{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,11]],"date-time":"2025-07-11T10:37:45Z","timestamp":1752230265096},"reference-count":22,"publisher":"Springer Science and Business Media LLC","issue":"8","license":[{"start":{"date-parts":[[2023,7,25]],"date-time":"2023-07-25T00:00:00Z","timestamp":1690243200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,7,25]],"date-time":"2023-07-25T00:00:00Z","timestamp":1690243200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Datenschutz Datensich"],"published-print":{"date-parts":[[2023,8]]},"DOI":"10.1007\/s11623-023-1802-0","type":"journal-article","created":{"date-parts":[[2023,7,25]],"date-time":"2023-07-25T18:02:45Z","timestamp":1690308165000},"page":"478-482","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["A Strategy to Evaluate Test Time Evasion Attack Feasibility"],"prefix":"10.1007","volume":"47","author":[{"given":"Stephan","family":"Kleber","sequence":"first","affiliation":[]},{"given":"Patrick","family":"Wachter","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,7,25]]},"reference":[{"key":"1802_CR1","unstructured":"Mart\u00edn Abadi et al.: TensorFlow: Large-scale machine learning on heterogeneous systems. 2015. url: https:\/\/www.tensorfow.org\/."},{"key":"1802_CR2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2807385","author":"N Akhtar","year":"2018","unstructured":"Naveed Akhtar and Ajmal Mian: Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey. In: IEEE Access 6 (2018). https:\/\/doi.org\/10.1109\/ACCESS.2018.2807385.","journal-title":"IEEE Access"},{"key":"1802_CR3","unstructured":"Tom B. Brown et al.: Adversarial Patch. arXiv:1712.09665 [cs]. May 2018. url: http:\/\/arxiv.org\/abs\/1712.09665 (visited on 02\/02\/2023)."},{"key":"1802_CR4","unstructured":"Bundesamt f\u00fcr Sicherheit in der Informationstechnik: Secure, robust and transparent application of AI-Problems, measures and need for action. Tech. rep. BSI, 2021. url: https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/KI\/Secure_robust_and_transparent_application_of_AI.pdf?blob=publicationFile&v=2 (visited on 02\/04\/2023)."},{"key":"1802_CR5","unstructured":"Ambra Demontis et al.: Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks. In: 28th USENIX Security Symposium. 2019."},{"key":"1802_CR6","doi-asserted-by":"publisher","unstructured":"Jia Deng et al.: ImageNet: A large-scale hierarchical image database. In: IEEE Conference on Computer Vision and Pattern Recognition. IEEE, 2009. https:\/\/doi.org\/10.1109\/CVPR.2009.5206848.","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"1802_CR7","doi-asserted-by":"crossref","unstructured":"Kevin Eykholt et al.: Robust Physical-World Attacks on Deep Learning Visual Classification. In: IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 2018. doi: 10.1109\/ CVPR.2018.00175.","DOI":"10.1109\/CVPR.2018.00175"},{"key":"1802_CR8","unstructured":"Amin Ghiasi, Ali Shafahi, and Tom Goldstein: Breaking certified defenses: Semantic adversarial examples with spoofed robustness certificates. arXiv:2003.08937 [cs.LG]. Mar. 2020. url: http:\/\/arxiv.org\/abs\/2003.08937 (visited on 02\/02\/2023)."},{"key":"1802_CR9","unstructured":"Kaiming He et al.: Deep Residual Learning for Image Recognition. arXiv:1512.03385 [cs]. Dec. 2015. url: http:\/\/arxiv.org\/abs\/1512.03385 (visited on 02\/02\/2023)."},{"key":"1802_CR10","unstructured":"Andrew Howard et al.: Searching for MobileNetV3. arXiv \u2013 arXiv:1905.02244 [cs.CV]. Nov. 2019. url: http:\/\/arxiv.org\/abs\/1905.02244 (visited on 02\/02\/2023)."},{"key":"1802_CR11","unstructured":"ISO: Artificial Intelligence (AI) \u2014 Assessment of the robustness of neural networks \u2014 Part 1: Overview. Tech. rep. ISO\/IEC TR 24029-1. 2021."},{"key":"1802_CR12","unstructured":"Alexey Kurakin, Ian Goodfellow, and Samy Bengio: Adversarial examples in the physical world. arXiv: 1607.02533. Feb. 2017. doi: 10.48550\/ARXIV.1607.02533. url: http:\/\/arxiv.org\/abs\/1607.02533 (visited on 03\/04\/2021)."