{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T04:48:11Z","timestamp":1780634891770,"version":"3.54.1"},"reference-count":123,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"4","license":[{"start":{"date-parts":[[2023,4,1]],"date-time":"2023-04-01T00:00:00Z","timestamp":1680307200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61972366"],"award-info":[{"award-number":["61972366"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Knowl. Data Eng."],"published-print":{"date-parts":[[2023,4,1]]},"DOI":"10.1109\/tkde.2021.3130903","type":"journal-article","created":{"date-parts":[[2021,11,26]],"date-time":"2021-11-26T20:14:42Z","timestamp":1637957682000},"page":"3367-3388","source":"Crossref","is-referenced-by-count":70,"title":["Adversarial Attacks Against Deep Generative Models on Data: A Survey"],"prefix":"10.1109","volume":"35","author":[{"given":"Hui","family":"Sun","sequence":"first","affiliation":[{"name":"China University of Geosciences, Wuhan, Hubei, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0702-7102","authenticated-orcid":false,"given":"Tianqing","family":"Zhu","sequence":"additional","affiliation":[{"name":"School of Computer Science, China University of Geosciences, Wuhan, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Zhiqiu","family":"Zhang","sequence":"additional","affiliation":[{"name":"China University of Geosciences, Wuhan, Hubei, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5922-2746","authenticated-orcid":false,"given":"Dawei","family":"Jin","sequence":"additional","affiliation":[{"name":"Zhongnan University of Economy and Law, Hubei, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ping","family":"Xiong","sequence":"additional","affiliation":[{"name":"Zhongnan University of Economy and Law, Hubei, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Wanlei","family":"Zhou","sequence":"additional","affiliation":[{"name":"City University of Macau, Macau, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Progressive growing of GANs for improved quality, stability, and variation","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Karras"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/SIBGRAPI.2018.00067"},{"issue":"SECS 755","key":"ref3","volume-title":"Machine Learning: Discriminative and Generative","volume":"755","author":"Jebara"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.5555\/2969033.2969125"},{"key":"ref5","article-title":"Auto-encoding variational bayes","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Kingma"},{"key":"ref6","article-title":"Large scale GAN training for high fidelity natural image synthesis","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Brock"},{"key":"ref7","first-page":"613","article-title":"Generating videos with scene dynamics","volume-title":"Proc. Conf. Neural Inform. Process. Syst.","author":"Vondrick"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.632"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.21437\/Interspeech.2010-343"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2017.10.013"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1016\/j.asej.2014.04.011"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-10-5209-5"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1126\/science.aaa8685"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW.2019.00037"},{"key":"ref16","article-title":"Explaining and harnessing adversarial examples","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Goodfellow"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.5555\/3241094.3241142"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813677"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1007\/s10994-010-5188-5"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/eurosp.2018.00035"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40994-3_25"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052695"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00035"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3436755"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3398394"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/MCI.2020.2976185"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1016\/j.media.2017.07.005"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2016.12.038"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1016\/j.inffus.2017.10.006"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1016\/j.compag.2018.02.016"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/tkde.2020.2981333"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-37228-6_15"},{"key":"ref34","article-title":"BAAAN: Backdoor attacks against autoencoder and GAN-based machine learning models","author":"Salem","year":"2020"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.47749\/t\/unicamp.2019.1092797"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2018.00014"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.52591\/lxai2018120315"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/WACVW50321.2020.9096939"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/ICIP40778.2020.9191032"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOMWKSHPS50562.2020.9162699"},{"key":"ref41","article-title":"Fidelity