{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,13]],"date-time":"2026-05-13T08:28:06Z","timestamp":1778660886839,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":31,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,11,3]],"date-time":"2017-11-03T00:00:00Z","timestamp":1509667200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"ONR","award":["N00014-15-1-2621"],"award-info":[{"award-number":["N00014-15-1-2621"]}]},{"name":"NIH Berkeley Deep Drive (BDD)","award":["R01HG006844"],"award-info":[{"award-number":["R01HG006844"]}]},{"name":"ARO","award":["W911NF-16-1-0069"],"award-info":[{"award-number":["W911NF-16-1-0069"]}]},{"name":"Berkeley Deep Drive (BDD)"},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["IIS-1649972"],"award-info":[{"award-number":["IIS-1649972"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["TWC-1409915"],"award-info":[{"award-number":["TWC-1409915"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["IIS-1526860"],"award-info":[{"award-number":["IIS-1526860"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["CNS-1238"],"award-info":[{"award-number":["CNS-1238"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["CNS-1640624"],"award-info":[{"award-number":["CNS-1640624"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"NIH","award":["UH2 CA203708-01"],"award-info":[{"award-number":["UH2 CA203708-01"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,11,3]]},"DOI":"10.1145\/3128572.3140447","type":"proceedings-article","created":{"date-parts":[[2017,11,3]],"date-time":"2017-11-03T12:36:10Z","timestamp":1509712570000},"page":"91-102","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":53,"title":["Robust Linear Regression Against Training Data Poisoning"],"prefix":"10.1145","author":[{"given":"Chang","family":"Liu","sequence":"first","affiliation":[{"name":"University of California, Berkeley, Berkeley, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bo","family":"Li","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, Berkeley, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yevgeniy","family":"Vorobeychik","sequence":"additional","affiliation":[{"name":"Vanderbilt University, Nashville, TN, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alina","family":"Oprea","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,11,3]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"crossref","unstructured":"Scott Alfeld Xiaojin Zhu and Paul Barford. 2016. Data Poisoning Attacks against Autoregressive Models AAAI.  Scott Alfeld Xiaojin Zhu and Paul Barford. 2016. Data Poisoning Attacks against Autoregressive Models AAAI.","DOI":"10.1609\/aaai.v30i1.10237"},{"key":"e_1_3_2_1_2_1","volume-title":"Learning to filter spam e-mail: A comparison of a naive bayesian and a memory-based approach. arXiv preprint cs\/0009009","author":"Androutsopoulos Ion","year":"2000","unstructured":"Ion Androutsopoulos , Georgios Paliouras , Vangelis Karkaletsis , Georgios Sakkis , Constantine D. Spyropoulos , and Panagiotis Stamatopoulos . 2000. Learning to filter spam e-mail: A comparison of a naive bayesian and a memory-based approach. arXiv preprint cs\/0009009 ( 2000 ). Ion Androutsopoulos, Georgios Paliouras, Vangelis Karkaletsis, Georgios Sakkis, Constantine D. Spyropoulos, and Panagiotis Stamatopoulos. 2000. Learning to filter spam e-mail: A comparison of a naive bayesian and a memory-based approach. arXiv preprint cs\/0009009 (2000)."},{"key":"e_1_3_2_1_3_1","volume-title":"2014 IEEE International Workshop on. IEEE, 197--202","author":"Barni Mauro","year":"2014","unstructured":"Mauro Barni and Benedetta Tondi . 2014 . Source distinguishability under corrupted training Information Forensics and Security (WIFS) , 2014 IEEE International Workshop on. IEEE, 197--202 . Mauro Barni and Benedetta Tondi. 2014. Source distinguishability under corrupted training Information Forensics and Security (WIFS), 2014 IEEE International Workshop on. IEEE, 197--202."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1128817.1128824"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-21557-5_37"},{"key":"e_1_3_2_1_6_1","unstructured":"Battista Biggio Blaine Nelson and Pavel Laskov. 2012. Poisoning attacks against support vector machines. ICML.  Battista Biggio Blaine Nelson and Pavel Laskov. 2012. Poisoning attacks against support vector machines. ICML."