{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T17:58:04Z","timestamp":1773511084326,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":47,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,10]],"date-time":"2023-07-10T00:00:00Z","timestamp":1688947200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,10]]},"DOI":"10.1145\/3579856.3582824","type":"proceedings-article","created":{"date-parts":[[2023,7,5]],"date-time":"2023-07-05T14:52:13Z","timestamp":1688568733000},"page":"704-715","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Mitigating Adversarial Attacks by Distributing Different Copies to Different Buyers"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7777-3162","authenticated-orcid":false,"given":"Jiyi","family":"Zhang","sequence":"first","affiliation":[{"name":"School of Computing, National University of Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9635-9859","authenticated-orcid":false,"given":"Han","family":"Fang","sequence":"additional","affiliation":[{"name":"School of Computing, National University of Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5595-531X","authenticated-orcid":false,"given":"Wesley Joon-Wie","family":"Tann","sequence":"additional","affiliation":[{"name":"School of Computing, National University of Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7462-3348","authenticated-orcid":false,"given":"Ke","family":"Xu","sequence":"additional","affiliation":[{"name":"Huawei International, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8313-0980","authenticated-orcid":false,"given":"Chengfang","family":"Fang","sequence":"additional","affiliation":[{"name":"Huawei International, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4613-0866","authenticated-orcid":false,"given":"Ee-Chien","family":"Chang","sequence":"additional","affiliation":[{"name":"School of Computing, National University of Singapore, Singapore"}]}],"member":"320","published-online":{"date-parts":[[2023,7,10]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Workshop on Moving Target Defense @CCS","author":"Abdelnabi Sahar","year":"2021","unstructured":"Sahar Abdelnabi and Mario Fritz . 2021 . What\u2019s in the box: Deflecting Adversarial Attacks by Randomly Deploying Adversarially-Disjoint Models . In Workshop on Moving Target Defense @CCS 2021. 3\u201312. Sahar Abdelnabi and Mario Fritz. 2021. What\u2019s in the box: Deflecting Adversarial Attacks by Randomly Deploying Adversarially-Disjoint Models. In Workshop on Moving Target Defense @CCS 2021. 3\u201312."},{"key":"e_1_3_2_1_3_1","unstructured":"Anish Athalye Nicholas Carlini and David\u00a0A. Wagner. 2018. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. In ICML. 274\u2013283.  Anish Athalye Nicholas Carlini and David\u00a0A. Wagner. 2018. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. In ICML. 274\u2013283."},{"key":"e_1_3_2_1_4_1","unstructured":"Anish Athalye Nicholas Carlini and David\u00a0A. Wagner. 2018. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. In ICML. 274\u2013283.  Anish Athalye Nicholas Carlini and David\u00a0A. Wagner. 2018. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. In ICML. 274\u2013283."},{"key":"e_1_3_2_1_5_1","unstructured":"Wieland Brendel Jonas Rauber and Matthias Bethge. 2018. Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models. In ICLR.  Wieland Brendel Jonas Rauber and Matthias Bethge. 2018. Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models. In ICLR."},{"key":"e_1_3_2_1_6_1","volume-title":"Towards Evaluating the Robustness of Neural Networks","author":"Carlini Nicholas","unstructured":"Nicholas Carlini and David\u00a0 A. Wagner . 2017. Towards Evaluating the Robustness of Neural Networks . In IEEE S &P. 39\u201357. Nicholas Carlini and David\u00a0A. Wagner. 2017. Towards Evaluating the Robustness of Neural Networks. In IEEE S&P. 39\u201357."