{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,18]],"date-time":"2025-12-18T09:23:17Z","timestamp":1766049797395,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":46,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,15]],"date-time":"2021-11-15T00:00:00Z","timestamp":1636934400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,15]]},"DOI":"10.1145\/3474369.3486874","type":"proceedings-article","created":{"date-parts":[[2021,10,28]],"date-time":"2021-10-28T11:13:28Z","timestamp":1635419608000},"page":"49-60","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["NNoculation"],"prefix":"10.1145","author":[{"given":"Akshaj Kumar","family":"Veldanda","sequence":"first","affiliation":[{"name":"New York University, New York, NY, USA"}]},{"given":"Kang","family":"Liu","sequence":"additional","affiliation":[{"name":"Huazhong University of Science andTechnology, Wuhan, UNK, China"}]},{"given":"Benjamin","family":"Tan","sequence":"additional","affiliation":[{"name":"University of Calgary, Calgary, AB, Canada"}]},{"given":"Prashanth","family":"Krishnamurthy","sequence":"additional","affiliation":[{"name":"New York University, New York, NY, USA"}]},{"given":"Farshad","family":"Khorrami","sequence":"additional","affiliation":[{"name":"New York University, New York, NY, USA"}]},{"given":"Ramesh","family":"Karri","sequence":"additional","affiliation":[{"name":"New York University, New York, NY, USA"}]},{"given":"Brendan","family":"Dolan-Gavitt","sequence":"additional","affiliation":[{"name":"New York University, New York, NY, USA"}]},{"given":"Siddharth","family":"Garg","sequence":"additional","affiliation":[{"name":"New York University, New York, NY, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,11,15]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"Berkeley Vision and Learning Center. 2020. Caffe Model Zoo. https:\/\/github.com\/BVLC\/caffe\/wiki\/Model-Zoo.  Berkeley Vision and Learning Center. 2020. Caffe Model Zoo. https:\/\/github.com\/BVLC\/caffe\/wiki\/Model-Zoo."},{"key":"e_1_3_2_2_2_1","volume-title":"Pattern Recognition","volume":"84","author":"Biggio Battista","year":"2018","unstructured":"Battista Biggio and Fabio Roli . 2018 . Wild patterns: Ten years after the rise of adversarial machine learning . Pattern Recognition , Vol. 84 (Dec. 2018), 317--331. https:\/\/doi.org\/10.1016\/j.patcog.2018.07.023 10.1016\/j.patcog.2018.07.023 Battista Biggio and Fabio Roli. 2018. Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition, Vol. 84 (Dec. 2018), 317--331. https:\/\/doi.org\/10.1016\/j.patcog.2018.07.023"},{"key":"e_1_3_2_2_3_1","volume-title":"et almbox","author":"Blanchard Peva","year":"2017","unstructured":"Peva Blanchard , Rachid Guerraoui , Julien Stainer , et almbox . 2017 . Machine learning with adversaries: Byzantine tolerant gradient descent. In Advances in Neural Information Processing Systems . 119--129. Peva Blanchard, Rachid Guerraoui, Julien Stainer, et almbox. 2017. Machine learning with adversaries: Byzantine tolerant gradient descent. In Advances in Neural Information Processing Systems. 119--129."},{"key":"e_1_3_2_2_4_1","volume-title":"Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning. arXiv","author":"Chen Xinyun","year":"2017","unstructured":"Xinyun Chen , Chang Liu , Bo Li , Kimberly Lu , and Dawn Song . 2017a. Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning. arXiv , Vol. 1712 .05526 ( 2017 ). Xinyun Chen, Chang Liu, Bo Li, Kimberly Lu, and Dawn Song. 2017a. Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning. arXiv, Vol. 1712.05526 (2017)."},{"key":"e_1_3_2_2_5_1","unstructured":"Xinyun Chen Chang Liu Bo Li Kimberly Lu and Dawn Song. 2017b. Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning. arxiv: 1712.05526 [cs.CR]  Xinyun Chen Chang Liu Bo Li Kimberly Lu and Dawn Song. 2017b. Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning. arxiv: 1712.05526 [cs.CR]"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2941376"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"crossref","unstructured":"J. Deng W. Dong R. Socher L.-J. Li K. Li and L. Fei-Fei. 2009. ImageNet: A Large-Scale Hierarchical Image Database. In CVPR09.  J. Deng W. Dong R. Socher L.-J. Li K. Li and L. Fei-Fei. 2009. ImageNet: A Large-Scale Hierarchical Image Database. In CVPR09.","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1038\/nature21056"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359790"},{"key":"e_1_3_2_2_10_1","volume-title":"Proceedings of the International Conference on Learning Representations.","author":"Goodfellow Ian J.","year":"2015","unstructured":"Ian J. Goodfellow , Jonathon Shlens , and Christian Szegedy . 2015 . Explaining and Harnessing Adversarial Examples . In Proceedings of the International Conference on Learning Representations. Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2909068"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIS.2009.36"},{"key":"e_1_3_2_2_13_1","volume-title":"Weinberger","author":"Huang Gao","year":"2016","unstructured":"Gao Huang , Zhuang Liu , Laurens van der Maaten , and Kilian Q . Weinberger . 2016 . Densely Connected Convolutional Networks . arxiv: 1608.06993 [cs.CV] Gao Huang, Zhuang Liu, Laurens van der Maaten, and Kilian Q. Weinberger. 2016. Densely Connected Convolutional Networks. arxiv: 1608.06993 [cs.CV]"},{"key":"e_1_3_2_2_14_1","volume-title":"Image-to-Image Translation with Conditional Adversarial Networks. CVPR","author":"Isola Phillip","year":"2017","unstructured":"Phillip Isola , Jun-Yan Zhu , Tinghui Zhou , and Alexei A Efros . 2017. Image-to-Image Translation with Conditional Adversarial Networks. CVPR ( 2017 ). Phillip Isola, Jun-Yan Zhu, Tinghui Zhou, and Alexei A Efros. 2017. Image-to-Image Translation with Conditional Adversarial Networks. CVPR (2017)."},{"key":"e_1_3_2_2_15_1","volume-title":"Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. In 2018 IEEE Symposium on Security and Privacy (SP). 19--35","author":"Jagielski M.","year":"2018","unstructured":"M. Jagielski , A. Oprea , B. Biggio , C. Liu , C. Nita-Rotaru , and B. Li . 2018 . Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. In 2018 IEEE Symposium on Security and Privacy (SP). 19--35 . https:\/\/doi.org\/10.1109\/SP. 2018 .00057 10.1109\/SP.2018.00057 M. Jagielski, A. Oprea, B. Biggio, C. Liu, C. Nita-Rotaru, and B. Li. 2018. Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. In 2018 IEEE Symposium on Security and Privacy (SP). 19--35. https:\/\/doi.org\/10.1109\/SP.2018.00057"},{"key":"e_1_3_2_2_16_1","unstructured":"Jing Yu Koh. 2011. ModelZoo. https:\/\/modelzoo.co.  Jing Yu Koh. 2011. ModelZoo. https:\/\/modelzoo.co."