{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T04:08:30Z","timestamp":1776398910615,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":76,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61972453?62132013"],"award-info":[{"award-number":["61972453?62132013"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000923","name":"Australian Research Council","doi-asserted-by":"publisher","award":["DP210102670"],"award-info":[{"award-number":["DP210102670"]}],"id":[{"id":"10.13039\/501100000923","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484576","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:27Z","timestamp":1636805127000},"page":"3123-3140","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":91,"title":["Hidden Backdoors in Human-Centric Language Models"],"prefix":"10.1145","author":[{"given":"Shaofeng","family":"Li","sequence":"first","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"given":"Hui","family":"Liu","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"given":"Tian","family":"Dong","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"given":"Benjamin Zi Hao","family":"Zhao","sequence":"additional","affiliation":[{"name":"The University of New South Wales & CSIRO-Data61, Sydney, NSW, Australia"}]},{"given":"Minhui","family":"Xue","sequence":"additional","affiliation":[{"name":"The University of Adelaide, Adelaide, SA, Australia"}]},{"given":"Haojin","family":"Zhu","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"given":"Jialiang","family":"Lu","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"Proc. of USENIX Security.","author":"Bagdasaryan Eugene","year":"2021","unstructured":"Eugene Bagdasaryan and Vitaly Shmatikov. 2021. Blind Backdoors in Deep Learning Models. In Proc. of USENIX Security."},{"key":"e_1_3_2_2_2_1","volume-title":"Proc. of CCS.","author":"B\u00e9guelin Santiago Zanella","unstructured":"Santiago Zanella B\u00e9guelin, Lukas Wutschitz, and Shruti Tople et al. 2020. Analyzing Information Leakage of Updates to Natural Language Models. In Proc. of CCS."},{"key":"e_1_3_2_2_3_1","first-page":"1137","article-title":"A neural probabilistic language model","author":"Bengio Yoshua","year":"2003","unstructured":"Yoshua Bengio, R\u00e9jean Ducharme, Pascal Vincent, and Christian Jauvin. 2003. A neural probabilistic language model. Journal of machine learning research 3, Feb (2003), 1137--1155.","journal-title":"Journal of machine learning research 3"},{"key":"e_1_3_2_2_4_1","volume-title":"Proc. of USENIX Security.","author":"Cao Xiaoyu","year":"2021","unstructured":"Xiaoyu Cao, Jinyuan Jia, and Neil Zhenqiang Gong. 2021. Data Poisoning Attacks to Local Differential Privacy Protocols. In Proc. of USENIX Security."},{"key":"e_1_3_2_2_5_1","unstructured":"Nicholas Carlini Florian Tramer and EricWallace et al. 2020. Extracting Training Data from Large Language Models. arXiv preprint: 2012.07805 (2020)."},{"key":"e_1_3_2_2_6_1","volume-title":"BadNL: Backdoor Attacks Against NLP Models. arXiv preprint","author":"Chen Xiaoyi","year":"2006","unstructured":"Xiaoyi Chen, Ahmed Salem, Michael Backes, Shiqing Ma, and Yang Zhang. 2020. BadNL: Backdoor Attacks Against NLP Models. arXiv preprint: 2006.01043 (2020)."},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v35i2.16201"},{"key":"e_1_3_2_2_8_1","volume-title":"https:\/\/www.unicode.org\/ Public\/security\/13.0.0\/ Accessed","author":"Unicode Consortium","year":"2021","unstructured":"Unicode Consortium. 2020. Confusables. [EB\/OL]. https:\/\/www.unicode.org\/ Public\/security\/13.0.0\/ Accessed April. 20, 2021."