{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T05:07:04Z","timestamp":1755839224214,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":46,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,15]],"date-time":"2021-11-15T00:00:00Z","timestamp":1636934400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,15]]},"DOI":"10.1145\/3474369.3486862","type":"proceedings-article","created":{"date-parts":[[2021,10,28]],"date-time":"2021-10-28T11:13:28Z","timestamp":1635419608000},"page":"13-24","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Adversarial Transfer Attacks With Unknown Data and Class Overlap"],"prefix":"10.1145","author":[{"given":"Luke E.","family":"Richards","sequence":"first","affiliation":[{"name":"Booz Allen Hamilton &amp; University of Maryland, Baltimore County, Baltimore, MD, USA"}]},{"given":"Andr\u00e9","family":"Nguyen","sequence":"additional","affiliation":[{"name":"Booz Allen Hamilton &amp; University of Maryland, Baltimore County, Baltimore, MD, USA"}]},{"given":"Ryan","family":"Capps","sequence":"additional","affiliation":[{"name":"Booz Allen Hamilton, Washinton, DC, USA"}]},{"given":"Steven","family":"Forsyth","sequence":"additional","affiliation":[{"name":"NVIDIA, Washinton, DC, USA"}]},{"given":"Cynthia","family":"Matuszek","sequence":"additional","affiliation":[{"name":"University of Maryland, Baltimore County, Baltimore, MD, USA"}]},{"given":"Edward","family":"Raff","sequence":"additional","affiliation":[{"name":"Booz Allen Hamilton &amp; University of Maryland, Baltimore County, Balitmore, MD, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,11,15]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"Anderson and Phil Roth. EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models. ArXiv e-prints","author":"Hyrum","year":"2018","unstructured":"Hyrum S. Anderson and Phil Roth. EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models. ArXiv e-prints , 2018 . Hyrum S. Anderson and Phil Roth. EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models. ArXiv e-prints, 2018."},{"key":"e_1_3_2_2_2_1","first-page":"448","volume-title":"Seref Sagiroglu. Machine Learning Methods Used in Evaluations of Secure Biometric System Components. In 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA)","author":"Arslan Bilgehan","year":"2017","unstructured":"Bilgehan Arslan , Mehtap Ulker , and Seref Sagiroglu. Machine Learning Methods Used in Evaluations of Secure Biometric System Components. In 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA) , pages 448 -- 453 . IEEE, 12 2017 . Bilgehan Arslan, Mehtap Ulker, and Seref Sagiroglu. Machine Learning Methods Used in Evaluations of Secure Biometric System Components. In 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA), pages 448--453. IEEE, 12 2017."},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.imavis.2009.05.007"},{"key":"e_1_3_2_2_4_1","volume-title":"International Conference on Machine Learning (ICML)","author":"Athalye Anish","year":"2018","unstructured":"Anish Athalye , Nicholas Carlini , and David Wagner . Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples . In International Conference on Machine Learning (ICML) , 2018 . Anish Athalye, Nicholas Carlini, and David Wagner. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. In International Conference on Machine Learning (ICML), 2018."},{"key":"e_1_3_2_2_5_1","volume-title":"Synthesizing Robust Adversarial Examples. ArXiv e-prints","author":"Athalye Anish","year":"2017","unstructured":"Anish Athalye , Logan Engstrom , Andrew Ilyas , and Kevin Kwok . Synthesizing Robust Adversarial Examples. ArXiv e-prints , 2017 . Anish Athalye, Logan Engstrom, Andrew Ilyas, and Kevin Kwok. Synthesizing Robust Adversarial Examples. ArXiv e-prints, 2017."