{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T17:54:24Z","timestamp":1775066064687,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":55,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,10]],"date-time":"2023-07-10T00:00:00Z","timestamp":1688947200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Nature Science Foundation of China","award":["61971283,62202303"],"award-info":[{"award-number":["61971283,62202303"]}]},{"name":"Shanghai Municipal Science and Technology Major Project","award":["2021SHZDZX0102"],"award-info":[{"award-number":["2021SHZDZX0102"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,10]]},"DOI":"10.1145\/3579856.3582822","type":"proceedings-article","created":{"date-parts":[[2023,7,5]],"date-time":"2023-07-05T14:52:13Z","timestamp":1688568733000},"page":"731-745","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["DHBE: Data-free Holistic Backdoor Erasing in Deep Neural Networks via Restricted Adversarial Distillation"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3363-7713","authenticated-orcid":false,"given":"Zhicong","family":"Yan","sequence":"first","affiliation":[{"name":"Shanghai Jiao Tong University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0767-2307","authenticated-orcid":false,"given":"Shenghong","family":"Li","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6168-8687","authenticated-orcid":false,"given":"Ruijie","family":"Zhao","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6073-8582","authenticated-orcid":false,"given":"Yuan","family":"Tian","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5645-363X","authenticated-orcid":false,"given":"Yuanyuan","family":"Zhao","sequence":"additional","affiliation":[{"name":"Hangzhou Normal University, China"}]}],"member":"320","published-online":{"date-parts":[[2023,7,10]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Martin Arjovsky Soumith Chintala and L\u00e9on Bottou. 2017. Wasserstein Generative Adversarial Networks. In ICML. 214\u2013223.  Martin Arjovsky Soumith Chintala and L\u00e9on Bottou. 2017. Wasserstein Generative Adversarial Networks. In ICML. 214\u2013223."},{"key":"e_1_3_2_1_2_1","volume-title":"Blind Backdoors in Deep Learning Models. arXiv preprint arXiv:2005.03823","author":"Bagdasaryan Eugene","year":"2020","unstructured":"Eugene Bagdasaryan and Vitaly Shmatikov . 2020. Blind Backdoors in Deep Learning Models. arXiv preprint arXiv:2005.03823 ( 2020 ). Eugene Bagdasaryan and Vitaly Shmatikov. 2020. Blind Backdoors in Deep Learning Models. arXiv preprint arXiv:2005.03823 (2020)."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"crossref","unstructured":"Mauro Barni Kassem Kallas and Benedetta Tondi. 2019. A New Backdoor Attack in CNNs by Training Set Corruption without Label Poisoning. In ICIP. 101\u2013105.  Mauro Barni Kassem Kallas and Benedetta Tondi. 2019. A New Backdoor Attack in CNNs by Training Set Corruption without Label Poisoning. In ICIP. 101\u2013105.","DOI":"10.1109\/ICIP.2019.8802997"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"crossref","unstructured":"Qiong Cao Li Shen Weidi Xie Omkar\u00a0M Parkhi and Andrew Zisserman. 2018. Vggface2: A Dataset for Recognising Faces across Pose and Age. In FG.  Qiong Cao Li Shen Weidi Xie Omkar\u00a0M Parkhi and Andrew Zisserman. 