{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T10:38:06Z","timestamp":1725791886698},"reference-count":51,"publisher":"IEEE","license":[{"start":{"date-parts":[[2020,7,1]],"date-time":"2020-07-01T00:00:00Z","timestamp":1593561600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2020,7,1]],"date-time":"2020-07-01T00:00:00Z","timestamp":1593561600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2020,7,1]],"date-time":"2020-07-01T00:00:00Z","timestamp":1593561600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,7]]},"DOI":"10.1109\/ijcnn48605.2020.9207312","type":"proceedings-article","created":{"date-parts":[[2020,9,30]],"date-time":"2020-09-30T00:40:33Z","timestamp":1601426433000},"page":"1-8","source":"Crossref","is-referenced-by-count":4,"title":["Approximate Manifold Defense Against Multiple Adversarial Perturbations"],"prefix":"10.1109","author":[{"given":"Jay","family":"Nandy","sequence":"first","affiliation":[]},{"given":"Wynne","family":"Hsu","sequence":"additional","affiliation":[]},{"given":"Mong Li","family":"Lee","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v33i01.33012253"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"ref33","article-title":"Using pre-training can improve model robustness and uncertainty","author":"hendrycks","year":"2019","journal-title":"ICML"},{"key":"ref32","article-title":"Adversarially robust generalization requires more data","author":"schmidt","year":"2018","journal-title":"NeurIPS"},{"key":"ref31","article-title":"Provable robustness against all adversarial lp-perturbations for p ? 1","author":"croce","year":"2020","journal-title":"ICLRE"},{"article-title":"The robust manifold defense: Adversarial training using generative models","year":"2019","author":"jalal","key":"ref30"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00957"},{"key":"ref36","article-title":"Very deep convolutional networks for large-scale image recognition","author":"simonyan","year":"2015","journal-title":"ICLRE"},{"key":"ref35","article-title":"Learning multiple layers of features from tiny images","author":"krizhevsky","year":"2009","journal-title":"Master&#x2019;s thesis"},{"article-title":"MNIST handwritten digit database","year":"2010","author":"lecun","key":"ref34"},{"key":"ref28","article-title":"Pixeldefend: Leveraging generative models to understand and defend against adversarial examples","author":"song","year":"2018","journal-title":"ICLRE"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/TMM.2019.2908352"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134057"},{"key":"ref2","article-title":"Explaining and harnessing adversarial examples","author":"goodfellow","year":"2015","journal-title":"ICLRE"},{"key":"ref1","article-title":"Intriguing properties of neural networks","author":"szegedy","year":"2014","journal-title":"ICLRE"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23198"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00191"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00894"},{"key":"ref24","article-title":"Countering adversarial images using input transformations","author":"guo","year":"2018","journal-title":"ICLRE"},{"key":"ref23","article-title":"Certified robustness to adversarial examples with differential privacy","author":"lecuyer","year":"2018","journal-title":"IEEE S&P"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2019.8683044"},{"key":"ref25","article-title":"Generative adversarial nets","author":"goodfellow","year":"2014","journal-title":"NIPS"},{"key":"ref50","article-title":"Benchmarking neural network robustness to common corruptions and perturbations","author":"hendrycks","year":"2019","journal-title":"ICLRE"},{"article-title":"Imagenet-trained cnns are biased towards texture; increasing shape bias improves accuracy and robustness","year":"2019","author":"geirhos","key":"ref51"},{"key":"ref10","article-title":"Certified adversarial robustness with additive noise","author":"li","year":"2019","journal-title":"NeurIPS"},{"key":"ref11","article-title":"Defense-GAN: Protecting classifiers against adversarial attacks using generative models","author":"samangouei","year":"2018","journal-title":"ICLRE"},{"key":"ref40","article-title":"EAD: Elastic-net attacks to deep neural networks via adversarial examples","author":"chen","year":"2018","journal-title":"AAAI"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v33i01.3301541"},{"key":"ref13","article-title":"Towards the first adversarially robust neural network model on MNIST","author":"schott","year":"2019","journal-title":"ICLRE"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/ICIP.2018.8451432"},{"key":"ref15","article-title":"Robustness may be at odds with accuracy","author":"tsipras","year":"2019","journal-title":"ICLRE"},{"key":"ref16","article-title":"Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples","author":"athalye","year":"2018","journal-title":"ICML"},{"key":"ref17","article-title":"On the connection between adversarial robustness and saliency map interpretability","author":"etmann","year":"2019","journal-title":"ICML"},{"key":"ref18","article-title":"Adversarial robustness through local linearization","author":"qin","year":"2019","journal-title":"NeurIPS"},{"key":"ref19","article-title":"Adversarial training for free!","author":"shafahi","year":"2019","journal-title":"NeurIPS"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2013.6638293"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.36"},{"key":"ref6","article-title":"Towards deep learning models resistant to adversarial attacks","author":"madry","year":"2018","journal-title":"ICLRE"},{"key":"ref5","article-title":"Adversarial: Defeating perceptual ad-blocking","author":"tram\u00e8r","year":"2019","journal-title":"ACM CCS"},{"key":"ref8","article-title":"Adversarial training and robustness for multiple perturbations","author":"tram\u00e8r","year":"2019","journal-title":"NeurIPS"},{"key":"ref7","article-title":"Theoretically principled trade-off between robustness and accuracy","author":"zhang","year":"2019","journal-title":"ICML"},{"key":"ref49","article-title":"Functional adversarial attacks","author":"laidlaw","year":"2019","journal-title":"NIPS"},{"key":"ref9","article-title":"Certified adversarial robustness via randomized smoothing","author":"cohen","year":"2019","journal-title":"ICML"},{"key":"ref46","article-title":"Spatially transformed adversarial examples","author":"xiao","year":"2018","journal-title":"ICLRE"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00929"},{"key":"ref48","article-title":"Wasserstein adversarial examples via projected sinkhorn iterations","author":"wong","year":"2019","journal-title":"ICML"},{"key":"ref47","article-title":"The limitations of adversarial training and the blind-spot attack","author":"zhang","year":"2019","journal-title":"ICLRE"},{"key":"ref42","article-title":"Thermometer encoding: One hot way to resist adversarial examples","author":"buckman","year":"2018","journal-title":"ICLRE"},{"key":"ref41","article-title":"Adversarial risk and the dangers of evaluating against weak attacks","author":"uesato","year":"2018","journal-title":"ICML"},{"key":"ref44","article-title":"Characterizing adversarial subspaces using local intrinsic dimensionality","author":"ma","year":"2018","journal-title":"ICLRE"},{"key":"ref43","article-title":"Stochastic activation pruning for robust adversarial defense","author":"dhillon","year":"2018","journal-title":"ICLRE"}],"event":{"name":"2020 International Joint Conference on Neural Networks (IJCNN)","start":{"date-parts":[[2020,7,19]]},"location":"Glasgow, United Kingdom","end":{"date-parts":[[2020,7,24]]}},"container-title":["2020 International Joint Conference on Neural Networks (IJCNN)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9200848\/9206590\/09207312.pdf?arnumber=9207312","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,28]],"date-time":"2022-06-28T21:49:59Z","timestamp":1656452999000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9207312\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,7]]},"references-count":51,"URL":"https:\/\/doi.org\/10.1109\/ijcnn48605.2020.9207312","relation":{},"subject":[],"published":{"date-parts":[[2020,7]]}}}