{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,26]],"date-time":"2026-06-26T04:11:21Z","timestamp":1782447081936,"version":"3.54.5"},"reference-count":108,"publisher":"MDPI AG","issue":"8","license":[{"start":{"date-parts":[[2022,8,12]],"date-time":"2022-08-12T00:00:00Z","timestamp":1660262400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Natural Sciences and Engineering Research Council of Canada (NSERC)"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Algorithms"],"abstract":"<jats:p>Deep neural networks are exposed to the risk of adversarial attacks via the fast gradient sign method (FGSM), projected gradient descent (PGD) attacks, and other attack algorithms. Adversarial training is one of the methods used to defend against the threat of adversarial attacks. It is a training schema that utilizes an alternative objective function to provide model generalization for both adversarial data and clean data. In this systematic review, we focus particularly on adversarial training as a method of improving the defensive capacities and robustness of machine learning models. Specifically, we focus on adversarial sample accessibility through adversarial sample generation methods. The purpose of this systematic review is to survey state-of-the-art adversarial training and robust optimization methods to identify the research gaps within this field of applications. The literature search was conducted using Engineering Village (Engineering Village is an engineering literature search tool, which provides access to 14 engineering literature and patent databases), where we collected 238 related papers. The papers were filtered according to defined inclusion and exclusion criteria, and information was extracted from these papers according to a defined strategy. A total of 78 papers published between 2016 and 2021 were selected. Data were extracted and categorized using a defined strategy, and bar plots and comparison tables were used to show the data distribution. The findings of this review indicate that there are limitations to adversarial training methods and robust optimization. The most common problems are related to data generalization and overfitting.<\/jats:p>","DOI":"10.3390\/a15080283","type":"journal-article","created":{"date-parts":[[2022,8,14]],"date-time":"2022-08-14T21:09:06Z","timestamp":1660511346000},"page":"283","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":109,"title":["Adversarial Training Methods for Deep Learning: A Systematic Review"],"prefix":"10.3390","volume":"15","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6664-5632","authenticated-orcid":false,"given":"Weimin","family":"Zhao","sequence":"first","affiliation":[{"name":"Department of Electrical, Computer and Software Engineering, Ontario Tech University, Oshawa, ON L1G 0C5, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sanaa","family":"Alwidian","sequence":"additional","affiliation":[{"name":"Department of Electrical, Computer and Software Engineering, Ontario Tech University, Oshawa, ON L1G 0C5, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0472-5757","authenticated-orcid":false,"given":"Qusay H.","family":"Mahmoud","sequence":"additional","affiliation":[{"name":"Department of Electrical, Computer and Software Engineering, Ontario Tech University, Oshawa, ON L1G 0C5, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2022,8,12]]},"reference":[{"key":"ref_1","unstructured":"Silva, S.H., and Najafirad, P. (2020). Opportunities and Challenges in Deep Learning Adversarial Robustness: A Survey. arXiv."},{"key":"ref_2","unstructured":"Wiyatno, R.R., Xu, A., Dia, O., and de Berker, A. (2019). Adversarial Examples in Modern Machine Learning: A Review. arXiv."},{"key":"ref_3","unstructured":"Goodfellow, I.J., Shlens, J., and Szegedy, C. (2015). Explaining and Harnessing Adversarial Examples. arXiv."