{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T16:25:03Z","timestamp":1775924703403,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3133956.3134057","type":"proceedings-article","created":{"date-parts":[[2017,10,27]],"date-time":"2017-10-27T12:48:18Z","timestamp":1509108498000},"page":"135-147","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":747,"title":["MagNet"],"prefix":"10.1145","author":[{"given":"Dongyu","family":"Meng","sequence":"first","affiliation":[{"name":"ShanghaiTech University, Shanghai, China"}]},{"given":"Hao","family":"Chen","sequence":"additional","affiliation":[{"name":"University of California, Davis, Davis, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"Davide Del Testa","author":"Bojarski Mariusz","year":"2016","unstructured":"Mariusz Bojarski, Davide Del Testa, Daniel Dworakowski, Bernhard Firner, Beat Flepp, Prasoon Goyal, Lawrence D Jackel, Mathew Monfort, Urs Muller, Jiakai Zhang, et al. End to end learning for self-driving cars. arXiv preprint arXiv:1604 .07316, 2016."},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"e_1_3_2_2_3_1","volume-title":"Learning transferable policies for monocular reactive mav control. arXiv preprint arXiv:1608.00627","author":"Daftry Shreyansh","year":"2016","unstructured":"Shreyansh Daftry, J Andrew Bagnell, and Martial Hebert. Learning transferable policies for monocular reactive mav control. arXiv preprint arXiv:1608.00627, 2016."},{"key":"e_1_3_2_2_4_1","volume-title":"Deep visual foresight for planning robot motion. arXiv preprint arXiv:1610.00696","author":"Finn Chelsea","year":"2016","unstructured":"Chelsea Finn and Sergey Levine. Deep visual foresight for planning robot motion. arXiv preprint arXiv:1610.00696, 2016."},{"key":"e_1_3_2_2_5_1","volume-title":"International Conference on Learning Representations (ICLR)","author":"Goodfellow Ian J.","year":"2015","unstructured":"Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. Explaining and harnessing adversarial examples. In International Conference on Learning Representations (ICLR), 2015."},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10710-017-9314-z"},{"key":"e_1_3_2_2_7_1","volume-title":"On the (statistical) detection of adversarial examples. arXiv preprint arXiv:1702.06280","author":"Grosse Kathrin","year":"2017","unstructured":"Kathrin Grosse, Praveen Manoharan, Nicolas Papernot, Michael Backes, and Patrick McDaniel. On the (statistical) detection of adversarial examples. arXiv preprint arXiv:1702.06280, 2017."},{"key":"e_1_3_2_2_8_1","volume-title":"Adversarial perturbations against deep neural networks for malware classification. arXiv preprint arXiv:1606.04435","author":"Grosse Kathrin","year":"2016","unstructured":"Kathrin Grosse, Nicolas Papernot, Praveen Manoharan, Michael Backes, and Patrick McDaniel. Adversarial perturbations against deep neural networks for malware classification. arXiv preprint arXiv:1606.04435, 2016."},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_2_10_1","volume-title":"Distilling the knowledge in a neural network. arXiv preprint arXiv:1503 .02531","author":"Hinton Geoffrey","year":"2015","unstructured":"Geoffrey Hinton, Oriol Vinyals, and Jeff Dean. Distilling the knowledge in a neural network. arXiv preprint arXiv:1503 .02531, 2015."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.2205597"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2809695.2817880"},{"key":"e_1_3_2_2_13_1","volume-title":"Uncertainty-aware reinforcement learning for collision avoidance. arXiv preprint arXiv:1702.01182","author":"Kahn Gregory","year":"2017","unstructured":"Gregory Kahn, Adam Villaflor, Vitchyr Pong, Pieter Abbeel, and Sergey Levine. Uncertainty-aware reinforcement learning for collision avoidance. arXiv preprint arXiv:1702.01182, 2017."},{"key":"e_1_3_2_2_14_1","volume-title":"Adversarial examples for generative models. arXiv preprint arXiv:1702.06832","author":"Kos Jernej","year":"2017","unstructured":"Jernej Kos, Ian Fischer, and Dawn Song. Adversarial examples for generative models. arXiv preprint arXiv:1702.06832, 2017."},{"key":"e_1_3_2_2_15_1","volume-title":"Learning multiple layers of features from tiny images","author":"Krizhevsky Alex","year":"2009","unstructured":"Alex Krizhevsky and Geoffrey Hinton. Learning multiple layers of features from tiny images, 2009."},{"key":"e_1_3_2_2_16_1","first-page":"1378","volume-title":"International Conference on Machine Learning","author":"Kumar Ankit","year":"2016","unstructured":"Ankit Kumar, Ozan Irsoy, Peter Ondruska, Mohit Iyyer, James Bradbury, Ishaan Gulrajani, Victor Zhong, Romain Paulus, and Richard Socher. Ask me anything: dynamic memory networks for natural language processing. In International Conference on Machine Learning, pages 1378--1387, 2016."},{"key":"e_1_3_2_2_17_1","volume-title":"Adversarial examples in the physical world. CoRR, abs\/1607.02533","author":"Kurakin Alexey","year":"2016","unstructured":"Alexey Kurakin, Ian J. Goodfellow, and Samy Bengio. Adversarial examples in the physical world. CoRR, abs\/1607.02533, 2016."},{"key":"e_1_3_2_2_18_1","volume-title":"The mnist database of handwritten digits","author":"LeCun Yann","year":"1998","unstructured":"Yann LeCun, Corinna Cortes, and Christopher JC Burges. The mnist database of handwritten digits, 1998."