{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T02:30:42Z","timestamp":1775788242971,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":61,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,5,24]],"date-time":"2021-05-24T00:00:00Z","timestamp":1621814400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Singapore Ministry of Education","award":["AcRF Tier 1 RS02\/19"],"award-info":[{"award-number":["AcRF Tier 1 RS02\/19"]}]},{"name":"National Key Research and Development Plan of China","award":["2018YFB1800301"],"award-info":[{"award-number":["2018YFB1800301"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61832013"],"award-info":[{"award-number":["61832013"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,5,24]]},"DOI":"10.1145\/3433210.3453108","type":"proceedings-article","created":{"date-parts":[[2021,6,4]],"date-time":"2021-06-04T15:26:39Z","timestamp":1622820399000},"page":"363-377","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":154,"title":["DeepSweep: An Evaluation Framework for Mitigating DNN Backdoor Attacks using Data Augmentation"],"prefix":"10.1145","author":[{"given":"Han","family":"Qiu","sequence":"first","affiliation":[{"name":"Tsinghua University, Beijing, China"}]},{"given":"Yi","family":"Zeng","sequence":"additional","affiliation":[{"name":"University of California, San Diego, La Jolla, CA, USA"}]},{"given":"Shangwei","family":"Guo","sequence":"additional","affiliation":[{"name":"Chongqing University, Chongqing, China"}]},{"given":"Tianwei","family":"Zhang","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}]},{"given":"Meikang","family":"Qiu","sequence":"additional","affiliation":[{"name":"Texas A&amp;M University, TX, TX, USA"}]},{"given":"Bhavani","family":"Thuraisingham","sequence":"additional","affiliation":[{"name":"The University of Texas at Dallas, Dallas, TX, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,6,4]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Blind Backdoors in Deep Learning Models. arxiv","author":"Bagdasaryan Eugene","year":"2005","unstructured":"Eugene Bagdasaryan and Vitaly Shmatikov . 2020. Blind Backdoors in Deep Learning Models. arxiv : 2005 .03823 [cs.CR] Eugene Bagdasaryan and Vitaly Shmatikov. 2020. Blind Backdoors in Deep Learning Models. arxiv: 2005.03823 [cs.CR]"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.3390\/info11020125"},{"key":"e_1_3_2_1_3_1","volume-title":"PCANet: A simple deep learning baseline for image classification? IEEE transactions on image processing","author":"Chan Tsung-Han","year":"2015","unstructured":"Tsung-Han Chan , Kui Jia , Shenghua Gao , Jiwen Lu , Zinan Zeng , and Yi Ma. 2015. PCANet: A simple deep learning baseline for image classification? IEEE transactions on image processing , Vol. 24 , 12 ( 2015 ), 5017--5032. Tsung-Han Chan, Kui Jia, Shenghua Gao, Jiwen Lu, Zinan Zeng, and Yi Ma. 2015. PCANet: A simple deep learning baseline for image classification? IEEE transactions on image processing, Vol. 24, 12 (2015), 5017--5032."},{"key":"e_1_3_2_1_4_1","volume-title":"Detecting backdoor attacks on deep neural networks by activation clustering. arXiv preprint arXiv:1811.03728","author":"Chen Bryant","year":"2018","unstructured":"Bryant Chen , Wilka Carvalho , Nathalie Baracaldo , Heiko Ludwig , Benjamin Edwards , Taesung Lee , Ian Molloy , and Biplav Srivastava . 