},{"key":"ref_4","unstructured":"Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., and Fergus, R. (2014). Intriguing Properties of Neural Networks. arXiv."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Bai, T., Luo, J., Zhao, J., Wen, B., and Wang, Q. (2021). Recent Advances in Adversarial Training for Adversarial Robustness. arXiv.","DOI":"10.24963\/ijcai.2021\/591"},{"key":"ref_6","unstructured":"Kurakin, A., Goodfellow, I., and Bengio, S. (2017). Adversarial Machine Learning at Scale. arXiv."},{"key":"ref_7","unstructured":"Wang, H., and Yu, C.-N. (2019). A Direct Approach to Robust Deep Learning Using Adversarial Networks. arXiv."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"71","DOI":"10.32604\/jbd.2020.012294","article-title":"A Survey on Adversarial Examples in Deep Learning","volume":"2","author":"Chen","year":"2020","journal-title":"J. Big Data"},{"key":"ref_9","unstructured":"Chakraborty, A., Alam, M., Dey, V., Chattopadhyay, A., and Mukhopadhyay, D. (2018). Adversarial Attacks and Defences: A Survey. arXiv."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"4907754","DOI":"10.1155\/2021\/4907754","article-title":"A Survey on Adversarial Attack in the Age of Artificial Intelligence","volume":"2021","author":"Kong","year":"2021","journal-title":"Wirel. Commun. Mob. Comput."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"100270","DOI":"10.1016\/j.cosrev.2020.100270","article-title":"A Survey of Safety and Trustworthiness of Deep Neural Networks: Verification, Testing, Adversarial Attack and Defence, and Interpretability","volume":"37","author":"Huang","year":"2020","journal-title":"Comput. Sci. Rev."},{"key":"ref_12","unstructured":"Kitchenham, B., and Charters, S. (2007). Guidelines for Performing Systematic Literature Reviews in Software Engineering, Durham University. Technical Report."},{"key":"ref_13","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., and Vladu, A. (2019). Towards Deep Learning Models Resistant to Adversarial Attacks. arXiv."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli, S.-M., Fawzi, A., and Frossard, P. (2016, January 27\u201330). DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks. Proceedings of the 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Las Vegas, NV, USA.","DOI":"10.1109\/CVPR.2016.282"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Carlini, N., and Wagner, D. (2017, January 22\u201326). Towards Evaluating the Robustness of Neural Networks. Proceedings of the 2017 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA.","DOI":"10.1109\/SP.2017.49"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"828","DOI":"10.1109\/TEVC.2019.2890858","article-title":"One Pixel Attack for Fooling Deep Neural Networks","volume":"23","author":"Su","year":"2019","journal-title":"IEEE Trans. Evol. Computat."},{"key":"ref_17","unstructured":"Tram\u00e8r, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., and McDaniel, P. (2020). Ensemble Adversarial Training: Attacks and Defenses. arXiv."},{"key":"ref_18","unstructured":"(2022, July 13). About Engineering Village|Elsevier. Available online: https:\/\/www.elsevier.com\/solutions\/engineering-village#:~:text=Engineering%20Village%20is%20a%20search,needs%20of%20world%20class%20engineers."},{"key":"ref_19","unstructured":"Schott, L., Rauber, J., Bethge, M., and Brendel, W. (2018). Towards the First Adversarially Robust Neural Network Model on MNIST. arXiv."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Vivek, B.S., and Venkatesh Babu, R. (2020, January 13\u201319). Single-Step Adversarial Training With Dropout Scheduling. Proceedings of the 2020 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Seattle, WA, USA.","DOI":"10.1109\/CVPR42600.2020.00103"},{"key":"ref_21","unstructured":"Huang, T., Menkovski, V., Pei, Y., and Pechenizkiy, M. (2020). Bridging the Performance Gap between FGSM and PGD Adversarial Training. arXiv."