},{"key":"e_1_3_2_2_17_1","volume-title":"Chi-Hung Weng, Abner Ayala-Acevedo, Raphael Meudec, Matias Laporte, et almbox.","author":"Jung Alexander B.","year":"2020","unstructured":"Alexander B. Jung , Kentaro Wada , Jon Crall , Satoshi Tanaka , Jake Graving , Christoph Reinders , Sarthak Yadav , Joy Banerjee , G\u00e1bor Vecsei , Adam Kraft , Zheng Rui , Jirka Borovec , Christian Vallentin , Semen Zhydenko , Kilian Pfeiffer , Ben Cook , Ismael Fern\u00e1ndez , Fran\u00e7ois-Michel De Rainville , Chi-Hung Weng, Abner Ayala-Acevedo, Raphael Meudec, Matias Laporte, et almbox. 2020 . imgaug. https:\/\/github.com\/aleju\/imgaug. Online ; accessed 01-Feb-2020. Alexander B. Jung, Kentaro Wada, Jon Crall, Satoshi Tanaka, Jake Graving, Christoph Reinders, Sarthak Yadav, Joy Banerjee, G\u00e1bor Vecsei, Adam Kraft, Zheng Rui, Jirka Borovec, Christian Vallentin, Semen Zhydenko, Kilian Pfeiffer, Ben Cook, Ismael Fern\u00e1ndez, Fran\u00e7ois-Michel De Rainville, Chi-Hung Weng, Abner Ayala-Acevedo, Raphael Meudec, Matias Laporte, et almbox. 2020. imgaug. https:\/\/github.com\/aleju\/imgaug. Online; accessed 01-Feb-2020."},{"key":"e_1_3_2_2_18_1","volume-title":"Kingma and Jimmy Ba","author":"Diederik","year":"2017","unstructured":"Diederik P. Kingma and Jimmy Ba . 2017 . Adam : A Method for Stochastic Optimization . arxiv: 1412.6980 [cs.LG] Diederik P. Kingma and Jimmy Ba. 2017. Adam: A Method for Stochastic Optimization. arxiv: 1412.6980 [cs.LG]"},{"key":"e_1_3_2_2_19_1","volume-title":"et almbox","author":"Krizhevsky Alex","year":"2009","unstructured":"Alex Krizhevsky , Geoffrey Hinton , et almbox . 2009 . Learning Multiple Layers of Features from Tiny Images . (2009). Alex Krizhevsky, Geoffrey Hinton, et almbox. 2009. Learning Multiple Layers of Features from Tiny Images. (2009)."},{"key":"e_1_3_2_2_20_1","volume-title":"MNIST handwritten digit database. ATT Labs [Online]. Available: http:\/\/yann.lecun.com\/exdb\/mnist","author":"LeCun Yann","year":"2010","unstructured":"Yann LeCun , Corinna Cortes , and CJ Burges . 2010. MNIST handwritten digit database. ATT Labs [Online]. Available: http:\/\/yann.lecun.com\/exdb\/mnist , Vol. 2 ( 2010 ). Yann LeCun, Corinna Cortes, and CJ Burges. 2010. MNIST handwritten digit database. ATT Labs [Online]. Available: http:\/\/yann.lecun.com\/exdb\/mnist, Vol. 2 (2010)."},{"key":"e_1_3_2_2_21_1","volume-title":"International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=9l0K4OM-oXE","author":"Li Yige","year":"2021","unstructured":"Yige Li , Xixiang Lyu , Nodens Koren , Lingjuan Lyu , Bo Li , and Xingjun Ma . 2021 . Neural Attention Distillation: Erasing Backdoor Triggers from Deep Neural Networks . In International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=9l0K4OM-oXE Yige Li, Xixiang Lyu, Nodens Koren, Lingjuan Lyu, Bo Li, and Xingjun Ma. 2021. Neural Attention Distillation: Erasing Backdoor Triggers from Deep Neural Networks. In International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=9l0K4OM-oXE"},{"key":"e_1_3_2_2_22_1","volume-title":"Proceedings of the International Conference on Learning Representations.","author":"Lin Min","year":"2014","unstructured":"Min Lin , Qiang Chen , and Shuicheng Yan . 2014 . Network In Network . In Proceedings of the International Conference on Learning Representations. Min Lin, Qiang Chen, and Shuicheng Yan. 2014. Network In Network. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_13"},{"volume-title":"Automation Test in Europe Conference Exhibition (DATE). 