Awesome Adversarial ML
Adversarial ML is one of the most active areas in Awesome Cybersecurity β 1,244 papers in this collection, evaluated on datasets like CIFAR-10, MNIST, ImageNet. A strong starting point is "Backdoor Learning: A Survey".
Datasets & benchmarks
Key papers
- Backdoor Learning: A Survey (2020)Yiming Li, Yong Jiang, Zhifeng Li, et al.25.77
- Evasion Attacks Against Machine Learning At Test Time (2017)Battista Biggio, Igino Corona, Davide Maiorca, et al.22.04
- Textbugger: Generating Adversarial Text Against Real-world Applications (2018)Jinfeng Li, Shouling Ji, Tianyu Du, et al.18.70
- PRADA: Protecting Against DNN Model Stealing Attacks (2018)Mika Juuti, Sebastian Szyller, Samuel Marchal, et al.18.53
- Adversarial Malware Binaries: Evading Deep Learning For Malware Detection In Executables (2018)Bojan Kolosnjaji, Ambra Demontis, Battista Biggio, et al.17.71
- Adversarial Machine Learning Attacks And Defense Methods In The Cyber Security Domain (2020)Ihai Rosenberg, Asaf Shabtai, Yuval Elovici, et al.17.66
- Automated Poisoning Attacks And Defenses In Malware Detection Systems: An Adversarial Machine Learning Approach (2017)Sen Chen, Minhui Xue, Lingling Fan, et al.17.14
- Adversarial Machine Learning In Network Intrusion Detection Systems (2020)Elie Alhajjar, Paul Maxwell, Nathaniel D. Bastian17.04
- Adversarial Feature Selection Against Evasion Attacks (2020)Fei Zhang, Patrick P. K. Chan, Battista Biggio, et al.16.84
- IDSGAN: Generative Adversarial Networks For Attack Generation Against Intrusion Detection (2018)Zilong Lin, Yong Shi, Zhi Xue16.79
- Privacy Risks Of Securing Machine Learning Models Against Adversarial Examples (2019)Liwei Song, Reza Shokri, Prateek Mittal16.71
- Evaluating And Improving Adversarial Robustness Of Machine Learning-based Network Intrusion Detectors (2020)Dongqi Han, Zhiliang Wang, Ying Zhong, et al.16.65
- Support Vector Machines Under Adversarial Label Contamination (2022)Huang Xiao, Battista Biggio, Blaine Nelson, et al.16.53
- Deepsweep: An Evaluation Framework For Mitigating DNN Backdoor Attacks Using Data Augmentation (2020)Han Qiu, Yi Zeng, Shangwei Guo, et al.16.51
- Deep K-nn Defense Against Clean-label Data Poisoning Attacks (2019)Neehar Peri, Neal Gupta, W. Ronny Huang, et al.16.44
- Generating Adversarial Malware Examples For Black-box Attacks Based On GAN (2017)Weiwei Hu, Ying Tan16.03
- Enhanced Membership Inference Attacks Against Machine Learning Models (2021)Jiayuan Ye, Aadyaa Maddi, Sasi Kumar Murakonda, et al.15.78
- Modeling Realistic Adversarial Attacks Against Network Intrusion Detection Systems (2021)Giovanni Apruzzese, Mauro Andreolini, Luca Ferretti, et al.15.73
- A Restricted Black-box Adversarial Framework Towards Attacking Graph Embedding Models (2019)Heng Chang, Yu Rong, Tingyang Xu, et al.15.16
- Robust Watermarking Of Neural Network With Exponential Weighting (2019)Ryota Namba, Jun Sakuma15.10
- Hidden Killer: Invisible Textual Backdoor Attacks With Syntactic Trigger (2021)Fanchao Qi, Mukai Li, Yangyi Chen, et al.15.00
- Poison Ink: Robust And Invisible Backdoor Attack (2021)Jie Zhang, Dongdong Chen, Qidong Huang, et al.14.90
- Adversarial Attack On Large Scale Graph (2020)Jintang Li, Tao Xie, Liang Chen, et al.14.77
- Mockingbird: Defending Against Deep-learning-based Website Fingerprinting Attacks With Adversarial Traces (2019)Mohammad Saidur Rahman, Mohsen Imani, Nate Mathews, et al.14.73
- Learning The Associations Of MITRE ATT&CK Adversarial Techniques (2020)Rawan Al-Shaer, Jonathan M. Spring, Eliana Christou14.69
- Adversary-resilient Distributed And Decentralized Statistical Inference And Machine Learning: An Overview Of Recent Advances Under The Byzantine Threat Model (2019)Zhixiong Yang, Arpita Gang, Waheed U. Bajwa14.35
- Evading Classifiers By Morphing In The Dark (2017)Hung Dang, Yue Huang, Ee-Chien Chang14.19
- Towards Adversarial Malware Detection: Lessons Learned From Pdf-based Attacks (2018)Davide Maiorca, Battista Biggio, Giorgio Giacinto14.11
- Backdoor Defense With Machine Unlearning (2022)Yang Liu, Mingyuan Fan, Cen Chen, et al.14.06
- How To Backdoor Diffusion Models? (2022)Sheng-Yen Chou, Pin-Yu Chen, Tsung-Yi Ho13.84
