{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T17:55:55Z","timestamp":1775325355813,"version":"3.50.1"},"reference-count":58,"publisher":"IEEE","license":[{"start":{"date-parts":[[2021,12,12]],"date-time":"2021-12-12T00:00:00Z","timestamp":1639267200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,12,12]],"date-time":"2021-12-12T00:00:00Z","timestamp":1639267200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CCF-2028944,CCF-1629392"],"award-info":[{"award-number":["CCF-2028944,CCF-1629392"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006602","name":"Air Force Research Laboratory","doi-asserted-by":"publisher","award":["FA8650-20-C-1719"],"award-info":[{"award-number":["FA8650-20-C-1719"]}],"id":[{"id":"10.13039\/100006602","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,12,12]]},"DOI":"10.1109\/host49136.2021.9702287","type":"proceedings-article","created":{"date-parts":[[2022,2,15]],"date-time":"2022-02-15T06:21:12Z","timestamp":1644906072000},"page":"158-169","source":"Crossref","is-referenced-by-count":7,"title":["Using Undervolting as an on-Device Defense Against Adversarial Machine Learning Attacks"],"prefix":"10.1109","author":[{"given":"Saikat","family":"Majumdar","sequence":"first","affiliation":[{"name":"The Ohio State University,Department of Computer Science and Engineering,Columbus,OH,USA"}]},{"given":"Mohammad Hossein","family":"Samavatian","sequence":"additional","affiliation":[{"name":"The Ohio State University,Department of Computer Science and Engineering,Columbus,OH,USA"}]},{"given":"Kristin","family":"Barber","sequence":"additional","affiliation":[{"name":"The Ohio State University,Department of Computer Science and Engineering,Columbus,OH,USA"}]},{"given":"Radu","family":"Teodorescu","sequence":"additional","affiliation":[{"name":"The Ohio State University,Department of Computer Science and Engineering,Columbus,OH,USA"}]}],"member":"263","reference":[{"key":"ref39","first-page":"86","article-title":"Univer sal adversarial perturbations","author":"moosavi-dezfooli","year":"0","journal-title":"2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR)"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2844341"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23415"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1016\/j.media.2017.07.005"},{"key":"ref31","first-page":"1778","article-title":"Defense against adversarial attacks using high-level representation guided de-noiser","author":"liao","year":"0","journal-title":"2018 IEEE\/CVF Conference on Computer Vision and Pattern Recognition"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2015.7056030"},{"key":"ref37","article-title":"On detecting adversarial perturbations","volume":"abs 1702 4267","author":"metzen","year":"2017","journal-title":"ArXiv"},{"key":"ref36","author":"majumdar","year":"0","journal-title":"Dense Net in Keras"},{"key":"ref35","article-title":"Towards deep learning models resistant to adversarial attacks","author":"madry","year":"0","journal-title":"International Conference on Learning Representations (ICLR)"},{"key":"ref34","article-title":"Characterizing ad versarial subspaces using local intrinsic dimensionality","author":"ma","year":"2018","journal-title":"ArXiv Preprint"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00044"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1201\/9781351251389-8"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/2155620.2155622"},{"key":"ref2","year":"0","journal-title":"Zynq UltraScale+ MPSoC ZCU104 Evaluation Kit"},{"key":"ref1","year":"0","journal-title":"TensorFlow&#x2122;"},{"key":"ref20","first-page":"1633","article-title":"A new defense against adversarial images: Turning a weakness into a strength","author":"hu","year":"0","journal-title":"NeurIPS 2019 Thirty-third Conference on Neural Information Processing Systems"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/LCA.2018.2798604"},{"key":"ref21","first-page":"2261","article-title":"Densely connected con-volutional networks","author":"huang","year":"0","journal-title":"2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR)"},{"key":"ref24","first-page":"1097","article-title":"Imagenet classification with deep convolutional neural networks","author":"krizhevsky","year":"2012","journal-title":"Advances in Neural In formation Processing Systems 25"},{"key":"ref23","author":"krizhevsky","year":"0","journal-title":"Learning multiple layers of features from tiny images"},{"key":"ref26","article-title":"Adversarial machine learning at scale","volume":"abs 1611 1236","author":"kurakin","year":"2017","journal-title":"ArXiv"},{"key":"ref25","first-page":"1097","article-title":"Imagenet classification with deep convolutional neural networks","author":"krizhevsky","year":"2012","journal-title":"Advances in neural