2018. Vggface2: A Dataset for Recognising Faces across Pose and Age. In FG.","DOI":"10.1109\/FG.2018.00020"},{"key":"e_1_3_2_1_5_1","unstructured":"Bryant Chen Wilka Carvalho Nathalie Baracaldo Heiko Ludwig Benjamin Edwards Taesung Lee Ian Molloy and Biplav Srivastava. 2019. Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering. In AAAI.  Bryant Chen Wilka Carvalho Nathalie Baracaldo Heiko Ludwig Benjamin Edwards Taesung Lee Ian Molloy and Biplav Srivastava. 2019. Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering. In AAAI."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","unstructured":"Huili Chen Cheng Fu Jishen Zhao and Farinaz Koushanfar. 2019. DeepInspect: A Black-box Trojan Detection and Mitigation Framework for Deep Neural Networks.. In IJCAI.  Huili Chen Cheng Fu Jishen Zhao and Farinaz Koushanfar. 2019. DeepInspect: A Black-box Trojan Detection and Mitigation Framework for Deep Neural Networks.. In IJCAI.","DOI":"10.24963\/ijcai.2019\/647"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Hanting Chen Yunhe Wang Chang Xu Zhaohui Yang Chuanjian Liu Boxin Shi Chunjing Xu Chao Xu and Qi Tian. 2019. Data-free Learning of Student Networks. In ICCV. 3514\u20133522.  Hanting Chen Yunhe Wang Chang Xu Zhaohui Yang Chuanjian Liu Boxin Shi Chunjing Xu Chao Xu and Qi Tian. 2019. Data-free Learning of Student Networks. In ICCV. 3514\u20133522.","DOI":"10.1109\/ICCV.2019.00361"},{"key":"e_1_3_2_1_8_1","unstructured":"Guneet\u00a0Singh Dhillon Pratik Chaudhari Avinash Ravichandran and Stefano Soatto. 2019. A Baseline for Few-Shot Image Classification. In ICLR.  Guneet\u00a0Singh Dhillon Pratik Chaudhari Avinash Ravichandran and Stefano Soatto. 2019. A Baseline for Few-Shot Image Classification. In ICLR."},{"key":"e_1_3_2_1_9_1","volume-title":"Februus: Input Purification Defense against Trojan Attacks on Deep Neural Network Systems. In ACSAC. 897\u2013912.","author":"Doan Bao\u00a0Gia","year":"2020","unstructured":"Bao\u00a0Gia Doan , Ehsan Abbasnejad , and Damith\u00a0 C Ranasinghe . 2020 . Februus: Input Purification Defense against Trojan Attacks on Deep Neural Network Systems. In ACSAC. 897\u2013912. Bao\u00a0Gia Doan, Ehsan Abbasnejad, and Damith\u00a0C Ranasinghe. 2020. Februus: Input Purification Defense against Trojan Attacks on Deep Neural Network Systems. In ACSAC. 897\u2013912."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Gongfan Fang Kanya Mo Xinchao Wang Jie Song Shitao Bei Haofei Zhang and Mingli Song. 2022. Up to 100x Faster Data-Free Knowledge Distillation. In AAAI. 6597\u20136604.  Gongfan Fang Kanya Mo Xinchao Wang Jie Song Shitao Bei Haofei Zhang and Mingli Song. 2022. Up to 100x Faster Data-Free Knowledge Distillation. In AAAI. 6597\u20136604.","DOI":"10.1609\/aaai.v36i6.20613"},{"key":"e_1_3_2_1_11_1","volume-title":"Data-free Adversarial Distillation. arXiv preprint arXiv:1912.11006","author":"Fang Gongfan","year":"2019","unstructured":"Gongfan Fang , Jie Song , Chengchao Shen , Xinchao Wang , Da Chen , and Mingli Song . 2019. Data-free Adversarial Distillation. arXiv preprint arXiv:1912.11006 ( 2019 ). Gongfan Fang, Jie Song, Chengchao Shen, Xinchao Wang, Da Chen, and Mingli Song. 2019. Data-free Adversarial Distillation. arXiv preprint arXiv:1912.11006 (2019)."