{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,22]],"date-time":"2025-02-22T17:40:08Z","timestamp":1740246008569,"version":"3.37.3"},"reference-count":56,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2025,1,16]],"date-time":"2025-01-16T00:00:00Z","timestamp":1736985600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,16]],"date-time":"2025-01-16T00:00:00Z","timestamp":1736985600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100001866","name":"Fonds National de la Recherche Luxembourg","doi-asserted-by":"publisher","award":["13550291"],"award-info":[{"award-number":["13550291"]}],"id":[{"id":"10.13039\/501100001866","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Appl Intell"],"published-print":{"date-parts":[[2025,4]]},"DOI":"10.1007\/s10489-024-05974-1","type":"journal-article","created":{"date-parts":[[2025,1,16]],"date-time":"2025-01-16T05:16:42Z","timestamp":1737004602000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Fooling machine learning models: a novel out-of-distribution attack through generative adversarial networks"],"prefix":"10.1007","volume":"55","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5138-4014","authenticated-orcid":false,"given":"Hailong","family":"Hu","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4521-4112","authenticated-orcid":false,"given":"Jun","family":"Pang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,1,16]]},"reference":[{"key":"5974_CR1","unstructured":"Goodfellow I, Pouget-Abadie J, Mirza M, Xu B, Warde-Farley D, Ozair S, Courville A, Bengio Y (2014) Generative adversarial nets. In: Proceedings of annual conference on Neural Information Processing Systems (NeurIPS). Curran Associates, Inc., pp 2672\u20132680"},{"key":"5974_CR2","doi-asserted-by":"crossref","unstructured":"He K, Zhang X, Ren S, Sun J (2016) Deep residual learning for image recognition. In: Proceedings of IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR). IEEE, pp 770\u2013778","DOI":"10.1109\/CVPR.2016.90"},{"key":"5974_CR3","doi-asserted-by":"crossref","unstructured":"Huang G, Liu Z, Van Der\u00a0Maaten L, Weinberger KQ (2017) Densely connected convolutional networks. In: Proceedings of IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR). IEEE, pp 4700\u20134708","DOI":"10.1109\/CVPR.2017.243"},{"key":"5974_CR4","unstructured":"Devlin J, Chang M-W, Lee K, Toutanova K (2019) Bert: pre-training of deep bidirectional transformers for language understanding. In: Proceedings of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (NAACL), pp 4171\u20134186"},{"key":"5974_CR5","unstructured":"Brown T, Mann B, Ryder N, Subbiah M, Kaplan JD, Dhariwal P, Neelakantan A, Shyam P, Sastry G, Askell A, Agarwal S, Herbert-Voss A, Krueger G, Henighan T, Child R, Ramesh A, Ziegler D, Wu J, Winter C, Hesse C, Chen M, Sigler E, Litwin M, Gray S, Chess B, Clark J, Berner C, McCandlish S, Radford A, Sutskever I, Amodei D (2020) Language models are few-shot learners. In: Proceedings of annual conference on Neural Information Processing Systems (NeurIPS). Curran Associates, Inc., pp 1877\u20131901"},{"issue":"4","key":"5974_CR6","doi-asserted-by":"publisher","first-page":"1234","DOI":"10.1093\/bioinformatics\/btz682","volume":"36","author":"J Lee","year":"2020","unstructured":"Lee J, Yoon W, Kim S, Kim D, Kim S, So CH, Kang J (2020) BioBERT: a pre-trained biomedical language representation model for biomedical text mining. Bioinformatics 36(4):1234\u20131240","journal-title":"Bioinformatics"},{"key":"5974_CR7","unstructured":"Demontis A, Melis M, Pintor M, Jagielski M, Biggio B, Oprea A, Nita-Rotaru C, Roli F (2019) Why