Adversarial Training Methods for Deep Learning: A Systematic Review

Deep neural networks are exposed to the risk of adversarial attacks via the fast gradient sign method (FGSM), projected gradient descent (PGD) attacks, and other attack algorithms. Adversarial training is one of the methods used to defend against the threat of adversarial attacks. It is a training s...

Full description

Saved in:
Bibliographic Details
Published inAlgorithms Vol. 15; no. 8; p. 283
Main Authors Zhao, Weimin, Alwidian, Sanaa, Mahmoud, Qusay H.
Format Journal Article
LanguageEnglish
Published Basel MDPI AG 01.08.2022
Subjects
adversarial attack generation
adversarial attacks
adversarial machine learning
adversarial samples
adversarial training
Algorithms
Analysis
Artificial neural networks
Computational linguistics
Deep learning
deep neural network
Efficiency
Identification methods
Language processing
Literature reviews
Machine learning
Natural language interfaces
Neural networks
Optimization
Research methodology
Robustness
State-of-the-art reviews
Strategy
Systematic review
Training
Online AccessGet full text

Cover

Abstract Deep neural networks are exposed to the risk of adversarial attacks via the fast gradient sign method (FGSM), projected gradient descent (PGD) attacks, and other attack algorithms. Adversarial training is one of the methods used to defend against the threat of adversarial attacks. It is a training schema that utilizes an alternative objective function to provide model generalization for both adversarial data and clean data. In this systematic review, we focus particularly on adversarial training as a method of improving the defensive capacities and robustness of machine learning models. Specifically, we focus on adversarial sample accessibility through adversarial sample generation methods. The purpose of this systematic review is to survey state-of-the-art adversarial training and robust optimization methods to identify the research gaps within this field of applications. The literature search was conducted using Engineering Village (Engineering Village is an engineering literature search tool, which provides access to 14 engineering literature and patent databases), where we collected 238 related papers. The papers were filtered according to defined inclusion and exclusion criteria, and information was extracted from these papers according to a defined strategy. A total of 78 papers published between 2016 and 2021 were selected. Data were extracted and categorized using a defined strategy, and bar plots and comparison tables were used to show the data distribution. The findings of this review indicate that there are limitations to adversarial training methods and robust optimization. The most common problems are related to data generalization and overfitting.
AbstractList Deep neural networks are exposed to the risk of adversarial attacks via the fast gradient sign method (FGSM), projected gradient descent (PGD) attacks, and other attack algorithms. Adversarial training is one of the methods used to defend against the threat of adversarial attacks. It is a training schema that utilizes an alternative objective function to provide model generalization for both adversarial data and clean data. In this systematic review, we focus particularly on adversarial training as a method of improving the defensive capacities and robustness of machine learning models. Specifically, we focus on adversarial sample accessibility through adversarial sample generation methods. The purpose of this systematic review is to survey state-of-the-art adversarial training and robust optimization methods to identify the research gaps within this field of applications. The literature search was conducted using Engineering Village (Engineering Village is an engineering literature search tool, which provides access to 14 engineering literature and patent databases), where we collected 238 related papers. The papers were filtered according to defined inclusion and exclusion criteria, and information was extracted from these papers according to a defined strategy. A total of 78 papers published between 2016 and 2021 were selected. Data were extracted and categorized using a defined strategy, and bar plots and comparison tables were used to show the data distribution. The findings of this review indicate that there are limitations to adversarial training methods and robust optimization. The most common problems are related to data generalization and overfitting.
Audience Academic
Author Alwidian, Sanaa
Zhao, Weimin
Mahmoud, Qusay H.
Author_xml – sequence: 1
  givenname: Weimin
  orcidid: 0000-0002-6664-5632
  surname: Zhao
  fullname: Zhao, Weimin
– sequence: 2
  givenname: Sanaa
  surname: Alwidian
  fullname: Alwidian, Sanaa
– sequence: 3
  givenname: Qusay H.
  orcidid: 0000-0003-0472-5757
  surname: Mahmoud
  fullname: Mahmoud, Qusay H.
