{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:26:25Z","timestamp":1750220785344,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,8,20]],"date-time":"2020-08-20T00:00:00Z","timestamp":1597881600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"the National Natural Science Foundation of China","award":["Grant No.61572059"],"award-info":[{"award-number":["Grant No.61572059"]}]},{"name":"the Fundamental Research Funds for the Central Universities","award":["YWF-20-BJ-J-839"],"award-info":[{"award-number":["YWF-20-BJ-J-839"]}]},{"name":"the National Key R&D Program of China","award":["Grant No. 2019YFB2102100"],"award-info":[{"award-number":["Grant No. 2019YFB2102100"]}]},{"name":"the National Special Program on Inno- vation Methodologies","award":["SQ2019IM4910001"],"award-info":[{"award-number":["SQ2019IM4910001"]}]},{"name":"the National Nat- ural Science Foundation of China","award":["71531001, 71725002, U1636210, 71490723"],"award-info":[{"award-number":["71531001, 71725002, U1636210, 71490723"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,8,23]]},"DOI":"10.1145\/3394486.3403044","type":"proceedings-article","created":{"date-parts":[[2020,8,20]],"date-time":"2020-08-20T23:15:22Z","timestamp":1597965322000},"page":"15-24","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Interpretability is a Kind of Safety: An Interpreter-based Ensemble for Adversary Defense"],"prefix":"10.1145","author":[{"given":"Jingyuan","family":"Wang","sequence":"first","affiliation":[{"name":"Beihang University, Beijing, China"}]},{"given":"Yufan","family":"Wu","sequence":"additional","affiliation":[{"name":"Beihang University, Beijing, China"}]},{"given":"Mingxuan","family":"Li","sequence":"additional","affiliation":[{"name":"Beihang University, Beijing, China"}]},{"given":"Xin","family":"Lin","sequence":"additional","affiliation":[{"name":"Beihang University, Beijing, China"}]},{"given":"Junjie","family":"Wu","sequence":"additional","affiliation":[{"name":"Beihang University, Beijing, China"}]},{"given":"Chao","family":"Li","sequence":"additional","affiliation":[{"name":"Beihang University, Beijing, China"}]}],"member":"320","published-online":{"date-parts":[[2020,8,20]]},"reference":[{"doi-asserted-by":"publisher","key":"e_1_3_2_2_1_1","DOI":"10.1109\/ACCESS.2018.2807385"},{"key":"e_1_3_2_2_2_1","volume-title":"Goodfellow","author":"Buckman Jacob","year":"2018","unstructured":"Jacob Buckman , Aurko Roy , Colin Raffel , and Ian J . Goodfellow . 2018 . Thermometer Encoding : One Hot Way To Resist Adversarial Examples. In ICLR '18. Jacob Buckman, Aurko Roy, Colin Raffel, and Ian J. Goodfellow. 2018. Thermometer Encoding: One Hot Way To Resist Adversarial Examples. In ICLR'18."},{"doi-asserted-by":"publisher","key":"e_1_3_2_2_3_1","DOI":"10.1145\/3128572.3140444"},{"doi-asserted-by":"publisher","key":"e_1_3_2_2_4_1","DOI":"10.1109\/SP.2017.49"},{"volume-title":"ImageNet: A Large-Scale Hierarchical Image Database. In CVPR'09","author":"Deng J.","unstructured":"J. Deng , W. Dong , R. Socher , L.-J. Li , K. Li , and L. Fei-Fei . 2009 . ImageNet: A Large-Scale Hierarchical Image Database. In CVPR'09 . J. Deng, W. Dong, R. Socher, L.-J. Li, K. Li, and L. Fei-Fei. 2009. ImageNet: A Large-Scale Hierarchical Image Database. In CVPR'09.","key":"e_1_3_2_2_5_1"},{"unstructured":"Christian Etmann Sebastian Lunz Peter Maass and Carola Schoenlieb. 