},{"key":"e_1_3_2_1_12_1","unstructured":"Ian Goodfellow Jean Pouget-Abadie Mehdi Mirza Bing Xu David Warde-Farley Sherjil Ozair Aaron Courville and Yoshua Bengio. 2014. Generative Adversarial Nets. In NeurIPS.  Ian Goodfellow Jean Pouget-Abadie Mehdi Mirza Bing Xu David Warde-Farley Sherjil Ozair Aaron Courville and Yoshua Bengio. 2014. Generative Adversarial Nets. In NeurIPS."},{"key":"e_1_3_2_1_13_1","volume-title":"Badnets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain. arXiv preprint arXiv:1708.06733","author":"Gu Tianyu","year":"2017","unstructured":"Tianyu Gu , Brendan Dolan-Gavitt , and Siddharth Garg . 2017 . Badnets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain. arXiv preprint arXiv:1708.06733 (2017). Tianyu Gu, Brendan Dolan-Gavitt, and Siddharth Garg. 2017. Badnets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain. arXiv preprint arXiv:1708.06733 (2017)."},{"key":"e_1_3_2_1_14_1","volume-title":"Tabor: A Highly Accurate Approach to Inspecting and Restoring Trojan Backdoors in Ai Systems. arXiv preprint arXiv:1908.01763","author":"Guo Wenbo","year":"2019","unstructured":"Wenbo Guo , Lun Wang , Xinyu Xing , Min Du , and Dawn Song . 2019 . Tabor: A Highly Accurate Approach to Inspecting and Restoring Trojan Backdoors in Ai Systems. arXiv preprint arXiv:1908.01763 (2019). Wenbo Guo, Lun Wang, Xinyu Xing, Min Du, and Dawn Song. 2019. Tabor: A Highly Accurate Approach to Inspecting and Restoring Trojan Backdoors in Ai Systems. arXiv preprint arXiv:1908.01763 (2019)."},{"key":"e_1_3_2_1_15_1","volume-title":"SPECTRE: Defending Against Backdoor Attacks using Robust Statistics. In ICML.","author":"Hayase Jonathan","year":"2021","unstructured":"Jonathan Hayase , Weihao Kong , Raghav Somani , and Sewoong Oh . 2021 . SPECTRE: Defending Against Backdoor Attacks using Robust Statistics. In ICML. Jonathan Hayase, Weihao Kong, Raghav Somani, and Sewoong Oh. 2021. SPECTRE: Defending Against Backdoor Attacks using Robust Statistics. In ICML."},{"key":"e_1_3_2_1_16_1","unstructured":"Kaiming He Xiangyu Zhang Shaoqing Ren and Jian Sun. 2016. Deep Residual Learning for Image Recognition. In CVPR.  Kaiming He Xiangyu Zhang Shaoqing Ren and Jian Sun. 2016. Deep Residual Learning for Image Recognition. In CVPR."},{"key":"e_1_3_2_1_17_1","volume-title":"Distilling the Knowledge in a Neural Network. arXiv preprint arXiv:1503.02531","author":"Hinton Geoffrey","year":"2015","unstructured":"Geoffrey Hinton , Oriol Vinyals , and Jeff Dean . 2015. Distilling the Knowledge in a Neural Network. arXiv preprint arXiv:1503.02531 ( 2015 ). Geoffrey Hinton, Oriol Vinyals, and Jeff Dean. 2015. Distilling the Knowledge in a Neural Network. arXiv preprint arXiv:1503.02531 (2015)."},{"key":"e_1_3_2_1_18_1","volume-title":"2022 IEEE Symposium on Security and Privacy (SP). IEEE","author":"Jia Jinyuan","year":"2022","unstructured":"Jinyuan Jia , Yupei Liu , and Neil\u00a0Zhenqiang Gong . 2022 . Badencoder: Backdoor Attacks to Pre-trained Encoders in Self-supervised Learning . In 2022 IEEE Symposium on Security and Privacy (SP). IEEE , 2043\u20132059. Jinyuan Jia, Yupei Liu, and Neil\u00a0Zhenqiang Gong. 2022. Badencoder: Backdoor Attacks to Pre-trained Encoders in Self-supervised Learning. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 2043\u20132059."