This is the repository for the IJCAI 2021 paper titled A Survey on Universal Adversarial Attack.

The intriguing phenomenon of adversarial examples has attracted significant attention in machine learning and what might be more surprising to the community is the existence of universal adversarial perturbations (UAPs), \ie a single perturbation to fool the target DNN for most images. With the focus on UAP against deep classifiers, this survey summarizes the recent progress on universal adversarial attacks, discussing the challenges from both the attack and defense sides, as well as the reason for the existence of UAP. We aim to extend this work as a dynamic survey that will regularly update its content to follow new works regarding UAP or universal attack in a wide range of domains, such as image, audio, video, text, etc. Relevant update will be discussed in this repositoty. We welcome authors of future works in this field to contact us for including your new findings.

Depending on our schdule as well as the request from other authors, we will update its content at a regular basis. If you are willing to help improve this work, we are happy to add your name to the author list in the updated arxiv version.

Towards Data-free Universal Adversarial Perturbations and No-box Attack (tentative tile), ICCV2021
Towards Data-free Universal Adversarial Perturbations with Artificial Jigsaw Images, RobustML Workshop ICLR2021
Universal adversarial perturbations through the lens of deep steganography: Towards a fourier perspective, AAAI2021
UDH: Universal deephiding for steganography, watermarking, and light field messaging, NeurIPS2020
Understanding adversarial examples from the mutual influence of images and perturbations, CVPR2020
Universal adversarial trainingwith class-wise perturbations, ICME2021
Double targeted universal ad-versarial perturbations, ACCV2020
CD-UAP: Class discriminativeuniversal adversarial perturbation, AAAI2020

1 Universal Adversarial Perturbations, CVPR2017
2 Analysis of Universal Adversarial Perturbations, Arxiv2018
3 Generalizabledata-free objective for crafting universal adversarial per-turbations, TPAMI2018
4 Generative Adversrial Perturbations, CVPR2018
5 Defense against universal adversarial perturbations, CVPR2018
6 Art of singular vectors and universal adversarialperturbations, CVPR2018
7 Ask, acquire, and attack: Data-free uap generation using class impressions, ECCV2018
8 With friends like these, who needs adversaries? NeurIPS2018
9 Universal adversarial perturbation via prior driven uncertaintyapproximation, ICCV2019
10 Defendingagainst universal perturbations with shared adversarialtraining, ICCV2019
11 CD-UAP: Class discriminativeuniversal adversarial perturbation, AAAI2020
12 Universal Adversarial Training, AAAI2020
13 Understanding adversarial ex-amples from the mutual influence of images and perturba-tions, CVPR2020
14 Universal adversarial perturbations through the lens of deep steganography: Towards a fourier perspective, AAAI2021\

@inproceedings{zhang2021survey,
  title={A Survey on Universal Adversarial Attack},
  author={Zhang, Chaoning and Benz, Philipp and Lin, Chenguo, and Karjauv, Adil and Wu, Jing and Kweon, In-So},
  booktitle={ 30th International Joint Conference on Artificial Intelligence (IJCAI-21)},
  year={2021},
  organization={International Joint Conferences on Artificial Intelligence Organization}
}