{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T17:55:42Z","timestamp":1775325342525,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":42,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,11,3]],"date-time":"2017-11-03T00:00:00Z","timestamp":1509667200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,11,3]]},"DOI":"10.1145\/3128572.3140449","type":"proceedings-article","created":{"date-parts":[[2017,11,3]],"date-time":"2017-11-03T12:36:10Z","timestamp":1509712570000},"page":"39-49","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":165,"title":["Efficient Defenses Against Adversarial Attacks"],"prefix":"10.1145","author":[{"given":"Valentina","family":"Zantedeschi","sequence":"first","affiliation":[{"name":"Univ Lyon, UJM-Saint-Etienne, CNRS, Saint-Etienne, France &amp; IBM Research Ireland, Dublin, Ireland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maria-Irina","family":"Nicolae","sequence":"additional","affiliation":[{"name":"IBM Research Ireland, Dublin, Ireland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ambrish","family":"Rawat","sequence":"additional","affiliation":[{"name":"IBM Research Ireland, Dublin, Ireland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,11,3]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1128817.1128824"},{"key":"e_1_3_2_1_2_1","volume-title":"Towards Open Set Deep Networks. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 1563--1572","author":"Bendale Abhijit","unstructured":"Abhijit Bendale and Terrance E . Boult 2016 . Towards Open Set Deep Networks. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 1563--1572 . http:\/\/arxiv.org\/abs\/1511.06233 Abhijit Bendale and Terrance E. Boult 2016. Towards Open Set Deep Networks. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 1563--1572. http:\/\/arxiv.org\/abs\/1511.06233"},{"key":"e_1_3_2_1_3_1","volume-title":"Evasion attacks against machine learning at test time Joint European Conference on Machine Learning and Knowledge Discovery in Databases","author":"Biggio Battista","unstructured":"Battista Biggio , Igino Corona , Davide Maiorca , Blaine Nelson , Nedim \u0160rndi\u0107 , Pavel Laskov , Giorgio Giacinto , and Fabio Roli . 2013. Evasion attacks against machine learning at test time Joint European Conference on Machine Learning and Knowledge Discovery in Databases . Springer , 387--402. Battista Biggio, Igino Corona, Davide Maiorca, Blaine Nelson, Nedim \u0160rndi\u0107, Pavel Laskov, Giorgio Giacinto, and Fabio Roli. 2013. Evasion attacks against machine learning at test time Joint European Conference on Machine Learning and Knowledge Discovery in Databases. Springer, 387--402."},{"key":"e_1_3_2_1_4_1","volume-title":"Security Evaluation of Pattern Classifiers Under Attack","author":"Biggio Battista","year":"2014","unstructured":"Battista Biggio , Giorgio Fumera , and Fabio Roli . 2014. Security Evaluation of Pattern Classifiers Under Attack . Vol. 26 ( 2014 ), 984--996. https:\/\/www.researchgate.net\/publication\/240383291_Security_Evaluation_of_Pattern_Classifiers_Under_Attack. Battista Biggio, Giorgio Fumera, and Fabio Roli. 2014. Security Evaluation of Pattern Classifiers Under Attack. Vol. 26 (2014), 984--996. https:\/\/www.researchgate.net\/publication\/240383291_Security_Evaluation_of_Pattern_Classifiers_Under_Attack."},{"key":"e_1_3_2_1_5_1","volume-title":"Defensive Distillation is Not Robust to Adversarial Examples. CoRR","author":"Carlini Nicholas","year":"2016","unstructured":"Nicholas Carlini and David Wagner . 2016. Defensive Distillation is Not Robust to Adversarial Examples. CoRR Vol. abs\/ 1607 .04311 ( 2016 ). http:\/\/arxiv.org\/abs\/1607.04311 Nicholas Carlini and David Wagner. 