{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T10:24:05Z","timestamp":1743071045124,"version":"3.40.3"},"publisher-location":"Cham","reference-count":47,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031103629"},{"type":"electronic","value":"9783031103636"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-10363-6_22","type":"book-chapter","created":{"date-parts":[[2022,7,1]],"date-time":"2022-07-01T12:20:21Z","timestamp":1656678021000},"page":"326-343","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Improving Adversarial Robustness of\u00a0Deep Neural Networks via\u00a0Linear Programming"],"prefix":"10.1007","author":[{"given":"Xiaochao","family":"Tang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhengfeng","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xuanming","family":"Fu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jianlin","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhenbing","family":"Zeng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,7,3]]},"reference":[{"issue":"2","key":"22_CR1","doi-asserted-by":"publisher","first-page":"47","DOI":"10.2478\/v10136-012-0031-x","volume":"11","author":"F Amato","year":"2013","unstructured":"Amato, F., Lopez, A., Pena-Mendez, E.M., Vanhara, P., Hampl, A., Havel, J.: Artificial neural networks in medical diagnosis. J. Appl. Biomed. 11(2), 47\u201358 (2013)","journal-title":"J. Appl. Biomed."},{"key":"22_CR2","doi-asserted-by":"crossref","unstructured":"Andor, D., et al.: Globally normalized transition-based neural networks. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics, ACL 2016, Berlin, Germany, 7\u201312 August 2016, Volume 1: Long Papers (2016)","DOI":"10.18653\/v1\/P16-1231"},{"key":"22_CR3","unstructured":"Athalye, A., Carlini, N., Wagner, D.A.: Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples. In: Proceedings of the 35th International Conference on Machine Learning, ICML 2018, Stockholmsm\u00e4ssan, Stockholm, Sweden, 10\u201315 July 2018, pp. 274\u2013283 (2018)"},{"key":"22_CR4","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"387","DOI":"10.1007\/978-3-642-40994-3_25","volume-title":"Machine Learning and Knowledge Discovery in Databases","author":"B Biggio","year":"2013","unstructured":"Biggio, B., et al.: Evasion attacks against machine learning at test time. In: Blockeel, H., Kersting, K., Nijssen, S., \u017delezn\u00fd, F. (eds.) ECML PKDD 2013. LNCS (LNAI), vol. 8190, pp. 387\u2013402. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40994-3_25"},{"key":"22_CR5","doi-asserted-by":"crossref","unstructured":"Bojarski, M., et al: Efficient visualization of CNNs for autonomous driving. In: 2018 IEEE International Conference on Robotics and Automation, ICRA 2018, pp. 1\u20138 (2018)","DOI":"10.1109\/ICRA.2018.8461053"},{"key":"22_CR6","unstructured":"Bojchevski, A., G\u00fcnnemann, S.: Adversarial attacks on node embeddings (2018)"},{"key":"22_CR7","unstructured":"Buckman, J., Roy, A., Raffel, C., Goodfellow, I.J.: Thermometer encoding: one hot way to resist adversarial examples. In: 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada, 30 April\u20133 May 2018, Conference Track Proceedings (2018)"},{"key":"22_CR8","unstructured":"Carlini, N., Katz, G., Barrett, C., Dill, D.L.: Provably minimally-distorted adversarial examples. arXiv preprint arXiv:1709.10207 (2017)"},{"key":"22_CR9","doi-asserted-by":"crossref","unstructured":"Carlini, N., Wagner, D.A.: Adversarial examples are not easily detected: bypassing ten detection methods. In: Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, pp. 3\u201314 (2017)","DOI":"10.1145\/3128572.3140444"},{"key":"22_CR10","unstructured":"Chen, J., Wu, Y., Xu, X., Chen, Y., Zheng, H., Xuan, Q.: Fast gradient attack on network embedding. arXiv preprint arXiv:1809.02797 (2018)"},{"key":"22_CR11","unstructured":"Dhillon, G.S., et al.: Stochastic activation pruning for robust adversarial defense. In: 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada, 30 April\u20133 May 2018, Conference Track Proceedings (2018)"},{"key":"22_CR12","unstructured":"Ding, G.W., Sharma, Y., Lui, K.Y.C., Huang, R.: Max-margin adversarial (MMA) training: direct input space margin maximization through adversarial training. arXiv preprint arXiv:1812.02637 (2018)"},{"key":"22_CR13","doi-asserted-by":"crossref","unstructured":"Dong, Y., et al.: Boosting adversarial attacks with momentum. In: 2018 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2018, Salt Lake City, UT, USA, 18\u201322 June 2018, pp. 9185\u20139193 (2018)","DOI":"10.1109\/CVPR.2018.00957"},{"key":"22_CR14","volume-title":"Deep Learning","author":"I Goodfellow","year":"2016","unstructured":"Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning. MIT