{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T03:17:38Z","timestamp":1740107858343,"version":"3.37.3"},"reference-count":49,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2023,10,17]],"date-time":"2023-10-17T00:00:00Z","timestamp":1697500800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,10,17]],"date-time":"2023-10-17T00:00:00Z","timestamp":1697500800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"name":"Zhejiang Provincial Natural Science Foundation of China","award":["LZ22F020007","LZ22F020007"],"award-info":[{"award-number":["LZ22F020007","LZ22F020007"]}]},{"name":"Zhejiang Provincial Natural Science Foundation of China","award":["LZ22F020007","LZ22F020007"],"award-info":[{"award-number":["LZ22F020007","LZ22F020007"]}]},{"DOI":"10.13039\/501100012166","name":"National Key R &D Program of China","doi-asserted-by":"crossref","award":["2018YFB2100400","2018YFB2100400"],"award-info":[{"award-number":["2018YFB2100400","2018YFB2100400"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100001809","name":"Natural Science Foundation of China","doi-asserted-by":"crossref","award":["11701514"],"award-info":[{"award-number":["11701514"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Major Research Plan of the National Natural Science Foundation of China","award":["92167203"],"award-info":[{"award-number":["92167203"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Multimedia Systems"],"published-print":{"date-parts":[[2023,12]]},"DOI":"10.1007\/s00530-023-01193-9","type":"journal-article","created":{"date-parts":[[2023,10,17]],"date-time":"2023-10-17T18:02:02Z","timestamp":1697565722000},"page":"3277-3290","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Adversarial training in logit space against tiny perturbations"],"prefix":"10.1007","volume":"29","author":[{"given":"Xiaohui","family":"Guan","sequence":"first","affiliation":[]},{"given":"Qiqi","family":"Shao","sequence":"additional","affiliation":[]},{"given":"Yaguan","family":"Qian","sequence":"additional","affiliation":[]},{"given":"Tengteng","family":"Yao","sequence":"additional","affiliation":[]},{"given":"Bin","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,10,17]]},"reference":[{"key":"1193_CR1","doi-asserted-by":"crossref","unstructured":"Wu, M., Chen, L.: Image recognition based on deep learning. In: 2015 Chinese Automation Congress, pp. 542\u2013546 (2015)","DOI":"10.1109\/CAC.2015.7382560"},{"key":"1193_CR2","doi-asserted-by":"crossref","unstructured":"Noda, K., Yamaguchi, Y., Nakadai, K., Okuno, H.G., Ogata, T.: Audio-visual speech recognition using deep learning. Appl. Intell. (2015)","DOI":"10.1007\/s10489-014-0629-7"},{"key":"1193_CR3","doi-asserted-by":"crossref","unstructured":"Collobert, R., Weston, J.: A unified architecture for natural language processing: deep neural networks with multitask learning. In: Proceedings of the 25th International Conference on Machine Learning, pp. 160\u2013167 (2008)","DOI":"10.1145\/1390156.1390177"},{"key":"1193_CR4","doi-asserted-by":"crossref","unstructured":"Eykholt, K., Evtimov, I., Fernandes, E., Li, B., Rahmati, A., Xiao, C., Prakash, A., Kohno, T., Song, D.: Robust physical-world attacks on deep learning visual classification. In: The IEEE Conference on Computer Vision and Pattern Recognition (2018)","DOI":"10.1109\/CVPR.2018.00175"},{"key":"1193_CR5","doi-asserted-by":"crossref","unstructured":"Boloor, A., He, X., Gill, C., Yevgeniy, V., Xuan, Z.: Simple physical adversarial examples against end-to-end autonomous driving models. In: The IEEE International Conference on Embedded Software and Systems (ICESS) (2019)","DOI":"10.1109\/ICESS.2019.8782514"},{"key":"1193_CR6","doi-asserted-by":"crossref","unstructured":"Meng, D., Hao, C.: Magnet: a two-pronged defense against adversarial examples. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (2017)","DOI":"10.1145\/3133956.3134057"},{"key":"1193_CR7","unstructured":"Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., Fergus, R.: Simple physical adversarial examples against end-to-end autonomous driving models, intriguing properties of neural networks (2013)"},{"key":"1193_CR8","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Xi, W., Jha, S., Swami, A.: Distillation as a defense to adversarial perturbations against deep neural networks. In: IEEE Symposium on Security and Privacy (SP), pp. 582\u2013597 (2016)","DOI":"10.1109\/SP.2016.41"},{"key":"1193_CR9","unstructured":"Shafahi, A., Najibi, M., Ghiasi, A., Xu, Z., Dickerson, J., Studer, C., Davis, L.S., Taylor, G., Goldstein, T.: Adversarial training for free!. In: Advances in Neural Information Processing Systems, pp. 3353\u20133364 (2019)"},{"key":"1193_CR10","unstructured":"Tsipras, D., Santurkar, S., Engstrom, L., Turner, A., Madry, A.: Robustness may be at odds with accuracy. In: International Conference on Learning Representations (ICLR) (2019)"},{"key":"1193_CR11","unstructured":"Ilyas, A., Santurkar, S., Tsipras, D., Engstrom, L., Tran, B., Madry, A.: Adversarial examples are not bugs. They are features. In: Neural Information Processing Systems (NIPS) (2019)"},{"key":"1193_CR12","doi-asserted-by":"crossref","unstructured":"Xie, C., Wu, Y., van der Maaten, L., Yuille, A.L., He, K.: Feature denoising for improving adversarial robustness. In: The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) (2019)","DOI":"10.1109\/CVPR.2019.00059"},{"key":"1193_CR13","doi-asserted-by":"crossref","unstructured":"Mae, X., Niu, Y., Gu, L., Wang, Y., Zhao, Y., Bailey, J., Lu, F.: Understanding adversarial attacks on deep learning based medical image analysis systems. Pattern Recogn. (2021)","DOI":"10.1016\/j.patcog.2020.107332"},{"key":"1193_CR14","unstructured":"Mengting, X., Zhang, T., Li, Z., Liu, M., Zhang, D.: Towards evaluating the robustness of deep diagnostic models by adversarial attack. Med. Image Anal. (2021)"},{"key":"1193_CR15","unstructured":"Wong, E., Rice, L., Kolter, J.Z.: Fast is better than free :revisiting adversarial training. In: International Conference on Learning Representations (ICLR) (2020)"},{"key":"1193_CR16","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: International Conference on Learning Representations (ICLR) (2015)"},{"key":"1193_CR17","doi-asserted-by":"crossref","unstructured":"Kurakin, A., Goodfellow, I.J., Bengio, S.: Adversarial examples in the physical world. In: International Conference on Learning Representations (ICLR) (2017)","DOI":"10.1201\/9781351251389-8"},{"key":"1193_CR18","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. [Online] arXiv:1706.06083 (2017)"},{"key":"1193_CR19","doi-asserted-by":"crossref","unstructured":"Xu, W., Evans, D., Qi, Y.: Feature squeezing: detecting adversarial examples in deep neural networks. In: Network and Distributed System Security Symposium (NDSS) (2018)","DOI":"10.14722\/ndss.2018.23198"},{"key":"1193_CR20","doi-asserted-by":"crossref","unstructured":"Meng, D., Chen, H. Magnet: a two-pronged defense against adversarial examples. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 135\u2013147 (2017)","DOI":"10.1145\/3133956.3134057"},{"key":"1193_CR21","doi-asserted-by":"crossref","unstructured":"Lu, J., Issaranon, T., Forsyth, D.: SafetyNet: Detecting and rejecting adversarial examples robustly. In: Proceedings of 2017 IEEE International Conference on Computer Vision (ICCV) (2017)","DOI":"10.1109\/ICCV.2017.56"},{"key":"1193_CR22","unstructured":"Metzen, J.H., Genewein, T., Fischer, V., Bischoff, B.: On detecting adversarial perturbations. In: International Conference on Learning Representations (ICLR) (2017)"},{"key":"1193_CR23","unstructured":"Xin, L., Fuxin, L.: Adversarial examples detection in deep networks with convolutional filter statistics, [EB\/OL]. [2020-06-17]. arXiv:1612.07767 (2020)"},{"key":"1193_CR24","unstructured":"Grosse, K., Manoharan, P., Papernot, N., et al.: On the (statistical) detection of adversarial examples. arXiv:1702.06280 (2017)"},{"key":"1193_CR25","unstructured":"Athalye, A., Carlini, N., Wagner, D.: Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples. In: International Conference on Machine Learning (ICML) (2018)"},{"key":"1193_CR26","unstructured":"Kannan, H., Kurakin, A., Goodfellow, I.: Adversarial logit pairing. [Online] arxiv:1803.06373 (2018)"},{"key":"1193_CR27","unstructured":"Xie, C., Wang, J., Zhang, Z., Ren, Z., Yuille, A.: Mitigating adversarial effects through randomization. [Online] arXiv:1711.01991 (2017)"},{"key":"1193_CR28","unstructured":"Lin, J., Gan, C., Han, S.: Defensive quantization: when efficiency meets robustness. In: International Conference on Learning Representations (ICLR) (2019)"},{"key":"1193_CR29","unstructured":"Buckman, J., Ro, A., Raffel, C., Goodfellow, I.: Thermometer encoding: one hot way to resist adversarial examples. In: International Conference on Learning Representations (ICLR) (2018)"},{"key":"1193_CR30","unstructured":"Song, Y., Kim, T., Nowozin, S., Ermon, S., Kushman N.: Pixeldefend: leveraging generative models to understand and defend against adversarial examples. [Online] arXiv:1710.10766 (2017)"},{"key":"1193_CR31","unstructured":"Ilyas, A., Jalal, A., Asterin, E., Daskalakis, C., Dimakis, A.G.: The robust manifold defense: adversarial training using generative models. [Online] arXiv:1712.09196 (2017)"},{"key":"1193_CR32","unstructured":"Qian, H., Wegman, M.N.: L2-nonexpansive neural networks. [Online] arXiv:1802.07896 (2018)"},{"key":"1193_CR33","doi-asserted-by":"crossref","unstructured":"Jakubovitz, D., Giryes, R.: Improving dnn robustness to adversarial attacks using Jacobian regularization. In: European Conference on Computer Vision (ECCV), pp. 514\u2013529 (2018)","DOI":"10.1007\/978-3-030-01258-8_32"},{"key":"1193_CR34","unstructured":"Shafahi, A., Najibi, M., Xu, Z., Dickerson, J., Davis, L.S., Goldstein, T.: Universal adversarial training. [Online] arXiv:1811.11304 (2018)"},{"key":"1193_CR35","unstructured":"Dhillon, G.S, Azizzadenesheli, K., Lipton, Z.C., Bernstein, J., Kossaifi, J., Khanna, A., Anandkumar, A.: Stochastic activation pruning for robust adversarial defense. [Online] arXiv:1803.01442 (2018)"},{"key":"1193_CR36","doi-asserted-by":"crossref","unstructured":"Baluja, S., Fischer, I.: Learning to generate adversarial examples. In: AAAI, Adversarial Transformation Networks (2018)","DOI":"10.1609\/aaai.v32i1.11672"},{"key":"1193_CR37","doi-asserted-by":"crossref","unstructured":"Poursaeed, O., Katsman, I., Gao, B., Belongie, S.: Generative adversarial perturbations. In: The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) (2018)","DOI":"10.1109\/CVPR.2018.00465"},{"key":"1193_CR38","doi-asserted-by":"crossref","unstructured":"Xiao, C.W., Li, B., Zhu, J.