{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:31:37Z","timestamp":1750221097885,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,12,18]],"date-time":"2018-12-18T00:00:00Z","timestamp":1545091200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,12,18]]},"DOI":"10.1145\/3293353.3293387","type":"proceedings-article","created":{"date-parts":[[2020,5,4]],"date-time":"2020-05-04T22:07:32Z","timestamp":1588630052000},"page":"1-8","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["BatchOut"],"prefix":"10.1145","author":[{"given":"Akshayvarun","family":"Subramanya","sequence":"first","affiliation":[{"name":"Video Analytics Lab, Indian Institute of Science, Bangalore, India"}]},{"given":"Konda Reddy","family":"Mopuri","sequence":"additional","affiliation":[{"name":"Video Analytics Lab, Indian Institute of Science, Bangalore, India"}]},{"given":"R. Venkatesh","family":"Babu","sequence":"additional","affiliation":[{"name":"Video Analytics Lab, Indian Institute of Science, Bangalore, India"}]}],"member":"320","published-online":{"date-parts":[[2020,5,3]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Tensorflow: Large-scale machine learning on heterogeneous distributed systems. arXiv preprint arXiv:1603.04467","author":"Abadi Mart\u00edn","year":"2016","unstructured":"Mart\u00edn Abadi , Ashish Agarwal , Paul Barham , Eugene Brevdo , Zhifeng Chen , Craig Citro , Greg S Corrado , Andy Davis , Jeffrey Dean , Matthieu Devin , 2016 . Tensorflow: Large-scale machine learning on heterogeneous distributed systems. arXiv preprint arXiv:1603.04467 (2016). Mart\u00edn Abadi, Ashish Agarwal, Paul Barham, Eugene Brevdo, Zhifeng Chen, Craig Citro, Greg S Corrado, Andy Davis, Jeffrey Dean, Matthieu Devin, et al. 2016. Tensorflow: Large-scale machine learning on heterogeneous distributed systems. arXiv preprint arXiv:1603.04467 (2016)."},{"key":"e_1_3_2_1_2_1","volume-title":"Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. arXiv preprint arXiv:1802.00420","author":"Athalye Anish","year":"2018","unstructured":"Anish Athalye , Nicholas Carlini , and David Wagner . 2018. Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. arXiv preprint arXiv:1802.00420 ( 2018 ). Anish Athalye, Nicholas Carlini, and David Wagner. 2018. Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. arXiv preprint arXiv:1802.00420 (2018)."},{"key":"e_1_3_2_1_3_1","volume-title":"International Conference on Machine Learning. 552--560","author":"Bengio Yoshua","year":"2013","unstructured":"Yoshua Bengio , Gr\u00e9goire Mesnil , Yann Dauphin , and Salah Rifai . 2013 . Better mixing via deep representations . In International Conference on Machine Learning. 552--560 . Yoshua Bengio, Gr\u00e9goire Mesnil, Yann Dauphin, and Salah Rifai. 2013. Better mixing via deep representations. In International Conference on Machine Learning. 552--560."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40994-3_25"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1142\/S0218001414600027"},{"key":"e_1_3_2_1_6_1","volume-title":"Poisoning attacks against support vector machines. arXiv preprint arXiv:1206.6389","author":"Biggio Battista","year":"2012","unstructured":"Battista Biggio , Blaine Nelson , and Pavel Laskov . 2012. Poisoning attacks against support vector machines. arXiv preprint arXiv:1206.6389 ( 2012 ). Battista Biggio, Blaine Nelson, and Pavel Laskov. 2012. Poisoning attacks against support vector machines. arXiv preprint arXiv:1206.6389 (2012)."},{"volume-title":"Gray-Box Adversarial Training. In the European Conference on Computer Vision (ECCV).","author":"Konda Reddy Mopuri Vivek B.S.","key":"e_1_3_2_1_7_1","unstructured":"Vivek B.S. , Konda Reddy Mopuri , and R. Venkatesh Babu . 