{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T17:37:40Z","timestamp":1777657060945,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":36,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,12,9]],"date-time":"2019-12-09T00:00:00Z","timestamp":1575849600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NJUST Research Start-Up Funding","award":["AE89991\/039"],"award-info":[{"award-number":["AE89991\/039"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,12,9]]},"DOI":"10.1145\/3359789.3359790","type":"proceedings-article","created":{"date-parts":[[2019,11,22]],"date-time":"2019-11-22T18:41:59Z","timestamp":1574448119000},"page":"113-125","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":569,"title":["STRIP"],"prefix":"10.1145","author":[{"given":"Yansong","family":"Gao","sequence":"first","affiliation":[{"name":"Nanjing University of Science and Technology, Sydney, Australia"}]},{"given":"Change","family":"Xu","sequence":"additional","affiliation":[{"name":"CSIRO, Sydney, Australia"}]},{"given":"Derui","family":"Wang","sequence":"additional","affiliation":[{"name":"Swinburne University of Technology and Data, Australia"}]},{"given":"Shiping","family":"Chen","sequence":"additional","affiliation":[{"name":"CSIRO, Sydney, Australia"}]},{"given":"Damith C.","family":"Ranasinghe","sequence":"additional","affiliation":[{"name":"The University of Adelaide, SA, Australia"}]},{"given":"Surya","family":"Nepal","sequence":"additional","affiliation":[{"name":"CSIRO, Sydney, Australia"}]}],"member":"320","published-online":{"date-parts":[[2019,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"USENIX Security Symposium.","author":"Adi Yossi","year":"2018","unstructured":"Yossi Adi , Carsten Baum , Moustapha Cisse , Benny Pinkas , and Joseph Keshet . 2018 . Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring . In USENIX Security Symposium. Yossi Adi, Carsten Baum, Moustapha Cisse, Benny Pinkas, and Joseph Keshet. 2018. Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring. In USENIX Security Symposium."},{"key":"e_1_3_2_1_2_1","volume-title":"International Conference on Machine Learning. 173--182","author":"Amodei Dario","year":"2016","unstructured":"Dario Amodei , Sundaram Ananthanarayanan , Rishita Anubhai , Jingliang Bai , Eric Battenberg , Carl Case , Jared Casper , Bryan Catanzaro , Qiang Cheng , Guoliang Chen , 2016 . Deep speech 2: End-to-end speech recognition in english and mandarin . In International Conference on Machine Learning. 173--182 . Dario Amodei, Sundaram Ananthanarayanan, Rishita Anubhai, Jingliang Bai, Eric Battenberg, Carl Case, Jared Casper, Bryan Catanzaro, Qiang Cheng, Guoliang Chen, et al. 2016. Deep speech 2: End-to-end speech recognition in english and mandarin. In International Conference on Machine Learning. 173--182."},{"key":"e_1_3_2_1_3_1","volume-title":"How To Backdoor Federated Learning. arXiv preprint arXiv:1807.00459","author":"Bagdasaryan Eugene","year":"2018","unstructured":"Eugene Bagdasaryan , Andreas Veit , Yiqing Hua , Deborah Estrin , and Vitaly Shmatikov . 2018. How To Backdoor Federated Learning. arXiv preprint arXiv:1807.00459 ( 2018 ). Eugene Bagdasaryan, Andreas Veit, Yiqing Hua, Deborah Estrin, and Vitaly Shmatikov. 2018. How To Backdoor Federated Learning. arXiv preprint arXiv:1807.00459 (2018)."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140450"},{"key":"e_1_3_2_1_5_1","volume-title":"Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering. arXiv preprint arXiv:1811.03728","author":"Chen Bryant","year":"2018","unstructured":"Bryant Chen , Wilka Carvalho , Nathalie Baracaldo , Heiko Ludwig , Benjamin Edwards , Taesung Lee , Ian Molloy , and Biplav Srivastava . 2018. Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering. arXiv preprint arXiv:1811.03728 ( 2018 ). Bryant Chen, Wilka Carvalho, Nathalie Baracaldo, Heiko Ludwig, Benjamin Edwards, Taesung Lee, Ian Molloy, and Biplav Srivastava. 2018. Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering. arXiv preprint arXiv:1811.03728 (2018)."},{"key":"e_1_3_2_1_6_1","volume-title":"Bita Darvish Rouhani, and Farinaz Koushanfar","author":"Chen Huili","year":"2018","unstructured":"Huili Chen , Bita Darvish Rouhani, and Farinaz Koushanfar . 2018 . BlackMarks: Black-box Multi-bit Watermarking for Deep Neural Networks . (2018). Huili Chen, Bita Darvish Rouhani, and Farinaz Koushanfar. 