CS2125 Paper Review Form - Winter 2019 Reviewer: Hazem Ibrahim Paper Title: Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey Author(s): NAVEED AKHTAR AND AJMAL MIAN 1) Is the paper technically correct? [X] Yes [ ] Mostly (minor flaws, but mostly solid) [ ] No 2) Originality [ ] Very good (very novel, trailblazing work) [ ] Good [ ] Marginal (very incremental) [X] Poor (little or nothing that is new) (Because its a survey paper) 3) Technical Depth [ ] Very good (comparable to best conference papers) [X] Good (comparable to typical conference papers) [ ] Marginal depth [ ] Little or no depth 4) Impact/Significance [ ] Very significant [ ] Significant [X] Marginal significance. [ ] Little or no significance. 5) Presentation [X] Very well written [ ] Generally well written [ ] Readable [ ] Needs considerable work [ ] Unacceptably bad 6) Overall Rating [ ] Strong accept (award quality) [X] Accept (high quality - would argue for acceptance) [ ] Weak Accept (borderline, but lean towards acceptance) [ ] Weak Reject (not sure why this paper was published) 7) Summary of the paper's main contribution and rationale for your recommendation. (1-2 paragraphs) This paper aims to give a comprehensive survey on adversarial attacks on deep learning in computer vision. The authors begin by providing a list of terms and their definitions which will be used in following sections. Following this, the authors begin by reviewing literature in the field of adversarial attacks, both for attacks targetting classification and recognition, as well as attacks on other types of networks such as autoencoders or recurrent neural networks. The authors go on to describe current adversarial attacks in real-world conditions. The authors also take a moment to describe a number of factors that are involved in the robustness of networks to adversarial attacks, before finally discussing a number of different defenses towards current adversarial attacks. I would argue for this paper's contribution as it gives an excellent starting point for a reader who may not be familiar with adversarial attacks in the field of computer vision. The authors manage to strike a balance between simple explanations and technical detail while leaving more rigorous mathematical explanations for the user to discover by reading the original papers. 8) List 1-3 strengths of the paper. (1-2 sentences each, identified as S1, S2, S3.) S1. The paper is well written and provides the reader with a great introduction into adversarial attacks. S2. Many explanations are accompanied with figures to illustrate the results of some attacks and defenses. S3. By presenting the different attacks in chornological order, it is easy for the reader to infer relationships between the various attacks presented. 9) List 1-3 weaknesses of the paper (1-2 sentences each, identified as W1, W2, W3.) W1. While the paper introduces many concepts, it leaves many details and explanations to be desired. W2. Some points in Section VII are repetitive and could be eliminated.