{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T18:10:40Z","timestamp":1772043040213,"version":"3.50.1"},"reference-count":81,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"3","license":[{"start":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:00:00Z","timestamp":1746057600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:00:00Z","timestamp":1746057600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:00:00Z","timestamp":1746057600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2025,5]]},"DOI":"10.1109\/tdsc.2024.3482707","type":"journal-article","created":{"date-parts":[[2024,10,17]],"date-time":"2024-10-17T17:54:05Z","timestamp":1729187645000},"page":"2243-2257","source":"Crossref","is-referenced-by-count":4,"title":["On Security Weaknesses and Vulnerabilities in Deep Learning Systems"],"prefix":"10.1109","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5093-2832","authenticated-orcid":false,"given":"Zhongzheng","family":"Lai","sequence":"first","affiliation":[{"name":"School of Electrical and Computer Engineering, The University of Sydney, Camperdown, NSW, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5678-472X","authenticated-orcid":false,"given":"Huaming","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Electrical and Computer Engineering, The University of Sydney, Camperdown, NSW, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5404-8550","authenticated-orcid":false,"given":"Ruoxi","family":"Sun","sequence":"additional","affiliation":[{"name":"CSIRO’s Data61, Eveleigh, NSW, Australia"}]},{"given":"Yu","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Electrical and Computer Engineering, The University of Sydney, Camperdown, NSW, Australia"}]},{"given":"Minhui","family":"Xue","sequence":"additional","affiliation":[{"name":"CSIRO’s Data61, Eveleigh, NSW, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1130-0888","authenticated-orcid":false,"given":"Dong","family":"Yuan","sequence":"additional","affiliation":[{"name":"School of Electrical and Computer Engineering, The University of Sydney, Camperdown, NSW, Australia"}]}],"member":"263","reference":[{"key":"ref1","first-page":"1","article-title":"Is using deep learning frameworks free? Characterizing technical debt in deep learning frameworks","volume-title":"Proc. ACM\/IEEE 42nd Int. Conf. Softw. Eng., Softw. Eng. Soc.","author":"Liu"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00068"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409759"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409760"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/issre52982.2021.00014"},{"key":"ref6","first-page":"547","article-title":"Safety critical systems: Challenges and directions","volume-title":"Proc. 24th Int. Conf. Softw. Eng.","author":"Knight"},{"key":"ref7","article-title":"ChatGPT: An AI language model","year":"2024"},{"key":"ref8","article-title":"Sora | OpenAI","year":"2024"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00024"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-SEIP52600.2021.00033"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3338955"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-59410-7_40"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468612"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/MSR52588.2021.00070"},{"key":"ref15","article-title":"Characterizing performance bugs in deep learning systems","author":"Cao","year":"2021"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00078"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00107"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409761"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329831"},{"key":"ref20","first-page":"265","article-title":"TensorFlow: A system for large-scale machine learning","volume-title":"Proc. 12th USENIX Symp. Operating Syst. Des. Implementation","author":"Abadi"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/2647868.2654889"},{"key":"ref22","volume-title":"Learning OpenCV: Computer Vision with the OpenCV Library","author":"Bradski","year":"2008"},{"key":"ref23","first-page":"8026","article-title":"PyTorch: An imperative style, high-performance deep learning library","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Paszke"},{"key":"ref24","volume-title":"Deep Learning With Keras","author":"Gulli","year":"2017"},{"key":"ref26","first-page":"35","article-title":"Deep learning for self-driving cars: Chances and challenges","volume-title":"Proc. 1st Int. Workshop Softw. Eng. AI Auton. Syst.","author":"Rao"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3386253"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2020.2983686"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/RE.2018.00-21"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-7998-5101-1.ch001"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME52107.2021.00036"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2021.111031"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2019.8870157"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-67292-8_2"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3394486.3406698"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3344341.3368814"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3270101.3270102"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.3034721"},{"key":"ref39","article-title":"Security and machine learning in the real world","author":"Evtimov","year":"2020"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3638531"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3436755"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/msr59073.2023.00018"},{"key":"ref43","article-title":"CERT\/CC vulnerability note VU#425163 - machine learning classifiers trained via gradient descent are vulnerable to arbitrary misclassification attack","year":"2020"},{"key":"ref44","article-title":"The impact of platform vulnerabilities in ai systems","author":"Kim","year":"2020"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102948"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.26599\/TST.2020.9010050"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2012.22"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2962027"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213866"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE52982.2021.00030"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2010.11.920"},{"key":"ref52","first-page":"2383","article-title":"IvySyn: Automated vulnerability discovery in deep learning frameworks","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Christou"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00046"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464843"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2021.3107165"},{"key":"ref56","article-title":"CWE list version 4.9","year":"2022"},{"key":"ref57","article-title":"CVE","year":"2022"},{"key":"ref58","article-title":"National vulnerability database","year":"2022"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635880"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3117771"},{"key":"ref61","article-title":"Github security advisory","year":"2022"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.4135\/9781848607941.n13"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.2307\/3315487"},{"key":"ref64","article-title":"Philoxrandom: Fix race in GPU fill function","year":"2017"},{"key":"ref65","article-title":"Model generators: Make sure all threads finish when stop is requested","year":"2017"},{"key":"ref66","article-title":"Don\u2019t throw exceptions inside openmp parallel block","year":"2018"},{"key":"ref67","article-title":"Training.py _check_loss_and_target_compatibility fix crash if Y is none","year":"2018"},{"key":"ref68","article-title":"Conv layer: Fix crash by setting weight pointer","year":"2014"},{"key":"ref69","article-title":"R2.2-rc3 cherry-pick request: Fix a bug that profile XLA gpu crashes OOM","year":"2020"},{"key":"ref70","article-title":"ONNX fix the issue of converting empty list to sequence","year":"2021"},{"key":"ref71","article-title":"Hotfix: Fix test_cuda import in test_cuda","year":"2018"},{"key":"ref72","article-title":"Support CPU only memcpy","year":"2014"},{"key":"ref73","article-title":"Dataparallel: GPU imbalance warning","year":"2018"},{"key":"ref74","article-title":"Fix dynamicpartitionopgpu when running on multiple GPUs","year":"2020"},{"key":"ref75","article-title":"Fix some functions for valid processing of empty string content","year":"2019"},{"key":"ref76","article-title":"Remove assert_any_throw tests for myriad plugin","year":"2019"},{"key":"ref77","article-title":"TFTRT: Support dilated convolutions","year":"2019"},{"key":"ref78","article-title":"Include libcurl into the bazel build","year":"2016"},{"key":"ref79","article-title":"Tflite fix for the segmentation fault. when quantize conv_2d with dilation 1","year":"2020"},{"key":"ref80","article-title":"Tfliteconverter Segmentation fault when dilation is not (1,1) in conv_2d","year":"2020"},{"key":"ref81","article-title":"Fix memory leak when using multiple workers on window","year":"2018"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1145\/3442167.3442177"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8858\/10992672\/10720810.pdf?arnumber=10720810","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,15]],"date-time":"2025-05-15T17:35:37Z","timestamp":1747330537000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10720810\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5]]},"references-count":81,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2024.3482707","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,5]]}}}