do adversarial attacks transfer? explaining transferability of evasion and poisoning attacks. In: Proceedings of USENIX security symposium (USENIX Security). USENIX Association, pp 321\u2013338"},{"key":"5974_CR8","doi-asserted-by":"crossref","unstructured":"Cao Y, Xiao C, Cyr B, Zhou Y, Park W, Rampazzi S, Chen QA, Fu K, Mao ZM (2019) Adversarial sensor attack on lidar-based perception in autonomous driving. In: Proceedings of ACM SIGSAC conference on Computer and Communications Security (CCS). ACM, pp 2267\u20132281","DOI":"10.1145\/3319535.3339815"},{"key":"5974_CR9","doi-asserted-by":"crossref","unstructured":"Ji Y, Zhang X, Ji S, Luo X, Wang T (2018) Model-reuse attacks on deep learning systems. In: Proceedings of ACM SIGSAC conference on Computer and Communications Security (CCS). ACM, pp 349\u2013363","DOI":"10.1145\/3243734.3243757"},{"key":"5974_CR10","doi-asserted-by":"crossref","unstructured":"Pang R, Shen H, Zhang X, Ji S, Vorobeychik Y, Luo X, Liu A, Wang T (2020) A tale of evil twins: adversarial inputs versus poisoned models. In: Proceedings of ACM SIGSAC conference on Computer and Communications Security (CCS). ACM, pp 85\u201399","DOI":"10.1145\/3372297.3417253"},{"key":"5974_CR11","doi-asserted-by":"crossref","unstructured":"Pei K, Cao Y, Yang J, Jana S (2017) Deepxplore: automated whitebox testing of deep learning systems. In: Proceedings of Symposium on Operating Systems Principles (SOSP). ACM, pp 1\u201318","DOI":"10.1145\/3132747.3132785"},{"key":"5974_CR12","unstructured":"Fang Z, Li Y, Lu J, Dong J, Han B, Liu F (2022) Is out-of-distribution detection learnable? In: Proceedings of annual conference on Neural Information Processing Systems (NeurIPS). Curran Associates, Inc"},{"key":"5974_CR13","doi-asserted-by":"crossref","unstructured":"Biggio B, Corona I, Maiorca D, Nelson B, \u0160rndi\u0107 N, Laskov P, Giacinto G, Roli F (2013) Evasion attacks against machine learning at test time. In: Proceedings of joint European Conference on Machine Learning and Knowledge Discovery in Databases (ECML\/PKDD). Springer, pp 387\u2013402","DOI":"10.1007\/978-3-642-40994-3_25"},{"key":"5974_CR14","unstructured":"Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I, Fergus R (2014) Intriguing properties of neural networks. In: Proceedings of International Conference on Learning Representations (ICLR)"},{"key":"5974_CR15","unstructured":"Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A (2018) Towards deep learning models resistant to adversarial attacks. In: Proceedings of International Conference on Learning Representations (ICLR)"},{"key":"5974_CR16","unstructured":"Brendel W, Rauber J, Bethge M (2018) Decision-based adversarial attacks: Reliable attacks against black-box machine learning models. In: Proceedings of International Conference on Learning Representations (ICLR)"},{"key":"5974_CR17","doi-asserted-by":"crossref","unstructured":"Chen J, Jordan MI, Wainwright MJ (2020) Hopskipjumpattack: a query-efficient decision-based attack. In: Proceedings of IEEE symposium on Security and Privacy (SP). IEEE, pp 1277\u20131294","DOI":"10.1109\/SP40000.2020.00045"},{"key":"5974_CR18","doi-asserted-by":"crossref","unstructured":"Nguyen A, Yosinski J, Clune J (2015) Deep neural networks are easily fooled: High confidence predictions for unrecognizable images. In: Proceedings of IEEE\/CVF conference on Computer Vision and Pattern Recognition (CVPR). IEEE, pp 427\u2013436","DOI":"10.1109\/CVPR.2015.7298640"},{"key":"5974_CR19","doi-asserted-by":"crossref","unstructured":"Hein M, Andriushchenko M, Bitterwolf J (2019) Why relu networks yield high-confidence