},{"key":"e_1_3_2_1_7_1","volume-title":"HopSkipJumpAttack: A Query-Efficient Decision-Based Attack","author":"Chen Jianbo","unstructured":"Jianbo Chen , Michael\u00a0 I. Jordan , and Martin\u00a0 J. Wainwright . 2020. HopSkipJumpAttack: A Query-Efficient Decision-Based Attack . In IEEE SP. 1277\u20131294. Jianbo Chen, Michael\u00a0I. Jordan, and Martin\u00a0J. Wainwright. 2020. HopSkipJumpAttack: A Query-Efficient Decision-Based Attack. In IEEE SP. 1277\u20131294."},{"key":"e_1_3_2_1_8_1","volume-title":"EAD: Elastic-Net Attacks to Deep Neural Networks via Adversarial Examples. In AAAI. 10\u201317.","author":"Chen Pin-Yu","year":"2018","unstructured":"Pin-Yu Chen , Yash Sharma , Huan Zhang , Jinfeng Yi , and Cho-Jui Hsieh . 2018 . EAD: Elastic-Net Attacks to Deep Neural Networks via Adversarial Examples. In AAAI. 10\u201317. Pin-Yu Chen, Yash Sharma, Huan Zhang, Jinfeng Yi, and Cho-Jui Hsieh. 2018. EAD: Elastic-Net Attacks to Deep Neural Networks via Adversarial Examples. In AAAI. 10\u201317."},{"key":"e_1_3_2_1_9_1","unstructured":"Minhao Cheng Simranjit Singh Patrick\u00a0H. Chen Pin-Yu Chen Sijia Liu and Cho-Jui Hsieh. 2020. Sign-OPT: A Query-Efficient Hard-label Adversarial Attack. In ICLR.  Minhao Cheng Simranjit Singh Patrick\u00a0H. Chen Pin-Yu Chen Sijia Liu and Cho-Jui Hsieh. 2020. Sign-OPT: A Query-Efficient Hard-label Adversarial Attack. In ICLR."},{"key":"e_1_3_2_1_10_1","volume-title":"Parseval Networks: Improving Robustness to Adversarial Examples. In ICML. 854\u2013863.","author":"Ciss\u00e9 Moustapha","year":"2017","unstructured":"Moustapha Ciss\u00e9 , Piotr Bojanowski , Edouard Grave , Yann\u00a0 N. Dauphin , and Nicolas Usunier . 2017 . Parseval Networks: Improving Robustness to Adversarial Examples. In ICML. 854\u2013863. Moustapha Ciss\u00e9, Piotr Bojanowski, Edouard Grave, Yann\u00a0N. Dauphin, and Nicolas Usunier. 2017. Parseval Networks: Improving Robustness to Adversarial Examples. In ICML. 854\u2013863."},{"key":"e_1_3_2_1_11_1","unstructured":"Ambra Demontis Marco Melis Maura Pintor Matthew Jagielski Battista Biggio Alina Oprea Cristina Nita-Rotaru and Fabio Roli. 2019. Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks. In USENIX.  Ambra Demontis Marco Melis Maura Pintor Matthew Jagielski Battista Biggio Alina Oprea Cristina Nita-Rotaru and Fabio Roli. 2019. Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks. In USENIX."},{"key":"e_1_3_2_1_12_1","volume-title":"Discovering Adversarial Examples with Momentum. arXiv preprint 1710.06081","author":"Dong Yinpeng","year":"2017","unstructured":"Yinpeng Dong , Fangzhou Liao , Tianyu Pang , Xiaolin Hu , and Jun Zhu . 2017. Discovering Adversarial Examples with Momentum. arXiv preprint 1710.06081 ( 2017 ). arxiv:1710.06081 Yinpeng Dong, Fangzhou Liao, Tianyu Pang, Xiaolin Hu, and Jun Zhu. 2017. Discovering Adversarial Examples with Momentum. arXiv preprint 1710.06081 (2017). arxiv:1710.06081"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1137\/14095772X"},{"key":"e_1_3_2_1_14_1","unstructured":"Ian\u00a0J. Goodfellow Jonathon Shlens and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In ICLR.  Ian\u00a0J. Goodfellow Jonathon Shlens and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In ICLR."},{"key":"e_1_3_2_1_15_1","unstructured":"Ian\u00a0J. Goodfellow Jonathon Shlens and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In ICLR.  Ian\u00a0J. Goodfellow Jonathon Shlens and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In ICLR."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Sebastian Houben Johannes Stallkamp Jan Salmen Marc Schlipsing and Christian Igel. 2013. Detection of Traffic Signs in Real-World Images: The German Traffic Sign Detection Benchmark. In IJCNN.  