{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,10]],"date-time":"2024-09-10T20:47:50Z","timestamp":1726001270132},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030032500"},{"type":"electronic","value":"9783030032517"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-03251-7_17","type":"book-chapter","created":{"date-parts":[[2018,11,23]],"date-time":"2018-11-23T02:12:07Z","timestamp":1542939127000},"page":"150-162","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Too Big to FAIL: What You Need to Know Before Attacking a Machine Learning System"],"prefix":"10.1007","author":[{"given":"Tudor","family":"Dumitra\u015f","sequence":"first","affiliation":[]},{"given":"Yi\u011fitcan","family":"Kaya","sequence":"additional","affiliation":[]},{"given":"Radu","family":"M\u0103rginean","sequence":"additional","affiliation":[]},{"given":"Octavian","family":"Suciu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,11,24]]},"reference":[{"key":"17_CR1","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of android malware in your pocket. In: 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, 23\u201326 February 2014 (2014). https:\/\/www.ndss-symposium.org\/ndss2014\/drebin-effective-and-explainable-detection-android-malware-your-pocket","DOI":"10.14722\/ndss.2014.23247"},{"key":"17_CR2","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/s10994-010-5188-5","volume":"81","author":"M Barreno","year":"2010","unstructured":"Barreno, M., Nelson, B., Joseph, A.D., Tygar, J.D.: The security of machine learning. Mach. Learn. 81, 121\u2013148 (2010)","journal-title":"Mach. Learn."},{"key":"17_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"350","DOI":"10.1007\/978-3-642-21557-5_37","volume-title":"Multiple Classifier Systems","author":"B Biggio","year":"2011","unstructured":"Biggio, B., Corona, I., Fumera, G., Giacinto, G., Roli, F.: Bagging classifiers for fighting poisoning attacks in adversarial classification tasks. In: Sansone, C., Kittler, J., Roli, F. (eds.) MCS 2011. LNCS, vol. 6713, pp. 350\u2013359. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-21557-5_37"},{"key":"17_CR4","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"387","DOI":"10.1007\/978-3-642-40994-3_25","volume-title":"Machine Learning and Knowledge Discovery in Databases","author":"B Biggio","year":"2013","unstructured":"Biggio, B., et al.: Evasion attacks against machine learning at test time. In: Blockeel, H., Kersting, K., Nijssen, S., \u017delezn\u00fd, F. (eds.) ECML PKDD 2013. LNCS (LNAI), vol. 8190, pp. 387\u2013402. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40994-3_25"},{"key":"17_CR5","unstructured":"Biggio, B., Nelson, B., Laskov, P.: Poisoning attacks against support vector machines. arXiv preprint arXiv:1206.6389 (2012)"},{"key":"17_CR6","unstructured":"Carlini, N., et al.: Hidden voice commands. In: USENIX Security Symposium, pp. 513\u2013530 (2016)"},{"key":"17_CR7","doi-asserted-by":"publisher","unstructured":"Carlini, N., Wagner, D.A.: Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, 22\u201326 May 2017, pp. 39\u201357 (2017). https:\/\/doi.org\/10.1109\/SP.2017.49","DOI":"10.1109\/SP.2017.49"},{"key":"17_CR8","doi-asserted-by":"crossref","unstructured":"Chau, D.H.P., Nachenberg, C., Wilhelm, J., Wright, A., Faloutsos, C.: Polonium: tera-scale graph mining for malware detection. In: SIAM International Conference on Data Mining (SDM), Mesa, AZ, April 2011. http:\/\/www.cs.cmu.edu\/~dchau\/polonium\/polonium_kdd_ldmta_2010.pdf","DOI":"10.1137\/1.9781611972818.12"},{"key":"17_CR9","doi-asserted-by":"crossref","unstructured":"Chung, J.S., Senior, A., Vinyals, O., Zisserman, A.: Lip reading sentences in the wild. arXiv preprint arXiv:1611.05358 v2 (2016)","DOI":"10.1109\/CVPR.2017.367"},{"key":"17_CR10","doi-asserted-by":"crossref","unstructured":"Cretu, G.F., Stavrou, A., Locasto, M.E., Stolfo, S.J., Keromytis, A.D.: Casting