},{"key":"e_1_3_2_1_19_1","unstructured":"Soheil Kolouri Kimia Nadjahi Umut Simsekli Roland Badeau and K Gustavo. 2019. Generalized Sliced Wasserstein Distances. In NeurIPS.  Soheil Kolouri Kimia Nadjahi Umut Simsekli Roland Badeau and K Gustavo. 2019. Generalized Sliced Wasserstein Distances. In NeurIPS."},{"key":"e_1_3_2_1_20_1","volume-title":"Learning Multiple Layers of Features from Tiny Images. Master\u2019s thesis","author":"Krizhevsky Alex","unstructured":"Alex Krizhevsky . 2009. Learning Multiple Layers of Features from Tiny Images. Master\u2019s thesis , University of Toronto (2009) . Alex Krizhevsky. 2009. Learning Multiple Layers of Features from Tiny Images. Master\u2019s thesis, University of Toronto (2009)."},{"key":"e_1_3_2_1_21_1","first-page":"3267","article-title":"DeSVig: Decentralized Swift Vigilance Against Adversarial Attacks in Industrial Artificial Intelligence Systems","volume":"16","author":"Li Gaolei","year":"2020","unstructured":"Gaolei Li , Kaoru Ota , Mianxiong Dong , Jun Wu , and Jianhua Li . 2020 . DeSVig: Decentralized Swift Vigilance Against Adversarial Attacks in Industrial Artificial Intelligence Systems . IEEE TII 16 , 5 (2020), 3267 \u2013 3277 . Gaolei Li, Kaoru Ota, Mianxiong Dong, Jun Wu, and Jianhua Li. 2020. DeSVig: Decentralized Swift Vigilance Against Adversarial Attacks in Industrial Artificial Intelligence Systems. IEEE TII 16, 5 (2020), 3267\u20133277.","journal-title":"IEEE TII"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.3021407"},{"key":"e_1_3_2_1_23_1","unstructured":"Yuezun Li Yiming Li Baoyuan Wu Longkang Li Ran He and Siwei Lyu. 2021. Invisible Backdoor Attack with Sample-specific Triggers. In ICCV. 16463\u201316472.  Yuezun Li Yiming Li Baoyuan Wu Longkang Li Ran He and Siwei Lyu. 2021. Invisible Backdoor Attack with Sample-specific Triggers. In ICCV. 16463\u201316472."},{"key":"e_1_3_2_1_24_1","volume-title":"Anti-backdoor Learning: Training Clean Models on Poisoned Data. In NeurIPS.","author":"Li Yige","year":"2021","unstructured":"Yige Li , Xixiang Lyu , Nodens Koren , Lingjuan Lyu , Bo Li , and Xingjun Ma . 2021 . Anti-backdoor Learning: Training Clean Models on Poisoned Data. In NeurIPS. Yige Li, Xixiang Lyu, Nodens Koren, Lingjuan Lyu, Bo Li, and Xingjun Ma. 2021. Anti-backdoor Learning: Training Clean Models on Poisoned Data. In NeurIPS."},{"key":"e_1_3_2_1_25_1","unstructured":"Yige Li Xixiang Lyu Nodens Koren Lingjuan Lyu Bo Li and Xingjun Ma. 2021. Neural Attention Distillation: Erasing Backdoor Triggers from Deep Neural Networks. In ICLR.  Yige Li Xixiang Lyu Nodens Koren Lingjuan Lyu Bo Li and Xingjun Ma. 2021. Neural Attention Distillation: Erasing Backdoor Triggers from Deep Neural Networks. In ICLR."},{"key":"e_1_3_2_1_26_1","volume-title":"Backdoor Learning: A Survey. arXiv preprint arXiv:2007.08745","author":"Li Yiming","year":"2020","unstructured":"Yiming Li , Baoyuan Wu , Yong Jiang , Zhifeng Li , and Shu-Tao Xia . 2020 . Backdoor Learning: A Survey. arXiv preprint arXiv:2007.08745 (2020). Yiming Li, Baoyuan Wu, Yong Jiang, Zhifeng Li, and Shu-Tao Xia. 2020. Backdoor Learning: A Survey. arXiv preprint arXiv:2007.08745 (2020)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Junyu Lin Lei Xu Yingqi Liu and Xiangyu Zhang. 