{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T17:07:23Z","timestamp":1777568843186,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":66,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T00:00:00Z","timestamp":1636761600000},"content-version":"vor","delay-in-days":1,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1553437; CNS-1704105"],"award-info":[{"award-number":["CNS-1553437; CNS-1704105"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006754","name":"Army Research Laboratory","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100006754","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006734","name":"Princeton University","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100006734","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484757","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:34Z","timestamp":1636805134000},"page":"3177-3196","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":53,"title":["DetectorGuard: Provably Securing Object Detectors against Localized Patch Hiding Attacks"],"prefix":"10.1145","author":[{"given":"Chong","family":"Xiang","sequence":"first","affiliation":[{"name":"Princeton University, Princeton, NJ, USA"}]},{"given":"Prateek","family":"Mittal","sequence":"additional","affiliation":[{"name":"Princeton University, Princeton, NJ, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Proceedings of the 35th International Conference on Machine Learning (ICML). 274--283","author":"Athalye Anish","unstructured":"Anish Athalye, Nicholas Carlini, and David A. Wagner. 2018. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. In Proceedings of the 35th International Conference on Machine Learning (ICML). 274--283."},{"key":"e_1_3_2_1_2_1","volume-title":"YOLOv4: Optimal Speed and Accuracy of Object Detection. arXiv preprint arXiv:2004.10934","author":"Bochkovskiy Alexey","year":"2020","unstructured":"Alexey Bochkovskiy, Chien-Yao Wang, and Hong-Yuan Mark Liao. 2020. YOLOv4: Optimal Speed and Accuracy of Object Detection. arXiv preprint arXiv:2004.10934 (2020)."},{"key":"e_1_3_2_1_3_1","volume-title":"7th International Conference on Learning Representations (ICLR) .","author":"Brendel Wieland","year":"2019","unstructured":"Wieland Brendel and Matthias Bethge. 2019. Approximating CNNs with bag-of-local-features models works surprisingly well on ImageNet. In 7th International Conference on Learning Representations (ICLR) ."},{"key":"e_1_3_2_1_4_1","unstructured":"Tom B. Brown Dandelion Man\u00e9 Aurko Roy Martin Abadi and Justin Gilmer. 2017. Adversarial patch. In Advances in neural information processing systems workshops (NeurIPS Workshops) ."},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security (AISec@CCS). 3--14","author":"Carlini Nicholas","unstructured":"Nicholas Carlini and David A. Wagner. 2017a. Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods. In Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security (AISec@CCS). 3--14."},{"key":"e_1_3_2_1_6_1","volume-title":"Towards Evaluating the Robustness of Neural Networks. In 2017 IEEE Symposium on Security and Privacy (S&P). 39--57","author":"Carlini Nicholas","unstructured":"Nicholas Carlini and David A. Wagner. 2017b. Towards Evaluating the Robustness of Neural Networks. In 2017 IEEE Symposium on Security and Privacy (S&P). 39--57."},{"key":"e_1_3_2_1_7_1","volume-title":"Joint European Conference on Machine Learning and Knowledge Discovery in Databases. Springer, 52--68","author":"Chen Shang-Tse","year":"2018","unstructured":"Shang-Tse Chen, Cory Cornelius, Jason Martin, and Duen Horng Polo Chau. 2018. Shapeshifter: Robust physical adversarial attack on faster r-cnn object detector. In Joint European Conference on Machine Learning and Knowledge Discovery in Databases. Springer, 52--68."