{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,27]],"date-time":"2026-04-27T11:45:15Z","timestamp":1777290315426,"version":"3.51.4"},"publisher-location":"Berlin, Heidelberg","reference-count":26,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642387081","type":"print"},{"value":"9783642387098","type":"electronic"}],"license":[{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-40994-3_25","type":"book-chapter","created":{"date-parts":[[2013,8,28]],"date-time":"2013-08-28T13:07:10Z","timestamp":1377695230000},"page":"387-402","source":"Crossref","is-referenced-by-count":864,"title":["Evasion Attacks against Machine Learning at Test Time"],"prefix":"10.1007","author":[{"given":"Battista","family":"Biggio","sequence":"first","affiliation":[]},{"given":"Igino","family":"Corona","sequence":"additional","affiliation":[]},{"given":"Davide","family":"Maiorca","sequence":"additional","affiliation":[]},{"given":"Blaine","family":"Nelson","sequence":"additional","affiliation":[]},{"given":"Nedim","family":"\u0160rndi\u0107","sequence":"additional","affiliation":[]},{"given":"Pavel","family":"Laskov","sequence":"additional","affiliation":[]},{"given":"Giorgio","family":"Giacinto","sequence":"additional","affiliation":[]},{"given":"Fabio","family":"Roli","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"25_CR1","unstructured":"Adobe: PDF Reference, sixth edn. version 1.7"},{"key":"25_CR2","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1145\/1128817.1128824","volume-title":"ASIACCS 2006: Proc. of the 2006 ACM Symp. on Information, Computer and Comm. Security","author":"M. Barreno","year":"2006","unstructured":"Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.D.: Can machine learning be secure? In: ASIACCS 2006: Proc. of the 2006 ACM Symp. on Information, Computer and Comm. Security, pp. 16\u201325. ACM, New York (2006)"},{"issue":"1","key":"25_CR3","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/s13042-010-0007-7","volume":"1","author":"B. Biggio","year":"2010","unstructured":"Biggio, B., Fumera, G., Roli, F.: Multiple classifier systems for robust classifier design in adversarial environments. Int\u2019l J. of Machine Learning and Cybernetics\u00a01(1), 27\u201341 (2010)","journal-title":"Int\u2019l J. of Machine Learning and Cybernetics"},{"key":"25_CR4","doi-asserted-by":"crossref","unstructured":"Biggio, B., Fumera, G., Roli, F.: Design of robust classifiers for adversarial environments. In: IEEE Int\u2019l Conf. on Systems, Man, and Cybernetics (SMC), pp. 977\u2013982 (2011)","DOI":"10.1109\/ICSMC.2011.6083796"},{"issue":"PrePrints","key":"25_CR5","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/TKDE.2013.57","volume":"99","author":"B. Biggio","year":"2013","unstructured":"Biggio, B., Fumera, G., Roli, F.: Security evaluation of pattern classifiers under attack. IEEE Trans. on Knowl. and Data Eng.\u00a099(PrePrints), 1 (2013)","journal-title":"IEEE Trans. on Knowl. and Data Eng."},{"key":"25_CR6","unstructured":"Biggio, B., Nelson, B., Laskov, P.: Poisoning attacks against support vector machines. In: Langford, J., Pineau, J. (eds.) 29th Int\u2019l Conf. on Mach. Learn. (2012)"},{"key":"25_CR7","doi-asserted-by":"crossref","unstructured":"Br\u00fcckner, M., Scheffer, T.: Stackelberg games for adversarial prediction problems. In: Knowl. Disc. and D. Mining (KDD), pp. 547\u2013555 (2011)","DOI":"10.1145\/2020408.2020495"},{"key":"25_CR8","first-page":"2617","volume":"13","author":"M. Br\u00fcckner","year":"2012","unstructured":"Br\u00fcckner, M., Kanzow, C., Scheffer, T.: Static prediction games for adversarial learning problems. J. Mach. Learn. Res.\u00a013, 2617\u20132654 (2012)","journal-title":"J. Mach. Learn. Res."},{"key":"25_CR9","doi-asserted-by":"crossref","unstructured":"Dalvi, N., Domingos, P., Mausam, S.S., Verma, D.: Adversarial classification. In: 10th ACM SIGKDD Int\u2019l Conf. on Knowl. Discovery and Data Mining (KDD), pp. 99\u2013108 (2004)","DOI":"10.1145\/1014052.1014066"},{"key":"25_CR10","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/s10994-009-5124-8","volume":"81","author":"O. Dekel","year":"2010","unstructured":"Dekel, O., Shamir, O., Xiao, L.: Learning to classify with missing and corrupted features. Mach. Learn.\u00a081, 149\u2013178 (2010)","journal-title":"Mach. Learn."},{"key":"25_CR11","unstructured":"Fogla, P., Sharif, M., Perdisci, R., Kolesnikov, O., Lee, W.: Polymorphic blending attacks. In: Proc. 15th Conf. on USENIX Sec. Symp. USENIX Association, CA (2006)"},{"key":"25_CR12","doi-asserted-by":"crossref","unstructured":"Globerson, A., Roweis, S.T.: Nightmare at test time: robust learning by feature deletion. In: Cohen, W.W., Moore, A. (eds.) Proc. of the 23rd Int\u2019l Conf. on Mach. Learn., vol.