{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,26]],"date-time":"2025-06-26T14:24:15Z","timestamp":1750947855035,"version":"3.37.3"},"reference-count":61,"publisher":"Springer Science and Business Media LLC","issue":"12","license":[{"start":{"date-parts":[[2023,6,28]],"date-time":"2023-06-28T00:00:00Z","timestamp":1687910400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,6,28]],"date-time":"2023-06-28T00:00:00Z","timestamp":1687910400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"name":"International Science and Technology Cooperation Research Project of Shenzhen","award":["GJHZ20200731095204013"],"award-info":[{"award-number":["GJHZ20200731095204013"]}]},{"DOI":"10.13039\/501100015401","name":"Key Research and Development Program of Shaanxi","doi-asserted-by":"crossref","award":["2021ZDLGY15-01","2021ZDLGY09-04"],"award-info":[{"award-number":["2021ZDLGY15-01","2021ZDLGY09-04"]}],"id":[{"id":"10.13039\/501100015401","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100015401","name":"Key Research and Development Program of Shaanxi","doi-asserted-by":"crossref","award":["2021GY-004"],"award-info":[{"award-number":["2021GY-004"]}],"id":[{"id":"10.13039\/501100015401","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100005230","name":"the Natural Science Foundation of Chongqing","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100005230","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Mach. Learn. & Cyber."],"published-print":{"date-parts":[[2023,12]]},"DOI":"10.1007\/s13042-023-01888-5","type":"journal-article","created":{"date-parts":[[2023,6,28]],"date-time":"2023-06-28T06:02:25Z","timestamp":1687932145000},"page":"4163-4192","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Vulnerable point detection and repair against adversarial attacks for convolutional neural networks"],"prefix":"10.1007","volume":"14","author":[{"given":"Jie","family":"Gao","sequence":"first","affiliation":[]},{"given":"Zhaoqiang","family":"Xia","sequence":"additional","affiliation":[]},{"given":"Jing","family":"Dai","sequence":"additional","affiliation":[]},{"given":"Chen","family":"Dang","sequence":"additional","affiliation":[]},{"given":"Xiaoyue","family":"Jiang","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0428-6224","authenticated-orcid":false,"given":"Xiaoyi","family":"Feng","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,6,28]]},"reference":[{"key":"1888_CR1","doi-asserted-by":"crossref","unstructured":"Abusnaina A, Wu Y, Arora S, Wang Y, Wang F, Yang H, and Mohaisen D (2021) Adversarial example detection using latent neighborhood graph. In Proceedings of the IEEE\/CVF International Conference on Computer Vision. pp 7687\u20137696","DOI":"10.1109\/ICCV48922.2021.00759"},{"key":"1888_CR2","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1016\/j.patrec.2021.01.032","volume":"146","author":"A Agarwal","year":"2021","unstructured":"Agarwal A, Vatsa M, Singh R, Ratha N (2021) Cognitive data augmentation for adversarial defense via pixel masking. Pattern Recogn Lett 146:244\u2013251","journal-title":"Pattern Recogn Lett"},{"issue":"3","key":"1888_CR3","doi-asserted-by":"publisher","first-page":"1805","DOI":"10.1007\/s11063-021-10707-3","volume":"54","author":"I Alarab","year":"2022","unstructured":"Alarab I, Prakoonwit S (2022) Adversarial attack for uncertainty estimation: identifying critical regions in neural networks. Neural Process Lett 54(3):1805\u20131821","journal-title":"Neural Process Lett"},{"issue":"6","key":"1888_CR4","doi-asserted-by":"publisher","first-page":"4403","DOI":"10.1007\/s10462-021-10125-w","volume":"55","author":"A