predictions far away from the training data and how to mitigate the problem. In: Proceedings of IEEE\/CVF conference on Computer Vision and Pattern Recognition (CVPR). IEEE, pp 41\u201350","DOI":"10.1109\/CVPR.2019.00013"},{"key":"5974_CR20","unstructured":"Meinke A, Hein M (2020) Towards neural networks that provably know when they don\u2019t know. In: Proceedings of International Conference on Learning Representations (ICLR)"},{"key":"5974_CR21","unstructured":"Hendrycks D, Gimpel K (2017) A baseline for detecting misclassified and out-of-distribution examples in neural networks. In: Proceedings of International Conference on Learning Representations (ICLR)"},{"key":"5974_CR22","doi-asserted-by":"crossref","unstructured":"Sehwag V, Bhagoji AN, Song L, Sitawarin C, Cullina D, Chiang M, Mittal P (2019) Analyzing the robustness of open-world machine learning. In: Proceedings of ACM workshop on artificial intelligence and security. ACM, pp 105\u2013116","DOI":"10.1145\/3338501.3357372"},{"key":"5974_CR23","doi-asserted-by":"crossref","unstructured":"Carlini N, Wagner D (2017) Towards evaluating the robustness of neural networks. In: Proceedings of IEEE symposium on Security and Privacy (SP). IEEE, pp 39\u201357","DOI":"10.1109\/SP.2017.49"},{"key":"5974_CR24","unstructured":"Croce F, Hein M (2020) Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In: Proceedings of International Conference on Machine Learning (ICML). PMLR, pp 2206\u20132216"},{"key":"5974_CR25","unstructured":"Yamamura K, Sato H, Tateiwa N, Hata N, Mitsutake T, Oe I, Ishikura H, Fujisawa K (2022) Diversified adversarial attacks based on conjugate gradient method. In: Proceedings of International Conference on Machine Learning (ICML). PMLR, pp 24872\u201324894"},{"key":"5974_CR26","doi-asserted-by":"crossref","unstructured":"Chen P-Y, Zhang H, Sharma Y, Yi J, Hsieh C-J (2017) Zoo: zeroth order optimization based black-box attacks to deep neural networks without training substitute models. In: Proceedings of ACM workshop on artificial intelligence and security. ACM, pp 15\u201326","DOI":"10.1145\/3128572.3140448"},{"key":"5974_CR27","unstructured":"Cheng M, Singh S, Chen P, Chen P-Y, Liu S, Hsieh C-J (2020) Sign-opt: a query-efficient hard-label adversarial attack. In: Proceedings of International Conference on Learning Representations (ICLR)"},{"key":"5974_CR28","unstructured":"Liang S, Li Y, Srikant R (2018) Enhancing the reliability of out-of-distribution image detection in neural networks. In: Proceedings of International Conference on Learning Representations (ICLR)"},{"key":"5974_CR29","unstructured":"Hendrycks D, Mazeika M, Dietterich T (2019) Deep anomaly detection with outlier exposure. In: Proceedings of International Conference on Learning Representations (ICLR)"},{"key":"5974_CR30","doi-asserted-by":"crossref","unstructured":"Chen J, Li Y, Wu X, Liang Y, Jha S (2021) Atom: robustifying out-of-distribution detection using outlier mining. In: Proceedings of European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases (ECML\/PKDD)","DOI":"10.1007\/978-3-030-86523-8_26"},{"key":"5974_CR31","unstructured":"Goodfellow IJ, Shlens J, Szegedy C (2015) Explaining and harnessing adversarial examples. In: Proceedings of International Conference on Learning Representations (ICLR)"},{"key":"5974_CR32","doi-asserted-by":"crossref","unstructured":"Baluja S, Fischer I (2018) Learning to attack: adversarial transformation networks. In: Proceedings of AAAI conference on artificial intelligence (AAAI). AAAI","DOI":"10.1609\/aaai.v32i1.11672"},{"key":"5974_CR33","doi-asserted-by":"crossref","unstructured":"Xiao