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Liu, G., Khalil, I., and Khreishah, A. (2021, January 26\u201328). Using Single-Step Adversarial Training to Defend Iterative Adversarial Examples. Proceedings of the Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy, Virtual Event USA.","DOI":"10.1145\/3422337.3447841"},{"key":"ref_23","unstructured":"Wong, E., Rice, L., and Kolter, J.Z. (2020). Fast Is Better than Free: Revisiting Adversarial Training. arXiv."},{"key":"ref_24","first-page":"16048","article-title":"Understanding and Improving Fast Adversarial Training","volume":"33","author":"Andriushchenko","year":"2020","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_25","unstructured":"Kim, H., Lee, W., and Lee, J. (February, January 27). Understanding Catastrophic Overfitting in Single-Step Adversarial Training. Proceedings of the AAAI Conference on Artificial Intelligence, Honolulu, HI, USA."},{"key":"ref_26","unstructured":"Song, C., He, K., Wang, L., and Hopcroft, J.E. (2019). Improving the Generalization of Adversarial Training with Domain Adaptation. arXiv."},{"key":"ref_27","unstructured":"Vivek, B.S., and Babu, R.V. (2020). Regularizers for Single-Step Adversarial Training. arXiv."},{"key":"ref_28","unstructured":"Li, B., Wang, S., Jana, S., and Carin, L. (2020). Towards Understanding Fast Adversarial Training. arXiv."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"22617","DOI":"10.1109\/ACCESS.2020.2969288","article-title":"Adversarial Dual Network Learning With Randomized Image Transform for Restoring Attacked Images","volume":"8","author":"Yuan","year":"2020","journal-title":"IEEE Access"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"785","DOI":"10.1007\/978-3-030-58586-0_46","article-title":"Adversarial Training with Bi-Directional Likelihood Regularization for Visual Classification","volume":"Volume 12369","author":"Vedaldi","year":"2020","journal-title":"Computer Vision\u2014ECCV 2020"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Qin, Y., Hunt, R., and Yue, C. (2019, January 27). On Improving the Effectiveness of Adversarial Training. Proceedings of the ACM International Workshop on Security and Privacy Analytics\u2014IWSPA\u201919, Richardson, TX, USA.","DOI":"10.1145\/3309182.3309190"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"178","DOI":"10.1007\/978-3-030-68238-5_14","article-title":"Addressing Neural Network Robustness with Mixup and Targeted Labeling Adversarial Training","volume":"Volume 12539","author":"Bartoli","year":"2020","journal-title":"Computer Vision\u2014ECCV 2020 Workshops"},{"key":"ref_33","unstructured":"Li, W., Wang, L., Zhang, X., Huo, J., Gao, Y., and Luo, J. (2019). Defensive Few-Shot Adversarial Learning. arXiv."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Liu, J., and Jin, Y. (2019, January 6\u20139). Evolving Hyperparameters for Training Deep Neural Networks against Adversarial Attacks. Proceedings of the 2019 IEEE Symposium Series on Computational Intelligence (SSCI), Xiamen, China.","DOI":"10.1109\/SSCI44817.2019.9002854"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Ren, Z., Baird, A., Han, J., Zhang, Z., and Schuller, B. (2020, January 4\u20138). Generating and Protecting Against Adversarial Attacks for Deep Speech-Based Emotion Recognition Models. Proceedings of the ICASSP 2020\u20142020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Barcelona, Spain.","DOI":"10.1109\/ICASSP40776.2020.9054087"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Song, C., Cheng, H.