2020. Composite Backdoor Attack for Deep Neural Network by Mixing Existing Benign Features. In CCS. 113\u2013131.  Junyu Lin Lei Xu Yingqi Liu and Xiangyu Zhang. 2020. Composite Backdoor Attack for Deep Neural Network by Mixing Existing Benign Features. In CCS. 113\u2013131.","DOI":"10.1145\/3372297.3423362"},{"key":"e_1_3_2_1_28_1","volume-title":"Fine-pruning: Defending against Backdooring Attacks on Deep Neural Networks. In RAID.","author":"Liu Kang","year":"2018","unstructured":"Kang Liu , Brendan Dolan-Gavitt , and Siddharth Garg . 2018 . Fine-pruning: Defending against Backdooring Attacks on Deep Neural Networks. In RAID. Kang Liu, Brendan Dolan-Gavitt, and Siddharth Garg. 2018. Fine-pruning: Defending against Backdooring Attacks on Deep Neural Networks. In RAID."},{"key":"e_1_3_2_1_29_1","unstructured":"Xuankai Liu Fengting Li Bihan Wen and Qi Li. 2021. Removing Backdoor-based Watermarks in Neural Networks with Limited Data. In ICPR.  Xuankai Liu Fengting Li Bihan Wen and Qi Li. 2021. Removing Backdoor-based Watermarks in Neural Networks with Limited Data. In ICPR."},{"key":"e_1_3_2_1_30_1","volume-title":"Abs: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation. In CCS. 1265\u20131282.","author":"Liu Yingqi","year":"2019","unstructured":"Yingqi Liu , Wen-Chuan Lee , Guanhong Tao , Shiqing Ma , Yousra Aafer , and Xiangyu Zhang . 2019 . Abs: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation. In CCS. 1265\u20131282. Yingqi Liu, Wen-Chuan Lee, Guanhong Tao, Shiqing Ma, Yousra Aafer, and Xiangyu Zhang. 2019. Abs: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation. In CCS. 1265\u20131282."},{"key":"e_1_3_2_1_31_1","unstructured":"Yingqi Liu Shiqing Ma Yousra Aafer Wen-Chuan Lee Juan Zhai Weihang Wang and Xiangyu Zhang. 2018. Trojaning Attack on Neural Networks. In NDSS.  Yingqi Liu Shiqing Ma Yousra Aafer Wen-Chuan Lee Juan Zhai Weihang Wang and Xiangyu Zhang. 2018. Trojaning Attack on Neural Networks. In NDSS."},{"key":"e_1_3_2_1_32_1","volume-title":"Reflection Backdoor: A Natural Backdoor Attack on Deep Neural Networks. In ECCV.","author":"Liu Yunfei","year":"2020","unstructured":"Yunfei Liu , Xingjun Ma , James Bailey , and Feng Lu . 2020 . Reflection Backdoor: A Natural Backdoor Attack on Deep Neural Networks. In ECCV. Yunfei Liu, Xingjun Ma, James Bailey, and Feng Lu. 2020. Reflection Backdoor: A Natural Backdoor Attack on Deep Neural Networks. In ECCV."},{"key":"e_1_3_2_1_33_1","volume-title":"Data-free Knowledge Transfer: A Survey. arXiv preprint arXiv:2112.15278","author":"Liu Yuang","year":"2021","unstructured":"Yuang Liu , Wei Zhang , Jun Wang , and Jianyong Wang . 2021. Data-free Knowledge Transfer: A Survey. arXiv preprint arXiv:2112.15278 ( 2021 ). Yuang Liu, Wei Zhang, Jun Wang, and Jianyong Wang. 2021. Data-free Knowledge Transfer: A Survey. arXiv preprint arXiv:2112.15278 (2021)."},{"key":"e_1_3_2_1_34_1","unstructured":"Adam Paszke Sam Gross Soumith Chintala Gregory Chanan Edward Yang Zachary DeVito Zeming Lin Alban Desmaison Luca Antiga and Adam Lerer. 2017. Automatic Differentiation in PyTorch. In NIPS-W.  Adam Paszke Sam Gross Soumith Chintala Gregory Chanan Edward Yang Zachary DeVito Zeming Lin Alban Desmaison Luca Antiga and Adam Lerer. 2017. Automatic Differentiation in PyTorch. In NIPS-W."