{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T17:37:30Z","timestamp":1777657050802,"version":"3.51.4"},"reference-count":22,"publisher":"IEEE","license":[{"start":{"date-parts":[[2021,6,6]],"date-time":"2021-06-06T00:00:00Z","timestamp":1622937600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,6,6]],"date-time":"2021-06-06T00:00:00Z","timestamp":1622937600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,6,6]]},"DOI":"10.1109\/icassp39728.2021.9414862","type":"proceedings-article","created":{"date-parts":[[2021,5,13]],"date-time":"2021-05-13T19:53:45Z","timestamp":1620935625000},"page":"3855-3859","source":"Crossref","is-referenced-by-count":69,"title":["Strong Data Augmentation Sanitizes Poisoning and Backdoor Attacks Without an Accuracy Tradeoff"],"prefix":"10.1109","author":[{"given":"Eitan","family":"Borgnia","sequence":"first","affiliation":[{"name":"University of Maryland"}]},{"given":"Valeriia","family":"Cherepanova","sequence":"additional","affiliation":[{"name":"University of Maryland"}]},{"given":"Liam","family":"Fowl","sequence":"additional","affiliation":[{"name":"University of Maryland"}]},{"given":"Amin","family":"Ghiasi","sequence":"additional","affiliation":[{"name":"University of Maryland"}]},{"given":"Jonas","family":"Geiping","sequence":"additional","affiliation":[{"name":"University of Siegen"}]},{"given":"Micah","family":"Goldblum","sequence":"additional","affiliation":[{"name":"University of Maryland"}]},{"given":"Tom","family":"Goldstein","sequence":"additional","affiliation":[{"name":"University of Maryland"}]},{"given":"Arjun","family":"Gupta","sequence":"additional","affiliation":[{"name":"University of Maryland"}]}],"member":"263","reference":[{"key":"ref10","article-title":"On the Effectiveness of Mitigating Data Poisoning Attacks with Gradient Shaping","author":"hong","year":"2020","journal-title":"ArXiv200211497 Cs"},{"key":"ref11","article-title":"Mixup: Beyond empirical risk minimization","author":"zhang","year":"2017","journal-title":"arXiv preprint arXiv 1710 09412"},{"key":"ref12","article-title":"Maxup: A simple way to improve generalization of neural network training","author":"gong","year":"2020","journal-title":"arXiv preprint arXiv 2002 09027"},{"key":"ref13","author":"ni","year":"2020","journal-title":"Data augmentation for metalearning"},{"key":"ref14","article-title":"Improved regularization of convolutional neural networks with cutout","author":"devries","year":"2017","journal-title":"arXiv preprint arXiv 1708 04552"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2019.00612"},{"key":"ref16","article-title":"Towards Deep Learning Models Resistant to Adversarial Attacks","author":"madry","year":"2017","journal-title":"ArXiv170606083 Cs Stat"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP40776.2020.9052930"},{"key":"ref18","article-title":"Just How Toxic is Data Poisoning? A Unified Benchmark for Backdoor and Data Poisoning Attacks","author":"schwarzschild","year":"2020","journal-title":"ArXiv200612557 Cs Stat"},{"key":"ref19","article-title":"Improved Regularization of Convolutional Neural Networks with Cutout","author":"devries","year":"2017","journal-title":"ArXiv170804552 Cs"},{"key":"ref4","article-title":"Dataset security for machine learning: Data poisoning, backdoor attacks, and defenses","author":"goldblum","year":"2020","journal-title":"2012 arXiv preprint arXiv"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3270101.3270102"},{"key":"ref6","article-title":"Witches' brew: Industrial scale data poisoning via gradient matching","author":"geiping","year":"2020","journal-title":"arXiv preprint arXiv 2009 02026"},{"key":"ref5","article-title":"Metapoison: Practical general-purpose clean-label data poisoning","author":"huang","year":"2020","journal-title":"arXiv preprint arXiv 2004 06774"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/1644893.1644895"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.3532474"},{"key":"ref2","article-title":"Biometric Backdoors: A Poisoning Attack Against Unsupervised Template Updating","author":"lovisotto","year":"2019","journal-title":"ArXiv190509162 Cs"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/TIP.2018.2872858"},{"key":"ref9","article-title":"Deep k-NN defense against clean-label data poisoning attacks","author":"peri","year":"2019"},{"key":"ref20","article-title":"Deep Residual Learning for Image Recognition","author":"he","year":"2015","journal-title":"ArXiv151203385 Cs"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"ref21","article-title":"Learning multiple layers of features from tiny images","author":"krizhevsky","year":"2009"}],"event":{"name":"ICASSP 2021 - 2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)","location":"Toronto, ON, Canada","start":{"date-parts":[[2021,6,6]]},"end":{"date-parts":[[2021,6,11]]}},"container-title":["ICASSP 2021 - 2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9413349\/9413350\/09414862.pdf?arnumber=9414862","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,3]],"date-time":"2022-08-03T00:20:14Z","timestamp":1659486014000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9414862\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,6,6]]},"references-count":22,"URL":"https:\/\/doi.org\/10.1109\/icassp39728.2021.9414862","relation":{},"subject":[],"published":{"date-parts":[[2021,6,6]]}}}