-P., Yang, H., Li, S., Wu, C., Wu, Q., Chen, Y., and Li, H. (2018, January 8\u201311). MAT: A Multi-Strength Adversarial Training Method to Mitigate Adversarial Attacks. Proceedings of the 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), Hong Kong, China.","DOI":"10.1109\/ISVLSI.2018.00092"},{"key":"ref_37","unstructured":"Gupta, S.K. (2020). Reinforcement Based Learning on Classification Task Could Yield Better Generalization and Adversarial Accuracy. arXiv."},{"key":"ref_38","first-page":"576","article-title":"Towards Fast and Robust Adversarial Training for Image Classification","volume":"Volume 12624","author":"Ishikawa","year":"2021","journal-title":"Computer Vision\u2014ACCV 2020"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Cai, Q.-Z., Du, M., Liu, C., and Song, D. (2018). Curriculum Adversarial Training. arXiv.","DOI":"10.24963\/ijcai.2018\/520"},{"key":"ref_40","unstructured":"Zhang, J., Xu, X., Han, B., Niu, G., Cui, L., Sugiyama, M., and Kankanhalli, M. (2020, January 21). Attacks Which Do Not Kill Training Make Adversarial Learning Stronger. Proceedings of the 37th International Conference on Machine Learning, PMLR, Online."},{"key":"ref_41","unstructured":"Wang, Y., Ma, X., Bailey, J., Yi, J., Zhou, B., and Gu, Q. (2022). On the Convergence and Robustness of Adversarial Training. arXiv."},{"key":"ref_42","unstructured":"Balaji, Y., Goldstein, T., and Hoffman, J. (2019). Instance Adaptive Adversarial Training: Improved Accuracy Tradeoffs in Neural Nets. arXiv."},{"key":"ref_43","unstructured":"Ding, G.W., Sharma, Y., Lui, K.Y.C., and Huang, R. (2020). MMA Training: Direct Input Space Margin Maximization through Adversarial Training. arXiv."},{"key":"ref_44","unstructured":"Cheng, M., Lei, Q., Chen, P.-Y., Dhillon, I., and Hsieh, C.-J. (2020). CAT: Customized Adversarial Training for Improved Robustness. arXiv."},{"key":"ref_45","unstructured":"Shafahi, A., Najibi, M., Ghiasi, A., Xu, Z., Dickerson, J., Studer, C., Davis, L.S., Taylor, G., and Goldstein, T. (2019). Adversarial Training for Free!. arXiv."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"120","DOI":"10.1007\/978-3-030-87358-5_10","article-title":"Free Adversarial Training with Layerwise Heuristic Learning","volume":"Volume 12889","author":"Peng","year":"2021","journal-title":"Image and Graphics"},{"key":"ref_47","unstructured":"Zhang, H., Yu, Y., Jiao, J., Xing, E., Ghaoui, L.E., and Jordan, M. (2019, January 24). Theoretically Principled Trade-off between Robustness and Accuracy. Proceedings of the 36th International Conference on Machine Learning, PMLR, Long Beach, CA, USA."},{"key":"ref_48","unstructured":"Kannan, H., Kurakin, A., and Goodfellow, I. (2018). Adversarial Logit Pairing. arXiv."},{"key":"ref_49","unstructured":"Wang, Y., Zou, D., Yi, J., Bailey, J., Ma, X., and Gu, Q. (2020, January 26\u201330). Improving Adversarial Robustness Requires Revisiting Misclassified Examples. Proceedings of the 8th International Conference on Learning Representations, ICLR 2020, Addis Ababa, Ethiopia."},{"key":"ref_50","unstructured":"Mao, C., Zhong, Z., Yang, J., Vondrick, C., and Ray, B. (2019). Metric Learning for Adversarial Robustness. arXiv."},{"key":"ref_51","doi-asserted-by":"crossref","unstructured":"Zhong, Y., and Deng, W. (November, January 27). Adversarial Learning With Margin-Based Triplet Embedding Regularization. Proceedings of the 2019 IEEE\/CVF International Conference on Computer Vision (ICCV), Seoul, Korea.","DOI":"10.1109\/ICCV.2019.00665"},{"key":"ref_52","unstructured":"Uesato, J., Alayrac, J.-B., Huang, P.-S., Stanforth, R., Fawzi, A., and Kohli, P. (2019). Are Labels Required for Improving Adversarial Robustness?. arXiv."},{"key":"ref_53","unstructured":"Carmon, Y., Raghunathan, A., Schmidt, L., Liang, P., and Duchi, J.C. (2019). Unlabeled Data Improves Adversarial Robustness. arXiv."