{"id":"https://openalex.org/W3007264885","doi":"https://doi.org/10.1109/jproc.2020.2970615","title":"Adversarial Learning Targeting Deep Neural Network Classification: A Comprehensive Review of Defenses Against Attacks","display_name":"Adversarial Learning Targeting Deep Neural Network Classification: A Comprehensive Review of Defenses Against Attacks","publication_year":2020,"publication_date":"2020-02-26","ids":{"openalex":"https://openalex.org/W3007264885","doi":"https://doi.org/10.1109/jproc.2020.2970615","mag":"3007264885"},"language":"en","primary_location":{"id":"doi:10.1109/jproc.2020.2970615","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jproc.2020.2970615","pdf_url":null,"source":{"id":"https://openalex.org/S68686220","display_name":"Proceedings of the IEEE","issn_l":"0018-9219","issn":["0018-9219","1558-2256"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the IEEE","raw_type":"journal-article"},"type":"review","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101739086","display_name":"David J. Miller","orcid":"https://orcid.org/0000-0001-8848-1643"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"David J. Miller","raw_affiliation_strings":["School of Electrical Engineering and Computer Science, Pennsylvania State University, University Park, PA, USA"],"affiliations":[{"raw_affiliation_string":"School of Electrical Engineering and Computer Science, Pennsylvania State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085283385","display_name":"Zhen Xiang","orcid":"https://orcid.org/0000-0002-4284-2041"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhen Xiang","raw_affiliation_strings":["School of Electrical Engineering and Computer Science, Pennsylvania State University, University Park, PA, USA"],"affiliations":[{"raw_affiliation_string":"School of Electrical Engineering and Computer Science, Pennsylvania State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063903486","display_name":"George Kesidis","orcid":"https://orcid.org/0000-0001-7947-8127"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"George Kesidis","raw_affiliation_strings":["School of Electrical Engineering and Computer Science, Pennsylvania State University, University Park, PA, USA"],"affiliations":[{"raw_affiliation_string":"School of Electrical Engineering and Computer Science, Pennsylvania State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5101739086"],"corresponding_institution_ids":["https://openalex.org/I130769515"],"apc_list":null,"apc_paid":null,"fwci":19.8894,"has_fulltext":false,"cited_by_count":234,"citation_normalized_percentile":{"value":0.99490665,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":"108","issue":"3","first_page":"402","last_page":"433"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9811000227928162,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11515","display_name":"Bacillus and Francisella bacterial research","score":0.9758999943733215,"subfield":{"id":"https://openalex.org/subfields/1312","display_name":"Molecular Biology"},"field":{"id":"https://openalex.org/fields/13","display_name":"Biochemistry, Genetics and Molecular Biology"},"domain":{"id":"https://openalex.org/domains/1","display_name":"Life Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7437607645988464},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.597678542137146},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5787460207939148},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5408869385719299},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.49351227283477783},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4923964738845825},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4098415970802307},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3245706558227539}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7437607645988464},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.597678542137146},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5787460207939148},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5408869385719299},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.49351227283477783},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4923964738845825},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4098415970802307},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3245706558227539}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/jproc.2020.2970615","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jproc.2020.2970615","pdf_url":null,"source":{"id":"https://openalex.org/S68686220","display_name":"Proceedings of the IEEE","issn_l":"0018-9219","issn":["0018-9219","1558-2256"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the IEEE","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.75,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320307791","display_name":"Cisco Systems","ror":"https://ror.org/03yt1ez60"},{"id":"https://openalex.org/F4320338279","display_name":"Air Force Office of Scientific