},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2013.57"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2018.07.023"},{"key":"e_1_3_2_2_8_1","first-page":"12659","volume-title":"Hedvig Kjellstrom. Dynamics Are Important for the Recognition of Equine Pain in Video. In 2019 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR)","author":"Broome Sofia","year":"2019","unstructured":"Sofia Broome , Karina Bech Gleerup , Pia Haubro Andersen , and Hedvig Kjellstrom. Dynamics Are Important for the Recognition of Equine Pain in Video. In 2019 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR) , pages 12659 -- 12668 . IEEE, 6 2019 . Sofia Broome, Karina Bech Gleerup, Pia Haubro Andersen, and Hedvig Kjellstrom. Dynamics Are Important for the Recognition of Equine Pain in Video. In 2019 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pages 12659--12668. IEEE, 6 2019."},{"key":"e_1_3_2_2_9_1","first-page":"3","volume-title":"Carlini and David Wagner. Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods. In Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, AISec '17","author":"Nicholas","year":"2017","unstructured":"Nicholas Carlini and David Wagner. Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods. In Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, AISec '17 , pages 3 -- 14 , New York, NY, USA , 2017 . ACM. Nicholas Carlini and David Wagner. Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods. In Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, AISec '17, pages 3--14, New York, NY, USA, 2017. ACM."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3394486.3403368"},{"key":"e_1_3_2_2_11_1","volume-title":"Improving black-box adversarial attacks with a transfer-based prior. arXiv preprint arXiv:1906.06919","author":"Cheng Shuyu","year":"2019","unstructured":"Shuyu Cheng , Yinpeng Dong , Tianyu Pang , Hang Su , and Jun Zhu . Improving black-box adversarial attacks with a transfer-based prior. arXiv preprint arXiv:1906.06919 , 2019 . Shuyu Cheng, Yinpeng Dong, Tianyu Pang, Hang Su, and Jun Zhu. Improving black-box adversarial attacks with a transfer-based prior. arXiv preprint arXiv:1906.06919, 2019."},{"key":"e_1_3_2_2_12_1","first-page":"26","volume-title":"Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks. ArXiv e-prints","author":"Demontis Ambra","year":"2018","unstructured":"Ambra Demontis , Marco Melis , Maura Pintor , Matthew Jagielski , Battista Biggio , Alina Oprea , Cristina Nita-Rotaru , and Fabio Roli . Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks. ArXiv e-prints , pages 26 -- 28 , 2018 . Ambra Demontis, Marco Melis, Maura Pintor, Matthew Jagielski, Battista Biggio, Alina Oprea, Cristina Nita-Rotaru, and Fabio Roli. Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks. ArXiv e-prints, pages 26--28, 2018."},{"key":"e_1_3_2_2_13_1","first-page":"321","volume-title":"Explaining Transferability of Evasion and Poisoning Attacks. In 28th USENIX Security Symposium (USENIX Security 19)","author":"Demontis Ambra","year":"2019","unstructured":"Ambra Demontis , Marco Melis , Maura Pintor , Matthew Jagielski , Battista Biggio , Alina Oprea , Cristina Nita-Rotaru , and Fabio Roli . Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks. In 28th USENIX Security Symposium (USENIX Security 19) , pages 321 -- 338 , Santa Clara, CA, 8 2019 . USENIX Association. Ambra Demontis, Marco Melis, Maura Pintor, Matthew Jagielski, Battista Biggio, Alina Oprea, Cristina Nita-Rotaru, and Fabio Roli. Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks. In 28th USENIX Security Symposium (USENIX Security 19), pages 321--338, Santa Clara, CA, 8 2019. USENIX Association."},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00957"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00444"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00444"},{"key":"e_1_3_2_2_17_1","volume-title":"Santa Barbara. A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion. In Proceedings of Reversing and Offensive-oriented Trends Symposium","author":"Egele Manuel","year":"2017","unstructured":"Manuel Egele , T Scholte , E Kirda , and Santa Barbara. A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion. In Proceedings of Reversing and Offensive-oriented Trends Symposium , 2017 . Manuel Egele, T Scholte, E Kirda, and Santa Barbara. A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion. In Proceedings of Reversing and Offensive-oriented Trends Symposium, 2017."