{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,7]],"date-time":"2025-08-07T20:43:34Z","timestamp":1754599414124,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,10,15]],"date-time":"2019-10-15T00:00:00Z","timestamp":1571097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Natural Science Foundation of China","award":["61572274 , 61672307"],"award-info":[{"award-number":["61572274 , 61672307"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,10,15]]},"DOI":"10.1145\/3343031.3350887","type":"proceedings-article","created":{"date-parts":[[2019,10,21]],"date-time":"2019-10-21T16:32:26Z","timestamp":1571675546000},"page":"692-701","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["MetaAdvDet"],"prefix":"10.1145","author":[{"given":"Chen","family":"Ma","sequence":"first","affiliation":[{"name":"Tsinghua University & Beijing National Research Center for Information Science and Technology (BNRist), Beijing, China"}]},{"given":"Chenxu","family":"Zhao","sequence":"additional","affiliation":[{"name":"JD AI Research, Beijing, China"}]},{"given":"Hailin","family":"Shi","sequence":"additional","affiliation":[{"name":"JD AI Research, Beijing, China"}]},{"given":"Li","family":"Chen","sequence":"additional","affiliation":[{"name":"Tsinghua University & BNRist, Beijing, China"}]},{"given":"Junhai","family":"Yong","sequence":"additional","affiliation":[{"name":"Tsinghua University & BNRist, Beijing, China"}]},{"given":"Dan","family":"Zeng","sequence":"additional","affiliation":[{"name":"Shanghai University, Shanghai, China"}]}],"member":"320","published-online":{"date-parts":[[2019,10,15]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00357"},{"key":"e_1_3_2_1_2_1","volume-title":"Proceedings of the 35th International Conference on Machine Learning (Proceedings of Machine Learning Research), Jennifer Dy and Andreas Krause (Eds.)","volume":"80","author":"Athalye Anish","year":"2018","unstructured":"Anish Athalye , Nicholas Carlini , and David Wagner . 2018 . Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples . In Proceedings of the 35th International Conference on Machine Learning (Proceedings of Machine Learning Research), Jennifer Dy and Andreas Krause (Eds.) , Vol. 80 . PMLR, Stockholmsm\u00e4ssan, Stockholm Sweden, 274--283. http:\/\/proceedings.mlr.press\/v80\/athalye18a.html Anish Athalye, Nicholas Carlini, and David Wagner. 2018. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. In Proceedings of the 35th International Conference on Machine Learning (Proceedings of Machine Learning Research), Jennifer Dy and Andreas Krause (Eds.), Vol. 80. PMLR, Stockholmsm\u00e4ssan, Stockholm Sweden, 274--283. http:\/\/proceedings.mlr.press\/v80\/athalye18a.html"},{"key":"e_1_3_2_1_3_1","volume-title":"Dimensionality Reduction as a Defense against Evasion Attacks on Machine Learning Classifiers. CoRR","author":"Bhagoji Arjun Nitin","year":"2017","unstructured":"Arjun Nitin Bhagoji , Daniel Cullina , and Prateek Mittal . 2017. Dimensionality Reduction as a Defense against Evasion Attacks on Machine Learning Classifiers. CoRR , Vol. abs\/ 1704 .02654 ( 2017 ). arxiv: 1704.02654 http:\/\/arxiv.org\/abs\/1704.02654 Arjun Nitin Bhagoji, Daniel Cullina, and Prateek Mittal. 2017. Dimensionality Reduction as a Defense against Evasion Attacks on Machine Learning Classifiers. CoRR , Vol. abs\/1704.02654 (2017). arxiv: 1704.02654 http:\/\/arxiv.org\/abs\/1704.02654"},{"key":"e_1_3_2_1_4_1","volume-title":"Towards Evaluating the Robustness of Neural Networks. In IEEE Symposium on Security and Privacy (SP). 39--57","author":"Carlini Nicholas","year":"2017","unstructured":"Nicholas Carlini and David A. Wagner . 