{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,7]],"date-time":"2025-11-07T09:24:11Z","timestamp":1762507451720,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":53,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,7,19]],"date-time":"2018-07-19T00:00:00Z","timestamp":1531958400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,7,19]]},"DOI":"10.1145\/3219819.3220027","type":"proceedings-article","created":{"date-parts":[[2018,7,19]],"date-time":"2018-07-19T13:05:12Z","timestamp":1532005512000},"page":"1803-1811","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":40,"title":["Adversarial Detection with Model Interpretation"],"prefix":"10.1145","author":[{"given":"Ninghao","family":"Liu","sequence":"first","affiliation":[{"name":"Texas A&M University, College Station, TX, USA"}]},{"given":"Hongxia","family":"Yang","sequence":"additional","affiliation":[{"name":"Alibaba Group, Hangzhou, China"}]},{"given":"Xia","family":"Hu","sequence":"additional","affiliation":[{"name":"Texas A&M University, College Station, TX, USA"}]}],"member":"320","published-online":{"date-parts":[[2018,7,19]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"crossref","unstructured":"Scott Alfeld Xiaojin Zhu and Paul Barford . 2016. Data Poisoning Attacks against Autoregressive Models. AAAI.   Scott Alfeld Xiaojin Zhu and Paul Barford . 2016. Data Poisoning Attacks against Autoregressive Models. AAAI.","DOI":"10.1609\/aaai.v30i1.10237"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"crossref","unstructured":"Scott Alfeld Xiaojin Zhu and Paul Barford . 2017. Explicit Defense Actions Against Test-Set Attacks. AAAI.  Scott Alfeld Xiaojin Zhu and Paul Barford . 2017. Explicit Defense Actions Against Test-Set Attacks. AAAI.","DOI":"10.1609\/aaai.v31i1.10767"},{"volume-title":"How to explain individual classification decisions. Journal of Machine Learning Research","year":"2010","author":"Baehrens David","key":"e_1_3_2_2_3_1"},{"key":"e_1_3_2_2_4_1","unstructured":"Fabricio Benevenuto Gabriel Magno Tiago Rodrigues and Virgilio Almeida . 2010. Detecting spammers on twitter. In CEAS.  Fabricio Benevenuto Gabriel Magno Tiago Rodrigues and Virgilio Almeida . 2010. Detecting spammers on twitter. In CEAS."},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2488388.2488400"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40994-3_25"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2013.57"},{"key":"e_1_3_2_2_8_1","unstructured":"Battista Biggio Blaine Nelson and Pavel Laskov . 2011. Support vector machines under adversarial label noise ACML.  Battista Biggio Blaine Nelson and Pavel Laskov . 2011. Support vector machines under adversarial label noise ACML."},{"volume-title":"Static prediction games for adversarial learning problems. JMLR","year":"2012","author":"Br\u00fcckner Michael","key":"e_1_3_2_2_9_1"},{"key":"e_1_3_2_2_10_1","unstructured":"Michael Br\u00fcckner and Tobias Scheffer . 2009. Nash equilibria of static prediction games. In NIPS.   Michael Br\u00fcckner and Tobias Scheffer . 2009. Nash equilibria of static prediction games. In NIPS."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"crossref","unstructured":"Michael Br\u00fcckner and Tobias Scheffer . 2011. Stackelberg games for adversarial prediction problems KDD.  Michael Br\u00fcckner and Tobias Scheffer . 2011. Stackelberg games for adversarial prediction problems KDD.","DOI":"10.1145\/2020408.2020495"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1150402.1150464"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134606"},{"volume-title":"2017 IEEE Symposium on. IEEE.","year":"2017","author":"Carlini Nicholas","key":"e_1_3_2_2_14_1"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1963405.1963500"},{"volume-title":"Jimeng Sun, Joshua Kulas, Andy Schuetz, and Walter Stewart .","year":"2016","author":"Choi Edward","key":"e_1_3_2_2_16_1"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1014052.1014066"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3219819.3220099"},{"volume-title":"Minds-minnesota intrusion detection