{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T19:36:32Z","timestamp":1771961792388,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":87,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,3,9]],"date-time":"2020-03-09T00:00:00Z","timestamp":1583712000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Strategic Priority Research Program of Chinese Academy of Sciences","award":["No. XDC02010200"],"award-info":[{"award-number":["No. XDC02010200"]}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["No. CCF-1750656 CCF-1919289"],"award-info":[{"award-number":["No. CCF-1750656 CCF-1919289"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,3,9]]},"DOI":"10.1145\/3373376.3378532","type":"proceedings-article","created":{"date-parts":[[2020,3,13]],"date-time":"2020-03-13T22:37:01Z","timestamp":1584139021000},"page":"19-34","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":24,"title":["DNNGuard: An Elastic Heterogeneous DNN Accelerator Architecture against Adversarial Attacks"],"prefix":"10.1145","author":[{"given":"Xingbin","family":"Wang","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, CAS &amp; University of Chinese Academy of Sciences, Beijing, China"}]},{"given":"Rui","family":"Hou","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, CAS, Beijing, China"}]},{"given":"Boyan","family":"Zhao","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, CAS, Beijing, China"}]},{"given":"Fengkai","family":"Yuan","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, CAS, Beijing, China"}]},{"given":"Jun","family":"Zhang","sequence":"additional","affiliation":[{"name":"Hubei University of Arts and Science, Xiangyang, China"}]},{"given":"Dan","family":"Meng","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, CAS, Beijing, China"}]},{"given":"Xuehai","family":"Qian","sequence":"additional","affiliation":[{"name":"University of Southern California, Los Angeles, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2020,3,13]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00636"},{"key":"e_1_3_2_1_2_1","first-page":"8334","volume-title":"Advances in Neural Information Processing Systems","author":"Norcliffe-Brown Will","year":"2018","unstructured":"Will Norcliffe-Brown , Stathis Vafeias , and Sarah Parisot . Learning conditioned graph structures for interpretable visual question answering . In Advances in Neural Information Processing Systems , pages 8334 -- 8343 , 2018 . Will Norcliffe-Brown, Stathis Vafeias, and Sarah Parisot. Learning conditioned graph structures for interpretable visual question answering. In Advances in Neural Information Processing Systems, pages 8334--8343, 2018."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1143844.1143891"},{"key":"e_1_3_2_1_4_1","volume-title":"Deep neural networks for acoustic modeling in speech recognition","author":"Hinton Geoffrey","year":"2012","unstructured":"Geoffrey Hinton , Li Deng , Dong Yu , George Dahl , Abdel-rahman Mohamed, Navdeep Jaitly , Andrew Senior , Vincent Vanhoucke , Patrick Nguyen , Brian Kingsbury , Deep neural networks for acoustic modeling in speech recognition . IEEE Signal processing magazine, 29, 2012 . Geoffrey Hinton, Li Deng, Dong Yu, George Dahl, Abdel-rahman Mohamed, Navdeep Jaitly, Andrew Senior, Vincent Vanhoucke, Patrick Nguyen, Brian Kingsbury, et al. Deep neural networks for acoustic modeling in speech recognition. IEEE Signal processing magazine, 29, 2012."},{"key":"e_1_3_2_1_5_1","volume-title":"Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882","author":"Kim Yoon","year":"2014","unstructured":"Yoon Kim . Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882 , 2014 . Yoon Kim. Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882, 2014."},{"key":"e_1_3_2_1_6_1","volume-title":"Bert: Pretraining of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805","author":"Devlin Jacob","year":"2018","unstructured":"Jacob Devlin , Ming-Wei Chang , Kenton Lee , and Kristina Toutanova . Bert: Pretraining of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 , 2018 . Jacob Devlin, Ming-Wei Chang, Kenton Lee, and Kristina Toutanova. Bert: Pretraining of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805, 2018."