},{"key":"e_1_3_2_1_8_1","volume-title":"Advances in Neural Information Processing Systems (NeurIPS)","volume":"33","author":"Curry Michael","year":"2020","unstructured":"Ping-yeh Chiang, Michael Curry, Ahmed Abdelkader, Aounon Kumar, John Dickerson, and Tom Goldstein. 2020 a. Detection as Regression: Certified Object Detection with Median Smoothing. In Advances in Neural Information Processing Systems (NeurIPS) 2020, Vol. 33."},{"key":"e_1_3_2_1_9_1","volume-title":"8th International Conference on Learning Representations (ICLR) .","author":"Chiang Ping-Yeh","year":"2020","unstructured":"Ping-Yeh Chiang, Renkun Ni, Ahmed Abdelkader, Chen Zhu, Christoph Studor, and Tom Goldstein. 2020 b. Certified defenses for adversarial patches. In 8th International Conference on Learning Representations (ICLR) ."},{"key":"e_1_3_2_1_10_1","volume-title":"Proceedings of the 36th International Conference on Machine Learning (ICML). 1310--1320","author":"Cohen Jeremy M.","unstructured":"Jeremy M. Cohen, Elan Rosenfeld, and J. Zico Kolter. 2019. Certified Adversarial Robustness via Randomized Smoothing. In Proceedings of the 36th International Conference on Machine Learning (ICML). 1310--1320."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"e_1_3_2_1_12_1","first-page":"226","article-title":"A density-based algorithm for discovering clusters in large spatial databases with noise","volume":"96","author":"Ester Martin","year":"1996","unstructured":"Martin Ester, Hans-Peter Kriegel, J\u00f6rg Sander, Xiaowei Xu, et al. 1996. A density-based algorithm for discovering clusters in large spatial databases with noise.. In Kdd, Vol. 96. 226--231.","journal-title":"Kdd"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11263-009-0275-4"},{"key":"e_1_3_2_1_14_1","volume-title":"12th USENIX Workshop on Offensive Technologies (WOOT 18)","author":"Eykholt Kevin","year":"2018","unstructured":"Kevin Eykholt, Ivan Evtimov, Earlence Fernandes, Bo Li, Amir Rahmati, Florian Tramer, Atul Prakash, Tadayoshi Kohno, and Dawn Song. 2018. Physical adversarial examples for object detectors. In 12th USENIX Workshop on Offensive Technologies (WOOT 18) ."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1177\/0278364913491297"},{"key":"e_1_3_2_1_16_1","volume-title":"Explaining and Harnessing Adversarial Examples. In 3rd International Conference on Learning Representations (ICLR) .","author":"Goodfellow Ian J.","year":"2015","unstructured":"Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In 3rd International Conference on Learning Representations (ICLR) ."},{"key":"e_1_3_2_1_17_1","volume-title":"Scalable Verified Training for Provably Robust Image Classification. In 2019 IEEE\/CVF International Conference on Computer Vision (ICCV). 4841--4850","author":"Gowal Sven","year":"2019","unstructured":"Sven Gowal, Krishnamurthy Dvijotham, Robert Stanforth, Rudy Bunel, Chongli Qin, Jonathan Uesato, Relja Arandjelovic, Timothy Arthur Mann, and Pushmeet Kohli. 2019. Scalable Verified Training for Provably Robust Image Classification. In 2019 IEEE\/CVF International Conference on Computer Vision (ICCV). 4841--4850."},{"key":"e_1_3_2_1_18_1","volume-title":"On Visible Adversarial Perturbations & Digital Watermarking. In 2018 IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPR Workshops). 1597--1604","author":"Hayes Jamie","year":"2018","unstructured":"Jamie Hayes. 2018. On Visible Adversarial Perturbations & Digital Watermarking. In 2018 IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPR Workshops). 1597--1604."},{"key":"e_1_3_2_1_19_1","volume-title":"Mask R-CNN. In IEEE International Conference on Computer Vision, (ICCV","author":"He Kaiming","year":"2017","unstructured":"Kaiming He, Georgia Gkioxari, Piotr Doll\u00e1 r, and Ross B. Girshick. 