Wireless Communications and Mobile Computing

Review Article

A Survey on Adversarial Attack in the Age of Artificial Intelligence

Typical attack algorithms for different application domains.


Method	Access permission	Targeted/nontargeted	Application domain	Metrics/strategies

Papernot et al. 2016 [24]	White box	Nontargeted	Text	Gradient
TextFool 2018 [25]	White and black box	Targeted	Text	Gradient
HotFlip 2018 [26]	White box	Nontargeted	Text	Gradient
Alzantot et al. 2018 [27]	Black box	Targeted	Text	Euclidean distance
DeepWordBug 2018 [28]	Black box	Nontargeted	Text	Scoring function
Zhao et al. 2018 [29]	Black box	Nontargeted	Text and image	WGAN-based
TextBugger 2019 [30]	White and black box	Nontargeted	Text	Confidence coefficient, scoring function
DISTFLIP 2019 [31]	Black box	Nontargeted	Text	Gradient
UPSET 2011 [32]	Black box	Targeted	Universal
L-BFGS 2014 [33]	White and black box	Targeted	Image
FGSM-based 2015 [34]	White box	Targeted/nontargeted	Universal	_,
JSMA 2015 [35]	White box	Targeted	Image
DeepFool 2016 [36]	White box	Nontargeted	Image	_,
BIM and ILCM 2017 [37]	White box	Nontargeted	Image
One-pixel 2017 [38]	Black box	Targeted	Image
C&W 2017 [39]	White box	Nontargeted	Image	_,_,
Universal perturbations 2017 [40]	White box	Nontargeted	Universal	_,
ANGRI 2017 [41]	Black box	Targeted	Image
Houdini 2017 [42]	Black box	Targeted	Image	_,
ATNs 2017 [43]	White box	Targeted	Image
MalGAN 2017 [44]	Black box	Targeted	Malware	GAN-based, gradient
SLEIPNIR 2018 [45]	White box	Targeted	Malware	Saddle-point optimization
Kolosnjaji et al. 2018 [46]	White box	Targeted	Malware	Gradient
Song et al. 2020 [47]	Black box	Targeted	Malware	Number of bytes changed
Rosenberg et al. 2020 [48]	Black box	Targeted	Malware	API call-based, GAN
MalRNN 2020 [49]	Black box	Targeted	Malware	Varying the append size