2017 . Towards Evaluating the Robustness of Neural Networks. In IEEE Symposium on Security and Privacy (SP). 39--57 . https:\/\/doi.org\/10.1109\/SP. 2017 .49 10.1109\/SP.2017.49 Nicholas Carlini and David A. Wagner. 2017. Towards Evaluating the Robustness of Neural Networks. In IEEE Symposium on Security and Privacy (SP). 39--57. https:\/\/doi.org\/10.1109\/SP.2017.49"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3095713.3095753"},{"key":"e_1_3_2_1_6_1","volume-title":"Thirty-second AAAI conference on artificial intelligence.","author":"Chen Pin-Yu","year":"2018","unstructured":"Pin-Yu Chen , Yash Sharma , Huan Zhang , Jinfeng Yi , and Cho-Jui Hsieh . 2018 . Ead: elastic-net attacks to deep neural networks via adversarial examples . In Thirty-second AAAI conference on artificial intelligence. Pin-Yu Chen, Yash Sharma, Huan Zhang, Jinfeng Yi, and Cho-Jui Hsieh. 2018. Ead: elastic-net attacks to deep neural networks via adversarial examples. In Thirty-second AAAI conference on artificial intelligence."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140448"},{"key":"e_1_3_2_1_8_1","volume-title":"Murray","author":"Dathathri Sumanth","year":"2018","unstructured":"Sumanth Dathathri , Stephan Zheng , Tianwei Yin , Yisong Yue , and Richard M . Murray . 2018 . Detecting Adversarial Examples via Neural Fingerprinting . arXiv preprint arXiv:1803.03870 (2018). Sumanth Dathathri, Stephan Zheng, Tianwei Yin, Yisong Yue, and Richard M. Murray. 2018. Detecting Adversarial Examples via Neural Fingerprinting. arXiv preprint arXiv:1803.03870 (2018)."},{"key":"e_1_3_2_1_9_1","volume-title":"Boosting Adversarial Attacks With Momentum. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) .","author":"Dong Yinpeng","year":"2018","unstructured":"Yinpeng Dong , Fangzhou Liao , Tianyu Pang , Hang Su , Jun Zhu , Xiaolin Hu , and Jianguo Li . 2018 . Boosting Adversarial Attacks With Momentum. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Yinpeng Dong, Fangzhou Liao, Tianyu Pang, Hang Su, Jun Zhu, Xiaolin Hu, and Jianguo Li. 2018. Boosting Adversarial Attacks With Momentum. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) ."},{"volume-title":"International Conference on Learning Representations .","author":"Trevor Darrell Erin Grant Sergey Levine","key":"e_1_3_2_1_10_1","unstructured":"Sergey Levine Trevor Darrell Erin Grant , Chelsea Finn and Thomas L. Griffiths . 2018. Recasting Gradient-Based Meta-Learning as Hierarchical Bayes . In International Conference on Learning Representations . Sergey Levine Trevor Darrell Erin Grant, Chelsea Finn and Thomas L. Griffiths. 2018. Recasting Gradient-Based Meta-Learning as Hierarchical Bayes. In International Conference on Learning Representations ."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.5555\/3305381.3305498"},{"key":"e_1_3_2_1_12_1","volume-title":"DARCCC: Detecting Adversaries by Reconstruction from Class Conditional Capsules. arXiv preprint arXiv:1811.06969","author":"Frosst Nicholas","year":"2018","unstructured":"Nicholas Frosst , Sara Sabour , and Geoffrey Hinton . 2018 . DARCCC: Detecting Adversaries by Reconstruction from Class Conditional Capsules. arXiv preprint arXiv:1811.06969 (2018). Nicholas Frosst, Sara Sabour, and Geoffrey Hinton. 2018. DARCCC: Detecting Adversaries by Reconstruction from Class Conditional Capsules. arXiv preprint arXiv:1811.06969 (2018)."},{"key":"e_1_3_2_1_13_1","unstructured":"Ian Goodfellow Yao Qin and David Berthelot. 2019. Evaluation Methodology for Attacks Against Confidence Thresholding Models. https:\/\/openreview.net\/forum?id=H1g0piA9tQ  Ian Goodfellow Yao Qin and David Berthelot. 2019. Evaluation Methodology for Attacks Against Confidence Thresholding Models. https:\/\/openreview.net\/forum?id=H1g0piA9tQ"},{"key":"e_1_3_2_1_14_1","volume-title":"d.]