Evasion Attacks on Image Classification Models: A Comprehensive Review of Strategies and Defense Mechanisms
摘要
Evasion attacks represent a significant threat to the integrity of machine learning systems, particularly in the realm of image classification. These attacks involve subtly altering input data to mislead trained models while remaining indistinguishable from unaltered instances to human observers. This review paper systematically explores the mechanisms and methodologies behind various evasion attacks, including techniques like the Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD). Additionally, we investigate the substantial impact these attacks can have on model performance, often leading to severe accuracy drops. Despite the development of several defensive strategies, including adversarial training and input preprocessing, many existing defenses remain vulnerable to adaptive strategies employed by attackers. Furthermore, we identify critical gaps in the current research landscape, such as the need for universal defense mechanisms and standardized evaluation metrics. Conclusively, this paper emphasizes the importance of interdisciplinary approaches to fortify systems against such vulnerabilities and outlines future research directions aimed at enhancing the robustness of image classification models against evasion attacks.