BookMark eNptUU1vEzEQtVCRaAsH_sFKnDiktXdsr80tCl-VgpCgnK1ZexwcJetgb4v673EIqhBCPth6fu_Nm5kLdjbliRh7KfgVgOXXKBQ3vDfwhJ0La-1CGgtnf72fsYtat5xrZbU4Z6tluKdSsSTcdbcF05SmTfeJ5u851C7m0r0lOnRrwnL8edMtu68PdaY9zsl3X-g-0c_n7GnEXaUXf-5L9u39u9vVx8X684eb1XK98GCHeQGc2wBSSj6CGnszil4p7SWIkSKOEILSQDAY6G3vrTDBcikURhUQJRdwyW5OviHj1h1K2mN5cBmT-w3ksnFYWqwdOS2NENHGMYKXmqwJ0nDfD3ocNBgem9erk9eh5B93VGe3zXdlavFdP3DNzQDGNNbVibXBZpqmmOeCvp1A--Tb5GNq-HKQSshje03w-iTwJddaKD7GFNwdF-QeF9S41_9wfZrbWPPUiqTdfxS_AML8kEA
CitedBy_id crossref_primary_10_1109_ACCESS_2023_3326410
crossref_primary_10_3390_ijms25052869
crossref_primary_10_1038_s41598_024_56259_z
crossref_primary_10_3390_app131910972
crossref_primary_10_3390_biomedinformatics4020050
crossref_primary_10_3390_app14052116
crossref_primary_10_1109_TSC_2023_3331020
crossref_primary_10_3390_s25020531
crossref_primary_10_1016_j_compeleceng_2024_109236
crossref_primary_10_3390_app122412947
crossref_primary_10_3390_fi15110371
crossref_primary_10_3390_math12223451
crossref_primary_10_3390_fi15080267
crossref_primary_10_1109_JIOT_2023_3324568
crossref_primary_10_3390_info16010008
crossref_primary_10_1109_TCSII_2024_3371154
crossref_primary_10_3390_app131810258
crossref_primary_10_3390_jimaging11010026
crossref_primary_10_1109_TII_2024_3393491
crossref_primary_10_3390_su16114759
crossref_primary_10_1007_s10462_024_10797_0
crossref_primary_10_3390_a16030165
crossref_primary_10_1016_j_procs_2025_01_065
crossref_primary_10_1002_adem_202401353
crossref_primary_10_1007_s00500_025_10516_z
crossref_primary_10_1016_j_aap_2023_107360
crossref_primary_10_3390_s23052697
crossref_primary_10_3390_app14209287
crossref_primary_10_1016_j_media_2024_103291
crossref_primary_10_1109_TPAMI_2024_3400988
Cites_doi 10.1109/CVPR42600.2020.00103
10.1109/SSCI44817.2019.9002854
10.1016/j.knosys.2021.107141
10.1016/j.media.2021.101977
10.1109/ACCESS.2020.2969288
10.1109/ICCV.2019.00665
10.1016/j.cmpb.2023.107687
10.1007/978-3-030-22312-0_2
10.1109/CVPR42600.2020.00034
10.1109/CVPR.2016.282
10.1145/3493700.3493705
10.1007/978-3-030-58586-0_46
10.1109/ICASSP40776.2020.9054087
10.1109/ISVLSI.2018.00092
10.1109/TMM.2015.2478068
10.1007/s10489-021-02523-y
10.1109/TEVC.2019.2890858
10.1109/IJCNN52387.2021.9533363
10.1109/SNPD.2017.8022700
10.1109/SPW.2019.00016
10.1109/TrustCom/BigDataSE.2019.00044
10.1007/978-3-030-68238-5_14
10.1145/3394171.3413703
10.1109/IJCNN48605.2020.9206760
10.1109/ICDM.2019.00093
10.1109/ICDM.2019.00125
10.1145/3422337.3447841
10.1109/IJCNN52387.2021.9533725
10.1201/9781351251389-8
10.1109/SP.2017.49
10.32604/jbd.2020.012294
10.1007/978-3-030-87358-5_10
10.1109/DSN-W.2018.00066
10.1109/EuroSP.2016.36
10.1109/ICCV.2019.00673
10.1109/TIP.2021.3082317
10.1016/j.cosrev.2020.100270
10.24963/ijcai.2018/520
10.1109/CVPR.2019.00714
10.1155/2021/4907754
10.1109/MILCOM.2016.7795300
10.1109/ICPR48806.2021.9413327
10.1109/CVPR42600.2020.00035
10.1145/3309182.3309190
10.1007/978-3-030-68238-5_32
10.1109/TIP.2020.3042083
10.24963/ijcai.2021/591
10.1016/j.cose.2019.04.014
10.24963/ijcai.2018/543
ContentType Journal Article
Copyright COPYRIGHT 2022 MDPI AG
2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
Copyright_xml – notice: COPYRIGHT 2022 MDPI AG
– notice: 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
DBID AAYXX
CITATION
3V.