2018. Detecting backdoor attacks on deep neural networks by activation clustering. arXiv preprint arXiv:1811.03728 ( 2018 ). Bryant Chen, Wilka Carvalho, Nathalie Baracaldo, Heiko Ludwig, Benjamin Edwards, Taesung Lee, Ian Molloy, and Biplav Srivastava. 2018. Detecting backdoor attacks on deep neural networks by activation clustering. arXiv preprint arXiv:1811.03728 (2018)."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"crossref","unstructured":"Huili Chen Cheng Fu Jishen Zhao and Farinaz Koushanfar. 2019. DeepInspect: A Black-box Trojan Detection and Mitigation Framework for Deep Neural Networks. In IJCAI. 4658--4664.  Huili Chen Cheng Fu Jishen Zhao and Farinaz Koushanfar. 2019. DeepInspect: A Black-box Trojan Detection and Mitigation Framework for Deep Neural Networks. In IJCAI. 4658--4664.","DOI":"10.24963\/ijcai.2019\/647"},{"key":"e_1_3_2_1_6_1","volume-title":"Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526","author":"Chen Xinyun","year":"2017","unstructured":"Xinyun Chen , Chang Liu , Bo Li , Kimberly Lu , and Dawn Song . 2017. Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526 ( 2017 ). Xinyun Chen, Chang Liu, Bo Li, Kimberly Lu, and Dawn Song. 2017. Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526 (2017)."},{"key":"e_1_3_2_1_7_1","volume-title":"Sentinet: Detecting physical attacks against deep learning systems. arXiv preprint arXiv:1812.00292","author":"Chou Edward","year":"2018","unstructured":"Edward Chou , Florian Tram\u00e8r , Giancarlo Pellegrino , and Dan Boneh . 2018 . Sentinet: Detecting physical attacks against deep learning systems. arXiv preprint arXiv:1812.00292 (2018). Edward Chou, Florian Tram\u00e8r, Giancarlo Pellegrino, and Dan Boneh. 2018. Sentinet: Detecting physical attacks against deep learning systems. arXiv preprint arXiv:1812.00292 (2018)."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1390156.1390177"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3219819.3219910"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.21437\/Interspeech.2014-433"},{"key":"e_1_3_2_1_11_1","volume-title":"Robust anomaly detection and backdoor attack detection via differential privacy. arXiv preprint arXiv:1911.07116","author":"Du Min","year":"2019","unstructured":"Min Du , Ruoxi Jia , and Dawn Song . 2019. Robust anomaly detection and backdoor attack detection via differential privacy. arXiv preprint arXiv:1911.07116 ( 2019 ). Min Du, Ruoxi Jia, and Dawn Song. 2019. Robust anomaly detection and backdoor attack detection via differential privacy. arXiv preprint arXiv:1911.07116 (2019)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359790"},{"key":"e_1_3_2_1_13_1","volume-title":"Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733","author":"Gu Tianyu","year":"2017","unstructured":"Tianyu Gu , Brendan Dolan-Gavitt , and Siddharth Garg . 2017 . Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017). Tianyu Gu, Brendan Dolan-Gavitt, and Siddharth Garg. 2017. Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017)."},{"key":"e_1_3_2_1_14_1","volume-title":"Tabor: A highly accurate approach to inspecting and restoring trojan backdoors in ai systems. arXiv preprint arXiv:1908.01763","author":"Guo Wenbo","year":"2019","unstructured":"Wenbo Guo , Lun Wang , Xinyu Xing , Min Du , and Dawn Song . 2019 . Tabor: A highly accurate approach to inspecting and restoring trojan backdoors in ai systems. arXiv preprint arXiv:1908.01763 (2019). Wenbo Guo, Lun Wang, Xinyu Xing, Min Du, and Dawn Song. 2019. Tabor: A highly accurate approach to inspecting and restoring trojan backdoors in ai systems. arXiv preprint arXiv:1908.01763 (2019)."