},{"key":"e_1_3_2_2_18_1","volume-title":"Adversarial Attacks Against Medical Deep Learning Systems","author":"Finlayson Samuel G","year":"2018","unstructured":"Samuel G Finlayson , Isaac S Kohane , and Andrew L Beam . Adversarial Attacks Against Medical Deep Learning Systems . 2018 . Samuel G Finlayson, Isaac S Kohane, and Andrew L Beam. Adversarial Attacks Against Medical Deep Learning Systems. 2018."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2388676.2388688"},{"key":"e_1_3_2_2_20_1","volume-title":"Jian Sun. Deep Residual Learning for Image Recognition. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR)","author":"He Kaiming","year":"2015","unstructured":"Kaiming He , Xiangyu Zhang , Shaoqing Ren , and Jian Sun. Deep Residual Learning for Image Recognition. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR) , 2015 . Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. Deep Residual Learning for Image Recognition. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2015."},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3289600.3290979"},{"key":"e_1_3_2_2_22_1","volume-title":"Improving Adversarial Robustness of Ensembles with Diversity Training. arXiv","author":"Kariyappa Sanjay","year":"2019","unstructured":"Sanjay Kariyappa and Moinuddin K. Qureshi . Improving Adversarial Robustness of Ensembles with Diversity Training. arXiv , 2019 . Sanjay Kariyappa and Moinuddin K. Qureshi. Improving Adversarial Robustness of Ensembles with Diversity Training. arXiv, 2019."},{"key":"e_1_3_2_2_23_1","volume-title":"Kingma and Jimmy Lei Ba. Adam: A Method for Stochastic Optimization. In International Conference On Learning Representations","author":"Diederik","year":"2015","unstructured":"Diederik P Kingma and Jimmy Lei Ba. Adam: A Method for Stochastic Optimization. In International Conference On Learning Representations , 2015 . Diederik P Kingma and Jimmy Lei Ba. Adam: A Method for Stochastic Optimization. In International Conference On Learning Representations, 2015."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.23919\/EUSIPCO.2018.8553214"},{"key":"e_1_3_2_2_25_1","volume-title":"International Conference on Learning Representations (ICLR)","author":"Kurakin Alexey","year":"2017","unstructured":"Alexey Kurakin , Ian Goodfellow , and Samy Bengio . Adversarial Machine Learning at Scale . In International Conference on Learning Representations (ICLR) , 2017 . Alexey Kurakin, Ian Goodfellow, and Samy Bengio. Adversarial Machine Learning at Scale. In International Conference on Learning Representations (ICLR), 2017."},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACII.2009.5349321"},{"key":"e_1_3_2_2_27_1","volume-title":"International Conference on Learning Representations (ICLR)","author":"Madry Aleksander","year":"2018","unstructured":"Aleksander Madry , Aleksandar Makelov , Ludwig Schmidt , Dimitris Tsipras , and Adrian Vladu . Towards Deep Learning Models Resistant to Adversarial Attacks . In International Conference on Learning Representations (ICLR) , 2018 . Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. Towards Deep Learning Models Resistant to Adversarial Attacks. In International Conference on Learning Representations (ICLR), 2018."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPRW.2017.286"},{"key":"e_1_3_2_2_29_1","volume-title":"Numerical Stability Regularization. In AAAI 2019 Workshop on Engineering Dependable and Secure Machine Learning Systems","author":"Nguyen Andre T","year":"2018","unstructured":"Andre T Nguyen and Edward Raff . Adversarial Attacks , Regression, and Numerical Stability Regularization. In AAAI 2019 Workshop on Engineering Dependable and Secure Machine Learning Systems , 2018 . Andre T Nguyen and Edward Raff. Adversarial Attacks, Regression, and Numerical Stability Regularization. In AAAI 2019 Workshop on Engineering Dependable and Secure Machine Learning Systems, 2018."