2016. Defensive Distillation is Not Robust to Adversarial Examples. CoRR Vol. abs\/1607.04311 (2016). http:\/\/arxiv.org\/abs\/1607.04311"},{"key":"e_1_3_2_1_6_1","volume-title":"Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods. CoRR","author":"Carlini Nicholas","year":"2017","unstructured":"Nicholas Carlini and David Wagner . 2017. Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods. CoRR Vol. abs\/ 1705 .07263 ( 2017 ). http:\/\/arxiv.org\/abs\/1705.07263 Nicholas Carlini and David Wagner. 2017. Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods. CoRR Vol. abs\/1705.07263 (2017). http:\/\/arxiv.org\/abs\/1705.07263"},{"key":"e_1_3_2_1_7_1","volume-title":"Towards Evaluating the Robustness of Neural Networks IEEE Symposium on Security and Privacy. https:\/\/arxiv.org\/abs\/1608","author":"Carlini Nicholas","year":"2017","unstructured":"Nicholas Carlini and David Wagner 2017 . Towards Evaluating the Robustness of Neural Networks IEEE Symposium on Security and Privacy. https:\/\/arxiv.org\/abs\/1608 .04644 Nicholas Carlini and David Wagner 2017. Towards Evaluating the Robustness of Neural Networks IEEE Symposium on Security and Privacy. https:\/\/arxiv.org\/abs\/1608.04644"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1014052.1014066"},{"key":"e_1_3_2_1_9_1","volume-title":"Gardner","author":"Feinman Reuben","year":"2017","unstructured":"Reuben Feinman , Ryan R. Curtin , Saurabh Shintre , and Andrew B . Gardner . 2017 . Detecting Adversarial Samples from Artifacts. CoRR Vol . abs\/1703.00410 (2017). https:\/\/arxiv.org\/abs\/1703.00410 Reuben Feinman, Ryan R. Curtin, Saurabh Shintre, and Andrew B. Gardner. 2017. Detecting Adversarial Samples from Artifacts. CoRR Vol. abs\/1703.00410 (2017). https:\/\/arxiv.org\/abs\/1703.00410"},{"key":"e_1_3_2_1_10_1","volume-title":"Proceedings of the Fourteenth International Conference on Artificial Intelligence and Statistics. 315--323","author":"Glorot Xavier","year":"2011","unstructured":"Xavier Glorot , Antoine Bordes , and Yoshua Bengio . 2011 . Deep sparse rectifier neural networks . In Proceedings of the Fourteenth International Conference on Artificial Intelligence and Statistics. 315--323 . Xavier Glorot, Antoine Bordes, and Yoshua Bengio. 2011. Deep sparse rectifier neural networks. In Proceedings of the Fourteenth International Conference on Artificial Intelligence and Statistics. 315--323."},{"key":"e_1_3_2_1_11_1","volume-title":"Adversarial and Clean Data Are Not Twins. CoRR","author":"Gong Zhitao","year":"2017","unstructured":"Zhitao Gong , Wenlu Wang , and Wei-Shinn Ku. 2017. Adversarial and Clean Data Are Not Twins. CoRR Vol. abs\/ 1704 .04960 ( 2017 ). http:\/\/arxiv.org\/abs\/1704.04960 Zhitao Gong, Wenlu Wang, and Wei-Shinn Ku. 2017. Adversarial and Clean Data Are Not Twins. CoRR Vol. abs\/1704.04960 (2017). http:\/\/arxiv.org\/abs\/1704.04960"},{"key":"e_1_3_2_1_12_1","volume-title":"Explaining and Harnessing Adversarial Examples. CoRR","author":"Goodfellow Ian J.","year":"2014","unstructured":"Ian J. Goodfellow , Jonathon Shlens , and Christian Szegedy 2014. Explaining and Harnessing Adversarial Examples. CoRR Vol. abs\/ 1412 .6572 ( 2014 ). http:\/\/arxiv.org\/abs\/1412.6572 Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy 2014. Explaining and Harnessing Adversarial Examples. CoRR Vol. abs\/1412.6572 (2014). http:\/\/arxiv.org\/abs\/1412.6572"},{"key":"e_1_3_2_1_13_1","volume-title":"McDaniel","author":"Grosse Kathrin","year":"2017","unstructured":"Kathrin Grosse , Praveen Manoharan , Nicolas Papernot , Michael Backes , and Patrick D . McDaniel . 