Next Article in Journal
Nonuniform Bessel-Based Radiation Distributions on A Spherically Curved Boundary for Modeling the Acoustic Field of Focused Ultrasound Transducers
Next Article in Special Issue
An Automatic Modulation Recognition Method with Low Parameter Estimation Dependence Based on Spatial Transformer Networks
Previous Article in Journal
Electrospun Nanometer to Micrometer Scale Biomimetic Synthetic Membrane Scaffolds in Drug Delivery and Tissue Engineering: A Review
Previous Article in Special Issue
An On-Line and Adaptive Method for Detecting Abnormal Events in Videos Using Spatio-Temporal ConvNet
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 9
Issue 5
10.3390/app9050909
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Review
Peer-Review Record

Review of Artificial Intelligence Adversarial Attack and Defense Technologies

Appl. Sci. 2019, 9(5), 909; https://doi.org/10.3390/app9050909
by Shilin Qiu, Qihe Liu *,†, Shijie Zhou and Chunjiang Wu
Reviewer 1: Anonymous
Reviewer 3: Anonymous
Reviewer 4: Anonymous
Appl. Sci. 2019, 9(5), 909; https://doi.org/10.3390/app9050909
Submission received: 19 January 2019 / Revised: 20 February 2019 / Accepted: 22 February 2019 / Published: 4 March 2019
(This article belongs to the Special Issue Advances in Deep Learning)

Round 1

Reviewer 1 Report

Conceptual issues:

*. The paper is proposed as about adversarial attaches on "Artificial Intelligence", while it is actually about "neural network", "deep learning", or at most about "statistical machine learning". Though this technique is indeed the most well-known one among AI techniques, the problems and solutions discussed in this article do not apply to all AI techniques in general.

*. The attacks are divided into "training stage" and "testing stage", though the latter also includes the attacks that may happen after the trained model are deployed for practical applications -- actually that would be the most dangerous situation. It is probably better to call the stages "during training" and "after training", respectively, so as to indicate that the attacks are not limited to the period when the model is under development (which consists of a "training stage" and a "testing stage").


English issues:

Line 58: "We conclude applications" --> "include"?

Line 95: "some causes for the emerge of" --> "some explanations for the existence of ..."?

Line 105" " will lead effective change" --> "will lead to ..."

Line 143: "tesing" --> "testing"

Line 151-152: "settings or past inputs" --> "past input/output pairs"

Line 180: "a adversarial" --> "an ..."

Line 252: "a more simplified" --> "a simplified"

Line 270: "The articles has" --> "have"

Line 271: "on this basics" --> "basis"

Line 271: "achieved great achievements" --> it would be better to avoid such combination, maybe "produced good results"?

Line 273: "jacobian" --> "Jacobian"

Line 299: should be consistent with Line 303 in the usage of capitalized words

Line 309: "at the cost of higher calculation cost" --> avoid the repeated "cost"

Line 322: "a oracle" --> "an ..."

Line 618: "MegNet" --> "MagNet"

Line 639: "achieved rich achivements" -- as Line 271, also should be "achievements"



Author Response

Thanks to your feedback. We have made revisions according to your Suggestions. Please check the attached document for details.

Author Response File: Author Response.docx

Reviewer 2 Report

 The paper aims to comprehensively summarize the latest research progresses on articial intelligence adversarial attack and defense technologies. According to the target model’s different stages the adversarial attack occurred in, this paper expounds the adversarial attack methods in training stage and testing stage respectively.

This is very interesting (and updated) topic that links also with the ethics that AI systems must have due to robustness is key for that purpose.

The state of the art is very extensive but it lacks many times of concreteness, for instance in line 67-68 of page 2 the authors make reference to three  studies 6,15,36 but it is not clear what they do, a more extensive explanation of why it is included in the paper and why is important that work would be needed and will improve the understanding. The whole paragraph 64-74 is not clear indeed, it just provide a summary of works.

Figure 2. needs a better explanation to be useful in that part of the article and understand its purpose rather than just referencing it.

Check the grammar for instance at line 143 page 5 there is a type tesing instead of testing.

The conclusions are good though it would be interesting to have another point of view or alternative that could be used in order to provide defense against the problem. For instance would be feasible for the algorithms to pass some benchmarks test in order to proof that they are behaving as expected?

Overall I find the paper very interesting and explains a complex problema in a easy way and with updated references.


Author Response

Thanks to your feedback. We have made revisions according to your Suggestions. Please check the attached document for details.

Author Response File: Author Response.docx

Reviewer 3 Report

The manuscript present a deep and detailed review of adversarial attack and difense technologies in several fields of artificial intelligence.


Although the paper is well structured, and in the current version could be accepted for publishing, there is a critical and strong need of editing the English language. There are too many sintactic and semantic issues, for example,the verbal form "to have + verb + ing".

I suggest to ask for the support of a native English speaker.

Author Response

Thanks to your feedback. We have made revisions according to your Suggestions. Please check the attached document for details.

Author Response File: Author Response.docx

Reviewer 4 Report

This paper reviews recent studies on artificial intelligence adversarial attacks, defense technologies, causes and characteristics and goals. As key contribution of the article the applications of adversarial attack technologies are listed. Finally, possible defense methods against adversarial attacks are presented. Overall this paper is a good contribution to the understanding of adversarial attacks and gives a good structure for further research work. As a minor change I would suggest to enhance the quality and appearance of the images a bit. They seem to be not fitting together and an uniform appearance would look much better.

 

 


Author Response

Thanks to your feedback. We have made revisions according to your Suggestions. Please check the attached document for details.

Author Response File: Author Response.docx

Back to TopTop