{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T16:30:21Z","timestamp":1758817821916,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,10,12]],"date-time":"2020-10-12T00:00:00Z","timestamp":1602460800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,10,12]]},"DOI":"10.1145\/3394171.3413898","type":"proceedings-article","created":{"date-parts":[[2020,10,12]],"date-time":"2020-10-12T13:10:18Z","timestamp":1602508218000},"page":"1404-1412","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["DIPDefend: Deep Image Prior Driven Defense against Adversarial Examples"],"prefix":"10.1145","author":[{"given":"Tao","family":"Dai","sequence":"first","affiliation":[{"name":"Tsinghua University &amp; Peng Cheng Laboratory, Shenzhen, China"}]},{"given":"Yan","family":"Feng","sequence":"additional","affiliation":[{"name":"Tsinghua University &amp; Peng Cheng Laboratory, Shenzhen, China"}]},{"given":"Dongxian","family":"Wu","sequence":"additional","affiliation":[{"name":"Tsinghua University &amp; Peng Cheng Laboratory, Shenzhen, China"}]},{"given":"Bin","family":"Chen","sequence":"additional","affiliation":[{"name":"Tsinghua University &amp; Peng Cheng Laboratory, Shenzhen, China"}]},{"given":"Jian","family":"Lu","sequence":"additional","affiliation":[{"name":"Shenzhen University, Shenzhen, China"}]},{"given":"Yong","family":"Jiang","sequence":"additional","affiliation":[{"name":"Tsinghua University &amp; Peng Cheng Laboratory, Shenzhen, China"}]},{"given":"Shu-Tao","family":"Xia","sequence":"additional","affiliation":[{"name":"Tsinghua University &amp; Peng Cheng Laboratory, Shenzhen, China"}]}],"member":"320","published-online":{"date-parts":[[2020,10,12]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"Anish Athalye Nicholas Carlini and David Wagner. 2018. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. In ICML.  Anish Athalye Nicholas Carlini and David Wagner. 2018. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. In ICML."},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"crossref","unstructured":"Yang Bai Yan Feng Wang Yisen Tao Dai Shu-Tao Xia and Yong Jiang. 2019. Hilbert-Based Generative Defense for Adversarial Examples. In ICCV.  Yang Bai Yan Feng Wang Yisen Tao Dai Shu-Tao Xia and Yong Jiang. 2019. Hilbert-Based Generative Defense for Adversarial Examples. In ICCV.","DOI":"10.1109\/ICCV.2019.00488"},{"key":"e_1_3_2_2_3_1","volume-title":"Davide Del Testa","author":"Bojarski Mariusz","year":"2016","unstructured":"Mariusz Bojarski , Davide Del Testa , Daniel Dworakowski, Bernhard Firner , Beat Flepp, Prasoon Goyal, Lawrence D Jackel, Mathew Monfort, Urs Muller, Jiakai Zhang, et al. 2016 . End to end learning for self-driving cars. arXiv preprint arXiv:1604.07316 (2016). Mariusz Bojarski, Davide Del Testa, Daniel Dworakowski, Bernhard Firner, Beat Flepp, Prasoon Goyal, Lawrence D Jackel, Mathew Monfort, Urs Muller, Jiakai Zhang, et al. 2016. End to end learning for self-driving cars. arXiv preprint arXiv:1604.07316 (2016)."},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"crossref","unstructured":"Wagner D Carlini N. 2017. Towards Evaluating the Robustness of Neural Networks. In Security and Privacy.  Wagner D Carlini N. 2017. Towards Evaluating the Robustness of Neural Networks. In Security and Privacy.","DOI":"10.1109\/SP.2017.49"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"crossref","unstructured":"Tao Dai Jianrui Cai Yongbing Zhang Shu-Tao Xia and Lei Zhang. 2019. Second-order Attention Network for Single Image Super-Resolution. In CVPR.  Tao Dai Jianrui Cai Yongbing Zhang Shu-Tao Xia and Lei Zhang. 