From time to time I receive emails asking how to get started studying adversarial machine learning. Below is the list of papers I recommend reading to become familiar with the specific sub-field of evasion attacks on machine learning systems (i.e., adversarial examples).

Alternatively, you may be interested in seeing an (unfiltered) list of all 1000+ adversarial example papers.

There are three versions of this list:

• The just-the-basics list: a collection of five papers that briefly summarize the field. You won't be doing any new research from this, but you'll understand what people mean when they say they study adversarial examples.
• The quick-introduction list: the ~10 most important papers to read to get a solid grounding in the field of adversarial examples in machine learning.
• The complete-background list: the full list, containing all of the papers that anyone who wants to perform neural network evaluations should read. The papers are split by topic and indicated which topics should be read before others.