{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T10:54:35Z","timestamp":1742986475427,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":47,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819997848"},{"type":"electronic","value":"9789819997855"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-981-99-9785-5_7","type":"book-chapter","created":{"date-parts":[[2024,2,3]],"date-time":"2024-02-03T18:02:05Z","timestamp":1706983325000},"page":"81-97","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["DFaP: Data Filtering and\u00a0Purification Against Backdoor Attacks"],"prefix":"10.1007","author":[{"given":"Haochen","family":"Wang","sequence":"first","affiliation":[]},{"given":"Tianshi","family":"Mu","sequence":"additional","affiliation":[]},{"given":"Guocong","family":"Feng","sequence":"additional","affiliation":[]},{"given":"ShangBo","family":"Wu","sequence":"additional","affiliation":[]},{"given":"Yuanzhang","family":"Li","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,2,4]]},"reference":[{"key":"7_CR1","doi-asserted-by":"crossref","unstructured":"Chen, C., Seff, A., Kornhauser, A., et al.: DeepDriving: learning affordance for direct perception in autonomous driving. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 2722\u20132730 (2015)","DOI":"10.1109\/ICCV.2015.312"},{"key":"7_CR2","doi-asserted-by":"crossref","unstructured":"Tian, Y., Pei, K., Jana, S., et al.: DeepTest: automated testing of deep-neural-network-driven autonomous cars. In: Proceedings of the 40th International Conference on Software Engineering, pp. 303\u2013314 (2018)","DOI":"10.1145\/3180155.3180220"},{"issue":"2","key":"7_CR3","doi-asserted-by":"publisher","first-page":"1662","DOI":"10.1109\/LRA.2021.3059628","volume":"6","author":"C Jung","year":"2021","unstructured":"Jung, C., Shim, D.H.: Incorporating multi-context into the traversability map for urban autonomous driving using deep inverse reinforcement learning. IEEE Robot. Autom. Lett. 6(2), 1662\u20131669 (2021)","journal-title":"IEEE Robot. Autom. Lett."},{"key":"7_CR4","unstructured":"Redmon, J., Farhadi, A.: Yolov3: an incremental improvement. arXiv preprint arXiv:1804.02767 (2018)"},{"key":"7_CR5","doi-asserted-by":"crossref","unstructured":"Guo, J., Han, K., Wang, Y., et al.: Distilling object detectors via decoupled features. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 2154\u20132164 (2021)","DOI":"10.1109\/CVPR46437.2021.00219"},{"key":"7_CR6","unstructured":"Devlin, J., Chang, M.W., Lee, K., et al.: Bert: pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018)"},{"key":"7_CR7","doi-asserted-by":"crossref","unstructured":"Xie, W., Feng, Y., Gu, S., et al.: Importance-based neuron allocation for multilingual neural machine translation. arXiv preprint arXiv:2107.06569 (2021)","DOI":"10.18653\/v1\/2021.acl-long.445"},{"key":"7_CR8","unstructured":"Gao, Y., Doan, B.G., Zhang, Z., et al.: Backdoor attacks and countermeasures on deep learning: a comprehensive review. arXiv preprint arXiv:2007.10760 (2020)"},{"key":"7_CR9","unstructured":"Gu, T., Dolan-Gavitt, B., Garg, S.: BadNets: identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017)"},{"key":"7_CR10","unstructured":"Turner, A., Tsipras, D., Madry, A.: Label-Consistent Backdoor Attacks. stat 1050, 6 (2019)"},{"issue":"5","key":"7_CR11","first-page":"2088","volume":"18","author":"S Li","year":"2020","unstructured":"Li, S., Xue, M., Zhao, B.Z.H., et al.: Invisible backdoor attacks on deep neural networks via steganography and regularization. IEEE Trans. Dependable Secure Comput. 18(5), 2088\u20132105 (2020)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"7_CR12","unstructured":"Wang, T., Yao, Y., Xu, F., et al.: Backdoor attack through frequency domain. arXiv preprint arXiv:2111.10991 (2021)"},{"key":"7_CR13","doi-asserted-by":"crossref","unstructured":"Pang, R., Zhang, Z., Gao, X., et al.: TROJANZOO: towards unified, holistic, and practical evaluation of neural backdoors. In:2022 IEEE 7th European Symposium on Security and Privacy (EuroS &P), pp. 684\u2013702. IEEE (2022)","DOI":"10.1109\/EuroSP53844.2022.00048"},{"key":"7_CR14","doi-asserted-by":"crossref","unstructured":"Chou, E., Tramer, F., Pellegrino, G.: SentiNet: detecting localized universal attacks against deep learning systems. In: 2020 IEEE Security and Privacy Workshops (SPW), pp. 48\u201354. IEEE (2020)","DOI":"10.1109\/SPW50608.2020.00025"},{"key":"7_CR15","doi-asserted-by":"crossref","unstructured":"Zhong, H., Liao, C., Squicciarini, A.C., et al.: Backdoor embedding in convolutional neural network models via invisible perturbation. In: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy, pp. 97\u2013108 (2020)","DOI":"10.1145\/3374664.3375751"},{"key":"7_CR16","unstructured":"Shafahi, A., Huang, W.R., Najibi, M., et