{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,26]],"date-time":"2025-08-26T06:49:13Z","timestamp":1756190953637,"version":"3.40.3"},"publisher-location":"Cham","reference-count":25,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030617240"},{"type":"electronic","value":"9783030617257"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-61725-7_31","type":"book-chapter","created":{"date-parts":[[2020,11,2]],"date-time":"2020-11-02T13:05:25Z","timestamp":1604322325000},"page":"262-273","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["A Scalable Mixture Model Based Defense Against Data Poisoning Attacks on Classifiers"],"prefix":"10.1007","author":[{"given":"Xi","family":"Li","sequence":"first","affiliation":[]},{"given":"David J.","family":"Miller","sequence":"additional","affiliation":[]},{"given":"Zhen","family":"Xiang","sequence":"additional","affiliation":[]},{"given":"George","family":"Kesidis","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,11,3]]},"reference":[{"key":"31_CR1","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"387","DOI":"10.1007\/978-3-642-40994-3_25","volume-title":"Machine Learning and Knowledge Discovery in Databases","author":"B Biggio","year":"2013","unstructured":"Biggio, B., et al.: Evasion attacks against machine learning at test time. In: Blockeel, H., Kersting, K., Nijssen, S., \u017delezn\u00fd, F. (eds.) ECML PKDD 2013. LNCS (LNAI), vol. 8190, pp. 387\u2013402. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40994-3_25"},{"key":"31_CR2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-95504-9","volume-title":"Handbook of Dynamic Data Driven Applications Systems","author":"E Blasch","year":"2018","unstructured":"Blasch, E., Ravela, S., Aved, A.: Handbook of Dynamic Data Driven Applications Systems. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-95504-9"},{"key":"31_CR3","unstructured":"Chen, X., Liu, C., Li, B., Lu, K., Song, D.: Targeted backdoor attacks on deep learning systems using data poisoning. Arxiv (2017). http:\/\/arxiv.org\/abs\/1712.05526"},{"key":"31_CR4","unstructured":"Cormack, G.V., Lynam, T.R.: TREC 2005 spam public corpora (2005). https:\/\/plg.uwaterloo.ca\/~gvcormac\/trecspamtrack05"},{"key":"31_CR5","unstructured":"Dempster, A.P., Laird, N.M., Rubin, D.B.: Maximum likelihood from incomplete data via the EM algorithm. J. Roy. Stat. Soc. Ser. B (Methodol.) 39, 1\u201322 (1977)"},{"key":"31_CR6","doi-asserted-by":"publisher","first-page":"1289","DOI":"10.1109\/TSP.2006.870586","volume":"54","author":"MW Graham","year":"2006","unstructured":"Graham, M.W., Miller, D.J.: Unsupervised learning of parsimonious mixtures on large spaces with integrated feature and component selection. IEEE Trans. Sig. Process. 54, 1289\u20131303 (2006)","journal-title":"IEEE Trans. Sig. Process."},{"key":"31_CR7","doi-asserted-by":"publisher","first-page":"47230","DOI":"10.1109\/ACCESS.2019.2909068","volume":"7","author":"T Gu","year":"2019","unstructured":"Gu, T., Liu, K., Dolan-Gavitt, B., Garg, S.: Badnets: evaluating backdooring attacks on deep neural networks. IEEE Access 7, 47230\u201347244 (2019)","journal-title":"IEEE Access"},{"key":"31_CR8","doi-asserted-by":"crossref","unstructured":"Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B.I.P., Tygar, J.D.: Adversarial machine learning. In: Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence (2011)","DOI":"10.1145\/2046684.2046692"},{"key":"31_CR9","unstructured":"Laishram, R., Phoha, V.V.: Curie: a method for protecting SVM classifier from poisoning attack. Arxiv (2016). http:\/\/arxiv.org\/abs\/1606.01584"},{"issue":"3","key":"31_CR10","doi-asserted-by":"publisher","first-page":"402","DOI":"10.1109\/JPROC.2020.2970615","volume":"108","author":"DJ Miller","year":"2020","unstructured":"Miller, D.J., Xiang, Z., Kesidis, G.: Adversarial learning targeting deep neural network classification: a comprehensive review of defenses against attacks. Proc. IEEE 108(3), 402\u2013433 (2020)","journal-title":"Proc. IEEE"},{"key":"31_CR11","doi-asserted-by":"publisher","first-page":"1468","DOI":"10.1109\/TPAMI.2003.1240120","volume":"25","author":"DJ Miller","year":"2003","unstructured":"Miller, D.J., Browning, J.: A mixture model and EM-based algorithm for class discovery, robust classification, and outlier rejection in mixed labeled\/unlabeled data sets. IEEE Trans. Pattern Anal. Mach. Intell. 25, 1468\u20131483 (2003)","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."},{"key":"31_CR12","doi-asserted-by":"publisher","first-page":"1624","DOI":"10.1162\/neco_a_01209","volume":"31","author":"DJ Miller","year":"2019","unstructured":"Miller, D.J., Wang, Y., Kesidis, G.: When not to classify: anomaly detection of attacks (ADA) on DNN classifiers at test time. Neural Comput. 31, 1624\u20131670 (2019)","journal-title":"Neural Comput."