},{"key":"ref_54","unstructured":"Zhai, R., Cai, T., He, D., Dan, C., He, K., Hopcroft, J., and Wang, L. (2019). Adversarially Robust Generalization Just Requires More Unlabeled Data. arXiv."},{"key":"ref_55","unstructured":"Hendrycks, D., Mazeika, M., Kadavath, S., and Song, D. (2019). Using Self-Supervised Learning Can Improve Model Robustness and Uncertainty. arXiv."},{"key":"ref_56","unstructured":"Maini, P., Wong, E., and Kolter, J.Z. (2020, January 21). Adversarial Robustness Against the Union of Multiple Perturbation Models. Proceedings of the 37th International Conference on Machine Learning, Virtual Event."},{"key":"ref_57","unstructured":"Stutz, D., Hein, M., and Schiele, B. (2020, January 21). Confidence-Calibrated Adversarial Training: Generalizing to Unseen Attacks. Proceedings of the 37th International Conference on Machine Learning, PMLR, Virtual Event."},{"key":"ref_58","first-page":"8270","article-title":"Adversarial Distributional Training for Robust Deep Learning","volume":"33","author":"Dong","year":"2020","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_59","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1007\/978-3-030-22312-0_2","article-title":"GanDef: A GAN Based Adversarial Training Defense for Neural Network Classifier","volume":"Volume 562","author":"Dhillon","year":"2019","journal-title":"ICT Systems Security and Privacy Protection"},{"key":"ref_60","doi-asserted-by":"crossref","first-page":"429","DOI":"10.1007\/978-3-030-68238-5_32","article-title":"Adversarial Training Against Location-Optimized Adversarial Patches","volume":"Volume 12539","author":"Bartoli","year":"2020","journal-title":"Computer Vision\u2014ECCV 2020 Workshops"},{"key":"ref_61","unstructured":"Wu, T., Tong, L., and Vorobeychik, Y. (2020). Defending Against Physically Realizable Attacks on Image Classification. arXiv."},{"key":"ref_62","first-page":"236","article-title":"Disrupting Deepfakes: Adversarial Attacks Against Conditional Image Translation Networks and Facial Manipulation Systems","volume":"Volume 12538","author":"Bartoli","year":"2020","journal-title":"Computer Vision\u2014ECCV 2020 Workshops"},{"key":"ref_63","doi-asserted-by":"crossref","unstructured":"Jiang, Y., Ma, X., Erfani, S.M., and Bailey, J. (2021, January 18\u201322). Dual Head Adversarial Training. Proceedings of the 2021 International Joint Conference on Neural Networks (IJCNN), Shenzhen, China.","DOI":"10.1109\/IJCNN52387.2021.9533363"},{"key":"ref_64","doi-asserted-by":"crossref","unstructured":"Ma, L., and Liang, L. (2022). Increasing-Margin Adversarial (IMA) Training to Improve Adversarial Robustness of Neural Networks. arXiv.","DOI":"10.1016\/j.cmpb.2023.107687"},{"key":"ref_65","doi-asserted-by":"crossref","first-page":"1291","DOI":"10.1109\/TIP.2020.3042083","article-title":"Interpreting and Improving Adversarial Robustness of Deep Neural Networks With Neuron Sensitivity","volume":"30","author":"Zhang","year":"2021","journal-title":"IEEE Trans. Image Process."},{"key":"ref_66","doi-asserted-by":"crossref","unstructured":"Bouniot, Q., Audigier, R., and Loesch, A. (2021, January 10). Optimal Transport as a Defense Against Adversarial Attacks. Proceedings of the 2020 25th International Conference on Pattern Recognition (ICPR), Milan, Italy.","DOI":"10.1109\/ICPR48806.2021.9413327"},{"key":"ref_67","unstructured":"Rakin, A.S., He, Z., and Fan, D. (2018). Parametric Noise Injection: Trainable Randomness to Improve Deep Neural Network Robustness against Adversarial Attack. arXiv."},{"key":"ref_68","unstructured":"Xu, H., Liu, X., Li, Y., Jain, A., and Tang, J. (2021, January 1). To Be Robust or to Be Fair: Towards Fairness in Adversarial Training. Proceedings of the 38th International Conference on Machine Learning, PMLR, Virtual Event."