{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,12]],"date-time":"2026-01-12T10:28:26Z","timestamp":1768213706907,"version":"3.49.0"},"publisher-location":"Cham","reference-count":57,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031703584","type":"print"},{"value":"9783031703591","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-70359-1_17","type":"book-chapter","created":{"date-parts":[[2024,8,29]],"date-time":"2024-08-29T04:02:43Z","timestamp":1724904163000},"page":"283-300","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Theoretically Grounded Extension of\u00a0Universal Attacks from\u00a0the\u00a0Attacker\u2019s Viewpoint"],"prefix":"10.1007","author":[{"given":"Jordan","family":"Patracone","sequence":"first","affiliation":[]},{"given":"Paul","family":"Viallard","sequence":"additional","affiliation":[]},{"given":"Emilie","family":"Morvant","sequence":"additional","affiliation":[]},{"given":"Gilles","family":"Gasso","sequence":"additional","affiliation":[]},{"given":"Amaury","family":"Habrard","sequence":"additional","affiliation":[]},{"given":"St\u00e9phane","family":"Canu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,8,22]]},"reference":[{"issue":"1","key":"17_CR1","first-page":"7897","volume":"23","author":"I Attias","year":"2022","unstructured":"Attias, I., Kontorovich, A., Mansour, Y.: Improved generalization bounds for adversarially robust learning. J. Mach. Learn. Res. 23(1), 7897\u20137927 (2022)","journal-title":"J. Mach. Learn. Res."},{"issue":"1\u20132","key":"17_CR2","first-page":"91","volume":"137","author":"H Attouch","year":"2011","unstructured":"Attouch, H., Bolte, J., Svaiter, B.F.: Convergence of descent methods for semi-algebraic and tame problems: proximal algorithms, forward\u2013backward splitting, and regularized gauss\u2013seidel methods. Math. Program. 137(1\u20132), 91\u2013129 (2011)","journal-title":"Math. Program."},{"key":"17_CR3","unstructured":"Awasthi, P., Frank, N., Mohri, M.: Adversarial learning guarantees for linear hypotheses and neural networks. In: ICML (2020)"},{"key":"17_CR4","doi-asserted-by":"crossref","unstructured":"Baluja, S., Fischer, I.: Learning to attack: adversarial transformation networks. In: AAAI, vol. 32, no. 1 (2018)","DOI":"10.1609\/aaai.v32i1.11672"},{"issue":"1\u20133","key":"17_CR5","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1023\/A:1013999503812","volume":"48","author":"PL Bartlett","year":"2002","unstructured":"Bartlett, P.L., Boucheron, S., Lugosi, G.: Model selection and error estimation. Mach. Learn. 48(1\u20133), 85\u2013113 (2002)","journal-title":"Mach. Learn."},{"key":"17_CR6","first-page":"463","volume":"3","author":"PL Bartlett","year":"2002","unstructured":"Bartlett, P.L., Mendelson, S.: Rademacher and gaussian complexities: risk bounds and structural results. J. Mach. Learn. Res. 3, 463\u2013482 (2002)","journal-title":"J. Mach. Learn. Res."},{"key":"17_CR7","doi-asserted-by":"crossref","unstructured":"Benz, P., Zhang, C., Karjauv, A., Kweon, I.S.: Universal adversarial training with class-wise perturbations. In: IEEE ICME (2021)","DOI":"10.1109\/ICME51207.2021.9428419"},{"issue":"5","key":"17_CR8","doi-asserted-by":"publisher","DOI":"10.1088\/1361-6420\/aa5bfd","volume":"33","author":"S Bonettini","year":"2017","unstructured":"Bonettini, S., Loris, I., Porta, F., Prato, M., Rebegoldi, S.: On the convergence of a linesearch based proximal-gradient method for nonconvex optimization. Inverse Probl. 33(5), 055005 (2017)","journal-title":"Inverse Probl."