C, Li B, Zhu J-Y, He W, Liu M, Song D (2018) Generating adversarial examples with adversarial networks. In: Proceedings of International Joint Conference on Artificial Intelligence (IJCAI), pp 3905\u20133911","DOI":"10.24963\/ijcai.2018\/543"},{"key":"5974_CR34","unstructured":"Song Y, Shu R, Kushman N, Ermon S (2018) Constructing unrestricted adversarial examples with generative models. In: Proceedings of annual conference on Neural Information Processing Systems (NeurIPS). Curran Associates, Inc., pp 8322\u20138333"},{"key":"5974_CR35","unstructured":"Yang J, Zhou K, Li Y, Liu Z (2021) Generalized out-of-distribution detection: a survey. arXiv preprint arXiv:2110.11334"},{"key":"5974_CR36","unstructured":"Shen Z, Liu J, He Y, Zhang X, Xu R, Yu H, Cui P (2021) Towards out-of-distribution generalization: a survey. arXiv preprint arXiv:2108.13624"},{"key":"5974_CR37","unstructured":"Radford A, Metz L, Chintala S (2016) Unsupervised representation learning with deep convolutional generative adversarial networks. In: Proceedings of International Conference on Learning Representations (ICLR)"},{"key":"5974_CR38","unstructured":"Arjovsky M, Chintala S, Bottou L (2017) Wasserstein generative adversarial networks. In: Proceedings of International Conference on Machine Learning (ICML). PMLR, pp 214\u2013223"},{"key":"5974_CR39","unstructured":"Brock A, Donahue J, Simonyan K (2019) Large scale GAN training for high fidelity natural image synthesis. In: Proceedings of International Conference on Learning Representations (ICLR)"},{"key":"5974_CR40","unstructured":"Miyato T, Kataoka T, Koyama M, Yoshida Y (2018) Spectral normalization for generative adversarial networks. In: Proceedings of International Conference on Learning Representations (ICLR)"},{"key":"5974_CR41","unstructured":"Karras T, Aila T, Laine S, Lehtinen J (2018) Progressive growing of GANs for improved quality, stability, and variation. In: Proceedings of International Conference on Learning Representations (ICLR)"},{"key":"5974_CR42","doi-asserted-by":"crossref","unstructured":"Karras T, Laine S, Aittala M, Hellsten J, Lehtinen J, Aila T (2020) Analyzing and improving the image quality of stylegan. In: Proceedings of IEEE\/CVF conference on Computer Vision and Pattern Recognition (CVPR). IEEE, pp 8110\u20138119","DOI":"10.1109\/CVPR42600.2020.00813"},{"key":"5974_CR43","doi-asserted-by":"crossref","unstructured":"Karras T, Laine S, Aila T (2019) A style-based generator architecture for generative adversarial networks. In: Proceedings of IEEE\/CVF conference on Computer Vision and Pattern Recognition (CVPR). IEEE, pp 4401\u20134410","DOI":"10.1109\/CVPR.2019.00453"},{"key":"5974_CR44","doi-asserted-by":"crossref","unstructured":"Robbins H, Monro S (1951) A stochastic approximation method. Ann Math Stat, 400\u2013407","DOI":"10.1214\/aoms\/1177729586"},{"issue":"2","key":"5974_CR45","doi-asserted-by":"publisher","first-page":"155","DOI":"10.1093\/comjnl\/7.2.155","volume":"7","author":"MJ Powell","year":"1964","unstructured":"Powell MJ (1964) An efficient method for finding the minimum of a function of several variables without calculating derivatives. Comput J 7(2):155\u2013162","journal-title":"Comput J"},{"key":"5974_CR46","unstructured":"Krizhevsky A (2009) Learning multiple layers of features from tiny images. Master\u2019s thesis, University of Toronto"},{"key":"5974_CR47","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1016\/j.neunet.2012.02.016","volume":"32","author":"J Stallkamp","year":"2012","unstructured":"Stallkamp J, Schlipsing M, Salmen J, Igel C (2012) Man vs. computer: benchmarking machine