306--309","author":"Liu K.","key":"e_1_3_2_2_24_1","unstructured":"K. Liu , B. Tan , R. Karri , and S. Garg . 2020. Poisoning the (Data) Well in ML-Based CAD: A Case Study of Hiding Lithographic Hotspots. In 2020 Design , Automation Test in Europe Conference Exhibition (DATE). 306--309 . K. Liu, B. Tan, R. Karri, and S. Garg. 2020. Poisoning the (Data) Well in ML-Based CAD: A Case Study of Hiding Lithographic Hotspots. In 2020 Design, Automation Test in Europe Conference Exhibition (DATE). 306--309."},{"key":"e_1_3_2_2_25_1","volume-title":"Ramesh Karri, and Siddharth Garg. 2019 b. Are Adversarial Perturbations a Showstopper for ML-Based CAD? A Case Study on CNN-Based Lithographic Hotspot Detection. arXiv preprint arXiv:1906.10773","author":"Liu Kang","year":"2019","unstructured":"Kang Liu , Haoyu Yang , Yuzhe Ma , Benjamin Tan , Bei Yu , Evangeline FY Young , Ramesh Karri, and Siddharth Garg. 2019 b. Are Adversarial Perturbations a Showstopper for ML-Based CAD? A Case Study on CNN-Based Lithographic Hotspot Detection. arXiv preprint arXiv:1906.10773 ( 2019 ). Kang Liu, Haoyu Yang, Yuzhe Ma, Benjamin Tan, Bei Yu, Evangeline FY Young, Ramesh Karri, and Siddharth Garg. 2019 b. Are Adversarial Perturbations a Showstopper for ML-Based CAD? A Case Study on CNN-Based Lithographic Hotspot Detection. arXiv preprint arXiv:1906.10773 (2019)."},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363216"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23291"},{"key":"e_1_3_2_2_28_1","unstructured":"Anh Nguyen and Anh Tran. 2021. WaNet -- Imperceptible Warping-based Backdoor Attack. arxiv: 2102.10369 [cs.CR]  Anh Nguyen and Anh Tran. 2021. WaNet -- Imperceptible Warping-based Backdoor Attack. arxiv: 2102.10369 [cs.CR]"},{"key":"e_1_3_2_2_29_1","volume-title":"Proceedings of Advances in Neural Information Processing Systems. http:\/\/papers.nips.cc\/paper\/9550-defending-neural-backdoors-via-generative-distribution-modeling.pdf","author":"Qiao Ximing","year":"2019","unstructured":"Ximing Qiao , Yukun Yang , and Hai Li . 2019 . Defending Neural Backdoors via Generative Distribution Modeling . In Proceedings of Advances in Neural Information Processing Systems. http:\/\/papers.nips.cc\/paper\/9550-defending-neural-backdoors-via-generative-distribution-modeling.pdf Ximing Qiao, Yukun Yang, and Hai Li. 2019. Defending Neural Backdoors via Generative Distribution Modeling. In Proceedings of Advances in Neural Information Processing Systems. http:\/\/papers.nips.cc\/paper\/9550-defending-neural-backdoors-via-generative-distribution-modeling.pdf"},{"key":"e_1_3_2_2_30_1","volume-title":"A Survey on Data Collection for Machine Learning: a Big DataAI Integration Perspective","author":"Roh Yuji","year":"2019","unstructured":"Yuji Roh , Geon Heo , and Steven Euijong Whang . 2019. A Survey on Data Collection for Machine Learning: a Big DataAI Integration Perspective . IEEE Transactions on Knowledge and Data Engineering ( 2019 ), 1--1. Yuji Roh, Geon Heo, and Steven Euijong Whang. 2019. A Survey on Data Collection for Machine Learning: a Big DataAI Integration Perspective. IEEE Transactions on Knowledge and Data Engineering (2019), 1--1."},{"key":"e_1_3_2_2_31_1","volume-title":"Hidden Trigger Backdoor Attacks. arxiv","author":"Saha Aniruddha","year":"1910","unstructured":"Aniruddha Saha , Akshayvarun Subramanya , and Hamed Pirsiavash . 