{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T23:06:55Z","timestamp":1766444815769,"version":"3.48.0"},"reference-count":129,"publisher":"Springer Science and Business Media LLC","issue":"12","license":[{"start":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T00:00:00Z","timestamp":1763510400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T00:00:00Z","timestamp":1763510400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Mach Learn"],"published-print":{"date-parts":[[2025,12]]},"DOI":"10.1007\/s10994-025-06853-7","type":"journal-article","created":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T15:17:54Z","timestamp":1763565474000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["An investigation of visual foundation models robustness"],"prefix":"10.1007","volume":"114","author":[{"given":"Sandeep","family":"Gupta","sequence":"first","affiliation":[]},{"given":"Roberto","family":"Passerone","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,11,19]]},"reference":[{"key":"6853_CR1","unstructured":"Athalye, A., Carlini, N., & Wagner, D. (2018). Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. In: Proceedings of the International Conference on Machine Learning, pp. 274\u2013283 . PMLR"},{"issue":"12","key":"6853_CR2","doi-asserted-by":"publisher","first-page":"2481","DOI":"10.1109\/TPAMI.2016.2644615","volume":"39","author":"V Badrinarayanan","year":"2017","unstructured":"Badrinarayanan, V., Kendall, A., & Cipolla, R. (2017). Segnet: A deep convolutional encoder-decoder architecture for image segmentation. IEEE transactions on pattern analysis and machine intelligence, 39(12), 2481\u20132495.","journal-title":"IEEE transactions on pattern analysis and machine intelligence"},{"key":"6853_CR3","doi-asserted-by":"crossref","unstructured":"Bhojanapalli, S., Chakrabarti, A., Glasner, D., Li, D., Unterthiner, T., & Veit, A. (2021). Understanding robustness of transformers for image classification. In: Proceedings of the IEEE\/CVF International Conference on Computer Vision, pp. 10231\u201310241","DOI":"10.1109\/ICCV48922.2021.01007"},{"issue":"9","key":"6853_CR4","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3559104","volume":"55","author":"R Bitton","year":"2023","unstructured":"Bitton, R., Maman, N., Singh, I., Momiyama, S., Elovici, Y., & Shabtai, A. (2023). Evaluating the cybersecurity risk of real-world, machine learning production systems. ACM Computing Surveys, 55(9), 1\u201336.","journal-title":"ACM Computing Surveys"},{"key":"6853_CR5","doi-asserted-by":"crossref","unstructured":"Carion, N., Massa, F., Synnaeve, G., Usunier, N., Kirillov, A., & Zagoruyko, S. (2020). End-to-end object detection with transformers. In: European Conference on Computer Vision, pp. 213\u2013229 . Springer","DOI":"10.1007\/978-3-030-58452-8_13"},{"key":"6853_CR6","doi-asserted-by":"crossref","unstructured":"Carlini, N., & Wagner, D. (2017). Towards evaluating the robustness of neural networks. In: Proceedings of the IEEE Symposium on Security and Privacy (SP), pp. 39\u201357 . Ieee","DOI":"10.1109\/SP.2017.49"},{"key":"6853_CR7","doi-asserted-by":"crossref","unstructured":"Chen, Z., Wang, Z., Xu, D., Zhu, J., Shen, W., Zheng, S., Xuan, Q., & Yang, X. (2024). Learn to defend: Adversarial multi-distillation for automatic modulation recognition models. IEEE Transactions on Information Forensics and Security","DOI":"10.1109\/TIFS.2024.3361172"},{"key":"6853_CR8","doi-asserted-by":"crossref","unstructured":"Chen, Y., Zhang, M., Li, J., & Kuang, X. (2022). Adversarial attacks and defenses in image classification: A practical perspective. In: Proceedings of the 7th International Conference on Image, Vision and Computing (ICIVC), pp. 424\u2013430 . IEEE","DOI":"10.1109\/ICIVC55077.2022.9886997"},{"key":"6853_CR9","doi-asserted-by":"crossref","unstructured":"Cheng, B., Misra, I., Schwing, A.G., Kirillov, A., & Girdhar, R. (2022) . Masked-attention mask transformer for universal image segmentation. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 1290\u20131299","DOI":"10.1109\/CVPR52688.2022.00135"},{"issue":"1","key":"6853_CR10","doi-asserted-by":"publisher","first-page":"28444","DOI":"10.1038\/s41598-024-79934-7","volume":"14","author":"Q Chen","year":"2024","unstructured":"Chen, Q., Li, K., Chen, Z., Maul, T., & Yin, J. (2024). Exploring feature sparsity for out-of-distribution detection. Scientific Reports, 14(1), 28444.","journal-title":"Scientific Reports"},{"key":"6853_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1609\/aaai.v32i1.11302","volume":"32","author":"P-Y Chen","year":"2018","unstructured":"Chen, P.-Y., Sharma, Y., Zhang, H., Yi, J., & Hsieh, C.-J. (2018). Ead: Elastic-net attacks to deep neural networks via adversarial examples. Proceedings of the AAAI Conference on Artificial Intelligence, 32, 1\u201310.","journal-title":"Proceedings of the AAAI Conference on Artificial Intelligence"},{"key":"6853_CR12","doi-asserted-by":"publisher","first-page":"1081","DOI":"10.1609\/aaai.v35i2.16193","volume":"35","author":"S Chen","year":"2021","unstructured":"Chen, S., Yao, T., Chen, Y., Ding, S., Li, J., & Ji, R. (2021). Local relation learning for face forgery detection. Proceedings of the AAAI Conference on Artificial Intelligence, 35, 1081\u20131088.","journal-title":"Proceedings of the AAAI Conference on Artificial Intelligence"},{"key":"6853_CR13","doi-asserted-by":"crossref","unstructured":"Dong, J., Koniusz, P., Chen, J., Wang, Z. J., & Ong, Y.-S. (2024). Robust distillation via untargeted and targeted intermediate adversarial samples. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 28432\u201328442","DOI":"10.1109\/CVPR52733.2024.02686"},{"key":"6853_CR14","doi-asserted-by":"crossref","unstructured":"Dong, Z., Ni, J., Bikel, D., Alfonseca, E., Wang, Y., Qu, C., & Zitouni, I. (2022). Exploring dual encoder architectures for question answering. In: Proceedings of the 2022 Conference on Empirical Methods in Natural Language Processing, pp. 9414\u20139419. Association for Computational Linguistics, ???","DOI":"10.18653\/v1\/2022.emnlp-main.640"},{"key":"6853_CR15","unstructured":"Dosovitskiy, A., Beyer, L., Kolesnikov, A., Weissenborn, D., Zhai, X., Unterthiner, T., Dehghani, M., Minderer, M., Heigold, G., Gelly, S., Uszkoreit, J., & Houlsby, N. (2021) . An image is worth 16x16 words: Transformers for image recognition at scale. In: Proceedings of the International Conference on Learning Representations, pp. 1\u201321"},{"key":"6853_CR16","doi-asserted-by":"crossref","unstructured":"Fan, J., Yan, Q., Li, M., Qu, G., & Xiao, Y. (2022). A survey on data poisoning attacks and defenses. In: Proceedings of the IEEE International Conference on Data Science in Cyberspace (DSC), pp. 48\u201355 . IEEE","DOI":"10.1109\/DSC55868.2022.00014"},{"key":"6853_CR17","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2022.108672","volume":"128","author":"Y Fang","year":"2022","unstructured":"Fang, Y., Xiao, S., Zhou, M., Cai, S., & Zhang, Z. (2022). Enhanced task attention with adversarial learning for dynamic multi-task cnn. Pattern Recognition, 128, Article 108672.","journal-title":"Pattern Recognition"},{"key":"6853_CR18","doi-asserted-by":"crossref","unstructured":"Feng, W., Xu, N., Zhang, T., & Zhang, Y. (2023). Dynamic generative targeted attacks with pattern injection. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 16404\u201316414","DOI":"10.1109\/CVPR52729.2023.01574"},{"key":"6853_CR19","doi-asserted-by":"publisher","first-page":"1112","DOI":"10.1109\/TIFS.2023.3288426","volume":"19","author":"W Feng","year":"2023","unstructured":"Feng, W., Xu, N., Zhang, T., Wu, B., & Zhang, Y. (2023). Robust and generalized physical adversarial attacks via meta-gan. IEEE Transactions on Information Forensics and Security, 19, 1112\u20131125.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"6853_CR20","doi-asserted-by":"crossref","unstructured":"Frosio, I., & Kautz, J. (2023). The best defense is a good offense: Adversarial augmentation against adversarial attacks. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 4067\u20134076","DOI":"10.1109\/CVPR52729.2023.00396"},{"key":"6853_CR21","doi-asserted-by":"publisher","first-page":"1096083","DOI":"10.3389\/fnbot.2023.1096083","volume":"17","author":"G Fu","year":"2023","unstructured":"Fu, G., Zhang, Z., Le, W., Li, J., Zhu, Q., Niu, F., Chen, H., Sun, F., & Shen, Y. (2023). A multi-scale pooling convolutional neural network for accurate steel surface defects classification. Frontiers in Neurorobotics, 17, 1096083.","journal-title":"Frontiers in Neurorobotics"},{"key":"6853_CR22","doi-asserted-by":"crossref","unstructured":"Gao, T., Yao, X., & Chen, D. (2021). SimCSE: Simple contrastive learning of sentence embeddings. In: Proceedings of the Empirical Methods in Natural Language Processing (EMNLP), pp. 6894\u20136910","DOI":"10.18653\/v1\/2021.emnlp-main.552"},{"key":"6853_CR23","first-page":"53385","volume":"36","author":"J Gardner","year":"2024","unstructured":"Gardner, J., Popovic, Z., & Schmidt, L. (2024). Benchmarking distribution shift in tabular data with tableshift. Advances in Neural Information Processing Systems, 36, 53385\u201353432.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"6853_CR24","doi-asserted-by":"crossref","unstructured":"Girdhar, R., El-Nouby, A., Liu, Z., Singh, M., Alwala, K. V., Joulin, A., & Misra, I. (2023) . Imagebind: One embedding space to bind them all. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 15180\u201315190","DOI":"10.1109\/CVPR52729.2023.01457"},{"key":"6853_CR25","unstructured":"Goodfellow, I. J., Shlens, J., & Szegedy, C. (2015). Explaining and harnessing adversarial examples. In: Proceedings of the 3rd International Conference on Learning Representations, pp. 1\u201310"},{"key":"6853_CR26","doi-asserted-by":"crossref","unstructured":"Gowal, S., Dvijotham, K. D., Stanforth, R., Bunel, R., Qin, C., Uesato, J., Arandjelovic, R., Mann, T., & Kohli, P. (2019). Scalable verified training for provably robust image classification. In: Proceedings of the IEEE\/CVF International Conference on Computer Vision, pp. 4842\u20134851","DOI":"10.1109\/ICCV.2019.00494"},{"key":"6853_CR27","unstructured":"Gu, J., Tresp, V., & Qin, Y. (2022). Evaluating model robustness to patch perturbations. In: Proceeding of the Shift Happens Workshop (ICML), pp. 1\u20136"},{"key":"6853_CR28","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2101.09617","author":"J Guo","year":"2023","unstructured":"Guo, J., Bao, W., Wang, J., Ma, Y., Gao, X., Xiao, G., Liu, A., Dong, J., Liu, X., & Wu, W. (2023). A comprehensive evaluation framework for deep model robustness. Pattern Recognition. https:\/\/doi.org\/10.48550\/arXiv.2101.09617","journal-title":"Pattern Recognition"},{"key":"6853_CR29","doi-asserted-by":"crossref","unstructured":"Gupta, S., Kumar, R., Raja, K., Crispo, B., & Maple, C. (2025) . Evaluating a bimodal user verification robustness against synthetic data attacks. In: Proceeding of the International Conference on Security and Cryptography (SECRYPT), pp. 1\u201312","DOI":"10.5220\/0013450100003979"},{"key":"6853_CR30","doi-asserted-by":"crossref","unstructured":"Gupta, S., Raja, K., & Passerone, R. (2024). Visual prompt engineering for enhancing facial recognition systems robustness against evasion attacks. IEEE Access","DOI":"10.1109\/ACCESS.2024.3479949"},{"key":"6853_CR31","doi-asserted-by":"publisher","DOI":"10.1016\/j.iot.2022.100503","volume":"18","author":"S