Sebastian Houben Johannes Stallkamp Jan Salmen Marc Schlipsing and Christian Igel. 2013. Detection of Traffic Signs in Real-World Images: The German Traffic Sign Detection Benchmark. In IJCNN.","DOI":"10.1109\/IJCNN.2013.6706807"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Aayush Jain Huijia Lin and Amit Sahai. 2021. Indistinguishability obfuscation from well-founded assumptions. In STOC. 60\u201373.  Aayush Jain Huijia Lin and Amit Sahai. 2021. Indistinguishability obfuscation from well-founded assumptions. In STOC. 60\u201373.","DOI":"10.1145\/3406325.3451093"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3005961"},{"key":"e_1_3_2_1_19_1","volume-title":"Improving Adversarial Robustness of Ensembles with Diversity Training. CoRR abs\/1901.09981","author":"Kariyappa Sanjay","year":"2019","unstructured":"Sanjay Kariyappa and Moinuddin\u00a0 K. Qureshi . 2019. Improving Adversarial Robustness of Ensembles with Diversity Training. CoRR abs\/1901.09981 ( 2019 ). arXiv:1901.09981 Sanjay Kariyappa and Moinuddin\u00a0K. Qureshi. 2019. Improving Adversarial Robustness of Ensembles with Diversity Training. CoRR abs\/1901.09981 (2019). arXiv:1901.09981"},{"key":"e_1_3_2_1_20_1","unstructured":"Alex Krizhevsky. 2012. Learning Multiple Layers of Features from Tiny Images. University of Toronto (05 2012).  Alex Krizhevsky. 2012. Learning Multiple Layers of Features from Tiny Images. University of Toronto (05 2012)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Alexey Kurakin Ian\u00a0J. Goodfellow and Samy Bengio. 2017. Adversarial examples in the physical world. In ICLR.  Alexey Kurakin Ian\u00a0J. Goodfellow and Samy Bengio. 2017. Adversarial examples in the physical world. In ICLR.","DOI":"10.1201\/9781351251389-8"},{"key":"e_1_3_2_1_22_1","unstructured":"Alexey Kurakin Ian\u00a0J. Goodfellow and Samy Bengio. 2017. Adversarial Machine Learning at Scale. In ICLR.  Alexey Kurakin Ian\u00a0J. Goodfellow and Samy Bengio. 2017. Adversarial Machine Learning at Scale. In ICLR."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"crossref","unstructured":"Daniel Lowd and Christopher Meek. 2005. Adversarial learning. In ACM SIGKDD. 641\u2013647.  Daniel Lowd and Christopher Meek. 2005. Adversarial learning. In ACM SIGKDD. 641\u2013647.","DOI":"10.1145\/1081870.1081950"},{"key":"e_1_3_2_1_24_1","unstructured":"Aleksander Madry Aleksandar Makelov Ludwig Schmidt Dimitris Tsipras and Adrian Vladu. 2018. Towards Deep Learning Models Resistant to Adversarial Attacks. In ICLR.  Aleksander Madry Aleksandar Makelov Ludwig Schmidt Dimitris Tsipras and Adrian Vladu. 2018. Towards Deep Learning Models Resistant to Adversarial Attacks. In ICLR."},{"key":"e_1_3_2_1_25_1","volume-title":"Yet another but more efficient black-box adversarial attack: tiling and evolution strategies. arXiv preprint","author":"Meunier Laurent","year":"1910","unstructured":"Laurent Meunier , Jamal Atif , and Olivier Teytaud . 2019. Yet another but more efficient black-box adversarial attack: tiling and evolution strategies. arXiv preprint 1910 .02244 (2019). arxiv:1910.02244 Laurent Meunier, Jamal Atif, and Olivier Teytaud. 2019. Yet another but more efficient black-box adversarial attack: tiling and evolution strategies. arXiv preprint 1910.02244 (2019). arxiv:1910.02244"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"crossref","unstructured":"Smitha Milli Ludwig Schmidt Anca\u00a0D. Dragan and Moritz Hardt. 2019. Model Reconstruction from Model Explanations. In FAT*. 1\u20139.  Smitha Milli Ludwig Schmidt Anca\u00a0D. Dragan and Moritz Hardt. 2019. Model Reconstruction from Model Explanations. In FAT*. 1\u20139.","DOI":"10.1145\/3287560.3287562"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Seyed-Mohsen Moosavi-Dezfooli Alhussein Fawzi Omar Fawzi and Pascal Frossard. 2017. Universal Adversarial Perturbations. In CVPR. 86\u201394.  Seyed-Mohsen Moosavi-Dezfooli Alhussein Fawzi Omar Fawzi and Pascal Frossard. 