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1970392.1970395"},{"key":"e_1_3_2_1_8_1","volume-title":"Stolfo","author":"Chan Philip K.","year":"1998","unstructured":"Philip K. Chan and Salvatore J . Stolfo . 1998 . Toward Scalable Learning with Non-Uniform Class and Cost Distributions: A Case Study in Credit Card Fraud Detection. In KDD , Vol. Vol. 1998 . 164--168. Philip K. Chan and Salvatore J. Stolfo. 1998. Toward Scalable Learning with Non-Uniform Class and Cost Distributions: A Case Study in Credit Card Fraud Detection. In KDD, Vol. Vol. 1998. 164--168."},{"key":"e_1_3_2_1_9_1","volume-title":"Learning from untrusted data. arXiv preprint arXiv:1611.02315","author":"Charikar Moses","year":"2016","unstructured":"Moses Charikar , Jacob Steinhardt , and Gregory Valiant . 2016. Learning from untrusted data. arXiv preprint arXiv:1611.02315 ( 2016 ). Moses Charikar, Jacob Steinhardt, and Gregory Valiant. 2016. Learning from untrusted data. arXiv preprint arXiv:1611.02315 (2016)."},{"key":"e_1_3_2_1_10_1","volume-title":"Robust High Dimensional Sparse Regression and Matching Pursuit. arXiv preprint arXiv:1301.2725","author":"Chen Yudong","year":"2013","unstructured":"Yudong Chen , Constantine Caramanis , and Shie Mannor . 2013. Robust High Dimensional Sparse Regression and Matching Pursuit. arXiv preprint arXiv:1301.2725 ( 2013 ). Yudong Chen, Constantine Caramanis, and Shie Mannor. 2013. Robust High Dimensional Sparse Regression and Matching Pursuit. arXiv preprint arXiv:1301.2725 (2013)."},{"key":"e_1_3_2_1_11_1","volume-title":"Proc. of ICML 11","author":"Chen Yudong","year":"2011","unstructured":"Yudong Chen , Huan Xu , Constantine Caramanis , and Sujay Sanghavi . 2011 . Robust Matrix Completion and Corrupted Columns . In Proc. of ICML 11 . Yudong Chen, Huan Xu, Constantine Caramanis, and Sujay Sanghavi. 2011. Robust Matrix Completion and Corrupted Columns. In Proc. of ICML 11."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1014052.1014066"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF02288367"},{"key":"e_1_3_2_1_14_1","unstructured":"Jiashi Feng Huan Xu Shie Mannor and Shuicheng Yan. 2014. Robust logistic regression and classification. In Advances in Neural Information Processing Systems. 253--261.  Jiashi Feng Huan Xu Shie Mannor and Shuicheng Yan. 2014. Robust logistic regression and classification. In Advances in Neural Information Processing Systems. 253--261."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1037\/h0071325"},{"key":"e_1_3_2_1_16_1","volume-title":"Principal component analysis","author":"Jolliffe Ian","unstructured":"Ian Jolliffe . 2002. Principal component analysis . Wiley Online Library . Ian Jolliffe. 2002. Principal component analysis. Wiley Online Library."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.2307\/2348005"},{"key":"e_1_3_2_1_18_1","volume-title":"Understanding black-box predictions via influence functions. arXiv preprint arXiv:1703.04730","author":"Koh Pang Wei","year":"2017","unstructured":"Pang Wei Koh and Percy Liang . 2017. Understanding black-box predictions via influence functions. arXiv preprint arXiv:1703.04730 ( 2017 ). Pang Wei Koh and Percy Liang. 2017. Understanding black-box predictions via influence functions. arXiv preprint arXiv:1703.04730 (2017)."},{"key":"e_1_3_2_1_19_1","unstructured":"Bo Li and Yevgeniy Vorobeychik. 2014. Feature cross-substitution in adversarial classification Advances in Neural Information Processing Systems. 2087--2095.  Bo Li and Yevgeniy Vorobeychik. 2014. Feature cross-substitution in adversarial classification Advances in Neural Information Processing Systems. 2087--2095."},{"key":"e_1_3_2_1_20_1","unstructured":"Bo Li and Yevgeniy Vorobeychik. 2015. Scalable Optimization of Randomized Operational Decisions in Adversarial Classification Settings. In AISTATS.  Bo Li and Yevgeniy Vorobeychik. 2015. Scalable Optimization of Randomized Operational Decisions in Adversarial Classification Settings. In AISTATS."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Daniel Lowd and Christopher Meek. 2005. Adversarial learning Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining. ACM 641--647.  Daniel Lowd and Christopher Meek. 2005. Adversarial learning Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining. ACM 641--647.","DOI":"10.1145\/1081870.1081950"},{"key":"e_1_3_2_1_22_1","unstructured":"Shike Mei and Xiaojin Zhu. 2015. The Security of Latent Dirichlet Allocation. In AISTATS.  