Press, Cambridge (2016)"},{"key":"22_CR15","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, 7\u20139 May 2015, Conference Track Proceedings (2015)"},{"key":"22_CR16","first-page":"85","volume-title":"Advances in Neural Information Processing Systems","author":"Y Guo","year":"2020","unstructured":"Guo, Y., Li, Q., Chen, H.: Backpropagating linearly improves transferability of adversarial examples. In: Larochelle, H., Ranzato, M., Hadsell, R., Balcan, M.F., Lin, H. (eds.) Advances in Neural Information Processing Systems, vol. 33, pp. 85\u201395. Curran Associates Inc., New York (2020)"},{"issue":"6","key":"22_CR17","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1109\/MSP.2012.2205597","volume":"29","author":"G Hinton","year":"2012","unstructured":"Hinton, G., et al.: Deep neural networks for acoustic modeling in speech recognition: the shared views of four research groups. IEEE Signal Process. Mag. 29(6), 82\u201397 (2012)","journal-title":"IEEE Signal Process. Mag."},{"key":"22_CR18","unstructured":"Hosu, I., Rebedea, T.: Playing atari games with deep reinforcement learning and human checkpoint replay. CoRR abs\/1607.05077 (2016)"},{"key":"22_CR19","unstructured":"Huang, R., Xu, B., Schuurmans, D., Szepesv\u00e1ri, C.: Learning with a strong adversary. arXiv preprint arXiv:1511.03034 (2015)"},{"key":"22_CR20","doi-asserted-by":"crossref","unstructured":"Jakubovitz, D., Giryes, R.: Improving DNN robustness to adversarial attacks using jacobian regularization. In: Computer Vision - ECCV 2018\u201315th European Conference, Munich, Germany, 8\u201314 September 2018, Proceedings, Part XII, pp. 525\u2013541 (2018)","DOI":"10.1007\/978-3-030-01258-8_32"},{"key":"22_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1007\/978-3-319-63387-9_5","volume-title":"Computer Aided Verification","author":"G Katz","year":"2017","unstructured":"Katz, G., Barrett, C., Dill, D.L., Julian, K., Kochenderfer, M.J.: Reluplex: an efficient SMT solver for verifying deep neural networks. In: Majumdar, R., Kun\u010dak, V. (eds.) CAV 2017. LNCS, vol. 10426, pp. 97\u2013117. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63387-9_5"},{"key":"22_CR22","unstructured":"Krizhevsky, A., Nair, V., Hinton, G.: The CIFAR-10 dataset home page (2009). https:\/\/www.cs.toronto.edu\/~kriz\/cifar.html"},{"key":"22_CR23","unstructured":"Kurakin, A., Goodfellow, I.J., Bengio, S.: Adversarial examples in the physical world. In: 5th International Conference on Learning Representations, ICLR 2017, Toulon, France, 24\u201326 April 2017, Workshop Track Proceedings (2017)"},{"key":"22_CR24","unstructured":"Kurakin, A., Goodfellow, I.J., Bengio, S.: Adversarial machine learning at scale. In: Proceedings International Conference on Learning Representations (ICLR), pp. 1\u201317 (2017)"},{"key":"22_CR25","unstructured":"LeCun, Y., Cortes, C., Burges, C.J.: The MNIST database of handwritten digits home page (1998). http:\/\/yann.lecun.com\/exdb\/mnist\/"},{"key":"22_CR26","unstructured":"Lin, J., Gan, C., Han, S.: Defensive quantization: when efficiency meets robustness. In: 7th International Conference on Learning Representations, ICLR 2019, New Orleans, LA, USA, 6\u20139 May 2019 (2019)"},{"key":"22_CR27","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017)"},{"key":"22_CR28","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. In: 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada, 30 April\u20133 May 2018, Conference Track Proceedings (2018)"},{"key":"22_CR29","unstructured":"Maini, P., Wong, E., Kolter, J.Z.: Adversarial robustness against the union of multiple perturbation models. CoRR abs\/1909.04068 (2019)"},{"key":"22_CR30","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli, S., Fawzi, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. In: IEEE Conference on Computer Vision and Pattern Recognition(CVPR), pp. 2574\u20132582 (2016)","DOI":"10.1109\/CVPR.2016.282"},{"key":"22_CR31","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli, S., Fawzi, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. In: 2016 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2016, Las Vegas, NV, USA, 27\u201330 June 2016, pp. 2574\u20132582 (2016)","DOI":"10.1109\/CVPR.2016.282"},{"key":"22_CR32","unstructured":"Mosbach, M., Andriushchenko, M., Trost, T.A., Hein, M., Klakow, D.: Logit pairing methods can fool gradient-based attacks. CoRR abs\/1810.12042 (2018)"},{"key":"22_CR33","unstructured":"Na, T., Ko, J.H., Mukhopadhyay, S.: Cascade adversarial machine learning regularized with a unified embedding. In: Proceedings International Conference on Learning Representations (ICLR) (2018)"},{"key":"22_CR34","unstructured":"Qian, H., Wegman, M.N.: L2-nonexpansive neural