system. Next generation data mining","year":"2004","author":"Ertoz Levent","key":"e_1_3_2_2_19_1"},{"volume-title":"An Interpretable Classification Framework for Information Extraction from Online Healthcare Forums. Journal of Healthcare Engineering","year":"2017","author":"Gao Jun","key":"e_1_3_2_2_20_1"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2187836.2187846"},{"volume-title":"EXPLAINING AND HARNESSING ADVERSARIAL EXAMPLES. stat","year":"2015","author":"Goodfellow Ian J","key":"e_1_3_2_2_22_1"},{"volume-title":"Distilling the Knowledge in a Neural Network. stat","year":"2015","author":"Hinton Geoffrey","key":"e_1_3_2_2_23_1"},{"volume-title":"Adversarial attacks on neural network policies. arXiv preprint arXiv:1702.02284","year":"2017","author":"Huang Sandy","key":"e_1_3_2_2_24_1"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1341531.1341560"},{"key":"e_1_3_2_2_26_1","unstructured":"Been Kim Rajiv Khanna and Oluwasanmi O Koyejo . 2016. Examples are not enough learn to criticize! criticism for interpretability NIPS.   Been Kim Rajiv Khanna and Oluwasanmi O Koyejo . 2016. Examples are not enough learn to criticize! criticism for interpretability NIPS."},{"key":"e_1_3_2_2_27_1","unstructured":"Been Kim Cynthia Rudin and Julie A Shah . 2014. The bayesian case model: A generative approach for case-based reasoning and prototype classification. In NIPS.   Been Kim Cynthia Rudin and Julie A Shah . 2014. The bayesian case model: A generative approach for case-based reasoning and prototype classification. In NIPS."},{"volume-title":"Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533","year":"2016","author":"Kurakin Alexey","key":"e_1_3_2_2_28_1"},{"volume-title":"Human-level concept learning through probabilistic program induction. Science","year":"2015","author":"Lake Brenden M","key":"e_1_3_2_2_29_1"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939874"},{"volume-title":"Brian David Eoff, and James Caverlee","year":"2011","author":"Lee Kyumin","key":"e_1_3_2_2_31_1"},{"key":"e_1_3_2_2_32_1","unstructured":"Fangtao Li Minlie Huang Yi Yang and Xiaoyan Zhu . 2011. Learning to identify review spam. In IJCAI.   Fangtao Li Minlie Huang Yi Yang and Xiaoyan Zhu . 2011. Learning to identify review spam. In IJCAI."},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3219819.3220001"},{"volume-title":"2017 b. Contextual Outlier Interpretation. arXiv preprint arXiv:1711.10589","year":"2017","author":"Liu Ninghao","key":"e_1_3_2_2_34_1"},{"key":"e_1_3_2_2_35_1","unstructured":"Yanpei Liu Xinyun Chen Chang Liu and Dawn Song . 2017 a. Delving into Transferable Adversarial Examples and Black-box Attacks ICLR.  Yanpei Liu Xinyun Chen Chang Liu and Dawn Song . 2017 a. Delving into Transferable Adversarial Examples and Black-box Attacks ICLR."},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"crossref","unstructured":"E Mariconti L Onwuzurike P Andriotis E De Cristofaro G Ross and G Stringhini . 2017. MamaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models NDSS.  E Mariconti L Onwuzurike P Andriotis E De Cristofaro G Ross and G Stringhini . 2017. MamaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models NDSS.","DOI":"10.14722\/ndss.2017.23353"},{"volume-title":"Methods for Interpreting and Understanding Deep Neural Networks. arXiv preprint arXiv:1706.07979","year":"2017","author":"Montavon Gr\u00e9goire","key":"e_1_3_2_2_37_1"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"crossref","unstructured":"Seyed-Mohsen Moosavi-Dezfooli Alhussein Fawzi and Pascal Frossard . 2016. Deepfool: a simple and accurate method to fool deep neural networks CVPR.  Seyed-Mohsen Moosavi-Dezfooli Alhussein Fawzi and Pascal Frossard . 2016. Deepfool: a simple and accurate method to fool deep neural networks CVPR.","DOI":"10.1109\/CVPR.2016.282"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2187836.2187863"},{"key":"e_1_3_2_2_41_1","unstructured":"Feiping Nie Heng Huang Xiao Cai and Chris H Ding . 2010. Efficient and robust feature selection via joint L2 1-norms minimization NIPS.   