{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T05:23:36Z","timestamp":1755926616096,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,10,22]],"date-time":"2021-10-22T00:00:00Z","timestamp":1634860800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"ANR chaire IAD SAIDA","award":["Grant ANR-20-CHIA-0011-01"],"award-info":[{"award-number":["Grant ANR-20-CHIA-0011-01"]}]},{"name":"GENCI?IDRIS","award":["Grant 2019-AD011011287"],"award-info":[{"award-number":["Grant 2019-AD011011287"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,10,24]]},"DOI":"10.1145\/3475731.3484955","type":"proceedings-article","created":{"date-parts":[[2021,10,22]],"date-time":"2021-10-22T16:12:25Z","timestamp":1634919145000},"page":"9-17","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Patch Replacement"],"prefix":"10.1145","author":[{"given":"Hanwei","family":"Zhang","sequence":"first","affiliation":[{"name":"Inria, CNRS, IRISA, Univ Rennes &amp; East China Normal University, Rennes, France"}]},{"given":"Yannis","family":"Avrithis","sequence":"additional","affiliation":[{"name":"Inria, CNRS, IRISA, Univ Rennes, Rennes, France"}]},{"given":"Teddy","family":"Furon","sequence":"additional","affiliation":[{"name":"Inria, CNRS, IRISA, Univ Rennes, Rennes, France"}]},{"given":"Laurent","family":"Amsaleg","sequence":"additional","affiliation":[{"name":"Inria, CNRS, IRISA, Univ Rennes, Rennes, France"}]}],"member":"320","published-online":{"date-parts":[[2021,10,22]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"Diminishing the effect of adversarial perturbations via refining feature representation. arXiv preprint arXiv:1907.01023","author":"Asadi Nader","year":"2019","unstructured":"Nader Asadi , AmirMohammad Sarfi , Mehrdad Hosseinzadeh , Sahba Tahsini , and Mahdi Eftekhari . 2019. Diminishing the effect of adversarial perturbations via refining feature representation. arXiv preprint arXiv:1907.01023 ( 2019 ). Nader Asadi, AmirMohammad Sarfi, Mehrdad Hosseinzadeh, Sahba Tahsini, and Mahdi Eftekhari. 2019. Diminishing the effect of adversarial perturbations via refining feature representation. arXiv preprint arXiv:1907.01023 (2019)."},{"key":"e_1_3_2_2_2_1","volume-title":"Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. arXiv preprint arXiv:1802.00420","author":"Athalye Anish","year":"2018","unstructured":"Anish Athalye , Nicholas Carlini , and David Wagner . 2018. Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. arXiv preprint arXiv:1802.00420 ( 2018 ). Anish Athalye, Nicholas Carlini, and David Wagner. 2018. Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. arXiv preprint arXiv:1802.00420 (2018)."},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2019.00498"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"e_1_3_2_2_5_1","volume-title":"Proceedings of the IEEE conference on computer vision and pattern recognition (CVPR). 1625--1634","author":"Eykholt Kevin","year":"2018","unstructured":"Kevin Eykholt , Ivan Evtimov , Earlence Fernandes , Bo Li , Amir Rahmati , Chaowei Xiao , Atul Prakash , Tadayoshi Kohno , and Dawn Song . 2018 . Robust physicalworld attacks on deep learning visual classification . In Proceedings of the IEEE conference on computer vision and pattern recognition (CVPR). 1625--1634 . Kevin Eykholt, Ivan Evtimov, Earlence Fernandes, Bo Li, Amir Rahmati, Chaowei Xiao, Atul Prakash, Tadayoshi Kohno, and Dawn Song. 2018. Robust physicalworld attacks on deep learning visual classification. In Proceedings of the IEEE conference on computer vision and pattern recognition (CVPR). 1625--1634."},{"key":"e_1_3_2_2_6_1","volume-title":"Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572","author":"Goodfellow Ian J","year":"2014","unstructured":"Ian J Goodfellow , Jonathon Shlens , and Christian Szegedy . 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 ( 2014 ). Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)."},{"key":"e_1_3_2_2_7_1","unstructured":"Shixiang Gu and Luca Rigazio. 2014. Towards Deep Neural Network Architectures Robust to Adversarial Examples. arXiv:1412.5068 [cs.LG]  Shixiang Gu and Luca Rigazio. 2014. Towards Deep Neural Network Architectures Robust to Adversarial Examples. arXiv:1412.5068 [cs.LG]"},{"key":"e_1_3_2_2_8_1","volume-title":"Countering Adversarial Images using Input Transformations. arXiv preprint arXiv:1711.00117","author":"Guo Chuan","year":"2017","unstructured":"Chuan Guo , Mayank Rana , Moustapha Cisse , and Laurens van der Maaten . 2017. Countering Adversarial Images using Input Transformations. arXiv preprint arXiv:1711.00117 ( 2017 ). Chuan Guo, Mayank Rana, Moustapha Cisse, and Laurens van der Maaten. 2017. Countering Adversarial Images using Input Transformations. arXiv preprint arXiv:1711.00117 (2017)."