networks. In: 7th International Conference on Learning Representations, ICLR 2019, New Orleans, LA, USA, 6\u20139 May 2019 (2019)"},{"issue":"7587","key":"22_CR35","doi-asserted-by":"publisher","first-page":"484","DOI":"10.1038\/nature16961","volume":"529","author":"D Silver","year":"2016","unstructured":"Silver, D., et al.: Mastering the game of go with deep neural networks and tree search. Nature 529(7587), 484\u2013489 (2016)","journal-title":"Nature"},{"key":"22_CR36","unstructured":"Song, Y., Kim, T., Nowozin, S., Ermon, S., Kushman, N.: PixelDefend: leveraging generative models to understand and defend against adversarial examples. In: 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada, 30 April\u20133 May 2018, Conference Track Proceedings (2018)"},{"key":"22_CR37","unstructured":"Sulam, J., Muthukumar, R., Arora, R.: Adversarial robustness of supervised sparse coding. In: Larochelle, H., Ranzato, M., Hadsell, R., Balcan, M.F., Lin, H. (eds.) Advances in Neural Information Processing Systems, vol. 33, pp. 2110\u20132121. Curran Associates, Inc., New York (2020)"},{"key":"22_CR38","unstructured":"Szegedy, C., et al.: Intriguing properties of neural networks. In: Proceedings of the International Conference on Learning Representations (ICLR 2014) (2014)"},{"key":"22_CR39","unstructured":"Tjeng, V., Tedrake, R.: Verifying neural networks with mixed integer programming. CoRR abs\/1711.07356 (2017)"},{"key":"22_CR40","unstructured":"Tram\u00e8r, F., Boneh, D.: Adversarial training and robustness for multiple perturbations. In: Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019, NeurIPS 2019, Vancouver, BC, Canada, 8\u201314 December 2019, pp. 5858\u20135868 (2019)"},{"key":"22_CR41","unstructured":"Tram\u00e8r, F., Kurakin, A., Papernot, N., Goodfellow, I.J., Boneh, D., McDaniel, P.D.: Ensemble adversarial training: attacks and defenses. In: 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada, 30 April\u20133 May, 2018, Conference Track Proceedings (2018)"},{"key":"22_CR42","unstructured":"Wong, E., Kolter, J.Z.: Provable defenses against adversarial examples via the convex outer adversarial polytope, vol. 12, Stockholm, Sweden, pp. 8405\u20138423 (2018)"},{"key":"22_CR43","unstructured":"Wong, E., Rice, L., Kolter, J.Z.: Fast is better than free: Revisiting adversarial training. In: 8th International Conference on Learning Representations, ICLR 2020, Addis Ababa, Ethiopia, 26\u201330 April 2020 (2020)"},{"key":"22_CR44","unstructured":"Xiao, K.Y., Tjeng, V., Shafiullah, N.M.M., Madry, A.: Training for faster adversarial robustness verification via inducing reLU stability. In: International Conference on Learning Representations (2019)"},{"key":"22_CR45","doi-asserted-by":"crossref","unstructured":"Xie, C., Wu, Y., van der Maaten, L., Yuille, A.L., He, K.: Feature denoising for improving adversarial robustness. In: IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2019, Long Beach, CA, USA, 16\u201320 June 2019, pp. 501\u2013509 (2019)","DOI":"10.1109\/CVPR.2019.00059"},{"key":"22_CR46","unstructured":"Yang, Y., Zhang, G., Xu, Z., Katabi, D.: ME-Net: towards effective adversarial robustness with matrix estimation. In: Proceedings of the 36th International Conference on Machine Learning, ICML 2019, Long Beach, California, USA, 9\u201315 June 2019, pp. 7025\u20137034 (2019)"},{"key":"22_CR47","unstructured":"Zhang, H., Yu, Y., Jiao, J., Xing, E.P., Ghaoui, L.E., Jordan, M.I.: Theoretically principled trade-off between robustness and accuracy. arXiv preprint arXiv:1901.08573 (2019)"}],"container-title":["Lecture Notes in Computer Science","Theoretical Aspects of Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-10363-6_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,2]],"date-time":"2022-07-02T08:08:37Z","timestamp":1656749317000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-10363-6_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031103629","9783031103636"],"references-count":47,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-10363-6_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"3 July 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"TASE","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Theoretical Aspects of Software Engineering","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 July 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 July 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"tase2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.cs.ubbcluj.ro\/tase2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Open","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"71","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"30% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}