2018. BlackMarks: Black-box Multi-bit Watermarking for Deep Neural Networks. (2018)."},{"key":"e_1_3_2_1_7_1","volume-title":"Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526","author":"Chen Xinyun","year":"2017","unstructured":"Xinyun Chen , Chang Liu , Bo Li , Kimberly Lu , and Dawn Song . 2017. Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526 ( 2017 ). Xinyun Chen, Chang Liu, Bo Li, Kimberly Lu, and Dawn Song. 2017. Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526 (2017)."},{"key":"e_1_3_2_1_8_1","volume-title":"SentiNet: Detecting Physical Attacks Against Deep Learning Systems. arXiv preprint arXiv:1812.00292","author":"Chou Edward","year":"2018","unstructured":"Edward Chou , Florian Tram\u00e8r , Giancarlo Pellegrino , and Dan Boneh . 2018. SentiNet: Detecting Physical Attacks Against Deep Learning Systems. arXiv preprint arXiv:1812.00292 ( 2018 ). Edward Chou, Florian Tram\u00e8r, Giancarlo Pellegrino, and Dan Boneh. 2018. SentiNet: Detecting Physical Attacks Against Deep Learning Systems. arXiv preprint arXiv:1812.00292 (2018)."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00175"},{"key":"e_1_3_2_1_10_1","volume-title":"Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733","author":"Gu Tianyu","year":"2017","unstructured":"Tianyu Gu , Brendan Dolan-Gavitt , and Siddharth Garg . 2017 . Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017). Tianyu Gu, Brendan Dolan-Gavitt, and Siddharth Garg. 2017. Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017)."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2909068"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3240765.3240862"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243792"},{"key":"e_1_3_2_1_14_1","volume-title":"TABOR: A Highly Accurate Approach to Inspecting and Restoring Trojan Backdoors in AI Systems. arXiv preprint arXiv:1908.01763","author":"Guo Wenbo","year":"2019","unstructured":"Wenbo Guo , Lun Wang , Xinyu Xing , Min Du , and Dawn Song . 2019 . TABOR: A Highly Accurate Approach to Inspecting and Restoring Trojan Backdoors in AI Systems. arXiv preprint arXiv:1908.01763 (2019). Wenbo Guo, Lun Wang, Xinyu Xing, Min Du, and Dawn Song. 2019. TABOR: A Highly Accurate Approach to Inspecting and Restoring Trojan Backdoors in AI Systems. arXiv preprint arXiv:1908.01763 (2019)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046684.2046692"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243757"},{"key":"e_1_3_2_1_18_1","volume-title":"Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882","author":"Kim Yoon","year":"2014","unstructured":"Yoon Kim . 2014. Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882 ( 2014 ). Yoon Kim. 2014. Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882 (2014)."},{"key":"e_1_3_2_1_20_1","volume-title":"Deep learning. Nature 521, 7553","author":"LeCun Yann","year":"2015","unstructured":"Yann LeCun , Yoshua Bengio , and Geoffrey Hinton . 2015. Deep learning. Nature 521, 7553 ( 2015 ), 436. Yann LeCun, Yoshua Bengio, and Geoffrey Hinton. 2015. Deep learning. Nature 521, 7553 (2015), 436."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"e_1_3_2_1_22_1","volume-title":"Backdoor Embedding in Convolutional Neural Network Models via Invisible Perturbation. arXiv preprint arXiv:1808.10307","author":"Liao Cong","year":"2018","unstructured":"Cong Liao , Haoti Zhong , Anna Squicciarini , Sencun Zhu , and David Miller . 2018. Backdoor Embedding in Convolutional Neural Network Models via Invisible Perturbation. arXiv preprint arXiv:1808.10307 ( 2018 ). Cong Liao, Haoti Zhong, Anna Squicciarini, Sencun Zhu, and David Miller. 2018. Backdoor Embedding in Convolutional Neural Network Models via Invisible Perturbation. arXiv preprint arXiv:1808.10307 (2018)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_13"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23291"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD.2017.16"},{"key":"e_1_3_2_1_26_1","unstructured":"U.S. Army Research Office. May 2019. TrojAI. (May 2019). https:\/\/www.fbo.gov\/index.php?s=opportunity&mode=form&id=be4e81b70688050fd4fc623fb24ead2c&tab=core&_cview=0  U.S. Army Research Office. May 2019. TrojAI. (May 2019). https:\/\/www.fbo.gov\/index.php?s=opportunity&mode=form&id=be4e81b70688050fd4fc623fb24ead2c&tab=core&_cview=0"},{"key":"e_1_3_2_1_27_1","volume-title":"Towards the science of security and privacy in machine learning. arXiv preprint arXiv:1611.03814","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot , Patrick McDaniel , Arunesh Sinha , and Michael Wellman . 