\u00a0148, pp. 353\u2013360. ACM (2006)","DOI":"10.1145\/1143844.1143889"},{"key":"25_CR13","doi-asserted-by":"crossref","unstructured":"Golland, P.: Discriminative direction for kernel classifiers. In: Neu. Inf. Proc. Syst (NIPS), pp. 745\u2013752 (2002)","DOI":"10.7551\/mitpress\/1120.003.0100"},{"key":"25_CR14","doi-asserted-by":"crossref","unstructured":"Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B., Tygar, J.D.: Adversarial machine learning. In: 4th ACM Workshop on Art. Int. and Sec (AISec 2011), Chicago, IL, USA, pp. 43\u201357 (2011)","DOI":"10.1145\/2046684.2046692"},{"key":"25_CR15","unstructured":"Kloft, M., Laskov, P.: Online anomaly detection under adversarial impact. In: Proc. of the 13th Int\u2019l Conf. on Art. Int. and Stats (AISTATS), pp. 405\u2013412 (2010)"},{"key":"25_CR16","unstructured":"Kolcz, A., Teo, C.H.: Feature weighting for improved classifier robustness. In: Sixth Conf. on Email and Anti-Spam (CEAS), Mountain View, CA, USA (2009)"},{"key":"25_CR17","first-page":"1","volume-title":"AISec 2009: Proc. of the 2nd ACM Works. on Sec. and Art. Int.","author":"P. Laskov","year":"2009","unstructured":"Laskov, P., Kloft, M.: A framework for quantitative security analysis of machine learning. In: AISec 2009: Proc. of the 2nd ACM Works. on Sec. and Art. Int., pp. 1\u20134. ACM, New York (2009)"},{"key":"25_CR18","unstructured":"LeCun, Y., Jackel, L., Bottou, L., Brunot, A., Cortes, C., Denker, J., Drucker, H., Guyon, I., M\u00fcller, U., S\u00e4ckinger, E., Simard, P., Vapnik, V.: Comparison of learning algorithms for handwritten digit recognition. In: Int\u2019l Conf. on Art. Neu. Net., pp. 53\u201360 (1995)"},{"key":"25_CR19","doi-asserted-by":"crossref","unstructured":"Lowd, D., Meek, C.: Adversarial learning. In: Press, A. (ed.) Proc. of the Eleventh ACM SIGKDD Int\u2019l Conf. on Knowl. Disc. and D. Mining (KDD), Chicago, IL, pp. 641\u2013647 (2005)","DOI":"10.1145\/1081870.1081950"},{"key":"25_CR20","doi-asserted-by":"crossref","unstructured":"Maiorca, D., Giacinto, G., Corona, I.: A pattern recognition system for malicious pdf files detection. In: MLDM, pp. 510\u2013524 (2012)","DOI":"10.1007\/978-3-642-31537-4_40"},{"key":"25_CR21","first-page":"1","volume-title":"LEET 2008: Proc. of the 1st USENIX Work. on L.-S. Exp. and Emerg. Threats","author":"B. Nelson","year":"2008","unstructured":"Nelson, B., Barreno, M., Chi, F.J., Joseph, A.D., Rubinstein, B.I.P., Saini, U., Sutton, C., Tygar, J.D., Xia, K.: Exploiting machine learning to subvert your spam filter. In: LEET 2008: Proc. of the 1st USENIX Work. on L.-S. Exp. and Emerg. Threats, pp. 1\u20139. USENIX Association, Berkeley (2008)"},{"key":"25_CR22","first-page":"1293","volume":"13","author":"B. Nelson","year":"2012","unstructured":"Nelson, B., Rubinstein, B.I., Huang, L., Joseph, A.D., Lee, S.J., Rao, S., Tygar, J.D.: Query strategies for evading convex-inducing classifiers. J. Mach. Learn. Res.\u00a013, 1293\u20131332 (2012)","journal-title":"J. Mach. Learn. Res."},{"key":"25_CR23","unstructured":"Platt, J.: Probabilistic outputs for support vector machines and comparison to regularized likelihood methods. In: Smola, A., Bartlett, P., Sch\u00f6lkopf, B., Schuurmans, D. (eds.) Adv. in L. M. Class, pp. 61\u201374 (2000)"},{"key":"25_CR24","doi-asserted-by":"crossref","unstructured":"Smutz, C., Stavrou, A.: Malicious pdf detection using metadata and structural features. In: Proc. of the 28th Annual Comp. Sec. App. Conf., pp. 239\u2013248 (2012)","DOI":"10.1145\/2420950.2420987"},{"key":"25_CR25","unstructured":"\u0160rndi\u0107, N., Laskov, P.: Detection of malicious pdf files based on hierarchical document structure. In: Proc. 20th Annual Net. & Dist. Sys. Sec. Symp. (2013)"},{"key":"25_CR26","unstructured":"Young, R.: 2010 IBM X-force mid-year trend & risk report. Tech. rep., IBM (2010)"}],"container-title":["Lecture Notes in Computer Science","Advanced Information Systems Engineering"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-40994-3_25","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,17]],"date-time":"2024-05-17T10:33:20Z","timestamp":1715942000000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-40994-3_25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642387081","9783642387098"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-40994-3_25","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013]]}}}