},{"key":"ref_69","doi-asserted-by":"crossref","first-page":"101977","DOI":"10.1016\/j.media.2021.101977","article-title":"Towards Evaluating the Robustness of Deep Diagnostic Models by Adversarial Attack","volume":"69","author":"Xu","year":"2021","journal-title":"Med. Image Anal."},{"key":"ref_70","doi-asserted-by":"crossref","unstructured":"Wang, J., and Zhang, H. (November, January 27). Bilateral Adversarial Training: Towards Fast Training of More Robust Models Against Adversarial Attacks. Proceedings of the 2019 IEEE\/CVF International Conference on Computer Vision (ICCV), Seoul, Korea.","DOI":"10.1109\/ICCV.2019.00673"},{"key":"ref_71","doi-asserted-by":"crossref","unstructured":"Stutz, D., Hein, M., and Schiele, B. (2019, January 15\u201320). Disentangling Adversarial Robustness and Generalization. Proceedings of the 2019 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Long Beach, CA, USA.","DOI":"10.1109\/CVPR.2019.00714"},{"key":"ref_72","first-page":"3","article-title":"Adversarial Deep Learning with Stackelberg Games","volume":"Volume 1142","author":"Gedeon","year":"2019","journal-title":"Neural Information Processing"},{"key":"ref_73","doi-asserted-by":"crossref","unstructured":"Bai, W., Quan, C., and Luo, Z. (2017, January 26\u201328). Alleviating Adversarial Attacks via Convolutional Autoencoder. Proceedings of the 2017 18th IEEE\/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel\/Distributed Computing (SNPD), Kanazawa, Japan.","DOI":"10.1109\/SNPD.2017.8022700"},{"key":"ref_74","doi-asserted-by":"crossref","unstructured":"Wen, J., Hui, L.C.K., Yiu, S.-M., and Zhang, R. (2018, January 25\u201328). DCN: Detector-Corrector Network Against Evasion Attacks on Deep Neural Networks. Proceedings of the 2018 48th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), Luxembourg.","DOI":"10.1109\/DSN-W.2018.00066"},{"key":"ref_75","unstructured":"Pang, T., Xu, K., Du, C., Chen, N., and Zhu, J. (2019, January 24). Improving Adversarial Robustness via Promoting Ensemble Diversity. Proceedings of the 36th International Conference on Machine Learning, PMLR, Long Beach, CA, USA."},{"key":"ref_76","unstructured":"Kariyappa, S., and Qureshi, M.K. (2019). Improving Adversarial Robustness of Ensembles with Diversity Training. arXiv."},{"key":"ref_77","first-page":"5505","article-title":"DVERGE: Diversifying Vulnerabilities for Enhanced Robust Generation of Ensembles","volume":"33","author":"Yang","year":"2020","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_78","unstructured":"Zhang, D., Zhang, T., Lu, Y., Zhu, Z., and Dong, B. (2019). You Only Propagate Once: Accelerating Adversarial Training via Maximal Principle. arXiv."},{"key":"ref_79","doi-asserted-by":"crossref","unstructured":"Du, X., Yu, J., Li, S., Yi, Z., Liu, H., and Ma, J. (2021, January 18). Combating Word-Level Adversarial Text with Robust Adversarial Training. Proceedings of the 2021 International Joint Conference on Neural Networks (IJCNN), Shenzhen, China.","DOI":"10.1109\/IJCNN52387.2021.9533725"},{"key":"ref_80","doi-asserted-by":"crossref","unstructured":"Khoda, M., Imam, T., Kamruzzaman, J., Gondal, I., and Rahman, A. (2019, January 5\u20138). Selective Adversarial Learning for Mobile Malware. Proceedings of the 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\/13th IEEE International Conference on Big Data Science and Engineering (TrustCom\/BigDataSE), Rotorua, New Zealand.","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00044"},{"key":"ref_81","first-page":"2983","article-title":"Adversarial Self-Supervised Contrastive Learning","volume":"33","author":"Kim","year":"2020","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_82","doi-asserted-by":"crossref","unstructured":"Zhang, S., Huang, K., Zhang, R., and Hussain, A. (2019, January 8\u201311). Generalized Adversarial Training in Riemannian Space. Proceedings of the 2019 IEEE International Conference on Data Mining (ICDM), Beijing, China.","DOI":"10.1109\/ICDM.2019.00093"},{"key":"ref_83","unstructured":"Zhou, X., Tsang, I.W., and Yin, J. (2019). Latent Adversarial Defence with Boundary-Guided Generation. arXiv."