2018 . Gray-Box Adversarial Training. In the European Conference on Computer Vision (ECCV). Vivek B.S., Konda Reddy Mopuri, and R. Venkatesh Babu. 2018. Gray-Box Adversarial Training. In the European Conference on Computer Vision (ECCV)."},{"key":"e_1_3_2_1_8_1","volume-title":"Defensive distillation is not robust to adversarial examples. arXiv preprint arXiv:1607.04311","author":"Carlini Nicholas","year":"2016","unstructured":"Nicholas Carlini and David Wagner . 2016. Defensive distillation is not robust to adversarial examples. arXiv preprint arXiv:1607.04311 ( 2016 ). Nicholas Carlini and David Wagner. 2016. Defensive distillation is not robust to adversarial examples. arXiv preprint arXiv:1607.04311 (2016)."},{"key":"e_1_3_2_1_9_1","volume-title":"Dataset Augmentation in Feature Space. arXiv preprint arXiv:1702.05538","author":"DeVries Terrance","year":"2017","unstructured":"Terrance DeVries and Graham W Taylor . 2017. Dataset Augmentation in Feature Space. arXiv preprint arXiv:1702.05538 ( 2017 ). Terrance DeVries and Graham W Taylor. 2017. Dataset Augmentation in Feature Space. arXiv preprint arXiv:1702.05538 (2017)."},{"key":"e_1_3_2_1_10_1","volume-title":"Daniel Nouri, et al.","author":"Dieleman Sander","year":"2015","unstructured":"Sander Dieleman , Jan Schl\u00c3ijter , Colin Raffel , Eben Olson , S\u00c3\u00ffren Kaae S\u00c3\u00ffnderby , Daniel Nouri, et al. 2015 . Lasagne : First release. (Aug. 2015). https:\/\/doi.org\/10.5281\/zenodo.27878 10.5281\/zenodo.27878 Sander Dieleman, Jan Schl\u00c3ijter, Colin Raffel, Eben Olson, S\u00c3\u00ffren Kaae S\u00c3\u00ffnderby, Daniel Nouri, et al. 2015. Lasagne: First release. (Aug. 2015). https:\/\/doi.org\/10.5281\/zenodo.27878"},{"key":"e_1_3_2_1_11_1","volume-title":"Explaining and Harnessing Adversarial Examples. CoRR abs\/1412.6572","author":"Goodfellow Ian J.","year":"2014","unstructured":"Ian J. Goodfellow , Jonathon Shlens , and Christian Szegedy . 2014. Explaining and Harnessing Adversarial Examples. CoRR abs\/1412.6572 ( 2014 ). Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and Harnessing Adversarial Examples. CoRR abs\/1412.6572 (2014)."},{"key":"e_1_3_2_1_12_1","volume-title":"Towards deep neural network architectures robust to adversarial examples. arXiv preprint arXiv:1412.5068","author":"Gu Shixiang","year":"2014","unstructured":"Shixiang Gu and Luca Rigazio . 2014. Towards deep neural network architectures robust to adversarial examples. arXiv preprint arXiv:1412.5068 ( 2014 ). Shixiang Gu and Luca Rigazio. 2014. Towards deep neural network architectures robust to adversarial examples. arXiv preprint arXiv:1412.5068 (2014)."},{"key":"e_1_3_2_1_13_1","volume-title":"Countering adversarial images using input transformations. arXiv preprint arXiv:1711.00117","author":"Guo Chuan","year":"2017","unstructured":"Chuan Guo , Mayank Rana , Moustapha Cisse , and Laurens van der Maaten . 2017. Countering adversarial images using input transformations. arXiv preprint arXiv:1711.00117 ( 2017 ). Chuan Guo, Mayank Rana, Moustapha Cisse, and Laurens van der Maaten. 2017. Countering adversarial images using input transformations. arXiv preprint arXiv:1711.00117 (2017)."},{"key":"e_1_3_2_1_14_1","volume-title":"Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531","author":"Hinton Geoffrey","year":"2015","unstructured":"Geoffrey Hinton , Oriol Vinyals , and Jeff Dean . 2015. Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 ( 2015 ). Geoffrey Hinton, Oriol Vinyals, and Jeff Dean. 2015. Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 (2015)."},{"volume-title":"Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence (AISec '11)","author":"Huang Ling","key":"e_1_3_2_1_15_1","unstructured":"Ling Huang , Anthony D. Joseph , Blaine Nelson , Benjamin I.P. Rubinstein , and J. D. Tygar . 