},{"key":"e_1_3_2_1_15_1","volume-title":"Enhanced computer vision with microsoft kinect sensor: A review","author":"Han Jungong","year":"2013","unstructured":"Jungong Han , Ling Shao , Dong Xu , and Jamie Shotton . 2013. Enhanced computer vision with microsoft kinect sensor: A review . IEEE transactions on cybernetics, Vol. 43 , 5 ( 2013 ), 1318--1334. Jungong Han, Ling Shao, Dong Xu, and Jamie Shotton. 2013. Enhanced computer vision with microsoft kinect sensor: A review. IEEE transactions on cybernetics, Vol. 43, 5 (2013), 1318--1334."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2017.0-172"},{"key":"e_1_3_2_1_18_1","volume-title":"A unified framework for analyzing and detecting malicious examples of dnn models. arXiv preprint arXiv:2006.14871","author":"Jin Kaidi","year":"2020","unstructured":"Kaidi Jin , Tianwei Zhang , Chao Shen , Yufei Chen , Ming Fan , Chenhao Lin , and Ting Liu . 2020. A unified framework for analyzing and detecting malicious examples of dnn models. arXiv preprint arXiv:2006.14871 ( 2020 ). Kaidi Jin, Tianwei Zhang, Chao Shen, Yufei Chen, Ming Fan, Chenhao Lin, and Ting Liu. 2020. A unified framework for analyzing and detecting malicious examples of dnn models. arXiv preprint arXiv:2006.14871 (2020)."},{"key":"e_1_3_2_1_19_1","volume-title":"Contextual augmentation: Data augmentation by words with paradigmatic relations. arXiv preprint arXiv:1805.06201","author":"Kobayashi Sosuke","year":"2018","unstructured":"Sosuke Kobayashi . 2018. Contextual augmentation: Data augmentation by words with paradigmatic relations. arXiv preprint arXiv:1805.06201 ( 2018 ). Sosuke Kobayashi. 2018. Contextual augmentation: Data augmentation by words with paradigmatic relations. arXiv preprint arXiv:1805.06201 (2018)."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2009.5459250"},{"key":"e_1_3_2_1_21_1","volume-title":"Philip Joseph Thomas, and SK Sahoo","author":"Kumari Apurva","year":"2014","unstructured":"Apurva Kumari , Philip Joseph Thomas, and SK Sahoo . 2014 . Single image fog removal using gamma transformation and median filtering. In 2014 annual IEEE India conference (INDICON). IEEE , 1--5. Apurva Kumari, Philip Joseph Thomas, and SK Sahoo. 2014. Single image fog removal using gamma transformation and median filtering. In 2014 annual IEEE India conference (INDICON). IEEE, 1--5."},{"key":"e_1_3_2_1_22_1","volume-title":"Neural architectures for named entity recognition. arXiv preprint arXiv:1603.01360","author":"Lample Guillaume","year":"2016","unstructured":"Guillaume Lample , Miguel Ballesteros , Sandeep Subramanian , Kazuya Kawakami , and Chris Dyer . 2016. Neural architectures for named entity recognition. arXiv preprint arXiv:1603.01360 ( 2016 ). Guillaume Lample, Miguel Ballesteros, Sandeep Subramanian, Kazuya Kawakami, and Chris Dyer. 2016. Neural architectures for named entity recognition. arXiv preprint arXiv:1603.01360 (2016)."},{"key":"e_1_3_2_1_23_1","volume-title":"Jiahao Yu, Minhui Xue, Dali Kaafar, and Haojin Zhu.","author":"Li Shaofeng","year":"2019","unstructured":"Shaofeng Li , Benjamin Zi Hao Zhao , Jiahao Yu, Minhui Xue, Dali Kaafar, and Haojin Zhu. 2019 . Invisible backdoor attacks against deep neural networks. arXiv preprint arXiv:1909.02742 (2019). Shaofeng Li, Benjamin Zi Hao Zhao, Jiahao Yu, Minhui Xue, Dali Kaafar, and Haojin Zhu. 2019. Invisible backdoor attacks against deep neural networks. arXiv preprint arXiv:1909.02742 (2019)."