},{"key":"e_1_3_2_1_7_1","volume-title":"Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199","author":"Szegedy Christian","year":"2013","unstructured":"Christian Szegedy , Wojciech Zaremba , Ilya Sutskever , Joan Bruna , Dumitru Erhan , Ian Goodfellow , and Rob Fergus . Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 , 2013 . Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199, 2013."},{"key":"e_1_3_2_1_8_1","volume-title":"Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572","author":"Goodfellow Ian J","year":"2014","unstructured":"Ian J Goodfellow , Jonathon Shlens , and Christian Szegedy . Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 , 2014 . Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572, 2014."},{"key":"e_1_3_2_1_9_1","volume-title":"Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533","author":"Kurakin Alexey","year":"2016","unstructured":"Alexey Kurakin , Ian Goodfellow , and Samy Bengio . Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533 , 2016 . Alexey Kurakin, Ian Goodfellow, and Samy Bengio. Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533, 2016."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.36"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/TEVC.2019.2890858"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.282"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.17"},{"key":"e_1_3_2_1_15_1","volume-title":"Improving black-box adversarial attacks with a transfer-based prior. arXiv preprint arXiv:1906.06919","author":"Cheng Shuyu","year":"2019","unstructured":"Shuyu Cheng , Yinpeng Dong , Tianyu Pang , Hang Su , and Jun Zhu . Improving black-box adversarial attacks with a transfer-based prior. arXiv preprint arXiv:1906.06919 , 2019 . Shuyu Cheng, Yinpeng Dong, Tianyu Pang, Hang Su, and Jun Zhu. Improving black-box adversarial attacks with a transfer-based prior. arXiv preprint arXiv:1906.06919, 2019."},{"key":"e_1_3_2_1_16_1","volume-title":"Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733","author":"Gu Tianyu","year":"2017","unstructured":"Tianyu Gu , Brendan Dolan-Gavitt , and Siddharth Garg . Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 , 2017 . Tianyu Gu, Brendan Dolan-Gavitt, and Siddharth Garg. Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733, 2017."},{"key":"e_1_3_2_1_17_1","volume-title":"ios-siri-apple. https:\/\/www.apple.com\/ios\/siri\/","year":"2016","unstructured":"Apple. ios-siri-apple. https:\/\/www.apple.com\/ios\/siri\/ , 2016 . Apple. ios-siri-apple. https:\/\/www.apple.com\/ios\/siri\/, 2016."},{"key":"e_1_3_2_1_18_1","volume-title":"Cortana-your intelligent virtual and personal assistant - microsoft. https:\/\/www.microsoft.com\/en-us\/windows\/cortana","year":"2016","unstructured":"Microsoft. Cortana-your intelligent virtual and personal assistant - microsoft. https:\/\/www.microsoft.com\/en-us\/windows\/cortana , 2016 . Microsoft. Cortana-your intelligent virtual and personal assistant - microsoft. https:\/\/www.microsoft.com\/en-us\/windows\/cortana, 2016."},{"key":"e_1_3_2_1_19_1","volume-title":"Feature squeezing: Detecting adversarial examples in deep neural networks. network and distributed system security symposium","author":"Xu Weilin","year":"2018","unstructured":"Weilin Xu , David Evans , and Yanjun Qi . Feature squeezing: Detecting adversarial examples in deep neural networks. network and distributed system security symposium , 2018 . Weilin Xu, David Evans, and Yanjun Qi. Feature squeezing: Detecting adversarial examples in deep neural networks. network and distributed system security symposium, 2018."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134057"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2017.56"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3079856.3080246"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSSC.2016.2616357"},{"key":"e_1_3_2_1_24_1","volume-title":"Neural network model extraction attacks in edge devices by hearing architectural hints. arXiv preprint arXiv:1903.03916","author":"Hu Xing","year":"2019","unstructured":"Xing Hu , Ling Liang , Lei Deng , Shuangchen Li , Xinfeng Xie , Yu Ji , Yufei Ding , Chang Liu , Timothy Sherwood , and Yuan Xie . Neural network model extraction attacks in edge devices by hearing architectural hints. arXiv preprint arXiv:1903.03916 , 2019 . Xing Hu, Ling Liang, Lei Deng, Shuangchen Li, Xinfeng Xie, Yu Ji, Yufei Ding, Chang Liu, Timothy Sherwood, and Yuan Xie. Neural network model extraction attacks in edge devices by hearing architectural hints. arXiv preprint arXiv:1903.03916, 2019."