7SC
7TB
7XB
8AL
8FD
8FE
8FG
8FK
ABJCF
ABUWG
AFKRA
ARAPS
AZQEC
BENPR
BGLVJ
CCPQU
DWQXO
FR3
GNUQQ
HCIFZ
JQ2
K7-
KR7
L6V
L7M
L~C
L~D
M0N
M7S
P62
PHGZM
PHGZT
PIMPY
PKEHL
PQEST
PQGLB
PQQKQ
PQUKI
PRINS
PTHSS
Q9U
DOA
DOI 10.3390/a15080283
DatabaseName CrossRef
ProQuest Central (Corporate)
Computer and Information Systems Abstracts
Mechanical & Transportation Engineering Abstracts
ProQuest Central (purchase pre-March 2016)
Computing Database (Alumni Edition)
Technology Research Database
ProQuest SciTech Collection
ProQuest Technology Collection
ProQuest Central (Alumni) (purchase pre-March 2016)
Materials Science & Engineering Collection
ProQuest Central (Alumni Edition)
ProQuest Central UK/Ireland
Advanced Technologies & Aerospace Collection
ProQuest Central Essentials
ProQuest Central
Technology Collection
ProQuest One Community College
ProQuest Central Korea
Engineering Research Database
ProQuest Central Student
SciTech Premium Collection
ProQuest Computer Science Collection
Computer Science Database
Civil Engineering Abstracts
ProQuest Engineering Collection
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
Computing Database
Engineering Database
ProQuest Advanced Technologies & Aerospace Collection
ProQuest Central Premium
ProQuest One Academic (New)
Publicly Available Content Database
ProQuest One Academic Middle East (New)
ProQuest One Academic Eastern Edition (DO NOT USE)
ProQuest One Applied & Life Sciences
ProQuest One Academic
ProQuest One Academic UKI Edition
ProQuest Central China
Engineering Collection
ProQuest Central Basic
DOAJ Directory of Open Access Journals
DatabaseTitle CrossRef
Publicly Available Content Database
Computer Science Database
ProQuest Central Student
Technology Collection
Technology Research Database
Computer and Information Systems Abstracts – Academic
ProQuest One Academic Middle East (New)
Mechanical & Transportation Engineering Abstracts
ProQuest Advanced Technologies & Aerospace Collection
ProQuest Central Essentials
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
ProQuest Central (Alumni Edition)
SciTech Premium Collection
ProQuest One Community College
ProQuest Central China
ProQuest Central
ProQuest One Applied & Life Sciences
ProQuest Engineering Collection
ProQuest Central Korea
ProQuest Central (New)
Advanced Technologies Database with Aerospace
Engineering Collection
Advanced Technologies & Aerospace Collection
Civil Engineering Abstracts
ProQuest Computing
Engineering Database
ProQuest Central Basic
ProQuest Computing (Alumni Edition)
ProQuest One Academic Eastern Edition
ProQuest Technology Collection
ProQuest SciTech Collection
Computer and Information Systems Abstracts Professional
ProQuest One Academic UKI Edition
Materials Science & Engineering Collection
Engineering Research Database
ProQuest One Academic
ProQuest One Academic (New)
ProQuest Central (Alumni)
DatabaseTitleList
Publicly Available Content Database
CrossRef
Database_xml – sequence: 1
  dbid: DOA
  name: DOAJ Directory of Open Access Journals
  url: https://www.doaj.org/
  sourceTypes: Open Website
– sequence: 2
  dbid: 8FG
  name: ProQuest Technology Collection
  url: https://search.proquest.com/technologycollection1
  sourceTypes: Aggregation Database
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 1999-4893
ExternalDocumentID oai_doaj_org_article_64811f9fbf3c46e98d480c276b76380f
A745143009
10_3390_a15080283
GroupedDBID 23M
2WC
5VS
8FE
8FG
AADQD
AAFWJ
AAYXX
ABDBF
ABJCF
ABUWG
ACUHS
ADBBV
AFKRA
AFPKN
AFZYC
ALMA_UNASSIGNED_HOLDINGS
AMVHM
ARAPS
AZQEC
BCNDV
BENPR
BGLVJ
BPHCQ
CCPQU
CITATION
DWQXO
E3Z
ESX
GNUQQ
GROUPED_DOAJ
HCIFZ
IAO
ICD
ITC
J9A
K6V
K7-
KQ8
L6V
M7S
MODMG
M~E
OK1
OVT
P2P
PHGZM
PHGZT
PIMPY
PQQKQ
PROAC
PTHSS
TR2
TUS
PQGLB
3V.