2019. On the Connection Between Adversarial Robustness and Saliency Map Interpretability. In ICML. 1823--1832.  Christian Etmann Sebastian Lunz Peter Maass and Carola Schoenlieb. 2019. On the Connection Between Adversarial Robustness and Saliency Map Interpretability. In ICML. 1823--1832.","key":"e_1_3_2_2_6_1"},{"unstructured":"Ian Goodfellow Jonathon Shlens and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In ICLR.  Ian Goodfellow Jonathon Shlens and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In ICLR.","key":"e_1_3_2_2_7_1"},{"key":"e_1_3_2_2_8_1","volume-title":"Saliency methods for explaining adversarial attacks. arXiv preprint arXiv:1908.08413","author":"Gu Jindong","year":"2019","unstructured":"Jindong Gu and Volker Tresp . 2019. Saliency methods for explaining adversarial attacks. arXiv preprint arXiv:1908.08413 ( 2019 ). Jindong Gu and Volker Tresp. 2019. Saliency methods for explaining adversarial attacks. arXiv preprint arXiv:1908.08413 (2019)."},{"doi-asserted-by":"publisher","key":"e_1_3_2_2_9_1","DOI":"10.1145\/3236009"},{"key":"e_1_3_2_2_10_1","volume-title":"Countering Adversarial Images using Input Transformations. CoRR","author":"Guo Chuan","year":"2017","unstructured":"Chuan Guo , Mayank Rana , Moustapha Ciss\u00e9 , and Laurens van der Maaten . 2017. Countering Adversarial Images using Input Transformations. CoRR , Vol. abs\/ 1711 .00117 ( 2017 ). arxiv: 1711.00117 http:\/\/arxiv.org\/abs\/1711.00117 Chuan Guo, Mayank Rana, Moustapha Ciss\u00e9, and Laurens van der Maaten. 2017. Countering Adversarial Images using Input Transformations. CoRR, Vol. abs\/1711.00117 (2017). arxiv: 1711.00117 http:\/\/arxiv.org\/abs\/1711.00117"},{"volume-title":"ICLR'18","author":"Guo Chuan","unstructured":"Chuan Guo , Mayank Rana , Moustapha Ciss\u00e9 , and Laurens van der Maaten. 2018. Countering Adversarial Images using Input Transformations . In ICLR'18 . Chuan Guo, Mayank Rana, Moustapha Ciss\u00e9, and Laurens van der Maaten. 2018. Countering Adversarial Images using Input Transformations. In ICLR'18.","key":"e_1_3_2_2_11_1"},{"key":"e_1_3_2_2_12_1","volume-title":"ROD-Revenue: Seeking Strategies Analysis and Revenue Prediction in Ride-on-demand Service Using Multi-source Urban Data","author":"Guo Suiming","year":"2019","unstructured":"Suiming Guo , Chao Chen , Jingyuan Wang , Yaxiao Liu , Xu Ke , Zhiwen Yu , Daqing Zhang , and Dah-Ming Chiu . 2019. ROD-Revenue: Seeking Strategies Analysis and Revenue Prediction in Ride-on-demand Service Using Multi-source Urban Data . IEEE Transactions on Mobile Computing ( 2019 ). Suiming Guo, Chao Chen, Jingyuan Wang, Yaxiao Liu, Xu Ke, Zhiwen Yu, Daqing Zhang, and Dah-Ming Chiu. 2019. ROD-Revenue: Seeking Strategies Analysis and Revenue Prediction in Ride-on-demand Service Using Multi-source Urban Data. IEEE Transactions on Mobile Computing (2019)."},{"doi-asserted-by":"crossref","unstructured":"Kaiming He Xiangyu Zhang Shaoqing Ren and Jian Sun. 2016. Deep Residual Learning for Image Recognition. In CVPR'. 770--778. https:\/\/doi.org\/10.1109\/CVPR.2016.90 10.1109\/CVPR.2016.90","key":"#cr-split#-e_1_3_2_2_13_1.1","DOI":"10.1109\/CVPR.2016.90"},{"doi-asserted-by":"crossref","unstructured":"Kaiming He Xiangyu Zhang Shaoqing Ren and Jian Sun. 2016. Deep Residual Learning for Image Recognition. In CVPR'. 770--778. https:\/\/doi.org\/10.1109\/CVPR.2016.90","key":"#cr-split#-e_1_3_2_2_13_1.2","DOI":"10.1109\/CVPR.2016.90"},{"unstructured":"Shengyuan Hu Tao Yu Chuan Guo Wei-Lun Chao and Kilian Q Weinberger. 