},{"key":"e_1_3_2_1_35_1","unstructured":"Ximing Qiao Yukun Yang and Hai Li. 2019. Defending Neural Backdoors via Generative Distribution Modeling. In NeurIPS.  Ximing Qiao Yukun Yang and Hai Li. 2019. Defending Neural Backdoors via Generative Distribution Modeling. In NeurIPS."},{"key":"e_1_3_2_1_36_1","volume-title":"Protecting Intellectual Property with Reliable Availability of Learning Models in AI-based Cybersecurity Services","author":"Ren Ge","year":"2022","unstructured":"Ge Ren , Jun Wu , Gaolei Li , Shenghong Li , and Mohsen Guizani . 2022. Protecting Intellectual Property with Reliable Availability of Learning Models in AI-based Cybersecurity Services . IEEE TDSC ( 2022 ), 1\u201318. Ge Ren, Jun Wu, Gaolei Li, Shenghong Li, and Mohsen Guizani. 2022. Protecting Intellectual Property with Reliable Availability of Learning Models in AI-based Cybersecurity Services. IEEE TDSC (2022), 1\u201318."},{"key":"e_1_3_2_1_37_1","unstructured":"Aniruddha Saha Akshayvarun Subramanya and Hamed Pirsiavash. 2020. Hidden Trigger Backdoor Attacks. In AAAI.  Aniruddha Saha Akshayvarun Subramanya and Hamed Pirsiavash. 2020. Hidden Trigger Backdoor Attacks. In AAAI."},{"key":"e_1_3_2_1_38_1","volume-title":"European Conference on Computer Vision. Springer, 71\u201389","author":"Tian Yuan","year":"2020","unstructured":"Yuan Tian , Zhaohui Che , Wenbo Bao , Guangtao Zhai , and Zhiyong Gao . 2020 . Self-supervised motion representation via scattering local motion cues . In European Conference on Computer Vision. Springer, 71\u201389 . Yuan Tian, Zhaohui Che, Wenbo Bao, Guangtao Zhai, and Zhiyong Gao. 2020. Self-supervised motion representation via scattering local motion cues. In European Conference on Computer Vision. Springer, 71\u201389."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","unstructured":"Yuan Tian Guo Lu Xiongkuo Min Zhaohui Che Guangtao Zhai Guodong Guo and Zhiyong Gao. 2021. Self-conditioned probabilistic learning of video rescaling. In CVPR. 4490\u20134499.  Yuan Tian Guo Lu Xiongkuo Min Zhaohui Che Guangtao Zhai Guodong Guo and Zhiyong Gao. 2021. Self-conditioned probabilistic learning of video rescaling. In CVPR. 4490\u20134499.","DOI":"10.1109\/ICCV48922.2021.00445"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11263-022-01661-1"},{"key":"e_1_3_2_1_41_1","unstructured":"Brandon Tran Jerry Li and Aleksander Madry. 2018. Spectral Signatures in Backdoor Attacks. In NeurIPS.  Brandon Tran Jerry Li and Aleksander Madry. 2018. Spectral Signatures in Backdoor Attacks. In NeurIPS."},{"key":"e_1_3_2_1_42_1","volume-title":"Label-Consistent Backdoor Attacks. arXiv preprint arXiv:1912.02771","author":"Turner Alexander","year":"2019","unstructured":"Alexander Turner , Dimitris Tsipras , and Aleksander Madry . 2019. Label-Consistent Backdoor Attacks. arXiv preprint arXiv:1912.02771 ( 2019 ). Alexander Turner, Dimitris Tsipras, and Aleksander Madry. 2019. Label-Consistent Backdoor Attacks. arXiv preprint arXiv:1912.02771 (2019)."},{"key":"e_1_3_2_1_43_1","volume-title":"Confoc: Content-focus Protection against Trojan Attacks on Neural Networks. arXiv preprint arXiv:2007.00711","author":"Villarreal-Vasquez Miguel","year":"2020","unstructured":"Miguel Villarreal-Vasquez and Bharat Bhargava . 