{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,4]],"date-time":"2026-03-04T09:25:12Z","timestamp":1772616312050,"version":"3.50.1"},"reference-count":123,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"9","license":[{"start":{"date-parts":[[2024,9,1]],"date-time":"2024-09-01T00:00:00Z","timestamp":1725148800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,9,1]],"date-time":"2024-09-01T00:00:00Z","timestamp":1725148800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,9,1]],"date-time":"2024-09-01T00:00:00Z","timestamp":1725148800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Qatar Research Development and Innovation Council","award":["ARG01-0525-230348"],"award-info":[{"award-number":["ARG01-0525-230348"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Artif. Intell."],"published-print":{"date-parts":[[2024,9]]},"DOI":"10.1109\/tai.2024.3383407","type":"journal-article","created":{"date-parts":[[2024,4,1]],"date-time":"2024-04-01T16:11:08Z","timestamp":1711987868000},"page":"4322-4343","source":"Crossref","is-referenced-by-count":6,"title":["Adversarial Machine Learning for Social Good: Reframing the Adversary as an Ally"],"prefix":"10.1109","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6738-2352","authenticated-orcid":false,"given":"Shawqi","family":"Al-Maliki","sequence":"first","affiliation":[{"name":"Information and Computing Technology (ICT) Division, College of Science and Engineering, Hamad Bin Khalifa University, Doha, Qatar"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6732-7601","authenticated-orcid":false,"given":"Adnan","family":"Qayyum","sequence":"additional","affiliation":[{"name":"Information Technology University, Lahore, Pakistan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1701-0390","authenticated-orcid":false,"given":"Hassan","family":"Ali","sequence":"additional","affiliation":[{"name":"University of New South Wales Sydney, Sydney, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3261-7588","authenticated-orcid":false,"given":"Mohamed","family":"Abdallah","sequence":"additional","affiliation":[{"name":"Information and Computing Technology (ICT) Division, College of Science and Engineering, Hamad Bin Khalifa University, Doha, Qatar"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9466-2475","authenticated-orcid":false,"given":"Junaid","family":"Qadir","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, College of Engineering, Qatar University, Doha, Qatar"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9528-0863","authenticated-orcid":false,"given":"Dinh Thai","family":"Hoang","sequence":"additional","affiliation":[{"name":"School of Electrical and Data Engineering, University of Technology Sydney, Sydney, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7442-7416","authenticated-orcid":false,"given":"Dusit","family":"Niyato","sequence":"additional","affiliation":[{"name":"College of Computing and Data Science, Nanyang Technological University, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0903-1204","authenticated-orcid":false,"given":"Ala","family":"Al-Fuqaha","sequence":"additional","affiliation":[{"name":"Information and Computing Technology (ICT) Division, College of Science and Engineering, Hamad Bin Khalifa University, Doha, Qatar"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Intriguing properties of neural networks","author":"Szegedy","year":"2013"},{"key":"ref2","article-title":"Towards deep learning models resistant to adversarial attacks","author":"Madry","year":"2017"},{"key":"ref3","first-page":"1310","article-title":"Certified adversarial robustness via randomized smoothing","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Cohen","year":"2019"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103367"},{"key":"ref5","article-title":"Adversarial attacks that matter","author":"Carlini"},{"key":"ref6","article-title":"Does adversarial machine learning research matter?","author":"Tramer"},{"key":"ref7","article-title":"Adversarial machine learning for good","author":"Chen"},{"key":"ref8","article-title":"Robustness in machine learning: A five-year retrospective","author":"Kolter"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/satml54575.2023.00031"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1038\/s42256-021-00296-0"},{"key":"ref11","article-title":"Raising the cost of malicious AI-powered image editing","author":"Salman","year":"2023"},{"key":"ref12","article-title":"Adversarial for good? How the adversarial ML communitys values impede socially beneficial uses of attacks","volume-title":"Proc. Workshop Adversarial Mach. Learn. (ICML)","author":"Albert","year":"2021"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v37i13.26797"},{"key":"ref14","article-title":"Adversarial reprogramming of neural networks","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Elsayed","year":"2018"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1038\/s41467-020-15871-z"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1613\/jair.1.12814"},{"key":"ref17","article-title":"Explaining and harnessing adversarial examples","author":"Goodfellow","year":"2014"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2015.7298640"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40994-3_25"},{"key":"ref20","article-title":"Adversarial machine learning at