},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2941376"},{"key":"e_1_3_2_2_10_1","volume-title":"Proc. of ICLR.","author":"Dathathri Sumanth","year":"2020","unstructured":"Sumanth Dathathri, Andrea Madotto, Janice Lan, Jane Hung, Eric Frank, Piero Molino, Jason Yosinski, and Rosanne Liu. 2020. Plug and Play Language Models: A Simple Approach to Controlled Text Generation. In Proc. of ICLR."},{"key":"e_1_3_2_2_11_1","volume-title":"Proc. of USENIX Security.","author":"Demontis Ambra","year":"2019","unstructured":"Ambra Demontis, Marco Melis, Maura Pintor, Matthew Jagielski, Battista Biggio, Alina Oprea, Cristina Nita-Rotaru, and Fabio Roli. 2019. Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks. In Proc. of USENIX Security."},{"key":"e_1_3_2_2_12_1","volume-title":"Proc. of NAACL-HLT.","author":"Devlin Jacob","year":"2019","unstructured":"Jacob Devlin, Ming-Wei Chang, Kenton Lee, and Kristina Toutanova. 2019. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. In Proc. of NAACL-HLT."},{"key":"e_1_3_2_2_13_1","volume-title":"Community Standards Enforcement Report. https:\/\/transparency. facebook.com\/community-standards-enforcement Accessed","year":"2020","unstructured":"Facebook. 2020. Community Standards Enforcement Report. https:\/\/transparency. facebook.com\/community-standards-enforcement Accessed 2020."},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359790"},{"key":"e_1_3_2_2_15_1","volume-title":"Preparation of WMT 2014 English-to-French Translation Dataset. https:\/\/github.com\/pytorch\/fairseq\/blob\/master\/examples\/translation\/ prepare-wmt14en2fr.sh Accessed","author":"Github FairSeq","year":"2020","unstructured":"FairSeq Github. 2020. Preparation of WMT 2014 English-to-French Translation Dataset. https:\/\/github.com\/pytorch\/fairseq\/blob\/master\/examples\/translation\/ prepare-wmt14en2fr.sh Accessed June 24, 2020."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243792"},{"key":"e_1_3_2_2_17_1","volume-title":"Proc. of IEEE ICDM.","author":"Guo Wenbo","year":"2020","unstructured":"Wenbo Guo, Lun Wang, Xinyu Xing, Min Du, and Dawn Song. 2020. Tabor: A Highly Accurate Approach to Inspecting and Restoring Trojan Backdoors in AI Systems. In Proc. of IEEE ICDM."},{"key":"e_1_3_2_2_18_1","volume-title":"Twitter: Progress and more to do. https: \/\/blog.twitter.com\/enus\/topics\/company\/2019\/health-update.html Accessed","author":"Hicks D.","year":"2020","unstructured":"D. Hicks and D. Gasca. 2020. A healthier Twitter: Progress and more to do. https: \/\/blog.twitter.com\/enus\/topics\/company\/2019\/health-update.html Accessed 2019."},{"key":"e_1_3_2_2_19_1","volume-title":"Long Short-Term Memory. Neural computation 9, 8","author":"Hochreiter Sepp","year":"1997","unstructured":"Sepp Hochreiter and J\u00fcrgen Schmidhuber. 1997. Long Short-Term Memory. Neural computation 9, 8 (1997), 1735--1780."},{"key":"e_1_3_2_2_20_1","volume-title":"USENIX Annual Technical Conference, General Track. 261--266","author":"Holgers Tobias","year":"2006","unstructured":"Tobias Holgers, David E Watson, and Steven D Gribble. 2006. Cutting through the Confusion: A Measurement Study of Homograph Attacks.. In USENIX Annual Technical Conference, General Track. 261--266."},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24525"},{"key":"e_1_3_2_2_22_1","volume-title":"BERT Transformer Model Documentation. https: \/\/huggingface.co\/transformers\/model_doc\/bert.html Accessed","year":"2020","unstructured":"HuggingFace. 2020. BERT Transformer Model Documentation. https: \/\/huggingface.co\/transformers\/model_doc\/bert.html Accessed June 24, 2020."},{"key":"e_1_3_2_2_23_1","volume-title":"HuggingFace Tokenizer Documentation. https:\/\/huggingface. co\/transformers\/main_classes\/tokenizer.html Accessed","year":"2020","unstructured":"HuggingFace. 