feature-focusing adversarial training via disentanglement of natural and perturbed patterns","volume":"37","author":"Qian","year":"2025","journal-title":"IEEE Trans. Knowl. Data Eng."}],"container-title":["Computer Science Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1574013726000717?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1574013726000717?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,4,14]],"date-time":"2026-04-14T04:47:15Z","timestamp":1776142035000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S1574013726000717"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,8]]},"references-count":261,"alternative-id":["S1574013726000717"],"URL":"https:\/\/doi.org\/10.1016\/j.cosrev.2026.100963","relation":{},"ISSN":["1574-0137"],"issn-type":[{"value":"1574-0137","type":"print"}],"subject":[],"published":{"date-parts":[[2026,8]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Beyond vulnerabilities: A comprehensive survey of adversarial attacks across domains","name":"articletitle","label":"Article Title"},{"value":"Computer Science Review","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cosrev.2026.100963","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Authors. Published by Elsevier Inc.","name":"copyright","label":"Copyright"}],"article-number":"100963"}}