2019. Second-order Attention Network for Single Image Super-Resolution. In CVPR.","DOI":"10.1109\/CVPR.2019.01132"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"crossref","unstructured":"Yinpeng Dong Fangzhou Liao Tianyu Pang Hang Su Jun Zhu Xiaolin Hu and Jianguo Li. 2018. Boosting adversarial attacks with momentum. In CVPR.  Yinpeng Dong Fangzhou Liao Tianyu Pang Hang Su Jun Zhu Xiaolin Hu and Jianguo Li. 2018. Boosting adversarial attacks with momentum. In CVPR.","DOI":"10.1109\/CVPR.2018.00957"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"crossref","unstructured":"Yinpeng Dong Tianyu Pang Hang Su and Jun Zhu. 2019. Evading Defenses to Transferable Adversarial Examples by Translation-Invariant Attacks. In CVPR.  Yinpeng Dong Tianyu Pang Hang Su and Jun Zhu. 2019. Evading Defenses to Transferable Adversarial Examples by Translation-Invariant Attacks. In CVPR.","DOI":"10.1109\/CVPR.2019.00444"},{"key":"e_1_3_2_2_8_1","volume-title":"Learning Perceptually-Aligned Representations via Adversarial Robustness. arXiv preprint arXiv:1906.00945","author":"Engstrom Logan","year":"2019","unstructured":"Logan Engstrom , Andrew Ilyas , Shibani Santurkar , Dimitris Tsipras , Brandon Tran , and Aleksander Madry . 2019. Learning Perceptually-Aligned Representations via Adversarial Robustness. arXiv preprint arXiv:1906.00945 ( 2019 ). Logan Engstrom, Andrew Ilyas, Shibani Santurkar, Dimitris Tsipras, Brandon Tran, and Aleksander Madry. 2019. Learning Perceptually-Aligned Representations via Adversarial Robustness. arXiv preprint arXiv:1906.00945 (2019)."},{"key":"e_1_3_2_2_9_1","volume-title":"Unsupervised Image Decomposition via Coupled Deep-Image-Priors. CVPR","author":"Gandelsman Yossi","year":"2019","unstructured":"Yossi Gandelsman , Assaf Shocher , and Michal Irani . 2019. \" Double-DIP\" : Unsupervised Image Decomposition via Coupled Deep-Image-Priors. CVPR ( 2019 ). Yossi Gandelsman, Assaf Shocher, and Michal Irani. 2019. \" Double-DIP\": Unsupervised Image Decomposition via Coupled Deep-Image-Priors. CVPR (2019)."},{"key":"e_1_3_2_2_10_1","unstructured":"Ian J. Goodfellow Jonathon Shlens and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. In ICLR.  Ian J. Goodfellow Jonathon Shlens and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. In ICLR."},{"key":"e_1_3_2_2_11_1","unstructured":"Paul Goodwin et al. 2010. The holt-winters approach to exponential smoothing: 50 years old and going strong. Foresight (2010).  Paul Goodwin et al. 2010. The holt-winters approach to exponential smoothing: 50 years old and going strong. Foresight (2010)."},{"key":"e_1_3_2_2_12_1","unstructured":"Chuan Guo Mayank Rana Moustapha Cisse and Laurens van der Maaten. 2018. Countering adversarial images using input transformations. In ICLR.  Chuan Guo Mayank Rana Moustapha Cisse and Laurens van der Maaten. 2018. Countering adversarial images using input transformations. In ICLR."},{"volume-title":"Identity mappings in deep residual networks","author":"He Kaiming","key":"e_1_3_2_2_13_1","unstructured":"Kaiming He , Xiangyu Zhang , Shaoqing Ren , and Jian Sun . 2016. Identity mappings in deep residual networks . In ECCV. Springer . Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Identity mappings in deep residual networks. In ECCV. Springer."},{"key":"e_1_3_2_2_14_1","volume-title":"Adversarial examples are not bugs, they are features. arXiv preprint arXiv:1905.02175","author":"Ilyas Andrew","year":"2019","unstructured":"Andrew Ilyas , Shibani Santurkar , Dimitris Tsipras , Logan Engstrom , Brandon Tran , and Aleksander Madry . 