Research","ror":"https://ror.org/011e9bt93"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":160,"referenced_works":["https://openalex.org/W3805906","https://openalex.org/W9657784","https://openalex.org/W1560013842","https://openalex.org/W1673923490","https://openalex.org/W1710476689","https://openalex.org/W1945616565","https://openalex.org/W1977295328","https://openalex.org/W1997824659","https://openalex.org/W2004796572","https://openalex.org/W2051267297","https://openalex.org/W2063541597","https://openalex.org/W2089103284","https://openalex.org/W2095577883","https://openalex.org/W2095705004","https://openalex.org/W2097089247","https://openalex.org/W2107397716","https://openalex.org/W2107551505","https://openalex.org/W2124415900","https://openalex.org/W2133671968","https://openalex.org/W2137054688","https://openalex.org/W2137165445","https://openalex.org/W2140412375","https://openalex.org/W2140890285","https://openalex.org/W2144906988","https://openalex.org/W2151298633","https://openalex.org/W2156909104","https://openalex.org/W2167529272","https://openalex.org/W2168175751","https://openalex.org/W2180612164","https://openalex.org/W2181089405","https://openalex.org/W2187013920","https://openalex.org/W2194775991","https://openalex.org/W2254258016","https://openalex.org/W2330820318","https://openalex.org/W2343213531","https://openalex.org/W2486441166","https://openalex.org/W2531327146","https://openalex.org/W2535690855","https://openalex.org/W2538525524","https://openalex.org/W2543927648","https://openalex.org/W2561975083","https://openalex.org/W2581637843","https://openalex.org/W2590523583","https://openalex.org/W2593892853","https://openalex.org/W2594867206","https://openalex.org/W2603766943","https://openalex.org/W2606529538","https://openalex.org/W2607219512","https://openalex.org/W2610321374","https://openalex.org/W2611576673","https://openalex.org/W2617376838","https://openalex.org/W2618043096","https://openalex.org/W2753783305","https://openalex.org/W2773446523","https://openalex.org/W2774423163","https://openalex.org/W2785755647","https://openalex.org/W2786163515","https://openalex.org/W2807363941","https://openalex.org/W2883285025","https://openalex.org/W2885183727","https://openalex.org/W2898737475","https://openalex.org/W2898759955","https://openalex.org/W2898780854","https://openalex.org/W2898998737","https://openalex.org/W2900018096","https://openalex.org/W2909303050","https://openalex.org/W2913848079","https://openalex.org/W2934843808","https://openalex.org/W2942091739","https://openalex.org/W2950468330","https://openalex.org/W2962700793","https://openalex.org/W2962904371","https://openalex.org/W2963143631","https://openalex.org/W2963149653","https://openalex.org/W2963196925","https://openalex.org/W2963207607","https://openalex.org/W2963389226","https://openalex.org/W2963440492","https://openalex.org/W2963496101","https://openalex.org/W2963556353","https://openalex.org/W2963564844","https://openalex.org/W2963595196","https://openalex.org/W2963626025","https://openalex.org/W2963626858","https://openalex.org/W2963664410","https://openalex.org/W2963695663","https://openalex.org/W2963744840","https://openalex.org/W2963777745","https://openalex.org/W2963857521","https://openalex.org/W2963936085","https://openalex.org/W2964014389","https://openalex.org/W2964041528","https://openalex.org/W2964082701","https://openalex.org/W2964116600","https://openalex.org/W2964153729","https://openalex.org/W2964246311","https://openalex.org/W2964253222","https://openalex.org/W2964294232","https://openalex.org/W2964301649","https://openalex.org/W2964318098","https://openalex.org/W2970620827","https://openalex.org/W2980257194","https://openalex.org/W2989852175","https://openalex.org/W2990270730","https://openalex.org/W3012113073","https://openalex.org/W3015716673","https://openalex.org/W3085162807","https://openalex.org/W3094566724","https://openalex.org/W3099875277","https://openalex.org/W3102720581","https://openalex.org/W3103788931","https://openalex.org/W3103836116","https://openalex.org/W3111818035","https://openalex.org/W4239875977","https://openalex.org/W4289300166","https://openalex.org/W4289752762","https://openalex.org/W4293584023","https://openalex.org/W4293846201","https://openalex.org/W4297573953","https://openalex.org/W4298289240","https://openalex.org/W4300167250","https://openalex.org/W4301880089","https://openalex.org/W4317466250","https://openalex.org/W6600171677","https://openalex.org/W6637162671","https://openalex.org/W6637568146","https://openalex.org/W6640425456","https://openalex.org/W6679974894","https://openalex.org/W6680834967","https://openalex.org/W6686674283","https://openalex.org/W6718639682","https://openalex.org/W6722479552","https://openalex.org/W6728622933","https://openalex.org/W6729756640","https://openalex.org/W6733645847","https://openalex.org/W6734483310","https://openalex.org/W6734787559","https://openalex.org/W6736296761","https://openalex.org/W6736987314","https://openalex.org/W6738693630","https://openalex.org/W6739659843","https://