{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T15:23:32Z","timestamp":1771514612802,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":24,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,12,4]],"date-time":"2017-12-04T00:00:00Z","timestamp":1512345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,12,4]]},"DOI":"10.1145\/3134600.3134606","type":"proceedings-article","created":{"date-parts":[[2017,12,4]],"date-time":"2017-12-04T19:18:32Z","timestamp":1512415112000},"page":"278-287","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":97,"title":["Mitigating Evasion Attacks to Deep Neural Networks via Region-based Classification"],"prefix":"10.1145","author":[{"given":"Xiaoyu","family":"Cao","sequence":"first","affiliation":[{"name":"ECE Department, Iowa State University"}]},{"given":"Neil Zhenqiang","family":"Gong","sequence":"additional","affiliation":[{"name":"ECE Department, Iowa State University"}]}],"member":"320","published-online":{"date-parts":[[2017,12,4]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Battista Biggio Blaine Nelson and Pavel Laskov. 2012. Poisoning attacks against support vector machines. In ICML.   Battista Biggio Blaine Nelson and Pavel Laskov. 2012. Poisoning attacks against support vector machines. In ICML."},{"key":"e_1_3_2_1_2_1","volume-title":"Towards Evaluating the Robustness of Neural Networks","author":"Carlini Nicholas","unstructured":"Nicholas Carlini and David Wagner . 2017. Towards Evaluating the Robustness of Neural Networks . In IEEE S & P. Nicholas Carlini and David Wagner. 2017. Towards Evaluating the Robustness of Neural Networks. In IEEE S & P."},{"key":"e_1_3_2_1_3_1","unstructured":"Ian J Goodfellow Jonathon Shlens and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. In arXiv.  Ian J Goodfellow Jonathon Shlens and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. In arXiv."},{"key":"e_1_3_2_1_4_1","unstructured":"Kathrin Grosse Praveen Manoharan Nicolas Papernot Michael Backes and Patrick McDaniel. 2017. On the (statistical) detection of adversarial examples. In arXiv.  Kathrin Grosse Praveen Manoharan Nicolas Papernot Michael Backes and Patrick McDaniel. 2017. On the (statistical) detection of adversarial examples. In arXiv."},{"key":"e_1_3_2_1_5_1","unstructured":"Kaiming He Xiangyu Zhang Shaoqing Ren and Jian Sun. 2016. Deep Residual Learning for Image Recognition. In CVPR.  Kaiming He Xiangyu Zhang Shaoqing Ren and Jian Sun. 2016. Deep Residual Learning for Image Recognition. In CVPR."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.2205597"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046684.2046692"},{"key":"e_1_3_2_1_8_1","volume-title":"Kingma and Jimmy Ba","author":"Diederik","year":"2014","unstructured":"Diederik P. Kingma and Jimmy Ba . 2014 . Adam : A Method for Stochastic Optimization. In arXiv. Diederik P. Kingma and Jimmy Ba. 2014. Adam: A Method for Stochastic Optimization. In arXiv."},{"key":"e_1_3_2_1_9_1","volume-title":"Hinton","author":"Krizhevsky Alex","year":"2012","unstructured":"Alex Krizhevsky , Ilya Sutskever , and Geoffrey E . Hinton . 2012 . ImageNet Classification with Deep Convolutional Neural Networks. In NIPS. Alex Krizhevsky, Ilya Sutskever, and Geoffrey E. Hinton. 2012. ImageNet Classification with Deep Convolutional Neural Networks. In NIPS."},{"key":"e_1_3_2_1_10_1","unstructured":"Bo Li Yining Wang Aarti Singh and Yevgeniy Vorobeychik. 2016. Data Poisoning Attacks on Factorization-Based Collaborative Filtering. In NIPS.   Bo Li Yining Wang Aarti Singh and Yevgeniy Vorobeychik. 2016. Data Poisoning Attacks on Factorization-Based Collaborative Filtering. In NIPS."},{"key":"e_1_3_2_1_11_1","unstructured":"Yanpei Liu Xinyun Chen Chang Liu and Dawn Song. 2017. Delving into Transferable Adversarial Examples and Black-box Attacks. In ICLR.  Yanpei Liu Xinyun Chen Chang Liu and Dawn Song. 2017. Delving into Transferable Adversarial Examples and Black-box Attacks. In ICLR."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134057"},{"key":"e_1_3_2_1_13_1","unstructured":"Jan Hendrik Metzen Tim Genewein Volker Fischer and Bastian Bischof. 2017. On detecting adversarial perturbations. In ICLR.  Jan Hendrik Metzen Tim Genewein Volker Fischer and Bastian Bischof. 2017. On detecting adversarial perturbations. In ICLR."},{"key":"e_1_3_2_1_14_1","volume-title":"Efficient estimation of word representations in vector space. arXiv","author":"Mikolov Tomas","year":"2013","unstructured":"Tomas Mikolov , Kai Chen , Greg Corrado , and Jeffrey Dean . 