2019. Adversarial examples are not bugs, they are features. arXiv preprint arXiv:1905.02175 ( 2019 ). Andrew Ilyas, Shibani Santurkar, Dimitris Tsipras, Logan Engstrom, Brandon Tran, and Aleksander Madry. 2019. Adversarial examples are not bugs, they are features. arXiv preprint arXiv:1905.02175 (2019)."},{"key":"e_1_3_2_2_15_1","unstructured":"Xiaojun Jia Xingxing Wei Xiaochun Cao and Hassan Foroosh. 2019. ComDefend: An Efficient Image Compression Model to Defend Adversarial Examples. In CVPR.  Xiaojun Jia Xingxing Wei Xiaochun Cao and Hassan Foroosh. 2019. ComDefend: An Efficient Image Compression Model to Defend Adversarial Examples. In CVPR."},{"key":"e_1_3_2_2_16_1","unstructured":"Alex Krizhevsky Ilya Sutskever and Geoffrey E Hinton. 2012. Imagenet classification with deep convolutional neural networks. In NIPS.  Alex Krizhevsky Ilya Sutskever and Geoffrey E Hinton. 2012. Imagenet classification with deep convolutional neural networks. In NIPS."},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"crossref","unstructured":"Nupur Kumari Mayank Singh Abhishek Sinha Harshitha Machiraju Balaji Krishnamurthy and Vineeth N Balasubramanian. 2019. Harnessing the vulnerability of latent layers in adversarially trained models. In IJCAI.  Nupur Kumari Mayank Singh Abhishek Sinha Harshitha Machiraju Balaji Krishnamurthy and Vineeth N Balasubramanian. 2019. Harnessing the vulnerability of latent layers in adversarially trained models. In IJCAI.","DOI":"10.24963\/ijcai.2019\/385"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"crossref","unstructured":"Alexey Kurakin Ian Goodfellow and Samy Bengio. 2017a. Adversarial examples in the physical world. In ICLR.  Alexey Kurakin Ian Goodfellow and Samy Bengio. 2017a. Adversarial examples in the physical world. In ICLR.","DOI":"10.1201\/9781351251389-8"},{"key":"e_1_3_2_2_19_1","unstructured":"Alexey Kurakin Ian Goodfellow and Samy Bengio. 2017b. Adversarial machine learning at scale. In ICLR.  Alexey Kurakin Ian Goodfellow and Samy Bengio. 2017b. Adversarial machine learning at scale. In ICLR."},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"crossref","unstructured":"Fangzhou Liao Ming Liang Yinpeng Dong Tianyu Pang Xiaolin Hu and Jun Zhu. 2018. Defense against adversarial attacks using high-level representation guided denoiser. In CVPR.  Fangzhou Liao Ming Liang Yinpeng Dong Tianyu Pang Xiaolin Hu and Jun Zhu. 2018. Defense against adversarial attacks using high-level representation guided denoiser. In CVPR.","DOI":"10.1109\/CVPR.2018.00191"},{"key":"e_1_3_2_2_21_1","volume-title":"White-Box Adversarial Defense via Self-Supervised Data Estimation. arXiv preprint arXiv:1909.06271","author":"Lin Zudi","year":"2019","unstructured":"Zudi Lin , Hanspeter Pfister , and Ziming Zhang . 2019. White-Box Adversarial Defense via Self-Supervised Data Estimation. arXiv preprint arXiv:1909.06271 ( 2019 ). Zudi Lin, Hanspeter Pfister, and Ziming Zhang. 2019. White-Box Adversarial Defense via Self-Supervised Data Estimation. arXiv preprint arXiv:1909.06271 (2019)."},{"key":"e_1_3_2_2_22_1","volume-title":"Auto-deeplab: Hierarchical neural architecture search for semantic image segmentation. In CVPR.","author":"Liu Chenxi","year":"2019","unstructured":"Chenxi Liu , Liang-Chieh Chen , Florian Schroff , Hartwig Adam , Wei Hua , Alan L Yuille , and Li Fei-Fei . 2019 . Auto-deeplab: Hierarchical neural architecture search for semantic image segmentation. In CVPR. Chenxi Liu, Liang-Chieh Chen, Florian Schroff, Hartwig Adam, Wei Hua, Alan L Yuille, and Li Fei-Fei. 2019. Auto-deeplab: Hierarchical neural architecture search for semantic image segmentation. In CVPR."