scale","author":"Kurakin","year":"2016"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.41"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i07.6791"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP49357.2023.10097245"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1038\/s42256-019-0088-2"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/TAI.2022.3194503"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.3547322"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2018.07.023"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2020.2975048"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN48605.2020.9207635"},{"key":"ref30","article-title":"Decision-based adversarial attacks: Reliable attacks against black-box machine learning models","author":"Brendel","year":"2017"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140448"},{"key":"ref32","first-page":"6808","article-title":"Wasserstein adversarial examples via projected sinkhorn iterations","volume-title":"Int. Conf. Mach. Learn.","author":"Wong","year":"2019"},{"key":"ref33","article-title":"Poisoning attacks against support vector machines","author":"Biggio","year":"2012"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v29i1.9569"},{"key":"ref35","first-page":"1885","article-title":"Understanding black-box predictions via influence functions","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Koh","year":"2017"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140451"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623193"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/cvpr52729.2023.02356"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2909068"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.00784"},{"key":"ref41","article-title":"Targeted backdoor attacks on deep learning systems using data poisoning","author":"Chen","year":"2017"},{"key":"ref42","first-page":"3454","article-title":"Input-aware dynamic backdoor attack","volume":"33","author":"Nguyen","year":"2020","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2021.3057686"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA52953.2021.00134"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/RBME.2020.3013489"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.282"},{"key":"ref48","article-title":"Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks","volume-title":"Proc. In. Conf. Mach. Learn.","author":"Croce","year":"2020"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.5555\/3241094.3241142"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"ref51","first-page":"97","article-title":"Industrial practitioners\u2019 mental models of adversarial machine learning","volume-title":"Proc. 18th Symp. Usable Privacy Security (SOUPS)","author":"Bieringer","year":"2022"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/sp54263.2024.00179"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354222"},{"key":"ref54","first-page":"8307","article-title":"Adversarial attacks on copyright detection systems","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Saadatpanah","year":"2020"},{"key":"ref55","article-title":"Audiotag \u2013 Free music recognition robot."},{"key":"ref56","article-title":"How content ID works","year":"2019"},{"key":"ref57","article-title":"Preprocessors matter! realistic decision-based attacks on machine learning systems","author":"Sitawarin","year":"2022"},{"key":"ref58","article-title":"A complete list of all (arXiv) adversarial example papers","author":"Carlini"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3251842"},{"key":"ref60","article-title":"The threat of offensive AI to organizations","volume":"124","author":"Mirsky","year":"2022","journal-title":"Comput. Security"},{"key":"ref61","article-title":"A crisis in adversarial machine learning,","author":"Carlini"},{"key":"ref62","article-title":"Evading adversarial example detection defenses with orthogonal projected gradient descent","author":"Bryniarski","year":"2021"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v38i20.30267"},{"key":"ref64","first-page":"24398","article-title":"Reprogramming pretrained language models for antibody sequence infilling","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Melnyk","year":"2023"},{"key":"ref65","first-page":"9614","article-title":"Transfer learning without knowing: Reprogramming black-box machine learning models with scarce data and limited resources","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Tsai","year":"2020"},{"key":"ref66","first-page":"11808","article-title":"Voice2Series: Reprogramming acoustic models for time series classification","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Yang","year":"2021"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/JAS.2019.1911747"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1038\/s42256-021-00422-y"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/N16-3020"},{"key":"ref70","first-page":"4768","article-title":"A unified approach to interpreting model predictions","volume-title":"Proc. 31st Int. Conf. Neural Inf. Process. Syst.","author":"Lundberg","year":"2017"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102791"},{"key":"ref72","first-page":"3319","article-title":"Axiomatic attribution for deep networks","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Sundararajan","year":"2017"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1016\/j.compbiomed.2022.106043"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.3063289"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/3677119"},{"key":"ref76","article-title":"Explanations based on the missing: Towards contrastive explanations with pertinent