openalex.org/W6739868092","https://openalex.org/W6745514407","https://openalex.org/W6746897123","https://openalex.org/W6748093715","https://openalex.org/W6748277150","https://openalex.org/W6748475379","https://openalex.org/W6750745550","https://openalex.org/W6753044988","https://openalex.org/W6753565081","https://openalex.org/W6754587887","https://openalex.org/W6755310938","https://openalex.org/W6756074407","https://openalex.org/W6756245557","https://openalex.org/W6756333562","https://openalex.org/W6757875967","https://openalex.org/W6758508162","https://openalex.org/W6763711611","https://openalex.org/W6767031719","https://openalex.org/W6770766581"],"related_works":["https://openalex.org/W2950183588","https://openalex.org/W3080754722","https://openalex.org/W3093978547","https://openalex.org/W2953536436","https://openalex.org/W3203790781","https://openalex.org/W4313346231","https://openalex.org/W2738001131","https://openalex.org/W4285785480","https://openalex.org/W2997056298","https://openalex.org/W4298079292"],"abstract_inverted_index":{"With":[0],"wide":[1],"deployment":[2],"of":[3,11,41,63,66,212,243,257,265,283,291],"machine":[4],"learning":[5,30],"(ML)-based":[6],"systems":[7],"for":[8,26,130,138,203,224,238],"a":[9,38,135,184,206,209,217,281],"variety":[10],"applications":[12],"including":[13,141,287],"medical,":[14],"military,":[15],"automotive,":[16],"genomic,":[17],"multimedia,":[18],"and":[19,58,61,69,84,89,109,157,173,241,271],"social":[20],"networking,":[21],"there":[22],"is":[23,296],"great":[24],"potential":[25],"damage":[27],"from":[28,102,107,113],"adversarial":[29],"(AL)":[31],"attacks.":[32],"In":[33,95],"this":[34],"article,":[35],"we":[36,71,98],"provide":[37,134],"contemporary":[39],"survey":[40,72],"AL,":[42],"focused":[43],"particularly":[44,90],"on":[45,49,75,254,275],"defenses":[46,91,112,267],"against":[47,92,268],"attacks":[48,88,234,253,274,293],"deep":[50],"neural":[51],"network":[52],"classifiers.":[53],"After":[54],"introducing":[55],"relevant":[56],"terminology":[57],"the":[59,93,153,158,187,213,221,225,236,255,288],"goals":[60],"range":[62],"possible":[64],"knowledge":[65],"both":[67],"attackers":[68],"defenders,":[70],"recent":[73],"work":[74],"test-time":[76],"evasion":[77],"(TTE),":[78],"data":[79],"poisoning":[80],"(DP),":[81],"backdoor":[82,272],"DP,":[83],"reverse":[85],"engineering":[86],"(RE)":[87],"same.":[94],"so":[96],"doing,":[97],"distinguish":[99],"robust":[100,179],"classification":[101,180,300],"anomaly":[103],"detection":[104],"(AD),":[105],"unsupervised":[106],"supervised,":[108],"statistical":[110],"hypothesis-based":[111],"ones":[114],"that":[115,168,174,189,216],"do":[116],"not":[117,297],"have":[118],"an":[119,247],"explicit":[120],"null":[121],"(no":[122],"attack)":[123],"hypothesis.":[124],"We":[125,133,161,250,260],"also":[126,251],"consider":[127],"several":[128,266],"scenarios":[129],"detecting":[131,292],"backdoors.":[132],"technical":[136],"assessment":[137],"reviewed":[139],"works,":[140],"identifying":[142],"any":[143],"issues/limitations,":[144],"required":[145],"hyperparameters,":[146],"needed":[147],"computational":[148],"complexity,":[149],"as":[150,152,183,235],"well":[151],"performance":[154],"measures":[155],"evaluated":[156],"obtained":[159],"quality.":[160],"then":[162,261],"delve":[163],"deeper,":[164],"providing":[165],"novel":[166],"insights":[167],"challenge":[169,290],"conventional":[170],"AL":[171],"wisdom":[172],"target":[175],"unresolved":[176],"issues,":[177],"including:":[178],"versus":[181],"AD":[182,248],"defense":[185,239],"strategy;":[186],"belief":[188],"attack":[190,194],"success":[191],"increases":[192],"with":[193,280],"strength,":[195],"which":[196],"ignores":[197],"susceptibility":[198,242],"to":[199,227,246,298,305],"AD;":[200],"small":[201],"perturbations":[202],"TTE":[204,218],"attacks:":[205],"fallacy":[207],"or":[208,232,311],"requirement;":[210],"validity":[211],"universal":[214],"assumption":[215],"attacker":[219],"knows":[220],"ground-truth":[222],"class":[223],"example":[226],"be":[228],"attacked;":[229],"black,":[230],"gray,":[231],"white-box":[233],"standard":[237],"evaluation;":[240],"query-based":[244],"RE":[245],"defense.":[249],"discuss":[252],"privacy":[256],"training":[258],"data.":[259],"present":[262],"benchmark":[263],"comparisons":[264],"TTE,":[269],"RE,":[270],"DP":[273],"images.":[276],"The":[277],"article":[278],"concludes":[279],"discussion":[282],"continuing":[284],"research":[285],"directions,":[286],"supreme":[289],"whose":[294],"goal":[295],"alter":[299],"decisions,":[301],"but":[302],"rather":[303],"simply":[304],"embed,":[306],"without":[307],"detection,":[308],"\u201cfake":[309],"news\u201d":[310],"other":[312],"false":[313],"content.":[314]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":32},{"year":2024,"cited_by_count":52},{"year":2023,"cited_by_count":48},{"year":2022,"cited_by_count":38},{"year":2021,"cited_by_count":42},{"year":2020,"cited_by_count":19}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}