},{"key":"17_CR9","doi-asserted-by":"crossref","unstructured":"Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: IEEE S &P (2017)","DOI":"10.1109\/SP.2017.49"},{"key":"17_CR10","doi-asserted-by":"crossref","unstructured":"Chen, T., Liu, S., Chang, S., Cheng, Y., Amini, L., Wang, Z.: Adversarial robustness: from self-supervised pre-training to fine-tuning. In: IEEE\/CVF CVPR (2020)","DOI":"10.1109\/CVPR42600.2020.00078"},{"issue":"2","key":"17_CR11","first-page":"529","volume":"2","author":"PL Combettes","year":"2020","unstructured":"Combettes, P.L., Pesquet, J.C.: Lipschitz certificates for layered network structures driven by averaged activation operators. SIAM SIMODS 2(2), 529\u2013557 (2020)","journal-title":"SIAM SIMODS"},{"key":"17_CR12","unstructured":"Croce, F., Andriushchenko, M., Sehwag, V., Flammarion, N., Chiang, M., Mittal, P., Hein, M.: RobustBench: a standardized adversarial robustness benchmark. arXiv preprint arXiv:2010.09670 (2020)"},{"key":"17_CR13","unstructured":"Croce, F., Hein, M.: Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In: ICML (2020)"},{"key":"17_CR14","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1016\/j.neucom.2020.09.052","volume":"422","author":"J Dai","year":"2021","unstructured":"Dai, J., Shu, L.: Fast-UAP: an algorithm for expediting universal adversarial perturbation generation using the orientations of perturbation vectors. Neurocomputing 422, 109\u2013117 (2021)","journal-title":"Neurocomputing"},{"key":"17_CR15","doi-asserted-by":"crossref","unstructured":"Dong, Y., et al.: Boosting adversarial attacks with momentum. In: IEEE\/CVF CVPR (2018)","DOI":"10.1109\/CVPR.2018.00957"},{"key":"17_CR16","unstructured":"Dziugaite, G.K., Roy, D.M.: Data-dependent PAC-Bayes priors via differential privacy. In: NeurIPS (2018)"},{"key":"17_CR17","doi-asserted-by":"crossref","unstructured":"Finlay, C., Pooladian, A.A., Oberman, A.: The LogBarrier adversarial attack: making effective use of decision boundary information. In: IEEE\/CVF CVPR (2019)","DOI":"10.1109\/ICCV.2019.00496"},{"key":"17_CR18","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: ICLR (2015)"},{"issue":"2","key":"17_CR19","doi-asserted-by":"publisher","first-page":"393","DOI":"10.1007\/s10994-020-05929-w","volume":"110","author":"H Gouk","year":"2021","unstructured":"Gouk, H., Frank, E., Pfahringer, B., Cree, M.J.: Regularisation of neural networks by enforcing lipschitz continuity. Mach. Learn. 110(2), 393\u2013416 (2021)","journal-title":"Mach. Learn."},{"issue":"3","key":"17_CR20","doi-asserted-by":"publisher","first-page":"362","DOI":"10.1002\/rob.21918","volume":"37","author":"S Grigorescu","year":"2020","unstructured":"Grigorescu, S., Trasnea, B., Cocias, T., Macesanu, G.: A survey of deep learning techniques for autonomous driving. J .Field Robot. 37(3), 362\u2013386 (2020)","journal-title":"J .Field Robot."},{"key":"17_CR21","unstructured":"Gu, S., Rigazio, L.: Towards deep neural network architectures robust to adversarial examples. In: ICLR, Workshop Track Proceedings (2015)"},{"key":"17_CR22","doi-asserted-by":"crossref","unstructured":"Hayes, J., Danezis, G.: Learning universal adversarial perturbations with generative models. In: IEEE S &P Workshops (2018)","DOI":"10.1109\/SPW.2018.00015"},{"key":"17_CR23","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2020.100270","volume":"37","author":"X Huang","year":"2020","unstructured":"Huang, X., et al.: A survey of safety and trustworthiness of deep neural networks: verification, testing, adversarial attack and defence, and interpretability. Comput. Sci. Rev. 37, 100270 (2020)","journal-title":"Comput. Sci. Rev."},{"key":"17_CR24","unstructured":"Khim, J., Loh, P.L.: Adversarial risk bounds via function transformation. arXiv preprint arXiv:1810.09519 (2018)"},{"key":"17_CR25","doi-asserted-by":"crossref","unstructured":"Khrulkov, V., Oseledets, I.: Art of singular vectors and universal adversarial perturbations. In: IEEE\/CVF CVPR (2018)","DOI":"10.1109\/CVPR.2018.00893"},{"key":"17_CR26","unstructured":"Kim, H.: Torchattacks: a PyTorch repository for adversarial attacks. arXiv preprint arXiv:2010.01950 (2020)"},{"key":"17_CR27","unstructured":"Krizhevsky, A., Hinton, G.: Learning multiple layers of features from tiny images. Tech. Rep.