negatives","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"31","author":"Dhurandhar","year":"2018"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1145\/3287560.3287566"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380087"},{"key":"ref79","first-page":"4574","article-title":"Exploring counterfactual explanations through the lens of adversarial examples: A theoretical and empirical analysis","volume-title":"Proc. Int. Conf. Artif. Intell. Statist.","author":"Pawelczyk","year":"2022"},{"key":"ref80","first-page":"1589","article-title":"Fawkes: Protecting privacy against unauthorized deep learning models","volume-title":"Proc. 29th USENIX Security Symp. (USENIX Security)","author":"Shan","year":"2020"},{"key":"ref81","article-title":"Lowkey: Leveraging adversarial attacks to protect social media users from facial recognition","author":"Cherepanova","year":"2021"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.3389\/fdata.2022.1049565"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-64793-3_25"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978392"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1109\/ICIP46576.2022.9897634"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103336"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2021\/80"},{"key":"ref88","first-page":"194","article-title":"Don\u2019t forget to sign the gradients!","volume-title":"Proc. Mach. Learn. Syst.","volume":"3","author":"Aramoon","year":"2021"},{"key":"ref89","article-title":"Image synthesis with a single (robust) classifier","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"32","author":"Santurkar","year":"2019"},{"key":"ref90","first-page":"3533","article-title":"Do adversarially robust ImageNet models transfer better?","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"33","author":"Salman","year":"2020"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v36i6.20650"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2718479"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/MIS.2020.3036156"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/bigdata55660.2022.10021100"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v35i14.17525"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1145\/3614098"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.7551\/mitpress\/9780262029735.001.0001"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2022-0008"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN52387.2021.9533868"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2022\/107"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1145\/3503161.3547923"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.1109\/IWCMC58020.2023.10182780"},{"key":"ref103","first-page":"8326","article-title":"Radioactive data: Tracing through training","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Sablayrolles","year":"2020"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1109\/TSP.2005.855418"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.00406"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1109\/TCYB.2021.3071395"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1109\/TMM.2020.3013376"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.3025441"},{"key":"ref109","first-page":"15270","article-title":"Unadversarial examples: Designing objects for robust vision","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"34","author":"Salman","year":"2021"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2021.3130380"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1109\/iotm.001.2300135"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2023.3298685"},{"key":"ref113","article-title":"British national corpus","volume-title":"Oxford Text Archive Core Collection","author":"Consortium","year":"2007"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1075\/ijcl.14.2.02dav"},{"key":"ref115","article-title":"Innovation ecosystems for socially beneficial AI","author":"Bengio","year":"2023","journal-title":"Missing Links AI Governance"},{"key":"ref116","article-title":"Data poisoning won\u2019t save you from facial recognition","author":"Radiya-Dixit","year":"2021"},{"key":"ref117","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2023.119093"},{"key":"ref118","first-page":"6760","article-title":"Multirobustbench: Benchmarking robustness against multiple attacks","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Dai","year":"2023"},{"key":"ref119","article-title":"Certifying LLM safety against adversarial prompting","author":"Kumar","year":"2023"},{"key":"ref120","article-title":"Universal and transferable adversarial attacks on aligned language models","author":"Zou","year":"2023"},{"key":"ref121","article-title":"Artificial Intelligence Index Report"},{"key":"ref122","article-title":"G. of high-profile researchers and business leaders. Pause Giant AI Experiments: An Open Letter"},{"key":"ref123","article-title":"UN Guiding Principles on Business and Human Rights"}],"container-title":["IEEE Transactions on Artificial Intelligence"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9078688\/10673734\/10485642.pdf?arnumber=10485642","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T01:09:26Z","timestamp":1755911366000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10485642\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9]]},"references-count":123,"journal-issue":{"issue":"9"},"URL":"https:\/\/doi.org\/10.1109\/tai.2024.3383407","relation":{},"ISSN":["2691-4581"],"issn-type":[{"value":"2691-4581","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,9]]}}}