2017 . On the (Statistical) Detection of Adversarial Examples. CoRR Vol . abs\/1702.06280 (2017). http:\/\/arxiv.org\/abs\/1702.06280 Kathrin Grosse, Praveen Manoharan, Nicolas Papernot, Michael Backes, and Patrick D. McDaniel. 2017. On the (Statistical) Detection of Adversarial Examples. CoRR Vol. abs\/1702.06280 (2017). http:\/\/arxiv.org\/abs\/1702.06280"},{"key":"e_1_3_2_1_14_1","volume-title":"Deep Residual Learning for Image Recognition. CoRR","author":"He Kaiming","year":"2015","unstructured":"Kaiming He , Xiangyu Zhang , Shaoqing Ren , and Jian Sun . 2015. Deep Residual Learning for Image Recognition. CoRR Vol. abs\/ 1512 .03385 ( 2015 ). http:\/\/arxiv.org\/abs\/1512.03385 Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2015. Deep Residual Learning for Image Recognition. CoRR Vol. abs\/1512.03385 (2015). http:\/\/arxiv.org\/abs\/1512.03385"},{"key":"e_1_3_2_1_15_1","volume-title":"Safety Verification of Deep Neural Networks. CoRR","author":"Huang Xiaowei","year":"2016","unstructured":"Xiaowei Huang , Marta Kwiatkowska , Sen Wang , and Min Wu. 2016. Safety Verification of Deep Neural Networks. CoRR Vol. abs\/ 1610 .06940 ( 2016 ). http:\/\/arxiv.org\/abs\/1610.06940 Xiaowei Huang, Marta Kwiatkowska, Sen Wang, and Min Wu. 2016. Safety Verification of Deep Neural Networks. CoRR Vol. abs\/1610.06940 (2016). http:\/\/arxiv.org\/abs\/1610.06940"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1137\/0222052"},{"key":"e_1_3_2_1_17_1","unstructured":"Alex Krizhevsky Vinod Nair and Geoffrey Hinton. 2009. CIFAR-10 (Canadian Institute for Advanced Research). (2009). http:\/\/www.cs.toronto.edu\/~kriz\/cifar.html Alex Krizhevsky Vinod Nair and Geoffrey Hinton. 2009. CIFAR-10 (Canadian Institute for Advanced Research). (2009). http:\/\/www.cs.toronto.edu\/~kriz\/cifar.html"},{"key":"e_1_3_2_1_18_1","volume-title":"International Conference on Machine Learning (ICML). https:\/\/arxiv.org\/abs\/1706","author":"Krueger David","year":"2017","unstructured":"David Krueger , Nicolas Ballas , Stanislaw Jastrzebski , Devansh Arpit , Maxinder S. Kanwal , Tegan Maharaj , Emmanuel Bengio , Asja Fischer , Aaron Courville , Simon Lacoste-Julien , and Yoshua Bengio . 2017 . A Closer Look at Memorization in Deep Networks . In International Conference on Machine Learning (ICML). https:\/\/arxiv.org\/abs\/1706 .05394shownotearxiv:1706.05394. David Krueger, Nicolas Ballas, Stanislaw Jastrzebski, Devansh Arpit, Maxinder S. Kanwal, Tegan Maharaj, Emmanuel Bengio, Asja Fischer, Aaron Courville, Simon Lacoste-Julien, and Yoshua Bengio. 2017. A Closer Look at Memorization in Deep Networks. In International Conference on Machine Learning (ICML). https:\/\/arxiv.org\/abs\/1706.05394shownotearxiv:1706.05394."},{"key":"e_1_3_2_1_19_1","volume-title":"Adversarial examples in the physical world. CoRR","author":"Kurakin Alexey","year":"2016","unstructured":"Alexey Kurakin , Ian J. Goodfellow , and Samy Bengio . 2016. Adversarial examples in the physical world. CoRR Vol. abs\/ 1607 .02533 ( 2016 ). http:\/\/arxiv.org\/abs\/1607.02533 Alexey Kurakin, Ian J. Goodfellow, and Samy Bengio. 2016. Adversarial examples in the physical world. CoRR Vol. abs\/1607.02533 (2016). http:\/\/arxiv.org\/abs\/1607.02533"},{"key":"e_1_3_2_1_20_1","volume-title":"The Handbook of Brain Theory and Neural Networks","author":"LeCun Yann","unstructured":"Yann LeCun and Yoshua Bengio . 1998. The Handbook of Brain Theory and Neural Networks . MIT Press , Cambridge, MA, USA , Chapter Convolutional Networks for Images, Speech, and Time Series, 255--258. http:\/\/dl.acm.org\/citation.cfm?id=303568.303704 Yann LeCun and Yoshua Bengio. 