2011. Adversarial Machine Learning . In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence (AISec '11) . Ling Huang, Anthony D. Joseph, Blaine Nelson, Benjamin I.P. Rubinstein, and J. D. Tygar. 2011. Adversarial Machine Learning. In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence (AISec '11)."},{"key":"e_1_3_2_1_16_1","unstructured":"Alex Krizhevsky. 2009. Learning multiple layers of features from tiny images. (2009).  Alex Krizhevsky. 2009. Learning multiple layers of features from tiny images. (2009)."},{"key":"e_1_3_2_1_17_1","volume-title":"Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533","author":"Kurakin Alexey","year":"2016","unstructured":"Alexey Kurakin , Ian Goodfellow , and Samy Bengio . 2016. Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533 ( 2016 ). Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2016. Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533 (2016)."},{"key":"e_1_3_2_1_18_1","volume-title":"Adversarial Machine Learning at Scale. CoRR abs\/1611.01236","author":"Kurakin Alexey","year":"2016","unstructured":"Alexey Kurakin , Ian J. Goodfellow , and Samy Bengio . 2016. Adversarial Machine Learning at Scale. CoRR abs\/1611.01236 ( 2016 ). Alexey Kurakin, Ian J. Goodfellow, and Samy Bengio. 2016. Adversarial Machine Learning at Scale. CoRR abs\/1611.01236 (2016)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"e_1_3_2_1_20_1","volume-title":"Adversarial Examples Detection in Deep Networks with Convolutional Filter Statistics. arXiv preprint arXiv:1612.07767","author":"Li Xin","year":"2016","unstructured":"Xin Li and Fuxin Li. 2016. Adversarial Examples Detection in Deep Networks with Convolutional Filter Statistics. arXiv preprint arXiv:1612.07767 ( 2016 ). Xin Li and Fuxin Li. 2016. Adversarial Examples Detection in Deep Networks with Convolutional Filter Statistics. arXiv preprint arXiv:1612.07767 (2016)."},{"key":"e_1_3_2_1_21_1","volume-title":"Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083","author":"Madry Aleksander","year":"2017","unstructured":"Aleksander Madry , Aleksandar Makelov , Ludwig Schmidt , Dimitris Tsipras , and Adrian Vladu . 2017. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 ( 2017 ). Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2017. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017)."},{"key":"e_1_3_2_1_22_1","volume-title":"On Detecting Adversarial Perturbations. ICLR","author":"Metzen Jan H.","year":"2017","unstructured":"Jan H. Metzen , Tim Genewein , Volker Fischer , and Bastian Bischoff . 2017. On Detecting Adversarial Perturbations. ICLR ( 2017 ). Jan H. Metzen, Tim Genewein, Volker Fischer, and Bastian Bischoff. 2017. On Detecting Adversarial Perturbations. ICLR (2017)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.282"},{"key":"e_1_3_2_1_24_1","volume-title":"Generalizable Data-free Objective for Crafting Universal Adversarial Perturbations","author":"Mopuri Konda Reddy","year":"2018","unstructured":"Konda Reddy Mopuri , Aditya Ganeshan , and R. Venkatesh Babu . 2018. Generalizable Data-free Objective for Crafting Universal Adversarial Perturbations . IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI) ( 2018 ). Konda Reddy Mopuri, Aditya Ganeshan, and R. Venkatesh Babu. 2018. Generalizable Data-free Objective for Crafting Universal Adversarial Perturbations. IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI) (2018)."},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the British Machine Vision Conference (BMVC).","author":"Mopuri Konda Reddy","year":"2017","unstructured":"Konda Reddy Mopuri , Utsav Garg , and R Venkatesh Babu . 