{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,10,30]],"date-time":"2024-10-30T00:51:04Z","timestamp":1730249464558,"version":"3.28.0"},"reference-count":62,"publisher":"IEEE","license":[{"start":{"date-parts":[[2023,5,16]],"date-time":"2023-05-16T00:00:00Z","timestamp":1684195200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,5,16]],"date-time":"2023-05-16T00:00:00Z","timestamp":1684195200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,5,16]]},"DOI":"10.1109\/icmcis59922.2023.10253593","type":"proceedings-article","created":{"date-parts":[[2023,9,20]],"date-time":"2023-09-20T17:37:28Z","timestamp":1695231448000},"page":"1-12","source":"Crossref","is-referenced-by-count":0,"title":["Evaluation of Robustness Metrics for Defense of Machine Learning Systems"],"prefix":"10.1109","author":[{"given":"J.","family":"DeMarchi","sequence":"first","affiliation":[{"name":"Royal Netherlands Aerospace Centre NLR,Collaborative Engineering Systems & Aerospace Systems Information Supremacy,Amsterdam,NLD"}]},{"given":"R.","family":"Rijken","sequence":"additional","affiliation":[{"name":"Royal Netherlands Aerospace Centre NLR,Collaborative Engineering Systems & Aerospace Systems Information Supremacy,Amsterdam,NLD"}]},{"given":"J.","family":"Melrose","sequence":"additional","affiliation":[{"name":"Defence Science and Technology Laboratory,Cyber & Information Systems Division,Portondown,GBR"}]},{"given":"B.","family":"Madahar","sequence":"additional","affiliation":[{"name":"Defence Science and Technology Laboratory,Cyber & Information Systems Division,Portondown,GBR"}]},{"given":"G.","family":"Fumera","sequence":"additional","affiliation":[{"name":"University of Cagliari,Department of Electrical and Electronic Engineering,Cagliari,ITA"}]},{"given":"F.","family":"Roli","sequence":"additional","affiliation":[{"name":"University of Genoa,Department of Informatics, Bioengineering, Robotics and Systems Engineering,Genoa,ITA"}]},{"given":"E.","family":"Ledda","sequence":"additional","affiliation":[{"name":"Sapienza University of Rome,Department of Computer, Control and Management Engineering,Rome,ITA"}]},{"given":"M.","family":"Akta\u015f","sequence":"additional","affiliation":[{"name":"ASELSAN,Defence Systems Technologies Division,Ankara,TUR"}]},{"given":"F.","family":"Kurth","sequence":"additional","affiliation":[{"name":"Fraunhofer Institute for Communication, Information Processing and Ergonomics,Bonn,DEU"}]},{"given":"P.","family":"Baggenstoss","sequence":"additional","affiliation":[{"name":"Fraunhofer Institute for Communication, Information Processing and Ergonomics,Bonn,DEU"}]},{"given":"B.","family":"Pelzer","sequence":"additional","affiliation":[{"name":"Swedish Defence Research Agency Cyber Defence and C2 Technology Division,Stockholm,SWE"}]},{"given":"L.","family":"Kanestad","sequence":"additional","affiliation":[{"name":"Swedish Defence Research Agency Cyber Defence and C2 Technology Division,Stockholm,SWE"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Robustness of artificial intelligence for hybrid warfare","volume-title":"STO RTG-190 Research Symposium (RSY) on AI, ML and BD for Hybrid Military Operations (AI4HMO)","author":"Sharp","year":"2021"},{"volume-title":"AIVD: Netherlands General Intelligence and Security Service","year":"2023","article-title":"AI systems: Develop them securely","key":"ref2"},{"doi-asserted-by":"publisher","key":"ref3","DOI":"10.1007\/s10994-021-05946-3"},{"doi-asserted-by":"publisher","key":"ref4","DOI":"10.5555\/3295222.3295309"},{"doi-asserted-by":"publisher","key":"ref5","DOI":"10.1162\/neco.1992.4.3.448"},{"doi-asserted-by":"publisher","key":"ref6","DOI":"10.5555\/3045390.3045502"},{"issue":"56","key":"ref7","first-page":"1929","article-title":"Dropout: A simple way to prevent neural networks from overfitting","volume":"15","author":"Srivastava","year":"2014","journal-title":"J. Machine Learning Res."