2020. HuggingFace Tokenizer Documentation. https:\/\/huggingface. co\/transformers\/main_classes\/tokenizer.html Accessed June 24, 2020."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00057"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v35i9.16971"},{"key":"e_1_3_2_2_26_1","unstructured":"Dan Jurafsky. 2000. Speech & language processing. Pearson Education India."},{"key":"e_1_3_2_2_27_1","volume-title":"Toxic Comment Classification Challenge. https:\/\/www.kaggle. com\/c\/jigsaw-toxic-comment-classification-challenge\/ Accessed","year":"2020","unstructured":"Kaggle. 2020. Toxic Comment Classification Challenge. https:\/\/www.kaggle. com\/c\/jigsaw-toxic-comment-classification-challenge\/ Accessed June 24, 2020."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2872427.2883085"},{"key":"e_1_3_2_2_29_1","volume-title":"Proc. of CIKM.","author":"Kuo Yu-Hsuan","unstructured":"Yu-Hsuan Kuo, Zhenhui Li, and Daniel Kifer. [n.d.]. Detecting Outliers in Data with Correlated Measures. In Proc. of CIKM."},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2020.acl-main.249"},{"key":"e_1_3_2_2_31_1","volume-title":"Detecting Universal Trigger's Adversarial Attack with Honeypot. arXiv preprint","author":"Le Thai","year":"2011","unstructured":"Thai Le, Noseong Park, and Dongwon Lee. 2020. Detecting Universal Trigger's Adversarial Attack with Honeypot. arXiv preprint: 2011.10492 (2020)."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23138"},{"key":"e_1_3_2_2_33_1","volume-title":"Deep Learning Backdoors. arXiv preprint","author":"Li Shaofeng","year":"2007","unstructured":"Shaofeng Li, Shiqing Ma, Minhui Xue, and Benjamin Zi Hao Zhao. 2020. Deep Learning Backdoors. arXiv preprint: 2007.08273 (2020)."},{"key":"e_1_3_2_2_34_1","volume-title":"Haojin Zhu, and Xinpeng Zhang.","author":"Li Shaofeng","year":"2020","unstructured":"Shaofeng Li, Minhui Xue, Benjamin Zi Hao Zhao, Haojin Zhu, and Xinpeng Zhang. 2020. Invisible Backdoor Attacks on Deep Neural Networks via Steganography and Regularization. IEEE Transactions on Dependable and Secure Computing (2020), 1--1."},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423362"},{"key":"e_1_3_2_2_36_1","volume-title":"Proc. of NDSS.","author":"Liu Yingqi","year":"2017","unstructured":"Yingqi Liu, Shiqing Ma, Yousra Aafer,Wen-Chuan Lee, Juan Zhai,WeihangWang, and Xiangyu Zhang. 2017. Trojaning Attack on Neural Networks. In Proc. of NDSS."},{"key":"e_1_3_2_2_37_1","volume-title":"Manning and Hinrich Sch\u00fctze","author":"Christopher","year":"2001","unstructured":"Christopher D. Manning and Hinrich Sch\u00fctze. 2001. Foundations of Statistical Natural Language Processing. MIT Press."},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2021-0012"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.17"},{"key":"e_1_3_2_2_40_1","volume-title":"WaNet - Imperceptible Warping-based Backdoor Attack. arXiv preprint: 2102.10369","author":"Nguyen Anh","year":"2021","unstructured":"Anh Nguyen and Anh Tran. 2021. WaNet - Imperceptible Warping-based Backdoor Attack. arXiv preprint: 2102.10369 (2021)."},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363271"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/N19-4009"},{"key":"e_1_3_2_2_43_1","volume-title":"TROJANZOO: Everything you ever wanted to know about neural backdoors (but were afraid to ask). arXiv preprint","author":"Pang Ren","year":"2020","unstructured":"Ren Pang, Zheng Zhang, Xiangshan Gao, Zhaohan Xi, Shouling Ji, Peng Cheng, and TingWang. 