Deep neural networks (DNNs) have been found to be vulnerable againset adversarial examples. Here I collected all the papers in the areas of adversarial example generation and the corresponding adversarial attack defense studies.

I would continue adding papers to this roadmap.

[0] Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, Rob Fergus. "Intriguing properties of neural networks." ArXiv 2013. [pdf] (Background in this area) ⭐⭐⭐⭐⭐

[1] Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. "Explaining and harnessing adversarial examples." ICLR 2015. [pdf] (First work in adversarial example generation.) ⭐⭐⭐⭐⭐

[2] Alexey Kurakin, Ian Goodfellow, and Samy Bengio. "Adversarial examples in the physical world." ICLR Workshop 2017. [pdf] (Based on FGSM, two additional algorithms) ⭐⭐

[3] Nicholas Carlini and David Wagner. "Towards evaluating the robustness of neural networks." IEEE Symposium on Security and Privacy 2017. [pdf] (Optimization based method) ⭐⭐⭐

[4] Yanpei Liu, Xinyun Chen, Chang Liu, and Dawn Song. "Delving into transferable adversarial examples and black-box attacks." ICLR 2017. [pdf] (Optimization based method) ⭐⭐⭐⭐

[5] Nicolas Papernot, Patrick McDaniel, Ian Goodfellow, Somesh Jha, Z. Berkay Celik, Ananthram Swami. "Practical Black-Box Attacks against Machine Learning." Asia CCS 2017. [pdf] (Optimization based method) ⭐⭐

[6] Nicolas Papernot, Patrick McDaniel, Ian Goodfellow. "Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples." ArXiv 2016. [pdf] (Optimization based method) ⭐⭐

[7] Anonymous Authors. "Generating Adversarial Examples with Adversarial Networks." ICLR 2018 (Rejected). [pdf] (GAN-based work) ⭐⭐⭐

[8] Zhengli Zhao, Dheeru Dua, and Sameer Singh. "Generating Natural Adversarial Examples." ICLR 2018. [pdf] (Natural adversarial image generation) ⭐⭐⭐⭐

[9] Weiwei Hu and Ying Tan. "Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN." ArXiv 2017. [pdf] (GAN-based work) ⭐⭐⭐⭐

This part will be finished soon.

[10] Robin Jia and Percy Liang. "Adversarial Examples for Evaluating Reading Comprehension Systems." EMNLP 2017. [pdf] (First work of adversarial example in QA) ⭐⭐⭐

[11] Volodymyr Kuleshov, Shantanu Thakoor, Tingfung Lau, Stefano Ermon. "Adversarial Examples for Natural Language Classification Problems." ICLR 2018 (Rejected). [pdf] (NLP work) ⭐

This part will be finished soon.