information processing systems"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2018.00064"},{"key":"ref51","article-title":"Very deep convolutional networks for large-scale image recognition","author":"simonyan","year":"0","journal-title":"3rd International Conference on Learning Representations ICLR 2015 San Diego CA USA May 7&#x2013;9 2015 Conference Track Proceedings"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23198"},{"key":"ref57","author":"xilinx","year":"0","journal-title":"CHAID"},{"key":"ref56","first-page":"311","article-title":"Adversarial perturbations of deep neural networks","author":"warde-farley","year":"2017","journal-title":"Perturbation Optimization and Statistics"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378532"},{"key":"ref54","author":"technologies","year":"0","journal-title":"Infineon USB005"},{"key":"ref53","article-title":"Intriguing properties of neural networks","author":"szegedy","year":"0","journal-title":"International Conference on Learning Representations"},{"key":"ref52","article-title":"PixelDe-fend: Leveraging generative models to understand and defend against adversarial examples","volume":"abs 1710 10766","author":"song","year":"2018","journal-title":"ArXiv"},{"key":"ref10","article-title":"EAD: elastic-net attacks to deep neural networks via adversarial examples","author":"chen","year":"0","journal-title":"Thirty-Second AAAI Conference on Artificial Intelligence"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.29007\/3b2l"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.282"},{"key":"ref12","article-title":"Stochastic activation pruning for robust adversarial defense","author":"dhillon","year":"0","journal-title":"International Conference on Learning Representations (ICLR)"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2003.1253179"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00175"},{"key":"ref15","article-title":"Explaining and harnessing adversarial examples","author":"goodfellow","year":"0","journal-title":"ICLR International Conference on Learning Representations"},{"key":"ref16","article-title":"On the (statistical) detection of adversarial examples","volume":"abs 1702 6280","author":"grosse","year":"2017","journal-title":"ArXiv"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3445814.3446747"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00068"},{"key":"ref4","first-page":"1","article-title":"Authenticache: Harnessing cache ECC for system authenti cation","author":"bacha","year":"0","journal-title":"International Symposium on Microarchitecture (MICRO)"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/2485922.2485948"},{"key":"ref6","article-title":"End to end learning for self-driving cars","author":"bojarski","year":"2016","journal-title":"ArXiv Preprint"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2014.12"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134606"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/DSN48063.2020.00032"},{"key":"ref9","article-title":"Un derstanding reduced-voltage operation in modern DRAM devices: Ex perimental characterization, analysis, and mechanisms","author":"chang","year":"0","journal-title":"Proceedings of the ACM on Measurement and Analysis of Computing Systems"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/SIBIRCON48586.2019.8958134"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.36"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/s11263-015-0816-y"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/DSN-W50199.2020.00016"},{"key":"ref42","first-page":"503","article-title":"Harnessing voltage margins for energy efficiency inmulticore CPUs","author":"papadimitriou","year":"0","journal-title":"2017 50th Annual IEEE\/ACM Interna tional Symposium on Microarchitecture (MICRO)"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00057"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.41"},{"key":"ref43","article-title":"Towards the science of security and privacy in machine learning","volume":"abs 1611 3814","author":"papernot","year":"2016","journal-title":"ArXiv"}],"event":{"name":"2021 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","location":"Tysons Corner, VA, USA","start":{"date-parts":[[2021,12,12]]},"end":{"date-parts":[[2021,12,15]]}},"container-title":["2021 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9702149\/9702266\/09702287.pdf?arnumber=9702287","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,16]],"date-time":"2022-05-16T20:44:35Z","timestamp":1652733875000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9702287\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,12,12]]},"references-count":58,"URL":"https:\/\/doi.org\/10.1109\/host49136.2021.9702287","relation":{},"subject":[],"published":{"date-parts":[[2021,12,12]]}}}