},{"key":"ref_84","doi-asserted-by":"crossref","first-page":"5769","DOI":"10.1109\/TIP.2021.3082317","article-title":"Training Robust Deep Neural Networks via Adversarial Noise Propagation","volume":"30","author":"Liu","year":"2021","journal-title":"IEEE Trans. Image Process."},{"key":"ref_85","doi-asserted-by":"crossref","unstructured":"Chen, X., and Zhang, N. (2020, January 19\u201324). Layer-Wise Adversarial Training Approach to Improve Adversarial Robustness. Proceedings of the 2020 International Joint Conference on Neural Networks (IJCNN), Glasgow, UK.","DOI":"10.1109\/IJCNN48605.2020.9206760"},{"key":"ref_86","doi-asserted-by":"crossref","first-page":"107141","DOI":"10.1016\/j.knosys.2021.107141","article-title":"Improving Adversarial Robustness of Deep Neural Networks by Using Semantic Information","volume":"226","author":"Wang","year":"2021","journal-title":"Knowl.-Based Syst."},{"key":"ref_87","doi-asserted-by":"crossref","unstructured":"Naseer, M., Khan, S., Hayat, M., Khan, F.S., and Porikli, F. (2020, January 13\u201319). A Self-Supervised Approach for Adversarial Robustness. Proceedings of the 2020 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Seattle, WA, USA.","DOI":"10.1109\/CVPR42600.2020.00034"},{"key":"ref_88","doi-asserted-by":"crossref","first-page":"4364","DOI":"10.1007\/s10489-021-02523-y","article-title":"Attack-Less Adversarial Training for a Robust Adversarial Defense","volume":"52","author":"Ho","year":"2022","journal-title":"Appl. Intell."},{"key":"ref_89","doi-asserted-by":"crossref","unstructured":"Guo, Y., Ji, T., Wang, Q., Yu, L., and Li, P. (2019, January 8\u201311). Quantized Adversarial Training: An Iterative Quantized Local Search Approach. Proceedings of the 2019 IEEE International Conference on Data Mining (ICDM), Beijing, China.","DOI":"10.1109\/ICDM.2019.00125"},{"key":"ref_90","unstructured":"Zhang, H., and Wang, J. (2019, January 8\u201314). Defense Against Adversarial Attacks Using Feature Scattering-Based Adversarial Training. Proceedings of the Advances in Neural Information Processing Systems, Vancouver, BC, Canada."},{"key":"ref_91","doi-asserted-by":"crossref","unstructured":"Lee, S., Lee, H., and Yoon, S. (2020, January 13\u201319). Adversarial Vertex Mixup: Toward Better Adversarially Robust Generalization. Proceedings of the 2020 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Seattle, WA, USA.","DOI":"10.1109\/CVPR42600.2020.00035"},{"key":"ref_92","unstructured":"Zhang, H., and Xu, W. (2020, January 26\u201330). Adversarial Interpolation Training: A Simple Approach for Improving Model Robustness. Proceedings of the 8th International Conference on Learning Representations, ICLR 2020, Addis Ababa, Ethiopia."},{"key":"ref_93","first-page":"7779","article-title":"Boosting Adversarial Training with Hypersphere Embedding","volume":"33","author":"Pang","year":"2020","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_94","unstructured":"Qin, C., Martens, J., Gowal, S., Krishnan, D., Dvijotham, K., Fawzi, A., De, S., Stanforth, R., and Kohli, P. (2019). Adversarial Robustness through Local Linearization. arXiv."},{"key":"ref_95","doi-asserted-by":"crossref","unstructured":"Kurakin, A., Goodfellow, I., and Bengio, S. (2017). Adversarial Examples in the Physical World, CRC Press.","DOI":"10.1201\/9781351251389-8"},{"key":"ref_96","first-page":"2578","article-title":"Adversarial Examples: Opportunities and Challenges","volume":"31","author":"Zhang","year":"2019","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"key":"ref_97","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., and Swami, A. (2016, January 21\u201324). The Limitations of Deep Learning in Adversarial Settings. Proceedings of the 2016 IEEE European Symposium on Security and Privacy (EuroS&P), Saarbruecken, Germany.","DOI":"10.1109\/EuroSP.2016.36"},{"key":"ref_98","unstructured":"Ren, S., Deng, Y., He, K., and Che, W. (August, January 28). Generating Natural Language Adversarial Examples through Probability Weighted Word Saliency. Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics, Florence, Italy."},{"key":"ref_99","unstructured":"Schmidt, L., Santurkar, S., Tsipras, D., Talwar, K., and M\u0105dry, A. (2018). Adversarially Robust Generalization Requires More Data. arXiv."},{"key":"ref_100","doi-asserted-by":"crossref","unstructured":"Xiao, C., Li, B., Zhu, J.-Y., He, W., Liu, M., and Song, D. (2019). Generating Adversarial Examples with Adversarial Networks. arXiv.","DOI":"10.24963\/ijcai.2018\/543"},{"key":"ref_101","unstructured":"Zhao, Z., Dua, D., and Singh, S. (2018). Generating Natural Adversarial Examples. arXiv."},{"key":"ref_102","doi-asserted-by":"crossref","unstructured":"Wang, L., Yang, K., Wang, W., Wang, R., and Ye, A. (2020, January 12). MGAAttack: Toward More Query-Efficient Black-Box Attack by Microbial Genetic Algorithm. Proceedings of the Proceedings of the 28th ACM International Conference on Multimedia, Seattle, WA, USA.","DOI":"10.1145\/3394171.3413703"},{"key":"ref_103","doi-asserted-by":"crossref","first-page":"89","DOI":"10.1016\/j.cose.2019.04.014","article-title":"POBA-GA: Perturbation Optimized Black-Box Adversarial Attacks via Genetic Algorithm","volume":"85","author":"Chen","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_104","doi-asserted-by":"crossref","unstructured":"Das, S.D., Basak, A., Mandal, S., and Das, D. (2022, January 8). AdvCodeMix: Adversarial Attack on Code-Mixed Data. Proceedings of the 5th Joint International Conference on Data Science & Management of Data (9th ACM IKDD CODS and 27th COMAD), Bangalore, India.","DOI":"10.1145\/3493700.3493705"},{"key":"ref_105","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Swami, A., and Harang, R. (2016, January 1\u20133). Crafting Adversarial Input Sequences for Recurrent Neural Networks. Proceedings of the MILCOM 2016\u20142016 IEEE Military Communications Conference, Baltimore, MD, USA.","DOI":"10.1109\/MILCOM.2016.7795300"},{"key":"ref_106","doi-asserted-by":"crossref","first-page":"2059","DOI":"10.1109\/TMM.2015.2478068","article-title":"Deep Learning and Music Adversaries","volume":"17","author":"Kereliuk","year":"2015","journal-title":"IEEE Trans. Multimed."},{"key":"ref_107","unstructured":"Liu, X., and Hsieh, C.-J. (2019, January 6\u20139). From Adversarial Training to Generative Adversarial Networks. Proceedings of the 7th International Conference on Learning Representations, ICLR 2019, New Orleans, LA, USA."},{"key":"ref_108","doi-asserted-by":"crossref","unstructured":"Taori, R., Kamsetty, A., Chu, B., and Vemuri, N. (2019, January 19\u201323). Targeted Adversarial Examples for Black Box Audio Systems. Proceedings of the 2019 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA.","DOI":"10.1109\/SPW.2019.00016"}],"container-title":["Algorithms"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-4893\/15\/8\/283\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T00:07:41Z","timestamp":1760141261000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-4893\/15\/8\/283"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,8,12]]},"references-count":108,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2022,8]]}},"alternative-id":["a15080283"],"URL":"https:\/\/doi.org\/10.3390\/a15080283","relation":{},"ISSN":["1999-4893"],"issn-type":[{"value":"1999-4893","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,8,12]]}}}