2017. Mask R-CNN. In IEEE International Conference on Computer Vision, (ICCV 2017). IEEE Computer Society, 2980--2988."},{"key":"e_1_3_2_1_20_1","volume-title":"Deep Residual Learning for Image Recognition. In 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 770--778","author":"He Kaiming","year":"2016","unstructured":"Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep Residual Learning for Image Recognition. In 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 770--778."},{"key":"e_1_3_2_1_21_1","volume-title":"Proceedings of the 35th International Conference on Machine Learning (ICML). 2512--2520","author":"Karmon Danny","year":"2018","unstructured":"Danny Karmon, Daniel Zoran, and Yoav Goldberg. 2018. LaVAN: Localized and Visible Adversarial Noise. In Proceedings of the 35th International Conference on Machine Learning (ICML). 2512--2520."},{"key":"e_1_3_2_1_22_1","volume-title":"2019 IEEE Symposium on Security and Privacy (S&P). 656--672","author":"Mathias L\u00e9","year":"2019","unstructured":"Mathias L\u00e9 cuyer, Vaggelis Atlidakis, Roxana Geambasu, Daniel Hsu, and Suman Jana. 2019. Certified Robustness to Adversarial Examples with Differential Privacy. In 2019 IEEE Symposium on Security and Privacy (S&P). 656--672."},{"key":"e_1_3_2_1_23_1","volume-title":"On physical adversarial patches for object detection. arXiv preprint arXiv:1906.11897","author":"Lee Mark","year":"2019","unstructured":"Mark Lee and Zico Kolter. 2019. On physical adversarial patches for object detection. arXiv preprint arXiv:1906.11897 (2019)."},{"key":"e_1_3_2_1_24_1","volume-title":"arXiv preprint arXiv:2002.10733","author":"Levine Alexander","year":"2020","unstructured":"Alexander Levine and Soheil Feizi. 2020. (De)randomized Smoothing for Certifiable Defense against Patch Attacks. arXiv preprint arXiv:2002.10733 (2020)."},{"key":"e_1_3_2_1_25_1","volume-title":"Focal Loss for Dense Object Detection. In IEEE International Conference on Computer Vision, (ICCV)","author":"Lin Tsung-Yi","year":"2017","unstructured":"Tsung-Yi Lin, Priya Goyal, Ross B. Girshick, Kaiming He, and Piotr Doll\u00e1 r. 2017. Focal Loss for Dense Object Detection. In IEEE International Conference on Computer Vision, (ICCV) 2017. IEEE Computer Society, 2999--3007."},{"key":"e_1_3_2_1_26_1","volume-title":"Piotr Doll\u00e1 r, and C. Lawrence Zitnick","author":"Lin Tsung-Yi","year":"2014","unstructured":"Tsung-Yi Lin, Michael Maire, Serge J. Belongie, James Hays, Pietro Perona, Deva Ramanan, Piotr Doll\u00e1 r, and C. Lawrence Zitnick. 2014. Microsoft COCO: Common Objects in Context. In European Conference on Computer Vision (ECCV), Vol. 8693. Springer, 740--755."},{"key":"e_1_3_2_1_27_1","volume-title":"Perceptual-Sensitive GAN for Generating Adversarial Patches. In The 33rd AAAI Conference on Artificial Intelligence, (AAAI)","author":"Liu Aishan","year":"2019","unstructured":"Aishan Liu, Xianglong Liu, Jiaxin Fan, Yuqing Ma, Anlan Zhang, Huiyuan Xie, and Dacheng Tao. 2019 a. Perceptual-Sensitive GAN for Generating Adversarial Patches. In The 33rd AAAI Conference on Artificial Intelligence, (AAAI) 2019. AAAI Press, 1028--1035."},{"key":"e_1_3_2_1_28_1","volume-title":"Bias-Based Universal Adversarial Patch Attack for Automatic Check-Out. In European conference on computer vision (ECCV)","volume":"12358","author":"Liu Aishan","year":"2020","unstructured":"Aishan Liu, Jiakai Wang, Xianglong Liu, Bowen Cao, Chongzhi Zhang, and Hang Yu. 2020. Bias-Based Universal Adversarial Patch Attack for Automatic Check-Out. In European conference on computer vision (ECCV), Vol. 12358. Springer, 395--410."},{"key":"e_1_3_2_1_29_1","volume-title":"Berg","author":"Liu Wei","year":"2016","unstructured":"Wei Liu, Dragomir Anguelov, Dumitru Erhan, Christian Szegedy, Scott E. Reed, Cheng-Yang Fu, and Alexander C. Berg. 2016. SSD: Single Shot MultiBox Detector. In European conference on computer vision (ECCV), Vol. 9905. Springer, 21--37."