Gupta","year":"2022","unstructured":"Gupta, S. (2022). Non-functional requirements elicitation for edge computing. Internet of Things, 18, Article 100503.","journal-title":"Internet of Things"},{"key":"6853_CR32","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3594869","volume":"55","author":"S Han","year":"2023","unstructured":"Han, S., Lin, C., Shen, C., Wang, Q., & Guan, X. (2023). Interpreting adversarial examples in deep learning: A review. ACM Computing Surveys, 55, 1\u201338.","journal-title":"ACM Computing Surveys"},{"key":"6853_CR33","unstructured":"Hendrycks, D., & Dietterich, T. (2018). Benchmarking neural network robustness to common corruptions and perturbations. In: Proceedings of the International Conference on Learning Representations, pp. 1\u201316"},{"key":"6853_CR34","doi-asserted-by":"crossref","unstructured":"Howard, A., Sandler, M., Chu, G., Chen, L.-C., Chen, B., Tan, M., Wang, W., Zhu, Y., Pang, R., Vasudevan, V., Le, Q.V. (2019) . Searching for mobilenetv3. In: Proceedings of the IEEE\/CVF International Conference on Computer Vision, pp. 1314\u20131324","DOI":"10.1109\/ICCV.2019.00140"},{"key":"6853_CR35","unstructured":"Huang, H., Liu, F., Fu, L., Wu, T., Mukadam, M., Malik, J., Goldberg, K., & Abbeel, P. (2024) . Early fusion helps vision language action models generalize better. In: Proceeding of the 1st Workshop on X-Embodiment Robot Learning, pp. 1\u201315"},{"key":"6853_CR36","doi-asserted-by":"crossref","unstructured":"Huang, G., Liu, Z., Van Der\u00a0Maaten, L., & Weinberger, K. Q. (2017) . Densely connected convolutional networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 4700\u20134708","DOI":"10.1109\/CVPR.2017.243"},{"key":"6853_CR37","doi-asserted-by":"publisher","first-page":"457","DOI":"10.1007\/s10994-021-05946-3","volume":"110","author":"E H\u00fcllermeier","year":"2021","unstructured":"H\u00fcllermeier, E., & Waegeman, W. (2021). Aleatoric and epistemic uncertainty in machine learning: An introduction to concepts and methods. Machine Learning, 110, 457\u2013506.","journal-title":"Machine Learning"},{"key":"6853_CR38","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2024.127799","volume":"592","author":"Y Hu","year":"2024","unstructured":"Hu, Y., Tian, C., Zhang, J., & Zhang, S. (2024). Efficient image denoising with heterogeneous kernel-based cnn. Neurocomputing, 592, Article 127799.","journal-title":"Neurocomputing"},{"key":"6853_CR39","doi-asserted-by":"crossref","unstructured":"Jia, X., Zhang, Y., Wu, B., Ma, K., Wang, J., & Cao, X. (2022). Las-at: adversarial training with learnable attack strategy. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 13398\u201313408","DOI":"10.1109\/CVPR52688.2022.01304"},{"issue":"7","key":"6853_CR40","doi-asserted-by":"publisher","first-page":"7081","DOI":"10.1109\/TITS.2023.3347860","volume":"25","author":"W Jia","year":"2024","unstructured":"Jia, W., Lu, Z., Yu, R., Li, L., Zhang, H., Liu, Z., & Qu, G. (2024). Fooling decision-based black-box automotive vision perception systems in physical world. IEEE Transactions on Intelligent Transportation Systems, 25(7), 7081\u201392.","journal-title":"IEEE Transactions on Intelligent Transportation Systems"},{"issue":"3","key":"6853_CR41","doi-asserted-by":"publisher","first-page":"470","DOI":"10.1109\/TAI.2022.3145335","volume":"3","author":"X Jiang","year":"2022","unstructured":"Jiang, X., & Ge, Z. (2022). Attacks on data-driven process monitoring systems: Subspace transfer networks. IEEE Transactions on Artificial Intelligence, 3(3), 470\u2013484.","journal-title":"IEEE Transactions on Artificial Intelligence"},{"key":"6853_CR42","doi-asserted-by":"publisher","first-page":"2705","DOI":"10.1609\/aaai.v38i3.28049","volume":"38","author":"M Kang","year":"2024","unstructured":"Kang, M., Kang, M., & Kim, S. (2024). Catch-up mix: Catch-up class for struggling filters in cnn. Proceedings of the AAAI Conference on Artificial Intelligence, 38, 2705\u20132713.","journal-title":"Proceedings of the AAAI Conference on Artificial Intelligence"},{"key":"6853_CR43","doi-asserted-by":"crossref","unstructured":"Karras, T., Laine, S., Aittala, M., Hellsten, J., Lehtinen, J., & Aila, T. (2020). Analyzing and improving the image quality of StyleGAN. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 8110\u20138119","DOI":"10.1109\/CVPR42600.2020.00813"},{"key":"6853_CR44","doi-asserted-by":"crossref","unstructured":"Kienitz, D., Komendantskaya, E., & A\u00a0Lones, M. (2022). Comparing complexities of decision boundaries for robust training: A universal approach. In: Proceedings of the Asian Conference on Computer Vision, pp. 4495\u20134513","DOI":"10.1007\/978-3-031-26351-4_38"},{"key":"6853_CR45","doi-asserted-by":"crossref","unstructured":"Kirillov, A., Mintun, E., Ravi, N., Mao, H., Rolland, C., Gustafson, L., Xiao, T., Whitehead, S., Berg, A. C., Lo, W.-Y., Doll\u00e1r, P. (2023) . Segment anything. In: Proceedings of the IEEE\/CVF International Conference on Computer Vision, pp. 4015\u20134026","DOI":"10.1109\/ICCV51070.2023.00371"},{"key":"6853_CR46","unstructured":"Krizhevsky, A., Sutskever, I., & Hinton, G. E. (2012). Imagenet classification with deep convolutional neural networks. Advances in neural information processing systems 25"},{"key":"6853_CR47","first-page":"10796","volume":"36","author":"H Kuang","year":"2023","unstructured":"Kuang, H., Liu, H., Wu, Y., Satoh, S., & Ji, R. (2023). Improving adversarial robustness via information bottleneck distillation. Advances in Neural Information Processing Systems, 36, 10796\u201310813.