-Y., He, W., Liu, M., Song, D.: Generating adversarial examples with adversarial networks. In: International Joint Conference on Artificial Intelligence (IJCAI) (2018)","DOI":"10.24963\/ijcai.2018\/543"},{"key":"1193_CR39","unstructured":"Shafahi, A., Ghiasi, A., Huang, F., Goldstein, T.: Label smoothing and logit squeezing: a replacement for adversarial training?. In: International Conference on Learning Representations (ICLR) (2019)"},{"key":"1193_CR40","unstructured":"Mosbach, M., Andriushchenko, M., Trost, T., Hein, M., Klakow, D.: Logit pairing methods can fool gradient-based attacks. [online] arXiv:1810.12042 (2018)"},{"key":"1193_CR41","doi-asserted-by":"crossref","unstructured":"Jakubovitz, D. Giryes, R.: Improving dnn robustness to adversarial attacks using Jacobian regularization. In: European Conference on Computer Vision (ECCV), pp. 514\u2013529 (2018)","DOI":"10.1007\/978-3-030-01258-8_32"},{"key":"1193_CR42","unstructured":"Zhang, D., Zhang, T., Lu, Y., Zhu, Z., Dong, B.: You only propagate once: painless adversarial training using maximal principle. In: 33rd Conference on Neural Information Processing Systems (NeurIPS) (2019)"},{"key":"1193_CR43","unstructured":"Gilmer, J., Metz, L., Faghri, F., et al.: Adversarial spheres. In: International Conference on Learning Representations (ICLR) (2018)"},{"key":"1193_CR44","unstructured":"Shamir, A., Melamed, O., Benshmuel, O.: The dimpled manifold model of adversarial examples in machine learning. arXiv:2106.10151 (2021)"},{"key":"1193_CR45","unstructured":"Cayton, L.: Algorithms for manifold learning, University Ca San Diego, CA, USA, Technical report CS2008-0923 12, 1-17 (2005)"},{"key":"1193_CR46","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11263-007-0056-x","volume":"76","author":"GE Carlsson","year":"2008","unstructured":"Carlsson, G.E., Ishkhanov, T., de Silva, V., Zomorodian, A.: On the local behavior of spaces of natural images. Int. J. Comput. Vis. 76, 1\u201312 (2008)","journal-title":"Int. J. Comput. Vis."},{"key":"1193_CR47","doi-asserted-by":"publisher","first-page":"4804","DOI":"10.1109\/TIP.2020.2975918","volume":"29","author":"Y Zhang","year":"2020","unstructured":"Zhang, Y., Tian, X., Li, Y., Wang, X., Tao, D.: Principal component adversarial example. IEEE Trans. Image Process. 29, 4804\u20134815 (2020)","journal-title":"IEEE Trans. Image Process."},{"key":"1193_CR48","doi-asserted-by":"publisher","DOI":"10.1515\/9781400830244","volume-title":"Optimization Algorithms on Matrix Manifolds","author":"PA Absil","year":"2008","unstructured":"Absil, P.A., Mahony, R., Sepulchre, R.: Optimization Algorithms on Matrix Manifolds. Princeton University Press, Princeton (2008)"},{"key":"1193_CR49","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1109\/MSP.2017.2740965","volume":"34","author":"A Fawzi","year":"2017","unstructured":"Fawzi, A., Moosavi-Dezfooli, S.-M., Frossard, P.: The robustness of deep networks: a geometrical perspective. IEEE Signal Process. Mag. 34, 50\u201362 (2017)","journal-title":"IEEE Signal Process. Mag."}],"container-title":["Multimedia Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00530-023-01193-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00530-023-01193-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00530-023-01193-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,31]],"date-time":"2024-10-31T00:28:30Z","timestamp":1730334510000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00530-023-01193-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,17]]},"references-count":49,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2023,12]]}},"alternative-id":["1193"],"URL":"https:\/\/doi.org\/10.1007\/s00530-023-01193-9","relation":{},"ISSN":["0942-4962","1432-1882"],"issn-type":[{"type":"print","value":"0942-4962"},{"type":"electronic","value":"1432-1882"}],"subject":[],"published":{"date-parts":[[2023,10,17]]},"assertion":[{"value":"29 April 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 September 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 October 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}