{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T23:35:19Z","timestamp":1742945719491,"version":"3.40.3"},"publisher-location":"Cham","reference-count":66,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031781681"},{"type":"electronic","value":"9783031781698"}],"license":[{"start":{"date-parts":[[2024,11,30]],"date-time":"2024-11-30T00:00:00Z","timestamp":1732924800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,11,30]],"date-time":"2024-11-30T00:00:00Z","timestamp":1732924800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-78169-8_3","type":"book-chapter","created":{"date-parts":[[2024,11,29]],"date-time":"2024-11-29T14:28:07Z","timestamp":1732890487000},"page":"30-45","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Supervised Mixup: Protecting the\u00a0Likely Classes for\u00a0Adversarial Robustness"],"prefix":"10.1007","author":[{"given":"Akshay","family":"Agarwal","sequence":"first","affiliation":[]},{"given":"Mayank","family":"Vatsa","sequence":"additional","affiliation":[]},{"given":"Richa","family":"Singh","sequence":"additional","affiliation":[]},{"given":"Nalini","family":"Ratha","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,11,30]]},"reference":[{"key":"3_CR1","doi-asserted-by":"publisher","first-page":"7338","DOI":"10.1109\/TIP.2022.3204206","volume":"31","author":"A Agarwal","year":"2022","unstructured":"Agarwal, A., Ratha, N., Vatsa, M., Singh, R.: Crafting adversarial perturbations via transformed image component swapping. IEEE Trans. Image Process. 31, 7338\u20137349 (2022)","journal-title":"IEEE Trans. Image Process."},{"key":"3_CR2","doi-asserted-by":"crossref","unstructured":"Agarwal, A., Singh, R., Vatsa, M., Ratha, N.: Are image-agnostic universal adversarial perturbations for face recognition difficult to detect? IEEE BTAS 1\u20137 (2018)","DOI":"10.1109\/BTAS.2018.8698548"},{"issue":"6","key":"3_CR3","doi-asserted-by":"publisher","first-page":"1484","DOI":"10.1109\/TAI.2022.3206259","volume":"4","author":"A Agarwal","year":"2022","unstructured":"Agarwal, A., Singh, R., Vatsa, M., Ratha, N.: Ibattack: being cautious about data labels. IEEE Trans. Artif. Intell. 4(6), 1484\u20131493 (2022)","journal-title":"IEEE Trans. Artif. Intell."},{"key":"3_CR4","doi-asserted-by":"publisher","first-page":"415","DOI":"10.1016\/j.inffus.2023.01.022","volume":"95","author":"A Agarwal","year":"2023","unstructured":"Agarwal, A., Vatsa, M., Singh, R., Ratha, N.: Parameter agnostic stacked wavelet transformer for detecting singularities. Inf. Fusion 95, 415\u2013425 (2023)","journal-title":"Inf. Fusion"},{"key":"3_CR5","doi-asserted-by":"publisher","DOI":"10.1016\/j.neunet.2023.11.035","volume":"172","author":"A Agarwal","year":"2024","unstructured":"Agarwal, A., Vatsa, M., Singh, R., Ratha, N.: Corruption depth: analysis of DNN depth for misclassification. Neural Netw. 172, 106013 (2024)","journal-title":"Neural Netw."},{"key":"3_CR6","unstructured":"Athalye, A., Carlini, N., Wagner, D.: Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples. ICML (2018)"},{"key":"3_CR7","unstructured":"Bartoldson, B.R., Diffenderfer, J., Parasyris, K., Kailkhura, B.: Adversarial robustness limits via scaling-law and human-alignment studies. In: ICML (2024)"},{"key":"3_CR8","doi-asserted-by":"crossref","unstructured":"Bulusu, S., Kailkhura, B., Li, B., Varshney, P.K., Song, D.: Anomalous instance detection in deep learning: a survey. arXiv:2003.06979v1 (2020)","DOI":"10.1109\/ACCESS.2020.3010274"},{"key":"3_CR9","doi-asserted-by":"crossref","unstructured":"Carlini, N., Wagner, D.: Adversarial examples are not easily detected: bypassing ten detection methods. In: ACMW on AISec, pp. 3\u201314 (2017)","DOI":"10.1145\/3128572.3140444"},{"key":"3_CR10","doi-asserted-by":"crossref","unstructured":"Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: IEEE S &P, pp. 39\u201357 (2017)","DOI":"10.1109\/SP.2017.49"},{"key":"3_CR11","unstructured":"Chapelle, O., Weston, J., Bottou, L., Vapnik, V.: Vicinal risk minimization. In: NeurIPS, pp. 416\u2013422 (2001)"},{"key":"3_CR12","doi-asserted-by":"crossref","unstructured":"Chen, P.Y., Sharma, Y., Zhang, H., Yi, J., Hsieh, C.J.: EAD: elastic-net attacks to deep neural networks via adversarial examples. In: AAAI, pp. 10\u201317 (2018)","DOI":"10.1609\/aaai.v32i1.11302"},{"key":"3_CR13","unstructured":"Das, N., et al.: Keeping the bad guys out: protecting and vaccinating deep learning with jpeg compression. arXiv preprint arXiv:1705.02900 (2017)"},{"key":"3_CR14","doi-asserted-by":"crossref","unstructured":"Dong, Y., et al.: Benchmarking adversarial robustness on image classification. In: CVPR, pp. 321\u2013331 (2020)","DOI":"10.1109\/CVPR42600.2020.00040"},{"key":"3_CR15","unstructured":"Dziugaite, G.K., Ghahramani, Z., Roy, D.M.: A study of the effect of JPG compression on adversarial images. arXiv:1608.00853 (2016)"},{"key":"3_CR16","doi-asserted-by":"crossref","unstructured":"Frosio, I., Kautz, J.: The best defense is a good offense: adversarial augmentation against adversarial attacks. In: IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 4067\u20134076 (2023)","DOI":"10.1109\/CVPR52729.2023.00396"},{"key":"3_CR17","unstructured":"Ghiasi, A., Shafahi, A., Goldstein, T.: Breaking certified defenses: semantic adversarial examples with spoofed robustness certificates. In: ICLR (2020)"},{"key":"3_CR18","doi-asserted-by":"crossref","unstructured":"Goel, A., Agarwal, A., Vatsa, M., Singh, R., Ratha, N.: DeepRing: protecting deep neural network with blockchain. IEEE CVPRW (2019)","DOI":"10.1109\/CVPRW.2019.00341"},{"key":"3_CR19","doi-asserted-by":"crossref","unstructured":"Goel, A., Agarwal, A., Vatsa, M., Singh, R., Ratha, N.: Securing CNN model and biometric template using blockchain. IEEE BTAS 1\u20136 (2019)","DOI":"10.1109\/BTAS46853.2019.9185999"},{"key":"3_CR20","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)"},{"issue":"6\u20137","key":"3_CR21","doi-asserted-by":"publisher","first-page":"719","DOI":"10.1007\/s11263-019-01160-w","volume":"127","author":"G Goswami","year":"2019","unstructured":"Goswami, G., Agarwal, A., Ratha, N., Singh, R., Vatsa, M.: Detecting and mitigating adversarial perturbations for robust face recognition. IJCV 127(6\u20137), 719\u2013742 (2019)","journal-title":"IJCV"},{"key":"3_CR22","unstructured":"Guo, C., Rana, M., Cisse, M., Van Der\u00a0Maaten, L.: Countering adversarial images using input transformations. arXiv preprint arXiv:1711.00117 (2017)"},{"key":"3_CR23","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: IEEE CVPR, pp. 770\u2013778 (2016)","DOI":"10.1109\/CVPR.2016.90"},{"key":"3_CR24","unstructured":"Hendrycks, D., Gimpel, K.: Early methods for detecting adversarial images. ICLR Workshop (2017)"},{"key":"3_CR25","doi-asserted-by":"crossref","unstructured":"Hsu, Y.C., Shen, Y., Jin, H., Kira, Z.: Generalized ODIN: detecting out-of-distribution image without learning from out-of-distribution data. IEEE CVPR (2020)","DOI":"10.1109\/CVPR42600.2020.01096"},{"key":"3_CR26","doi-asserted-by":"crossref","unstructured":"Jang, Y., Zhao, T., Hong, S., Lee, H.: Adversarial defense via learning to generate diverse attacks. In: IEEE ICCV, pp. 2740\u20132749 (2019)","DOI":"10.1109\/ICCV.2019.00283"},{"key":"3_CR27","doi-asserted-by":"crossref","unstructured":"Jia, X., Wei, X., Cao, X., Foroosh, H.: Comdefend: an efficient image compression model to defend adversarial examples. In: IEEE CVPR, pp. 6084\u20136092 (2019)","DOI":"10.1109\/CVPR.2019.00624"},{"key":"3_CR28","unstructured":"Krizhevsky, A.: Learning multiple layers of features from tiny images. Technical report, Citeseer (2009)"},{"key":"3_CR29","unstructured":"Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533 (2016)"},{"key":"3_CR30","unstructured":"Lee, H., Han, S., Lee, J.: Generative adversarial trainer: defense to adversarial perturbations with gan. preprint arXiv:1705.03387 (2017)"},{"key":"3_CR31","doi-asserted-by":"crossref","unstructured":"Liu, J., et al.: Detection based defense against adversarial examples from the steganalysis point of view. In: IEEE CVPR, pp. 