{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T13:06:48Z","timestamp":1765544808038,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":7,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,8,14]],"date-time":"2021-08-14T00:00:00Z","timestamp":1628899200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Science Foundation (NSF)","award":["IIS1928278 IIS1955285 IOS2107215 IOS2035472","IIS1714741 CNS1815636 IIS1845081 IIS1907704 DRL2025244"],"award-info":[{"award-number":["IIS1928278 IIS1955285 IOS2107215 IOS2035472","IIS1714741 CNS1815636 IIS1845081 IIS1907704 DRL2025244"]}]},{"name":"Army Research Office (ARO)","award":["W911NF-21-1-0198"],"award-info":[{"award-number":["W911NF-21-1-0198"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,8,14]]},"DOI":"10.1145\/3447548.3470812","type":"proceedings-article","created":{"date-parts":[[2021,8,12]],"date-time":"2021-08-12T06:12:03Z","timestamp":1628748723000},"page":"4086-4087","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Adversarial Robustness in Deep Learning: From Practices to Theories"],"prefix":"10.1145","author":[{"given":"Han","family":"Xu","sequence":"first","affiliation":[{"name":"Michigan State University, East Lansing, MI, USA"}]},{"given":"Yaxin","family":"Li","sequence":"additional","affiliation":[{"name":"Michigan State University, East Lansing, MI, USA"}]},{"given":"Xiaorui","family":"Liu","sequence":"additional","affiliation":[{"name":"Michigan State University, East Lansing, MI, USA"}]},{"given":"Wentao","family":"Wang","sequence":"additional","affiliation":[{"name":"Michigan State University, East Lansing, MI, USA"}]},{"given":"Jiliang","family":"Tang","sequence":"additional","affiliation":[{"name":"Michigan State University, East Lansing, MI, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,8,14]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. arXiv preprint arXiv:1802.00420","author":"Athalye Anish","year":"2018","unstructured":"Anish Athalye , Nicholas Carlini , and David Wagner . 2018. Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. arXiv preprint arXiv:1802.00420 ( 2018 ). Anish Athalye, Nicholas Carlini, and David Wagner. 2018. Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. arXiv preprint arXiv:1802.00420 (2018)."},{"volume-title":"Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp)","author":"Carlini Nicholas","unstructured":"Nicholas Carlini and David Wagner . 2017. Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp) . IEEE , 39--57. Nicholas Carlini and David Wagner. 2017. Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp). IEEE, 39--57.","key":"e_1_3_2_1_2_1"},{"key":"e_1_3_2_1_3_1","volume-title":"Adversarial Attacks and Defenses on Graphs: A Review and Empirical Study. arXiv preprint arXiv:2003.00653","author":"Jin Wei","year":"2020","unstructured":"Wei Jin , Yaxin Li , Han Xu , Yiqi Wang , and Jiliang Tang . 2020. Adversarial Attacks and Defenses on Graphs: A Review and Empirical Study. arXiv preprint arXiv:2003.00653 ( 2020 ). Wei Jin, Yaxin Li, Han Xu, Yiqi Wang, and Jiliang Tang. 2020. Adversarial Attacks and Defenses on Graphs: A Review and Empirical Study. arXiv preprint arXiv:2003.00653 (2020)."},{"key":"e_1_3_2_1_4_1","volume-title":"DeepRobust: A PyTorch Library for Adversarial Attacks and Defenses. arXiv preprint arXiv:2005.06149","author":"Li Yaxin","year":"2020","unstructured":"Yaxin Li , Wei Jin , Han Xu , and Jiliang Tang . 2020. DeepRobust: A PyTorch Library for Adversarial Attacks and Defenses. arXiv preprint arXiv:2005.06149 ( 2020 ). Yaxin Li, Wei Jin, Han Xu, and Jiliang Tang. 2020. DeepRobust: A PyTorch Library for Adversarial Attacks and Defenses. arXiv preprint arXiv:2005.06149 (2020)."},{"key":"e_1_3_2_1_5_1","volume-title":"Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199","author":"Szegedy Christian","year":"2013","unstructured":"Christian Szegedy , Wojciech Zaremba , Ilya Sutskever , Joan Bruna , Dumitru Erhan , Ian Goodfellow , and Rob Fergus . 2013. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 ( 2013 ). Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2013. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)."},{"key":"e_1_3_2_1_6_1","volume-title":"To be Robust or to be Fair: Towards Fairness in Adversarial Training. arXiv preprint arXiv:2010.06121","author":"Xu Han","year":"2020","unstructured":"Han Xu , Xiaorui Liu , Yaxin Li , and Jiliang Tang . 2020. To be Robust or to be Fair: Towards Fairness in Adversarial Training. arXiv preprint arXiv:2010.06121 ( 2020 ). Han Xu, Xiaorui Liu, Yaxin Li, and Jiliang Tang. 2020. To be Robust or to be Fair: Towards Fairness in Adversarial Training. arXiv preprint arXiv:2010.06121 (2020)."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_7_1","DOI":"10.1007\/s11633-019-1211-x"}],"event":{"sponsor":["SIGMOD ACM Special Interest Group on Management of Data","SIGKDD ACM Special Interest Group on Knowledge Discovery in Data"],"acronym":"KDD '21","name":"KDD '21: The 27th ACM SIGKDD Conference on Knowledge Discovery and Data Mining","location":"Virtual Event Singapore"},"container-title":["Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery &amp; Data Mining"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3447548.3470812","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3447548.3470812","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:18:32Z","timestamp":1750191512000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3447548.3470812"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,14]]},"references-count":7,"alternative-id":["10.1145\/3447548.3470812","10.1145\/3447548"],"URL":"https:\/\/doi.org\/10.1145\/3447548.3470812","relation":{},"subject":[],"published":{"date-parts":[[2021,8,14]]},"assertion":[{"value":"2021-08-14","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}