and privacy of synthetic medical data","author":"Mendelevitch","year":"2021"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417238"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0008"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0067"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2019.00056"},{"key":"ref46","article-title":"Synthetic data - A privacy mirage","author":"Stadler","year":"2020"},{"key":"ref47","article-title":"Model extraction and defenses on generative adversarial networks","author":"Hu","year":"2021"},{"key":"ref48","article-title":"beta-VAE: Learning basic visual concepts with a constrained variational framework","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Higgins"},{"key":"ref49","first-page":"214","article-title":"Wasserstein generative adversarial networks","volume-title":"Proc. Int. Conf. Mach. Learn.","volume":"70","author":"Arjovsky"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/ISACV.2018.8354080"},{"key":"ref51","volume-title":"Game Theory - Analysis of Conflict","author":"Myerson","year":"1997"},{"key":"ref52","article-title":"Targeted backdoor attacks on deep learning systems using data poisoning","author":"Chen","year":"2017"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-71703-4_37"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.00926"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-020-05270-2"},{"issue":"3","key":"ref56","first-page":"21","article-title":"The CIA strikes back: Redefining confidentiality, integrity and availability in security","volume":"10","author":"Samonas","year":"2014","journal-title":"J. Inf. Syst. Secur."},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1186\/s12874-020-00977-1"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/7.2.155"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00453"},{"key":"ref60","first-page":"1558","article-title":"Autoencoding beyond pixels using a learned similarity metric","volume-title":"Proc. Int. Conf. Mach. Learn.","volume":"48","author":"Larsen"},{"key":"ref61","article-title":"Poisoning attacks against support vector machines","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Biggio"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00057"},{"key":"ref63","first-page":"6106","article-title":"Poison frogs! Targeted clean-label poisoning attacks on neural networks","volume-title":"Proc. Conf. Neural Inform. Process. Syst.","author":"Shafahi"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.5555\/3016100.3016102"},{"key":"ref65","article-title":"Generative poisoning attack method against neural networks","author":"Yang","year":"2017"},{"key":"ref66","article-title":"Weight normalization: A simple reparameterization to accelerate training of deep neural networks","volume-title":"Proc. Conf. Neural Inform. Process. Syst.","author":"Salimans"},{"issue":"1","key":"ref67","first-page":"1929","article-title":"Dropout: A simple way to prevent neural networks from overfitting","volume":"15","author":"Srivastava","year":"2014","journal-title":"J. Mach. Learn. Res."},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1161\/CIRCOUTCOMES.118.005122"},{"key":"ref69","article-title":"LOGAN: Evaluating privacy leakage of generative models using generative adversarial networks","author":"Hayes","year":"2017"},{"key":"ref70","article-title":"Differentially private releasing via deep generative model","author":"Zhang","year":"2018"},{"key":"ref71","article-title":"Differentially private generative adversarial network","author":"Xie","year":"2018"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1561\/9781601988195"},{"key":"ref73","article-title":"GS-WGAN: A gradient-sanitized approach for learning differentially private generators","volume-title":"Proc. Conf. Neural Inform. Process. Syst.","author":"Chen"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/CVPRW.2019.00018"},{"key":"ref75","article-title":"Conditional generative adversarial nets","author":"Mirza","year":"2014"},{"key":"ref76","first-page":"263","article-title":"Re\u00b4nyi differential privacy","volume-title":"Proc. IEEE 34th Comput. Secur. Found. Symp.","author":"Mironov"},{"key":"ref77","article-title":"Double backpropagation for training autoencoders against adversarial attack","author":"Sun","year":"2020"},{"key":"ref78","article-title":"Improving vaes\u2019 robustness to adversarial attack","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Willetts"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_13"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2021-0041"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1007\/s11263-020-01348-5"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1007\/s11263-019-01155-7"},{"key":"ref83","article-title":"PATE-GAN: Generating synthetic data with differential privacy guarantees","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Jordon"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.00363"},{"key":"ref85","article-title":"Rethinking deep neural network ownership verification: Embedding passports to defeat ambiguity