7SC
7TB
7XB
8AL
8FD
8FK
FR3
JQ2
KR7
L7M
L~C
L~D
M0N
P62
PKEHL
PQEST
PQUKI
PRINS
Q9U
PUEGO
ID FETCH-LOGICAL-c397t-3009d34440b35b28b12556c431befab3dd563e3783292c918d90415af5daa4013
IEDL.DBID DOA
ISSN 1999-4893
IngestDate Wed Aug 27 01:13:05 EDT 2025
Fri Jul 25 12:12:41 EDT 2025
Tue Jul 15 03:26:26 EDT 2025
Tue Jul 01 03:23:12 EDT 2025
Thu Apr 24 23:03:51 EDT 2025
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Issue 8
Language English
License https://creativecommons.org/licenses/by/4.0
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c397t-3009d34440b35b28b12556c431befab3dd563e3783292c918d90415af5daa4013
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0002-6664-5632
0000-0003-0472-5757
OpenAccessLink https://doaj.org/article/64811f9fbf3c46e98d480c276b76380f
PQID 2706087388
PQPubID 2032439
ParticipantIDs doaj_primary_oai_doaj_org_article_64811f9fbf3c46e98d480c276b76380f
proquest_journals_2706087388
gale_infotracacademiconefile_A745143009
crossref_primary_10_3390_a15080283
crossref_citationtrail_10_3390_a15080283
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate 2022-08-01
PublicationDateYYYYMMDD 2022-08-01
PublicationDate_xml – month: 08
  year: 2022
  text: 2022-08-01
  day: 01
PublicationDecade 2020
PublicationPlace Basel
PublicationPlace_xml – name: Basel
PublicationTitle Algorithms
PublicationYear 2022
Publisher MDPI AG
Publisher_xml – name: MDPI AG
References ref_94
ref_92
ref_91
ref_90
Zhang (ref_96) 2019; 31
ref_14
ref_13
ref_12
ref_99
ref_98
ref_97
ref_95
ref_19
ref_18
ref_17
ref_15
ref_25
ref_23
ref_22
Yuan (ref_29) 2020; 8
ref_21
Andriushchenko (ref_24) 2020; 33
ref_20
ref_28
ref_27
ref_26
ref_71
ref_70
Liu (ref_84) 2021; 30
ref_79
ref_78
ref_76
Gedeon (ref_72) 2019; Volume 1142
ref_75
ref_74
ref_73
ref_83
ref_82
Bartoli (ref_62) 2020; Volume 12538
ref_80
Ho (ref_88) 2022; 52
Kim (ref_81) 2020; 33
ref_89
Su (ref_16) 2019; 23
ref_87
ref_85
Zhang (ref_65) 2021; 30
ref_50
Yang (ref_77) 2020; 33
ref_57
Kereliuk (ref_106) 2015; 17
ref_56
ref_55
ref_54
ref_53
ref_52
ref_51
Pang (ref_93) 2020; 33
Ishikawa (ref_38) 2021; Volume 12624
ref_61
Dong (ref_58) 2020; 33
Dhillon (ref_59) 2019; Volume 562
Chen (ref_8) 2020; 2
Huang (ref_11) 2020; 37
ref_68
ref_67
ref_66
ref_64
ref_63
Vedaldi (ref_30) 2020; Volume 12369
Bartoli (ref_60) 2020; Volume 12539
Xu (ref_69) 2021; 69
Peng (ref_46) 2021; Volume 12889
Kong (ref_10) 2021; 2021
Wang (ref_86) 2021; 226
ref_36
ref_35
ref_34
ref_33
ref_31
ref_39
ref_37
ref_104
ref_105
ref_108
ref_107
ref_47
ref_45
ref_44
Chen (ref_103) 2019; 85
ref_43
ref_100
ref_42
ref_41
ref_102
ref_40
ref_101
ref_1
ref_3
ref_2
ref_49
ref_48
ref_9
ref_5
ref_4
ref_7
Bartoli (ref_32) 2020; Volume 12539
ref_6
References_xml – ident: ref_20
  doi: 10.1109/CVPR42600.2020.00103
– ident: ref_9
– ident: ref_34
  doi: 10.1109/SSCI44817.2019.9002854
– ident: ref_68
– volume: 226
  start-page: 107141
  year: 2021
  ident: ref_86
  article-title: Improving Adversarial Robustness of Deep Neural Networks by Using Semantic Information
  publication-title: Knowl.-Based Syst.