},{"key":"e_1_3_2_1_25_1","volume-title":"A3t: Adversarially augmented adversarial training. arXiv preprint arXiv:1801.04055","author":"Erraqabi Akram","year":"2018","unstructured":"Akram Erraqabi , Aristide Baratin , Yoshua Bengio , and Simon Lacoste- Julien . A3t: Adversarially augmented adversarial training. arXiv preprint arXiv:1801.04055 , 2018 . Akram Erraqabi, Aristide Baratin, Yoshua Bengio, and Simon Lacoste- Julien. A3t: Adversarially augmented adversarial training. arXiv preprint arXiv:1801.04055, 2018."},{"key":"e_1_3_2_1_26_1","volume-title":"On detecting adversarial perturbations. arXiv preprint arXiv:1702.04267","author":"Metzen Jan Hendrik","year":"2017","unstructured":"Jan Hendrik Metzen , Tim Genewein , Volker Fischer , and Bastian Bischoff . On detecting adversarial perturbations. arXiv preprint arXiv:1702.04267 , 2017 . Jan Hendrik Metzen, Tim Genewein, Volker Fischer, and Bastian Bischoff. On detecting adversarial perturbations. arXiv preprint arXiv:1702.04267, 2017."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2017.615"},{"key":"e_1_3_2_1_28_1","volume-title":"International Conference on Learning Representations","author":"Raghunathan Aditi","year":"2018","unstructured":"Aditi Raghunathan , Jacob Steinhardt , and Percy Liang . Certified defenses against adversarial examples . International Conference on Learning Representations , 2018 . Aditi Raghunathan, Jacob Steinhardt, and Percy Liang. Certified defenses against adversarial examples. International Conference on Learning Representations, 2018."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00191"},{"key":"e_1_3_2_1_30_1","volume-title":"Adversarial feature genome: a data driven adversarial examples recognition method. arXiv preprint arXiv:1812.10085","author":"Chen Li","year":"2018","unstructured":"Li Chen , Hailun Ding , Qi Li , Jiawei Zhu , Haozhe Huang , Yifan Chang , and Haifeng Li . Adversarial feature genome: a data driven adversarial examples recognition method. arXiv preprint arXiv:1812.10085 , 2018 . Li Chen, Hailun Ding, Qi Li, Jiawei Zhu, Haozhe Huang, Yifan Chang, and Haifeng Li. Adversarial feature genome: a data driven adversarial examples recognition method. arXiv preprint arXiv:1812.10085, 2018."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23415"},{"key":"e_1_3_2_1_32_1","volume-title":"Hashtran-dnn: A framework for enhancing robustness of deep neural networks against adversarial malware samples. arXiv preprint arXiv:1809.06498","author":"Li Deqiang","year":"2018","unstructured":"Deqiang Li , Ramesh Baral , Tao Li , Han Wang , Qianmu Li , and Shouhuai Xu . Hashtran-dnn: A framework for enhancing robustness of deep neural networks against adversarial malware samples. arXiv preprint arXiv:1809.06498 , 2018 . Deqiang Li, Ramesh Baral, Tao Li, Han Wang, Qianmu Li, and Shouhuai Xu. Hashtran-dnn: A framework for enhancing robustness of deep neural networks against adversarial malware samples. arXiv preprint arXiv:1809.06498, 2018."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00126"},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of the 35th International Conference on Machine Learning","author":"Wong Eric","year":"2018","unstructured":"Eric Wong and J Zico Kolter . Provable defenses against adversarial examples via the convex outer adversarial polytope . Proceedings of the 35th International Conference on Machine Learning , 2018 . Eric Wong and J Zico Kolter. Provable defenses against adversarial examples via the convex outer adversarial polytope. Proceedings of the 35th International Conference on Machine Learning, 2018."