},{"key":"e_1_3_2_2_23_1","volume-title":"Feature Distillation: DNN-Oriented JPEG Compression Against Adversarial Examples. In CVPR.","author":"Liu Zihao","year":"2019","unstructured":"Zihao Liu . 2019 . Feature Distillation: DNN-Oriented JPEG Compression Against Adversarial Examples. In CVPR. Zihao Liu. 2019. Feature Distillation: DNN-Oriented JPEG Compression Against Adversarial Examples. In CVPR."},{"key":"e_1_3_2_2_24_1","unstructured":"Aleksander Madry Aleksandar Makelov Ludwig Schmidt Dimitris Tsipras and Adrian Vladu. 2018. Towards deep learning models resistant to adversarial attacks. In ICLR.  Aleksander Madry Aleksandar Makelov Ludwig Schmidt Dimitris Tsipras and Adrian Vladu. 2018. Towards deep learning models resistant to adversarial attacks. In ICLR."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"crossref","unstructured":"Seyed-Mohsen Moosavi-Dezfooli Alhussein Fawzi and Pascal Frossard. 2016. Deepfool: a simple and accurate method to fool deep neural networks. In CVPR.  Seyed-Mohsen Moosavi-Dezfooli Alhussein Fawzi and Pascal Frossard. 2016. Deepfool: a simple and accurate method to fool deep neural networks. In CVPR.","DOI":"10.1109\/CVPR.2016.282"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"crossref","unstructured":"Nicolas Papernot Patrick McDaniel Somesh Jha Matt Fredrikson Z Berkay Celik and Ananthram Swami. 2016a. The limitations of deep learning in adversarial settings. In EuroS&P.  Nicolas Papernot Patrick McDaniel Somesh Jha Matt Fredrikson Z Berkay Celik and Ananthram Swami. 2016a. The limitations of deep learning in adversarial settings. In EuroS&P.","DOI":"10.1109\/EuroSP.2016.36"},{"volume-title":"Distillation as a defense to adversarial perturbations against deep neural networks","author":"Papernot Nicolas","key":"e_1_3_2_2_27_1","unstructured":"Nicolas Papernot , Patrick McDaniel , Xi Wu , Somesh Jha , and Ananthram Swami . 2016b. Distillation as a defense to adversarial perturbations against deep neural networks . In SP. IEEE. Nicolas Papernot, Patrick McDaniel, Xi Wu, Somesh Jha, and Ananthram Swami. 2016b. Distillation as a defense to adversarial perturbations against deep neural networks. In SP. IEEE."},{"key":"e_1_3_2_2_28_1","unstructured":"Pouya Samangouei Maya Kabkab and Rama Chellappa. 2018. Defense-GAN: Protecting classifiers against adversarial attacks using generative models. In ICLR.  Pouya Samangouei Maya Kabkab and Rama Chellappa. 2018. Defense-GAN: Protecting classifiers against adversarial attacks using generative models. In ICLR."},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"crossref","unstructured":"Zezhou Cheng Matheus Gadelha Subhransu Maji Daniel Sheldon. 2019. A bayesian perspective on the Deep Image Prior. In CVPR.  Zezhou Cheng Matheus Gadelha Subhransu Maji Daniel Sheldon. 2019. A bayesian perspective on the Deep Image Prior. In CVPR.","DOI":"10.1109\/CVPR.2019.00559"},{"key":"e_1_3_2_2_30_1","unstructured":"Yang Song Taesup Kim Stefano Ermon and Nate Kushman. 2018. PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples. In ICLR.  Yang Song Taesup Kim Stefano Ermon and Nate Kushman. 2018. PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples. In ICLR."},{"key":"e_1_3_2_2_31_1","unstructured":"Christian Szegedy Wojciech Zaremba Ilya Sutskever Joan Bruna Dumitru Erhan Ian Goodfellow and Rob Fergus. 2014. Intriguing properties of neural networks. In ICLR.  Christian Szegedy Wojciech Zaremba Ilya Sutskever Joan Bruna Dumitru Erhan Ian Goodfellow and Rob Fergus. 2014. Intriguing properties of neural networks. In ICLR."