  doi: 10.1016/j.knosys.2021.107141
– volume: Volume 12538
  start-page: 236
  year: 2020
  ident: ref_62
  article-title: Disrupting Deepfakes: Adversarial Attacks Against Conditional Image Translation Networks and Facial Manipulation Systems
  publication-title: Computer Vision—ECCV 2020 Workshops
– volume: 69
  start-page: 101977
  year: 2021
  ident: ref_69
  article-title: Towards Evaluating the Robustness of Deep Diagnostic Models by Adversarial Attack
  publication-title: Med. Image Anal.
  doi: 10.1016/j.media.2021.101977
– volume: 8
  start-page: 22617
  year: 2020
  ident: ref_29
  article-title: Adversarial Dual Network Learning With Randomized Image Transform for Restoring Attacked Images
  publication-title: IEEE Access
  doi: 10.1109/ACCESS.2020.2969288
– ident: ref_51
  doi: 10.1109/ICCV.2019.00665
– ident: ref_42
– ident: ref_64
  doi: 10.1016/j.cmpb.2023.107687
– ident: ref_1
– volume: Volume 562
  start-page: 19
  year: 2019
  ident: ref_59
  article-title: GanDef: A GAN Based Adversarial Training Defense for Neural Network Classifier
  publication-title: ICT Systems Security and Privacy Protection
  doi: 10.1007/978-3-030-22312-0_2
– ident: ref_94
– volume: Volume 1142
  start-page: 3
  year: 2019
  ident: ref_72
  article-title: Adversarial Deep Learning with Stackelberg Games
  publication-title: Neural Information Processing
– ident: ref_87
  doi: 10.1109/CVPR42600.2020.00034
– ident: ref_14
  doi: 10.1109/CVPR.2016.282
– ident: ref_104
  doi: 10.1145/3493700.3493705
– volume: Volume 12369
  start-page: 785
  year: 2020
  ident: ref_30
  article-title: Adversarial Training with Bi-Directional Likelihood Regularization for Visual Classification
  publication-title: Computer Vision—ECCV 2020
  doi: 10.1007/978-3-030-58586-0_46
– ident: ref_4
– ident: ref_56
– ident: ref_27
– ident: ref_35
  doi: 10.1109/ICASSP40776.2020.9054087
– ident: ref_48
– ident: ref_83
– ident: ref_13
– ident: ref_36
  doi: 10.1109/ISVLSI.2018.00092
– ident: ref_45
– ident: ref_28
– ident: ref_53
– volume: 17
  start-page: 2059
  year: 2015
  ident: ref_106
  article-title: Deep Learning and Music Adversaries
  publication-title: IEEE Trans. Multimed.
  doi: 10.1109/TMM.2015.2478068
– ident: ref_3
– volume: 31
  start-page: 2578
  year: 2019
  ident: ref_96
  article-title: Adversarial Examples: Opportunities and Challenges
  publication-title: IEEE Trans. Neural Netw. Learn. Syst.
– volume: 52
  start-page: 4364
  year: 2022
  ident: ref_88
  article-title: Attack-Less Adversarial Training for a Robust Adversarial Defense
  publication-title: Appl. Intell.
  doi: 10.1007/s10489-021-02523-y
– ident: ref_47
– volume: 23
  start-page: 828
  year: 2019
  ident: ref_16
  article-title: One Pixel Attack for Fooling Deep Neural Networks
  publication-title: IEEE Trans. Evol. Computat.
  doi: 10.1109/TEVC.2019.2890858
– ident: ref_63
  doi: 10.1109/IJCNN52387.2021.9533363
– ident: ref_67
– ident: ref_73
  doi: 10.1109/SNPD.2017.8022700
– ident: ref_92
– ident: ref_108
  doi: 10.1109/SPW.2019.00016
– ident: ref_44
– ident: ref_80
  doi: 10.1109/TrustCom/BigDataSE.2019.00044
– volume: Volume 12539
  start-page: 178
  year: 2020
  ident: ref_32
  article-title: Addressing Neural Network Robustness with Mixup and Targeted Labeling Adversarial Training
  publication-title: Computer Vision—ECCV 2020 Workshops
  doi: 10.1007/978-3-030-68238-5_14
– ident: ref_6
– ident: ref_102
  doi: 10.1145/3394171.3413703
– ident: ref_75
– ident: ref_25
– ident: ref_50
– ident: ref_33
– ident: ref_85
  doi: 10.1109/IJCNN48605.2020.9206760
– ident: ref_82
  doi: 10.1109/ICDM.2019.00093
– ident: ref_89
  doi: 10.1109/ICDM.2019.00125
– ident: ref_101
– ident: ref_19
– ident: ref_22
  doi: 10.1145/3422337.3447841
– ident: ref_79
  doi: 10.1109/IJCNN52387.2021.9533725
– ident: ref_95
  doi: 10.1201/9781351251389-8
– volume: 33
  start-page: 5505
  year: 2020
  ident: ref_77
  article-title: DVERGE: Diversifying Vulnerabilities for Enhanced Robust Generation of Ensembles
  publication-title: Adv. Neural Inf. Process. Syst.
