Paper Summary Series Road-map :

Top 30 Key Research papers to get the necessary fundamental papers that anyone who wants to perform neural network evaluations should read. The papers are split by topic and indicated which topics should be read before others. (List shared by Nicholas Carlini )

Preliminary Papers

  • [ ] Evasion Attacks against Machine Learning at Test Time
  • [ ] Intriguing properties of neural networks
  • [ ] Explaining and Harnessing Adversarial Examples

Attacks [requires Preliminary Papers]

  • [ ] The Limitations of Deep Learning in Adversarial Settings
  • [ ] DeepFool: a simple and accurate method to fool deep neural networks
  • [ ] Towards Evaluating the Robustness of Neural Networks

Transferability [requires Preliminary Papers]

  • [ ] Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples
  • [ ] Delving into Transferable Adversarial Examples and Black-box Attacks
  • [ ] Universal adversarial perturbations

Detecting Adversarial Examples [requires Attacks, Transferability]

  • [ ] On Detecting Adversarial Perturbations
  • [ ] Detecting Adversarial Samples from Artifacts
  • [ ] Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods

Restricted Threat Model Attacks [requires Attacks]

  • [ ] ZOO: Zeroth Order Optimization based Black-box Attacks to Deep Neural Networks without Training Substitute Models
  • [ ] Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models
  • [ ] Prior Convictions: Black-Box Adversarial Attacks with Bandits and Priors

Physical-World Attacks [reqires Attacks, Transferability]

  • [ ] Adversarial examples in the physical world
  • [ ] Synthesizing Robust Adversarial Examples
  • [ ] Robust Physical-World Attacks on Deep Learning Models

Verification [requires Introduction]

  • [ ] Reluplex: An Efficient SMT Solver for Verifying Deep Neural Networks
  • [ ] On the Effectiveness of Interval Bound Propagation for Training Verifiably Robust Models

Defenses (2) [requires Detecting]

  • [ ] Towards Deep Learning Models Resistant to Adversarial Attacks
  • [ ] Certified Robustness to Adversarial Examples with Differential Privacy

Attacks (2) [requires Defenses (2)]

  • [ ] Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples
  • [ ] Adversarial Risk and the Dangers of Evaluating Against Weak Attacks

Defenses (3) [requires Attacks (2)]

  • [ ] Towards the first adversarially robust neural network model on MNIST
  • [ ] On Evaluating Adversarial Robustness

Other Domains [requires Attacks]

  • [ ] Adversarial Attacks on Neural Network Policies
  • [ ] Audio Adversarial Examples: Targeted Attacks on Speech-to-Text
  • [ ] Seq2Sick: Evaluating the Robustness of Sequence-to-Sequence Models with Adversarial Examples
  • [ ] Adversarial examples for generative models

Visualized using Adversarial Machine Learning Reading List by Nicholas Carlini

Visualized using Adversarial Machine Learning Reading List by Nicholas Carlini — Link

Resources

Key Researchers their affiliations:

  • Nicholas Carlini (Google Brain)
  • Anish Athalye (MIT)
  • Nicolas Papernot (Google Brain)
  • Wieland Brendel (University of Tubingen)
  • Jonas Rauber (University of Tubingen)
  • Dimitris Tsipras (MIT)
  • Ian Goodfellow (Google Brain)
  • Aleksander Madry (MIT)
  • Alexey Kurakin (Google Brain)

Research Labs :

Frameworks/Libraries:

  • cleverhans- Tensorflow
  • foolbox — Keras/Tensorflow/Pytorch
  • advertorch — Pytorch