2013. Efficient estimation of word representations in vector space. arXiv ( 2013 ). Tomas Mikolov, Kai Chen, Greg Corrado, and Jeffrey Dean. 2013. Efficient estimation of word representations in vector space. arXiv (2013)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"Seyed-Mohsen Moosavi-Dezfooli Alhussein Fawzi and Pascal Frossard. 2016. DeepFool: a simple and accurate method to fool deep neural networks. In CVPR.  Seyed-Mohsen Moosavi-Dezfooli Alhussein Fawzi and Pascal Frossard. 2016. DeepFool: a simple and accurate method to fool deep neural networks. In CVPR.","DOI":"10.1109\/CVPR.2016.282"},{"key":"e_1_3_2_1_16_1","unstructured":"B. Nelson M. Barreno F. J. Chi A. D. Joseph B. I. P. Rubinstein U. Saini C. Sutton J. D. Tygar and K. Xia. 2008. Exploiting machine learning to subvert your spam filter. In LEET.   B. Nelson M. Barreno F. J. Chi A. D. Joseph B. I. P. Rubinstein U. Saini C. Sutton J. D. Tygar and K. Xia. 2008. Exploiting machine learning to subvert your spam filter. In LEET."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053009"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"Nicolas Papernot Patrick McDaniel Somesh Jha Matt Fredrikson Z. Berkay Celik and Ananthram Swami. 2016. The Limitations of Deep Learning in Adversarial Settings. In EuroS&P.  Nicolas Papernot Patrick McDaniel Somesh Jha Matt Fredrikson Z. Berkay Celik and Ananthram Swami. 2016. The Limitations of Deep Learning in Adversarial Settings. In EuroS&P.","DOI":"10.1109\/EuroSP.2016.36"},{"key":"e_1_3_2_1_19_1","volume-title":"Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks","author":"Papernot Nicolas","unstructured":"Nicolas Papernot , Patrick McDaniel , Xi Wu , Somesh Jha , and Ananthram Swami . 2016. Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks . In IEEE S & P. Nicolas Papernot, Patrick McDaniel, Xi Wu, Somesh Jha, and Ananthram Swami. 2016. Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks. In IEEE S & P."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991125"},{"key":"e_1_3_2_1_21_1","volume-title":"Julian Schrittwieser, Ioannis Antonoglou, Veda Panneershelvam, Marc Lanctot, and others.","author":"Silver David","year":"2016","unstructured":"David Silver , Aja Huang , Chris J Maddison , Arthur Guez , Laurent Sifre , George Van Den Driessche , Julian Schrittwieser, Ioannis Antonoglou, Veda Panneershelvam, Marc Lanctot, and others. 2016 . Mastering the game of Go with deep neural networks and tree search. Nature 529, 7587 (2016), 484--489. David Silver, Aja Huang, Chris J Maddison, Arthur Guez, Laurent Sifre, George Van Den Driessche, Julian Schrittwieser, Ioannis Antonoglou, Veda Panneershelvam, Marc Lanctot, and others. 2016. Mastering the game of Go with deep neural networks and tree search. Nature 529, 7587 (2016), 484--489."},{"key":"e_1_3_2_1_22_1","unstructured":"Christian Szegedy Wojciech Zaremba Ilya Sutskever Joan Bruna Dumitru Erhan Ian Goodfellow and Rob Fergus. 2013. Intriguing properties of neural networks. In arXiv.  Christian Szegedy Wojciech Zaremba Ilya Sutskever Joan Bruna Dumitru Erhan Ian Goodfellow and Rob Fergus. 2013. Intriguing properties of neural networks. In arXiv."},{"key":"e_1_3_2_1_23_1","unstructured":"Code to Train DNN for CIFAR-10. 2017. (September 2017). https:\/\/goo.gl\/mEX7By  Code to Train DNN for CIFAR-10. 2017. (September 2017). https:\/\/goo.gl\/mEX7By"},{"key":"e_1_3_2_1_24_1","volume-title":"Neil Zhenqiang Gong, and Ying Cai","author":"Yang Guolei","year":"2017","unstructured":"Guolei Yang , Neil Zhenqiang Gong, and Ying Cai . 2017 . Fake Co-visitation Injection Attacks to Recommender Systems. In NDSS. Guolei Yang, Neil Zhenqiang Gong, and Ying Cai. 2017. Fake Co-visitation Injection Attacks to Recommender Systems. In NDSS."}],"event":{"name":"ACSAC 2017: 2017 Annual Computer Security Applications Conference","location":"Orlando FL USA","acronym":"ACSAC 2017"},"container-title":["Proceedings of the 33rd Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134600.3134606","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3134600.3134606","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:30:11Z","timestamp":1750217411000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134600.3134606"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,12,4]]},"references-count":24,"alternative-id":["10.1145\/3134600.3134606","10.1145\/3134600"],"URL":"https:\/\/doi.org\/10.1145\/3134600.3134606","relation":{},"subject":[],"published":{"date-parts":[[2017,12,4]]},"assertion":[{"value":"2017-12-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}