},{"key":"e_1_3_2_1_30_1","volume-title":"DPATCH: An Adversarial Patch Attack on Object Detectors. In AAAI Conference on Artificial Intelligence Workshop (AAAI workshop)","volume":"2301","author":"Liu Xin","year":"2019","unstructured":"Xin Liu, Huanrui Yang, Ziwei Liu, Linghao Song, Yiran Chen, and Hai Li. 2019 b. DPATCH: An Adversarial Patch Attack on Object Detectors. In AAAI Conference on Artificial Intelligence Workshop (AAAI workshop) 2019, Vol. 2301."},{"key":"e_1_3_2_1_31_1","volume-title":"Adversarial examples that fool detectors. arXiv preprint arXiv:1712.02494","author":"Lu Jiajun","year":"2017","unstructured":"Jiajun Lu, Hussein Sibai, and Evan Fabry. 2017. Adversarial examples that fool detectors. arXiv preprint arXiv:1712.02494 (2017)."},{"key":"e_1_3_2_1_32_1","volume-title":"6th International Conference on Learning Representations (ICLR) .","author":"Madry Aleksander","year":"2018","unstructured":"Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2018. Towards Deep Learning Models Resistant to Adversarial Attacks. In 6th International Conference on Learning Representations (ICLR) ."},{"key":"e_1_3_2_1_33_1","volume-title":"Jason Xinyu Liu, and David Wagner","author":"McCoyd Michael","year":"2020","unstructured":"Michael McCoyd, Won Park, Steven Chen, Neil Shah, Ryan Roggenkemper, Minjune Hwang, Jason Xinyu Liu, and David Wagner. 2020. Minority Reports Defense: Defending Against Adversarial Patches. arXiv preprint arXiv:2004.13799 (2020)."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134057"},{"key":"e_1_3_2_1_35_1","volume-title":"On Detecting Adversarial Perturbations. In 5th International Conference on Learning Representations (ICLR) .","author":"Metzen Jan Hendrik","year":"2017","unstructured":"Jan Hendrik Metzen, Tim Genewein, Volker Fischer, and Bastian Bischoff. 2017. On Detecting Adversarial Perturbations. In 5th International Conference on Learning Representations (ICLR) ."},{"key":"e_1_3_2_1_36_1","volume-title":"Efficient Certified Defenses Against Patch Attacks on Image Classifiers. In 9th International Conference on Learning Representations (ICLR). https:\/\/openreview.net\/forum?id=hr-3PMvDpil","author":"Metzen Jan Hendrik","year":"2021","unstructured":"Jan Hendrik Metzen and Maksym Yatsura. 2021. Efficient Certified Defenses Against Patch Attacks on Image Classifiers. In 9th International Conference on Learning Representations (ICLR). https:\/\/openreview.net\/forum?id=hr-3PMvDpil"},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the 35th International Conference on Machine Learning (ICML). 3575--3583","author":"Mirman Matthew","unstructured":"Matthew Mirman, Timon Gehr, and Martin T. Vechev. 2018. Differentiable Abstract Interpretation for Provably Robust Neural Networks. In Proceedings of the 35th International Conference on Machine Learning (ICML). 3575--3583."},{"key":"e_1_3_2_1_38_1","volume-title":"Local Gradients Smoothing: Defense Against Localized Adversarial Attacks. In IEEE Winter Conference on Applications of Computer Vision (WACV). 1300--1307","author":"Naseer Muzammal","year":"2019","unstructured":"Muzammal Naseer, Salman Khan, and Fatih Porikli. 2019. Local Gradients Smoothing: Defense Against Localized Adversarial Attacks. In IEEE Winter Conference on Applications of Computer Vision (WACV). 1300--1307."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00035"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.41"},{"key":"e_1_3_2_1_41_1","volume-title":"6th International Conference on Learning Representations (ICLR) .","author":"Raghunathan Aditi","year":"2018","unstructured":"Aditi Raghunathan, Jacob Steinhardt, and Percy Liang. 2018. Certified Defenses against Adversarial Examples. In 6th International Conference on Learning Representations (ICLR) ."