– ident: ref_78
– ident: ref_15
  doi: 10.1109/SP.2017.49
– volume: 33
  start-page: 16048
  year: 2020
  ident: ref_24
  article-title: Understanding and Improving Fast Adversarial Training
  publication-title: Adv. Neural Inf. Process. Syst.
– ident: ref_49
– ident: ref_55
– ident: ref_26
– volume: 2
  start-page: 71
  year: 2020
  ident: ref_8
  article-title: A Survey on Adversarial Examples in Deep Learning
  publication-title: J. Big Data
  doi: 10.32604/jbd.2020.012294
– volume: Volume 12889
  start-page: 120
  year: 2021
  ident: ref_46
  article-title: Free Adversarial Training with Layerwise Heuristic Learning
  publication-title: Image and Graphics
  doi: 10.1007/978-3-030-87358-5_10
– ident: ref_90
– ident: ref_74
  doi: 10.1109/DSN-W.2018.00066
– ident: ref_61
– ident: ref_97
  doi: 10.1109/EuroSP.2016.36
– ident: ref_23
– ident: ref_98
– ident: ref_70
  doi: 10.1109/ICCV.2019.00673
– volume: 30
  start-page: 5769
  year: 2021
  ident: ref_84
  article-title: Training Robust Deep Neural Networks via Adversarial Noise Propagation
  publication-title: IEEE Trans. Image Process.
  doi: 10.1109/TIP.2021.3082317
– volume: 37
  start-page: 100270
  year: 2020
  ident: ref_11
  article-title: A Survey of Safety and Trustworthiness of Deep Neural Networks: Verification, Testing, Adversarial Attack and Defence, and Interpretability
  publication-title: Comput. Sci. Rev.
  doi: 10.1016/j.cosrev.2020.100270
– ident: ref_52
– ident: ref_39
  doi: 10.24963/ijcai.2018/520
– ident: ref_71
  doi: 10.1109/CVPR.2019.00714
– volume: 33
  start-page: 7779
  year: 2020
  ident: ref_93
  article-title: Boosting Adversarial Training with Hypersphere Embedding
  publication-title: Adv. Neural Inf. Process. Syst.
– ident: ref_41
– volume: 2021
  start-page: 4907754
  year: 2021
  ident: ref_10
  article-title: A Survey on Adversarial Attack in the Age of Artificial Intelligence
  publication-title: Wirel. Commun. Mob. Comput.
  doi: 10.1155/2021/4907754
– ident: ref_107
– ident: ref_17
– volume: Volume 12624
  start-page: 576
  year: 2021
  ident: ref_38
  article-title: Towards Fast and Robust Adversarial Training for Image Classification
  publication-title: Computer Vision—ACCV 2020
– ident: ref_7
– ident: ref_76
– ident: ref_105
  doi: 10.1109/MILCOM.2016.7795300
– ident: ref_66
  doi: 10.1109/ICPR48806.2021.9413327
– ident: ref_91
  doi: 10.1109/CVPR42600.2020.00035
– ident: ref_40
– volume: 33
  start-page: 2983
  year: 2020
  ident: ref_81
  article-title: Adversarial Self-Supervised Contrastive Learning
  publication-title: Adv. Neural Inf. Process. Syst.
