{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,20]],"date-time":"2025-05-20T22:03:00Z","timestamp":1747778580355,"version":"3.40.3"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031106835"},{"type":"electronic","value":"9783031106842"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-10684-2_3","type":"book-chapter","created":{"date-parts":[[2022,7,12]],"date-time":"2022-07-12T07:05:06Z","timestamp":1657609506000},"page":"28-47","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Combining Defences Against Data-Poisoning Based Backdoor Attacks on\u00a0Neural Networks"],"prefix":"10.1007","author":[{"given":"Andrea","family":"Milakovic","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0424-5999","authenticated-orcid":false,"given":"Rudolf","family":"Mayer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,7,13]]},"reference":[{"key":"3_CR1","doi-asserted-by":"publisher","unstructured":"Baracaldo, N., Chen, B., Ludwig, H., Safavi, A., Zhang, R.: Detecting poisoning attacks on machine learning in IoT environments. In: IEEE International Congress on Internet of Things. ICIOT, IEEE, San Francisco, CA, July 2018. https:\/\/doi.org\/10.1109\/ICIOT.2018.00015","DOI":"10.1109\/ICIOT.2018.00015"},{"key":"3_CR2","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1016\/j.patcog.2018.07.023","volume":"84","author":"B Biggio","year":"2018","unstructured":"Biggio, B., Roli, F.: Wild patterns: ten years after the rise of adversarial machine learning. Pattern Recognit. 84, 317\u2013331 (2018). https:\/\/doi.org\/10.1016\/j.patcog.2018.07.023","journal-title":"Pattern Recognit."},{"key":"3_CR3","unstructured":"Chen, B., et al.: Detecting backdoor attacks on deep neural networks by activation clustering. In: AAAI Workshop on Artificial Intelligence Safety. SafeAI, CEUR Workshop Proceedings, Honolulu, Hawaii, January 2019"},{"key":"3_CR4","unstructured":"Chen, X., Liu, C., Li, B., Lu, K., Song, D.: Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning, December 2017"},{"key":"3_CR5","doi-asserted-by":"publisher","unstructured":"Dai, J., Chen, C., Li, Y.: A backdoor attack against LSTM-based text classification systems. IEEE Access 7 (2019). https:\/\/doi.org\/10.1109\/ACCESS.2019.2941376","DOI":"10.1109\/ACCESS.2019.2941376"},{"key":"3_CR6","doi-asserted-by":"publisher","unstructured":"Fredrikson, M., Jha, S., Ristenpart, T.: Model inversion attacks that exploit confidence information and basic countermeasures. In: ACM SIGSAC Conference on Computer and Communications Security. CCS. ACM, New York (2015). https:\/\/doi.org\/10.1145\/2810103.2813677","DOI":"10.1145\/2810103.2813677"},{"key":"3_CR7","doi-asserted-by":"publisher","unstructured":"Fu, H., Veldanda, A.K., Krishnamurthy, P., Garg, S., Khorrami, F.: A feature-based on-line detector to remove adversarial-backdoors by iterative demarcation. IEEE Access 10 (2022). https:\/\/doi.org\/10.1109\/ACCESS.2022.3141077","DOI":"10.1109\/ACCESS.2022.3141077"},{"key":"3_CR8","doi-asserted-by":"publisher","unstructured":"Gu, J., et al.: Recent advances in convolutional neural networks. Pattern Recognit. 77 (2018). https:\/\/doi.org\/10.1016\/j.patcog.2017.10.013","DOI":"10.1016\/j.patcog.2017.10.013"},{"key":"3_CR9","doi-asserted-by":"publisher","unstructured":"Gu, T., Liu, K., Dolan-Gavitt, B., Garg, S.: BadNets: evaluating backdooring attacks on deep neural networks. IEEE Access 7 (2019). https:\/\/doi.org\/10.1109\/ACCESS.2019.2909068","DOI":"10.1109\/ACCESS.2019.2909068"},{"key":"3_CR10","unstructured":"Huang, G.B., Ramesh, M., Berg, T., Learned-Miller, E.: Labeled faces in the wild: a database for studying face recognition in unconstrained environments. Technical report 07\u201349, University of Massachusetts, Amherst, October 2007"},{"key":"3_CR11","doi-asserted-by":"publisher","unstructured":"Jankovic, A., Mayer, R.: An empirical evaluation of adversarial examples defences, combinations and robustness scores. In: Proceedings of the 2022 ACM on International Workshop on Security and Privacy Analytics. IWSPA, ACM, Baltimore, April 2022. https:\/\/doi.org\/10.1145\/3510548.3519370","DOI":"10.1145\/3510548.3519370"},{"key":"3_CR12","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.3021407","author":"S Li","year":"2020","unstructured":"Li, S., Xue, M., Zhao, B., Zhu, H., Zhang, X.: Invisible backdoor attacks on deep neural networks via steganography and regularization. IEEE Trans. Dependable Secure Comput. (2020). https:\/\/doi.org\/10.1109\/TDSC.2020.3021407","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"3_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-030-00470-5_13","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"K Liu","year":"2018","unstructured":"Liu, K., Dolan-Gavitt, B., Garg, S.: Fine-pruning: defending against backdooring attacks on deep neural networks. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 273\u2013294. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-00470-5_13"},{"key":"3_CR14","doi-asserted-by":"crossref","unstructured":"Liu, Y., et al.: Trojaning attack on neural networks. In: Network and Distributed System Security Symposium. NDSS, Internet Society, San Diego (2018). DOIurlhttps:\/\/doi.org\/10.14722\/ndss.2018.23291","DOI":"10.14722\/ndss.2018.23291"},{"key":"3_CR15","doi-asserted-by":"publisher","unstructured":"Mayerhofer, R., Mayer, R.: Poisoning attacks against feature-based image classification. In: ACM Conference on Data and Application Security and Privacy. CODASPY. ACM, Baltimore, April 2022. https:\/\/doi.org\/10.1145\/3508398.3519363","DOI":"10.1145\/3508398.3519363"},{"key":"3_CR16","doi-asserted-by":"publisher","unstructured":"Nelson, B., et al.: Misleading learners: co-opting your spam filter. In: Machine Learning in Cyber Trust. Springer, Boston (2009).. https:\/\/doi.org\/10.1007\/978-0-387-88735-7_2","DOI":"10.1007\/978-0-387-88735-7_2"},{"key":"3_CR17","doi-asserted-by":"publisher","unstructured":"Nuding, F., Mayer, R.: Data poisoning in sequential and parallel federated learning. In: ACM on International Workshop on Security and Privacy Analytics. IWSPA. ACM, Baltimore, April 2022. https:\/\/doi.org\/10.1145\/3510548.3519372","DOI":"10.1145\/3510548.3519372"},{"key":"3_CR18","doi-asserted-by":"publisher","unstructured":"Parkhi, O.M., Vedaldi, A., Zisserman, A.: Deep face recognition. In: British Machine Vision Conference. British Machine Vision Association, Swansea (2015). https:\/\/doi.org\/10.5244\/C.29.41","DOI":"10.5244\/C.29.41"},{"key":"3_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1007\/978-3-030-29726-8_18","volume-title":"Machine Learning and Knowledge Extraction","author":"H Rehman","year":"2019","unstructured":"Rehman, H., Ekelhart, A., Mayer, R.: Backdoor attacks in neural networks \u2013 a systematic evaluation on multiple traffic sign datasets. In: Holzinger, A., Kieseberg, P., Tjoa, A.M., Weippl, E. (eds.) CD-MAKE 2019. LNCS, vol. 11713, pp. 285\u2013300. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-29726-8_18"},{"key":"3_CR20","doi-asserted-by":"publisher","unstructured":"Schroff, F., Kalenichenko, D., Philbin, J.: FaceNet: a unified embedding for face recognition and clustering. In: IEEE Conference on Computer Vision and Pattern Recognition, CVPR, IEEE Boston, June 2015. https:\/\/doi.org\/10.1109\/CVPR.2015.7298682","DOI":"10.1109\/CVPR.2015.7298682"},{"key":"3_CR21","doi-asserted-by":"publisher","unstructured":"Stallkamp, J., Schlipsing, M., Salmen, J., Igel, C.: The German traffic sign recognition benchmark: a multi-class classification competition. In: International Joint Conference on Neural Networks, IJCNN, IEEE, San Jose, July 2011. https:\/\/doi.org\/10.1109\/IJCNN.2011.6033395","DOI":"10.1109\/IJCNN.2011.6033395"},{"key":"3_CR22","doi-asserted-by":"publisher","unstructured":"Sun, Y., Wang, X., Tang, X.: Deep learning face representation from predicting 10,000 classes. In: IEEE Conference on Computer Vision and Pattern Recognition. CVPR, IEEE, Columbus, June 2014. https:\/\/doi.org\/10.1109\/CVPR.2014.244","DOI":"10.1109\/CVPR.2014.244"},{"key":"3_CR23","unstructured":"Szegedy, C., et al.: Intriguing properties of neural networks. In: International Conference on Learning Representations, ICLR, Banff, AB, Canada, April 2014"},{"key":"3_CR24","unstructured":"Tran, B., Li, J., Madry, A.: Spectral signatures in backdoor attacks. In: International Conference on Neural Information Processing Systems, NeurIPS. Curran Associates Inc., Montr\u00e9al, December 2018"},{"key":"3_CR25","doi-asserted-by":"publisher","unstructured":"Wang, B., et al.: Neural Cleanse: identifying and mitigating backdoor attacks in neural networks. In: IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, May 2019. https:\/\/doi.org\/10.1109\/SP.2019.00031","DOI":"10.1109\/SP.2019.00031"},{"key":"3_CR26","doi-asserted-by":"publisher","unstructured":"Wolf, L., Hassner, T., Maoz, I.: Face recognition in unconstrained videos with matched background similarity. In: IEEE Conference on Computer Vision and Pattern Recognition, CVPR, IEEE, Colorado Springs, June 2011. https:\/\/doi.org\/10.1109\/CVPR.2011.5995566","DOI":"10.1109\/CVPR.2011.5995566"},{"key":"3_CR27","doi-asserted-by":"publisher","unstructured":"Zhang, C., Gao, P.: Countering adversarial examples: combining input transformation and noisy training. In: IEEE\/CVF International Conference on Computer Vision Workshops, ICCVW, IEEE, Montreal, October 2021. https:\/\/doi.org\/10.1109\/ICCVW54120.2021.00017","DOI":"10.1109\/ICCVW54120.2021.00017"}],"container-title":["Lecture Notes in Computer Science","Data and Applications Security and Privacy XXXVI"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-10684-2_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,12]],"date-time":"2022-07-12T07:08:43Z","timestamp":1657609723000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-10684-2_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031106835","9783031106842"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-10684-2_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"13 July 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DBSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP Annual Conference on Data and Applications Security and Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Newark, NJ","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 July 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 July 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"36","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dbsec2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/cs.iit.edu\/~dbsec2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"36% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}