},{"key":"31_CR13","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/978-0-387-88735-7_2","volume-title":"Machine Learning in Cyber Trust","author":"B Nelson","year":"2009","unstructured":"Nelson, B., et al.: Misleading learners: co-opting your spam filter. In: Tsai, J.J., Philip, S.Y. (eds.) Machine Learning in Cyber Trust, pp. 17\u201351. Springer, Boston (2009). https:\/\/doi.org\/10.1007\/978-0-387-88735-7_2"},{"key":"31_CR14","doi-asserted-by":"crossref","unstructured":"Newell, A., Potharaju, R., Xiang, L., Nita-Rotaru, C.: On the practicality of integrity attacks on document-level sentiment analysis. In: Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop, AISec (2014)","DOI":"10.1145\/2666652.2666661"},{"key":"31_CR15","doi-asserted-by":"crossref","unstructured":"Oh, S.J., Augustin, M., Fritz, M., Schiele, B.: Towards reverse-engineering black-box neural networks. In: 6th International Conference on Learning Representations, ICLR (2018)","DOI":"10.1007\/978-3-030-28954-6_7"},{"key":"31_CR16","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P.D., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: IEEE European Symposium on Security and Privacy, EuroS&P (2016)","DOI":"10.1109\/EuroSP.2016.36"},{"key":"31_CR17","doi-asserted-by":"publisher","first-page":"461","DOI":"10.1214\/aos\/1176344136","volume":"6","author":"G Schwarz","year":"1978","unstructured":"Schwarz, G.: Estimating the dimension of a model. Ann. Stat. 6, 461\u2013464 (1978)","journal-title":"Ann. Stat."},{"key":"31_CR18","unstructured":"Steinhardt, J., Koh, P.W., Liang, P.: Certified defenses for data poisoning attacks. In: Conference on Neural Information Processing Systems (2017)"},{"key":"31_CR19","unstructured":"Szegedy, C., et al.: Intriguing properties of neural networks. In: 2nd International Conference on Learning Representations, ICLR (2014)"},{"key":"31_CR20","unstructured":"Tram\u00e8r, F., Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Stealing machine learning models via prediction APIs. In: 25th USENIX Security Symposium, USENIX (2016)"},{"key":"31_CR21","doi-asserted-by":"crossref","unstructured":"Wang, Y., Miller, D.J., Kesidis, G.: When not to classify: detection of reverse engineering attacks on DNN image classifiers. In: IEEE International Conference on Acoustics, Speech and Signal Processing, ICASSP (2019)","DOI":"10.1109\/ICASSP.2019.8682578"},{"key":"31_CR22","doi-asserted-by":"crossref","unstructured":"Xiang, Z., Miller, D.J., Kesidis, G.: A benchmark study of backdoor data poisoning defenses for deep neural network classifiers and a novel defense. In: 29th IEEE International Workshop on Machine Learning for Signal Processing, MLSP (2019)","DOI":"10.1109\/MLSP.2019.8918908"},{"key":"31_CR23","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1016\/j.neucom.2014.08.081","volume":"160","author":"H Xiao","year":"2015","unstructured":"Xiao, H., Biggio, B., Nelson, B., Xiao, H., Eckert, C., Roli, F.: Support vector machines under adversarial label contamination. Neurocomputing 160, 53\u201362 (2015)","journal-title":"Neurocomputing"},{"key":"31_CR24","unstructured":"Zhang, X., Zhao, J., LeCun, Y.: Character-level convolutional networks for text classification. In: Proceedings of the 28th International Conference on Neural Information Processing Systems (2015)"},{"key":"31_CR25","doi-asserted-by":"publisher","first-page":"2482","DOI":"10.1162\/0899766054796914","volume":"17","author":"Q Zhao","year":"2005","unstructured":"Zhao, Q., Miller, D.J.: Mixture modeling with pairwise, instance-level class constraints. Neural Comput. 17, 2482\u20132507 (2005)","journal-title":"Neural Comput."}],"container-title":["Lecture Notes in Computer Science","Dynamic Data Driven Applications Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-61725-7_31","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,24]],"date-time":"2020-12-24T09:27:54Z","timestamp":1608802074000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-61725-7_31"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030617240","9783030617257"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-61725-7_31","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"3 November 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DDDAS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Dynamic Data Driven Application Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Boston, MA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 October 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 October 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dddas2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sites.google.com\/view\/dddas-conf\/home","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"40","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"14","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"53% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}