},{"key":"e_1_3_2_1_35_1","volume-title":"Detecting adversarial samples from artifacts. arXiv preprint arXiv:1703.00410","author":"Feinman Reuben","year":"2017","unstructured":"Reuben Feinman , Ryan R Curtin , Saurabh Shintre , and Andrew B Gardner . Detecting adversarial samples from artifacts. arXiv preprint arXiv:1703.00410 , 2017 . Reuben Feinman, Ryan R Curtin, Saurabh Shintre, and Andrew B Gardner. Detecting adversarial samples from artifacts. arXiv preprint arXiv:1703.00410, 2017."},{"key":"e_1_3_2_1_36_1","volume-title":"please! adversarial defense via attention rectification and preservation. arXiv preprint arXiv:1811.09831","author":"Wu Shangxi","year":"2018","unstructured":"Shangxi Wu , Jitao Sang , Kaiyuan Xu , Jiaming Zhang , Yanfeng Sun , Liping Jing , and Jian Yu. Attention , please! adversarial defense via attention rectification and preservation. arXiv preprint arXiv:1811.09831 , 2018 . Shangxi Wu, Jitao Sang, Kaiyuan Xu, Jiaming Zhang, Yanfeng Sun, Liping Jing, and Jian Yu. Attention, please! adversarial defense via attention rectification and preservation. arXiv preprint arXiv:1811.09831, 2018."},{"key":"e_1_3_2_1_37_1","volume-title":"International Conference on Learning Representations","author":"Song Yang","year":"2018","unstructured":"Yang Song , Taesup Kim , Sebastian Nowozin , Stefano Ermon , and Nate Kushman . Pixeldefend : Leveraging generative models to understand and defend against adversarial examples . International Conference on Learning Representations , 2018 . Yang Song, Taesup Kim, Sebastian Nowozin, Stefano Ermon, and Nate Kushman. Pixeldefend: Leveraging generative models to understand and defend against adversarial examples. International Conference on Learning Representations, 2018."},{"key":"e_1_3_2_1_38_1","first-page":"7717","volume-title":"Xiangyu Zhang. Attacks meet interpretability: Attribute-steered detection of adversarial samples. In Advances in Neural Information Processing Systems","author":"Tao Guanhong","year":"2018","unstructured":"Guanhong Tao , Shiqing Ma , Yingqi Liu , and Xiangyu Zhang. Attacks meet interpretability: Attribute-steered detection of adversarial samples. In Advances in Neural Information Processing Systems , pages 7717 -- 7728 , 2018 . Guanhong Tao, Shiqing Ma, Yingqi Liu, and Xiangyu Zhang. Attacks meet interpretability: Attribute-steered detection of adversarial samples. In Advances in Neural Information Processing Systems, pages 7717--7728, 2018."},{"key":"e_1_3_2_1_39_1","volume-title":"Alexander G de G Matthews, and Zoubin Ghahramani. Adversarial examples, uncertainty, and transfer testing robustness in gaussian process hybrid deep networks. arXiv preprint arXiv:1707.02476","author":"Bradshaw John","year":"2017","unstructured":"John Bradshaw , Alexander G de G Matthews, and Zoubin Ghahramani. Adversarial examples, uncertainty, and transfer testing robustness in gaussian process hybrid deep networks. arXiv preprint arXiv:1707.02476 , 2017 . John Bradshaw, Alexander G de G Matthews, and Zoubin Ghahramani. Adversarial examples, uncertainty, and transfer testing robustness in gaussian process hybrid deep networks. arXiv preprint arXiv:1707.02476, 2017."},{"key":"e_1_3_2_1_40_1","volume-title":"Puvae: A variational autoencoder to purify adversarial examples. arXiv preprint arXiv:1903.00585","author":"Hwang Uiwon","year":"2019","unstructured":"Uiwon Hwang , Jaewoo Park , Hyemi Jang , Sungroh Yoon , and Nam Ik Cho . Puvae: A variational autoencoder to purify adversarial examples. arXiv preprint arXiv:1903.00585 , 2019 . Uiwon Hwang, Jaewoo Park, Hyemi Jang, Sungroh Yoon, and Nam Ik Cho. Puvae: A variational autoencoder to purify adversarial examples. arXiv preprint arXiv:1903.00585, 2019."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00624"},{"key":"e_1_3_2_1_42_1","volume-title":"On the (statistical) detection of adversarial examples. arXiv preprint arXiv:1702.06280","author":"Grosse Kathrin","year":"2017","unstructured":"Kathrin Grosse , Praveen Manoharan , Nicolas Papernot , Michael Backes , and Patrick McDaniel . On the (statistical) detection of adversarial examples. arXiv preprint arXiv:1702.06280 , 2017 . Kathrin Grosse, Praveen Manoharan, Nicolas Papernot, Michael Backes, and Patrick McDaniel. On the (statistical) detection of adversarial examples. arXiv preprint arXiv:1702.06280, 2017."