},{"key":"e_1_3_2_2_30_1","volume-title":"Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples. arXiv","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot , Patrick McDaniel , and Ian Goodfellow . Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples. arXiv , 2016 . Nicolas Papernot, Patrick McDaniel, and Ian Goodfellow. Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples. arXiv, 2016."},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053009"},{"key":"e_1_3_2_2_32_1","first-page":"76","volume-title":"Andrew Koster, David Ria n o, Sara Montagna, Michael Schumacher, Annette ten Teije, Christian Guttmann, Manfred Reichert, Isabelle Bichindaritz, Pau Herrero, Richard Lenz, Beatriz L\u00f3pez","author":"Raff Edward","year":"2019","unstructured":"Edward Raff , Shannon Lantzy , and Ezekiel J Maier . Dr. AI , Where Did You Get Your Degree? In Fernando Koch , Andrew Koster, David Ria n o, Sara Montagna, Michael Schumacher, Annette ten Teije, Christian Guttmann, Manfred Reichert, Isabelle Bichindaritz, Pau Herrero, Richard Lenz, Beatriz L\u00f3pez , Cindy Marling, Clare Martin, Stefania Montani, and Nirmalie Wiratunga, editors, Artificial Intelligence in Health, pages 76 -- 83 , Cham, 2019 . Springer International Publishing . Edward Raff, Shannon Lantzy, and Ezekiel J Maier. Dr. AI, Where Did You Get Your Degree? In Fernando Koch, Andrew Koster, David Ria n o, Sara Montagna, Michael Schumacher, Annette ten Teije, Christian Guttmann, Manfred Reichert, Isabelle Bichindaritz, Pau Herrero, Richard Lenz, Beatriz L\u00f3pez, Cindy Marling, Clare Martin, Stefania Montani, and Nirmalie Wiratunga, editors, Artificial Intelligence in Health, pages 76--83, Cham, 2019. Springer International Publishing."},{"key":"e_1_3_2_2_33_1","volume-title":"Raff and Charles Nicholas. A Survey of Machine Learning Methods and Challenges for Windows Malware Classification. In NeurIPS 2020 Workshop: ML Retrospectives, Surveys & Meta-Analyses (ML-RSA)","author":"Edward","year":"2020","unstructured":"Edward Raff and Charles Nicholas. A Survey of Machine Learning Methods and Challenges for Windows Malware Classification. In NeurIPS 2020 Workshop: ML Retrospectives, Surveys & Meta-Analyses (ML-RSA) , 2020 . Edward Raff and Charles Nicholas. A Survey of Machine Learning Methods and Challenges for Windows Malware Classification. In NeurIPS 2020 Workshop: ML Retrospectives, Surveys & Meta-Analyses (ML-RSA), 2020."},{"key":"e_1_3_2_2_34_1","volume-title":"Do Adversarially Robust ImageNet Models Transfer Better? arXiv","author":"Salman Hadi","year":"2020","unstructured":"Hadi Salman , Andrew Ilyas , Logan Engstrom , Ashish Kapoor , and Aleksander Madry . Do Adversarially Robust ImageNet Models Transfer Better? arXiv , 2020 . Hadi Salman, Andrew Ilyas, Logan Engstrom, Ashish Kapoor, and Aleksander Madry. Do Adversarially Robust ImageNet Models Transfer Better? arXiv, 2020."},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"e_1_3_2_2_36_1","volume-title":"ACSAC","author":"Juan Caballero Silvia Sebasti\u00e1","year":"2020","unstructured":"Silvia Sebasti\u00e1 n and Juan Caballero . AVClass2 : Massive Malware Tag Extraction from AV Labels . In ACSAC , 2020 . Silvia Sebasti\u00e1 n and Juan Caballero. AVClass2: Massive Malware Tag Extraction from AV Labels. In ACSAC, 2020."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2014.6999409"},{"key":"e_1_3_2_2_38_1","volume-title":"Fawkes: Protecting Privacy against Unauthorized Deep Learning Models","author":"Shan Shawn","year":"2020","unstructured":"Shawn Shan , Emily Wenger , Jiayun Zhang , Huiying Li , Haitao Zheng , and Ben Y. Zhao . Fawkes: Protecting Privacy against Unauthorized Deep Learning Models . 2020 . Shawn Shan, Emily Wenger, Jiayun Zhang, Huiying Li, Haitao Zheng, and Ben Y. Zhao. Fawkes: Protecting Privacy against Unauthorized Deep Learning Models. 2020."