. Explaining and harnessing adversarial examples","author":"Goodfellow Ian J","year":"2014","unstructured":"Ian J Goodfellow , Jonathon Shlens , and Christian Szegedy . [n. d.]. Explaining and harnessing adversarial examples ( 2014 ). arXiv preprint arXiv:1412.6572 ([n. d.]). Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. [n. d.]. Explaining and harnessing adversarial examples (2014). arXiv preprint arXiv:1412.6572 ([n. d.])."},{"key":"e_1_3_2_1_15_1","volume-title":"On the (statistical) detection of adversarial examples. arXiv preprint arXiv:1702.06280","author":"Grosse Kathrin","year":"2017","unstructured":"Kathrin Grosse , Praveen Manoharan , Nicolas Papernot , Michael Backes , and Patrick McDaniel . 2017. On the (statistical) detection of adversarial examples. arXiv preprint arXiv:1702.06280 ( 2017 ). Kathrin Grosse, Praveen Manoharan, Nicolas Papernot, Michael Backes, and Patrick McDaniel. 2017. On the (statistical) detection of adversarial examples. arXiv preprint arXiv:1702.06280 (2017)."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2017.0-136"},{"key":"e_1_3_2_1_18_1","volume-title":"Task Agnostic Meta-Learning for Few-Shot Learning. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) .","author":"Jamal Muhammad Abdullah","year":"2019","unstructured":"Muhammad Abdullah Jamal and Guo-Jun Qi . 2019 . Task Agnostic Meta-Learning for Few-Shot Learning. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Muhammad Abdullah Jamal and Guo-Jun Qi. 2019. Task Agnostic Meta-Learning for Few-Shot Learning. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) ."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134635"},{"key":"e_1_3_2_1_21_1","volume-title":"ICLR Workshop","author":"Kurakin Alexey","year":"2017","unstructured":"Alexey Kurakin , Ian Goodfellow , and Samy Bengio . 2017 . Adversarial examples in the physical world . ICLR Workshop (2017). https:\/\/arxiv.org\/abs\/1607.02533 Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2017. Adversarial examples in the physical world. ICLR Workshop (2017). https:\/\/arxiv.org\/abs\/1607.02533"},{"key":"e_1_3_2_1_22_1","unstructured":"Yann LeCun and Corinna Cortes. 2010. MNIST handwritten digit database. http:\/\/yann.lecun.com\/exdb\/mnist\/. (2010). http:\/\/yann.lecun.com\/exdb\/mnist\/  Yann LeCun and Corinna Cortes. 2010. MNIST handwritten digit database. http:\/\/yann.lecun.com\/exdb\/mnist\/. (2010). http:\/\/yann.lecun.com\/exdb\/mnist\/"},{"key":"e_1_3_2_1_23_1","volume-title":"NATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks. arXiv preprint arXiv:1905.00441","author":"Li Yandong","year":"2019","unstructured":"Yandong Li , Lijun Li , Liqiang Wang , Tong Zhang , and Boqing Gong . 2019 . NATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks. arXiv preprint arXiv:1905.00441 (2019). Yandong Li, Lijun Li, Liqiang Wang, Tong Zhang, and Boqing Gong. 2019. NATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks. arXiv preprint arXiv:1905.00441 (2019)."},{"key":"e_1_3_2_1_24_1","volume-title":"Meta-sgd: Learning to learn quickly for few-shot learning. arXiv preprint arXiv:1707.09835","author":"Li Zhenguo","year":"2017","unstructured":"Zhenguo Li , Fengwei Zhou , Fei Chen , and Hang Li . 2017 . Meta-sgd: Learning to learn quickly for few-shot learning. arXiv preprint arXiv:1707.09835 (2017). Zhenguo Li, Fengwei Zhou, Fei Chen, and Hang Li. 2017. Meta-sgd: Learning to learn quickly for few-shot learning. arXiv preprint arXiv:1707.09835 (2017)."