learning algorithms for traffic sign recognition. Neural Netw 32:323\u2013332","journal-title":"Neural Netw"},{"key":"5974_CR48","doi-asserted-by":"crossref","unstructured":"Zheng Y, Zhao Y, Ren M, Yan H, Lu X, Liu J, Li J (2020) Cartoon face recognition: a benchmark dataset. In: Proceedings of ACM international conference on multimedia (MM). ACM, pp 2264\u20132272","DOI":"10.1145\/3394171.3413726"},{"issue":"3","key":"5974_CR49","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/s11263-015-0816-y","volume":"115","author":"O Russakovsky","year":"2015","unstructured":"Russakovsky O, Deng J, Su H, Krause J, Satheesh S, Ma S, Huang Z, Karpathy A, Khosla A, Bernstein M, Berg AC, Fei-Fei L (2015) Imagenet large scale visual recognition challenge. Int J Comput Vision 115(3):211\u2013252","journal-title":"Int J Comput Vision"},{"key":"5974_CR50","doi-asserted-by":"crossref","unstructured":"Zagoruyko S, Komodakis N (2016) Wide residual networks. In: Proceedings of the British Machine Vision Conference (BMVC)","DOI":"10.5244\/C.30.87"},{"key":"5974_CR51","doi-asserted-by":"crossref","unstructured":"Carlini N, Wagner D (2017) Adversarial examples are not easily detected: bypassing ten detection methods. In: Proceedings of the ACM workshop on Artificial Intelligence and Security (AISec). ACM, pp 3\u201314","DOI":"10.1145\/3128572.3140444"},{"key":"5974_CR52","unstructured":"Tramer F, Carlini N, Brendel W, Madry A (2020) On adaptive attacks to adversarial example defenses. In: Proceedings of annual conference on Neural Information Processing Systems (NeurIPS). Curran Associates, Inc., pp 1633\u20131645"},{"key":"5974_CR53","unstructured":"ART (2018) Adversarial Robustness Toolbox (ART). https:\/\/github.com\/Trusted-AI\/adversarial-robustness-toolbox"},{"key":"5974_CR54","unstructured":"Hinton G, Vinyals O, Dean J (2015) Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531"},{"key":"5974_CR55","unstructured":"Yu F, Seff A, Zhang Y, Song S, Funkhouser T, Xiao J (2015) LSUN: construction of a large-scale image dataset using deep learning with humans in the loop. arXiv preprint arXiv:1506.03365"},{"key":"5974_CR56","unstructured":"Kingma DP, Ba J (2015) Adam: a method for stochastic optimization. In: Proceedings of International Conference on Learning Representations (ICLR)"}],"container-title":["Applied Intelligence"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10489-024-05974-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10489-024-05974-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10489-024-05974-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,22]],"date-time":"2025-02-22T17:21:15Z","timestamp":1740244875000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10489-024-05974-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,16]]},"references-count":56,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2025,4]]}},"alternative-id":["5974"],"URL":"https:\/\/doi.org\/10.1007\/s10489-024-05974-1","relation":{},"ISSN":["0924-669X","1573-7497"],"issn-type":[{"type":"print","value":"0924-669X"},{"type":"electronic","value":"1573-7497"}],"subject":[],"published":{"date-parts":[[2025,1,16]]},"assertion":[{"value":"4 October 2024","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 January 2025","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"This study did not involve any human or animal experimentation. Therefore, there are no ethical or informed consent concerns regarding the use of the data.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical and informed consent for data used"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"327"}}