},{"key":"1802_CR13","unstructured":"Nir Morgulis et al.: Fooling a Real Car with Adversarial Traffic Signs. arXiv: 1907.00374. June 2019. url: http:\/\/arxiv.org\/abs\/1907.00374 (visited on 02\/08\/2021)."},{"key":"1802_CR14","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423359","volume-title":"Phantom of the ADAS: Securing Advanced Driver-Assistance Systems from Split-Second Phantom Attacks","author":"B Nassi","year":"2020","unstructured":"Ben Nassi et al.: Phantom of the ADAS: Securing Advanced Driver-Assistance Systems from Split-Second Phantom Attacks. In: ACM SIGSAC Conference on Computer and Communications Security. 2020. https:\/\/doi.org\/10.1145\/3372297.3423359."},{"key":"1802_CR15","unstructured":"Maria-Irina Nicolae et al.: Adversarial robustness toolbox v1.2.0. arXiv:1807.01069 [cs.LG]. 2018. url: https:\/\/arxiv.org\/pdf\/1807.01069."},{"key":"1802_CR16","unstructured":"Nicolas Papernot, Patrick McDaniel, and Ian Goodfellow: Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples. arXiv: 1605.07277. May 2016. url: http:\/\/arxiv.org\/abs\/1605.07277 (visited on 03\/04\/2021)."},{"key":"1802_CR17","unstructured":"Karen Simonyan and Andrew Zisserman: Very Deep Convolutional Networks for Large-Scale Image Recognition. arXiv \u2013 arXiv:1409.1556 [cs]. Apr. 2015. url: http:\/\/arxiv.org\/abs\/1409.1556 (visited on 02\/02\/2023)."},{"key":"1802_CR18","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2022.3202311","author":"A Stocco","year":"2022","unstructured":"Andrea Stocco, Brian Pulfer, and Paolo Tonella: Mind the Gap! A Study on the Transferability of Virtual vs Physical-world Testing of Autonomous Driving Systems. In: IEEE Transactions on Software Engineering (2022). https:\/\/doi.org\/10.1109\/TSE.2022.3202311.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"1802_CR19","unstructured":"Tencent Keen Security Lab: Experimental Security Research of Tesla Autopilot. Tech. rep. Mar. 2019. url: https:\/\/keenlab.tencent.com\/en\/whitepapers\/Experimental_Security_Research_of_Tesla_Autopilot.pdf (visited on 02\/08\/2021)."},{"key":"1802_CR20","unstructured":"Steve Povolny, Trivedi Shivangee: Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles. Feb. 2020. url: https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/model-hacking-adas-to-pave-safer-roads-for-autonomous-vehicles\/ (visited on 02\/03\/2023)."},{"key":"1802_CR21","unstructured":"Xingxing Wei et al.: Physically Adversarial Attacks and Defenses in Computer Vision: A Survey. arXiv:2211.01671 [cs.CV]. 2022. url: https:\/\/arxiv.org\/abs\/2211.01671."},{"key":"1802_CR22","unstructured":"Eric Wong, Frank R. Schmidt, and J. Zico Kolter: Wasserstein Adversarial Examples via Projected Sinkhorn Iterations. arXiv:1902.07906 [cs, stat]. Jan. 2020. url: http:\/\/arxiv.org\/abs\/1902.07906 (visited on 02\/02\/2023)."}],"container-title":["Datenschutz und Datensicherheit - DuD"],"original-title":[],"language":"de","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11623-023-1802-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11623-023-1802-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11623-023-1802-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,8,1]],"date-time":"2023-08-01T10:02:44Z","timestamp":1690884164000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11623-023-1802-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,25]]},"references-count":22,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2023,8]]}},"alternative-id":["1802"],"URL":"https:\/\/doi.org\/10.1007\/s11623-023-1802-0","relation":{},"ISSN":["1614-0702","1862-2607"],"issn-type":[{"value":"1614-0702","type":"print"},{"value":"1862-2607","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,7,25]]},"assertion":[{"value":"25 July 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}