Exploring Perturbation Patterns and Impact in Adversarial Machine Learning: A Systematic Literature Review

Adversarial attacks have gained growing attention due to their ability to mislead machine learning models by introducing carefully crafted perturbations. These attacks span a wide variety of domains, from image recognition to graph-based and NLP models. In this context, understanding the nature of such perturbations is crucial for both detecting attacks and designing effective defenses. Despite the abundance of research on adversarial machine learning, little is known about how perturbation types vary based on the category of the targeted feature, or how the amount of perturbation influences the attack’s impact. To this aim, we conducted a systematic study to (i) identify and classify the perturbation strategies used in adversarial attacks and (ii) analyze the relationship between the strength of perturbation, the perturbation type, and the impact on model behavior. Our findings show that while many attacks apply minimal but targeted changes, the perturbation type plays a major role in determining the success of the attack. Furthermore, attacks with similar perturbation magnitudes may have vastly different impacts depending on their semantic focus. These insights can support the prioritization of defense mechanisms by focusing on high-impact perturbations, and lay the groundwork for improved adversarial detection systems based on perturbation-level analysis.