},{"key":"e_1_3_2_1_24_1","volume-title":"2020 a. Backdoor Learning: A Survey. arXiv preprint arXiv:2007.08745","author":"Li Yiming","year":"2020","unstructured":"Yiming Li , Baoyuan Wu , Yong Jiang , Zhifeng Li , and Shu-Tao Xia . 2020 a. Backdoor Learning: A Survey. arXiv preprint arXiv:2007.08745 ( 2020 ). Yiming Li, Baoyuan Wu, Yong Jiang, Zhifeng Li, and Shu-Tao Xia. 2020 a. Backdoor Learning: A Survey. arXiv preprint arXiv:2007.08745 (2020)."},{"key":"e_1_3_2_1_25_1","volume-title":"2020 b. Rethinking the Trigger of Backdoor Attack. arXiv preprint arXiv:2004.04692","author":"Li Yiming","year":"2020","unstructured":"Yiming Li , Tongqing Zhai , Baoyuan Wu , Yong Jiang , Zhifeng Li , and Shutao Xia . 2020 b. Rethinking the Trigger of Backdoor Attack. arXiv preprint arXiv:2004.04692 ( 2020 ). Yiming Li, Tongqing Zhai, Baoyuan Wu, Yong Jiang, Zhifeng Li, and Shutao Xia. 2020 b. Rethinking the Trigger of Backdoor Attack. arXiv preprint arXiv:2004.04692 (2020)."},{"key":"e_1_3_2_1_26_1","volume-title":"Backdoor embedding in convolutional neural network models via invisible perturbation. arXiv preprint arXiv:1808.10307","author":"Liao Cong","year":"2018","unstructured":"Cong Liao , Haoti Zhong , Anna Squicciarini , Sencun Zhu , and David Miller . 2018. Backdoor embedding in convolutional neural network models via invisible perturbation. arXiv preprint arXiv:1808.10307 ( 2018 ). Cong Liao, Haoti Zhong, Anna Squicciarini, Sencun Zhu, and David Miller. 2018. Backdoor embedding in convolutional neural network models via invisible perturbation. arXiv preprint arXiv:1808.10307 (2018)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3318464.3386126"},{"key":"e_1_3_2_1_28_1","volume-title":"Continuous control with deep reinforcement learning. arXiv preprint arXiv:1509.02971","author":"Lillicrap Timothy P","year":"2015","unstructured":"Timothy P Lillicrap , Jonathan J Hunt , Alexander Pritzel , Nicolas Heess , Tom Erez , Yuval Tassa , David Silver , and Daan Wierstra . 2015. Continuous control with deep reinforcement learning. arXiv preprint arXiv:1509.02971 ( 2015 ). Timothy P Lillicrap, Jonathan J Hunt, Alexander Pritzel, Nicolas Heess, Tom Erez, Yuval Tassa, David Silver, and Daan Wierstra. 2015. Continuous control with deep reinforcement learning. arXiv preprint arXiv:1509.02971 (2015)."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00023"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_13"},{"key":"e_1_3_2_1_31_1","volume-title":"Fourth International Conference on Experimental Mechanics","volume":"7522","author":"Liu Tong","year":"2010","unstructured":"Tong Liu , AA Malcolm , and Jian Xu . 2010 . Pincushion distortion correction in x-ray imaging with an image intensifier . In Fourth International Conference on Experimental Mechanics , Vol. 7522 . 75223T. Tong Liu, AA Malcolm, and Jian Xu. 2010. Pincushion distortion correction in x-ray imaging with an image intensifier. In Fourth International Conference on Experimental Mechanics, Vol. 7522. 75223T."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363216"},{"key":"e_1_3_2_1_33_1","unstructured":"Yingqi Liu Shiqing Ma Yousra Aafer Wen-Chuan Lee Juan Zhai Weihang Wang and Xiangyu Zhang. 2017a. Trojaning attack on neural networks. (2017).  Yingqi Liu Shiqing Ma Yousra Aafer Wen-Chuan Lee Juan Zhai Weihang Wang and Xiangyu Zhang. 2017a. Trojaning attack on neural networks. (2017)."