{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,27]],"date-time":"2025-07-27T07:21:23Z","timestamp":1753600883198,"version":"3.40.3"},"publisher-location":"Cham","reference-count":36,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031402821"},{"type":"electronic","value":"9783031402838"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-40283-8_28","type":"book-chapter","created":{"date-parts":[[2023,8,8]],"date-time":"2023-08-08T23:02:48Z","timestamp":1691535768000},"page":"328-342","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Enhancing Adversarial Robustness via\u00a0Anomaly-aware Adversarial Training"],"prefix":"10.1007","author":[{"given":"Keke","family":"Tang","sequence":"first","affiliation":[]},{"given":"Tianrui","family":"Lou","sequence":"additional","affiliation":[]},{"given":"Xu","family":"He","sequence":"additional","affiliation":[]},{"given":"Yawen","family":"Shi","sequence":"additional","affiliation":[]},{"given":"Peican","family":"Zhu","sequence":"additional","affiliation":[]},{"given":"Zhaoquan","family":"Gu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,8,9]]},"reference":[{"key":"28_CR1","unstructured":"Athalye, A., Carlini, N., Wagner, D.: Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. In: ICML, pp. 274\u2013283 (2018)"},{"key":"28_CR2","doi-asserted-by":"crossref","unstructured":"Cai, Q.Z., Liu, C., Song, D.: Curriculum adversarial training. In: IJCAI, pp. 3740\u20133747 (2018)","DOI":"10.24963\/ijcai.2018\/520"},{"key":"28_CR3","unstructured":"Croce, F., Hein, M.: Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In: ICML, pp. 2206\u20132216 (2020)"},{"key":"28_CR4","unstructured":"Ding, G.W., Sharma, Y., Lui, K.Y.C., Huang, R.: MMA training: direct input space margin maximization through adversarial training. In: ICLR (2019)"},{"key":"28_CR5","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: ICLR (2015)"},{"issue":"3","key":"28_CR6","doi-asserted-by":"publisher","first-page":"362","DOI":"10.1002\/rob.21918","volume":"37","author":"S Grigorescu","year":"2020","unstructured":"Grigorescu, S., Trasnea, B., Cocias, T., Macesanu, G.: A survey of deep learning techniques for autonomous driving. J. Field Robot. 37(3), 362\u2013386 (2020)","journal-title":"J. Field Robot."},{"key":"28_CR7","unstructured":"Guo, C., Rana, M., Cisse, M., Van Der Maaten, L.: Countering adversarial images using input transformations. In: ICLR (2018)"},{"key":"28_CR8","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2023.110388","volume":"265","author":"S Guo","year":"2023","unstructured":"Guo, S., Li, X., Zhu, P., Mu, Z.: ADS-Detector: an attention-based dual stream adversarial example detection method. Knowl.-Based Syst. 265, 110388 (2023)","journal-title":"Knowl.-Based Syst."},{"key":"28_CR9","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: CVPR, pp. 770\u2013778 (2016)","DOI":"10.1109\/CVPR.2016.90"},{"key":"28_CR10","doi-asserted-by":"crossref","unstructured":"Hong, J., Tang, K., Gao, C., Wang, S., Guo, S., Zhu, P.: GM-Attack: improving the transferability of adversarial attacks. In: KSEM, pp. 489\u2013500 (2022)","DOI":"10.1007\/978-3-031-10989-8_39"},{"key":"28_CR11","doi-asserted-by":"publisher","unstructured":"Jia, X., et al.: Prior-guided adversarial initialization for fast adversarial training. In: Avidan, S., Brostow, G., Cisse, M., Farinella, G.M., Hassner, T. (eds.) Computer Vision \u2013 ECCV 2022. ECCV 2022. Lecture Notes in Computer Science, vol. 13664, pp. 567\u2013584. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-19772-7_33","DOI":"10.1007\/978-3-031-19772-7_33"},{"key":"28_CR12","doi-asserted-by":"publisher","first-page":"4417","DOI":"10.1109\/TIP.2022.3184255","volume":"31","author":"X Jia","year":"2022","unstructured":"Jia, X., Zhang, Y., Wu, B., Wang, J., Cao, X.: Boosting fast adversarial training with learnable adversarial initialization. IEEE Trans. Image Process. 31, 4417\u20134430 (2022). https:\/\/doi.org\/10.1109\/TIP.2022.3184255","journal-title":"IEEE Trans. Image Process."},{"key":"28_CR13","unstructured":"Krizhevsky, A., Hinton, G., et al.: Learning multiple layers of features from tiny images (2009)"},{"key":"28_CR14","unstructured":"Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial machine learning at scale. arXiv preprint arXiv:1611.01236 (2016)"},{"key":"28_CR15","unstructured":"Le, Y., Yang, X.S.: Tiny imagenet visual recognition challenge (2015)"},{"issue":"7553","key":"28_CR16","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1038\/nature14539","volume":"521","author":"Y LeCun","year":"2015","unstructured":"LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436\u2013444 (2015)","journal-title":"Nature"},{"key":"28_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"753","DOI":"10.1007\/978-3-030-58604-1_45","volume-title":"Computer Vision \u2013 ECCV 2020","author":"Y Li","year":"2020","unstructured":"Li, Y., Cheng, S., Su, H., Zhu, J.: Defense against adversarial attacks via controlling gradient leaking on embedded manifolds. In: Vedaldi, A., Bischof, H., Brox, T., Frahm, J.-M. (eds.) ECCV 2020. LNCS, vol. 12373, pp. 753\u2013769. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-58604-1_45"},{"issue":"2","key":"28_CR18","doi-asserted-by":"publisher","first-page":"1387","DOI":"10.1109\/LRA.2021.3140127","volume":"7","author":"N Lin","year":"2022","unstructured":"Lin, N., et al.: Manipulation planning from demonstration via goal-conditioned prior action primitive decomposition and alignment. IEEE Robot. Autom. Lett. 7(2), 1387\u20131394 (2022)","journal-title":"IEEE Robot. Autom. Lett."