{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T21:14:31Z","timestamp":1768943671280,"version":"3.49.0"},"reference-count":52,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T00:00:00Z","timestamp":1760227200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T00:00:00Z","timestamp":1760227200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,10,12]]},"DOI":"10.1109\/cvmi66673.2025.11337510","type":"proceedings-article","created":{"date-parts":[[2026,1,19]],"date-time":"2026-01-19T20:52:59Z","timestamp":1768855979000},"page":"1-6","source":"Crossref","is-referenced-by-count":0,"title":["Data Poisoning Attacks and Defenses in Machine Learning: A Survey with Focus on Computer Vision"],"prefix":"10.1109","author":[{"given":"Bassam","family":"Nazer","sequence":"first","affiliation":[{"name":"Defence Institute of Advanced Technology,Department of Applied Mathematics,Pune,India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Poornima","family":"Savadattimath","sequence":"additional","affiliation":[{"name":"Defence Institute of Advanced Technology,Department of Applied Mathematics,Pune,India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sushma","family":"Kumari","sequence":"additional","affiliation":[{"name":"Defence Institute of Advanced Technology,Department of Applied Mathematics,Pune,India"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"crossref","first-page":"1749","DOI":"10.1109\/TIFS.2023.3251842","article-title":"Machine learning security in industry: A quantitative survey","volume":"18","author":"Grosse","year":"2023","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"ref2","volume-title":"Microsoft shuts down ai chatbot after it turned into racist nazi","author":"News","year":"2016"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1049\/cit2.12028"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-16-8059-5_36"},{"issue":"13s","key":"ref5","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3585385","article-title":"Wild patterns reloaded: A survey of machine learning security against training data poisoning","volume":"55","author":"Cina","year":"2023","journal-title":"ACM Computing Surveys"},{"key":"ref6","author":"Shafahi","year":"2018","journal-title":"Poison frogs! targeted clean-label poisoning attacks on neural networks"},{"key":"ref7","author":"Gu","year":"2019","journal-title":"Badnets: Identifying vulnerabilities in the machine learning model supply chain"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN65249.2025.11133827"},{"key":"ref9","article-title":"Poisoning attacks against support vector machines","volume-title":"International Conference on Machine Learning","author":"Biggio","year":"2012"},{"key":"ref10","author":"Xiao","year":"2018","journal-title":"Is feature selection secure against training data poisoning"},{"key":"ref11","author":"Chen","year":"2017","journal-title":"Targeted backdoor attacks on deep learning systems using data poisoning"},{"key":"ref12","doi-asserted-by":"crossref","first-page":"4236","DOI":"10.1109\/BigData55660.2022.10020528","article-title":"Analysis of label-flip poisoning attack on machine learning based malware detector","volume-title":"2022 IEEE International Conference on Big Data (Big Data)","author":"Aryal","year":"2022"},{"key":"ref13","first-page":"97","article-title":"Support vector machines under adversarial label noise","volume-title":"Proceedings of the Asian Conference on Machine Learning, ser. Proceedings of Machine Learning Research","volume":"20","author":"Biggio","year":"2011"},{"key":"ref14","author":"Fowl","year":"2021","journal-title":"Preventing unauthorized use of proprietary data: Poisoning for secure dataset release"},{"key":"ref15","author":"Feng","year":"2019","journal-title":"Learning to confuse: Generating training time adversarial data with auto-encoder"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP53844.2022.00049"},{"key":"ref17","author":"Nguyen","year":"2021","journal-title":"Wanet - imperceptible warping-based back-door attack"},{"key":"ref18","author":"Huang","year":"2021","journal-title":"Metapoi-son: Practical general-purpose clean-label data poisoning"},{"key":"ref19","doi-asserted-by":"crossref","first-page":"1916","DOI":"10.1587\/transinf.2022NGL0006","article-title":"Multi-targeted poisoning attack in deep neural networks","volume":"105-D","author":"Kwon","year":"2022","journal-title":"IEICE Trans. Inf. Syst."