{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T15:33:10Z","timestamp":1772724790669,"version":"3.50.1"},"reference-count":39,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62002167"],"award-info":[{"award-number":["62002167"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62072239"],"award-info":[{"award-number":["62072239"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62372236"],"award-info":[{"award-number":["62372236"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2024]]},"DOI":"10.1109\/tifs.2023.3324318","type":"journal-article","created":{"date-parts":[[2023,10,13]],"date-time":"2023-10-13T17:52:35Z","timestamp":1697219555000},"page":"455-468","source":"Crossref","is-referenced-by-count":9,"title":["Toward a Critical Evaluation of Robustness for Deep Learning Backdoor Countermeasures"],"prefix":"10.1109","volume":"19","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-5385-9414","authenticated-orcid":false,"given":"Huming","family":"Qiu","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, Nanjing University of Science and Technology (NJUST), Nanjing, China"}]},{"given":"Hua","family":"Ma","sequence":"additional","affiliation":[{"name":"School of Electrical and Electronics Engineering, The University of Adelaide, Adelaide, SA, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3604-5369","authenticated-orcid":false,"given":"Zhi","family":"Zhang","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Software Engineering, The University of Western Australia, Perth, WA, Australia"}]},{"given":"Alsharif","family":"Abuadbba","sequence":"additional","affiliation":[{"name":"Data61, CSIRO, Canberra, ACT, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0193-2654","authenticated-orcid":false,"given":"Wei","family":"Kang","sequence":"additional","affiliation":[{"name":"Data61, CSIRO, Canberra, ACT, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1632-5737","authenticated-orcid":false,"given":"Anmin","family":"Fu","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Nanjing University of Science and Technology (NJUST), Nanjing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5783-2172","authenticated-orcid":false,"given":"Yansong","family":"Gao","sequence":"additional","affiliation":[{"name":"Data61, CSIRO, Canberra, ACT, Australia"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2909068"},{"key":"ref2","article-title":"Targeted backdoor attacks on deep learning systems using data poisoning","author":"Chen","year":"2017","journal-title":"arXiv:1712.05526"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3503161.3548272"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.00614"},{"key":"ref5","article-title":"Dangerous cloaking: Natural trigger based backdoor attacks on object detectors in the physical world","author":"Ma","year":"2022","journal-title":"arXiv:2201.08619"},{"key":"ref6","article-title":"Explainability matters: Backdoor attacks on medical imaging","author":"Nwadike","year":"2020","journal-title":"arXiv:2101.00008"},{"key":"ref7","article-title":"Backdoor attacks and countermeasures on deep learning: A comprehensive review","author":"Gao","year":"2020","journal-title":"arXiv:2007.10760"},{"key":"ref8","article-title":"Demon in the variant: Statistical analysis of DNNs for robust backdoor contamination detection","volume-title":"Proc. USENIX Secur.","author":"Tang"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359790"},{"key":"ref10","article-title":"NTD: Non-transferability enabled backdoor detection","author":"Li","year":"2021","journal-title":"arXiv:2111.11157"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3175616"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD.2017.16"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363216"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00034"},{"key":"ref15","article-title":"On evaluating adversarial robustness","author":"Carlini","year":"2019","journal-title":"arXiv:1902.06705"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140444"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23415"},{"key":"ref18","first-page":"175","article-title":"Bypassing backdoor detection algorithms in deep learning","volume-title":"Proc. IEEE Eur. Symp. Secur. Privacy","author":"Shokri"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3055844"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00031"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.00038"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ICCVW54120.2021.00008"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833647"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2022.3162397"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2019\/647"},{"key":"ref26","first-page":"8000","article-title":"Spectral signatures in backdoor attacks","volume-title":"Proc. NIPS","author":"Tran"},{"key":"ref27","article-title":"Detecting backdoor attacks on deep neural networks by activation clustering","author":"Chen","year":"2018","journal-title":"arXiv:1811.03728"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427264"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3579856.3582829"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM50108.2020.00025"},{"key":"ref31","article-title":"Quantization backdoors to deep learning commercial frameworks","author":"Ma","year":"2021","journal-title":"arXiv:2108.09187"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3487890"},{"key":"ref33","first-page":"3454","article-title":"Input-aware dynamic backdoor attack","volume-title":"Proc. NIPS","volume":"33","author":"Nguyen"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV48922.2021.01617"},{"key":"ref35","first-page":"14900","article-title":"Anti-backdoor learning: Training clean models on poisoned data","volume-title":"Proc. NIPS","volume":"34","author":"Li"},{"key":"ref36","article-title":"Very deep convolutional networks for large-scale image recognition","author":"Simonyan","year":"2014","journal-title":"arXiv:1409.1556"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.5555\/3298023.3298188"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.634"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/10319981\/10285122.pdf?arnumber=10285122","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,14]],"date-time":"2024-03-14T09:46:05Z","timestamp":1710409565000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10285122\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"references-count":39,"URL":"https:\/\/doi.org\/10.1109\/tifs.2023.3324318","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]}}}