2016. Towards the science of security and privacy in machine learning. arXiv preprint arXiv:1611.03814 ( 2016 ). Nicolas Papernot, Patrick McDaniel, Arunesh Sinha, and Michael Wellman. 2016. Towards the science of security and privacy in machine learning. arXiv preprint arXiv:1611.03814 (2016)."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978392"},{"key":"e_1_3_2_1_29_1","volume-title":"Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition. Neural networks 32","author":"Stallkamp Johannes","year":"2012","unstructured":"Johannes Stallkamp , Marc Schlipsing , Jan Salmen , and Christian Igel . 2012. Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition. Neural networks 32 ( 2012 ), 323--332. Johannes Stallkamp, Marc Schlipsing, Jan Salmen, and Christian Igel. 2012. Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition. Neural networks 32 (2012), 323--332."},{"key":"e_1_3_2_1_30_1","volume-title":"David Patterson, Michael W Mahoney, Randy Katz, Anthony D Joseph, Michael Jordan, Joseph M Hellerstein, Joseph E Gonzalez, et al.","author":"Stoica Ion","year":"2017","unstructured":"Ion Stoica , Dawn Song , Raluca Ada Popa , David Patterson, Michael W Mahoney, Randy Katz, Anthony D Joseph, Michael Jordan, Joseph M Hellerstein, Joseph E Gonzalez, et al. 2017 . A Berkeley view of systems challenges for AI. arXiv preprint arXiv:1712.05855 (2017). Ion Stoica, Dawn Song, Raluca Ada Popa, David Patterson, Michael W Mahoney, Randy Katz, Anthony D Joseph, Michael Jordan, Joseph M Hellerstein, Joseph E Gonzalez, et al. 2017. A Berkeley view of systems challenges for AI. arXiv preprint arXiv:1712.05855 (2017)."},{"key":"e_1_3_2_1_31_1","volume-title":"Danilo Vasconcellos Vargas, and Kouichi Sakurai","author":"Su Jiawei","year":"2019","unstructured":"Jiawei Su , Danilo Vasconcellos Vargas, and Kouichi Sakurai . 2019 . One pixel attack for fooling deep neural networks. IEEE Transactions on Evolutionary Computation ( 2019). Jiawei Su, Danilo Vasconcellos Vargas, and Kouichi Sakurai. 2019. One pixel attack for fooling deep neural networks. IEEE Transactions on Evolutionary Computation (2019)."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/WINCOM.2016.7777224"},{"key":"e_1_3_2_1_33_1","unstructured":"Brandon Tran Jerry Li and Aleksander Madry. 2018. Spectral signatures in backdoor attacks. In Advances in Neural Information Processing Systems. 8000--8010.  Brandon Tran Jerry Li and Aleksander Madry. 2018. Spectral signatures in backdoor attacks. In Advances in Neural Information Processing Systems. 8000--8010."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00031"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3097983.3098158"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196550"},{"key":"e_1_3_2_1_37_1","volume-title":"PoTrojan: powerful neural-level trojan designs in deep learning models. arXiv preprint arXiv:1802.03043","author":"Zou Minhui","year":"2018","unstructured":"Minhui Zou , Yang Shi , Chengliang Wang , Fangyu Li , WenZhan Song , and Yu Wang . 2018. PoTrojan: powerful neural-level trojan designs in deep learning models. arXiv preprint arXiv:1802.03043 ( 2018 ). Minhui Zou, Yang Shi, Chengliang Wang, Fangyu Li, WenZhan Song, and Yu Wang. 2018. PoTrojan: powerful neural-level trojan designs in deep learning models. arXiv preprint arXiv:1802.03043 (2018)."}],"event":{"name":"ACSAC '19: 2019 Annual Computer Security Applications Conference","location":"San Juan Puerto Rico USA","acronym":"ACSAC '19"},"container-title":["Proceedings of the 35th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359790","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3359789.3359790","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:23:06Z","timestamp":1750202586000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359790"}},"subtitle":["a defence against trojan attacks on deep neural networks"],"short-title":[],"issued":{"date-parts":[[2019,12,9]]},"references-count":36,"alternative-id":["10.1145\/3359789.3359790","10.1145\/3359789"],"URL":"https:\/\/doi.org\/10.1145\/3359789.3359790","relation":{},"subject":[],"published":{"date-parts":[[2019,12,9]]},"assertion":[{"value":"2019-12-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}