– ident: ref_37
– ident: ref_18
– ident: ref_21
– ident: ref_31
  doi: 10.1145/3309182.3309190
– ident: ref_54
– ident: ref_2
– ident: ref_12
– volume: Volume 12539
  start-page: 429
  year: 2020
  ident: ref_60
  article-title: Adversarial Training Against Location-Optimized Adversarial Patches
  publication-title: Computer Vision—ECCV 2020 Workshops
  doi: 10.1007/978-3-030-68238-5_32
– volume: 30
  start-page: 1291
  year: 2021
  ident: ref_65
  article-title: Interpreting and Improving Adversarial Robustness of Deep Neural Networks With Neuron Sensitivity
  publication-title: IEEE Trans. Image Process.
  doi: 10.1109/TIP.2020.3042083
– volume: 33
  start-page: 8270
  year: 2020
  ident: ref_58
  article-title: Adversarial Distributional Training for Robust Deep Learning
  publication-title: Adv. Neural Inf. Process. Syst.
– ident: ref_5
  doi: 10.24963/ijcai.2021/591
– volume: 85
  start-page: 89
  year: 2019
  ident: ref_103
  article-title: POBA-GA: Perturbation Optimized Black-Box Adversarial Attacks via Genetic Algorithm
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2019.04.014
– ident: ref_43
– ident: ref_57
– ident: ref_100
  doi: 10.24963/ijcai.2018/543
– ident: ref_99
SSID ssj0065961
Score 2.536076
SecondaryResourceType review_article
Snippet Deep neural networks are exposed to the risk of adversarial attacks via the fast gradient sign method (FGSM), projected gradient descent (PGD) attacks, and...
SourceID doaj
proquest
gale
crossref
SourceType Open Website
Aggregation Database
Enrichment Source
Index Database
StartPage 283
SubjectTerms adversarial attack generation
adversarial attacks
adversarial machine learning
adversarial samples
adversarial training
Algorithms
Analysis
Artificial neural networks
Computational linguistics
Deep learning
deep neural network
Efficiency
Identification methods
Language processing
Literature reviews
Machine learning
Natural language interfaces
Neural networks
Optimization
Research methodology
Robustness
State-of-the-art reviews
Strategy
Systematic review
Training
SummonAdditionalLinks – databaseName: ProQuest Central
  dbid: BENPR
  link: http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV1LS8QwEA4-Ll58i-uLIIJeitskTRMvsr4QQREf4C0kk8SL7K7u-v_NdNMVQb2mObQzmck3aeb7CDkAzQBxRKGBs0I4CYW2HopaWrC1C7IS2Jx8eyevn8XNS_WSD9xG-VplmxObRO0HgGfkxwxpXlTNlTodvheoGoV_V7OExiyZTylYpeJr_uzy7v6hzcWy0rKc8AnxVNwfW2Q_xx31xy7UkPX_lZKbfeZqmSxmgEh7E4-ukJnQXyVLrfgCzbG4Rs4bKeWRxQVEn7LQA71tBKFHNEFRehHCkGb-1NcT2qOPU9ZmOvklsE6ery6fzq-LrIhQQMIN44InROS5EKLreOWYciUyiEECAS5E67j3leSB1ylMkw90qbzGFnwbK28tVlIbZK4_6IdNQnUa0BA1KwWIWpY2gK5jEMyXkYGwHXLUWshApgtH1Yo3k8oGNKaZGrND9qdThxOOjN8mnaGZpxOQ1roZGHy8mhwlRgpVllFHFzkIGbTyQnWB1dKlNKi6sUMO0UkGgy-9DNjcQ5A-CWmsTK8WCACTlTpkp_WjyVE5Mt9raOv_x9tkgWGbQ3PRb4fMjT8-w24CH2O3l1fYF3C11_Q
  priority: 102
  providerName: ProQuest
Title Adversarial Training Methods for Deep Learning: A Systematic Review