2019. A New Defense Against Adversarial Images: Turning a Weakness into a Strength. In NeurIPS'19. 1633--1644.  Shengyuan Hu Tao Yu Chuan Guo Wei-Lun Chao and Kilian Q Weinberger. 2019. A New Defense Against Adversarial Images: Turning a Weakness into a Strength. In NeurIPS'19. 1633--1644.","key":"e_1_3_2_2_14_1"},{"unstructured":"Alex Krizhevsky et al. 2009. Learning multiple layers of features from tiny images. Technical Report.  Alex Krizhevsky et al. 2009. Learning multiple layers of features from tiny images. Technical Report.","key":"e_1_3_2_2_15_1"},{"unstructured":"Kimin Lee Kibok Lee Honglak Lee and Jinwoo Shin. 2018. A simple unified framework for detecting out-of-distribution samples and adversarial attacks. In NeurIPS'18. 7167--7177.  Kimin Lee Kibok Lee Honglak Lee and Jinwoo Shin. 2018. A simple unified framework for detecting out-of-distribution samples and adversarial attacks. In NeurIPS'18. 7167--7177.","key":"e_1_3_2_2_16_1"},{"key":"e_1_3_2_2_17_1","volume-title":"Delving into transferable adversarial examples and black-box attacks. arXiv preprint arXiv:1611.02770","author":"Liu Yanpei","year":"2016","unstructured":"Yanpei Liu , Xinyun Chen , Chang Liu , and Dawn Song . 2016. Delving into transferable adversarial examples and black-box attacks. arXiv preprint arXiv:1611.02770 ( 2016 ). Yanpei Liu, Xinyun Chen, Chang Liu, and Dawn Song. 2016. Delving into transferable adversarial examples and black-box attacks. arXiv preprint arXiv:1611.02770 (2016)."},{"unstructured":"Aleksander Madry Aleksandar Makelov Ludwig Schmidt Dimitris Tsipras and Adrian Vladu. 2018. Towards deep learning models resistant to adversarial attacks. In ICLR.  Aleksander Madry Aleksandar Makelov Ludwig Schmidt Dimitris Tsipras and Adrian Vladu. 2018. Towards deep learning models resistant to adversarial attacks. In ICLR.","key":"e_1_3_2_2_18_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_2_19_1","DOI":"10.1145\/3133956.3134057"},{"volume-title":"Explainable AI: Interpreting, Explaining and Visualizing Deep Learning","author":"Montavon Gr\u00e9goire","unstructured":"Gr\u00e9goire Montavon , Alexander Binder , Sebastian Lapuschkin , Wojciech Samek , and Klaus-Robert M\u00fcller . 2019. Layer-wise relevance propagation: an overview . In Explainable AI: Interpreting, Explaining and Visualizing Deep Learning . Springer , 193--209. Gr\u00e9goire Montavon, Alexander Binder, Sebastian Lapuschkin, Wojciech Samek, and Klaus-Robert M\u00fcller. 2019. Layer-wise relevance propagation: an overview. In Explainable AI: Interpreting, Explaining and Visualizing Deep Learning. Springer, 193--209.","key":"e_1_3_2_2_20_1"},{"doi-asserted-by":"crossref","unstructured":"Seyed-Mohsen Moosavi-Dezfooli Alhussein Fawzi and Pascal Frossard. 2016. Deepfool: a simple and accurate method to fool deep neural networks. In CVPR. 2574--2582.  Seyed-Mohsen Moosavi-Dezfooli Alhussein Fawzi and Pascal Frossard. 2016. Deepfool: a simple and accurate method to fool deep neural networks. In CVPR. 2574--2582.","key":"e_1_3_2_2_21_1","DOI":"10.1109\/CVPR.2016.282"},{"key":"e_1_3_2_2_22_1","volume-title":"Robert Sabourin, and Eric Granger.","author":"Rony J\u00e9r\u00f4me","year":"2019","unstructured":"J\u00e9r\u00f4me Rony , Luiz G Hafemann , Luiz S Oliveira , Ismail Ben Ayed , Robert Sabourin, and Eric Granger. 