Feiping Nie Heng Huang Xiao Cai and Chris H Ding . 2010. Efficient and robust feature selection via joint L2 1-norms minimization NIPS."},{"volume-title":"2016 a. Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv preprint arXiv:1605.07277","year":"2016","author":"Papernot Nicolas","key":"e_1_3_2_2_42_1"},{"volume-title":"2016 d. Practical black-box attacks against deep learning systems using adversarial examples. arXiv preprint arXiv:1602.02697","year":"2016","author":"Papernot Nicolas","key":"e_1_3_2_2_43_1"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"crossref","unstructured":"Nicolas Papernot Patrick McDaniel and Others . 2016 b. Distillation as a defense to adversarial perturbations against deep neural networks. In SP.  Nicolas Papernot Patrick McDaniel and Others . 2016 b. Distillation as a defense to adversarial perturbations against deep neural networks. In SP.","DOI":"10.1109\/SP.2016.41"},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"crossref","unstructured":"Nicolas Papernot Patrick McDaniel and Others . 2016 c. The limitations of deep learning in adversarial settings EuroS&EP.  Nicolas Papernot Patrick McDaniel and Others . 2016 c. The limitations of deep learning in adversarial settings EuroS&EP.","DOI":"10.1109\/EuroSP.2016.36"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"crossref","unstructured":"Marco Tulio Ribeiro Sameer Singh and Carlos Guestrin . 2016. Why Should I Trust You?: Explaining the Predictions of Any Classifier KDD.  Marco Tulio Ribeiro Sameer Singh and Carlos Guestrin . 2016. Why Should I Trust You?: Explaining the Predictions of Any Classifier KDD.","DOI":"10.18653\/v1\/N16-3020"},{"key":"e_1_3_2_2_47_1","first-page":"55","article-title":"Active learning literature survey. University of Wisconsin","volume":"52","author":"Burr Settles","year":"2010","journal-title":"Madison"},{"volume-title":"Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199","year":"2013","author":"Szegedy Christian","key":"e_1_3_2_2_48_1"},{"key":"e_1_3_2_2_49_1","unstructured":"Florian Tram\u00e8r Fan Zhang Ari Juels Michael K Reiter and Thomas Ristenpart . 2016. Stealing machine learning models via prediction apis USENIX Security.  Florian Tram\u00e8r Fan Zhang Ari Juels Michael K Reiter and Thomas Ristenpart . 2016. Stealing machine learning models via prediction apis USENIX Security."},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"crossref","unstructured":"Gang Wang Tianyi Wang Haitao Zheng and Ben Y Zhao . 2014. Man vs. Machine: Practical Adversarial Detection of Malicious Crowdsourcing Workers. Usenix Security.   Gang Wang Tianyi Wang Haitao Zheng and Ben Y Zhao . 2014. Man vs. Machine: Practical Adversarial Detection of Malicious Crowdsourcing Workers. Usenix Security.","DOI":"10.1145\/2486001.2491719"},{"volume-title":"Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks NDSS.","year":"2018","author":"Xu Weilin","key":"e_1_3_2_2_51_1"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23115"},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_17"},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2339530.2339697"}],"event":{"name":"KDD '18: The 24th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining","sponsor":["SIGMOD ACM Special Interest Group on Management of Data","SIGKDD ACM Special Interest Group on Knowledge Discovery in Data"],"location":"London United Kingdom","acronym":"KDD '18"},"container-title":["Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3219819.3220027","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3219819.3220027","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:07:28Z","timestamp":1750212448000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3219819.3220027"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,7,19]]},"references-count":53,"alternative-id":["10.1145\/3219819.3220027","10.1145\/3219819"],"URL":"https:\/\/doi.org\/10.1145\/3219819.3220027","relation":{},"subject":[],"published":{"date-parts":[[2018,7,19]]},"assertion":[{"value":"2018-07-19","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}