Aldahdooh","year":"2022","unstructured":"Aldahdooh A, Hamidouche W, Fezza SA, D\u00e9forges O (2022) Adversarial example detection for dnn models: a review and experimental comparison. Artif Intell Rev 55(6):4403\u20134462","journal-title":"Artif Intell Rev"},{"key":"1888_CR5","first-page":"16048","volume":"33","author":"M Andriushchenko","year":"2020","unstructured":"Andriushchenko M, Flammarion N (2020) Understanding and improving fast adversarial training. Adv Neural Inf Process Syst 33:16048\u201316059","journal-title":"Adv Neural Inf Process Syst"},{"key":"1888_CR6","doi-asserted-by":"crossref","unstructured":"Carlini N and Wagner D (2017) Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy (SP). IEEE, pp 39\u201357","DOI":"10.1109\/SP.2017.49"},{"key":"1888_CR7","unstructured":"Cisse M, Adi Y, Neverova N, and Keshet J (2017) Houdini: fooling deep structured prediction models. arxiv 2017. arXiv preprint arXiv:1707.05373 :1\u201312"},{"key":"1888_CR8","unstructured":"Cohen J, Rosenfeld E and Kolter Z (2019) Certified adversarial robustness via randomized smoothing. In: International Conference on Machine Learning. PMLR, pp 1310\u20131320"},{"key":"1888_CR9","doi-asserted-by":"crossref","unstructured":"Cohen G, Sapiro G, and Giryes R (2020) Detecting adversarial samples using influence functions and nearest neighbors. In: Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition. pp 14453\u201314462","DOI":"10.1109\/CVPR42600.2020.01446"},{"key":"1888_CR10","doi-asserted-by":"crossref","unstructured":"Deng J, Guo J, Xue N, and Zafeiriou S (2019) Arcface: additive angular margin loss for deep face recognition. In: Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition. pp 4690\u20134699","DOI":"10.1109\/CVPR.2019.00482"},{"issue":"1","key":"1888_CR11","doi-asserted-by":"publisher","first-page":"5711","DOI":"10.1038\/s41467-022-33266-0","volume":"13","author":"N Ghaffari Laleh","year":"2022","unstructured":"Ghaffari Laleh N, Truhn D, Veldhuizen GP, Han T, van Treeck M, Buelow RD, Langer R, Dislich B, Boor P, Schulz V et al (2022) Adversarial attacks and adversarial robustness in computational pathology. Nat Commun 13(1):5711","journal-title":"Nat Commun"},{"key":"1888_CR12","doi-asserted-by":"crossref","unstructured":"Gong C, Ren T, Ye M and Liu Q (2021) Maxup: lightweight adversarial training with data augmentation improves neural network training. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. pp 2474\u20132483","DOI":"10.1109\/CVPR46437.2021.00250"},{"key":"1888_CR13","unstructured":"Goodfellow IJ, Shlens J, and Szegedy C (2015) Explaining and harnessing adversarial examples. In: Bengio Y and LeCun Y (eds) 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7\u20139, 2015, Conference Track Proceedings"},{"key":"1888_CR14","unstructured":"Gu S, Rigazio L (2015) Towards deep neural network architectures robust to adversarial examples. In: Bengio Y, LeCun Y (eds) 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7\u20139, 2015. Workshop Track Proceedings"},{"key":"1888_CR15","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s12880-020-00530-y","volume":"21","author":"H Hirano","year":"2021","unstructured":"Hirano H, Minagi A, Takemoto K (2021) Universal adversarial attacks on deep neural networks for medical image classification. BMC Med Imaging 21:1\u201313","journal-title":"BMC Med Imaging"},{"key":"1888_CR16","doi-asserted-by":"crossref","unstructured":"Jia S, Ma C, Yao T, Yin B, Ding S and Yang X (2022) Exploring frequency adversarial attacks for face forgery detection. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. pp 4103\u20134112","DOI":"10.1109\/CVPR52688.2022.00407"},{"key":"1888_CR17","doi-asserted-by":"crossref","unstructured":"Jia X, Zhang Y, Wu B, Ma K, Wang J and Cao X (2022) Las-at: adversarial training with learnable attack strategy. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. pp 13398\u201313408","DOI":"10.1109\/CVPR52688.2022.01304"},{"key":"1888_CR18","doi-asserted-by":"crossref","unstructured":"Jin W, Ma Y, Liu X, Tang X, Wang S and Tang J (2020) Graph structure learning for robust graph neural networks. In: Proceedings of the 26th ACM SIGKDD international conference on knowledge discovery & data mining. pp 66\u201374","DOI":"10.1145\/3394486.3403049"},{"issue":"4","key":"1888_CR19","doi-asserted-by":"publisher","first-page":"2443","DOI":"10.1109\/TII.2021.3093386","volume":"18","author":"X Kong","year":"2021","unstructured":"Kong X, Ge Z (2021) Adversarial attacks on neural-network-based soft sensors: directly attack output. IEEE Trans Industr Inf 18(4):2443\u20132451","journal-title":"IEEE Trans Industr Inf"},{"key":"1888_CR20","unstructured":"Kurakin A, Goodfellow IJ and Bengio S (2017) Adversarial machine learning at scale. In: 5th International Conference on Learning Representations, ICLR 2017, Toulon, France, April 24\u201326, 2017, Conference Track Proceedings"},{"key":"1888_CR21","doi-asserted-by":"crossref","unstructured":"Lecuyer M, Atlidakis V, Geambasu R, Hsu D and Jana S (2019) Certified robustness to adversarial examples with differential privacy. In: 2019 IEEE Symposium on Security and Privacy (SP). IEEE, pp 656\u2013672","DOI":"10.1109\/SP.2019.00044"},{"issue":"1","key":"1888_CR22","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1109\/TDSC.2018.2874243","volume":"18","author":"B Liang","year":"2018","unstructured":"Liang B, Li H, Su M, Li X, Shi W, Wang X (2018) Detecting adversarial image examples in deep neural networks with adaptive noise reduction. IEEE Trans Dependable Secure Comput 18(1):72\u201385","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"1888_CR23","doi-asserted-by":"crossref","unstructured":"Liao F, Liang M, Dong Y, Pang T, Hu X and Zhu J (2018) Defense against adversarial attacks using high-level representation guided denoiser. In: Proceedings of the IEEE conference on computer vision and pattern recognition. pp 1778\u20131787","DOI":"10.1109\/CVPR.2018.00191"},{"key":"1888_CR24","doi-asserted-by":"crossref","unstructured":"Liu S, Chen Z, Li W, Zhu J, Wang J, Zhang W and Gan Z (2022) Efficient universal shuffle attack for visual object tracking. In: ICASSP 2022-2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, pp 2739\u20132743","DOI":"10.1109\/ICASSP43922.2022.9747773"},{"key":"1888_CR25","doi-asserted-by":"crossref","unstructured":"Liu M, Liu S, Su H, Cao K and Zhu J (2018) Analyzing the noise robustness of deep neural networks. In: 2018 IEEE Conference on Visual Analytics Science and Technology (VAST). IEEE, pp 60\u201371","DOI":"10.1109\/VAST.2018.8802509"},{"key":"1888_CR26","doi-asserted-by":"crossref","unstructured":"Long T, Gao Q, Xu L and Zhou Z (2022) A survey on adversarial attacks in computer vision: taxonomy, visualization and future directions. Comput Secur 102847","DOI":"10.1016\/j.cose.2022.102847"},{"key":"1888_CR27","doi-asserted-by":"crossref","unstructured":"Lyu C, Huang K and Liang HN (2015) A unified gradient regularization family for adversarial examples. In: 2015 IEEE international conference on data mining. IEEE, pp 301\u2013309","DOI":"10.1109\/ICDM.2015.84"},{"issue":"1","key":"1888_CR28","doi-asserted-by":"publisher","first-page":"1075","DOI":"10.1109\/TVCG.2019.2934631","volume":"26","author":"Y Ma","year":"2019","unstructured":"Ma