2020. TROJANZOO: Everything you ever wanted to know about neural backdoors (but were afraid to ask). arXiv preprint: 2012.09302 (2020)."},{"key":"e_1_3_2_2_44_1","volume-title":"Wellman","author":"Papernot Nicolas","year":"2018","unstructured":"Nicolas Papernot, Patrick D. McDaniel, Arunesh Sinha, and Michael P. Wellman. 2018. SoK: Security and Privacy in Machine Learning. In Proc. of IEEE EuroS&P."},{"key":"e_1_3_2_2_45_1","volume-title":"Proc. of ACL.","author":"Papineni Kishore","year":"2002","unstructured":"Kishore Papineni, Salim Roukos, Todd Ward, and Wei-Jing Zhu. 2002. BLEU: a Method for Automatic Evaluation of Machine Translation. In Proc. of ACL."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/W18-6319"},{"key":"e_1_3_2_2_47_1","volume-title":"Proc. of NeurIPS.","author":"Qiao Ximing","year":"2019","unstructured":"Ximing Qiao, Yukun Yang, and Hai Li. 2019. Defending Neural Backdoors via Generative Distribution Modeling. In Proc. of NeurIPS."},{"key":"e_1_3_2_2_48_1","volume-title":"Proc. of USENIX Security.","author":"Quiring Erwin","year":"2020","unstructured":"Erwin Quiring, David Klein, Daniel Arp, Martin Johns, and Konrad Rieck. 2020. Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning. In Proc. of USENIX Security."},{"key":"e_1_3_2_2_49_1","volume-title":"Language Models are Unsupervised Multitask Learners. OpenAI blog 1, 8","author":"Radford Alec","year":"2019","unstructured":"Alec Radford, Jeffrey Wu, Rewon Child, David Luan, Dario Amodei, and Ilya Sutskever. 2019. Language Models are Unsupervised Multitask Learners. OpenAI blog 1, 8 (2019), 9."},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/P18-2124"},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D16-1264"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.01321"},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243740"},{"key":"e_1_3_2_2_54_1","volume-title":"Don't Trigger Me! A Triggerless Backdoor Attack Against Deep Neural Networks. arXiv preprint","author":"Salem Ahmed","year":"2010","unstructured":"Ahmed Salem, Michael Backes, and Yang Zhang. 2020. Don't Trigger Me! A Triggerless Backdoor Attack Against Deep Neural Networks. arXiv preprint: 2010.03282 (2020)."},{"key":"e_1_3_2_2_55_1","volume-title":"Dynamic Backdoor Attacks Against Machine Learning Models. arXiv preprint","author":"Salem Ahmed","year":"2003","unstructured":"Ahmed Salem, Rui Wen, Michael Backes, Shiqing Ma, and Yang Zhang. 2020. Dynamic Backdoor Attacks Against Machine Learning Models. arXiv preprint: 2003.03675 (2020)."},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/P16-1162"},{"key":"e_1_3_2_2_57_1","volume-title":"Zhao","author":"Shan Shawn","year":"2020","unstructured":"Shawn Shan, Emily Wenger, Bolun Wang, Bo Li, Haitao Zheng, and Ben Y. Zhao. 2020. Gotta Catch'Em All: Using Honeypots to Catch Adversarial Attacks on Neural Networks. In Proc. of CCS."},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3317611"},{"key":"e_1_3_2_2_59_1","volume-title":"Vechev","author":"Singh Gagandeep","year":"2018","unstructured":"Gagandeep Singh, Timon Gehr, Matthew Mirman, Markus P\u00fcschel, and Martin T. Vechev. 2018. Fast and Effective Robustness Certification. In Proc. of NeurIPS."},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2020.emnlp-main.344"},{"key":"e_1_3_2_2_61_1","volume-title":"Proc. of IEEE EuroS&P.","author":"Lester Tan Te Juin","year":"2020","unstructured":"Te Juin Lester Tan and Reza Shokri. 2020. Bypassing Backdoor Detection Algorithms in Deep Learning. In Proc. of IEEE EuroS&P."},{"key":"e_1_3_2_2_62_1","volume-title":"Proc. of USENIX Security.","author":"Tang Di","unstructured":"Di Tang, XiaoFeng Wang, Haixu Tang, and Kehuan Zhang. [n.d.]. Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination Detection. In Proc. of USENIX Security."},{"key":"e_1_3_2_2_63_1","volume-title":"Rapidly Bootstrapping a Question Answering Dataset for COVID-19. arXiv preprint","author":"Tang Raphael","year":"2004","unstructured":"Raphael Tang, Rodrigo Nogueira, Edwin Zhang, Nikhil Gupta, Phuong Cam, Kyunghyun Cho, and Jimmy Lin. 2020. Rapidly Bootstrapping a Question Answering Dataset for COVID-19. arXiv preprint: 2004.11339 (2020)."},{"key":"e_1_3_2_2_64_1","volume-title":"Proc. of NeurIPS.","author":"Vaswani Ashish","year":"2017","unstructured":"Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, Lukasz Kaiser, and Illia Polosukhin. 2017. Attention is All you Need. In Proc. of NeurIPS."},{"key":"e_1_3_2_2_65_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D19-1221"},{"key":"e_1_3_2_2_66_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2020.emnlp-main.446"},{"key":"e_1_3_2_2_67_1","volume-title":"Proc. of ICLR.","author":"Wang Boxin","year":"2021","unstructured":"Boxin Wang, Shuohang Wang, Yu Cheng, Zhe Gan, Ruoxi Jia, Bo Li, and Jingjing Liu. 2021. Infobert: Improving robustness of language models from an information theoretic perspective. In Proc. of ICLR."},{"key":"e_1_3_2_2_68_1","volume-title":"Zhao","author":"Wang Bolun","year":"2019","unstructured":"Bolun Wang, Yuanshun Yao, Shawn Shan, Huiying Li, Bimal Viswanath, Haitao Zheng, and Ben Y. Zhao. 2019. Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks. In Proc. IEEE S&P."},{"key":"e_1_3_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3087332"},{"key":"e_1_3_2_2_70_1","volume-title":"Proc. of IEEE Security and Privacy Workshops (SPW).","author":"Woodbridge J.","unstructured":"J. Woodbridge, H. S. Anderson, A. Ahuja, and D. Grant. 2018. Detecting Homoglyph Attacks with a Siamese Neural Network. In Proc. of IEEE Security and Privacy Workshops (SPW)."},{"key":"e_1_3_2_2_71_1","volume-title":"Proc. of USENIX Security.","author":"Wu Shujiang","year":"2019","unstructured":"Shujiang Wu, Song Li, Yinzhi Cao, and Ningfei Wang. 2019. Rendered Private: Making GLSL Execution Uniform to Prevent WebGL-based Browser Fingerprinting. In Proc. of USENIX Security."},{"key":"e_1_3_2_2_72_1","volume-title":"Graph Backdoor. In Proc. of USENIX Security.","author":"Xi Zhaohan","year":"2021","unstructured":"Zhaohan Xi, Ren Pang, Shouling Ji, and Ting Wang. 2021. Graph Backdoor. In Proc. of USENIX Security."},{"key":"e_1_3_2_2_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3450034"},{"key":"e_1_3_2_2_74_1","volume-title":"Proc. of IEEE S&P.","author":"Xu Xiaojun","year":"2020","unstructured":"Xiaojun Xu, QiWang, Huichen Li, Nikita Borisov, Carl A. Gunter, and Bo Li. 2020. Detecting AI Trojans Using Meta Neural Analysis. In Proc. of IEEE S&P."},{"key":"e_1_3_2_2_75_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00022"},{"key":"e_1_3_2_2_76_1","volume-title":"Backdoor Attacks to Graph Neural Networks. arXiv preprint","author":"Zhang Zaixi","year":"2006","unstructured":"Zaixi Zhang, Jinyuan Jia, Binghui Wang, and Neil Zhenqiang Gong. 2020. Backdoor Attacks to Graph Neural Networks. arXiv preprint: 2006.11165 (2020)."}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484576","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484576","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:43:28Z","timestamp":1763498608000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484576"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":76,"alternative-id":["10.1145\/3460120.3484576","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484576","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}