1998. The Handbook of Brain Theory and Neural Networks. MIT Press, Cambridge, MA, USA, Chapter Convolutional Networks for Images, Speech, and Time Series, 255--258. http:\/\/dl.acm.org\/citation.cfm?id=303568.303704"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1038\/nature14539"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2016.08.037"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1081870.1081950"},{"key":"e_1_3_2_1_25_1","volume-title":"Towards Deep Learning Models Resistant to Adversarial Attacks. CoRR abs\/1706.06083","author":"Madry Aleksander","year":"2017","unstructured":"Aleksander Madry , Aleksandar Makelov , Ludwig Schmidt , Dimitris Tsipras , and Adrian Vladu . 2017. Towards Deep Learning Models Resistant to Adversarial Attacks. CoRR abs\/1706.06083 ( 2017 ). https:\/\/arxiv.org\/abs\/1706.06083 Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2017. Towards Deep Learning Models Resistant to Adversarial Attacks. CoRR abs\/1706.06083 (2017). https:\/\/arxiv.org\/abs\/1706.06083"},{"key":"e_1_3_2_1_26_1","volume-title":"On Detecting Adversarial Perturbations. CoRR abs\/1702.04267","author":"Metzen Jan Hendrik","year":"2017","unstructured":"Jan Hendrik Metzen , Tim Genewein , Volker Fischer , and Bastian Bischoff . 2017. On Detecting Adversarial Perturbations. CoRR abs\/1702.04267 ( 2017 ). https:\/\/arxiv.org\/abs\/1702.04267 Jan Hendrik Metzen, Tim Genewein, Volker Fischer, and Bastian Bischoff. 2017. On Detecting Adversarial Perturbations. CoRR abs\/1702.04267 (2017). https:\/\/arxiv.org\/abs\/1702.04267"},{"key":"e_1_3_2_1_27_1","volume-title":"Virtual Adversarial Training: a Regularization Method for Supervised and Semi-supervised Learning. arXiv preprint arXiv:1704.03976","author":"Miyato Takeru","year":"2017","unstructured":"Takeru Miyato , Shin-ichi Maeda, Masanori Koyama , and Shin Ishii . 2017. Virtual Adversarial Training: a Regularization Method for Supervised and Semi-supervised Learning. arXiv preprint arXiv:1704.03976 ( 2017 ). Takeru Miyato, Shin-ichi Maeda, Masanori Koyama, and Shin Ishii. 2017. Virtual Adversarial Training: a Regularization Method for Supervised and Semi-supervised Learning. arXiv preprint arXiv:1704.03976 (2017)."},{"key":"e_1_3_2_1_28_1","volume-title":"Universal adversarial perturbations. CoRR abs\/1610.08401","author":"Moosavi-Dezfooli Seyed-Mohsen","year":"2016","unstructured":"Seyed-Mohsen Moosavi-Dezfooli , Alhussein Fawzi , Omar Fawzi , and Pascal Frossard . 2016. Universal adversarial perturbations. CoRR abs\/1610.08401 ( 2016 ). http:\/\/arxiv.org\/abs\/1610.08401 Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Omar Fawzi, and Pascal Frossard. 2016. Universal adversarial perturbations. CoRR abs\/1610.08401 (2016). http:\/\/arxiv.org\/abs\/1610.08401"},{"key":"e_1_3_2_1_29_1","volume-title":"DeepFool: a simple and accurate method to fool deep neural networks. CoRR abs\/1511.04599","author":"Moosavi-Dezfooli Seyed-Mohsen","year":"2015","unstructured":"Seyed-Mohsen Moosavi-Dezfooli , Alhussein Fawzi , and Pascal Frossard . 2015. DeepFool: a simple and accurate method to fool deep neural networks. CoRR abs\/1511.04599 ( 2015 ). http:\/\/arxiv.org\/abs\/1511.04599 Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, and Pascal Frossard. 2015. DeepFool: a simple and accurate method to fool deep neural networks. CoRR abs\/1511.04599 (2015). http:\/\/arxiv.org\/abs\/1511.04599"},{"key":"e_1_3_2_1_30_1","volume-title":"Analysis of universal adversarial perturbations. CoRR abs\/1705.09554","author":"Moosavi-Dezfooli Seyed-Mohsen","year":"2017","unstructured":"Seyed-Mohsen Moosavi-Dezfooli , Alhussein Fawzi , Omar Fawzi , Pascal Frossard , and Stefano Soatto . 