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"6853_CR48","doi-asserted-by":"crossref","unstructured":"Kurakin, A., Goodfellow, I. J., & Bengio, S. (2018). Adversarial examples in the physical world. In: Proceedings of the Artificial Intelligence Safety and Security, pp. 99\u2013112. Chapman and Hall\/CRC","DOI":"10.1201\/9781351251389-8"},{"issue":"11","key":"6853_CR49","doi-asserted-by":"publisher","first-page":"2278","DOI":"10.1109\/5.726791","volume":"86","author":"Y LeCun","year":"1998","unstructured":"LeCun, Y., Bottou, L., Bengio, Y., & Haffner, P. (1998). Gradient-based learning applied to document recognition. Proceedings of the IEEE, 86(11), 2278\u20132324.","journal-title":"Proceedings of the IEEE"},{"key":"6853_CR50","doi-asserted-by":"publisher","first-page":"90542","DOI":"10.1109\/ACCESS.2020.2993818","volume":"8","author":"CFS Leite","year":"2020","unstructured":"Leite, C. F. S., & Xiao, Y. (2020). Improving cross-subject activity recognition via adversarial learning. IEEE Access, 8, 90542\u201390554.","journal-title":"IEEE Access"},{"key":"6853_CR51","doi-asserted-by":"crossref","unstructured":"Li, S., Deng, W., & Du, J. (2017). Reliable crowdsourcing and deep locality-preserving learning for expression recognition in the wild. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2852\u20132861","DOI":"10.1109\/CVPR.2017.277"},{"key":"6853_CR52","doi-asserted-by":"crossref","unstructured":"Li, L., Xie, T., & Li, B. (2023a). Sok: Certified robustness for deep neural networks. In: Proceedings of the IEEE Symposium on Security and Privacy (SP), pp. 1289\u20131310 . IEEE","DOI":"10.1109\/SP46215.2023.10179303"},{"issue":"3","key":"6853_CR53","doi-asserted-by":"publisher","first-page":"3069","DOI":"10.1007\/s10489-022-03495-3","volume":"53","author":"Y Liang","year":"2023","unstructured":"Liang, Y., & Samavi, R. (2023). Advanced defensive distillation with ensemble voting and noisy logits. Applied Intelligence, 53(3), 3069\u20133094.","journal-title":"Applied Intelligence"},{"key":"6853_CR54","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103791","volume":"141","author":"Q Li","year":"2024","unstructured":"Li, Q., Chen, J., He, K., Zhang, Z., Du, R., She, J., & Wang, X. (2024). Model-agnostic adversarial example detection via high-frequency amplification. Computers & Security, 141, Article 103791.","journal-title":"Computers & Security"},{"key":"6853_CR55","doi-asserted-by":"publisher","first-page":"1470","DOI":"10.1109\/TSP.2020.2974676","volume":"68","author":"F Li","year":"2020","unstructured":"Li, F., Lai, L., & Cui, S. (2020). On the adversarial robustness of subspace learning. IEEE Transactions on Signal Processing, 68, 1470\u20131483.","journal-title":"IEEE Transactions on Signal Processing"},{"issue":"3","key":"6853_CR56","doi-asserted-by":"publisher","first-page":"1119","DOI":"10.1109\/TNNLS.2020.3040379","volume":"33","author":"J Li","year":"2020","unstructured":"Li, J., Liu, H., Tao, Z., Zhao, H., & Fu, Y. (2020). Learnable subspace clustering. IEEE Transactions on Neural Networks and Learning Systems, 33(3), 1119\u20131133.","journal-title":"IEEE Transactions on Neural Networks and Learning Systems"},{"issue":"12","key":"6853_CR57","doi-asserted-by":"publisher","first-page":"6999","DOI":"10.1109\/TNNLS.2021.3084827","volume":"33","author":"Z Li","year":"2021","unstructured":"Li, Z., Liu, F., Yang, W., Peng, S., & Zhou, J. (2021). A survey of convolutional neural networks: analysis, applications, and prospects. IEEE transactions on neural networks and learning systems, 33(12), 6999\u20137019.","journal-title":"IEEE transactions on neural networks and learning systems"},{"key":"6853_CR58","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1016\/j.patcog.2019.06.006","volume":"95","author":"Y Lin","year":"2019","unstructured":"Lin, Y., Zheng, L., Zheng, Z., Wu, Y., Hu, Z., Yan, C., & Yang, Y. (2019). Improving person re-identification by attribute and identity learning. Pattern Recognition, 95, 151\u2013161.","journal-title":"Pattern Recognition"},{"issue":"9","key":"6853_CR59","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3555803","volume":"55","author":"B Li","year":"2023","unstructured":"Li, B., Qi, P., Liu, B., Di, S., Liu, J., Pei, J., Yi, J., & Zhou, B. (2023). Trustworthy ai: From principles to practices. ACM Computing Surveys, 55(9), 1\u201346.","journal-title":"ACM Computing Surveys"},{"key":"6853_CR60","unstructured":"Liu, H., Li, C., Wu, Q., & Lee, Y. J. (2023) . Visual instruction tuning. In: Proceedings of the Thirty-seventh Conference on Neural Information Processing Systems"},{"key":"6853_CR61","doi-asserted-by":"crossref","unstructured":"Liu, Z., Luo, P., Wang, X., & Tang, X. (2015). Deep learning face attributes in the wild. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 3730\u20133738","DOI":"10.1109\/ICCV.2015.425"},{"key":"6853_CR62","doi-asserted-by":"crossref","unstructured":"Liu, Z., Mao, H., Wu, C.-Y., Feichtenhofer, C., Darrell, T., & Xie, S. (2022) . A convnet for the 2020s. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 11976\u201311986","DOI":"10.1109\/CVPR52688.2022.01167"},{"issue":"2","key":"6853_CR63","doi-asserted-by":"publisher","first-page":"567","DOI":"10.1007\/s11263-024-02196-3","volume":"133","author":"C Liu","year":"2024","unstructured":"Liu, C., Dong, Y., Xiang, W., Yang, X., Su, H., Zhu, J., Chen, Y., He, Y., Xue, H., & Zheng, S. (2024). A comprehensive study on robustness of image classification models: Benchmarking and rethinking. International Journal of Computer Vision, 133(2), 567\u201389.","journal-title":"International Journal of Computer Vision"},{"issue":"10","key":"6853_CR64","doi-asserted-by":"publisher","first-page":"268","DOI":"10.1007\/s10462-024-10915-y","volume":"57","author":"F Liu","year":"2024","unstructured":"Liu, F., Zhang, T., Dai, W., Zhang, C., Cai, W., Zhou, X., & Chen, D. (2024). Few-shot adaptation of multi-modal foundation models: A survey. Artificial Intelligence Review, 57(10), 268.","journal-title":"Artificial Intelligence Review"},{"issue":"6","key":"6853_CR65","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3636551","volume":"56","author":"Y Li","year":"2024","unstructured":"Li, Y., Xie, B., Guo, S., Yang, Y., & Xiao, B. (2024). A survey of robustness and safety of 2d and 3d deep learning models against adversarial attacks. ACM Computing Surveys, 56(6), 1\u201337.","journal-title":"ACM Computing Surveys"},{"key":"6853_CR66","doi-asserted-by":"crossref","unstructured":"Luo, J., & Kong, L. (2024) . On enhancing adversarial robustness of large pre-trained vision-language models. In: Proceedings of the 2024 8th International Conference on Computer Science and Artificial Intelligence, pp. 212\u2013220","DOI":"10.1145\/3709026.3709059"},{"key":"6853_CR67","unstructured":"Luo, R., Li, Y., Chen, L., He, W., Lin, T.-E., Liu, Z., Zhang, L., Song, Z., Rokny, H., Xia, X., Liu, T., Hui, B., & Yang, M. (2025) . DEEM: Diffusion models serve as the eyes of large language models for image perception. In: Proceedings of the Thirteenth International Conference on Learning Representations"},{"key":"6853_CR68","doi-asserted-by":"crossref","unstructured":"Luo, C., Lin, Q., Xie, W., Wu, B., Xie, J., & Shen, L. (2022). Frequency-driven imperceptible adversarial attack on semantic similarity. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 15315\u201315324","DOI":"10.1109\/CVPR52688.2022.01488"},{"key":"6853_CR69","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2021.108383","volume":"117","author":"W Luo","year":"2022","unstructured":"Luo, W., Wu, C., Ni, L., Zhou, N., & Zhang, Z. (2022). Detecting adversarial examples by positive and negative representations. Applied Soft Computing, 117, Article 108383.","journal-title":"Applied Soft Computing"},{"key":"6853_CR70","first-page":"37657","volume":"36","author":"Y Ma","year":"2024","unstructured":"Ma, Y., Dong, M., & Xu, C. (2024). Adversarial robustness through random weight sampling. Advances in Neural Information Processing Systems, 36, 37657\u201369.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"6853_CR71","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., & Vladu, A. (2018). Towards deep learning models resistant to adversarial attacks. In: Proceedings of the International Conference on Learning Representations, pp. 1\u201327"},{"key":"6853_CR72","doi-asserted-by":"publisher","first-page":"8884","DOI":"10.1609\/aaai.v35i10.17075","volume":"35","author":"X Mao","year":"2021","unstructured":"Mao, X., Chen, Y., Wang, S., Su, H., He, Y., & Xue, H. (2021). Composite adversarial attacks. Proceedings of the AAAI Conference on Artificial Intelligence, 35, 8884\u20138892.","journal-title":"Proceedings of the AAAI Conference on Artificial Intelligence"},{"key":"6853_CR73","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3179131","author":"MH Meng","year":"2022","unstructured":"Meng, M. H., Bai, G., Teo, S. G., Hou, Z., Xiao, Y., Lin, Y., & Dong, J. S. (2022). Adversarial robustness of deep neural networks: A survey from a formal verification perspective. IEEE Transactions on Dependable and Secure Computing. https:\/\/doi.org\/10.1109\/TDSC.2022.3179131","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"issue":"Suppl 1","key":"6853_CR74","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1007\/s10462-023-10521-4","volume":"56","author":"C Meyers","year":"2023","unstructured":"Meyers, C., L\u00f6fstedt, T., & Elmroth, E. (2023). Safety-critical computer vision: An empirical survey of adversarial evasion attacks and defenses on computer vision systems. Artificial Intelligence Review, 56(Suppl 1), 217\u2013251.","journal-title":"Artificial Intelligence Review"},{"key":"6853_CR75","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli, S.-M., Fawzi, A., & Frossard, P. (2016). Deepfool: A simple and accurate method to fool deep neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2574\u20132582","DOI":"10.1109\/CVPR.2016.282"},{"issue":"3","key":"6853_CR76","doi-asserted-by":"publisher","first-page":"1329","DOI":"10.1109\/TNNLS.2021.3105238","volume":"34","author":"F Nesti","year":"2021","unstructured":"Nesti, F., Biondi, A., & Buttazzo, G. (2021). Detecting adversarial examples by input transformations, defense perturbations, and voting. IEEE Transactions on Neural Networks and Learning Systems, 34(3), 1329\u20131341.","journal-title":"IEEE Transactions on Neural Networks and Learning Systems"},{"key":"6853_CR77","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s42979-020-00390-x","volume":"2","author":"A Noack","year":"2021","unstructured":"Noack, A., Ahern, I., Dou, D., & Li, B. (2021). An empirical study on the relation between network interpretability and adversarial robustness. SN Computer Science, 2, 1\u201313.","journal-title":"SN Computer Science"},{"key":"6853_CR78","doi-asserted-by":"publisher","unstructured":"Oquab, M., Darcet, T., Moutakanni, T., Vo, H. V., Szafraniec, M., Khalidov, V., Fernandez, P., & HAZIZA, D., Massa, F., El-Nouby, A., Assran, M., Ballas, N., Galuba, W., Howes, R., Huang, P.-Y., Li, S.