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD.2017.16"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00095"},{"key":"e_1_3_2_1_36_1","volume-title":"Beat Buesser, Ambrish Rawat, Martin Wistuba, Valentina Zantedeschi, Nathalie Baracaldo, Bryant Chen, Heiko Ludwig, et al.","author":"Nicolae Maria-Irina","year":"2018","unstructured":"Maria-Irina Nicolae , Mathieu Sinn , Minh Ngoc Tran , Beat Buesser, Ambrish Rawat, Martin Wistuba, Valentina Zantedeschi, Nathalie Baracaldo, Bryant Chen, Heiko Ludwig, et al. 2018 . Adversarial Robustness Toolbox v1. 0.0. arXiv preprint arXiv:1807.01069 (2018). Maria-Irina Nicolae, Mathieu Sinn, Minh Ngoc Tran, Beat Buesser, Ambrish Rawat, Martin Wistuba, Valentina Zantedeschi, Nathalie Baracaldo, Bryant Chen, Heiko Ludwig, et al. 2018. Adversarial Robustness Toolbox v1. 0.0. arXiv preprint arXiv:1807.01069 (2018)."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417253"},{"key":"e_1_3_2_1_38_1","volume-title":"cleverhans v2. 0.0: an adversarial machine learning library. arXiv preprint arXiv:1610.00768","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot , Ian Goodfellow , Ryan Sheatsley , Reuben Feinman , and Patrick McDaniel . 2016. cleverhans v2. 0.0: an adversarial machine learning library. arXiv preprint arXiv:1610.00768 , Vol. 10 ( 2016 ). Nicolas Papernot, Ian Goodfellow, Ryan Sheatsley, Reuben Feinman, and Patrick McDaniel. 2016. cleverhans v2. 0.0: an adversarial machine learning library. arXiv preprint arXiv:1610.00768, Vol. 10 (2016)."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00894"},{"key":"e_1_3_2_1_40_1","unstructured":"Ximing Qiao Yukun Yang and Hai Li. 2019. Defending neural backdoors via generative distribution modeling. In Advances in Neural Information Processing Systems. 14004--14013.  Ximing Qiao Yukun Yang and Hai Li. 2019. Defending neural backdoors via generative distribution modeling. In Advances in Neural Information Processing Systems. 14004--14013."},{"key":"e_1_3_2_1_41_1","volume-title":"2020 a. FenceBox: A Platform for Defeating Adversarial Examples with Data Augmentation Techniques. arXiv preprint arXiv:2012.01701","author":"Qiu Han","year":"2020","unstructured":"Han Qiu , Yi Zeng , Tianwei Zhang , Yong Jiang , and Meikang Qiu . 2020 a. FenceBox: A Platform for Defeating Adversarial Examples with Data Augmentation Techniques. arXiv preprint arXiv:2012.01701 ( 2020 ). Han Qiu, Yi Zeng, Tianwei Zhang, Yong Jiang, and Meikang Qiu. 2020 a. FenceBox: A Platform for Defeating Adversarial Examples with Data Augmentation Techniques. arXiv preprint arXiv:2012.01701 (2020)."},{"key":"e_1_3_2_1_42_1","volume-title":"2020 b. Mitigating Advanced Adversarial Attacks with More Advanced Gradient Obfuscation Techniques. arXiv preprint arXiv:2005.13712","author":"Qiu Han","year":"2020","unstructured":"Han Qiu , Yi Zeng , Qinkai Zheng , Tianwei Zhang , Meikang Qiu , and Gerard Memmi . 2020 b. Mitigating Advanced Adversarial Attacks with More Advanced Gradient Obfuscation Techniques. arXiv preprint arXiv:2005.13712 ( 2020 ). Han Qiu, Yi Zeng, Qinkai Zheng, Tianwei Zhang, Meikang Qiu, and Gerard Memmi. 2020 b. Mitigating Advanced Adversarial Attacks with More Advanced Gradient Obfuscation Techniques. arXiv preprint arXiv:2005.13712 (2020)."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00669"},{"key":"e_1_3_2_1_44_1","volume-title":"Foolbox v0. 