{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T18:52:43Z","timestamp":1775069563176,"version":"3.50.1"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032078834","type":"print"},{"value":"9783032078841","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,13]],"date-time":"2025-10-13T00:00:00Z","timestamp":1760313600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,13]],"date-time":"2025-10-13T00:00:00Z","timestamp":1760313600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-07884-1_12","type":"book-chapter","created":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T16:22:35Z","timestamp":1760286155000},"page":"228-248","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["DUMB and\u00a0DUMBer: Is Adversarial Training Worth It in\u00a0the\u00a0Real World?"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5282-0965","authenticated-orcid":false,"given":"Francesco","family":"Marchiori","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5963-4599","authenticated-orcid":false,"given":"Marco","family":"Alecci","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6749-6608","authenticated-orcid":false,"given":"Luca","family":"Pajola","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3612-1934","authenticated-orcid":false,"given":"Mauro","family":"Conti","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,10,13]]},"reference":[{"key":"12_CR1","doi-asserted-by":"publisher","unstructured":"Alecci, M., Conti, M., Marchiori, F., Martinelli, L., Pajola, L.: Your attack is too dumb: formalizing attacker scenarios for adversarial transferability. In: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2023, pp. 315\u2013329. Association for Computing Machinery, New York (2023). https:\/\/doi.org\/10.1145\/3607199.3607227","DOI":"10.1145\/3607199.3607227"},{"key":"12_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"484","DOI":"10.1007\/978-3-030-58592-1_29","volume-title":"Computer Vision \u2013 ECCV 2020","author":"M Andriushchenko","year":"2020","unstructured":"Andriushchenko, M., Croce, F., Flammarion, N., Hein, M.: Square attack: a query-efficient black-box adversarial attack via random search. In: Vedaldi, A., Bischof, H., Brox, T., Frahm, J.-M. (eds.) ECCV 2020. LNCS, vol. 12368, pp. 484\u2013501. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-58592-1_29"},{"key":"12_CR3","first-page":"16048","volume":"33","author":"M Andriushchenko","year":"2020","unstructured":"Andriushchenko, M., Flammarion, N.: Understanding and improving fast adversarial training. Adv. Neural. Inf. Process. Syst. 33, 16048\u201316059 (2020)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"12_CR4","doi-asserted-by":"crossref","unstructured":"Cai, Q.Z., Du, M., Liu, C., Song, D.: Curriculum adversarial training. arXiv preprint arXiv:1805.04807 (2018)","DOI":"10.24963\/ijcai.2018\/520"},{"key":"12_CR5","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1613\/jair.953","volume":"16","author":"NV Chawla","year":"2002","unstructured":"Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: Smote: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321\u2013357 (2002)","journal-title":"J. Artif. Intell. Res."},{"key":"12_CR6","unstructured":"Demontis, A., et al.: Why do adversarial attacks transfer? Explaining transferability of evasion and poisoning attacks. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 321\u2013338 (2019)"},{"key":"12_CR7","doi-asserted-by":"crossref","unstructured":"Dong, Y., Pang, T., Su, H., Zhu, J.: Evading defenses to transferable adversarial examples by translation-invariant attacks. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 4312\u20134321 (2019)","DOI":"10.1109\/CVPR.2019.00444"},{"key":"12_CR8","doi-asserted-by":"crossref","unstructured":"Eykholt, K., et al.: Robust physical-world attacks on deep learning visual classification. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1625\u20131634 (2018)","DOI":"10.1109\/CVPR.2018.00175"},{"key":"12_CR9","doi-asserted-by":"crossref","unstructured":"Frid-Adar, M., Klang, E., Amitai, M., Goldberger, J., Greenspan, H.: Synthetic data augmentation using GAN for improved liver lesion classification. In: 2018 IEEE 15th International Symposium on Biomedical Imaging (ISBI 2018), pp. 289\u2013293. IEEE (2018)","DOI":"10.1109\/ISBI.2018.8363576"},{"key":"12_CR10","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)"},{"key":"12_CR11","doi-asserted-by":"crossref","unstructured":"Gr\u00f6ndahl, T., Pajola, L., Juuti, M., Conti, M., Asokan, N.: All you need is \u201clove\u201d evading hate speech detection. In: Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security, pp. 2\u201312 (2018)","DOI":"10.1145\/3270101.3270103"},{"key":"12_CR12","doi-asserted-by":"publisher","first-page":"1749","DOI":"10.1109\/TIFS.2023.3251842","volume":"18","author":"K Grosse","year":"2023","unstructured":"Grosse, K., Bieringer, L., Besold, T.R., Biggio, B., Krombholz, K.: Machine learning security in industry: a quantitative survey. IEEE Trans. Inf. Forensics Secur. 