{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T19:06:08Z","timestamp":1757617568800,"version":"3.44.0"},"publisher-location":"Cham","reference-count":50,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031823619"},{"type":"electronic","value":"9783031823626"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-82362-6_6","type":"book-chapter","created":{"date-parts":[[2025,4,1]],"date-time":"2025-04-01T10:09:41Z","timestamp":1743502181000},"page":"88-106","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["On Intrinsic Cause and\u00a0Defense of\u00a0Adversarial Examples in\u00a0Deep Neural Networks"],"prefix":"10.1007","author":[{"given":"Hajime","family":"Tasaki","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jinhui","family":"Chao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,4,1]]},"reference":[{"key":"6_CR1","unstructured":"Athalye, A., Carlini, N., Wagner, D.: Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples. In: International Conference on Machine Learning, pp. 274\u2013283. PMLR (2018)"},{"key":"6_CR2","unstructured":"Bhagoji, A.N., Cullina, D., Mittal, P.: Dimensionality reduction as a defense against evasion attacks on machine learning classifiers. arXiv preprint arXiv:1704.026542(1) (2017)"},{"key":"6_CR3","doi-asserted-by":"crossref","unstructured":"Biggio, B., et al.: Evasion attacks against machine learning at test time. In: Joint European Conference on Machine Learning and Knowledge Discovery in Databases, pp. 387\u2013402. Springer (2013)","DOI":"10.1007\/978-3-642-40994-3_25"},{"key":"6_CR4","doi-asserted-by":"crossref","unstructured":"Biggio, B., Roli, F.: Wild patterns: ten years after the rise of adversarial machine learning. Pattern Recogn. 84, 317\u2013331 (2018). https:\/\/arxiv.org\/abs\/1704.02654v2","DOI":"10.1016\/j.patcog.2018.07.023"},{"key":"6_CR5","doi-asserted-by":"crossref","unstructured":"Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 39\u201357. IEEE Computer Society, Los Alamitos, CA, USA (may 2017)","DOI":"10.1109\/SP.2017.49"},{"key":"6_CR6","unstructured":"Carlini, N., Wagner, D.: Defensive distillation is not robust to adversarial examples. arXiv preprint arXiv:1607.04311 (2016)"},{"key":"6_CR7","unstructured":"Carlini, N., Wagner, D.: Magnet and\" efficient defenses against adversarial attacks\" are not robust to adversarial examples. arXiv preprint arXiv:1711.08478 (2017)"},{"key":"6_CR8","doi-asserted-by":"crossref","unstructured":"Carlsson, G., Gabrielsson, R.B.: Topological approaches to deep learning. In: Topological Data Analysis: The Abel Symposium 2018, pp. 119\u2013146. Springer (2020)","DOI":"10.1007\/978-3-030-43408-3_5"},{"issue":"1","key":"6_CR9","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1049\/cit2.12028","volume":"6","author":"A Chakraborty","year":"2021","unstructured":"Chakraborty, A., Alam, M., Dey, V., Chattopadhyay, A., Mukhopadhyay, D.: A survey on adversarial attacks and defences. CAAI Trans. Intell. Technol. 6(1), 25\u201345 (2021)","journal-title":"CAAI Trans. Intell. Technol."},{"key":"6_CR10","unstructured":"Croce, F., Hein, M.: Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. arXiv preprint arXiv:2003.01690 (2020)"},{"issue":"4","key":"6_CR11","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1007\/BF02551274","volume":"2","author":"G Cybenko","year":"1989","unstructured":"Cybenko, G.: Approximation by superpositions of a sigmoidal function. Math. Control Signals Syst. 2(4), 303\u2013314 (1989)","journal-title":"Math. Control Signals Syst."},{"key":"6_CR12","doi-asserted-by":"crossref","unstructured":"Dubey, A., Maaten, L.v.d., Yalniz, Z., Li, Y., Mahajan, D.: Defense against adversarial images using web-scale nearest-neighbor search. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 8767\u20138776 (2019)","DOI":"10.1109\/CVPR.2019.00897"},{"key":"6_CR13","unstructured":"Engstrom, L., Tsipras, D., Schmidt, L., Madry, A.: A rotation and a translation suffice: fooling CNNs with simple transformations. arXiv preprint arXiv:1712.02779v3 (2017)"},{"key":"6_CR14","unstructured":"Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning. MIT press (2016)"},{"key":"6_CR15","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples (2014)"},{"key":"6_CR16","unstructured":"Hendrycks, D., Gimpel, K.: Early methods for detecting adversarial images. arXiv preprint arXiv:1608.00530 (2016)"},{"issue":"5","key":"6_CR17","doi-asserted-by":"publisher","first-page":"359","DOI":"10.1016\/0893-6080(89)90020-8","volume":"2","author":"K Hornik","year":"1989","unstructured":"Hornik, K., Stinchcombe, M., White, H.: Multilayer feedforward networks are universal approximators. Neural Netw. 2(5), 359\u2013366 (1989)","journal-title":"Neural Netw."