2017. Analysis of universal adversarial perturbations. CoRR abs\/1705.09554 ( 2017 ). https:\/\/arxiv.org\/abs\/1705.09554 Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Omar Fawzi, Pascal Frossard, and Stefano Soatto. 2017. Analysis of universal adversarial perturbations. CoRR abs\/1705.09554 (2017). https:\/\/arxiv.org\/abs\/1705.09554"},{"key":"e_1_3_2_1_31_1","volume-title":"Deep Neural Networks are Easily Fooled: High Confidence Predictions for Unrecognizable Images. CoRR abs\/1412.1897","author":"Nguyen Anh Mai","year":"2014","unstructured":"Anh Mai Nguyen , Jason Yosinski , and Jeff Clune . 2014. Deep Neural Networks are Easily Fooled: High Confidence Predictions for Unrecognizable Images. CoRR abs\/1412.1897 ( 2014 ). http:\/\/arxiv.org\/abs\/1412.1897 Anh Mai Nguyen, Jason Yosinski, and Jeff Clune. 2014. Deep Neural Networks are Easily Fooled: High Confidence Predictions for Unrecognizable Images. CoRR abs\/1412.1897 (2014). http:\/\/arxiv.org\/abs\/1412.1897"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053009"},{"key":"e_1_3_2_1_33_1","volume-title":"McDaniel","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot and Patrick D . McDaniel . 2016 . On the Effectiveness of Defensive Distillation. CoRR Vol . abs\/1607.05113 (2016). http:\/\/arxiv.org\/abs\/1607.05113 Nicolas Papernot and Patrick D. McDaniel. 2016. On the Effectiveness of Defensive Distillation. CoRR Vol. abs\/1607.05113 (2016). http:\/\/arxiv.org\/abs\/1607.05113"},{"key":"e_1_3_2_1_34_1","volume-title":"The Limitations of Deep Learning in Adversarial Settings. CoRR","author":"Papernot Nicolas","year":"2015","unstructured":"Nicolas Papernot , Patrick D. McDaniel , Somesh Jha , Matt Fredrikson , Z. Berkay Celik , and Ananthram Swami . 2015. The Limitations of Deep Learning in Adversarial Settings. CoRR Vol. abs\/ 1511 .07528 ( 2015 ). http:\/\/arxiv.org\/abs\/1511.07528 Nicolas Papernot, Patrick D. McDaniel, Somesh Jha, Matt Fredrikson, Z. Berkay Celik, and Ananthram Swami. 2015. The Limitations of Deep Learning in Adversarial Settings. CoRR Vol. abs\/1511.07528 (2015). http:\/\/arxiv.org\/abs\/1511.07528"},{"key":"e_1_3_2_1_35_1","volume-title":"Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks. CoRR","author":"Papernot Nicolas","year":"2015","unstructured":"Nicolas Papernot , Patrick D. McDaniel , Xi Wu , Somesh Jha , and Ananthram Swami . 2015. Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks. CoRR Vol. abs\/ 1511 .04508 ( 2015 ). http:\/\/arxiv.org\/abs\/1511.04508 Nicolas Papernot, Patrick D. McDaniel, Xi Wu, Somesh Jha, and Ananthram Swami. 2015. Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks. CoRR Vol. abs\/1511.04508 (2015). http:\/\/arxiv.org\/abs\/1511.04508"},{"key":"e_1_3_2_1_36_1","volume-title":"JMLR","volume":"15","author":"Srivastava Nitish","year":"2014","unstructured":"Nitish Srivastava , Geoffrey Hinton , Alex Krizhevsky , Ilya Sutskever , and Ruslan Salakhutdinov . 2014 . Dropout: A Simple Way to Prevent Neural Networks from Overfitting . JMLR , Vol. 15 , 1 (Jan. 2014), 1929--1958. http:\/\/dl.acm.org\/citation.cfm?id=2627435.2670313 Nitish Srivastava, Geoffrey Hinton, Alex Krizhevsky, Ilya Sutskever, and Ruslan Salakhutdinov. 2014. Dropout: A Simple Way to Prevent Neural Networks from Overfitting. JMLR, Vol. 15, 1 (Jan. 2014), 1929--1958. http:\/\/dl.acm.org\/citation.cfm?id=2627435.2670313"},{"key":"e_1_3_2_1_37_1","volume-title":"Intriguing properties of neural networks. CoRR","author":"Szegedy Christian","year":"2013","unstructured":"Christian Szegedy , Wojciech Zaremba , Ilya Sutskever , Joan Bruna , Dumitru Erhan , Ian J. Goodfellow , and Rob Fergus . 