-W., Misra, I., Rabbat, M., Sharma, V., Synnaeve, G., Xu, H., Jegou, H., Mairal, J., Labatut, P., Joulin, A., & Bojanowski, P. (2024). DINOv2: Learning robust visual features without supervision. Transactions on Machine Learning Research. https:\/\/doi.org\/10.48550\/arXiv.2304.07193","DOI":"10.48550\/arXiv.2304.07193"},{"key":"6853_CR79","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z. B., & Swami, A. (2016). The limitations of deep learning in adversarial settings. In: Proceedings of the IEEE European Symposium on Security and Privacy (EuroS &P), pp. 372\u2013387 . IEEE","DOI":"10.1109\/EuroSP.2016.36"},{"key":"6853_CR80","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Wu, X., Jha, S., & Swami, A. (2016). Distillation as a defense to adversarial perturbations against deep neural networks. In: Proceedings of the IEEE Symposium on Security and Privacy (SP), pp. 582\u2013597 . IEEE","DOI":"10.1109\/SP.2016.41"},{"issue":"29","key":"6853_CR81","doi-asserted-by":"publisher","first-page":"18265","DOI":"10.1007\/s00521-024-10141-1","volume":"36","author":"A Pedraza","year":"2024","unstructured":"Pedraza, A., Deniz, O., Singh, H., & Bueno, G. (2024). Leveraging autoencoders and chaos theory to improve adversarial example detection. Neural Computing and Applications, 36(29), 18265\u201318275.","journal-title":"Neural Computing and Applications"},{"key":"6853_CR82","unstructured":"Pytorch: Inception V3. https:\/\/pytorch.org\/hub\/pytorch_vision_inception_v3\/. online web resource (2025)"},{"key":"6853_CR83","unstructured":"Pytorch: Resnet. https:\/\/pytorch.org\/hub\/pytorch_vision_resnet\/. online web resource (2025)"},{"key":"6853_CR84","unstructured":"Pytorch: ViT. https:\/\/docs.pytorch.org\/vision\/main\/models\/vision_transformer.html. online web resource (2025)"},{"key":"6853_CR85","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2022.108889","volume":"131","author":"Z Qian","year":"2022","unstructured":"Qian, Z., Huang, K., Wang, Q.-F., & Zhang, X.-Y. (2022). A survey of robust adversarial training in pattern recognition: Fundamental, theory, and methodologies. Pattern Recognition, 131, Article 108889.","journal-title":"Pattern Recognition"},{"key":"6853_CR86","unstructured":"Radford, A., Kim, J.W., Hallacy, C., Ramesh, A., Goh, G., Agarwal, S., Sastry, G., Askell, A., Mishkin, P., Clark, J., Krueger, G. (2021). Learning transferable visual models from natural language supervision. In: International Conference on Machine Learning, pp. 8748\u20138763 . PMLR"},{"key":"6853_CR87","doi-asserted-by":"crossref","unstructured":"Redmon, J. (2016) . You only look once: Unified, real-time object detection. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1\u201310","DOI":"10.1109\/CVPR.2016.91"},{"key":"6853_CR88","doi-asserted-by":"crossref","unstructured":"Reiss, A., & Stricker, D. (2012). Introducing a new benchmarked dataset for activity monitoring. In: Proceeding of the 16th International Symposium on Wearable Computers, pp. 108\u2013109 . IEEE","DOI":"10.1109\/ISWC.2012.13"},{"key":"6853_CR89","first-page":"770","volume":"3","author":"S Ren","year":"2016","unstructured":"Ren, S., Sun, J., He, K., & Zhang, X. (2016). Deep residual learning for image recognition. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 3, 770\u2013778.","journal-title":"Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition"},{"issue":"3","key":"6853_CR90","doi-asserted-by":"publisher","first-page":"346","DOI":"10.1016\/j.eng.2019.12.012","volume":"6","author":"K Ren","year":"2020","unstructured":"Ren, K., Zheng, T., Qin, Z., & Liu, X. (2020). Adversarial attacks and defenses in deep learning. Engineering, 6(3), 346\u2013360.","journal-title":"Engineering"},{"key":"6853_CR91","unstructured":"Rice, L., Wong, E., & Kolter, Z. (2020). Overfitting in adversarially robust deep learning. In: Proceeding of the International Conference on Machine Learning, pp. 8093\u20138104 . PMLR"},{"issue":"3","key":"6853_CR92","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3398394","volume":"53","author":"A Serban","year":"2020","unstructured":"Serban, A., Poll, E., & Visser, J. (2020). Adversarial examples on object recognition: A comprehensive survey. ACM Computing Surveys (CSUR), 53(3), 1\u201338.","journal-title":"ACM Computing Surveys (CSUR)"},{"issue":"OOPSLA1","key":"6853_CR93","doi-asserted-by":"publisher","first-page":"434","DOI":"10.1145\/3586042","volume":"7","author":"Y Shapira","year":"2023","unstructured":"Shapira, Y., Avneri, E., & Drachsler-Cohen, D. (2023). Deep learning robustness verification for few-pixel attacks. Proceedings of the ACM on Programming Languages, 7(OOPSLA1), 434\u2013461.","journal-title":"Proceedings of the ACM on Programming Languages"},{"key":"6853_CR94","first-page":"28042","volume":"34","author":"M Shu","year":"2021","unstructured":"Shu, M., Wu, Z., Goldblum, M., & Goldstein, T. (2021). Encoding robustness to image style via adversarial feature perturbations. Advances in Neural Information Processing Systems, 34, 28042\u201328053.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"6853_CR95","unstructured":"Simonyan, K., & Zisserman, A. (2015). Very deep convolutional networks for large-scale image recognition. In: Proceedings of the 3rd International Conference on Learning Representations, pp. 1\u201314"},{"key":"6853_CR96","doi-asserted-by":"crossref","unstructured":"Sun, B., Tsai, N.-h., Liu, F., Yu, R., & Su, H. (2019). Adversarial defense by stratified convolutional sparse coding. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 11447\u201311456","DOI":"10.1109\/CVPR.2019.01171"},{"key":"6853_CR97","doi-asserted-by":"crossref","unstructured":"Szegedy, C., Liu, W., Jia, Y., Sermanet, P., Reed, S., Anguelov, D., Erhan, D., Vanhoucke, V., & Rabinovich, A. (2015) . Going deeper with convolutions. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1\u20139","DOI":"10.1109\/CVPR.2015.7298594"},{"key":"6853_CR98","doi-asserted-by":"crossref","unstructured":"Szegedy, C., Vanhoucke, V., Ioffe, S., Shlens, J., & Wojna, Z. (2016) . Rethinking the inception architecture for computer vision. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2818\u20132826","DOI":"10.1109\/CVPR.2016.308"},{"key":"6853_CR99","unstructured":"Szegedy, C., Zare, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. (2014). Intriguing properties of neural networks. In: Proceedings of the International Conference on Learning Representations (ICLR), pp. 1\u201310"},{"key":"6853_CR100","unstructured":"Tan, M., & Le, Q. (2019). Efficientnet: Rethinking model scaling for convolutional neural networks. In: Proceedings of the International Conference on Machine Learning, pp. 6105\u20136114 . PMLR"},{"key":"6853_CR101","unstructured":"Tao, G., An, S., Cheng, S., Shen, G., & Zhang, X. (2023). Hard-label black-box universal adversarial patch attack. In: Proceedings of the 32nd USENIX Security Symposium (USENIX Security 23), pp. 697\u2013714"},{"key":"6853_CR102","doi-asserted-by":"crossref","unstructured":"Tiwari, L., Madan, A., Anand, S., & Banerjee, S. (2022) . Regroup: Rank-aggregating ensemble of generative classifiers for robust predictions. In: Proceedings of the IEEE\/CVF Winter Conference on Applications of Computer Vision, pp. 2595\u20132604","DOI":"10.1109\/WACV51458.2022.00388"},{"key":"6853_CR103","doi-asserted-by":"crossref","unstructured":"Tziafas, G., & Kasaei, H. (2023). Early or late fusion matters: Efficient rgb-d fusion in vision transformers for 3d object recognition. In: Proceeding of the International Conference on Intelligent Robots and Systems (IROS), pp. 9558\u20139565 . IEEE","DOI":"10.1109\/IROS55552.2023.10341422"},{"key":"6853_CR104","unstructured":"Uesato, J., O\u2019Donoghue, B., Kohli, P., & Oord, A. (2018). Adversarial risk and the dangers of evaluating against weak attacks. In: Proceedings of the 35th International Conference on Machine Learning, vol. 80, pp. 5025\u20135034. PMLR"},{"key":"6853_CR105","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2024.123249","volume":"246","author":"M Usman","year":"2024","unstructured":"Usman, M., Zaka-Ud-Din, M., & Ling, Q. (2024). Enhanced encoder-decoder architecture for visual perception multitasking of autonomous driving. Expert Systems with Applications, 246, Article 123249.","journal-title":"Expert Systems with Applications"},{"key":"6853_CR106","doi-asserted-by":"crossref","unstructured":"Wang, L., Zhang, C., & Liu, J. (2020). Deep learning defense method against adversarial attacks. In: Proceedings of the International Conference on Systems, Man, and Cybernetics (SMC), pp. 3667\u20133672 . IEEE","DOI":"10.1109\/SMC42975.2020.9283255"},{"issue":"2","key":"6853_CR107","doi-asserted-by":"publisher","first-page":"930","DOI":"10.1109\/COMST.2023.3344808","volume":"26","author":"S Wang","year":"2023","unstructured":"Wang, S., Ko, R. K., Bai, G., Dong, N., Choi, T., & Zhang, Y. (2023). Evasion attack and defense on machine learning models in cyber-physical systems: A survey. IEEE Communications Surveys & Tutorials, 26(2), 930\u201366.","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"6853_CR108","doi-asserted-by":"publisher","first-page":"230","DOI":"10.1109\/TMM.2021.3050057","volume":"24","author":"J Wang","year":"2021","unstructured":"Wang, J., Zhao, J., Yin, Q., Luo, X., Zheng, Y., Shi, Y.-Q., & Jha, S. K. (2021). Smsnet: A new deep convolutional neural network model for adversarial example detection. IEEE Transactions on Multimedia, 24, 230\u2013244.","journal-title":"IEEE Transactions on Multimedia"},{"key":"6853_CR109","doi-asserted-by":"crossref","unstructured":"Wei, Z., Wang, Y., Guo, Y., & Wang, Y. (2023). Cfa: Class-wise calibrated fair adversarial training. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 8193\u20138201","DOI":"10.1109\/CVPR52729.2023.00792"},{"key":"6853_CR110","unstructured":"Weng, L., Zhang, H., Chen, H., Song, Z., Hsieh, C.-J., Daniel, L., Boning, D., & Dhillon, I. (2018). Towards fast computation of certified robustness for relu networks. In: Proceedings of the International Conference on Machine Learning, pp. 5276\u20135285 . PMLR"},{"key":"6853_CR111","unstructured":"Xiao, C., Zhu, J.-Y., Li, B., He, W., Liu, M., & Song, D. (2018). Spatially transformed adversarial examples. In: Proceedings of the International Conference on Learning Representations"},{"key":"6853_CR112","doi-asserted-by":"crossref","unstructured":"Xie, C., Wu, Y., Maaten, L. v. d., Yuille, A. L., & He, K.: (2019). Feature denoising for improving adversarial robustness. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 501\u2013509","DOI":"10.1109\/CVPR.2019.00059"},{"key":"6853_CR113","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2022.103121","volume":"65","author":"P Xiong","year":"2022","unstructured":"Xiong, P., Buffett, S., Iqbal, S., Lamontagne, P., Mamun, M., & Molyneaux, H. (2022). Towards a robust and trustworthy machine learning system development: An engineering perspective. Journal of Information Security and Applications, 65, Article 103121.","journal-title":"Journal of Information Security and Applications"},{"key":"6853_CR114","unstructured":"Xu, H., Xie, S., Tan, X., Huang, P.-Y., Howes, R., Sharma, V., Li, S.-W., Ghosh, G., Zettlemoyer, L., & Feichtenhofer, C. (2024). Demystifying CLIP data. In: Proceedings of the Twelfth International Conference on Learning Representations"},{"key":"6853_CR115","first-page":"1129","volume":"33","author":"K Xu","year":"2020","unstructured":"Xu, K., Shi, Z., Zhang, H., Wang, Y., Chang, K.-W., Huang, M., Kailkhura, B., Lin, X., & Hsieh, C.-J. (2020). Automatic perturbation analysis for scalable certified robustness and beyond. Advances in Neural Information Processing Systems, 33, 1129\u20131141.