},{"key":"#cr-split#-e_1_3_2_1_25_1.1","doi-asserted-by":"crossref","unstructured":"B. Liang H. Li M. Su X. Li W. Shi and X. Wang. 2018. Detecting Adversarial Image Examples in Deep Neural Networks with Adaptive Noise Reduction. IEEE Transactions on Dependable and Secure Computing (2018) 1--1. https:\/\/doi.org\/10.1109\/TDSC.2018.2874243 10.1109\/TDSC.2018.2874243","DOI":"10.1109\/TDSC.2018.2874243"},{"key":"#cr-split#-e_1_3_2_1_25_1.2","doi-asserted-by":"crossref","unstructured":"B. Liang H. Li M. Su X. Li W. Shi and X. Wang. 2018. Detecting Adversarial Image Examples in Deep Neural Networks with Adaptive Noise Reduction. IEEE Transactions on Dependable and Secure Computing (2018) 1--1. https:\/\/doi.org\/10.1109\/TDSC.2018.2874243","DOI":"10.1109\/TDSC.2018.2874243"},{"key":"e_1_3_2_1_26_1","volume-title":"Defense Against Adversarial Attacks Using High-Level Representation Guided Denoiser. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) .","author":"Liao Fangzhou","year":"2018","unstructured":"Fangzhou Liao , Ming Liang , Yinpeng Dong , Tianyu Pang , Xiaolin Hu , and Jun Zhu . 2018 . Defense Against Adversarial Attacks Using High-Level Representation Guided Denoiser. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Fangzhou Liao, Ming Liang, Yinpeng Dong, Tianyu Pang, Xiaolin Hu, and Jun Zhu. 2018. Defense Against Adversarial Attacks Using High-Level Representation Guided Denoiser. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) ."},{"key":"e_1_3_2_1_27_1","volume-title":"Proceedings of 5th International Conference on Learning Representations .","author":"Liu Yanpei","year":"2017","unstructured":"Yanpei Liu , Xinyun Chen , Chang Liu , and Dawn Song . 2017 . Delving into Transferable Adversarial Examples and Black-box Attacks . In Proceedings of 5th International Conference on Learning Representations . Yanpei Liu, Xinyun Chen, Chang Liu, and Dawn Song. 2017. Delving into Transferable Adversarial Examples and Black-box Attacks. In Proceedings of 5th International Conference on Learning Representations ."},{"key":"e_1_3_2_1_28_1","volume-title":"Characterizing Adversarial Subspaces Using Local Intrinsic Dimensionality. In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=B1gJ1L2aW","author":"Ma Xingjun","year":"2018","unstructured":"Xingjun Ma , Bo Li , Yisen Wang , Sarah M. Erfani , Sudanthi Wijewickrema , Grant Schoenebeck , Michael E. Houle , Dawn Song , and James Bailey . 2018 . Characterizing Adversarial Subspaces Using Local Intrinsic Dimensionality. In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=B1gJ1L2aW Xingjun Ma, Bo Li, Yisen Wang, Sarah M. Erfani, Sudanthi Wijewickrema, Grant Schoenebeck, Michael E. Houle, Dawn Song, and James Bailey. 2018. Characterizing Adversarial Subspaces Using Local Intrinsic Dimensionality. In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=B1gJ1L2aW"},{"key":"e_1_3_2_1_29_1","volume-title":"International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=rJzIBfZAb","author":"Madry Aleksander","year":"2018","unstructured":"Aleksander Madry , Aleksandar Makelov , Ludwig Schmidt , Dimitris Tsipras , and Adrian Vladu . 2018 . Towards Deep Learning Models Resistant to Adversarial Attacks . In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=rJzIBfZAb Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2018. Towards Deep Learning Models Resistant to Adversarial Attacks. In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=rJzIBfZAb"},{"key":"e_1_3_2_1_30_1","volume-title":"On Detecting Adversarial Perturbations. In International Conference on Learning Representations .","author":"Metzen Jan Hendrik","year":"2017","unstructured":"Jan Hendrik Metzen , Tim Genewein , Volker Fischer , and Bastian Bischoff . 