},{"key":"e_1_3_2_1_43_1","volume-title":"Detecting adversarial samples from artifacts. arXiv preprint arXiv:1703.00410","author":"Feinman Reuben","year":"2017","unstructured":"Reuben Feinman , Ryan R Curtin , Saurabh Shintre , and Andrew B Gardner . Detecting adversarial samples from artifacts. arXiv preprint arXiv:1703.00410 , 2017 . Reuben Feinman, Ryan R Curtin, Saurabh Shintre, and Andrew B Gardner. Detecting adversarial samples from artifacts. arXiv preprint arXiv:1703.00410, 2017."},{"key":"e_1_3_2_1_44_1","volume-title":"A computationally efficient method for defending adversarial deep learning attacks. arXiv preprint arXiv:1906.05599","author":"Sahay Rajeev","year":"2019","unstructured":"Rajeev Sahay , Rehana Mahfuz , and Aly El Gamal . A computationally efficient method for defending adversarial deep learning attacks. arXiv preprint arXiv:1906.05599 , 2019 . Rajeev Sahay, Rehana Mahfuz, and Aly El Gamal. A computationally efficient method for defending adversarial deep learning attacks. arXiv preprint arXiv:1906.05599, 2019."},{"key":"e_1_3_2_1_45_1","volume-title":"Defending against adversarial examples with k-nearest neighbor. arXiv preprint arXiv:1906.09525","author":"Sitawarin Chawin","year":"2019","unstructured":"Chawin Sitawarin and David Wagner . Defending against adversarial examples with k-nearest neighbor. arXiv preprint arXiv:1906.09525 , 2019 . Chawin Sitawarin and David Wagner. Defending against adversarial examples with k-nearest neighbor. arXiv preprint arXiv:1906.09525, 2019."},{"key":"e_1_3_2_1_46_1","volume-title":"Adversarial robustness via adversarial label-smoothing. arXiv preprint arXiv:1906.11567","author":"Goibert Morgane","year":"2019","unstructured":"Morgane Goibert and Elvis Dohmatob . Adversarial robustness via adversarial label-smoothing. arXiv preprint arXiv:1906.11567 , 2019 . Morgane Goibert and Elvis Dohmatob. Adversarial robustness via adversarial label-smoothing. arXiv preprint arXiv:1906.11567, 2019."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPRW.2019.00019"},{"key":"e_1_3_2_1_48_1","volume-title":"Image super-resolution as a defense against adversarial attacks. arXiv preprint arXiv:1901.01677","author":"Mustafa Aamir","year":"2019","unstructured":"Aamir Mustafa , Salman H Khan , Munawar Hayat , Jianbing Shen , and Ling Shao . Image super-resolution as a defense against adversarial attacks. arXiv preprint arXiv:1901.01677 , 2019 . Aamir Mustafa, Salman H Khan, Munawar Hayat, Jianbing Shen, and Ling Shao. Image super-resolution as a defense against adversarial attacks. arXiv preprint arXiv:1901.01677, 2019."},{"key":"e_1_3_2_1_49_1","volume-title":"Teck Khim Ng, and Ee-Chien Chang. Enhancing transformation-based defenses using a distribution classifier. arXiv preprint arXiv:1906.00258","author":"Kou Connie","year":"2019","unstructured":"Connie Kou , Hwee Kuan Lee , Teck Khim Ng, and Ee-Chien Chang. Enhancing transformation-based defenses using a distribution classifier. arXiv preprint arXiv:1906.00258 , 2019 . Connie Kou, Hwee Kuan Lee, Teck Khim Ng, and Ee-Chien Chang. Enhancing transformation-based defenses using a distribution classifier. arXiv preprint arXiv:1906.00258, 2019."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00496"},{"key":"e_1_3_2_1_51_1","volume-title":"Defending adversarial attacks by correcting logits. arXiv preprint arXiv:1906.10973","author":"Li Yifeng","year":"2019","unstructured":"Yifeng Li , Lingxi Xie , Ya Zhang , Rui Zhang , Yanfeng Wang , and Qi Tian . Defending adversarial attacks by correcting logits. arXiv preprint arXiv:1906.10973 , 2019 . Yifeng Li, Lingxi Xie, Ya Zhang, Rui Zhang, Yanfeng Wang, and Qi Tian. Defending adversarial attacks by correcting logits. arXiv preprint arXiv:1906.10973, 2019."},{"key":"e_1_3_2_1_52_1","volume-title":"Defending against adversarial attacks through resilient feature regeneration. arXiv preprint arXiv:1906.03444","author":"Borkar Tejas","year":"2019","unstructured":"Tejas Borkar , Felix Heide , and Lina Karam . Defending against adversarial attacks through resilient feature regeneration. arXiv preprint arXiv:1906.03444 , 2019 . Tejas Borkar, Felix Heide, and Lina Karam. Defending against adversarial attacks through resilient feature regeneration. arXiv preprint arXiv:1906.03444, 2019."