},{"key":"e_1_3_2_2_32_1","unstructured":"Florian Tram\u00e8r Alexey Kurakin Nicolas Papernot Ian Goodfellow Dan Boneh and Patrick McDaniel. 2018. Ensemble adversarial training: Attacks and defenses. In ICLR.  Florian Tram\u00e8r Alexey Kurakin Nicolas Papernot Ian Goodfellow Dan Boneh and Patrick McDaniel. 2018. Ensemble adversarial training: Attacks and defenses. In ICLR."},{"key":"e_1_3_2_2_33_1","unstructured":"Dimitris Tsipras Shibani Santurkar Logan Engstrom Alexander Turner and Aleksander Madry. [n. d.]. Robustness may be at odds with accuracy. In ICLR.  Dimitris Tsipras Shibani Santurkar Logan Engstrom Alexander Turner and Aleksander Madry. [n. d.]. Robustness may be at odds with accuracy. In ICLR."},{"key":"e_1_3_2_2_34_1","unstructured":"Dmitry Ulyanov Andrea Vedaldi and Victor Lempitsky. 2018. Deep image prior. In CVPR.  Dmitry Ulyanov Andrea Vedaldi and Victor Lempitsky. 2018. Deep image prior. In CVPR."},{"key":"e_1_3_2_2_35_1","volume-title":"Spatially transformed adversarial examples. arXiv preprint arXiv:1801.02612","author":"Xiao Chaowei","year":"2018","unstructured":"Chaowei Xiao , Jun-Yan Zhu , Bo Li , Warren He , Mingyan Liu , and Dawn Song . 2018. Spatially transformed adversarial examples. arXiv preprint arXiv:1801.02612 ( 2018 ). Chaowei Xiao, Jun-Yan Zhu, Bo Li, Warren He, Mingyan Liu, and Dawn Song. 2018. Spatially transformed adversarial examples. arXiv preprint arXiv:1801.02612 (2018)."},{"key":"e_1_3_2_2_36_1","unstructured":"Cihang Xie Yuxin Wu Laurens van der Maaten Alan L Yuille and Kaiming He. 2019 a. Feature denoising for improving adversarial robustness. In CVPR.  Cihang Xie Yuxin Wu Laurens van der Maaten Alan L Yuille and Kaiming He. 2019 a. Feature denoising for improving adversarial robustness. In CVPR."},{"key":"e_1_3_2_2_37_1","unstructured":"Cihang Xie Zhishuai Zhang Yuyin Zhou Song Bai Jianyu Wang Zhou Ren and Alan L Yuille. 2019 b. Improving transferability of adversarial examples with input diversity. In CVPR.  Cihang Xie Zhishuai Zhang Yuyin Zhou Song Bai Jianyu Wang Zhou Ren and Alan L Yuille. 2019 b. Improving transferability of adversarial examples with input diversity. In CVPR."},{"key":"e_1_3_2_2_38_1","volume-title":"Feature squeezing: Detecting adversarial examples in deep neural networks. arXiv preprint arXiv:1704.01155","author":"Xu Weilin","year":"2017","unstructured":"Weilin Xu , David Evans , and Yanjun Qi. 2017. Feature squeezing: Detecting adversarial examples in deep neural networks. arXiv preprint arXiv:1704.01155 ( 2017 ). Weilin Xu, David Evans, and Yanjun Qi. 2017. Feature squeezing: Detecting adversarial examples in deep neural networks. arXiv preprint arXiv:1704.01155 (2017)."}],"event":{"name":"MM '20: The 28th ACM International Conference on Multimedia","sponsor":["SIGMM ACM Special Interest Group on Multimedia"],"location":"Seattle WA USA","acronym":"MM '20"},"container-title":["Proceedings of the 28th ACM International Conference on Multimedia"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3394171.3413898","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3394171.3413898","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:32:06Z","timestamp":1750195926000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3394171.3413898"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10,12]]},"references-count":38,"alternative-id":["10.1145\/3394171.3413898","10.1145\/3394171"],"URL":"https:\/\/doi.org\/10.1145\/3394171.3413898","relation":{},"subject":[],"published":{"date-parts":[[2020,10,12]]},"assertion":[{"value":"2020-10-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}