Adversarial Attacks in Computer Vision: Challenges and Defense Strategies
DOI:
https://doi.org/10.63345/sjaibt.v2.i4.101Keywords:
Adversarial attacks, computer vision, deep learning, adversarial defense, convolutional neural networks, robust machine learningAbstract
Adversarial attacks have emerged as one of the most critical vulnerabilities in modern computer vision systems powered by deep learning. Despite their remarkable accuracy and generalization capabilities, convolutional neural networks (CNNs), vision transformers (ViTs), and other deep models remain highly susceptible to imperceptible perturbations crafted by adversaries. These perturbations can mislead models into producing incorrect outputs with high confidence, leading to severe consequences in domains such as autonomous driving, biometric authentication, medical imaging, and surveillance. This paper provides an extensive examination of adversarial attacks in computer vision, categorizing them into white-box, black-box, targeted, and untargeted variants. We explore well-known attack techniques such as the Fast Gradient Sign Method (FGSM), Projected Gradient Descent (PGD), Carlini & Wagner (C&W), and transferability-based black-box strategies. Furthermore, we review state-of-the-art defense mechanisms, including adversarial training, input preprocessing, gradient masking, certified defenses, and robust optimization. A statistical analysis is provided to evaluate the performance degradation of vision models under adversarial conditions and the improvement achieved through defense strategies. Our methodology integrates systematic literature review, empirical evaluation, and comparative simulation on benchmark datasets such as MNIST, CIFAR-10, and ImageNet. Results highlight that adversarial training remains the most effective defense but comes at the cost of computational overhead and reduced clean accuracy. The paper concludes by identifying gaps in current defense research and outlining future directions, including adaptive hybrid defenses, explainable adversarial robustness, and biologically inspired vision architectures. The study contributes a comprehensive understanding of adversarial machine learning in computer vision and provides a roadmap for building more secure and trustworthy AI systems.
Downloads
References
• Athalye, A., Carlini, N., & Wagner, D. (2018). Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. International Conference on Machine Learning (ICML), 274–283.
• Buckman, J., Roy, A., Raffel, C., & Goodfellow, I. (2018). Thermometer encoding: One hot way to resist adversarial examples. International Conference on Learning Representations (ICLR).
• Carlini, N., & Wagner, D. (2017). Towards evaluating the robustness of neural networks. IEEE Symposium on Security and Privacy (SP), 39(1), 39–57.
• Chen, J., Jordan, M. I., & Wainwright, M. J. (2020). HopSkipJumpAttack: A query-efficient decision-based attack. IEEE Symposium on Security and Privacy (SP), 1277–1294.
• Croce, F., & Hein, M. (2020). Reliable evaluation of adversarial robustness with AutoAttack. Advances in Neural Information Processing Systems (NeurIPS), 33, 274–285.
• Goodfellow, I. J., Shlens, J., & Szegedy, C. (2015). Explaining and harnessing adversarial examples. International Conference on Learning Representations (ICLR).
• Guo, C., Rana, M., Cisse, M., & van der Maaten, L. (2018). Countering adversarial images using input transformations. International Conference on Learning Representations (ICLR).
• Hendrycks, D., Zhao, K., Basart, S., Steinhardt, J., & Song, D. (2021). Natural adversarial examples. Computer Vision and Pattern Recognition (CVPR), 15262–15271.
• Ilyas, A., Santurkar, S., Tsipras, D., Engstrom, L., Tran, B., & Madry, A. (2019). Adversarial examples are not bugs, they are features. Advances in Neural Information Processing Systems (NeurIPS), 32, 125–136.
• Kurakin, A., Goodfellow, I., & Bengio, S. (2017). Adversarial examples in the physical world. Artificial Intelligence and Statistics (AISTATS).
• Madry, A., Makelov, A., Schmidt, L., Tsipras, D., & Vladu, A. (2018). Towards deep learning models resistant to adversarial attacks. International Conference on Learning Representations (ICLR).
• Naseer, M., Khan, S. H., Hayat, M., & Khan, F. S. (2020). A self-supervised approach for adversarial robustness. IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 262–271.
• Papernot, N., McDaniel, P., Wu, X., Jha, S., & Swami, A. (2016). Distillation as a defense to adversarial perturbations. IEEE Symposium on Security and Privacy (SP), 582–597.
• Papernot, N., McDaniel, P., Sinha, A., & Wellman, M. (2018). SoK: Security and privacy in machine learning. IEEE European Symposium on Security and Privacy (EuroS&P), 399–414.
• Qin, Y., Carlini, N., Goodfellow, I., Cottrell, G., & Raffel, C. (2019). Imperceptible, robust, and targeted adversarial examples for automatic speech recognition. International Conference on Machine Learning (ICML), 5231–5240.
• Tramèr, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., & McDaniel, P. (2018). Ensemble adversarial training: Attacks and defenses. International Conference on Learning Representations (ICLR).
• Wang, X., He, K., & Zhang, H. (2021). Adversarial robustness of vision transformers. Advances in Neural Information Processing Systems (NeurIPS), 34, 7855–7866.
• Wong, E., & Kolter, J. Z. (2018). Provable defenses against adversarial examples via the convex outer adversarial polytope. International Conference on Machine Learning (ICML), 5286–5295.
• Xie, C., Wu, Y., van der Maaten, L., Yuille, A. L., & He, K. (2019). Feature denoising for improving adversarial robustness. IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 501–509.
• Zhang, H., Yu, Y., Jiao, J., Xing, E., Ghaoui, L. E., & Jordan, M. (2019). Theoretically principled trade-off between robustness and accuracy. International Conference on Machine Learning (ICML), 7472–7482.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Scientific Journal of Artificial Intelligence and Blockchain Technologies
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
The license allows re-users to share and adapt the work, as long as credit is given to the author and don't use it for commercial purposes.