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.91"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.690"},{"key":"e_1_3_2_1_44_1","volume-title":"Yolov3: An incremental improvement. arXiv preprint arXiv:1804.02767","author":"Redmon Joseph","year":"2018","unstructured":"Joseph Redmon and Ali Farhadi. 2018. Yolov3: An incremental improvement. arXiv preprint arXiv:1804.02767 (2018)."},{"key":"e_1_3_2_1_45_1","unstructured":"Shaoqing Ren Kaiming He Ross Girshick and Jian Sun. 2015. Faster r-cnn: Towards real-time object detection with region proposal networks. In Advances in neural information processing systems. 91--99."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPRW50498.2020.00400"},{"key":"e_1_3_2_1_47_1","volume-title":"Annual Conference on Neural Information Processing Systems 2019 (NeurIPS). 11289--11300","author":"Salman Hadi","year":"2019","unstructured":"Hadi Salman, Jerry Li, Ilya P. Razenshteyn, Pengchuan Zhang, Huan Zhang, S\u00e9 bastien Bubeck, and Greg Yang. 2019. Provably Robust Deep Learning via Adversarially Trained Smoothed Classifiers. In Annual Conference on Neural Information Processing Systems 2019 (NeurIPS). 11289--11300."},{"key":"e_1_3_2_1_48_1","volume-title":"2nd International Conference on Learning Representations (ICLR) .","author":"Szegedy Christian","year":"2014","unstructured":"Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian J. Goodfellow, and Rob Fergus. 2014. Intriguing properties of neural networks. In 2nd International Conference on Learning Representations (ICLR) ."},{"key":"e_1_3_2_1_49_1","volume-title":"EfficientDet: Scalable and Efficient Object Detection. In 2020 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR","author":"Tan Mingxing","year":"2020","unstructured":"Mingxing Tan, Ruoming Pang, and Quoc V Le. 2020. EfficientDet: Scalable and Efficient Object Detection. In 2020 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2020). 10781--10790."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPRW.2019.00012"},{"key":"e_1_3_2_1_51_1","volume-title":"On adaptive attacks to adversarial example defenses. arXiv preprint arXiv:2002.08347","author":"Tramer Florian","year":"2020","unstructured":"Florian Tramer, Nicholas Carlini, Wieland Brendel, and Aleksander Madry. 2020. On adaptive attacks to adversarial example defenses. arXiv preprint arXiv:2002.08347 (2020)."},{"key":"e_1_3_2_1_52_1","first-page":"4186","article-title":"Applications of Object Detection System","volume":"6","author":"Vahab Abdul","year":"2019","unstructured":"Abdul Vahab, Maruti S Naik, Prasanna G Raikar, and Prasad SR. 2019. Applications of Object Detection System. International Research Journal of Engineering and Technology (IRJET), Vol. 6, 4 (2019), 4186--4192.","journal-title":"International Research Journal of Engineering and Technology (IRJET)"},{"key":"e_1_3_2_1_53_1","volume-title":"Scaled-YOLOv4: Scaling Cross Stage Partial Network. arXiv preprint arXiv:2011.08036","author":"Wang Chien-Yao","year":"2020","unstructured":"Chien-Yao Wang, Alexey Bochkovskiy, and Hong-Yuan Mark Liao. 2020. Scaled-YOLOv4: Scaling Cross Stage Partial Network. arXiv preprint arXiv:2011.08036 (2020)."},{"key":"e_1_3_2_1_54_1","volume-title":"Daedalus: Breaking non-maximum suppression in object detection via adversarial examples. arXiv","author":"Wang Derui","year":"2019","unstructured":"Derui Wang, Chaoran Li, Sheng Wen, Xiaojun Chang, Surya Nepal, and Yang Xiang. 2019. Daedalus: Breaking non-maximum suppression in object detection via adversarial examples. arXiv (2019), arXiv--1902."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2019\/134"},{"key":"e_1_3_2_1_56_1","volume-title":"Proceedings of the 35th International Conference on Machine Learning (ICML). 