},{"key":"e_1_3_2_1_53_1","volume-title":"Detecting adversarial examples and other misclassifications in neural networks by introspection. arXiv preprint arXiv:1905.09186","author":"Aigrain Jonathan","year":"2019","unstructured":"Jonathan Aigrain and Marcin Detyniecki . Detecting adversarial examples and other misclassifications in neural networks by introspection. arXiv preprint arXiv:1905.09186 , 2019 . Jonathan Aigrain and Marcin Detyniecki. Detecting adversarial examples and other misclassifications in neural networks by introspection. arXiv preprint arXiv:1905.09186, 2019."},{"key":"e_1_3_2_1_54_1","volume-title":"Detecting and diagnosing adversarial images with class-conditional capsule reconstructions. arXiv preprint arXiv:1907.02957","author":"Qin Yao","year":"2019","unstructured":"Yao Qin , Nicholas Frosst , Sara Sabour , Colin Raffel , Garrison Cottrell , and Geoffrey Hinton . Detecting and diagnosing adversarial images with class-conditional capsule reconstructions. arXiv preprint arXiv:1907.02957 , 2019 . Yao Qin, Nicholas Frosst, Sara Sabour, Colin Raffel, Garrison Cottrell, and Geoffrey Hinton. Detecting and diagnosing adversarial images with class-conditional capsule reconstructions. arXiv preprint arXiv:1907.02957, 2019."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00715"},{"key":"e_1_3_2_1_56_1","volume-title":"Puvae: A variational autoencoder to purify adversarial examples. arXiv preprint arXiv:1903.00585","author":"Hwang Uiwon","year":"2019","unstructured":"Uiwon Hwang , Jaewoo Park , Hyemi Jang , Sungroh Yoon , and Nam Ik Cho . Puvae: A variational autoencoder to purify adversarial examples. arXiv preprint arXiv:1903.00585 , 2019 . Uiwon Hwang, Jaewoo Park, Hyemi Jang, Sungroh Yoon, and Nam Ik Cho. Puvae: A variational autoencoder to purify adversarial examples. arXiv preprint arXiv:1903.00585, 2019."},{"key":"e_1_3_2_1_57_1","volume-title":"Improving the robustness of deep neural networks via adversarial training with triplet loss. arXiv preprint arXiv:1905.11713","author":"Li Pengcheng","year":"2019","unstructured":"Pengcheng Li , Jinfeng Yi , Bowen Zhou , and Lijun Zhang . Improving the robustness of deep neural networks via adversarial training with triplet loss. arXiv preprint arXiv:1905.11713 , 2019 . Pengcheng Li, Jinfeng Yi, Bowen Zhou, and Lijun Zhang. Improving the robustness of deep neural networks via adversarial training with triplet loss. arXiv preprint arXiv:1905.11713, 2019."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00068"},{"key":"e_1_3_2_1_59_1","volume-title":"Defense against adversarial attacks using feature scattering-based adversarial training. arXiv preprint arXiv:1907.10764","author":"Zhang Haichao","year":"2019","unstructured":"Haichao Zhang and Jianyu Wang . Defense against adversarial attacks using feature scattering-based adversarial training. arXiv preprint arXiv:1907.10764 , 2019 . Haichao Zhang and Jianyu Wang. Defense against adversarial attacks using feature scattering-based adversarial training. arXiv preprint arXiv:1907.10764, 2019."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2019.00030"},{"key":"e_1_3_2_1_61_1","first-page":"17","volume-title":"The 49th Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Sharma Hardik","unstructured":"Hardik Sharma , Jongse Park , Divya Mahajan , Emmanuel Amaro , Joon Kyung Kim , Chenkai Shao , Asit Mishra , and Hadi Esmaeilzadeh . From high-level deep neural models to fpgas . In The 49th Annual IEEE\/ACM International Symposium on Microarchitecture , page 17 . IEEE Press, 2016. Hardik Sharma, Jongse Park, Divya Mahajan, Emmanuel Amaro, Joon Kyung Kim, Chenkai Shao, Asit Mishra, and Hadi Esmaeilzadeh. From high-level deep neural models to fpgas. In The 49th Annual IEEE\/ACM International Symposium on Microarchitecture, page 17. IEEE Press, 2016."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/3007787.3001179"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2018.00069"},{"key":"e_1_3_2_1_64_1","unstructured":"NVIDIA. Hardware architectural specification. http:\/\/nvdla.org\/hw\/v1\/hwarch.html 2018.  