Resumen
Deep learning has received a lot of attention from the scientific community in recent years due to excellent results in various areas of tasks, including computer vision. For example, in the problem of image classification, some authors even announced that neural networks have surpassed humans in the accuracy of recognition. However, the discovery of adversarial examples for machine learning models has shown that modern computer vision architectures are very vulnerable to adversaries and additional attention is required when implementing them in critical infrastructure areas. Since then, many new attacks in different threat models have been proposed and the possibility of such attacks in the real world has been shown. At the same time, no protection method has been proposed so far that would be reliable against existing attacks, not to mention guarantees against the entire possible set of threats. This article discusses and systematizes evasion attacks in the field of computer vision. In this type of attack which is most popular, an adversary can only interact with the model during inference and change its input.