2017 . On Detecting Adversarial Perturbations. In International Conference on Learning Representations . Jan Hendrik Metzen, Tim Genewein, Volker Fischer, and Bastian Bischoff. 2017. On Detecting Adversarial Perturbations. In International Conference on Learning Representations ."},{"key":"e_1_3_2_1_31_1","volume-title":"International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=B1DmUzWAW","author":"Mishra Nikhil","year":"2018","unstructured":"Nikhil Mishra , Mostafa Rohaninejad , Xi Chen , and Pieter Abbeel . 2018 . A Simple Neural Attentive Meta-Learner . In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=B1DmUzWAW Nikhil Mishra, Mostafa Rohaninejad, Xi Chen, and Pieter Abbeel. 2018. A Simple Neural Attentive Meta-Learner. In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=B1DmUzWAW"},{"key":"e_1_3_2_1_32_1","volume-title":"International Conference on Learning Representations","author":"Miyato Takeru","year":"2016","unstructured":"Takeru Miyato , Shin-ichi Maeda, Masanori Koyama , Ken Nakae , and Shin Ishii . 2016 . Distributional smoothing with virtual adversarial training . International Conference on Learning Representations (2016). Takeru Miyato, Shin-ichi Maeda, Masanori Koyama, Ken Nakae, and Shin Ishii. 2016. Distributional smoothing with virtual adversarial training. International Conference on Learning Representations (2016)."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.282"},{"volume-title":"Advances in Neural Information Processing Systems 31","author":"Pang Tianyu","key":"e_1_3_2_1_34_1","unstructured":"Tianyu Pang , Chao Du , Yinpeng Dong , and Jun Zhu . 2018. Towards Robust Detection of Adversarial Examples . In Advances in Neural Information Processing Systems 31 , S. Bengio, H. Wallach, H. Larochelle, K. Grauman, N. Cesa-Bianchi, and R. Garnett (Eds.). Curran Associates, Inc. , 4579--4589. http:\/\/papers.nips.cc\/paper\/7709-towards-robust-detection-of-adversarial-examples.pdf Tianyu Pang, Chao Du, Yinpeng Dong, and Jun Zhu. 2018. Towards Robust Detection of Adversarial Examples. In Advances in Neural Information Processing Systems 31, S. Bengio, H. Wallach, H. Larochelle, K. Grauman, N. Cesa-Bianchi, and R. Garnett (Eds.). Curran Associates, Inc., 4579--4589. http:\/\/papers.nips.cc\/paper\/7709-towards-robust-detection-of-adversarial-examples.pdf"},{"key":"e_1_3_2_1_35_1","volume-title":"Technical Report on the CleverHans v2.1.0 Adversarial Examples Library. arXiv preprint arXiv:1610.00768","author":"Papernot Nicolas","year":"2018","unstructured":"Nicolas Papernot , Fartash Faghri , Nicholas Carlini , Ian Goodfellow , Reuben Feinman , Alexey Kurakin , Cihang Xie , Yash Sharma , Tom Brown , Aurko Roy , Alexander Matyasko , Vahid Behzadan , Karen Hambardzumyan , Zhishuai Zhang , Yi-Lin Juang , Zhi Li , Ryan Sheatsley , Abhibhav Garg , Jonathan Uesato , Willi Gierke , Yinpeng Dong , David Berthelot , Paul Hendricks , Jonas Rauber , and Rujun Long . 2018. Technical Report on the CleverHans v2.1.0 Adversarial Examples Library. arXiv preprint arXiv:1610.00768 ( 2018 ). Nicolas Papernot, Fartash Faghri, Nicholas Carlini, Ian Goodfellow, Reuben Feinman, Alexey Kurakin, Cihang Xie, Yash Sharma, Tom Brown, Aurko Roy, Alexander Matyasko, Vahid Behzadan, Karen Hambardzumyan, Zhishuai Zhang, Yi-Lin Juang, Zhi Li, Ryan Sheatsley, Abhibhav Garg, Jonathan Uesato, Willi Gierke, Yinpeng Dong, David Berthelot, Paul Hendricks, Jonas Rauber, and Rujun Long. 2018. Technical Report on the CleverHans v2.1.0 Adversarial Examples Library. arXiv preprint arXiv:1610.00768 (2018)."},{"key":"e_1_3_2_1_36_1","volume-title":"Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv preprint arXiv:1605.07277","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot , Patrick McDaniel , and Ian Goodfellow . 2016a. Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv preprint arXiv:1605.07277 ( 2016 ). Nicolas Papernot, Patrick McDaniel, and Ian Goodfellow. 2016a. Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv preprint arXiv:1605.07277 (2016)."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.36"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.41"},{"key":"e_1_3_2_1_39_1","volume-title":"International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=rJY0-Kcll","author":"Ravi Sachin","year":"2017","unstructured":"Sachin Ravi and Hugo Larochelle . 2017 . Optimization as a Model for Few-Shot Learning . In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=rJY0-Kcll Sachin Ravi and Hugo Larochelle. 2017. Optimization as a Model for Few-Shot Learning. In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=rJY0-Kcll"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00356"},{"key":"e_1_3_2_1_41_1","unstructured":"Jake Snell Kevin Swersky and Richard Zemel. 2017. Prototypical networks for few-shot learning. In Advances in Neural Information Processing Systems. 4077--4087.  Jake Snell Kevin Swersky and Richard Zemel. 2017. Prototypical networks for few-shot learning. In Advances in Neural Information Processing Systems. 4077--4087."},{"key":"e_1_3_2_1_42_1","volume-title":"International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=rJUYGxbCW","author":"Song Yang","year":"2018","unstructured":"Yang Song , Taesup Kim , Sebastian Nowozin , Stefano Ermon , and Nate Kushman . 2018 . PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples . In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=rJUYGxbCW Yang Song, Taesup Kim, Sebastian Nowozin, Stefano Ermon, and Nate Kushman. 2018. PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples. In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=rJUYGxbCW"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2002.1003568"},{"key":"e_1_3_2_1_44_1","volume-title":"International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=B1gJ1L2aW","author":"Szegedy Christian","year":"2014","unstructured":"Christian Szegedy , Wojciech Zaremba , Ilya Sutskever , Joan Bruna , Dumitru Erhan , Ian Goodfellow , and Rob Fergus . 2014 . Intriguing properties of neural networks . In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=B1gJ1L2aW Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2014. Intriguing properties of neural networks. In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=B1gJ1L2aW"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Shixin Tian Guolei Yang and Ying Cai. 2018. Detecting Adversarial Examples Through Image Transformation. https:\/\/aaai.org\/ocs\/index.php\/AAAI\/AAAI18\/paper\/view\/17408  Shixin Tian Guolei Yang and Ying Cai. 2018. Detecting Adversarial Examples Through Image Transformation. https:\/\/aaai.org\/ocs\/index.php\/AAAI\/AAAI18\/paper\/view\/17408","DOI":"10.1609\/aaai.v32i1.11828"},{"key":"e_1_3_2_1_46_1","volume-title":"Proceedings of the 35th International Conference on Machine Learning (Proceedings of Machine Learning Research), , Jennifer Dy and Andreas Krause (Eds.)","volume":"80","author":"Uesato Jonathan","unstructured":"Jonathan Uesato , Brendan O'Donoghue , Pushmeet Kohli , and Aaron van den Oord. 2018. Adversarial Risk and the Dangers of Evaluating Against Weak Attacks . In Proceedings of the 35th International Conference on Machine Learning (Proceedings of Machine Learning Research), , Jennifer Dy and Andreas Krause (Eds.) , Vol. 80 . PMLR, Stockholmsm\u00e4ssan, Stockholm Sweden, 5025--5034. http:\/\/proceedings.mlr.press\/v80\/uesato18a.html Jonathan Uesato, Brendan O'Donoghue, Pushmeet Kohli, and Aaron van den Oord. 2018. Adversarial Risk and the Dangers of Evaluating Against Weak Attacks. In Proceedings of the 35th International Conference on Machine Learning (Proceedings of Machine Learning Research), , Jennifer Dy and Andreas Krause (Eds.), Vol. 80. PMLR, Stockholmsm\u00e4ssan, Stockholm Sweden, 5025--5034. http:\/\/proceedings.mlr.press\/v80\/uesato18a.html"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.5555\/3157382.3157504"},{"key":"e_1_3_2_1_48_1","volume-title":"Rethinking Feature Distribution for Loss Functions in Image Classification. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) .","author":"Wan Weitao","year":"2018","unstructured":"Weitao Wan , Yuanyi Zhong , Tianpeng Li , and Jiansheng Chen . 2018 . Rethinking Feature Distribution for Loss Functions in Image Classification. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Weitao Wan, Yuanyi Zhong, Tianpeng Li, and Jiansheng Chen. 2018. Rethinking Feature Distribution for Loss Functions in Image Classification. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) ."},{"key":"e_1_3_2_1_49_1","volume-title":"Spatially Transformed Adversarial Examples. In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=HyydRMZC-","author":"Xiao Chaowei","year":"2018","unstructured":"Chaowei Xiao , Jun-Yan Zhu , Bo Li , Warren He , Mingyan Liu , and Dawn Song . 2018 . Spatially Transformed Adversarial Examples. In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=HyydRMZC- Chaowei Xiao, Jun-Yan Zhu, Bo Li, Warren He, Mingyan Liu, and Dawn Song. 2018. Spatially Transformed Adversarial Examples. In International Conference on Learning Representations . https:\/\/openreview.net\/forum?id=HyydRMZC-"},{"key":"e_1_3_2_1_50_1","unstructured":"Han Xiao Kashif Rasul and Roland Vollgraf. 2017. Fashion-MNIST: a Novel Image Dataset for Benchmarking Machine Learning Algorithms. showeprint[arXiv]cs.LG\/cs.LG\/1708.07747  Han Xiao Kashif Rasul and Roland Vollgraf. 2017. Fashion-MNIST: a Novel Image Dataset for Benchmarking Machine Learning Algorithms. showeprint[arXiv]cs.LG\/cs.LG\/1708.07747"},{"key":"e_1_3_2_1_51_1","volume-title":"Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018","author":"Xu Weilin","year":"2018","unstructured":"Weilin Xu , David Evans , and Yanjun Qi . 2018 . Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018 , San Diego, California, USA, February 18--21 , 2018 . http:\/\/wp.internetsociety.org\/ndss\/wp-content\/uploads\/sites\/25\/2018\/02\/ndss2018_03A-4_Xu_paper.pdf Weilin Xu, David Evans, and Yanjun Qi. 2018. Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18--21, 2018 . http:\/\/wp.internetsociety.org\/ndss\/wp-content\/uploads\/sites\/25\/2018\/02\/ndss2018_03A-4_Xu_paper.pdf"}],"event":{"name":"MM '19: The 27th ACM International Conference on Multimedia","sponsor":["SIGMM ACM Special Interest Group on Multimedia"],"location":"Nice France","acronym":"MM '19"},"container-title":["Proceedings of the 27th ACM International Conference on Multimedia"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3343031.3350887","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3343031.3350887","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:13:17Z","timestamp":1750201997000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3343031.3350887"}},"subtitle":["Towards Robust Detection of Evolving Adversarial Attacks"],"short-title":[],"issued":{"date-parts":[[2019,10,15]]},"references-count":51,"alternative-id":["10.1145\/3343031.3350887","10.1145\/3343031"],"URL":"https:\/\/doi.org\/10.1145\/3343031.3350887","relation":{},"subject":[],"published":{"date-parts":[[2019,10,15]]},"assertion":[{"value":"2019-10-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}