2019. Hidden Trigger Backdoor Attacks. arxiv : 1910 .00033 [cs.CV] Aniruddha Saha, Akshayvarun Subramanya, and Hamed Pirsiavash. 2019. Hidden Trigger Backdoor Attacks. arxiv: 1910.00033 [cs.CV]"},{"key":"e_1_3_2_2_32_1","volume-title":"Proceedings of Advances in Neural Information Processing Systems.","author":"Shafahi Ali","year":"2018","unstructured":"Ali Shafahi , W Ronny Huang , Mahyar Najibi , Octavian Suciu , Christoph Studer , Tudor Dumitras , and Tom Goldstein . 2018 . Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks . In Proceedings of Advances in Neural Information Processing Systems. Ali Shafahi, W Ronny Huang, Mahyar Najibi, Octavian Suciu, Christoph Studer, Tudor Dumitras, and Tom Goldstein. 2018. Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks. In Proceedings of Advances in Neural Information Processing Systems."},{"key":"e_1_3_2_2_33_1","unstructured":"Simon Tomas Karlsson. [n.d.]. CycleGAN - Keras Implementation. https:\/\/github.com\/simontomaskarlsson\/CycleGAN-Keras.  Simon Tomas Karlsson. [n.d.]. CycleGAN - Keras Implementation. https:\/\/github.com\/simontomaskarlsson\/CycleGAN-Keras."},{"key":"e_1_3_2_2_34_1","volume-title":"Man vs. Computer: Benchmarking Machine Learning Algorithms for Traffic Sign Recognition. Neural networks","author":"Stallkamp Johannes","year":"2012","unstructured":"Johannes Stallkamp , Marc Schlipsing , Jan Salmen , and Christian Igel . 2012. Man vs. Computer: Benchmarking Machine Learning Algorithms for Traffic Sign Recognition. Neural networks , Vol. 32 ( 2012 ), 323--32. Johannes Stallkamp, Marc Schlipsing, Jan Salmen, and Christian Igel. 2012. Man vs. Computer: Benchmarking Machine Learning Algorithms for Traffic Sign Recognition. Neural networks, Vol. 32 (2012), 323--32."},{"key":"e_1_3_2_2_35_1","volume-title":"Pang Wei Koh, and Percy Liang","author":"Steinhardt Jacob","year":"2017","unstructured":"Jacob Steinhardt , Pang Wei Koh, and Percy Liang . 2017 . Certified Defenses for Data Poisoning Attacks . arxiv: 1706.03691 [cs.LG] Jacob Steinhardt, Pang Wei Koh, and Percy Liang. 2017. Certified Defenses for Data Poisoning Attacks. arxiv: 1706.03691 [cs.LG]"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2014.244"},{"key":"e_1_3_2_2_37_1","volume-title":"Ananda Theertha Suresh, and H. Brendan McMahan","author":"Sun Ziteng","year":"2019","unstructured":"Ziteng Sun , Peter Kairouz , Ananda Theertha Suresh, and H. Brendan McMahan . 2019 . Can You Really Backdoor Federated Learning ?arxiv: 1911.07963 [cs.LG] Ziteng Sun, Peter Kairouz, Ananda Theertha Suresh, and H. Brendan McMahan. 2019. Can You Really Backdoor Federated Learning?arxiv: 1911.07963 [cs.LG]"},{"key":"e_1_3_2_2_38_1","volume-title":"Proceedings of the International Conference on Learning Representations.","author":"Szegedy Christian","year":"2014","unstructured":"Christian Szegedy , Wojciech Zaremba , Ilya Sutskever , Joan Bruna , Dumitru Erhan , Ian J. Goodfellow , and Rob Fergus . 2014 . Intriguing Properties of Neural Networks . In Proceedings of the International Conference on Learning Representations. Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian J. Goodfellow, and Rob Fergus. 2014. Intriguing Properties of Neural Networks. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_2_2_39_1","unstructured":"Brandon Tran Jerry Li and Aleksander Madry. 