Generative Adversarial Networks: A Survey on Attack and Defense Perspective

Generative Adversarial Networks (GANs) are a remarkable creation with regard to deep generative models. Thanks to their ability to learn from complex data distributions, GANs have been credited with the capacity to generate plausible data examples, which have been widely applied to various data generation tasks over image, text, and audio. However, as with any powerful technology, GANs have a flip side: their capability to generate realistic data can be exploited for malicious purposes. Many recent studies have demonstrated the security and privacy (S&P) threats brought by GANs, especially the attacks on machine learning (ML) systems. Nevertheless, so far as we know, there is no existing survey that has systematically categorized and discussed the threats and strategies of these GAN-based attack methods. In this article, we provide a comprehensive survey of GAN-based attacks and countermeasures. We summarize and articulate: (1) what S&P threats of GANs expose to ML systems; (2) why GANs are useful for certain attacks; (3) what strategies can be used for GAN-based attacks; and (4) what countermeasures can be effective to GAN-based attacks. Finally, we provide several promising research directions combining the existing limitations of GAN-based studies and the prevailing trend in the associated research fields.