Y, Xie T, Li J, Maciejewski R (2019) Explaining vulnerabilities to adversarial machine learning through visual analytics. IEEE Trans Visual Comput Graphics 26(1):1075\u20131085","journal-title":"IEEE Trans Visual Comput Graphics"},{"key":"1888_CR29","unstructured":"Madry A, Makelov A, Schmidt L, Tsipras D and Vladu A (2018) Towards deep learning models resistant to adversarial attacks. In: 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada, April 30\u2013May 3, 2018, Conference Track Proceedings"},{"key":"1888_CR30","unstructured":"Ma X, Li B, Wang Y, Erfani SM, Wijewickrema S, Schoenebeck G, Song D, Houle ME and Bailey J (2018) Characterizing adversarial subspaces using local intrinsic dimensionality. arXiv preprint arXiv:1801.02613"},{"key":"1888_CR31","doi-asserted-by":"crossref","unstructured":"Meng D and Chen H (2017) Magnet: a two-pronged defense against adversarial examples. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. pp 135\u2013147","DOI":"10.1145\/3133956.3134057"},{"key":"1888_CR32","doi-asserted-by":"crossref","unstructured":"Michel A, Jha SK and Ewetz R (2022) A survey on the vulnerability of deep neural networks against adversarial attacks. Progress Artif Intell 1\u201311","DOI":"10.1007\/s13748-021-00269-9"},{"key":"1888_CR33","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli SM, Fawzi A and Frossard P (2016) Deepfool: a simple and accurate method to fool deep neural networks. In: Proceedings of the IEEE conference on computer vision and pattern recognition. pp 2574\u20132582","DOI":"10.1109\/CVPR.2016.282"},{"key":"1888_CR34","doi-asserted-by":"crossref","unstructured":"Papernot N, McDaniel P, Wu X, Jha S and Swami A (2016) Distillation as a defense to adversarial perturbations against deep neural networks. In: 2019 IEEE Symposium on Security and Privacy (SP). IEEE, pp 582\u2013597","DOI":"10.1109\/SP.2016.41"},{"key":"1888_CR35","doi-asserted-by":"crossref","unstructured":"Schroff F, Kalenichenko D and Philbin J (2015) Facenet: a unified embedding for face recognition and clustering. In: Proceedings of the IEEE conference on computer vision and pattern recognition. pp 815\u2013823","DOI":"10.1109\/CVPR.2015.7298682"},{"key":"1888_CR36","unstructured":"Shafahi A, Najibi M, Ghiasi A, Xu Z, Dickerson J, Studer C, Davis LS, Taylor G and Goldstein T (2019) Adversarial training for free! In: Proceedings of the 33rd International Conference on Neural Information Processing Systems. pp 3358\u20133369"},{"key":"1888_CR37","unstructured":"Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow IJ and Fergus R (2014) Intriguing properties of neural networks. In: Bengio Y and LeCun Y (eds) 2nd International Conference on Learning Representations, ICLR 2014, Banff, AB, Canada, April 14\u201316, 2014, Conference Track Proceedings"},{"key":"1888_CR38","unstructured":"Tramer F (2022) Detecting adversarial examples is (nearly) as hard as classifying them. In: International Conference on Machine Learning. PMLR, pp 21692\u201321702"},{"key":"1888_CR39","unstructured":"Tram\u00e8r F, Kurakin A, Papernot N, Goodfellow IJ, Boneh D and McDaniel PD (2018) Ensemble adversarial training: attacks and defenses. In: 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada, April 30\u2013May 3, 2018, Conference Track Proceedings"},{"key":"1888_CR40","doi-asserted-by":"crossref","unstructured":"Wang J (2021) Adversarial examples in physical world. In: International Joint Conference on Artificial Intelligence. pp 4925\u20134926","DOI":"10.24963\/ijcai.2021\/694"},{"key":"1888_CR41","doi-asserted-by":"crossref","unstructured":"Wang X and He K (2021) Enhancing the transferability of adversarial attacks through variance tuning. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. pp 1924\u20131933","DOI":"10.1109\/CVPR46437.2021.00196"},{"key":"1888_CR42","doi-asserted-by":"crossref","unstructured":"Wang N, Chen Y, Xiao Y, Hu Y, Lou W and Hou T (2022) Manda: on adversarial example detection for network intrusion detection system. IEEE Trans Depend Secure Comput","DOI":"10.1109\/INFOCOM42981.2021.9488874"},{"key":"1888_CR43","doi-asserted-by":"crossref","unstructured":"Wang Z, Guo H, Zhang Z, Liu W, Qin Z and Ren K (2021) Feature importance-aware transferable adversarial attacks. In: Proceedings of the IEEE\/CVF international conference on computer vision. pp 7639\u20137648","DOI":"10.1109\/ICCV48922.2021.00754"},{"key":"1888_CR44","doi-asserted-by":"crossref","unstructured":"Wang B, Li Y and Zhou P (2022) Bandits for structure perturbation-based black-box attacks to graph neural networks with theoretical guarantees. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. pp 13379\u201313387","DOI":"10.1109\/CVPR52688.2022.01302"},{"key":"1888_CR45","doi-asserted-by":"crossref","unstructured":"Wang G, Yan H and Wei X (2022) Enhancing transferability of adversarial examples with spatial momentum. In: Pattern Recognition and Computer Vision: 5th Chinese Conference, PRCV 2022, Shenzhen, China, November 4\u20137, 2022, Proceedings, Part I. Springer, pp 593\u2013604","DOI":"10.1007\/978-3-031-18907-4_46"},{"key":"1888_CR46","first-page":"2668","volume":"36","author":"Z Wei","year":"2022","unstructured":"Wei Z, Chen J, Goldblum M, Wu Z, Goldstein T, Jiang YG (2022) Towards transferable adversarial attacks on vision transformers. Proc AAAI Conf Artif Intell 36:2668\u20132676","journal-title":"Proc AAAI Conf Artif Intell"},{"key":"1888_CR47","doi-asserted-by":"crossref","unstructured":"Woo S, Park J, Lee JY and Kweon IS (2018) Cbam: convolutional block attention module. In: Proceedings of the European conference on computer vision (ECCV). pp 3\u201319","DOI":"10.1007\/978-3-030-01234-2_1"},{"key":"1888_CR48","doi-asserted-by":"crossref","unstructured":"Wu H, Wang C, Tyshetskiy Y, Docherty A, Lu K and Zhu L (2019) Adversarial examples on graph data: deep insights into attack and defense. arXiv preprint arXiv:1903.01610","DOI":"10.24963\/ijcai.2019\/669"},{"key":"1888_CR49","doi-asserted-by":"crossref","unstructured":"Xie C, Tan M, Gong B, Wang J, Yuille AL and Le QV (2020) Adversarial examples improve image recognition. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. pp 819\u2013828","DOI":"10.1109\/CVPR42600.2020.00090"},{"key":"1888_CR50","unstructured":"Xie C, Wang J, Zhang Z, Ren Z and Yuille A (2018) Mitigating adversarial effects through randomization. In: International Conference on Learning Representations. pp 1\u201317"},{"key":"1888_CR51","doi-asserted-by":"crossref","unstructured":"Xie C, Wu Y, Maaten Lvd, Yuille AL and He K (2019) Feature denoising for improving adversarial robustness. In: Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition. pp 501\u2013509","DOI":"10.1109\/CVPR.2019.00059"},{"issue":"2","key":"1888_CR52","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s11633-019-1211-x","volume":"17","author":"H Xu","year":"2020","unstructured":"Xu H, Ma Y, Liu HC, Deb D, Liu H, Tang JL, Jain AK (2020) Adversarial attacks and defenses in images, graphs and text: a review. Int J Autom Comput 17(2):151\u2013178","journal-title":"Int J Autom Comput"},{"key":"1888_CR53","doi-asserted-by":"crossref","unstructured":"Xu W, Evans D and Qi Y (2017) Feature squeezing: detecting adversarial examples in deep neural networks. In: Network and Distributed System Security Symposium. pp 1\u201315","DOI":"10.14722\/ndss.2018.23198"},{"key":"1888_CR54","doi-asserted-by":"crossref","unstructured":"Yuan Z, Zhang J, Jia Y, Tan C, Xue T and Shan S (2021) Meta gradient adversarial attack. In: Proceedings of the IEEE\/CVF International Conference on Computer Vision. pp 7748\u20137757","DOI":"10.1109\/ICCV48922.2021.00765"},{"key":"1888_CR55","doi-asserted-by":"crossref","unstructured":"Yu Y, Gao X and Xu CZ (2021) Lafeat: piercing through adversarial defenses with latent features. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. pp 5735\u20135745","DOI":"10.1109\/CVPR46437.2021.00568"},{"key":"1888_CR56","doi-asserted-by":"publisher","first-page":"256","DOI":"10.1016\/j.ins.2020.12.042","volume":"560","author":"X Zhang","year":"2021","unstructured":"Zhang X, Wang J, Wang T, Jiang R, Xu J, Zhao L (2021) Robust feature learning for adversarial defense via hierarchical feature alignment. Inf Sci 560:256\u2013270","journal-title":"Inf Sci"},{"key":"1888_CR57","doi-asserted-by":"crossref","unstructured":"Zhang J, Li B, Xu J, Wu S, Ding S, Zhang L and Wu C (2022) Towards efficient data free black-box adversarial attack. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. pp 15115\u201315125","DOI":"10.1109\/CVPR52688.2022.01469"},{"key":"1888_CR58","unstructured":"Zhang J, Xu X, Han B, Niu G, Cui L, Sugiyama M and Kankanhalli M (2020) Attacks which do not kill training make adversarial learning stronger. In: International conference on machine learning. PMLR, pp 11278\u201311287"},{"key":"1888_CR59","unstructured":"Zhang H, Yu Y, Jiao J, Xing E, El\u00a0Ghaoui L and Jordan M (2019) Theoretically principled trade-off between robustness and accuracy. In: International conference on machine learning. PMLR, pp 7472\u20137482"},{"key":"1888_CR60","doi-asserted-by":"crossref","unstructured":"Zhong Y, Liu X, Zhai D, Jiang J and Ji X (2022) Shadows can be dangerous: stealthy and effective physical-world adversarial attack by natural phenomenon. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. pp 15345\u201315354","DOI":"10.1109\/CVPR52688.2022.01491"},{"key":"1888_CR61","doi-asserted-by":"crossref","unstructured":"Zuo F and Zeng Q (2021) Exploiting the sensitivity of l2 adversarial examples to erase-and-restore. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security. pp 40\u201351","DOI":"10.1145\/3433210.3437529"}],"container-title":["International Journal of Machine Learning and Cybernetics"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13042-023-01888-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s13042-023-01888-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13042-023-01888-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,13]],"date-time":"2023-10-13T05:25:56Z","timestamp":1697174756000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s13042-023-01888-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,6,28]]},"references-count":61,"journal-issue":{"issue":"12","published-print":{"date-parts":[[2023,12]]}},"alternative-id":["1888"],"URL":"https:\/\/doi.org\/10.1007\/s13042-023-01888-5","relation":{},"ISSN":["1868-8071","1868-808X"],"issn-type":[{"type":"print","value":"1868-8071"},{"type":"electronic","value":"1868-808X"}],"subject":[],"published":{"date-parts":[[2023,6,28]]},"assertion":[{"value":"25 October 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 May 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 June 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that there is no conflict of interest in this manuscript.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}