Inspired by this repo and ML Writing Month. Questions and discussions are most welcome!

1. TNNLS 2019 Adversarial Examples: Attacks and Defenses for Deep Learning
2. IEEE ACCESS 2018 Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey
3. Adversarial Attacks and Defenses in Images, Graphs and Text: A Review
4. A Study of Black Box Adversarial Attacks in Computer Vision
5. Adversarial Examples in Modern Machine Learning: A Review

1. ICLR 2013 ATTACK Evasion Attacks against Machine Learning at Test Time
2. ICLR 2014 L-BFGS Intriguing properties of neural networks
3. ICLR 2015 FGSM Explaining and Harnessing Adversarial Examples
4. EuroS&P 2016 ATTACK The limitations of deep learning in adversarial settings
5. CVPR 2016 ATTACK Deepfool
6. SP 2016 CW Attack C&W Towards evaluating the robustness of neural networks
7. Arxiv 2016 Transferability ATTACK Transferability in machine learning: from phenomena to black-box attacks using adversarial samples
8. CVPR 2019 Transferability Feature Space Feature Space Perturbations Yield More Transferable Adversarial Examples
9. ICLR 2017 Transferability Delving into Transferable Adversarial Examples and Black-box Attacks
10. ICLR 2019 Adversarial Training The Limitations of Adversarial Training and the Blind-Spot Attack
11. CVPR 2017 Universal Universal Adversarial Perturbations
12. ICLR 2018 GAN Natural Generating Natural Adversarial Examples
13. ICLR 2019 Theory Are adversarial examples inevitable? 💭
14. IEEE TEC 2019 One-Pixel One pixel attack for fooling deep neural networks
15. ARXIV 2019 ATTACK Generalizable Adversarial Attacks Using Generative Models
16. ICML 2019 DISTRIBUTION NATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks💭
17. ARXIV 2019 CGAN SemanticAdv: Generating Adversarial Examples via Attribute-conditional Image Editing
18. NeurlPS 2018 AC-GAN WGAN Constructing Unrestricted Adversarial Examples with Generative Models
19. IJCAI 2018 GAN Generating Adversarial Examples with Adversarial Networks
20. CVPR 2018 GENERATIVES UNIVERSAL Generative Adversarial Perturbations
21. AAAI 2018 ATN Learning to Attack: Adversarial transformation networks
22. CVPR 2019 Rob-GAN Rob-GAN: Generator, Discriminator, and Adversarial Attacker
23. S&P 2018 Learning Universal Adversarial Perturbations with Generative Models
24. ARXIV 2019 CYCLEADVGAN Cycle-Consistent Adversarial {GAN:} the integration of adversarial attack and defense
25. ARXIV 2019 Generating Realistic Unrestricted Adversarial Inputs using Dual-Objective {GAN} Training 💭
26. ICLR 2018 Spatially Transformed Adversarial Examples
27. ICCV 2019 Sparse and Imperceivable Adversarial Attacks💭
28. ARXIV 2019 Perturbations are not Enough: Generating Adversarial Examples with Spatial Distortions
29. ARXIV 2019 Joint Adversarial Training: Incorporating both Spatial and Pixel Attacks
30. ICLR 2020 Fooling Detection Alone is Not Enough: Adversarial Attack against Multiple Object Tracking💭
31. CVPR 2018 Robust physical-world attacks on deep learning visual classification
32. ICCV 2017 Adversarial Examples for Semantic Segmentation and Object Detection
33. ARXIV 2017 Adversarial Examples that Fool Detectors
34. CVPR 2017 A-Fast-RCNN: Hard Positive Generation via Adversary for Object Detection
35. IJCAI 2019 Transferable Adversarial Attacks for Image and Video Object Detection
36. TPAMI 2019 Generalizable Data-Free Objective for Crafting Universal Adversarial Perturbations
37. CVPR 2019 Decoupling Direction and Norm for Efficient Gradient-Based L2 Adversarial Attacks and Defenses
38. ICCV 2017 Adversarial Examples Detection in Deep Networks with Convolutional Filter Statistics
39. ICLR 2019 [Adversarial Attacks on Graph Neural Networks via Meta Learning]
40. ECCV 2018 [Characterizing adversarial examples based on spatial consistency information for semantic segmentation]
41. ICCV 2017 UNIVERSAL [Universal Adversarial Perturbations Against Semantic Image Segmentation]
42. CVPR 2018 UNIVERSAL [Art of Singular Vectors and Universal Adversarial Perturbations]
43. AIS 2017 [Adversarial examples are not easily detected: Bypassing ten detection methods]
44. ARXIV 2019 [SmoothFool: An Efficient Framework for Computing Smooth Adversarial Perturbations]
45. CVPR 2019 [SparseFool: a few pixels make a big difference]
46. ARXIV 2018 [Adversarial Spheres]