2020 . Confoc: Content-focus Protection against Trojan Attacks on Neural Networks. arXiv preprint arXiv:2007.00711 (2020). Miguel Villarreal-Vasquez and Bharat Bhargava. 2020. Confoc: Content-focus Protection against Trojan Attacks on Neural Networks. arXiv preprint arXiv:2007.00711 (2020)."},{"key":"e_1_3_2_1_44_1","volume-title":"koray kavukcuoglu, and Daan Wierstra","author":"Vinyals Oriol","year":"2016","unstructured":"Oriol Vinyals , Charles Blundell , Timothy Lillicrap , koray kavukcuoglu, and Daan Wierstra . 2016 . Matching Networks for One Shot Learning. In NeurIPS. Oriol Vinyals, Charles Blundell, Timothy Lillicrap, koray kavukcuoglu, and Daan Wierstra. 2016. Matching Networks for One Shot Learning. In NeurIPS."},{"key":"e_1_3_2_1_45_1","volume-title":"Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks. In SP.","author":"Wang Bolun","year":"2019","unstructured":"Bolun Wang , Yuanshun Yao , Shawn Shan , Huiying Li , Bimal Viswanath , Haitao Zheng , and Ben\u00a0 Y Zhao . 2019 . Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks. In SP. Bolun Wang, Yuanshun Yao, Shawn Shan, Huiying Li, Bimal Viswanath, Haitao Zheng, and Ben\u00a0Y Zhao. 2019. Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks. In SP."},{"key":"e_1_3_2_1_46_1","volume-title":"Backdoor Attacks against Transfer Learning with Pre-trained Deep Learning Models","author":"Wang Shuo","year":"2020","unstructured":"Shuo Wang , Surya Nepal , Carsten Rudolph , Marthie Grobler , Shangyu Chen , and Tianle Chen . 2020. Backdoor Attacks against Transfer Learning with Pre-trained Deep Learning Models . IEEE TSC ( 2020 ). Shuo Wang, Surya Nepal, Carsten Rudolph, Marthie Grobler, Shangyu Chen, and Tianle Chen. 2020. Backdoor Attacks against Transfer Learning with Pre-trained Deep Learning Models. IEEE TSC (2020)."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"crossref","unstructured":"Xiaolong Wang Yufei Ye and Abhinav Gupta. 2018. Zero-shot Recognition via Semantic Embeddings and Knowledge Graphs. In CVPR. 6857\u20136866.  Xiaolong Wang Yufei Ye and Abhinav Gupta. 2018. Zero-shot Recognition via Semantic Embeddings and Knowledge Graphs. In CVPR. 6857\u20136866.","DOI":"10.1109\/CVPR.2018.00717"},{"key":"e_1_3_2_1_48_1","volume-title":"DBA: Distributed Backdoor Attacks against Federated Learning. In ICLR.","author":"Xie Chulin","year":"2019","unstructured":"Chulin Xie , Keli Huang , Pin-Yu Chen , and Bo Li . 2019 . DBA: Distributed Backdoor Attacks against Federated Learning. In ICLR. Chulin Xie, Keli Huang, Pin-Yu Chen, and Bo Li. 2019. DBA: Distributed Backdoor Attacks against Federated Learning. In ICLR."},{"key":"e_1_3_2_1_49_1","unstructured":"Xiaojun Xu Qi Wang Huichen Li Nikita Borisov Carl\u00a0A Gunter and Bo Li. 2021. Detecting AI Trojans using Meta Neural Analysis. In SP. 103\u2013120.  Xiaojun Xu Qi Wang Huichen Li Nikita Borisov Carl\u00a0A Gunter and Bo Li. 2021. Detecting AI Trojans using Meta Neural Analysis. In SP. 103\u2013120."},{"key":"e_1_3_2_1_50_1","volume-title":"Dehib: Deep Hidden Backdoor Attack on Semi-supervised Learning via Adversarial Perturbation. In AAAI, Vol.\u00a035. 10585\u201310593.","author":"Yan Zhicong","year":"2021","unstructured":"Zhicong Yan , Gaolei Li , Yuan T Ian , Jun Wu , Shenghong Li , Mingzhe Chen , and H\u00a0Vincent Poor . 