Shike Mei and Xiaojin Zhu. 2015. The Security of Latent Dirichlet Allocation. In AISTATS."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"crossref","unstructured":"Shike Mei and Xiaojin Zhu. 2015. Using Machine Teaching to Identify Optimal Training-set Attacks on Machine Learners AAAI.  Shike Mei and Xiaojin Zhu. 2015. Using Machine Teaching to Identify Optimal Training-set Attacks on Machine Learners AAAI.","DOI":"10.1609\/aaai.v29i1.9569"},{"key":"e_1_3_2_1_24_1","volume-title":"2013 20th IEEE International Conference on. IEEE, 69--73","author":"Rodriguez Paul","year":"2013","unstructured":"Paul Rodriguez and Brendt Wohlberg . 2013 . Fast principal component pursuit via alternating minimization Image Processing (ICIP) , 2013 20th IEEE International Conference on. IEEE, 69--73 . Paul Rodriguez and Brendt Wohlberg. 2013. Fast principal component pursuit via alternating minimization Image Processing (ICIP), 2013 20th IEEE International Conference on. IEEE, 69--73."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","unstructured":"Benjamin I. P. Rubinstein Blaine Nelson Ling Huang Anthony D. Joseph Shing-hon Lau Satish Rao Nina Taft and J. D. Tygar. 2009. Antidote: understanding and defending against poisoning of anomaly detectors Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference. ACM 1--14.  Benjamin I. P. Rubinstein Blaine Nelson Ling Huang Anthony D. Joseph Shing-hon Lau Satish Rao Nina Taft and J. D. Tygar. 2009. Antidote: understanding and defending against poisoning of anomaly detectors Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference. ACM 1--14.","DOI":"10.1145\/1644893.1644895"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1002\/j.1538-7305.1949.tb00928.x"},{"key":"e_1_3_2_1_27_1","unstructured":"Salvatore Stolfo David W. Fan Wenke Lee Andreas Prodromidis and P. Chan. 1997. Credit card fraud detection using meta-learning: Issues and initial results AAAI-97 Workshop on Fraud Detection and Risk Management.  Salvatore Stolfo David W. Fan Wenke Lee Andreas Prodromidis and P. Chan. 1997. Credit card fraud detection using meta-learning: Issues and initial results AAAI-97 Workshop on Fraud Detection and Risk Management."},{"key":"e_1_3_2_1_28_1","volume-title":"Proceedings of the 32nd International Conference on Machine Learning (ICML-15)","author":"Xiao Huang","year":"2015","unstructured":"Huang Xiao , Battista Biggio , Gavin Brown , Giorgio Fumera , Claudia Eckert , and Fabio Roli . 2015 . Is Feature Selection Secure against Training Data Poisoning? Proceedings of the 32nd International Conference on Machine Learning (ICML-15) . 1689--1698. Huang Xiao, Battista Biggio, Gavin Brown, Giorgio Fumera, Claudia Eckert, and Fabio Roli. 2015. Is Feature Selection Secure against Training Data Poisoning? Proceedings of the 32nd International Conference on Machine Learning (ICML-15). 1689--1698."},{"key":"e_1_3_2_1_29_1","unstructured":"Huang Xiao Battista Biggio Gavin Brown Giorgio Fumera Claudia Eckert and Fabio Roli. 2015. Is Feature Selection Secure against Training Data Poisoning ICML.  Huang Xiao Battista Biggio Gavin Brown Giorgio Fumera Claudia Eckert and Fabio Roli. 2015. Is Feature Selection Secure against Training Data Poisoning ICML."},{"key":"e_1_3_2_1_30_1","unstructured":"Huan Xu Constantine Caramanis and Sujay Sanghavi. 2010. Robust PCA via outlier pursuit. In Advances in Neural Information Processing Systems. 2496--2504.  Huan Xu Constantine Caramanis and Sujay Sanghavi. 2010. Robust PCA via outlier pursuit. In Advances in Neural Information Processing Systems. 2496--2504."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10915-013-9682-3"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3128572.3140447","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3128572.3140447","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3128572.3140447","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:11:01Z","timestamp":1750212661000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3128572.3140447"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,11,3]]},"references-count":31,"alternative-id":["10.1145\/3128572.3140447","10.1145\/3128572"],"URL":"https:\/\/doi.org\/10.1145\/3128572.3140447","relation":{},"subject":[],"published":{"date-parts":[[2017,11,3]]},"assertion":[{"value":"2017-11-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}