5283--5292","author":"Wong Eric","unstructured":"Eric Wong and J. Zico Kolter. 2018. Provable Defenses against Adversarial Examples via the Convex Outer Adversarial Polytope. In Proceedings of the 35th International Conference on Machine Learning (ICML). 5283--5292."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58548-8_1"},{"key":"e_1_3_2_1_58_1","volume-title":"30th USENIX Security Symposium (USENIX Security) .","author":"Xiang Chong","year":"2021","unstructured":"Chong Xiang, Arjun Nitin Bhagoji, Vikash Sehwag, and Prateek Mittal. 2021. PatchGuard: A Provably Robust Defense against Adversarial Patches via Small Receptive Fields and Masking. In 30th USENIX Security Symposium (USENIX Security) ."},{"key":"e_1_3_2_1_59_1","volume-title":"ICLR 2021 Workshop on Security and Safety in Machine Learning Systems .","author":"Xiang Chong","year":"2021","unstructured":"Chong Xiang and Prateek Mittal. 2021. PatchGuard+: Efficient Provable Attack Detection against Adversarial Patches. In ICLR 2021 Workshop on Security and Safety in Machine Learning Systems ."},{"key":"e_1_3_2_1_60_1","volume-title":"Adversarial Examples for Semantic Segmentation and Object Detection. In IEEE International Conference on Computer Vision (ICCV)","author":"Xie Cihang","year":"2017","unstructured":"Cihang Xie, Jianyu Wang, Zhishuai Zhang, Yuyin Zhou, Lingxi Xie, and Alan L. Yuille. 2017. Adversarial Examples for Semantic Segmentation and Object Detection. In IEEE International Conference on Computer Vision (ICCV) 2017. IEEE Computer Society, 1378--1387."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58558-7_39"},{"key":"e_1_3_2_1_62_1","volume-title":"Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. In 25th Annual Network and Distributed System Security Symposium (NDSS) .","author":"Xu Weilin","year":"2018","unstructured":"Weilin Xu, David Evans, and Yanjun Qi. 2018. Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. In 25th Annual Network and Distributed System Security Symposium (NDSS) ."},{"key":"e_1_3_2_1_63_1","volume-title":"Adversarial examples: Attacks and defenses for deep learning","author":"Yuan Xiaoyong","year":"2019","unstructured":"Xiaoyong Yuan, Pan He, Qile Zhu, and Xiaolin Li. 2019. Adversarial examples: Attacks and defenses for deep learning. IEEE transactions on neural networks and learning systems, Vol. 30, 9 (2019), 2805--2824."},{"key":"e_1_3_2_1_64_1","volume-title":"Towards Adversarially Robust Object Detection. In 2019 IEEE\/CVF International Conference on Computer Vision (ICCV)","author":"Zhang Haichao","year":"2019","unstructured":"Haichao Zhang and Jianyu Wang. 2019. Towards Adversarially Robust Object Detection. In 2019 IEEE\/CVF International Conference on Computer Vision (ICCV) 2019. IEEE, 421--430."},{"key":"e_1_3_2_1_65_1","volume-title":"Clipped BagNet: Defending Against Sticker Attacks with Clipped Bag-of-features. In 3rd Deep Learning and Security Workshop (DLS) .","author":"Zhang Zhanyuan","year":"2020","unstructured":"Zhanyuan Zhang, Benson Yuan, Michael McCoyd, and David Wagner. 2020. Clipped BagNet: Defending Against Sticker Attacks with Clipped Bag-of-features. In 3rd Deep Learning and Security Workshop (DLS) ."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354259"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484757","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484757","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484757","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:50:24Z","timestamp":1763499024000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484757"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":66,"alternative-id":["10.1145\/3460120.3484757","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484757","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}