2017 . Fast Feature Fool: A data independent approach to universal adversarial perturbations . In Proceedings of the British Machine Vision Conference (BMVC). Konda Reddy Mopuri, Utsav Garg, and R Venkatesh Babu. 2017. Fast Feature Fool: A data independent approach to universal adversarial perturbations. In Proceedings of the British Machine Vision Conference (BMVC)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00084"},{"volume-title":"the European Conference on Computer Vision (ECCV).","author":"Mopuri Konda Reddy","key":"e_1_3_2_1_27_1","unstructured":"Konda Reddy Mopuri , Phani Krishna Uppala , and R. Venkatesh Babu . 2018. Ask, Acquire, and Attack: Data-Free UAP Generation Using Class Impressions . In the European Conference on Computer Vision (ECCV). Konda Reddy Mopuri, Phani Krishna Uppala, and R. Venkatesh Babu. 2018. Ask, Acquire, and Attack: Data-Free UAP Generation Using Class Impressions. In the European Conference on Computer Vision (ECCV)."},{"key":"e_1_3_2_1_28_1","volume-title":"Deep directed generative autoencoders. arXiv preprint arXiv:1410.0630","author":"Ozair Sherjil","year":"2014","unstructured":"Sherjil Ozair and Yoshua Bengio . 2014. Deep directed generative autoencoders. arXiv preprint arXiv:1410.0630 ( 2014 ). Sherjil Ozair and Yoshua Bengio. 2014. Deep directed generative autoencoders. arXiv preprint arXiv:1410.0630 (2014)."},{"key":"e_1_3_2_1_29_1","volume-title":"cleverhans v1.0.0: an adversarial machine learning library. arXiv preprint arXiv:1610.00768","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot , Ian Goodfellow , Ryan Sheatsley , Reuben Feinman , and Patrick McDaniel . 2016. cleverhans v1.0.0: an adversarial machine learning library. arXiv preprint arXiv:1610.00768 ( 2016 ). Nicolas Papernot, Ian Goodfellow, Ryan Sheatsley, Reuben Feinman, and Patrick McDaniel. 2016. cleverhans v1.0.0: an adversarial machine learning library. arXiv preprint arXiv:1610.00768 (2016)."},{"key":"e_1_3_2_1_30_1","volume-title":"2016 IEEE European Symposium on. IEEE, 372--387","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot , Patrick McDaniel , Somesh Jha , Matt Fredrikson , Z Berkay Celik , and Ananthram Swami . 2016 . The limitations of deep learning in adversarial settings. In Security and Privacy (EuroS&P) , 2016 IEEE European Symposium on. IEEE, 372--387 . Nicolas Papernot, Patrick McDaniel, Somesh Jha, Matt Fredrikson, Z Berkay Celik, and Ananthram Swami. 2016. The limitations of deep learning in adversarial settings. In Security and Privacy (EuroS&P), 2016 IEEE European Symposium on. IEEE, 372--387."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.41"},{"key":"e_1_3_2_1_32_1","volume-title":"Practical Black-Box Attacks against Deep Learning Systems using Adversarial Examples. CoRR abs\/1602.02697","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot , Patrick D. McDaniel , Ian J. Goodfellow , Somesh Jha , Z. Berkay Celik , and Ananthram Swami . 2016. Practical Black-Box Attacks against Deep Learning Systems using Adversarial Examples. CoRR abs\/1602.02697 ( 2016 ). Nicolas Papernot, Patrick D. McDaniel, Ian J. Goodfellow, Somesh Jha, Z. Berkay Celik, and Ananthram Swami. 2016. Practical Black-Box Attacks against Deep Learning Systems using Adversarial Examples. CoRR abs\/1602.02697 (2016)."},{"key":"e_1_3_2_1_33_1","volume-title":"Adversarial manipulation of deep representations. arXiv preprint arXiv:1511.05122","author":"Sabour Sara","year":"2015","unstructured":"Sara Sabour , Yanshuai Cao , Fartash Faghri , and David J Fleet . 2015. Adversarial manipulation of deep representations. arXiv preprint arXiv:1511.05122 ( 2015 ). Sara Sabour, Yanshuai Cao, Fartash Faghri, and David J Fleet. 2015. Adversarial manipulation of deep representations. arXiv preprint arXiv:1511.05122 (2015)."},{"key":"e_1_3_2_1_34_1","volume-title":"Regularizing deep networks using efficient layerwise adversarial training. arXiv preprint arXiv:1705.07819 (","author":"Sankaranarayanan Swami","year":"2017","unstructured":"Swami Sankaranarayanan , Arpit Jain , Rama Chellappa , and Ser Nam Lim . 