1. Arxiv 2017 Detection Detecting adversarial samples from artifacts
2. ICLR 2017 Detection On Detecting Adversarial Perturbations 💭
3. ICLR 2018 DEFENSE-GAN Defense-{GAN}: Protecting Classifiers Against Adversarial Attacks Using Generative Models
4. CVPR 2019 Retrieval-Augmented Convolutional Neural Networks against Adversarial Examples
5. CVPR 2019 Feature Denoising for Improving Adversarial Robustness
6. NEURIPS 2019 A New Defense Against Adversarial Images: Turning a Weakness into a Strength
7. ICLR 2018 Ensemble Adversarial Training: Attacks and Defences
8. CVPR 2018 Defense Against Universal Adversarial Perturbations
9. CVPR 2018 Deflecting Adversarial Attacks With Pixel Deflection
10. ICLR 2020 Jacobian Adversarially Regularized Networks for Robustness
11. CVPR 2020 What it Thinks is Important is Important: Robustness Transfers through Input Gradients
12. TPAMI 2018 Virtual adversarial training: a regularization method for supervised and semi-supervised learning 💭
13. NIPS 2019 Adversarial Training and Robustness for Multiple Perturbations
14. NIPS 2019 Adversarial Robustness through Local Linearization
15. ICLR 2020 Adversarially Robust Representations with Smooth Encoders 💭
16. ICML 2019 Interpreting Adversarially Trained Convolutional Neural Networks
17. ICLR 2019 Robustness May Be at Odds with Accuracy💭
18. IJCAI 2019 Improving the Robustness of Deep Neural Networks via Adversarial Training with Triplet Loss
19. ICML 2019 Adversarial Examples Are a Natural Consequence of Test Error in Noise💭
20. ARXIV 2020 Heat and Blur: An Effective and Fast Defense Against Adversarial Examples
21. ARXIV 2018 Adversarial Logit Pairing
22. ICML 2019 On the Connection Between Adversarial Robustness and Saliency Map Interpretability
23. NIPS 2019 Defense Against Adversarial Attacks Using Feature Scattering-based Adversarial Training💭
24. NIPS 2016 Robustness of classifiers: from adversarial to random noise 💭
25. CVPR 2018 Defense Against Adversarial Attacks Using High-Level Representation Guided Denoiser
26. ICML 2019 Using Pre-Training Can Improve Model Robustness and Uncertainty
27. ICML 2020 Triple Wins: Boosting Accuracy, Robustness and Efficiency Together by Enabling Input-Adaptive Inference
28. ICCV 2017 [SafetyNet: Detecting and Rejecting Adversarial Examples Robustly]

1. ICCV 2017 CVAE-GAN CVAE-GAN: Fine-Grained Image Generation Through Asymmetric Training
2. ICML 2016 VAE-GAN Autoencoding beyond pixels using a learned similarity metric
3. ARXIV 2019 DATASET Natural Adversarial Examples
4. ICML 2017 AC-GAN Conditional Image Synthesis with Auxiliary Classifier {GAN}s
5. ICCV 2019 SinGAN SinGAN: Learning a Generative Model From a Single Natural Image
6. ICLR 2020 Robust And Interpretable Blind Image Denoising Via Bias-Free Convolutional Neural Networks
7. ICLR 2020 Pay Attention to Features, Transfer Learn Faster CNNs
8. ICLR 2020 On Robustness of Neural Ordinary Differential Equations
9. ICCV 2019 Real Image Denoising With Feature Attention
10. ICLR 2018 Multi-Scale Dense Networks for Resource Efficient Image Classification
11. ARXIV 2019 Rethinking Data Augmentation: Self-Supervision and Self-Distillation
12. CVPR 2014 [Rich feature hierarchies for accurate object detection and semantic segmentation]
13. ICLR 2018 [Spectral Normalization for Generative Adversarial Networks]
14. NIPS 2018 [MetaGAN: An Adversarial Approach to Few-Shot Learning]
15. ARXIV 2019 [Breaking the cycle -- Colleagues are all you need]
16. ARXIV 2019 [LOGAN: Latent Optimisation for Generative Adversarial Networks]

• Adversarial Machine Learning Reading List by Nicholas Carlini
• A Complete List of All (arXiv) Adversarial Example Papers by Nicholas Carlini Stay Tuned