NVIDIA. Hardware architectural specification. http:\/\/nvdla.org\/hw\/v1\/hwarch.html 2018."},{"key":"e_1_3_2_1_65_1","unstructured":"NVIDIA. Unit description. http:\/\/nvdla.org\/hw\/v1\/ias\/unit_description.html#tab-sdp-supported-use-scenarios 2018.  NVIDIA. Unit description. http:\/\/nvdla.org\/hw\/v1\/ias\/unit_description.html#tab-sdp-supported-use-scenarios 2018."},{"key":"e_1_3_2_1_66_1","unstructured":"NVIDIA. Nvdla primer. http:\/\/nvdla.org\/primer.html 2018.  NVIDIA. Nvdla primer. http:\/\/nvdla.org\/primer.html 2018."},{"key":"e_1_3_2_1_67_1","volume-title":"https:\/\/github.com\/nvdla\/hw","author":"NVIDIA.","year":"2018","unstructured":"NVIDIA. Nvdla-hw. https:\/\/github.com\/nvdla\/hw , 2018 . NVIDIA. Nvdla-hw. https:\/\/github.com\/nvdla\/hw, 2018."},{"key":"e_1_3_2_1_68_1","volume-title":"User-level isa, version 2.0. Technical report","author":"Waterman Andrew","year":"2014","unstructured":"Andrew Waterman , Yunsup Lee , David A Patterson , and Krste Asanovi . The riscv instruction set manual . volume 1 : User-level isa, version 2.0. Technical report , CALIFORNIA UNIV BERKELEY DEPT OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCES , 2014 . Andrew Waterman, Yunsup Lee, David A Patterson, and Krste Asanovi. The riscv instruction set manual. volume 1: User-level isa, version 2.0. Technical report, CALIFORNIA UNIV BERKELEY DEPT OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCES, 2014."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2007.30"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.690"},{"key":"e_1_3_2_1_71_1","first-page":"1097","volume-title":"Advances in neural information processing systems","author":"Krizhevsky Alex","year":"2012","unstructured":"Alex Krizhevsky , Ilya Sutskever , and Geoffrey E Hinton . Imagenet classification with deep convolutional neural networks . In Advances in neural information processing systems , pages 1097 -- 1105 , 2012 . Alex Krizhevsky, Ilya Sutskever, and Geoffrey E Hinton. Imagenet classification with deep convolutional neural networks. In Advances in neural information processing systems, pages 1097--1105, 2012."},{"key":"e_1_3_2_1_72_1","volume-title":"Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556","author":"Simonyan Karen","year":"2014","unstructured":"Karen Simonyan and Andrew Zisserman . Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 , 2014 . Karen Simonyan and Andrew Zisserman. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556, 2014."},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2015.7298594"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_1_75_1","first-page":"1","volume-title":"2018 IEEE\/ACM International Conference on Computer-Aided Design (ICCAD)","author":"Rouhani Bita Darvish","year":"2018","unstructured":"Bita Darvish Rouhani , Mohammad Samragh , Mojan Javaheripi , Tara Javidi , and Farinaz Koushanfar . Deepfense : Online accelerated defense against adversarial deep learning . In 2018 IEEE\/ACM International Conference on Computer-Aided Design (ICCAD) , pages 1 -- 8 . IEEE, 2018 . Bita Darvish Rouhani, Mohammad Samragh, Mojan Javaheripi, Tara Javidi, and Farinaz Koushanfar. Deepfense: Online accelerated defense against adversarial deep learning. In 2018 IEEE\/ACM International Conference on Computer-Aided Design (ICCAD), pages 1--8. IEEE, 2018."},{"key":"e_1_3_2_1_76_1","volume-title":"Deep neural rejection against adversarial examples. arXiv preprint arXiv:1910.00470","author":"Sotgiu Angelo","year":"2019","unstructured":"Angelo Sotgiu , Ambra Demontis , Marco Melis , Battista Biggio , Giorgio Fumera , Xiaoyi Feng , and Fabio Roli . Deep neural rejection against adversarial examples. arXiv preprint arXiv:1910.00470 , 2019 . Angelo Sotgiu, Ambra Demontis, Marco Melis, Battista Biggio, Giorgio Fumera, Xiaoyi Feng, and Fabio Roli. Deep neural rejection against adversarial examples. arXiv preprint arXiv:1910.00470, 2019."