},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2019.00681"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-46493-0_38"},{"key":"e_1_3_2_2_11_1","volume-title":"Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531","author":"Hinton Geoffrey","year":"2015","unstructured":"Geoffrey Hinton , Oriol Vinyals , and Jeff Dean . 2015. Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 ( 2015 ). Geoffrey Hinton, Oriol Vinyals, and Jeff Dean. 2015. Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 (2015)."},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2010.57"},{"key":"e_1_3_2_2_13_1","volume-title":"Vectordefense: Vectorization as a defense to adversarial examples. In Soft Computing for Biomedical Applications and Related Topics","author":"Kabilan Vishaal Munusamy","year":"2021","unstructured":"Vishaal Munusamy Kabilan , Brandon Morris , Hoang-Phuong Nguyen , and Anh Nguyen . 2021 . Vectordefense: Vectorization as a defense to adversarial examples. In Soft Computing for Biomedical Applications and Related Topics . Springer , 19--35. Vishaal Munusamy Kabilan, Brandon Morris, Hoang-Phuong Nguyen, and Anh Nguyen. 2021. Vectordefense: Vectorization as a defense to adversarial examples. In Soft Computing for Biomedical Applications and Related Topics. Springer, 19--35."},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/2999134.2999257"},{"key":"e_1_3_2_2_15_1","volume-title":"Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533","author":"Kurakin Alexey","year":"2016","unstructured":"Alexey Kurakin , Ian Goodfellow , and Samy Bengio . 2016. Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533 ( 2016 ). Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2016. Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533 (2016)."},{"key":"e_1_3_2_2_16_1","volume-title":"Detecting adversarial image examples in deep neural networks with adaptive noise reduction","author":"Liang Bin","year":"2018","unstructured":"Bin Liang , Hongcheng Li , Miaoqiang Su , Xirong Li , Wenchang Shi , and Xiaofeng Wang . 2018. Detecting adversarial image examples in deep neural networks with adaptive noise reduction . IEEE Transactions on Dependable and Secure Computing ( 2018 ). Bin Liang, Hongcheng Li, Miaoqiang Su, Xirong Li, Wenchang Shi, and Xiaofeng Wang. 2018. Detecting adversarial image examples in deep neural networks with adaptive noise reduction. IEEE Transactions on Dependable and Secure Computing (2018)."},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2017.56"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2015.84"},{"key":"e_1_3_2_2_19_1","volume-title":"Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083","author":"Madry Aleksander","year":"2017","unstructured":"Aleksander Madry , Aleksandar Makelov , Ludwig Schmidt , Dimitris Tsipras , and Adrian Vladu . 2017. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 ( 2017 ). Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2017. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017)."},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134057"},{"key":"e_1_3_2_2_21_1","volume-title":"denoise, and defend against adversarial attacks. arXiv preprint arXiv:1802.06806","author":"Moosavi-Dezfooli Seyed-Mohsen","year":"2018","unstructured":"Seyed-Mohsen Moosavi-Dezfooli , Ashish Shrivastava , and Oncel Tuzel . 2018. Divide , denoise, and defend against adversarial attacks. arXiv preprint arXiv:1802.06806 ( 2018 ). Seyed-Mohsen Moosavi-Dezfooli, Ashish Shrivastava, and Oncel Tuzel. 2018. Divide, denoise, and defend against adversarial attacks. arXiv preprint arXiv:1802.06806 (2018)."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.41"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00894"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/DCC.2018.00022"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00669"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN-W50199.2020.00016"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICIP.2019.8803240"},{"key":"e_1_3_2_2_28_1","volume-title":"Proceedings of the IEEE conference on computer vision and pattern recognition (CVPR). 4322--4330","author":"Rony J\u00e9r\u00f4me","year":"2019","unstructured":"J\u00e9r\u00f4me Rony , Luiz G Hafemann , Luiz S Oliveira , Ismail Ben Ayed , Robert Sabourin , and Eric Granger . 2019 . Decoupling direction and norm for efficient gradientbased l2 adversarial attacks and defenses . In Proceedings of the IEEE conference on computer vision and pattern recognition (CVPR). 4322--4330 . J\u00e9r\u00f4me Rony, Luiz G Hafemann, Luiz S Oliveira, Ismail Ben Ayed, Robert Sabourin, and Eric Granger. 2019. Decoupling direction and norm for efficient gradientbased l2 adversarial attacks and defenses. In Proceedings of the IEEE conference on computer vision and pattern recognition (CVPR). 4322--4330."