4825\u20134834 (2019)","DOI":"10.1109\/CVPR.2019.00496"},{"key":"3_CR32","doi-asserted-by":"crossref","unstructured":"Lu, J., Issaranon, T., Forsyth, D.: Safetynet: detecting and rejecting adversarial examples robustly. In: IEEE ICCV, pp. 446\u2013454 (2017)","DOI":"10.1109\/ICCV.2017.56"},{"key":"3_CR33","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. ICLR, pp. 1\u201328 (2018)"},{"key":"3_CR34","unstructured":"Mejia, F.A., et al.: Robust or private? Adversarial training makes models more vulnerable to privacy attacks. arXiv:1906.06449 (2019)"},{"key":"3_CR35","doi-asserted-by":"crossref","unstructured":"Meng, D., Chen, H.: Magnet: a two-pronged defense against adversarial examples. In: ACM CCS, pp. 135\u2013147 (2017)","DOI":"10.1145\/3133956.3134057"},{"key":"3_CR36","unstructured":"Metzen, J.H., Genewein, T., Fischer, V., Bischoff, B.: On detecting adversarial perturbations. ICLR (2017)"},{"key":"3_CR37","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli, S.M., Fawzi, A., Frossard, P.: Deepfool: a simple and accurate method to fool deep neural networks. In: IEEE CVPR, pp. 2574\u20132582 (2016)","DOI":"10.1109\/CVPR.2016.282"},{"key":"3_CR38","doi-asserted-by":"crossref","unstructured":"Mustafa, A., Khan, S., Hayat, M., Goecke, R., Shen, J., Shao, L.: Adversarial defense by restricting the hidden space of deep neural networks. In: ICCV, pp. 3385\u20133394 (2019)","DOI":"10.1109\/ICCV.2019.00348"},{"key":"3_CR39","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Wu, X., Jha, S., Swami, A.: Distillation as a defense to adversarial perturbations against deep neural networks. In: IEEE S &P, pp. 582\u2013597 (2016)","DOI":"10.1109\/SP.2016.41"},{"key":"3_CR40","unstructured":"Peng, S., et al.: Robust principles: architectural design principles for adversarially robust CNNs. In: BMVC (2023)"},{"key":"3_CR41","doi-asserted-by":"publisher","unstructured":"Ren, K., Zheng, T., Qin, Z., Liu, X.: Adversarial attacks and defenses in deep learning. Engineering, pp. 1\u201315 (2020). https:\/\/doi.org\/10.1016\/j.eng.2019.12.012","DOI":"10.1016\/j.eng.2019.12.012"},{"key":"3_CR42","unstructured":"Samangouei, P., Kabkab, M., Chellappa, R.: Defense-GAN: protecting classifiers against adversarial attacks using generative models. ICLR (2018)"},{"issue":"1","key":"3_CR43","doi-asserted-by":"publisher","first-page":"423","DOI":"10.1007\/s10489-022-03159-2","volume":"53","author":"A Sarvar","year":"2023","unstructured":"Sarvar, A., Amirmazlaghani, M.: Defense against adversarial examples based on wavelet domain analysis. Appl. Intell. 53(1), 423\u2013439 (2023)","journal-title":"Appl. Intell."},{"key":"3_CR44","unstructured":"Sen, S., Ravindran, B., Raghunathan, A.: Empir: ensembles of mixed precision deep networks for increased robustness against adversarial attacks. ICLR (2020)"},{"key":"3_CR45","unstructured":"Shafahi, A., et al.: Adversarial training for free! In: NeurIPS, pp. 3353\u20133364 (2019)"},{"issue":"1","key":"3_CR46","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1186\/s40537-019-0197-0","volume":"6","author":"C Shorten","year":"2019","unstructured":"Shorten, C., Khoshgoftaar, T.M.: A survey on image data augmentation for deep learning. J. Big Data 6(1), 60 (2019)","journal-title":"J. Big Data"},{"key":"3_CR47","doi-asserted-by":"crossref","unstructured":"Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. ICLR (2015)","DOI":"10.1109\/ICCV.2015.314"},{"key":"3_CR48","doi-asserted-by":"crossref","unstructured":"Singh, R., Agarwal, A., Singh, M., Nagpal, S., Vatsa, M.: On the robustness of face recognition algorithms against attacks and bias. In: AAAI, pp. 13583\u201313589 (2020)","DOI":"10.1609\/aaai.v34i09.7085"},{"key":"3_CR49","unstructured":"Song, Y., Kim, T., Nowozin, S., Ermon, S., Kushman, N.: Pixeldefend: leveraging generative models to understand and defend against adversarial examples. ICLR (2018)"},{"key":"3_CR50","unstructured":"Szegedy, C., et al.: Intriguing properties of neural networks. ICLR (2014)"},{"key":"3_CR51","unstructured":"Vapnik, V.: Statistical learning theory. J. Wiley 1 (1998)"},{"key":"3_CR52","unstructured":"Verma, V., et al.: Manifold mixup: better representations by interpolating hidden states. ICML (2019)"},{"key":"3_CR53","doi-asserted-by":"crossref","unstructured":"Wang, H., Wu, X., Yin, P., Xing, E.P.: High frequency component helps explain the generalization of convolutional neural networks. IEEE CVPR (2020)","DOI":"10.1109\/CVPR42600.2020.00871"},{"key":"3_CR54","doi-asserted-by":"crossref","unstructured":"Wang, X., et al.: Protecting neural networks with hierarchical random switching: towards better robustness-accuracy trade-off for stochastic defenses. In: IJCAI, pp. 6013\u20136019 (2019)","DOI":"10.24963\/ijcai.2019\/833"},{"key":"3_CR55","unstructured":"Wang, Z., Pang, T., Du, C., Lin, M., Liu, W., Yan, S.: Better diffusion models further improve adversarial training. In: International Conference on Machine Learning, pp. 36246\u201336263. PMLR (2023)"},{"key":"3_CR56","unstructured":"Wong, E., Rice, L., Kolter, J.Z.: Fast is better than free: revisiting adversarial training. arXiv preprint arXiv:2001.03994 (2020)"},{"key":"3_CR57","unstructured":"Xiao, H., Rasul, K., Vollgraf, R.: Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. arXiv preprint arXiv:1708.07747 (2017)"},{"key":"3_CR58","unstructured":"Xie, C., Wang, J., Zhang, Z., Ren, Z., Yuille, A.: Mitigating adversarial effects through randomization. ICLR (2018)"},{"key":"3_CR59","unstructured":"Yao, L., Miller, J.: Tiny imagenet classification with convolutional neural networks. CS 231N 2(5), 8 (2015)"},{"issue":"9","key":"3_CR60","first-page":"2805","volume":"30","author":"X Yuan","year":"2019","unstructured":"Yuan, X., He, P., Zhu, Q., Li, X.: Adversarial examples: attacks and defenses for deep learning. IEEE TNNLS 30(9), 2805\u20132824 (2019)","journal-title":"IEEE TNNLS"},{"key":"3_CR61","unstructured":"Zhang, C., Bengio, S., Hardt, M., Recht, B., Vinyals, O.: Understanding deep learning requires rethinking generalization. ICLR (2017)"},{"key":"3_CR62","unstructured":"Zhang, D., Zhang, T., Lu, Y., Zhu, Z., Dong, B.: You only propagate once: accelerating adversarial training via maximal principle. In: NeurIPS, pp. 227\u2013238 (2019)"},{"key":"3_CR63","unstructured":"Zhang, H., Yu, Y., Jiao, J., Xing, E., El\u00a0Ghaoui, L., Jordan, M.: Theoretically principled trade-off between robustness and accuracy. In: ICML, pp. 7472\u20137482 (2019)"},{"key":"3_CR64","unstructured":"Zhang, H., Cisse, M., Dauphin, Y.N., Lopez-Paz, D.: Mixup: beyond empirical risk minimization. ICLR (2018)"},{"key":"3_CR65","unstructured":"Zhang, H., Chen, H., Song, Z., Boning, D., Dhillon, I.S., Hsieh, C.J.: The limitations of adversarial training and the blind-spot attack. ICLR (2019)"},{"key":"3_CR66","doi-asserted-by":"crossref","unstructured":"Zhong, Z., Zheng, L., Kang, G., Li, S., Yang, Y.: Random erasing data augmentation. AAAI (2020)","DOI":"10.1609\/aaai.v34i07.7000"}],"container-title":["Lecture Notes in Computer Science","Pattern Recognition"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-78169-8_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,29]],"date-time":"2024-11-29T15:04:18Z","timestamp":1732892658000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-78169-8_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,30]]},"ISBN":["9783031781681","9783031781698"],"references-count":66,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-78169-8_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,11,30]]},"assertion":[{"value":"30 November 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICPR","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Pattern Recognition","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Kolkata","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 December 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 December 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icpr2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/icpr2024.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}