},{"key":"6_CR18","unstructured":"Ilyas, A., Jalal, A., Asteri, E., Daskalakis, C., Dimakis, A.G.: The robust manifold defense: adversarial training using generative models. arXiv preprint arXiv:1712.09196 (2017)"},{"key":"6_CR19","unstructured":"Jalal, A., Ilyas, A., Daskalakis, C., Dimakis, A.G.: The robust manifold defense: Adversarial training using generative models. arXiv preprint arXiv:1712.09196 (2017)"},{"key":"6_CR20","doi-asserted-by":"crossref","unstructured":"Jin, G., Shen, S., Zhang, D., Dai, F., Zhang, Y.: APE-GAN: adversarial perturbation elimination with GAN. In: ICASSP 2019 - 2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 3842\u20133846 (2019)","DOI":"10.1109\/ICASSP.2019.8683044"},{"key":"6_CR21","unstructured":"Khoury, M., Hadfield-Menell, D.: On the geometry of adversarial examples. arXiv preprint arXiv:1811.00525 (2018)"},{"issue":"11","key":"6_CR22","doi-asserted-by":"publisher","first-page":"2278","DOI":"10.1109\/5.726791","volume":"86","author":"Y Lecun","year":"1998","unstructured":"Lecun, Y., Bottou, L., Bengio, Y., Haffner, P.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278\u20132324 (1998)","journal-title":"Proc. IEEE"},{"key":"6_CR23","unstructured":"Lee, H., Han, S., Lee, J.: Generative adversarial trainer: defense to adversarial perturbations with GAN. arXiv preprint arXiv:1705.03387 (2017)"},{"key":"6_CR24","doi-asserted-by":"crossref","unstructured":"Lee, J.: Introduction to Smooth Manifolds. Springer (2002)","DOI":"10.1007\/978-0-387-21752-9"},{"key":"6_CR25","doi-asserted-by":"crossref","unstructured":"Lee, J.: Introduction to topological manifolds, vol.\u00a0202. Springer Science & Business Media (2010)","DOI":"10.1007\/978-1-4419-7940-7_2"},{"key":"6_CR26","doi-asserted-by":"crossref","unstructured":"Li, X., Li, F.: Adversarial examples detection in deep networks with convolutional filter statistics. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 5764\u20135772 (2017)","DOI":"10.1109\/ICCV.2017.615"},{"key":"6_CR27","unstructured":"Lindqvist, B., Sugrim, S., Izmailov, R.: AutoGAN: robust classifier against adversarial attacks. arXiv preprint arXiv:1812.03405 (2018)"},{"key":"6_CR28","unstructured":"Van\u00a0der Maaten, L., Hinton, G.: Visualizing data using t-SNE. J. Mach. Learn. Res. 9(11) (2008)"},{"key":"6_CR29","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017)"},{"key":"6_CR30","doi-asserted-by":"crossref","unstructured":"McInnes, L., Healy, J., Melville, J.: UMAP: uniform manifold approximation and projection for dimension reduction. arXiv preprint arXiv:1802.03426 (2018)","DOI":"10.21105\/joss.00861"},{"key":"6_CR31","doi-asserted-by":"crossref","unstructured":"Meng, D., Chen, H.: Magnet: a two-pronged defense against adversarial examples. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 135\u2013147 (2017)","DOI":"10.1145\/3133956.3134057"},{"issue":"184","key":"6_CR32","first-page":"1","volume":"21","author":"G Naitzat","year":"2020","unstructured":"Naitzat, G., Zhitnikov, A., Lim, L.H.: Topology of deep neural networks. J. Mach. Learn. Res. 21(184), 1\u201340 (2020)","journal-title":"J. Mach. Learn. Res."},{"key":"6_CR33","unstructured":"Pandey, T.: Topological understanding of neural networks, a survey. arXiv preprint arXiv:2301.09742 (2023)"},{"key":"6_CR34","unstructured":"Papernot, N., et al.: Technical report on the cleverhans v2.1.0 adversarial examples library (2018)"},{"key":"6_CR35","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Wu, X., Jha, S., Swami, A.: Distillation as a defense to adversarial perturbations against deep neural networks. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 582\u2013597 (2016)","DOI":"10.1109\/SP.2016.41"},{"key":"6_CR36","first-page":"659","volume":"35","author":"MW Richardson","year":"1938","unstructured":"Richardson, M.W.: Multidimensional psychophysics. Psychol. Bull. 35, 659\u2013660 (1938)","journal-title":"Psychol. Bull."