},{"doi-asserted-by":"publisher","key":"ref8","DOI":"10.1109\/LRA.2020.2974682"},{"doi-asserted-by":"publisher","key":"ref9","DOI":"10.1016\/j.ins.2023.119356"},{"doi-asserted-by":"publisher","key":"ref10","DOI":"10.1016\/j.imavis.2022.104597"},{"doi-asserted-by":"publisher","key":"ref11","DOI":"10.1109\/PETS-WINTER.2009.5399556"},{"doi-asserted-by":"publisher","key":"ref12","DOI":"10.1109\/CVPR.2016.70"},{"key":"ref13","article-title":"Attention is all you need","author":"Vaswani","year":"2017","journal-title":"Advances in Neural Information Processing Systems"},{"key":"ref14","article-title":"Improving language understanding by generative pre-training","author":"Radford","year":"2018","journal-title":"OpenAI"},{"year":"2018","author":"Devlin","journal-title":"BERT: Pre-training of deep bidirectional transformers for language understanding","key":"ref15"},{"key":"ref16","article-title":"The secret sharer: Evaluating and testing unintended memorization in neural networks","volume-title":"28th USENIX Security Symposium","author":"Carlini","year":"2019"},{"key":"ref17","article-title":"Language models are unsupervised multitask learners","author":"Radford","year":"2019","journal-title":"OpenAI"},{"doi-asserted-by":"publisher","key":"ref18","DOI":"10.1145\/3340531.3412762"},{"doi-asserted-by":"publisher","key":"ref19","DOI":"10.1121\/1.2016299"},{"doi-asserted-by":"publisher","key":"ref20","DOI":"10.1109\/SP.2017.41"},{"doi-asserted-by":"publisher","key":"ref21","DOI":"10.1007\/978-3-540-79228-4_1"},{"author":"Carlini","journal-title":"On evaluating adversarial robustness","key":"ref22"},{"key":"ref23","article-title":"Generalisation in humane and deep neural networks","volume-title":"32nd Conf. on Neural Inf. Proc. Sys.","author":"Geirhos","year":"2018"},{"author":"Croce","journal-title":"RobustBench: A standardized adversarial robustness benchmark","key":"ref24"},{"volume-title":"Technical report on the CleverHans v2.1.0 Adversarial Examples Library","author":"Papernot","key":"ref25"},{"doi-asserted-by":"publisher","key":"ref26","DOI":"10.1109\/SP.2018.00057"},{"year":"2017","author":"Chen","journal-title":"Targeted backdoor attacks on deep learning systems using data poisoning","key":"ref27"},{"year":"2019","author":"Bhagoji","journal-title":"Analyzing federated learning through an adversarial lens","key":"ref28"},{"key":"ref29","article-title":"Communication-efficient learning of deep networks from decentralized data","volume-title":"20th Int. Conf. on Artificial Intelligence and Statistics","author":"McMahan","year":"2017"},{"author":"Madry","journal-title":"Towards deep learning models resistant to adversarial attacks","key":"ref30"},{"author":"Rebuffi","journal-title":"Fixing data augmentation to improve adversarial robustness","key":"ref31"},{"doi-asserted-by":"publisher","key":"ref32","DOI":"10.1109\/CVPR42600.2020.00071"},{"author":"Gowal","journal-title":"Uncovering the limits of adversarial training against norm-bounded adversarial examples","key":"ref33"},{"doi-asserted-by":"publisher","key":"ref34","DOI":"10.1109\/FOCS52979.2021.00098"},{"year":"2018","author":"Chakraborty","journal-title":"Adversarial attacks and defences: A survey","key":"ref35"},{"doi-asserted-by":"publisher","key":"ref36","DOI":"10.1109\/ACCESS.2019.2919463"},{"doi-asserted-by":"publisher","key":"ref37","DOI":"10.1109\/SP.2016.41"},{"year":"2018","author":"Kabkab","journal-title":"Defensive-GAN: Protecting classifiers against adversarial attacks using generative models","key":"ref38"},{"year":"2017","author":"Hosseini","journal-title":"Blocking transferrability of adversarial examples in black-box learning systems","key":"ref39"},{"doi-asserted-by":"publisher","key":"ref40","DOI":"10.1109\/LCSYS.2021.3050444"},{"doi-asserted-by":"publisher","key":"ref41","DOI":"10.1109\/TNNLS.2018.2836662"},{"doi-asserted-by":"publisher","key":"ref42","DOI":"10.1109\/ICASSP40776.2020.9054549"},{"doi-asserted-by":"publisher","key":"ref43","DOI":"10.1109\/TSP.2022.3151317"},{"doi-asserted-by":"publisher","key":"ref44","DOI":"10.23919\/EUSIPCO55093.2022.9909662"},{"doi-asserted-by":"publisher","key":"ref45","DOI":"10.1109\/LSP.2021.3113833"},{"doi-asserted-by":"publisher","key":"ref46","DOI":"10.23919\/FUSION49465.2021.9627060"},{"doi-asserted-by":"publisher","key":"ref47","DOI":"10.1109\/TSP.2002.808109"},{"doi-asserted-by":"publisher","key":"ref48","DOI":"10.1109\/TSP.2015.2419189"},{"year":"2021","author":"Leino","journal-title":"Globally-robust neural networks","key":"ref49"},{"year":"2022","author":"Pauling","journal-title":"A tutorial on adversarial learning attacks and countermeasures","key":"ref50"},{"year":"2020","author":"Schwinn","journal-title":"Towards rapid and robust adversarial training with one-step attacks","key":"ref51"},{"key":"ref52","doi-asserted-by":"crossref","DOI":"10.1145\/2016904.2016908","volume-title":"Malware images: Visualization and automatic classification","author":"Nataraj","year":"2011"},{"year":"2021","author":"Avant","journal-title":"Analytical bounds on the local Lipschitz constants of ReLU networks","key":"ref53"},{"year":"2018","author":"Youcheng","journal-title":"Concolic testing for deep neural networks","key":"ref54"},{"key":"ref55","article-title":"Exploratory testing","volume-title":"Annual Software Testing Conf.","author":"Kaner","year":"2006"},{"issue":"5s","key":"ref56","first-page":"1","article-title":"Structural test coverage criteria for deep neural networks","volume":"18","author":"Youcheng","year":"2019","journal-title":"ACM Trans. Embedded Computing Sys."},{"key":"ref57","article-title":"DeepConcolic: Testing and debugging deep neural networks","volume-title":"41st IEEEE\/ACM Int. Conf. on Software Eng. Companion Proc.","author":"Youcheng","year":"2019"},{"year":"2018","author":"Youcheng","journal-title":"Testing deep neural networks","key":"ref58"},{"doi-asserted-by":"publisher","key":"ref59","DOI":"10.1109\/ICSE43902.2021.00038"},{"doi-asserted-by":"publisher","key":"ref60","DOI":"10.24963\/ijcai.2019\/824"},{"volume-title":"DSTL","article-title":"DeepConcolic","key":"ref61"},{"volume-title":"The National Archives, Kew, London TW9 4DU","article-title":"psi@nationalarchives.gsi.gov.uk","key":"ref62"}],"event":{"name":"2023 International Conference on Military Communications and Information Systems (ICMCIS)","start":{"date-parts":[[2023,5,16]]},"location":"Skopje, North Macedonia","end":{"date-parts":[[2023,5,17]]}},"container-title":["2023 International Conference on Military Communications and Information Systems (ICMCIS)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10252166\/10253463\/10253593.pdf?arnumber=10253593","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,31]],"date-time":"2024-08-31T05:29:53Z","timestamp":1725082193000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10253593\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5,16]]},"references-count":62,"URL":"https:\/\/doi.org\/10.1109\/icmcis59922.2023.10253593","relation":{},"subject":[],"published":{"date-parts":[[2023,5,16]]}}}