URI https://www.proquest.com/docview/2706087388
https://doaj.org/article/64811f9fbf3c46e98d480c276b76380f
Volume 15
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV1JSwMxFH64XLy4i3UpQQS9DHaSTCbxVpdahIpoC95Ckkm8SBVb_795M2lRULx4DTlkvpe3MXnfB3DsFHVYR2TKMZpxK1ymTOWyUhhnSutFwXE4eXAn-iN--1Q8fZH6wjdhDT1wA9yZ4DLPgwo2MMeFV7LisuNoKWz0DNkJGH1jzps1U00MFoUSecMjxGJTf2aQ9Rwz6bfsU5P0_xaK6_zSW4fVVBiSbnOgDVjw401Ym4kukOSDW3BZSyhPDF4cMkwCD2RQC0FPSCxByZX3byTxpj6fky55nLM1k-ZXwDaMetfDy36WlBAyF-uFacZiJVQxznnHssJSaXNkDnMx-VsfjGVVVQjmWRndM2KvclkpHL03oaiMwQ5qB5bGr2O_C0TFBeWCojl3vBS58U6VwXNa5YE6blpwOkNIu0QTjmoVLzq2CwimnoPZgqP51reGG-OnTRcI83wD0lnXC9HIOhlZ_2XkFpygkTQ6XTyMM2l2IH4S0lfpbsmx8IsoteBgZkedvHGiKVIEyZJJufcfp9mHFYpDEPUzwANYmr5_-MNYmkxtGxZl76YNyxfXd_cP7fpOfgJWoOEH
linkProvider Directory of Open Access Journals
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1LbxMxEB6V9gAXoDxESqEWKoLLqlnb67WREAotIX2kF1KpN-NnLyhJmyDEn-I34tn1BiG1vfVqW9Z6PC-vPd8HsOsUdZhHFMoxWnArXKGMd0UtjDO1DaLiWJw8PhWjM350Xp2vwZ-uFgafVXY-sXHUfubwH_keRZgXWTMpP80vC2SNwtvVjkKjVYvj8PtXOrItPh4epP19S-nwy2R_VGRWgcKl2LssWMoqPOOc9y2rLJW2RBQulwKpDdFY5n0lWGB1UvW0DlVKr7CM3cTKG4OnkTTvPdjgjCm0KDn82nl-USlRtuhFqbO_ZxBrHeP3fzGvoQa4KQA0UW34GB7mdJQMWv3ZhLUwfQKPOqoHki3_Kew3xM0Lg-pKJplWgowb-ukFSYkvOQhhTjJa68UHMiDfVhjRpL2AeAZndyKp57A-nU3DCyAqNSgXFS2547UoTXCqjoFTX0bquOnB-05C2mVwcuTI-KHTIQWFqVfC7MGb1dB5i8hx3aDPKObVAATRbhpmVxc626QWXJZlVNFG5rgISnou-47WwianK_uxB-9wkzSaevoYZ3LFQloSgmbpQc0x3UxS6sF2t486-4CF_qexW7d378D90WR8ok8OT49fwgOKBRbNE8NtWF9e_QyvUtqztK8bXSPw_a6V-y_oVBGd
linkToPdf http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1Nb9QwEB2VrYS48I3YUsBCILhETWzHiZEQ2na7aildVdBKvRnbsXtBu9vuIsRf49cxkziLkIBbr44VxeOX-Ug87wG89Jp7yiMy7QXPpFM-07bxWaWst5ULqpTUnHw8VQdn8sN5eb4BP_teGDpW2fvE1lE3c0_fyHc40bzUlcCCLaZjESfjyfvFZUYKUvSntZfT6CByFH58x_Jt-e5wjHv9ivPJ_uneQZYUBjKPcXiVCcwwGiGlzJ0oHa9dQYxcHoOqC9E60TSlEkFUCHtcky7qRlNLu41lYy1VJnjfG7BZYVWUD2Bzd3968qmPA6rUqui4jITQ-Y4l5nWK5n9EwFYo4F_hoI1xk7twOyWnbNSh6R5shNl9uNMLP7DkBx7AXivjvLQEXnaaRCbYcStGvWSYBrNxCAuWuFsv3rIR-7xmjGbd74iHcHYttnoEg9l8Fh4D0zigfdS8kF5WqrDB6yoGyZsici_tEN70FjI-UZWTYsZXgyULGdOsjTmEF-upi46f42-TdsnM6wlEqd0OzK8uTHpDjZJ1UUQdXRReqqDrRta555Vy6ILrPA7hNW2SoRcfH8bb1L-ASyIKLTOqJCWfaKUhbPf7aJJHWJrf-N36_-XncBOBbT4eTo-ewC1O3RbtecNtGKyuvoWnmAOt3LMENgZfrhvfvwBLxhcv
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Adversarial+Training+Methods+for+Deep+Learning%3A+A+Systematic+Review&rft.jtitle=Algorithms&rft.au=Weimin+Zhao&rft.au=Sanaa+Alwidian&rft.au=Qusay+H.+Mahmoud&rft.date=2022-08-01&rft.pub=MDPI+AG&rft.eissn=1999-4893&rft.volume=15&rft.issue=8&rft.spage=283&rft_id=info:doi/10.3390%2Fa15080283&rft.externalDBID=DOA&rft.externalDocID=oai_doaj_org_article_64811f9fbf3c46e98d480c276b76380f
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1999-4893&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1999-4893&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1999-4893&client=summon