18, 1749\u20131762 (2023)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"12_CR13","unstructured":"Gu, J., et al.: A survey on transferability of adversarial examples across deep neural networks. arXiv preprint arXiv:2310.17626 (2023)"},{"key":"12_CR14","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770\u2013778 (2016)","DOI":"10.1109\/CVPR.2016.90"},{"key":"12_CR15","unstructured":"Krizhevsky, A.: One weird trick for parallelizing convolutional neural networks. arXiv preprint arXiv:1404.5997 (2014)"},{"key":"12_CR16","doi-asserted-by":"crossref","unstructured":"Kurakin, A., Goodfellow, I.J., Bengio, S.: Adversarial examples in the physical world. In: Artificial Intelligence Safety and Security, pp. 99\u2013112. Chapman and Hall\/CRC (2018)","DOI":"10.1201\/9781351251389-8"},{"key":"12_CR17","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103134","volume":"128","author":"X Ling","year":"2023","unstructured":"Ling, X., et al.: Adversarial attacks against windows PE malware detection: a survey of the state-of-the-art. Comput. Secur. 128, 103134 (2023)","journal-title":"Comput. Secur."},{"key":"12_CR18","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017)"},{"key":"12_CR19","doi-asserted-by":"crossref","unstructured":"Marchiori, F., Conti, M.: Canederli: on the impact of adversarial training and transferability on can intrusion detection systems. In: Proceedings of the 2024 ACM Workshop on Wireless Security and Machine Learning, pp. 8\u201313 (2024)","DOI":"10.1145\/3649403.3656486"},{"key":"12_CR20","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli, S.M., Fawzi, A., Frossard, P.: Deepfool: a simple and accurate method to fool deep neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2574\u20132582 (2016)","DOI":"10.1109\/CVPR.2016.282"},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"Sharif, M., Bhagavatula, S., Bauer, L., Reiter, M.K.: Accessorize to a crime: real and stealthy attacks on state-of-the-art face recognition. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1528\u20131540 (2016)","DOI":"10.1145\/2976749.2978392"},{"key":"12_CR22","unstructured":"Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)"},{"key":"12_CR23","unstructured":"Tram\u00e8r, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., McDaniel, P.: Ensemble adversarial training: attacks and defenses. arXiv preprint arXiv:1705.07204 (2017)"},{"key":"12_CR24","unstructured":"Tsipras, D., Santurkar, S., Engstrom, L., Turner, A., Madry, A.: Robustness may be at odds with accuracy. arXiv preprint arXiv:1805.12152 (2018)"},{"key":"12_CR25","doi-asserted-by":"crossref","unstructured":"Wang, X., He, X., Wang, J., He, K.: Admix: enhancing the transferability of adversarial attacks. In: Proceedings of the IEEE\/CVF International Conference on Computer Vision, pp. 16158\u201316167 (2021)","DOI":"10.1109\/ICCV48922.2021.01585"},{"key":"12_CR26","unstructured":"Wang, Y., Zou, D., Yi, J., Bailey, J., Ma, X., Gu, Q.: Improving adversarial robustness requires revisiting misclassified examples. In: International Conference on Learning Representations (2019)"},{"key":"12_CR27","unstructured":"Yu, W., Gu, J., Li, Z., Torr, P.: Reliable evaluation of adversarial transferability. arXiv preprint arXiv:2306.08565 (2023)"},{"key":"12_CR28","unstructured":"Zhang, H., Yu, Y., Jiao, J., Xing, E., El\u00a0Ghaoui, L., Jordan, M.: Theoretically principled trade-off between robustness and accuracy. In: International Conference on Machine Learning, pp. 7472\u20137482. PMLR (2019)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-07884-1_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T16:22:45Z","timestamp":1760286165000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-07884-1_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,13]]},"ISBN":["9783032078834","9783032078841"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-07884-1_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,13]]},"assertion":[{"value":"13 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toulouse","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.esorics2025.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}