Deep neural networks (DNN) have achieved unprecedented success in numerous machine learning tasks in various domains. However, the existence of adversarial examples leaves us a big hesitation when applying DNN models on safety-critical tasks such as autonomous vehicles and malware detection. These adversarial examples are intentionally crafted instances, either appearing in the train or test phase, which can fool the DNN models to make severe mistakes. Therefore, people are dedicated to devising more robust models to resist adversarial examples, but usually they are broken by new stronger attacks. This arms-race between adversarial attacks and defenses has been drawn increasing attention in recent years. In this tutorial, we provide a comprehensive overview on the frontiers and advances of adversarial attacks and their countermeasures. In particular, we give a detailed introduction of different types of attacks under different scenarios, including evasion and poisoning attacks, white-box and black box attacks. We will also discuss how the defending strategies develop to compete against these attacks, and how new attacks come out to break these defenses. Moreover, we will discuss the story of adversarial attacks and defenses in other data domains, especially in graph structured data. Then, we introduce DeepRobust, a Pytorch adversarial learning library which aims to build a comprehensive and easy-to-use platform to foster this research field. Finally, we summarize the tutorial with discussions on open issues and challenges about adversarial attacks and defenses. Via our tutorial, our audience can grip the main idea and key approaches of the game between adversarial attacks and defenses.

Han Xu.

Han Xu is a Ph.D. student of Computer Science and Engineering at Michigan State University. Before joining MSU, he gained his master’s degree of Applied Statistics in the University of Michigan. His current research interest lies on adversarial attacks and defenses, with their applications on various deep learning tasks. He is one of the main contributors of one PyTorch library about adversarial learning, DeepRobust, which helps researcher who are interested in the field of adversarial learning. Updated information can be found at http://cse.msu.edu/~xuhan1/

Yaxin Li.

Yaxin Li is a Ph.D. student of Computer Science and Engineering at Michigan State University. Her research interests mainly focus on adversarial learning on image classification and graph classification. She is the leader and one of the main contributors of one PyTorch library about adversarial learning, DeepRobust, which helps researchers in this field and gains lots of attention in the community. Updated information can be found at http://cse.msu.edu/~liyaxin1/

Wei Jin.

Wei Jin is a Ph.D. student of Computer Science and Engineering at Michigan State University. He works on the area of graph neural network including its theory foundations, model robustness and applications. He is one of main contributors of the adversarial learning repository DeepRobust, where he programs for more than 10 useful algorithms about graph adversarial attacks and defenses. He was a presenter of a tutorial “Graph Neural Networks: Models and Applications” in the AAAI Conference on Artificial Intelligence 2020 that has attracted more than 400 audience. More information can be found at http://cse.msu.edu/~jinwei2/.

Jiliang Tang

Jiliang Tang is an assistant professor in the computer science and engineering department at Michigan State University since Fall 2016. Before that, he was a research scientist in Yahoo Research and got his PhD from Arizona State University in 2015. His research interests including social computing, data mining and machine learning and their applications in education. He was the recipients of 2019 NSF Career Award, the 2015 KDD Best Dissertation runner up and 6 best paper awards (or runner-ups) including WSDM2018 and KDD2016. He serves as conference organizers (e.g., KDD, WSDM and SDM) and journal editors (e.g., TKDD). He has published his research in highly ranked journals and top conference proceedings, which received more than 10,000 of citations with h-index 51 and extensive media coverage. More details can be found via https://www.cse.msu.edu/~tangjili/.