2021 . Dehib: Deep Hidden Backdoor Attack on Semi-supervised Learning via Adversarial Perturbation. In AAAI, Vol.\u00a035. 10585\u201310593. Zhicong Yan, Gaolei Li, Yuan TIan, Jun Wu, Shenghong Li, Mingzhe Chen, and H\u00a0Vincent Poor. 2021. Dehib: Deep Hidden Backdoor Attack on Semi-supervised Learning via Adversarial Perturbation. In AAAI, Vol.\u00a035. 10585\u201310593."},{"key":"e_1_3_2_1_51_1","first-page":"4827","article-title":"Deep Neural Backdoor in Semi-Supervised Learning: Threats and Countermeasures","volume":"16","author":"Yan Zhicong","year":"2021","unstructured":"Zhicong Yan , Jun Wu , Gaolei Li , Shenghong Li , and Mohsen Guizani . 2021 . Deep Neural Backdoor in Semi-Supervised Learning: Threats and Countermeasures . IEEE TIFS 16 (2021), 4827 \u2013 4842 . Zhicong Yan, Jun Wu, Gaolei Li, Shenghong Li, and Mohsen Guizani. 2021. Deep Neural Backdoor in Semi-Supervised Learning: Threats and Countermeasures. IEEE TIFS 16 (2021), 4827\u20134842.","journal-title":"IEEE TIFS"},{"key":"e_1_3_2_1_52_1","unstructured":"Yuanshun Yao Huiying Li Haitao Zheng and Ben\u00a0Y Zhao. 2019. Latent Backdoor Attacks on Deep Neural Networks. In CCS. 2041\u20132055.  Yuanshun Yao Huiying Li Haitao Zheng and Ben\u00a0Y Zhao. 2019. Latent Backdoor Attacks on Deep Neural Networks. In CCS. 2041\u20132055."},{"key":"e_1_3_2_1_53_1","unstructured":"Hongxu Yin Arun Mallya Arash Vahdat Jose\u00a0M Alvarez Jan Kautz and Pavlo Molchanov. 2021. See Through Gradients: Image Batch Recovery via Gradinversion. In CVPR. 16337\u201316346.  Hongxu Yin Arun Mallya Arash Vahdat Jose\u00a0M Alvarez Jan Kautz and Pavlo Molchanov. 2021. See Through Gradients: Image Batch Recovery via Gradinversion. In CVPR. 16337\u201316346."},{"key":"e_1_3_2_1_54_1","unstructured":"Hongxu Yin Pavlo Molchanov Jose\u00a0M Alvarez Zhizhong Li Arun Mallya Derek Hoiem Niraj\u00a0K Jha and Jan Kautz. 2020. Dreaming to Distill: Data-free Knowledge Transfer via Deepinversion. In CVPR. 8715\u20138724.  Hongxu Yin Pavlo Molchanov Jose\u00a0M Alvarez Zhizhong Li Arun Mallya Derek Hoiem Niraj\u00a0K Jha and Jan Kautz. 2020. Dreaming to Distill: Data-free Knowledge Transfer via Deepinversion. In CVPR. 8715\u20138724."},{"key":"e_1_3_2_1_55_1","unstructured":"Pu Zhao Pin-Yu Chen Payel Das Karthikeyan\u00a0Natesan Ramamurthy and Xue Lin. 2019. Bridging Mode Connectivity in Loss Landscapes and Adversarial Robustness. In ICLR.  Pu Zhao Pin-Yu Chen Payel Das Karthikeyan\u00a0Natesan Ramamurthy and Xue Lin. 2019. Bridging Mode Connectivity in Loss Landscapes and Adversarial Robustness. In ICLR."}],"event":{"name":"ASIA CCS '23: ACM ASIA Conference on Computer and Communications Security","location":"Melbourne VIC Australia","acronym":"ASIA CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3582822","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:51:27Z","timestamp":1750182687000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3582822"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,10]]},"references-count":55,"alternative-id":["10.1145\/3579856.3582822","10.1145\/3579856"],"URL":"https:\/\/doi.org\/10.1145\/3579856.3582822","relation":{},"subject":[],"published":{"date-parts":[[2023,7,10]]},"assertion":[{"value":"2023-07-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}