},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/3343031.3351012"},{"key":"e_1_3_2_1_78_1","volume-title":"Defense-gan: Protecting classifiers against adversarial attacks using generative models. arXiv preprint arXiv:1805.06605","author":"Samangouei Pouya","year":"2018","unstructured":"Pouya Samangouei , Maya Kabkab , and Rama Chellappa . Defense-gan: Protecting classifiers against adversarial attacks using generative models. arXiv preprint arXiv:1805.06605 , 2018 . Pouya Samangouei, Maya Kabkab, and Rama Chellappa. Defense-gan: Protecting classifiers against adversarial attacks using generative models. arXiv preprint arXiv:1805.06605, 2018."},{"key":"e_1_3_2_1_79_1","volume-title":"Scale-sim: Systolic cnn accelerator. arXiv preprint arXiv:1811.02883","author":"Samajdar Ananda","year":"2018","unstructured":"Ananda Samajdar , Yuhao Zhu , Paul Whatmough , Matthew Mattina , and Tushar Krishna . Scale-sim: Systolic cnn accelerator. arXiv preprint arXiv:1811.02883 , 2018 . Ananda Samajdar, Yuhao Zhu, Paul Whatmough, Matthew Mattina, and Tushar Krishna. Scale-sim: Systolic cnn accelerator. arXiv preprint arXiv:1811.02883, 2018."},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1109\/DAC.2018.8465773"},{"key":"e_1_3_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-018-0001-z"},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173162.3173176"},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/3123939.3124552"},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/3307650.3322226"},{"key":"e_1_3_2_1_85_1","volume-title":"Improving black-box adversarial attacks with a transfer-based prior. arXiv preprint arXiv:1906.06919","author":"Cheng Shuyu","year":"2019","unstructured":"Shuyu Cheng , Yinpeng Dong , Tianyu Pang , Hang Su , and Jun Zhu . Improving black-box adversarial attacks with a transfer-based prior. arXiv preprint arXiv:1906.06919 , 2019 . Shuyu Cheng, Yinpeng Dong, Tianyu Pang, Hang Su, and Jun Zhu. Improving black-box adversarial attacks with a transfer-based prior. arXiv preprint arXiv:1906.06919, 2019."},{"key":"e_1_3_2_1_86_1","volume-title":"Things you may not know about adversarial example: A black-box adversarial image attack. arXiv preprint arXiv:1905.07672","author":"Duan Yuchao","year":"2019","unstructured":"Yuchao Duan , Zhe Zhao , Lei Bu , and Fu Song . Things you may not know about adversarial example: A black-box adversarial image attack. arXiv preprint arXiv:1905.07672 , 2019 . Yuchao Duan, Zhe Zhao, Lei Bu, and Fu Song. Things you may not know about adversarial example: A black-box adversarial image attack. arXiv preprint arXiv:1905.07672, 2019."},{"key":"e_1_3_2_1_87_1","volume-title":"Defending against adversarial attacks through resilient feature regeneration. arXiv preprint arXiv:1906.03444","author":"Borkar Tejas","year":"2019","unstructured":"Tejas Borkar , Felix Heide , and Lina Karam . Defending against adversarial attacks through resilient feature regeneration. arXiv preprint arXiv:1906.03444 , 2019 . Tejas Borkar, Felix Heide, and Lina Karam. Defending against adversarial attacks through resilient feature regeneration. arXiv preprint arXiv:1906.03444, 2019."}],"event":{"name":"ASPLOS '20: Architectural Support for Programming Languages and Operating Systems","location":"Lausanne Switzerland","acronym":"ASPLOS '20","sponsor":["SIGPLAN ACM Special Interest Group on Programming Languages","SIGOPS ACM Special Interest Group on Operating Systems","SIGARCH ACM Special Interest Group on Computer Architecture","SIGBED ACM Special Interest Group on Embedded Systems"]},"container-title":["Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3373376.3378532","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3373376.3378532","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3373376.3378532","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:38:16Z","timestamp":1750199896000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3373376.3378532"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,3,9]]},"references-count":87,"alternative-id":["10.1145\/3373376.3378532","10.1145\/3373376"],"URL":"https:\/\/doi.org\/10.1145\/3373376.3378532","relation":{},"subject":[],"published":{"date-parts":[[2020,3,9]]},"assertion":[{"value":"2020-03-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}