2018. Spectral Signatures in Backdoor Attacks. In Advances in Neural Information Processing Systems. 8011--8021.  Brandon Tran Jerry Li and Aleksander Madry. 2018. Spectral Signatures in Backdoor Attacks. In Advances in Neural Information Processing Systems. 8011--8021."},{"key":"e_1_3_2_2_40_1","unstructured":"Alexander Turner Dimitris Tsipras and Aleksander Madry. 2019. Clean-Label Backdoor Attacks. https:\/\/openreview.net\/forum?id=HJg6e2CcK7  Alexander Turner Dimitris Tsipras and Aleksander Madry. 2019. Clean-Label Backdoor Attacks. https:\/\/openreview.net\/forum?id=HJg6e2CcK7"},{"key":"e_1_3_2_2_41_1","volume-title":"On Evaluating Neural Network Backdoor Defenses. arxiv","author":"Veldanda Akshaj","year":"2010","unstructured":"Akshaj Veldanda and Siddharth Garg . 2020. On Evaluating Neural Network Backdoor Defenses. arxiv : 2010 .12186 [cs.LG] Akshaj Veldanda and Siddharth Garg. 2020. On Evaluating Neural Network Backdoor Defenses. arxiv: 2010.12186 [cs.LG]"},{"key":"e_1_3_2_2_42_1","volume-title":"Jinyuan jia, and Neil Zhenqiang Gong","author":"Wang Binghui","year":"2020","unstructured":"Binghui Wang , Xiaoyu Cao , Jinyuan jia, and Neil Zhenqiang Gong . 2020 . On Certifying Robustness against Backdoor Attacks via Randomized Smoothing . arxiv: 2002.11750 [cs.CR] Binghui Wang, Xiaoyu Cao, Jinyuan jia, and Neil Zhenqiang Gong. 2020. On Certifying Robustness against Backdoor Attacks via Randomized Smoothing. arxiv: 2002.11750 [cs.CR]"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy.","author":"Wang Bolun","key":"e_1_3_2_2_43_1","unstructured":"Bolun Wang , Yuanshun Yao , Shawn Shan , Huiying Li , Bimal Viswanath , Haitao Zheng , and Ben Y. Zhao . 2019. Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks . In Proceedings of the IEEE Symposium on Security and Privacy. Bolun Wang, Yuanshun Yao, Shawn Shan, Huiying Li, Bimal Viswanath, Haitao Zheng, and Ben Y. Zhao. 2019. Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks. In Proceedings of the IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2011.5995566"},{"key":"e_1_3_2_2_45_1","volume-title":"Detecting AI Trojans Using Meta Neural Analysis. arxiv","author":"Xu Xiaojun","year":"1910","unstructured":"Xiaojun Xu , Qi Wang , Huichen Li , Nikita Borisov , Carl A. Gunter , and Bo Li. 2020. Detecting AI Trojans Using Meta Neural Analysis. arxiv : 1910 .03137 [cs.AI] Xiaojun Xu, Qi Wang, Huichen Li, Nikita Borisov, Carl A. Gunter, and Bo Li. 2020. Detecting AI Trojans Using Meta Neural Analysis. arxiv: 1910.03137 [cs.AI]"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2017.244"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Virtual Event Republic of Korea","acronym":"CCS '21"},"container-title":["Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3474369.3486874","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3474369.3486874","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:26Z","timestamp":1750188626000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3474369.3486874"}},"subtitle":["Catching BadNets in the Wild"],"short-title":[],"issued":{"date-parts":[[2021,11,15]]},"references-count":46,"alternative-id":["10.1145\/3474369.3486874","10.1145\/3474369"],"URL":"https:\/\/doi.org\/10.1145\/3474369.3486874","relation":{},"subject":[],"published":{"date-parts":[[2021,11,15]]},"assertion":[{"value":"2021-11-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}