},{"key":"28_CR19","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. In: ICLR (2018)"},{"key":"28_CR20","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings, pp. 372\u2013387 (2016)","DOI":"10.1109\/EuroSP.2016.36"},{"key":"28_CR21","doi-asserted-by":"crossref","unstructured":"Sandler, M., Howard, A., Zhu, M., Zhmoginov, A., Chen, L.C.: Mobilenetv 2: Inverted residuals and linear bottlenecks. In: CVPR, pp. 4510\u20134520 (2018)","DOI":"10.1109\/CVPR.2018.00474"},{"key":"28_CR22","unstructured":"Shafahi, A., et al.: Adversarial training for free! In: NeurIPS, pp. 3358\u20133369 (2019)"},{"key":"28_CR23","unstructured":"Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)"},{"key":"28_CR24","unstructured":"Szegedy, C., et al.: Intriguing properties of neural networks. In: ICLR (2014)"},{"key":"28_CR25","doi-asserted-by":"crossref","unstructured":"Tack, J., Yu, S., Jeong, J., Kim, M., Hwang, S.J., Shin, J.: Consistency regularization for adversarial robustness. In: AAAI, vol. 36, pp. 8414\u20138422 (2022)","DOI":"10.1609\/aaai.v36i8.20817"},{"key":"28_CR26","doi-asserted-by":"publisher","unstructured":"Tang, K., et al.: RepPVConv: attentively fusing reparameterized voxel features for efficient 3d point cloud perception. The Visual Computer, pp. 1\u201312 (2022). https:\/\/doi.org\/10.1007\/s00371-022-02682-0","DOI":"10.1007\/s00371-022-02682-0"},{"key":"28_CR27","doi-asserted-by":"publisher","unstructured":"Tang, K., Ma, Y., Miao, D., Song, P., Gu, Z., Wang, W.: Decision fusion networks for image classification. IEEE Transactions on Neural Networks and Learning Systems, pp. 1\u201314 (2022). https:\/\/doi.org\/10.1109\/TNNLS.2022.3196129","DOI":"10.1109\/TNNLS.2022.3196129"},{"issue":"6","key":"28_CR28","doi-asserted-by":"publisher","first-page":"5158","DOI":"10.1109\/JIOT.2022.3222159","volume":"10","author":"K Tang","year":"2023","unstructured":"Tang, K., et al.: Rethinking perturbation directions for imperceptible adversarial attacks on point clouds. IEEE Internet Things J. 10(6), 5158\u20135169 (2023). https:\/\/doi.org\/10.1109\/JIOT.2022.3222159","journal-title":"IEEE Internet Things J."},{"key":"28_CR29","doi-asserted-by":"crossref","unstructured":"Tang, K., et al.: NormalAttack: curvature-aware shape deformation along normals for imperceptible point cloud attack. Security and Communication Networks 2022 (2022)","DOI":"10.1155\/2022\/1186633"},{"key":"28_CR30","unstructured":"Wang, Y., Ma, X., Bailey, J., Yi, J., Zhou, B., Gu, Q.: On the convergence and robustness of adversarial training. In: ICML, pp. 6586\u20136595. PMLR (2019)"},{"key":"28_CR31","unstructured":"Wang, Y., Zou, D., Yi, J., Bailey, J., Ma, X., Gu, Q.: Improving adversarial robustness requires revisiting misclassified examples. In: ICLR (2019)"},{"key":"28_CR32","doi-asserted-by":"crossref","unstructured":"Xie, C., Wu, Y., van der Maaten, L., Yuille, A.L., He, K.: Feature denoising for improving adversarial robustness. In: CVPR, pp. 501\u2013509 (2019)","DOI":"10.1109\/CVPR.2019.00059"},{"key":"28_CR33","doi-asserted-by":"crossref","unstructured":"Zagoruyko, S., Komodakis, N.: Wide residual networks. In: BMVC (2016)","DOI":"10.5244\/C.30.87"},{"key":"28_CR34","unstructured":"Zhang, D., Zhang, T., Lu, Y., Zhu, Z., Dong, B.: You only propagate once: accelerating adversarial training via maximal principle. In: NeurIPS, vol. 32, pp. 227\u2013238 (2019)"},{"key":"28_CR35","unstructured":"Zhang, H., Yu, Y., Jiao, J., Xing, E., El Ghaoui, L., Jordan, M.: Theoretically principled trade-off between robustness and accuracy. In: ICML, pp. 7472\u20137482 (2019)"},{"key":"28_CR36","doi-asserted-by":"publisher","unstructured":"Zhu, P., Hong, J., Li, X., Tang, K., Wang, Z.: SGMA: a novel adversarial attack approach with improved transferability. Complex & Intelligent Systems, pp. 1\u201313 (2023). https:\/\/doi.org\/10.1007\/s40747-023-01060-0","DOI":"10.1007\/s40747-023-01060-0"}],"container-title":["Lecture Notes in Computer Science","Knowledge Science, Engineering and Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-40283-8_28","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,8,8]],"date-time":"2023-08-08T23:12:07Z","timestamp":1691536327000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-40283-8_28"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031402821","9783031402838"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-40283-8_28","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"9 August 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"KSEM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Knowledge Science, Engineering and Management","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guangzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 August 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ksem2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.ksem2023.conferences.academy\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"395","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"114","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"30","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"29% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2,5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}