},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.01171"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.308"},{"key":"e_1_3_2_2_31_1","volume-title":"Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199","author":"Szegedy Christian","year":"2013","unstructured":"Christian Szegedy , Wojciech Zaremba , Ilya Sutskever , Joan Bruna , Dumitru Erhan , Ian Goodfellow , and Rob Fergus . 2013. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 ( 2013 ). Christian Szegedy,Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2013. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)."},{"key":"e_1_3_2_2_32_1","volume-title":"Ensemble Adversarial Training: Attacks and Defenses. arXiv preprint arXiv:1705.07204","author":"Tram\u00e8r Florian","year":"2017","unstructured":"Florian Tram\u00e8r , Alexey Kurakin , Nicolas Papernot , Dan Boneh , and Patrick McDaniel . 2017. Ensemble Adversarial Training: Attacks and Defenses. arXiv preprint arXiv:1705.07204 ( 2017 ). Florian Tram\u00e8r, Alexey Kurakin, Nicolas Papernot, Dan Boneh, and Patrick McDaniel. 2017. Ensemble Adversarial Training: Attacks and Defenses. arXiv preprint arXiv:1705.07204 (2017)."},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.5555\/3327757.3327761"},{"key":"e_1_3_2_2_34_1","volume-title":"Mitigating adversarial effects through randomization. arXiv preprint arXiv:1711.01991","author":"Xie Cihang","year":"2017","unstructured":"Cihang Xie , JianyuWang, Zhishuai Zhang , Zhou Ren , and Alan Yuille . 2017. Mitigating adversarial effects through randomization. arXiv preprint arXiv:1711.01991 ( 2017 ). Cihang Xie, JianyuWang, Zhishuai Zhang, Zhou Ren, and Alan Yuille. 2017. Mitigating adversarial effects through randomization. arXiv preprint arXiv:1711.01991 (2017)."},{"volume-title":"Proceedings of the IEEE conference on computer vision and pattern recognition (CVPR). 501--509","author":"Xie Cihang","key":"e_1_3_2_2_35_1","unstructured":"Cihang Xie , Yuxin Wu , Laurens van der Maaten, Alan Yuille, and Kaiming He. 2019. Feature denoising for improving adversarial robustness . In Proceedings of the IEEE conference on computer vision and pattern recognition (CVPR). 501--509 . Cihang Xie, Yuxin Wu, Laurens van der Maaten, Alan Yuille, and Kaiming He. 2019. Feature denoising for improving adversarial robustness. In Proceedings of the IEEE conference on computer vision and pattern recognition (CVPR). 501--509."},{"key":"e_1_3_2_2_36_1","volume-title":"Feature squeezing: Detecting adversarial examples in deep neural networks. arXiv preprint arXiv:1704.01155","author":"Xu Weilin","year":"2017","unstructured":"Weilin Xu , David Evans , and Yanjun Qi. 2017. Feature squeezing: Detecting adversarial examples in deep neural networks. arXiv preprint arXiv:1704.01155 ( 2017 ). Weilin Xu, David Evans, and Yanjun Qi. 2017. Feature squeezing: Detecting adversarial examples in deep neural networks. arXiv preprint arXiv:1704.01155 (2017)."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1186\/s13635-020-00112-z"},{"key":"e_1_3_2_2_38_1","first-page":"701","article-title":"Walking on the edge: Fast, low-distortion adversarial examples. IEEE Transactions on Information Forensics and Security (IEEE Trans","volume":"16","author":"Zhang Hanwei","year":"2020","unstructured":"Hanwei Zhang , Yannis Avrithis , Teddy Furon , and Laurent Amsaleg . 2020 . Walking on the edge: Fast, low-distortion adversarial examples. IEEE Transactions on Information Forensics and Security (IEEE Trans . TIFS) 16 (2020), 701 -- 713 . Hanwei Zhang, Yannis Avrithis, Teddy Furon, and Laurent Amsaleg. 2020. Walking on the edge: Fast, low-distortion adversarial examples. IEEE Transactions on Information Forensics and Security (IEEE Trans. TIFS) 16 (2020), 701--713.","journal-title":"TIFS)"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.319"}],"event":{"name":"MM '21: ACM Multimedia Conference","sponsor":["SIGMM ACM Special Interest Group on Multimedia"],"location":"Virtual Event China","acronym":"MM '21"},"container-title":["Proceedings of the 1st International Workshop on Trustworthy AI for Multimedia Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3475731.3484955","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3475731.3484955","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:19Z","timestamp":1750193299000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3475731.3484955"}},"subtitle":["A Transformation-based Method to Improve Robustness against Adversarial Attacks"],"short-title":[],"issued":{"date-parts":[[2021,10,22]]},"references-count":39,"alternative-id":["10.1145\/3475731.3484955","10.1145\/3475731"],"URL":"https:\/\/doi.org\/10.1145\/3475731.3484955","relation":{},"subject":[],"published":{"date-parts":[[2021,10,22]]},"assertion":[{"value":"2021-10-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}