out demons: sanitizing training data for anomaly sensors. In: IEEE Symposium on Security and Privacy, SP 2008, pp. 81\u201395. IEEE (2008)","DOI":"10.1109\/SP.2008.11"},{"key":"17_CR11","doi-asserted-by":"crossref","unstructured":"Dalvi, N., Domingos, P., Sanghai, S., Verma, D., et al.: Adversarial classification. In: Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 99\u2013108. ACM (2004)","DOI":"10.1145\/1014052.1014066"},{"key":"17_CR12","unstructured":"Fredrikson, M., Lantz, E., Jha, S., Lin, S., Page, D., Ristenpart, T.: Privacy in pharmacogenetics: an end-to-end case study of personalized warfarin dosing. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 17\u201332 (2014)"},{"key":"17_CR13","unstructured":"Dowlin, N., Gilad-Bachrach, R., Laine, K., Lauter, K., Naehrig, M., Wernsing, J.: Cryptonets: applying neural networks to encrypted data with high throughput and accuracy. In: International Conference on Machine Learning, pp. 201\u2013210 (2016)"},{"key":"17_CR14","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)"},{"key":"17_CR15","unstructured":"Gu, T., Dolan-Gavitt, B., Garg, S.: Badnets: identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017)"},{"key":"17_CR16","unstructured":"Hearn, M.: Abuse at scale. In: RIPE 64, Ljublijana, Slovenia, April 2012. https:\/\/ripe64.ripe.net\/archives\/video\/25\/"},{"key":"17_CR17","unstructured":"Koh, P.W., Liang, P.: Understanding black-box predictions via influence functions. arXiv preprint arXiv:1703.04730 (2017)"},{"key":"17_CR18","unstructured":"Liu, Y., Chen, X., Liu, C., Song, D.: Delving into transferable adversarial examples and black-box attacks. arXiv preprint arXiv:1611.02770 (2016)"},{"key":"17_CR19","unstructured":"Liu, Y., et al.: Trojaning attack on neural networks. Technical report 17-002. Purdue University (2017)"},{"key":"17_CR20","doi-asserted-by":"crossref","unstructured":"Lowd, D., Meek, C.: Adversarial learning. In: Proceedings of the eleventh ACM SIGKDD International Conference on Knowledge Discovery in Data Mining, pp. 641\u2013647. ACM (2005)","DOI":"10.1145\/1081870.1081950"},{"key":"17_CR21","doi-asserted-by":"crossref","unstructured":"Mu\u00f1oz-Gonz\u00e1lez, L., et al.: Towards poisoning of deep learning algorithms with back-gradient optimization. In: Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, pp. 27\u201338. ACM (2017)","DOI":"10.1145\/3128572.3140451"},{"key":"17_CR22","unstructured":"Nelson, B., et al.: Exploiting machine learning to subvert your spam filter. In: Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET 2008, pp. 7:1\u20137:9. USENIX Association, Berkeley (2008). http:\/\/dl.acm.org\/citation.cfm?id=1387709.1387716"},{"key":"17_CR23","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., Celik, Z.B., Swami, A.: Practical black-box attacks against deep learning systems using adversarial examples. arXiv preprint arXiv:1602.02697 (2016)","DOI":"10.1145\/3052973.3053009"},{"key":"17_CR24","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 372\u2013387. IEEE (2016)","DOI":"10.1109\/EuroSP.2016.36"},{"key":"17_CR25","unstructured":"Papernot, N., McDaniel, P.D., Goodfellow, I.J.: Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. CoRR abs\/1605.07277 (2016). http:\/\/arxiv.org\/abs\/1605.07277"},{"key":"17_CR26","doi-asserted-by":"publisher","unstructured":"Papernot, N., McDaniel, P.D., Wu, X., Jha, S., Swami, A.: Distillation as a defense to adversarial perturbations against deep neural networks. In: IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, 22\u201326 May 2016, pp. 582\u2013597 (2016), https:\/\/doi.org\/10.1109\/SP.2016.41","DOI":"10.1109\/SP.2016.41"},{"key":"17_CR27","unstructured":"Papernot, N., McDaniel, P.D., Goodfellow, I.J., Jha, S., Celik, Z.B., Swami, A.: Practical black-box attacks against deep learning systems using adversarial examples. In: ACM Asia Conference on Computer and Communications Security, Abu Dhabi, UAE (2017). http:\/\/arxiv.org\/abs\/1602.02697"},{"key":"17_CR28","doi-asserted-by":"crossref","unstructured":"Sharif, M., Bhagavatula, S., Bauer, L., Reiter, M.K.: Accessorize to a crime: real and stealthy attacks on state-of-the-art face recognition. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1528\u20131540. ACM (2016)","DOI":"10.1145\/2976749.2978392"},{"key":"17_CR29","unstructured":"Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. CoRR abs\/1409.1556 (2014). http:\/\/arxiv.org\/abs\/1409.1556"},{"key":"17_CR30","unstructured":"Steinhardt, J., Koh, P.W.W., Liang, P.S.: Certified defenses for data poisoning attacks. In: Advances in Neural Information Processing Systems, pp. 3520\u20133532 (2017)"},{"key":"17_CR31","unstructured":"Suciu, O., Marginean, R., Kaya, Y., Daume III, H., Dumitras, T.: When does machine learning FAIL? Generalized transferability for evasion and poisoning attacks. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 1299\u20131316. USENIX Association, Baltimore (2018). https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/suciu"},{"key":"17_CR32","unstructured":"Szegedy, C., et al.: Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)"},{"key":"17_CR33","doi-asserted-by":"crossref","unstructured":"Tamersoy, A., Roundy, K., Chau, D.H.: Guilt by association: large scale malware detection by mining file-relation graphs. In: KDD (2014)","DOI":"10.1145\/2623330.2623342"},{"key":"17_CR34","unstructured":"Tram\u00e8r, F., Zhang, F., Juels, A., Reiter, M., Ristenpart, T.: Stealing machine learning models via prediction APIs. In: 25th USENIX Security Symposium (USENIX Security 2016). USENIX Association, Austin, August 2016. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/tramer"},{"key":"17_CR35","doi-asserted-by":"crossref","unstructured":"Xu, W., Evans, D., Qi, Y.: Feature squeezing: Detecting adversarial examples in deep neural networks. arXiv preprint arXiv:1704.01155 (2017)","DOI":"10.14722\/ndss.2018.23198"},{"key":"17_CR36","doi-asserted-by":"crossref","unstructured":"Xu, W., Qi, Y., Evans, D.: Automatically evading classifiers. In: Proceedings of the 2016 Network and Distributed Systems Symposium (2016)","DOI":"10.14722\/ndss.2016.23115"},{"key":"17_CR37","unstructured":"Yang, C., Wu, Q., Li, H., Chen, Y.: Generative poisoning attack method against neural networks. arXiv preprint arXiv:1703.01340 (2017)"}],"container-title":["Lecture Notes in Computer Science","Security Protocols XXVI"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-03251-7_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,5]],"date-time":"2019-11-05T18:07:17Z","timestamp":1572977237000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-03251-7_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030032500","9783030032517"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-03251-7_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"Security Protocols","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cambridge International Workshop on Security Protocols","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cambridge","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 March 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 March 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"spw2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/spw2018.crocs.fi.muni.cz","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"the workshop is invitation only","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"email","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"17","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"N\/A% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0.0","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0.0","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"the workshop is invitation only","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}