- Backdoor Attacks On Pre-trained Models By Layerwise Weight Poisoning (2021)Linyang Li, Demin Song, Xiaonan Li, et al.13.74
- Poisoning Web-scale Training Datasets Is Practical (2023)Nicholas Carlini, Matthew Jagielski, Christopher A. Choquette-Choo, et al.13.50
- "real Attackers Don't Compute Gradients": Bridging The Gap Between Adversarial ML Research And Practice (2022)Giovanni Apruzzese, Hyrum S. Anderson, Savino Dambra, et al.13.28
- A Framework For Enhancing Deep Neural Networks Against Adversarial Malware (2020)Deqiang Li, Qianmu Li, Yanfang Ye, et al.13.28
- A Simple Framework To Enhance The Adversarial Robustness Of Deep Learning-based Intrusion Detection System (2023)Xinwei Yuan, Shu Han, Wei Huang, et al.13.28
- Membership Inference Attacks And Defenses In Classification Models (2020)Jiacheng Li, Ninghui Li, Bruno Ribeiro13.23
- Black-box Attacks On Sequential Recommenders Via Data-free Model Extraction (2021)Zhenrui Yue, Zhankui He, Huimin Zeng, et al.13.17
- Charbot: A Simple And Effective Method For Evading DGA Classifiers (2019)Jonathan Peck, Claire Nie, Raaghavi Sivaguru, et al.12.99
- Handling Adversarial Concept Drift In Streaming Data (2018)Tegjyot Singh Sethi, Mehmed Kantardzic12.81
- Enhancing Network Intrusion Detection Performance Using Generative Adversarial Networks (2024)Xinxing Zhao, Kar Wai Fok, Vrizlynn L. L. Thing12.81
- Evaluation Of Adversarial Training On Different Types Of Neural Networks In Deep Learning-based Idss (2020)Rana Abou Khamis, Ashraf Matrawy12.54
- Enhancing Fine-tuning Based Backdoor Defense With Sharpness-aware Minimization (2023)Mingli Zhu, Shaokui Wei, Li Shen, et al.12.33
- R-htdetector: Robust Hardware-trojan Detection Based On Adversarial Training (2022)Kento Hasegawa, Seira Hidano, Kohei Nozawa, et al.12.10
- RAP: Robustness-aware Perturbations For Defending Against Backdoor Attacks On NLP Models (2021)Wenkai Yang, Yankai Lin, Peng Li, et al.12.10
- Generalizable Black-box Adversarial Attack With Meta Learning (2023)Fei Yin, Yong Zhang, Baoyuan Wu, et al.12.10
- Deep Neural Rejection Against Adversarial Examples (2019)Angelo Sotgiu, Ambra Demontis, Marco Melis, et al.12.02
- Adaptative Perturbation Patterns: Realistic Adversarial Learning For Robust Intrusion Detection (2022)João Vitorino, Nuno Oliveira, Isabel Praça12.02
- Query-efficient Black-box Attack Against Sequence-based Malware Classifiers (2018)Ishai Rosenberg, Asaf Shabtai, Yuval Elovici, et al.11.93
- Prompt As Triggers For Backdoor Attack: Examining The Vulnerability In Language Models (2023)Shuai Zhao, Jinming Wen, Luu Anh Tuan, et al.11.85
- Backdoor Attack With Sparse And Invisible Trigger (2023)Yinghua Gao, Yiming Li, Xueluan Gong, et al.11.58
- Data Driven Exploratory Attacks On Black Box Classifiers In Adversarial Domains (2017)Tegjyot Singh Sethi, Mehmed Kantardzic11.58
- A Black-box Adversarial Attack For Poisoning Clustering (2020)Antonio Emanuele CinΓ , Alessandro Torcinovich, Marcello Pelillo11.29
- Can Machine Learning Model With Static Features Be Fooled: An Adversarial Machine Learning Approach (2019)Rahim Taheri, Reza Javidan, Mohammad Shojafar, et al.11.29
- Synthetic Flow-based Cryptomining Attack Generation Through Generative Adversarial Networks (2021)Alberto Mozo, Γngel GonzΓ‘lez-Prieto, Antonio Pastor, et al.11.08
- Trojanpuzzle: Covertly Poisoning Code-suggestion Models (2023)Hojjat Aghakhani, Wei Dai, Andre Manoel, et al.10.97
- Statistical Detection Of Adversarial Examples In Blockchain-based Federated Forest In-vehicle Network Intrusion Detection Systems (2022)Ibrahim Aliyu, Selinde van Engelenburg, Muhammed Bashir Muazu, et al.10.97
- A Survey On Adversarial Attacks For Malware Analysis (2021)Kshitiz Aryal, Maanak Gupta, Mahmoud Abdelsalam10.97
- Man-in-the-middle Attacks Against Machine Learning Classifiers Via Malicious Generative Models (2019)Derui, Wang, Chaoran Li, et al.10.85
- PAD: Towards Principled Adversarial Malware Detection Against Evasion Attacks (2023)Deqiang Li, Shicheng Cui, Yun Li, et al.10.74
- Rethinking Graph Backdoor Attacks: A Distribution-preserving Perspective (2024)Zhiwei Zhang, Minhua Lin, Enyan Dai, et al.10.48