2019 . Decoupling direction and norm for efficient gradient-based l2 adversarial attacks and defenses. In CVPR. 4322--4330. J\u00e9r\u00f4me Rony, Luiz G Hafemann, Luiz S Oliveira, Ismail Ben Ayed, Robert Sabourin, and Eric Granger. 2019. Decoupling direction and norm for efficient gradient-based l2 adversarial attacks and defenses. In CVPR. 4322--4330."},{"key":"e_1_3_2_2_23_1","volume-title":"Very Deep Convolutional Networks for Large-Scale Image Recognition. In ICLR'15","author":"Simonyan Karen","year":"2015","unstructured":"Karen Simonyan and Andrew Zisserman . 2015 . Very Deep Convolutional Networks for Large-Scale Image Recognition. In ICLR'15 . Karen Simonyan and Andrew Zisserman. 2015. Very Deep Convolutional Networks for Large-Scale Image Recognition. In ICLR'15."},{"key":"e_1_3_2_2_24_1","volume-title":"Pixeldefend: Leveraging generative models to understand and defend against adversarial examples. arXiv preprint arXiv:1710.10766.","author":"Song Yang","year":"2017","unstructured":"Yang Song , Taesup Kim , Sebastian Nowozin , Stefano Ermon , and Nate Kushman . 2017 . Pixeldefend: Leveraging generative models to understand and defend against adversarial examples. arXiv preprint arXiv:1710.10766. Yang Song, Taesup Kim, Sebastian Nowozin, Stefano Ermon, and Nate Kushman. 2017. Pixeldefend: Leveraging generative models to understand and defend against adversarial examples. arXiv preprint arXiv:1710.10766."},{"key":"e_1_3_2_2_25_1","volume-title":"Striving for simplicity: The all convolutional net. arXiv preprint arXiv:1412.6806","author":"Springenberg Jost Tobias","year":"2014","unstructured":"Jost Tobias Springenberg , Alexey Dosovitskiy , Thomas Brox , and Martin Riedmiller . 2014. Striving for simplicity: The all convolutional net. arXiv preprint arXiv:1412.6806 ( 2014 ). Jost Tobias Springenberg, Alexey Dosovitskiy, Thomas Brox, and Martin Riedmiller. 2014. Striving for simplicity: The all convolutional net. arXiv preprint arXiv:1412.6806 (2014)."},{"key":"e_1_3_2_2_26_1","first-page":"828","article-title":"One pixel attack for fooling deep neural networks","volume":"23","author":"Su Jiawei","year":"2019","unstructured":"Jiawei Su , Danilo Vasconcellos Vargas , and Kouichi Sakurai . 2019 . One pixel attack for fooling deep neural networks . IEEE T-EC , Vol. 23 , 5 (2019), 828 -- 841 . Jiawei Su, Danilo Vasconcellos Vargas, and Kouichi Sakurai. 2019. One pixel attack for fooling deep neural networks. IEEE T-EC, Vol. 23, 5 (2019), 828--841.","journal-title":"IEEE T-EC"},{"unstructured":"Mukund Sundararajan Ankur Taly and Qiqi Yan. 2017. Axiomatic attribution for deep networks. In ICML. JMLR. org 3319--3328.  Mukund Sundararajan Ankur Taly and Qiqi Yan. 2017. Axiomatic attribution for deep networks. In ICML. JMLR. org 3319--3328.","key":"e_1_3_2_2_27_1"},{"unstructured":"Christian Szegedy Wojciech Zaremba Ilya Sutskever Joan Bruna Dumitru Erhan Ian Goodfellow and Rob Fergus. 2013. Intriguing properties of neural networks. arxiv: 1312.6199 [cs.CV]  Christian Szegedy Wojciech Zaremba Ilya Sutskever Joan Bruna Dumitru Erhan Ian Goodfellow and Rob Fergus. 2013. Intriguing properties of neural networks. arxiv: 1312.6199 [cs.CV]","key":"e_1_3_2_2_28_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_2_29_1","DOI":"10.1145\/3097983.3097985"},{"volume-title":"Traffic speed prediction and congestion source exploration: A deep learning method. In 2016 IEEE 16th ICDM","author":"Wang Jingyuan","unstructured":"Jingyuan Wang , Qian Gu , Junjie Wu , Guannan Liu , and Zhang Xiong . 