},{"key":"6_CR37","first-page":"2294","volume":"24","author":"S Rifai","year":"2011","unstructured":"Rifai, S., Dauphin, Y.N., Vincent, P., Bengio, Y., Muller, X.: The manifold tangent classifier. Adv. Neural. Inf. Process. Syst. 24, 2294\u20132302 (2011)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"issue":"5500","key":"6_CR38","doi-asserted-by":"publisher","first-page":"2323","DOI":"10.1126\/science.290.5500.2323","volume":"290","author":"ST Roweis","year":"2000","unstructured":"Roweis, S.T., Saul, L.K.: Nonlinear dimensionality reduction by locally linear embedding. Science 290(5500), 2323\u20132326 (2000)","journal-title":"Science"},{"key":"6_CR39","unstructured":"Samangouei, P., Kabkab, M., Chellappa, R.: Defense-GAN: protecting classifiers against adversarial attacks using generative models. In: International Conference on Learning Representations (2018)"},{"key":"6_CR40","unstructured":"Schott, L., Rauber, J., Bethge, M., Brendel, W.: Towards the first adversarially robust neural network model on MNIST. arXiv preprint arXiv:1805.09190 (2018)"},{"key":"6_CR41","doi-asserted-by":"crossref","unstructured":"Stutz, D., Hein, M., Schiele, B.: Disentangling adversarial robustness and generalization. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 6976\u20136987 (2019)","DOI":"10.1109\/CVPR.2019.00714"},{"key":"6_CR42","unstructured":"Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., Fergus, R.: Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)"},{"key":"6_CR43","doi-asserted-by":"crossref","unstructured":"Tasaki, H., Kaneko, Y., Chao, J.: Curse of co-dimensionality: Explaining adversarial examples by embedding geometry of data manifold. In: 2022 26th International Conference on Pattern Recognition (ICPR), pp. 2364\u20132370. IEEE (2022)","DOI":"10.1109\/ICPR56361.2022.9956073"},{"key":"6_CR44","doi-asserted-by":"crossref","unstructured":"Tasaki, H., Lenz, R., Chao, J.: Simplex-based dimension estimation of topological manifolds. In: 2016 23rd International Conference on Pattern Recognition (ICPR), pp. 3609\u20133614. IEEE (2016)","DOI":"10.1109\/ICPR.2016.7900194"},{"key":"6_CR45","doi-asserted-by":"crossref","unstructured":"Tasaki, H., Lenz, R., Chao, J.: Dimension estimation and topological manifold learning. In: 2019 International Joint Conference on Neural Networks (IJCNN), pp.\u00a01\u20137 (2019)","DOI":"10.1109\/IJCNN.2019.8852081"},{"issue":"5500","key":"6_CR46","doi-asserted-by":"publisher","first-page":"2319","DOI":"10.1126\/science.290.5500.2319","volume":"290","author":"JB Tenenbaum","year":"2000","unstructured":"Tenenbaum, J.B., De Silva, V., Langford, J.C.: A global geometric framework for nonlinear dimensionality reduction. Science 290(5500), 2319\u20132323 (2000)","journal-title":"Science"},{"key":"6_CR47","volume-title":"Geometric Structure of High-Dimensional Data and Dimensionality Reduction","author":"J Wang","year":"2012","unstructured":"Wang, J.: Geometric Structure of High-Dimensional Data and Dimensionality Reduction. Springer, Berlin Heidelberg (2012)"},{"issue":"2","key":"6_CR48","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s11633-019-1211-x","volume":"17","author":"H Xu","year":"2020","unstructured":"Xu, H., et al.: Adversarial attacks and defenses in images, graphs and text: a review. Int. J. Autom. Comput. 17(2), 151\u2013178 (2020)","journal-title":"Int. J. Autom. Comput."},{"issue":"3","key":"6_CR49","first-page":"827","volume":"48","author":"R Yang","year":"2021","unstructured":"Yang, R., Chen, X.Q., Cao, T.J.: APE-GAN++: An improved ape-GAN to eliminate adversarial perturbations. IAENG Int. J. Comput. Sci. 48(3), 827\u2013844 (2021)","journal-title":"IAENG Int. J. Comput. Sci."},{"key":"6_CR50","doi-asserted-by":"publisher","first-page":"4804","DOI":"10.1109\/TIP.2020.2975918","volume":"29","author":"Y Zhang","year":"2020","unstructured":"Zhang, Y., Tian, X., Li, Y., Wang, X., Tao, D.: Principal component adversarial example. IEEE Trans. Image Process. 29, 4804\u20134815 (2020)","journal-title":"IEEE Trans. Image Process."}],"container-title":["Lecture Notes in Computer Science","Computer Security. ESORICS 2024 International Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-82362-6_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,6]],"date-time":"2025-09-06T08:33:19Z","timestamp":1757147599000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-82362-6_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031823619","9783031823626"],"references-count":50,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-82362-6_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"1 April 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bydgoszcz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Poland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2024.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}