2013. Intriguing properties of neural networks. CoRR Vol. abs\/ 1312 .6199 ( 2013 ). http:\/\/arxiv.org\/abs\/1312.6199 Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian J. Goodfellow, and Rob Fergus. 2013. Intriguing properties of neural networks. CoRR Vol. abs\/1312.6199 (2013). http:\/\/arxiv.org\/abs\/1312.6199"},{"key":"e_1_3_2_1_38_1","volume-title":"Ensemble Adversarial Training: Attacks and Defenses. arXiv preprint arXiv:1705.07204","author":"Tram\u00e8r Florian","year":"2017","unstructured":"Florian Tram\u00e8r , Alexey Kurakin , Nicolas Papernot , Dan Boneh , and Patrick McDaniel . 2017. Ensemble Adversarial Training: Attacks and Defenses. arXiv preprint arXiv:1705.07204 ( 2017 ). Florian Tram\u00e8r, Alexey Kurakin, Nicolas Papernot, Dan Boneh, and Patrick McDaniel. 2017. Ensemble Adversarial Training: Attacks and Defenses. arXiv preprint arXiv:1705.07204 (2017)."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","unstructured":"David Warde-Farley and Ian Goodfellow. 2016. Adversarial Perturbations of Deep Neural Networks. Perturbation Optimization and Statistics Tamir Hazan George Papandreou and Daniel Tarlow (Eds.). David Warde-Farley and Ian Goodfellow. 2016. Adversarial Perturbations of Deep Neural Networks. Perturbation Optimization and Statistics Tamir Hazan George Papandreou and Daniel Tarlow (Eds.).","DOI":"10.7551\/mitpress\/10761.003.0012"},{"key":"e_1_3_2_1_40_1","volume-title":"Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. CoRR","author":"Xu Weilin","year":"2017","unstructured":"Weilin Xu , David Evans , and Yanjun Qi . 2017 . Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. CoRR Vol. abs\/ 1704 .01155 (2017). http:\/\/arxiv.org\/abs\/1704.01155 Weilin Xu, David Evans, and Yanjun Qi. 2017. Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. CoRR Vol. abs\/1704.01155 (2017). http:\/\/arxiv.org\/abs\/1704.01155"},{"key":"e_1_3_2_1_41_1","volume-title":"Feature Squeezing Mitigates and Detects Carlini\/Wagner Adversarial Examples. CoRR","author":"Xu Weilin","year":"2017","unstructured":"Weilin Xu , David Evans , and Yanjun Qi. 2017. Feature Squeezing Mitigates and Detects Carlini\/Wagner Adversarial Examples. CoRR Vol. abs\/ 1705 .10686 ( 2017 ). https:\/\/arxiv.org\/abs\/1705.10686 Weilin Xu, David Evans, and Yanjun Qi. 2017. Feature Squeezing Mitigates and Detects Carlini\/Wagner Adversarial Examples. CoRR Vol. abs\/1705.10686 (2017). https:\/\/arxiv.org\/abs\/1705.10686"},{"key":"e_1_3_2_1_42_1","volume-title":"Understanding deep learning requires rethinking generalization. CoRR","author":"Zhang Chiyuan","year":"2016","unstructured":"Chiyuan Zhang , Samy Bengio , Moritz Hardt , Benjamin Recht , and Oriol Vinyals . 2016. Understanding deep learning requires rethinking generalization. CoRR Vol. abs\/ 1611 .03530 ( 2016 ). http:\/\/arxiv.org\/abs\/1611.03530 Chiyuan Zhang, Samy Bengio, Moritz Hardt, Benjamin Recht, and Oriol Vinyals. 2016. Understanding deep learning requires rethinking generalization. CoRR Vol. abs\/1611.03530 (2016). http:\/\/arxiv.org\/abs\/1611.03530"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3128572.3140449","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3128572.3140449","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:11:01Z","timestamp":1750212661000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3128572.3140449"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,11,3]]},"references-count":42,"alternative-id":["10.1145\/3128572.3140449","10.1145\/3128572"],"URL":"https:\/\/doi.org\/10.1145\/3128572.3140449","relation":{},"subject":[],"published":{"date-parts":[[2017,11,3]]},"assertion":[{"value":"2017-11-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}