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"6853_CR116","unstructured":"Yang, R., Laurel, J., Misailovic, S., & Singh, G. (2023). Provable defense against geometric transformations. In: Proceeding of the Eleventh International Conference on Learning Representations, pp. 1\u201319"},{"issue":"12","key":"6853_CR117","doi-asserted-by":"publisher","first-page":"5635","DOI":"10.1007\/s11263-024-02117-4","volume":"132","author":"J Yang","year":"2024","unstructured":"Yang, J., Zhou, K., Li, Y., & Liu, Z. (2024). Generalized out-of-distribution detection: A survey. International Journal of Computer Vision, 132(12), 5635\u20135662.","journal-title":"International Journal of Computer Vision"},{"issue":"9","key":"6853_CR118","doi-asserted-by":"publisher","first-page":"2805","DOI":"10.1109\/TNNLS.2018.2886017","volume":"30","author":"X Yuan","year":"2019","unstructured":"Yuan, X., He, P., Zhu, Q., & Li, X. (2019). Adversarial examples: Attacks and defenses for deep learning. IEEE transactions on neural networks and learning systems, 30(9), 2805\u20132824.","journal-title":"IEEE transactions on neural networks and learning systems"},{"key":"6853_CR119","doi-asserted-by":"crossref","unstructured":"Zeiler, M. D., & Fergus, R. (2014). Visualizing and understanding convolutional networks. In: Proceedings of the 13th European Computer Vision Conference, pp. 818\u2013833 . Springer","DOI":"10.1007\/978-3-319-10590-1_53"},{"key":"6853_CR120","unstructured":"Zhang, H., Weng, T.-W., Chen, P.-Y., Hsieh, C.-J., & Daniel, L. (2018). Efficient neural network robustness certification with general activation functions. Advances in neural information processing systems 31"},{"key":"6853_CR121","volume-title":"Machine learning with provable robustness guarantees","author":"H Zhang","year":"2020","unstructured":"Zhang, H. (2020). Machine learning with provable robustness guarantees. University of California."},{"issue":"3","key":"6853_CR122","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3511887","volume":"31","author":"H Zhang","year":"2022","unstructured":"Zhang, H., Fu, Z., Li, G., Ma, L., Zhao, Z., Yang, H., Sun, Y., Liu, Y., & Jin, Z. (2022). Towards robustness of deep program processing models\u2014detection, estimation, and enhancement. ACM Transactions on Software Engineering and Methodology (TOSEM), 31(3), 1\u201340.","journal-title":"ACM Transactions on Software Engineering and Methodology (TOSEM)"},{"key":"6853_CR123","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1016\/j.neunet.2023.04.012","volume":"163","author":"H Zhao","year":"2023","unstructured":"Zhao, H., Hao, L., Hao, K., Wei, B., & Cai, X. (2023). Remix: Towards the transferability of adversarial examples. Neural Networks, 163, 367\u2013378.","journal-title":"Neural Networks"},{"key":"6853_CR124","first-page":"54111","volume":"36","author":"Y Zhao","year":"2023","unstructured":"Zhao, Y., Pang, T., Du, C., Yang, X., Li, C., Cheung, N.-M.M., & Lin, M. (2023). On evaluating adversarial robustness of large vision-language models. Advances in Neural Information Processing Systems, 36, 54111\u201354138.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"6853_CR125","unstructured":"Zhou, D., Yu, Z., Xie, E., Xiao, C., Anandkumar, A., Feng, J., & Alvarez, J. M. (2022). Understanding the robustness in vision transformers. In: Proceedings of the International Conference on Machine Learning, pp. 27378\u201327394 . PMLR"},{"issue":"8","key":"6853_CR126","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3547330","volume":"55","author":"S Zhou","year":"2022","unstructured":"Zhou, S., Liu, C., Ye, D., Zhu, T., Zhou, W., & Yu, P. S. (2022). Adversarial attacks and defenses in deep learning: From a perspective of cybersecurity. ACM Computing Surveys, 55(8), 1\u201339.","journal-title":"ACM Computing Surveys"},{"key":"6853_CR127","doi-asserted-by":"crossref","unstructured":"Zhu, Z., Zhang, Y., Chen, H., Dong, Y., Zhao, S., Ding, W., Zhong, J., & Zheng, S. (2023). Understanding the robustness of 3d object detection with bird\u2019s-eye-view representations in autonomous driving. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 21600\u201321610","DOI":"10.1109\/CVPR52729.2023.02069"},{"key":"6853_CR128","doi-asserted-by":"crossref","unstructured":"Zhu, Y., Zhao, Y., Hu, Z., Liu, X., & Yan, A. (2023). Zeroth-order gradient approximation based dast for black-box adversarial attacks. In: Proceedings of the International Conference on Intelligent Computing, pp. 442\u2013453 . Springer","DOI":"10.1007\/978-981-99-4755-3_38"},{"key":"6853_CR129","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2024.128512","volume":"610","author":"Y Zhu","year":"2024","unstructured":"Zhu, Y., Zhao, Y., Hu, Z., Luo, T., & He, L. (2024). A review of black-box adversarial attacks on image classification. Neurocomputing, 610, Article 128512.","journal-title":"Neurocomputing"}],"container-title":["Machine Learning"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10994-025-06853-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10994-025-06853-7","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10994-025-06853-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T23:02:29Z","timestamp":1766444549000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10994-025-06853-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":129,"journal-issue":{"issue":"12","published-print":{"date-parts":[[2025,12]]}},"alternative-id":["6853"],"URL":"https:\/\/doi.org\/10.1007\/s10994-025-06853-7","relation":{},"ISSN":["0885-6125","1573-0565"],"issn-type":[{"type":"print","value":"0885-6125"},{"type":"electronic","value":"1573-0565"}],"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"27 February 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 July 2025","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 July 2025","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 November 2025","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"281"}}