attacks","volume-title":"Proc. Conf. Neural Inform. Process. Syst.","author":"Fan"},{"key":"ref86","first-page":"8011","article-title":"Spectral signatures in backdoor attacks","volume-title":"Proc. Conf. Neural Inform. Process. Syst.","author":"Tran"},{"key":"ref87","article-title":"Detecting backdoor attacks on deep neural networks by activation clustering","volume-title":"Proc. Workshop AAAI Conf. Artif. Intell.","volume":"2301","author":"Chen"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2019.8852285"},{"key":"ref89","article-title":"Defend deep neural networks against adversarial examples via fixed and dynamic quantized activation functions","author":"Rakin","year":"2018"},{"key":"ref90","article-title":"The effectiveness of data augmentation in image classification using deep learning","author":"Perez","year":"2017"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-60239-0_19"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP39728.2021.9414862"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2958864"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2018.2856256"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D17-1230"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2018.03.050"},{"key":"ref97","article-title":"Creative GANs for generating poems, lyrics, and metaphors","author":"Saeed","year":"2019"},{"key":"ref98","first-page":"286","article-title":"Generating multi-label discrete patient records using generative adversarial networks","volume-title":"Proc. Mach. Learn. Healthcare","volume":"68","author":"Choi"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2018\/585"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2016.7795300"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D18-1316"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/P19-1561"},{"key":"ref103","article-title":"Adversarial patch","author":"Brown","year":"2017"},{"key":"ref104","article-title":"Intriguing properties of neural networks","volume-title":"Proc. of Int. Conf. Learn. Representations","author":"Szegedy"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.282"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.48550\/ARXIV.1706.06083"},{"key":"ref107","article-title":"DPATCH: An adversarial patch attack on object detectors","volume-title":"Proc. AAAI Conf. Artif. Intell.","volume":"2301","author":"Liu"},{"key":"ref108","first-page":"91","article-title":"Faster R-CNN: Towards real-time object detection with region proposal networks","volume-title":"Proc. Conf. Neural Inform. Process. Syst.","author":"Ren"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.690"},{"key":"ref110","article-title":"Object hider: Adversarial patch attack against object detectors","author":"Zhao","year":"2020"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2017.2697856"},{"key":"ref112","article-title":"A general approach to adding differential privacy to iterative training procedures","author":"McMahan","year":"2018"},{"key":"ref113","article-title":"Enabling fast differentially private SGD via just-in-time compilation and vectorization","author":"Subramani","year":"2020"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2021-0041"},{"key":"ref115","doi-asserted-by":"publisher","DOI":"10.1145\/3460771"},{"key":"ref116","first-page":"866","article-title":"MD-GAN: Multi-discriminator generative adversarial networks for distributed datasets","volume-title":"Proc. IEEE Int. Parallel Distrib. Process. Symp."},{"key":"ref117","first-page":"1273","article-title":"Communication-efficient learning of deep networks from decentralized data","volume-title":"Proc. Int. Conf. Artif. Intell. Stat.","volume":"54","author":"McMahan"},{"key":"ref118","article-title":"Fedgan: Federated generative adversarial networks for distributed data","author":"Rasouli","year":"2020"},{"key":"ref119","article-title":"Federated AI lets a team imagine together: Federated learning of GANs","year":"2019"},{"key":"ref120","article-title":"Training federated GANs with theoretical guarantees: A universal aggregation approach","author":"Zhang","year":"2021"},{"key":"ref121","doi-asserted-by":"publisher","DOI":"10.1145\/3462203.3475875"},{"key":"ref122","doi-asserted-by":"publisher","DOI":"10.1109\/tkde.2020.3014246"},{"key":"ref123","article-title":"Generative models for effective ML on private, decentralized datasets","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Augenstein"}],"container-title":["IEEE Transactions on Knowledge and Data Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/69\/10063074\/09627776.pdf?arnumber=9627776","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,31]],"date-time":"2024-08-31T05:29:31Z","timestamp":1725082171000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9627776\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,4,1]]},"references-count":123,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1109\/tkde.2021.3130903","relation":{},"ISSN":["1041-4347","1558-2191","2326-3865"],"issn-type":[{"value":"1041-4347","type":"print"},{"value":"1558-2191","type":"electronic"},{"value":"2326-3865","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,4,1]]}}}