al.: Poison frogs! targeted clean-label poisoning attacks on neural networks. In: Advances in Neural Information Processing Systems, 31 (2018)"},{"key":"7_CR17","unstructured":"Zhu, C., Huang, W.R., Li, H., et al.: Transferable clean-label poisoning attacks on deep neural nets. In: International Conference on Machine Learning. PMLR, pp. 7614\u20137623 (2019)"},{"key":"7_CR18","doi-asserted-by":"crossref","unstructured":"Barni, M., Kallas, K., Tondi, B.: A new backdoor attack in CNNs by training set corruption without label poisoning. In: 2019 IEEE International Conference on Image Processing (ICIP), pp. 101\u2013105. IEEE (2019)","DOI":"10.1109\/ICIP.2019.8802997"},{"key":"7_CR19","doi-asserted-by":"publisher","unstructured":"Quanxin, Z., Wencong, M.A., Yajie, W., et al.: Backdoor attacks on image classification models in deep neural networks. Chin. J. Electron. (2022). https:\/\/doi.org\/10.1049\/cje.2021.00.126","DOI":"10.1049\/cje.2021.00.126"},{"issue":"11","key":"7_CR20","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1145\/3422622","volume":"63","author":"I Goodfellow","year":"2020","unstructured":"Goodfellow, I., Pouget-Abadie, J., Mirza, M., et al.: Generative adversarial networks. Commun. ACM 63(11), 139\u2013144 (2020)","journal-title":"Commun. ACM"},{"key":"7_CR21","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)"},{"key":"7_CR22","doi-asserted-by":"publisher","unstructured":"Li, Y., Sha, T., Baker, T., et al.: Adaptive vertical federated learning via feature map transferring in mobile edge computing. Computing, 1\u201317 (2022). https:\/\/doi.org\/10.1007\/s00607-022-01117-x","DOI":"10.1007\/s00607-022-01117-x"},{"key":"7_CR23","doi-asserted-by":"crossref","unstructured":"Yang, J., Baker, T., Gill, S.S., et al.: A federated learning attack method based on edge collaboration via cloud. Softw. Pract. Exp. (2022)","DOI":"10.1002\/spe.3180"},{"issue":"1","key":"7_CR24","doi-asserted-by":"publisher","first-page":"151","DOI":"10.23919\/cje.2021.00.309","volume":"32","author":"J Zheng","year":"2023","unstructured":"Zheng, J., Zhang, Y., Li, Y., et al.: Towards evaluating the robustness of adversarial attacks against image scaling transformation. Chin. J. Electron. 32(1), 151\u2013158 (2023)","journal-title":"Chin. J. Electron."},{"key":"7_CR25","doi-asserted-by":"crossref","unstructured":"Liu, Y., Ma, S., Aafer, Y., et al.: Trojaning attack on neural networks. In: 25th Annual Network and Distributed System Security Symposium (NDSS 2018). Internet Soc (2018)","DOI":"10.14722\/ndss.2018.23291"},{"key":"7_CR26","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1016\/j.ins.2023.03.139","volume":"635","author":"Y Zhang","year":"2023","unstructured":"Zhang, Y., Tan, Y., Sun, H., et al.: Improving the invisibility of adversarial examples with perceptually adaptive perturbation. Inf. Sci. 635, 126\u2013137 (2023)","journal-title":"Inf. Sci."},{"issue":"12","key":"7_CR27","doi-asserted-by":"publisher","first-page":"11019","DOI":"10.1002\/int.23031","volume":"37","author":"Y Wang","year":"2022","unstructured":"Wang, Y., Tan, Y., Lyu, H., et al.: Toward feature space adversarial attack in the frequency domain. Int. J. Intell. Syst. 37(12), 11019\u201311036 (2022)","journal-title":"Int. J. Intell. Syst."},{"key":"7_CR28","doi-asserted-by":"crossref","unstructured":"Wang, B., Yao, Y., Shan, S., et al.: Neural cleanse: identifying and mitigating backdoor attacks in neural networks. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 707\u2013723. IEEE (2019)","DOI":"10.1109\/SP.2019.00031"},{"key":"7_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-030-00470-5_13","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"K Liu","year":"2018","unstructured":"Liu, K., Dolan-Gavitt, B., Garg, S.: Fine-Pruning: defending against backdooring attacks on deep neural networks. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 273\u2013294. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-00470-5_13"},{"key":"7_CR30","unstructured":"Li, Y., Lyu, X., Koren, N., et al.: Neural attention distillation: erasing backdoor triggers from deep neural networks. arXiv preprint arXiv:2101.05930 (2021)"},{"key":"7_CR31","unstructured":"Zeng, Y., Chen, S., Park, W., et al.: Adversarial unlearning of backdoors via implicit hypergradient. In: International Conference on Learning Representations"},{"key":"7_CR32","unstructured":"Tran, B., Li, J., Madry, A.: Spectral signatures in backdoor attacks. In: Advances in Neural Information Processing Systems, 31 (2018)"},{"key":"7_CR33","unstructured":"Hayase, J., Kong, W., Somani, R., et al.: SPECTRE: defending against backdoor attacks using robust statistics. In: International Conference on Machine