2016. Traffic speed prediction and congestion source exploration: A deep learning method. In 2016 IEEE 16th ICDM . IEEE , 499--508. Jingyuan Wang, Qian Gu, Junjie Wu, Guannan Liu, and Zhang Xiong. 2016. Traffic speed prediction and congestion source exploration: A deep learning method. In 2016 IEEE 16th ICDM. IEEE, 499--508.","key":"e_1_3_2_2_30_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_2_31_1","DOI":"10.1145\/3219819.3220060"},{"doi-asserted-by":"publisher","key":"e_1_3_2_2_32_1","DOI":"10.1145\/3292500.3330824"},{"doi-asserted-by":"crossref","unstructured":"Jingyuan Wang Yang Zhang Ke Tang Junjie Wu and Zhang Xiong. 2019 b. AlphaStock: A Buying-Winners-and-Selling-Losers Investment Strategy using Interpretable Deep Reinforcement Attention Networks. In SIGKDD. 1900--1908.  Jingyuan Wang Yang Zhang Ke Tang Junjie Wu and Zhang Xiong. 2019 b. AlphaStock: A Buying-Winners-and-Selling-Losers Investment Strategy using Interpretable Deep Reinforcement Attention Networks. In SIGKDD. 1900--1908.","key":"e_1_3_2_2_33_1","DOI":"10.1145\/3292500.3330647"},{"unstructured":"Han Xiao Kashif Rasul and Roland Vollgraf. 2018. Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. (2018).  Han Xiao Kashif Rasul and Roland Vollgraf. 2018. Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. (2018).","key":"e_1_3_2_2_34_1"},{"key":"e_1_3_2_2_35_1","volume-title":"Adversarial examples: Attacks and defenses for deep learning","author":"Yuan Xiaoyong","year":"2019","unstructured":"Xiaoyong Yuan , Pan He , Qile Zhu , and Xiaolin Li. 2019. Adversarial examples: Attacks and defenses for deep learning . IEEE T-NNLS ( 2019 ). Xiaoyong Yuan, Pan He, Qile Zhu, and Xiaolin Li. 2019. Adversarial examples: Attacks and defenses for deep learning. IEEE T-NNLS (2019)."},{"key":"e_1_3_2_2_36_1","volume-title":"Adversarial attacks on deep learning models in natural language processing: A survey. arXiv preprint arXiv:1901.06796","author":"Zhang Wei Emma","year":"2019","unstructured":"Wei Emma Zhang , Quan Z Sheng , AHOUD Alhazmi , and CHENLIANG LI. 2019. Adversarial attacks on deep learning models in natural language processing: A survey. arXiv preprint arXiv:1901.06796 ( 2019 ). Wei Emma Zhang, Quan Z Sheng, AHOUD Alhazmi, and CHENLIANG LI. 2019. Adversarial attacks on deep learning models in natural language processing: A survey. arXiv preprint arXiv:1901.06796 (2019)."}],"event":{"sponsor":["SIGMOD ACM Special Interest Group on Management of Data","SIGKDD ACM Special Interest Group on Knowledge Discovery in Data"],"acronym":"KDD '20","name":"KDD '20: The 26th ACM SIGKDD Conference on Knowledge Discovery and Data Mining","location":"Virtual Event CA USA"},"container-title":["Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery &amp; Data Mining"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3394486.3403044","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3394486.3403044","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:41:37Z","timestamp":1750200097000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3394486.3403044"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,8,20]]},"references-count":37,"alternative-id":["10.1145\/3394486.3403044","10.1145\/3394486"],"URL":"https:\/\/doi.org\/10.1145\/3394486.3403044","relation":{},"subject":[],"published":{"date-parts":[[2020,8,20]]},"assertion":[{"value":"2020-08-20","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}