},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.5555\/2627435.2670313"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.20"},{"key":"e_1_3_2_2_41_1","first-page":"1299","volume-title":"Generalized Transferability for Evasion and Poisoning Attacks. In 27th USENIX Security Symposium (USENIX Security 18)","author":"Suciu Octavian","year":"2018","unstructured":"Octavian Suciu , Radu Marginean , Yigitcan Kaya , Hal Daume III, and Tudor Dumitras . When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks. In 27th USENIX Security Symposium (USENIX Security 18) , pages 1299 -- 1316 , Baltimore, MD, 8 2018 . USENIX Association. Octavian Suciu, Radu Marginean, Yigitcan Kaya, Hal Daume III, and Tudor Dumitras. When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks. In 27th USENIX Security Symposium (USENIX Security 18), pages 1299--1316, Baltimore, MD, 8 2018. USENIX Association."},{"key":"e_1_3_2_2_42_1","first-page":"1","volume-title":"The Space of Transferable Adversarial Examples. arXiv","author":"Florian Tram\u00e8","year":"2017","unstructured":"Florian Tram\u00e8 r, Nicolas Papernot , Ian Goodfellow , Dan Boneh , and Patrick McDaniel . The Space of Transferable Adversarial Examples. arXiv , pages 1 -- 15 , 2017 . Florian Tram\u00e8 r, Nicolas Papernot, Ian Goodfellow, Dan Boneh, and Patrick McDaniel. The Space of Transferable Adversarial Examples. arXiv, pages 1--15, 2017."},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1097\/PR9.0000000000000643"},{"key":"e_1_3_2_2_44_1","volume-title":"International Conference on Learning Representations (ICLR)","author":"Wong Eric","year":"2020","unstructured":"Eric Wong , Leslie Rice , and J. Zico Kolter . Fast is better than free: Revisiting adversarial training . In International Conference on Learning Representations (ICLR) , 2020 . Eric Wong, Leslie Rice, and J. Zico Kolter. Fast is better than free: Revisiting adversarial training. In International Conference on Learning Representations (ICLR), 2020."},{"key":"e_1_3_2_2_45_1","first-page":"2725","volume-title":"Yuille. Improving Transferability of Adversarial Examples With Input Diversity. In 2019 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR)","author":"Xie C","year":"2019","unstructured":"C Xie , Z Zhang , Y Zhou , S Bai , J Wang , Z Ren , and A L Yuille. Improving Transferability of Adversarial Examples With Input Diversity. In 2019 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR) , pages 2725 -- 2734 , 6 2019 . C Xie, Z Zhang, Y Zhou, S Bai, J Wang, Z Ren, and A L Yuille. Improving Transferability of Adversarial Examples With Input Diversity. In 2019 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pages 2725--2734, 6 2019."},{"key":"e_1_3_2_2_46_1","first-page":"471","volume-title":"Transferable Adversarial Perturbations","author":"Zhou Wen","year":"2018","unstructured":"Wen Zhou , Xin Hou , Yongjun Chen , Mengyun Tang , Xiangqi Huang , Xiang Gan , and Yong Yang . Transferable Adversarial Perturbations . In Vittorio Ferrari, Martial Hebert, Cristian Sminchisescu, and Yair Weiss, editors, ECCV, pages 471 -- 486 , Cham, 2018 . Springer International Publishing . Wen Zhou, Xin Hou, Yongjun Chen, Mengyun Tang, Xiangqi Huang, Xiang Gan, and Yong Yang. Transferable Adversarial Perturbations. In Vittorio Ferrari, Martial Hebert, Cristian Sminchisescu, and Yair Weiss, editors, ECCV, pages 471--486, Cham, 2018. Springer International Publishing."}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Virtual Event Republic of Korea","acronym":"CCS '21"},"container-title":["Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3474369.3486862","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3474369.3486862","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:26Z","timestamp":1750188626000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3474369.3486862"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,15]]},"references-count":46,"alternative-id":["10.1145\/3474369.3486862","10.1145\/3474369"],"URL":"https:\/\/doi.org\/10.1145\/3474369.3486862","relation":{},"subject":[],"published":{"date-parts":[[2021,11,15]]},"assertion":[{"value":"2021-11-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}