Learning, pp. 4129\u20134139. PMLR (2021)"},{"key":"7_CR34","doi-asserted-by":"crossref","unstructured":"Gao, Y., Xu, C., Wang, D., et al.: STRIP: a defence against trojan attacks on deep neural networks. In: Proceedings of the 35th Annual Computer Security Applications Conference, pp. 113\u2013125 (2019)","DOI":"10.1145\/3359789.3359790"},{"issue":"11","key":"7_CR35","doi-asserted-by":"publisher","first-page":"9290","DOI":"10.1002\/int.22992","volume":"37","author":"J Yang","year":"2022","unstructured":"Yang, J., Zheng, J., Zhang, Z., et al.: Security of federated learning for cloud-edge intelligence collaborative computing. Int. J. Intell. Syst. 37(11), 9290\u20139308 (2022)","journal-title":"Int. J. Intell. Syst."},{"key":"7_CR36","doi-asserted-by":"crossref","unstructured":"Doan, B.G., Abbasnejad, E., Ranasinghe, D.C.. Februus: input purification defense against trojan attacks on deep neural network systems. In: Annual Computer Security Applications Conference, pp. 897\u2013912 (2020)","DOI":"10.1145\/3427228.3427264"},{"key":"7_CR37","unstructured":"Tang, D., Wang, X.F., Tang, H., et al.: Demon in the variant: statistical analysis of DNNs for robust backdoor contamination detection. In: USENIX Security Symposium, pp. 1541\u20131558 (2021)"},{"key":"7_CR38","doi-asserted-by":"crossref","unstructured":"Selvaraju, R.R., Cogswell, M., Das, A., et al.: Grad-cam: visual explanations from deep networks via gradient-based localization. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 618\u2013626 (2017)","DOI":"10.1109\/ICCV.2017.74"},{"issue":"1","key":"7_CR39","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1080\/10867651.2004.10487596","volume":"9","author":"A Telea","year":"2004","unstructured":"Telea, A.: An image inpainting technique based on the fast marching method. J. Graph. Tools 9(1), 23\u201334 (2004)","journal-title":"J. Graph. Tools"},{"key":"7_CR40","unstructured":"Batson, J., Royer, L.. Noise2self: blind denoising by self-supervision. In: International Conference on Machine Learning. PMLR, pp. 524\u2013533 (2019)"},{"key":"7_CR41","doi-asserted-by":"crossref","unstructured":"Stallkamp, J., Schlipsing, M., Salmen, J., et al.: Man vs. computer: benchmarking machine learning algorithms for traffic sign recognition. Neural Netw. 32, 323\u2013332 (2012)","DOI":"10.1016\/j.neunet.2012.02.016"},{"key":"7_CR42","unstructured":"Krizhevsky, A., Hinton, G.: Learning multiple layers of features from tiny images (2009)"},{"key":"7_CR43","doi-asserted-by":"crossref","unstructured":"Deng, J., Dong, W., Socher, R., et al.: ImageNet: a large-scale hierarchical image database. In: 2009 IEEE Conference on Computer Vision and Pattern Recognition, pp. 248\u2013255. IEEE (2009)","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"7_CR44","unstructured":"Krizhevsky, A., Hinton, G.: Learning multiple layers of features from tiny images (2009)"},{"key":"7_CR45","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., et al.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770\u2013778 (2016)","DOI":"10.1109\/CVPR.2016.90"},{"key":"7_CR46","unstructured":"Guo, W., Wang, L., Xing, X., et al.: TABOR: a highly accurate approach to inspecting and restoring trojan backdoors in AI systems. arXiv e-prints (2019). arXiv: 1908.01763"},{"key":"7_CR47","doi-asserted-by":"crossref","unstructured":"Subramanya, A., Pillai, V., Pirsiavash, H.: Fooling network interpretation in image classification. In: Proceedings of the IEEE\/CVF International Conference on Computer Vision, pp. 2020\u20132029 (2019)","DOI":"10.1109\/ICCV.2019.00211"}],"container-title":["Lecture Notes in Computer Science","Artificial Intelligence Security and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-99-9785-5_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,3]],"date-time":"2024-02-03T18:09:52Z","timestamp":1706983792000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-99-9785-5_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9789819997848","9789819997855"],"references-count":47,"URL":"https:\/\/doi.org\/10.1007\/978-981-99-9785-5_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"4 February 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"AIS&P","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Artificial Intelligence Security and Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guangzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ais&p2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/aisp2023","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"115","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"40","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23 large model and security workshop papers","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}