{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,7]],"date-time":"2026-02-07T17:49:02Z","timestamp":1770486542316,"version":"3.49.0"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030012335","type":"print"},{"value":"9783030012342","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-01234-2_23","type":"book-chapter","created":{"date-parts":[[2018,10,5]],"date-time":"2018-10-05T16:13:11Z","timestamp":1538755991000},"page":"381-397","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":200,"title":["Towards Robust Neural Networks via Random Self-ensemble"],"prefix":"10.1007","author":[{"given":"Xuanqing","family":"Liu","sequence":"first","affiliation":[]},{"given":"Minhao","family":"Cheng","sequence":"additional","affiliation":[]},{"given":"Huan","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Cho-Jui","family":"Hsieh","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,10,6]]},"reference":[{"key":"23_CR1","unstructured":"Athalye, A., Carlini, N.: On the robustness of the CVPR 2018 white-box adversarial example defenses. arXiv preprint arXiv:1804.03286 (2018)"},{"key":"23_CR2","unstructured":"Athalye, A., Carlini, N., Wagner, D.: Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. In: 35th International Conference on Machine Learning (ICML) (2018)"},{"key":"23_CR3","unstructured":"Buckman, J., Roy, A., Raffel, C., Goodfellow, I.: Thermometer encoding: one hot way to resist adversarial examples. In: International Conference on Learning Representations (2018). https:\/\/openreview.net\/forum?id=S18Su-CW"},{"key":"23_CR4","doi-asserted-by":"publisher","unstructured":"Carlini, N., Wagner, D.: Adversarial examples are not easily detected: bypassing ten detection methods. In: Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, AISec 2017, pp. 3\u201314. ACM, New York (2017). https:\/\/doi.org\/10.1145\/3128572.3140444, http:\/\/doi.acm.org\/10.1145\/3128572.3140444","DOI":"10.1145\/3128572.3140444"},{"key":"23_CR5","doi-asserted-by":"crossref","unstructured":"Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 39\u201357. IEEE (2017)","DOI":"10.1109\/SP.2017.49"},{"key":"23_CR6","doi-asserted-by":"crossref","unstructured":"Chen, P.Y., Sharma, Y., Zhang, H., Yi, J., Hsieh, C.J.: EAD: elastic-net attacks to deep neural networks via adversarial examples. In: Proceedings of the Thirty-Second AAAI Conference on Artificial Intelligence (2018)","DOI":"10.1609\/aaai.v32i1.11302"},{"key":"23_CR7","unstructured":"Dean, J., et al.: Large scale distributed deep networks. In: Advances in Neural Information Processing Systems, pp. 1223\u20131231 (2012)"},{"key":"23_CR8","unstructured":"Dhillon, G.S., et al.: Stochastic activation pruning for robust adversarial defense. In: International Conference on Learning Representations (2018). https:\/\/openreview.net\/forum?id=H1uR4GZRZ"},{"key":"23_CR9","doi-asserted-by":"crossref","unstructured":"Eykholt, K., et al.: Robust physical-world attacks on deep learning visual classification. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1625\u20131634 (2018)","DOI":"10.1109\/CVPR.2018.00175"},{"key":"23_CR10","unstructured":"Feinman, R., Curtin, R.R., Shintre, S., Gardner, A.B.: Detecting adversarial samples from artifacts. arXiv preprint arXiv:1703.00410 (2017)"},{"key":"23_CR11","unstructured":"Goodfellow, I., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: International Conference on Learning Representations (2015). http:\/\/arxiv.org\/abs\/1412.6572"},{"key":"23_CR12","unstructured":"Grosse, K., Manoharan, P., Papernot, N., Backes, M., McDaniel, P.: On the (statistical) detection of adversarial examples. arXiv preprint arXiv:1702.06280 (2017)"},{"key":"23_CR13","unstructured":"Guo, C., Rana, M., Cisse, M., van der Maaten, L.: Countering adversarial images using input transformations. In: International Conference on Learning Representations (2018). https:\/\/openreview.net\/forum?id=SyJ7ClWCb"},{"key":"23_CR14","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770\u2013778 (2016)","DOI":"10.1109\/CVPR.2016.90"},{"key":"23_CR15","unstructured":"Hein, M., Andriushchenko, M.: Formal guarantees on the robustness of a classifier against adversarial manipulation. In: Advances in Neural Information Processing Systems 30: Annual Conference on Neural Information Processing Systems 2017, 4\u20139 December 2017, Long Beach, CA, USA, pp. 2263\u20132273 (2017)"},{"key":"23_CR16","unstructured":"Huang, R., Xu, B., Schuurmans, D., Szepesv\u00e1ri, C.: Learning with a strong adversary. arXiv preprint arXiv:1511.03034 (2015)"},{"key":"23_CR17","unstructured":"Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial machine learning at scale. In: International Conference on Learning Representations (ICLR) (2017)"},{"key":"23_CR18","doi-asserted-by":"crossref","unstructured":"Lecuyer, M., Atlidakis, V., Geambasu, R., Hsu, D., Jana, S.: Certified Robustness to Adversarial Examples with Differential Privacy. ArXiv e-prints, February 2018","DOI":"10.1109\/SP.2019.00044"},{"key":"23_CR19","unstructured":"Ma, X., et al.: Characterizing adversarial subspaces using local intrinsic dimensionality. In: International Conference on Learning Representations (2018). https:\/\/openreview.net\/forum?id=B1gJ1L2aW"},{"key":"23_CR20","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. In: 6-th International Conference on Learning Representations (ICLR) (2018)"},{"key":"23_CR21","doi-asserted-by":"publisher","unstructured":"Meng, D., Chen, H.: MagNet: a two-pronged defense against adversarial examples. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 135\u2013147. ACM, New York (2017). https:\/\/doi.org\/10.1145\/3133956.3134057, http:\/\/doi.acm.org\/10.1145\/3133956.3134057","DOI":"10.1145\/3133956.3134057"},{"key":"23_CR22","unstructured":"Noh, H., You, T., Mun, J., Han, B.: Regularizing deep neural networks by noise: its interpretation and optimization. In: Advances in Neural Information Processing Systems, pp. 5115\u20135124 (2017)"},{"key":"23_CR23","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., Celik, Z.B., Swami, A.: Practical black-box attacks against deep learning systems using adversarial examples. arXiv preprint arXiv:1602.02697 (2016)","DOI":"10.1145\/3052973.3053009"},{"key":"23_CR24","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Wu, X., Jha, S., Swami, A.: Distillation as a defense to adversarial perturbations against deep neural networks. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 582\u2013597. IEEE (2016)","DOI":"10.1109\/SP.2016.41"},{"key":"23_CR25","unstructured":"Samangouei, P., Kabkab, M., Chellappa, R.: Defense-GAN: protecting classifiers against adversarial attacks using generative models. In: International Conference on Learning Representations (2018). https:\/\/openreview.net\/forum?id=BkJ3ibb0-"},{"key":"23_CR26","unstructured":"Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. In: International Conference on Learning Representation (2015)"},{"key":"23_CR27","unstructured":"Song, Y., Kim, T., Nowozin, S., Ermon, S., Kushman, N.: PixelDefend: leveraging generative models to understand and defend against adversarial examples. In: International Conference on Learning Representations (2018). https:\/\/openreview.net\/forum?id=rJUYGxbCW"},{"key":"23_CR28","unstructured":"Steinhardt, J., Koh, P.W.W., Liang, P.S.: Certified defenses for data poisoning attacks. In: Advances in Neural Information Processing Systems, pp. 3520\u20133532 (2017)"},{"key":"23_CR29","unstructured":"Strauss, T., Hanselmann, M., Junginger, A., Ulmer, H.: Ensemble methods as a defense to adversarial perturbations against deep neural networks. arXiv:1709.03423 (2017)"},{"key":"23_CR30","doi-asserted-by":"crossref","unstructured":"Szegedy, C., et al.: Going deeper with convolutions. In: Proceedings of the IEEE Conference on Computer Vision And Pattern Recognition, pp. 1\u20139 (2015)","DOI":"10.1109\/CVPR.2015.7298594"},{"key":"23_CR31","unstructured":"Szegedy, C., et al.: Intriguing properties of neural networks. In: International Conference on Learning Representation (2014)"},{"key":"23_CR32","unstructured":"Tram\u00e9r, F., Kurakin, A., Papernot, N., Boneh, D., McDaniel, P.: Ensemble adversarial training: attacks and defenses. arXiv preprint arXiv:1705.07204 (2017)"},{"key":"23_CR33","unstructured":"Weng, T.W., et al.: Evaluating the robustness of neural networks: an extreme value theory approach. In: 6-th International Conference on Learning Representations (ICLR) (2018)"},{"key":"23_CR34","doi-asserted-by":"crossref","unstructured":"Xiao, C., Li, B., Zhu, J.Y., He, W., Liu, M., Song, D.: Generating adversarial examples with adversarial networks. In: Proceedings of the Twenty-Seventh International Joint Conference on Artificial Intelligence, IJCAI-2018, pp. 3905\u20133911. International Joint Conferences on Artificial Intelligence Organization, July 2018. https:\/\/doi.org\/10.24963\/ijcai.2018\/543","DOI":"10.24963\/ijcai.2018\/543"},{"key":"23_CR35","unstructured":"Xiao, C., Zhu, J.Y., Li, B., He, W., Liu, M., Song, D.: Spatially transformed adversarial examples. arXiv preprint arXiv:1801.02612 (2018)"},{"key":"23_CR36","unstructured":"Xie, C., Wang, J., Zhang, Z., Ren, Z., Yuille, A.: Mitigating adversarial effects through randomization. In: International Conference on Learning Representations (2018). https:\/\/openreview.net\/forum?id=Sk9yuql0Z"},{"key":"23_CR37","doi-asserted-by":"crossref","unstructured":"Xie, S., Girshick, R., Doll\u00e1r, P., Tu, Z., He, K.: Aggregated residual transformations for deep neural networks. In: 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 5987\u20135995. IEEE (2017)","DOI":"10.1109\/CVPR.2017.634"},{"key":"23_CR38","unstructured":"Xu, K., et al.: Show, attend and tell: Neural image caption generation with visual attention. In: International Conference on Machine Learning, pp. 2048\u20132057 (2015)"},{"key":"23_CR39","doi-asserted-by":"crossref","unstructured":"Xu, W., Evans, D., Qi, Y.: Feature squeezing: detecting adversarial examples in deep neural networks. In: Network and Distributed System Security Symposium (2018)","DOI":"10.14722\/ndss.2018.23198"},{"key":"23_CR40","doi-asserted-by":"crossref","unstructured":"Zantedeschi, V., Nicolae, M.I., Rawat, A.: Efficient defenses against adversarial attacks. In: Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, pp. 39\u201349. ACM (2017)","DOI":"10.1145\/3128572.3140449"}],"container-title":["Lecture Notes in Computer Science","Computer Vision \u2013 ECCV 2018"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-01234-2_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,5]],"date-time":"2022-10-05T00:24:22Z","timestamp":1664929462000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-01234-2_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030012335","9783030012342"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-01234-2_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"6 October 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ECCV","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Conference on Computer Vision","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Munich","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 September 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 September 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eccv2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eccv2018.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}