8.0: A Python toolbox to benchmark the robustness of machine learning models. CoRR abs\/1707.04131","author":"Rauber Jonas","year":"2017","unstructured":"Jonas Rauber , Wieland Brendel , and Matthias Bethge . 2017. Foolbox v0. 8.0: A Python toolbox to benchmark the robustness of machine learning models. CoRR abs\/1707.04131 ( 2017 ). arXiv preprint arXiv:1707.04131 (2017). Jonas Rauber, Wieland Brendel, and Matthias Bethge. 2017. Foolbox v0. 8.0: A Python toolbox to benchmark the robustness of machine learning models. CoRR abs\/1707.04131 (2017). arXiv preprint arXiv:1707.04131 (2017)."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939778"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1186\/s40537-019-0197-0"},{"key":"e_1_3_2_1_47_1","volume-title":"Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition. Neural networks","author":"Stallkamp Johannes","year":"2012","unstructured":"Johannes Stallkamp , Marc Schlipsing , Jan Salmen , and Christian Igel . 2012. Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition. Neural networks , Vol. 32 ( 2012 ), 323--332. Johannes Stallkamp, Marc Schlipsing, Jan Salmen, and Christian Igel. 2012. Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition. Neural networks, Vol. 32 (2012), 323--332."},{"key":"e_1_3_2_1_48_1","volume-title":"Resnet in resnet: Generalizing residual architectures. arXiv preprint arXiv:1603.08029","author":"Targ Sasha","year":"2016","unstructured":"Sasha Targ , Diogo Almeida , and Kevin Lyman . 2016. Resnet in resnet: Generalizing residual architectures. arXiv preprint arXiv:1603.08029 ( 2016 ). Sasha Targ, Diogo Almeida, and Kevin Lyman. 2016. Resnet in resnet: Generalizing residual architectures. arXiv preprint arXiv:1603.08029 (2016)."},{"key":"e_1_3_2_1_49_1","unstructured":"Brandon Tran Jerry Li and Aleksander Madry. 2018. Spectral signatures in backdoor attacks. In Advances in Neural Information Processing Systems. 8000--8010.  Brandon Tran Jerry Li and Aleksander Madry. 2018. Spectral signatures in backdoor attacks. In Advances in Neural Information Processing Systems. 8000--8010."},{"key":"e_1_3_2_1_50_1","volume-title":"CVPR 2020 Workshop on Adversarial Machine Learning in Computer Vision","author":"Wang Binghui","year":"2020","unstructured":"Binghui Wang , Xiaoyu Cao , Neil Zhenqiang Gong , 2020 . On certifying robustness against backdoor attacks via randomized smoothing . CVPR 2020 Workshop on Adversarial Machine Learning in Computer Vision (2020). Binghui Wang, Xiaoyu Cao, Neil Zhenqiang Gong, et al. 2020. On certifying robustness against backdoor attacks via randomized smoothing. CVPR 2020 Workshop on Adversarial Machine Learning in Computer Vision (2020)."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00031"},{"key":"e_1_3_2_1_52_1","unstructured":"S. Wang S. Nepal C. Rudolph M. Grobler S. Chen and T. Chen. 2020. Backdoor Attacks against Transfer Learning with Pre-trained Deep Learning Models. IEEE Transactions on Services Computing (2020) 1--1.  S. Wang S. Nepal C. Rudolph M. Grobler S. Chen and T. Chen. 2020. Backdoor Attacks against Transfer Learning with Pre-trained Deep Learning Models. IEEE Transactions on Services Computing (2020) 1--1."},{"key":"e_1_3_2_1_53_1","volume-title":"Eda: Easy data augmentation techniques for boosting performance on text classification tasks. arXiv preprint arXiv:1901.11196","author":"Wei Jason","year":"2019","unstructured":"Jason Wei and Kai Zou . 