2017. Regularizing deep networks using efficient layerwise adversarial training. arXiv preprint arXiv:1705.07819 ( 2017 ). Swami Sankaranarayanan, Arpit Jain, Rama Chellappa, and Ser Nam Lim. 2017. Regularizing deep networks using efficient layerwise adversarial training. arXiv preprint arXiv:1705.07819 ( 2017)."},{"key":"e_1_3_2_1_35_1","volume-title":"Pixeldefend: Leveraging generative models to understand and defend against adversarial examples. arXiv preprint arXiv:1710.10766","author":"Song Yang","year":"2017","unstructured":"Yang Song , Taesup Kim , Sebastian Nowozin , Stefano Ermon , and Nate Kushman . 2017 . Pixeldefend: Leveraging generative models to understand and defend against adversarial examples. arXiv preprint arXiv:1710.10766 (2017). Yang Song, Taesup Kim, Sebastian Nowozin, Stefano Ermon, and Nate Kushman. 2017. Pixeldefend: Leveraging generative models to understand and defend against adversarial examples. arXiv preprint arXiv:1710.10766 (2017)."},{"key":"e_1_3_2_1_36_1","volume-title":"Intriguing properties of neural networks. CoRR abs\/1312.6199","author":"Szegedy Christian","year":"2013","unstructured":"Christian Szegedy , Wojciech Zaremba , Ilya Sutskever , Joan Bruna , Dumitru Erhan , Ian J. Goodfellow , and Rob Fergus . 2013. Intriguing properties of neural networks. CoRR abs\/1312.6199 ( 2013 ). http:\/\/arxiv.org\/abs\/1312.6199 Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian J. Goodfellow, and Rob Fergus. 2013. Intriguing properties of neural networks. CoRR abs\/1312.6199 (2013). http:\/\/arxiv.org\/abs\/1312.6199"},{"key":"e_1_3_2_1_37_1","volume-title":"A Boundary Tilting Persepective on the Phenomenon of Adversarial Examples. arXiv preprint arXiv:1608.07690","author":"Tanay Thomas","year":"2016","unstructured":"Thomas Tanay and Lewis Griffin . 2016. A Boundary Tilting Persepective on the Phenomenon of Adversarial Examples. arXiv preprint arXiv:1608.07690 ( 2016 ). Thomas Tanay and Lewis Griffin. 2016. A Boundary Tilting Persepective on the Phenomenon of Adversarial Examples. arXiv preprint arXiv:1608.07690 (2016)."},{"key":"e_1_3_2_1_38_1","volume-title":"Theano: A Python framework for fast computation of mathematical expressions. arXiv e-prints abs\/1605.02688 (May","author":"Team Theano Development","year":"2016","unstructured":"Theano Development Team . 2016 . Theano: A Python framework for fast computation of mathematical expressions. arXiv e-prints abs\/1605.02688 (May 2016). http:\/\/arxiv.org\/abs\/1605.02688 Theano Development Team. 2016. Theano: A Python framework for fast computation of mathematical expressions. arXiv e-prints abs\/1605.02688 (May 2016). http:\/\/arxiv.org\/abs\/1605.02688"}],"event":{"name":"ICVGIP 2018: 11th Indian Conference on Computer Vision, Graphics and Image Processing","acronym":"ICVGIP 2018","location":"Hyderabad India"},"container-title":["Proceedings of the 11th Indian Conference on Computer Vision, Graphics and Image Processing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3293353.3293387","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3293353.3293387","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:58:08Z","timestamp":1750208288000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3293353.3293387"}},"subtitle":["Batch-level feature augmentation to improve robustness to adversarial examples"],"short-title":[],"issued":{"date-parts":[[2018,12,18]]},"references-count":38,"alternative-id":["10.1145\/3293353.3293387","10.1145\/3293353"],"URL":"https:\/\/doi.org\/10.1145\/3293353.3293387","relation":{},"subject":[],"published":{"date-parts":[[2018,12,18]]},"assertion":[{"value":"2020-05-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}