},{"key":"e_1_3_2_2_19_1","volume-title":"International Conference on Learning Representations (ICLR)","author":"Liu Yanpei","year":"2017","unstructured":"Yanpei Liu, Xinyun Chen, Chang Liu, and Dawn Song. Delving into transferable adversarial examples and black-box attacks. In International Conference on Learning Representations (ICLR), 2017."},{"key":"e_1_3_2_2_20_1","volume-title":"International Conference on Learning Representations (ICLR), April 24--26","author":"Metzen Jan Hendrik","year":"2017","unstructured":"Jan Hendrik Metzen, Tim Genewein, Volker Fischer, and Bastian Bischoff. On detecting adversarial perturbations. In International Conference on Learning Representations (ICLR), April 24--26, 2017."},{"key":"e_1_3_2_2_21_1","volume-title":"Universal adversarial perturbations. arXiv preprint arXiv:1610.08401","author":"Moosavi-Dezfooli Seyed-Mohsen","year":"2016","unstructured":"Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Omar Fawzi, and Pascal Frossard. Universal adversarial perturbations. arXiv preprint arXiv:1610.08401, 2016."},{"key":"e_1_3_2_2_22_1","volume-title":"Deepfool: a simple and accurate method to fool deep neural networks. CoRR, abs\/1511.04599","author":"Moosavi-Dezfooli Seyed-Mohsen","year":"2015","unstructured":"Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, and Pascal Frossard. Deepfool: a simple and accurate method to fool deep neural networks. CoRR, abs\/1511.04599, 2015."},{"key":"e_1_3_2_2_23_1","volume-title":"NIPS","author":"Narayanan H.","year":"2010","unstructured":"H. Narayanan and S. Mitter. Sample complexity of testing the manifold hypothesis. In NIPS, 2010."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.36"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.41"},{"key":"e_1_3_2_2_26_1","volume-title":"Cleverhans v1.0.0: an adversarial machine learning library. arXiv preprint arXiv:1610 .00768","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot, Ian Goodfellow, Ryan Sheatsley, Reuben Feinman, and Patrick McDaniel. Cleverhans v1.0.0: an adversarial machine learning library. arXiv preprint arXiv:1610 .00768, 2016."},{"key":"e_1_3_2_2_27_1","volume-title":"Crafting adversarial input sequences for recurrent neural networks. CoRR, abs\/1604.08275","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot, Patrick D. McDaniel, Ananthram Swami, and Richard E. Harang. Crafting adversarial input sequences for recurrent neural networks. CoRR, abs\/1604.08275, 2016."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053009"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2015.7178304"},{"key":"e_1_3_2_2_30_1","volume-title":"Understanding adversarial training: increasing local stability of neural nets through robust optimization. arXiv preprint arXiv :1511.05432","author":"Shaham Uri","year":"2015","unstructured":"Uri Shaham, Yutaro Yamada, and Sahand Negahban. Understanding adversarial training: increasing local stability of neural nets through robust optimization. arXiv preprint arXiv :1511.05432, 2015."},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1146\/annurev-bioeng-071516-044442"},{"key":"e_1_3_2_2_32_1","volume-title":"Deep learning for mortgage risk","author":"Sirignano Justin","year":"2016","unstructured":"Justin Sirignano, Apaar Sadhwani, and Kay Giesecke. Deep learning for mortgage risk, 2016."},{"key":"e_1_3_2_2_33_1","volume-title":"Striving for simplicity: the all convolutional net. arXiv preprint arXiv:1412.6806","author":"Springenberg Jost Tobias","year":"2014","unstructured":"Jost Tobias Springenberg, Alexey Dosovitskiy, Thomas Brox, and Martin Riedmiller. Striving for simplicity: the all convolutional net. arXiv preprint arXiv:1412.6806, 2014."},{"key":"e_1_3_2_2_34_1","volume-title":"International Conference on Learning Representations (ICLR)","author":"Szegedy Christian","year":"2014","unstructured":"Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian J. Goodfellow, and Rob Fergus. Intriguing properties of neural networks. In International Conference on Learning Representations (ICLR), 2014."},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1390156.1390294"},{"key":"e_1_3_2_2_36_1","volume-title":"Stacked denoising autoencoders: learning useful representations in a deep network with a local denoising criterion. Journal of Machine Learning Research, 11(Dec):3371--3408","author":"Vincent Pascal","year":"2010","unstructured":"Pascal Vincent, Hugo Larochelle, Isabelle Lajoie, Yoshua Bengio, and Pierre-Antoine Manzagol. Stacked denoising autoencoders: learning useful representations in a deep network with a local denoising criterion. Journal of Machine Learning Research, 11(Dec):3371--3408, 2010."},{"key":"e_1_3_2_2_37_1","volume-title":"Adversarial examples for semantic segmentation and object detection. arXiv preprint arXiv:1703 .08603","author":"Xie Cihang","year":"2017","unstructured":"Cihang Xie, Jianyu Wang, Zhishuai Zhang, Yuyin Zhou, Lingxi Xie, and Alan Yuille. Adversarial examples for semantic segmentation and object detection. arXiv preprint arXiv:1703 .08603, 2017."}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3134057","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3134057","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:11:03Z","timestamp":1750212663000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3134057"}},"subtitle":["A Two-Pronged Defense against Adversarial Examples"],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":37,"alternative-id":["10.1145\/3133956.3134057","10.1145\/3133956"],"URL":"https:\/\/doi.org\/10.1145\/3133956.3134057","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}