At least since Nicholas Carlini created a (nearly) complete list of papers on adversarial examples, it seems impossible to stay on top of the latest research on adversarial robustness and related topics. However, any research project requires at least a minimal overview of related work. And especially for new students starting to work on adversarial robustness, the vast amount of papers seems discouraging. Thus, in this article, I want to give a rough overview in the form of a categorization of more than 240 papers dealing with adversarial examples and related topics. These include "standard" adversarial attacks and defenses, structural adversarial examples, adversarial patches as well as adjacent topics such as out-of-distribution detection and generalization.
In contrast to my last "survey" article regarding research on adversarial examples, I will directly provide a PDF containing all the references and a rough categorization — instead of copying them over in HTML. So, the list is easy to download and share.
All papers are roughly categorized into the following categories:
- Adversarial examples:
- Attacks (white- and black-box)
- Defenses (including detectors and including broken ones)
- Empirical and theoretical analysis
- Adversarial Patches
- Structurel Perturbations
See the controls at the bottom of the PDF viewer to go through the pages.112019_references_web