2019 . Eda: Easy data augmentation techniques for boosting performance on text classification tasks. arXiv preprint arXiv:1901.11196 (2019). Jason Wei and Kai Zou. 2019. Eda: Easy data augmentation techniques for boosting performance on text classification tasks. arXiv preprint arXiv:1901.11196 (2019)."},{"key":"e_1_3_2_1_54_1","volume-title":"Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018","author":"Xu Weilin","year":"2018","unstructured":"Weilin Xu , David Evans , and Yanjun Qi . 2018 . Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018 , San Diego, California, USA, February 18--21 , 2018. The Internet Society. Weilin Xu, David Evans, and Yanjun Qi. 2018. Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18--21, 2018. The Internet Society."},{"key":"e_1_3_2_1_55_1","volume-title":"Detecting AI Trojans Using Meta Neural Analysis. arXiv preprint arXiv:1910.03137","author":"Xu Xiaojun","year":"2019","unstructured":"Xiaojun Xu , Qi Wang , Huichen Li , Nikita Borisov , Carl A Gunter , and Bo Li. 2019. Detecting AI Trojans Using Meta Neural Analysis. arXiv preprint arXiv:1910.03137 ( 2019 ). Xiaojun Xu, Qi Wang, Huichen Li, Nikita Borisov, Carl A Gunter, and Bo Li. 2019. Detecting AI Trojans Using Meta Neural Analysis. arXiv preprint arXiv:1910.03137 (2019)."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354209"},{"key":"e_1_3_2_1_57_1","volume-title":"Adadelta: an adaptive learning rate method. arXiv preprint arXiv:1212.5701","author":"Zeiler Matthew D","year":"2012","unstructured":"Matthew D Zeiler . 2012. Adadelta: an adaptive learning rate method. arXiv preprint arXiv:1212.5701 ( 2012 ). Matthew D Zeiler. 2012. Adadelta: an adaptive learning rate method. arXiv preprint arXiv:1212.5701 (2012)."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-60239-0_19"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"crossref","unstructured":"Tongqing Zhai Yiming Li Ziqi Zhang Baoyuan Wu Yong Jiang and Shu-Tao Xia. 2021. Backdoor Attack against Speaker Verification. In ICASSP.  Tongqing Zhai Yiming Li Ziqi Zhang Baoyuan Wu Yong Jiang and Shu-Tao Xia. 2021. Backdoor Attack against Speaker Verification. In ICASSP.","DOI":"10.1109\/ICASSP39728.2021.9413468"},{"key":"e_1_3_2_1_60_1","volume-title":"Backdoor attacks to graph neural networks. arXiv preprint arXiv:2006.11165","author":"Zhang Zaixi","year":"2020","unstructured":"Zaixi Zhang , Jinyuan Jia , Binghui Wang , and Neil Zhenqiang Gong . 2020. Backdoor attacks to graph neural networks. arXiv preprint arXiv:2006.11165 ( 2020 ). Zaixi Zhang, Jinyuan Jia, Binghui Wang, and Neil Zhenqiang Gong. 2020. Backdoor attacks to graph neural networks. arXiv preprint arXiv:2006.11165 (2020)."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICRA.2017.7989381"}],"event":{"name":"ASIA CCS '21: ACM Asia Conference on Computer and Communications Security","location":"Virtual Event Hong Kong","acronym":"ASIA CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3433210.3453108","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3433210.3453108","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:12Z","timestamp":1750193292000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3433210.3453108"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,24]]},"references-count":61,"alternative-id":["10.1145\/3433210.3453108","10.1145\/3433210"],"URL":"https:\/\/doi.org\/10.1145\/3433210.3453108","relation":{},"subject":[],"published":{"date-parts":[[2021,5,24]]},"assertion":[{"value":"2021-06-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}