},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2025.3598683"},{"key":"ref21","doi-asserted-by":"crossref","first-page":"3091","DOI":"10.1109\/TIFS.2022.3202687","article-title":"Dispersed pixel perturbation-based imperceptible backdoor trigger for image classifier models","volume":"17","author":"Wang","year":"2022","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"ref22","author":"Sarkar","year":"2020","journal-title":"Facehack: Triggering backdoored facial recognition systems using facial characteristics"},{"key":"ref23","doi-asserted-by":"crossref","first-page":"1458","DOI":"10.1007\/s12083-020-01031-z","article-title":"Backdoors hidden in facial features: a novel invisible backdoor attack against face recognition systems","volume":"14","author":"Xue","year":"2021","journal-title":"Peer-to-Peer Networking and Applications"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV48922.2021.01175"},{"key":"ref25","author":"Laishram","year":"2016","journal-title":"Curie: A method for protecting svm classifier from poisoning attack"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3329426"},{"key":"ref27","doi-asserted-by":"crossref","first-page":"12239","DOI":"10.1109\/CVPR52729.2023.01178","article-title":"Defending against patch-based backdoor attacks on self-supervised learning","volume-title":"2023 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR)","author":"Tejankar","year":"2023"},{"key":"ref28","author":"Carnerero-Cano","year":"2021","journal-title":"Regularization can help mitigate poisoning attacks with the right hyperparameters"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN65249.2025.11133788"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/TON.2025.3592227"},{"key":"ref31","first-page":"3575","article-title":"Poison forensics: Traceback of data poisoning attacks in neural networks","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Shan"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-66415-2_4"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102280"},{"key":"ref34","doi-asserted-by":"crossref","first-page":"4597","DOI":"10.1109\/ICCV51070.2023.00426","article-title":"Beating backdoor attack at its own game","volume-title":"2023 IEEE\/CVF International Conference on Computer Vision (ICCV)","author":"Liu","year":"2023"},{"key":"ref35","article-title":"Defense-GAN: Protecting classifiers against adversarial attacks using generative models","volume-title":"International Conference on Learning Representations","author":"Samangouei","year":"2018"},{"issue":"06","key":"ref36","article-title":"Generative adversarial networks","volume":"3","author":"Goodfellow","year":"2014","journal-title":"Advances in Neural Information Processing Systems"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-21557-5_37"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v36i9.21191"},{"key":"ref39","first-page":"14900","article-title":"Anti-backdoor learning: Training clean models on poisoned data","volume-title":"Advances in Neural Information Processing Systems","volume":"34","author":"Li","year":"2021"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.00038"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/icassp39728.2021.9414562"},{"key":"ref42","article-title":"Detecting backdoor attacks on deep neural networks by activation clustering","volume":"abs\/1811.03728","author":"Chen","year":"2018","journal-title":"ArXiv"},{"issue":"8","key":"ref43","doi-asserted-by":"crossref","DOI":"10.3390\/electronics9081295","article-title":"The k-means algorithm: A comprehensive survey and performance evaluation","volume":"9","author":"Ahmed","year":"2020","journal-title":"Electronics"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00031"},{"key":"ref45","first-page":"226","article-title":"A density-based al-gorithm for discovering clusters in large spatial databases with noise","volume-title":"Proceedings of the Second International Conference on Knowledge Discovery and Data Mining, ser. KDD\u201996","author":"Ester","year":"1996"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV48922.2021.01614"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3453108"},{"key":"ref48","article-title":"Defending against backdoor attack on deep neural networks","volume":"abs\/2002.12162","author":"Cheng","year":"2020","journal-title":"ArXiv"},{"key":"ref49","article-title":"Backdoor defense via decoupling the training process","volume":"abs\/2202.03423","author":"Huang","year":"2022","journal-title":"ArXiv"},{"key":"ref50","author":"Severi","year":"2021","journal-title":"Explanation-guided backdoor poisoning attacks against malware classifiers"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1007\/s10994-021-06119-y"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1007\/s13042-024-02363-5"}],"event":{"name":"2025 IEEE International Conference on Computer Vision and Machine Intelligence (CVMI)","location":"Rourkela, India","start":{"date-parts":[[2025,10,12]]},"end":{"date-parts":[[2025,10,13]]}},"container-title":["2025 IEEE International Conference on Computer Vision and Machine Intelligence (CVMI)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11335417\/11337242\/11337510.pdf?arnumber=11337510","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T07:36:53Z","timestamp":1768894613000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11337510\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,12]]},"references-count":52,"URL":"https:\/\/doi.org\/10.1109\/cvmi66673.2025.11337510","relation":{},"subject":[],"published":{"date-parts":[[2025,10,12]]}}}