\u00a00, University of Toronto, Toronto, Ontario (2009)"},{"key":"17_CR28","doi-asserted-by":"crossref","unstructured":"Kurakin, A., Goodfellow, I.J., Bengio, S.: Adversarial examples in the physical world. In: ICLR Workshop Track Proceedings (2017)","DOI":"10.1201\/9781351251389-8"},{"key":"17_CR29","unstructured":"Laidlaw, C., Singla, S., Feizi, S.: Perceptual adversarial robustness: Defense against unseen threat models. In: ICLR (2021)"},{"key":"17_CR30","unstructured":"LeCun, Y., Cortes, C.: MNIST handwritten digit database (2010)"},{"key":"17_CR31","unstructured":"Lin, J., Song, C., He, K., Wang, L., Hopcroft, J.E.: Nesterov accelerated gradient and scale invariance for adversarial attacks. In: ICLR (2020)"},{"key":"17_CR32","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. In: ICLR (2018)"},{"issue":"6","key":"17_CR33","doi-asserted-by":"publisher","first-page":"1236","DOI":"10.1093\/bib\/bbx044","volume":"19","author":"R Miotto","year":"2018","unstructured":"Miotto, R., Wang, F., Wang, S., Jiang, X., Dudley, J.T.: Deep learning for healthcare: review, opportunities and challenges. Brief. Bioinform. 19(6), 1236\u20131246 (2018)","journal-title":"Brief. Bioinform."},{"key":"17_CR34","volume-title":"Foundations of Machine Learning","author":"M Mohri","year":"2012","unstructured":"Mohri, M., Rostamizadeh, A., Talwalkar, A.: Foundations of Machine Learning. MIT Press, Adaptive computation and machine learning (2012)"},{"key":"17_CR35","unstructured":"Montasser, O., Hanneke, S., Srebro, N.: VC classes are adversarially robustly learnable, but only improperly. In: COLT (2019)"},{"key":"17_CR36","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli, S.M., Fawzi, A., Fawzi, O., Frossard, P.: Universal adversarial perturbations. In: IEEE\/CVF CVPR (2017)","DOI":"10.1109\/CVPR.2017.17"},{"key":"17_CR37","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli, S., Fawzi, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. In: IEEE\/CVF CVPR (2016)","DOI":"10.1109\/CVPR.2016.282"},{"key":"17_CR38","unstructured":"Mustafa, W., Lei, Y., Kloft, M.: On the generalization analysis of adversarial learning. In: ICML (2022)"},{"key":"17_CR39","doi-asserted-by":"crossref","unstructured":"Nassi, B., Mirsky, Y., Nassi, D., Ben-Netanel, R., Drokin, O., Elovici, Y.: Phantom of the ADAS: securing advanced driver-assistance systems from split-second phantom attacks. In: ACM SIGSAC CCS (2020)","DOI":"10.1145\/3372297.3423359"},{"key":"17_CR40","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: IEEE S &P (2016)","DOI":"10.1109\/EuroSP.2016.36"},{"issue":"2","key":"17_CR41","doi-asserted-by":"publisher","first-page":"998","DOI":"10.1109\/COMST.2020.2975048","volume":"22","author":"A Qayyum","year":"2020","unstructured":"Qayyum, A., Usama, M., Qadir, J., Al-Fuqaha, A.: Securing connected amp; autonomous vehicles: challenges posed by adversarial machine learning and the way forward. IEEE Commun. Surv. 22(2), 998\u20131026 (2020)","journal-title":"IEEE Commun. Surv."},{"key":"17_CR42","unstructured":"Qin, Z., et al.: Boosting the transferability of adversarial attacks with reverse adversarial perturbation. In: NeurIPS (2022)"},{"key":"17_CR43","doi-asserted-by":"crossref","unstructured":"Sandler, M., Howard, A., Zhu, M., Zhmoginov, A., Chen, L.C.: MobileNetV2: inverted residuals and linear bottlenecks. In: IEEE\/CVF CVPR (2018)","DOI":"10.1109\/CVPR.2018.00474"},{"key":"17_CR44","unstructured":"Sehwag, V., et al.: Robust learning meets generative models: can proxy distributions improve adversarial robustness? In: ICLR (2022)"},{"key":"17_CR45","doi-asserted-by":"crossref","unstructured":"Shafahi, A., Najibi, M., Xu, Z., Dickerson, J., Davis, L.S., Goldstein, T.: Universal adversarial training. In: AAAI (2020)","DOI":"10.1609\/aaai.v34i04.6017"},{"key":"17_CR46","unstructured":"Szegedy, C., et al.: Intriguing properties of neural networks. In: ICLR (2014)"},{"key":"17_CR47","doi-asserted-by":"crossref","unstructured":"Tabacof, P., Valle, E.: Exploring the space of adversarial images. In: IEEE IJCNN (2016)","DOI":"10.1109\/IJCNN.2016.7727230"},{"key":"17_CR48","unstructured":"Viallard, P., Vidot, E.G., Habrard, A., Morvant, E.: A PAC-Bayes analysis of adversarial robustness. In: NeurIPS (2021)"},{"key":"17_CR49","doi-asserted-by":"crossref","unstructured":"Wang, X., Lin, J., Hu, H., Wang, J., He, K.: Boosting adversarial transferability through enhanced momentum. arXiv preprint arXiv:2103.10609 (2021)","DOI":"10.5244\/C.35.186"},{"key":"17_CR50","doi-asserted-by":"crossref","unstructured":"Xiao, C., Li, B., yan Zhu, J., He, W., Liu, M., Song, D.: Generating adversarial examples with adversarial networks. In: International Joint Conference on Artificial Intelligence (2018)","DOI":"10.24963\/ijcai.2018\/543"},{"key":"17_CR51","first-page":"26523","volume":"34","author":"Y Xing","year":"2021","unstructured":"Xing, Y., Song, Q., Cheng, G.: On the algorithmic stability of adversarial training. NeurIPS 34, 26523\u201326535 (2021)","journal-title":"NeurIPS"},{"key":"17_CR52","unstructured":"Yin, D., Kannan, R., Bartlett, P.: Rademacher complexity for adversarially robust generalization. In: ICML (2019)"},{"key":"17_CR53","unstructured":"Zeng, J., Lau, T.T.K., Lin, S., Yao, Y.: Global convergence of block coordinate descent in deep learning. In: ICML (2019)"},{"key":"17_CR54","unstructured":"Zeng, Y., et al.: Towards robustness certification against universal perturbations. In: ICLR (2023)"},{"key":"17_CR55","doi-asserted-by":"crossref","unstructured":"Zhang, C., Benz, P., Imtiaz, T., Kweon, I.S.: Understanding adversarial examples from the mutual influence of images and perturbations. In: IEEE\/CVF CVPR (2020)","DOI":"10.1109\/CVPR42600.2020.01453"},{"key":"17_CR56","doi-asserted-by":"crossref","unstructured":"Zhang, C., Benz, P., Lin, C., Karjauv, A., Wu, J., Kweon, I.S.: A survey on universal adversarial attack. In: IJCAI (2021), Survey Track (2021)","DOI":"10.24963\/ijcai.2021\/635"},{"key":"17_CR57","doi-asserted-by":"publisher","first-page":"4804","DOI":"10.1109\/TIP.2020.2975918","volume":"29","author":"Y Zhang","year":"2020","unstructured":"Zhang, Y., Tian, X., Li, Y., Wang, X., Tao, D.: Principal component adversarial example. IEEE Trans. Image Process. 29, 4804\u20134815 (2020)","journal-title":"IEEE Trans. Image Process."}],"container-title":["Lecture Notes in Computer Science","Machine Learning and Knowledge Discovery in Databases. Research Track"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-70359-1_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,12]],"date-time":"2026-01-12T07:27:11Z","timestamp":1768202831000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-70359-1_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031703584","9783031703591"],"references-count":57,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-70359-1_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"22 August 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"While focused on DNN attacks, the identified weaknesses could aid in improving their robustness, fostering the development of more reliable DNNs.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethic Statement"}},{"value":"ECML PKDD","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Joint European Conference on Machine Learning and Knowledge Discovery in Databases","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Vilnius","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Lithuania","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ecml2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2024.ecmlpkdd.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}