2017. Universal Adversarial Perturbations. In CVPR. 86\u201394.","DOI":"10.1109\/CVPR.2017.17"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"crossref","unstructured":"Seyed-Mohsen Moosavi-Dezfooli Alhussein Fawzi and Pascal Frossard. 2016. DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks. In CVPR. 2574\u20132582.  Seyed-Mohsen Moosavi-Dezfooli Alhussein Fawzi and Pascal Frossard. 2016. DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks. In CVPR. 2574\u20132582.","DOI":"10.1109\/CVPR.2016.282"},{"key":"e_1_3_2_1_29_1","volume-title":"Adversarial Robustness Toolbox v1.0.0. CoRR abs\/1807.01069","author":"Nicolae Maria-Irina","year":"2020","unstructured":"Maria-Irina Nicolae , Mathieu Sinn , Tran\u00a0Ngoc Minh , Ambrish Rawat , Martin Wistuba , Valentina Zantedeschi , Ian\u00a0 M. Molloy , and Benjamin Edwards . 2020. Adversarial Robustness Toolbox v1.0.0. CoRR abs\/1807.01069 ( 2020 ). arxiv:1807.01069 Maria-Irina Nicolae, Mathieu Sinn, Tran\u00a0Ngoc Minh, Ambrish Rawat, Martin Wistuba, Valentina Zantedeschi, Ian\u00a0M. Molloy, and Benjamin Edwards. 2020. Adversarial Robustness Toolbox v1.0.0. CoRR abs\/1807.01069 (2020). arxiv:1807.01069"},{"key":"e_1_3_2_1_30_1","series-title":"Lecture Notes in Computer Science, Vol.\u00a011700. 121\u2013144.","volume-title":"Explainable AI: Interpreting, Explaining and Visualizing Deep Learning","author":"Oh Seong\u00a0Joon","unstructured":"Seong\u00a0Joon Oh , Bernt Schiele , and Mario Fritz . 2019. Towards Reverse-Engineering Black-Box Neural Networks . In Explainable AI: Interpreting, Explaining and Visualizing Deep Learning . Lecture Notes in Computer Science, Vol.\u00a011700. 121\u2013144. Seong\u00a0Joon Oh, Bernt Schiele, and Mario Fritz. 2019. Towards Reverse-Engineering Black-Box Neural Networks. In Explainable AI: Interpreting, Explaining and Visualizing Deep Learning. Lecture Notes in Computer Science, Vol.\u00a011700. 121\u2013144."},{"key":"e_1_3_2_1_31_1","volume-title":"Knockoff Nets: Stealing Functionality of Black-Box Models. In CVPR. 4954\u20134963.","author":"Orekondy Tribhuvanesh","year":"2019","unstructured":"Tribhuvanesh Orekondy , Bernt Schiele , and Mario Fritz . 2019 . Knockoff Nets: Stealing Functionality of Black-Box Models. In CVPR. 4954\u20134963. Tribhuvanesh Orekondy, Bernt Schiele, and Mario Fritz. 2019. Knockoff Nets: Stealing Functionality of Black-Box Models. In CVPR. 4954\u20134963."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"crossref","unstructured":"Nicolas Papernot Patrick\u00a0D. McDaniel Ian\u00a0J. Goodfellow Somesh Jha Z.\u00a0Berkay Celik and Ananthram Swami. 2017. Practical Black-Box Attacks against Machine Learning. In ACM AsiaCCS. 506\u2013519.  Nicolas Papernot Patrick\u00a0D. McDaniel Ian\u00a0J. Goodfellow Somesh Jha Z.\u00a0Berkay Celik and Ananthram Swami. 2017. Practical Black-Box Attacks against Machine Learning. In ACM AsiaCCS. 506\u2013519.","DOI":"10.1145\/3052973.3053009"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Nicolas Papernot Patrick\u00a0D. McDaniel Ian\u00a0J. Goodfellow Somesh Jha Z.\u00a0Berkay Celik and Ananthram Swami. 2017. Practical Black-Box Attacks against Machine Learning. In AsiaCCS. 506\u2013519.  Nicolas Papernot Patrick\u00a0D. McDaniel Ian\u00a0J. Goodfellow Somesh Jha Z.\u00a0Berkay Celik and Ananthram Swami. 2017. Practical Black-Box Attacks against Machine Learning. In AsiaCCS. 506\u2013519.","DOI":"10.1145\/3052973.3053009"},{"key":"e_1_3_2_1_34_1","volume-title":"The Limitations of Deep Learning in Adversarial Settings","author":"Papernot Nicolas","unstructured":"Nicolas Papernot , Patrick\u00a0 D. McDaniel , Somesh Jha , Matt Fredrikson , Z.\u00a0 Berkay Celik , and Ananthram Swami . 2016. The Limitations of Deep Learning in Adversarial Settings . In IEEE EuroS &P. 372\u2013387. Nicolas Papernot, Patrick\u00a0D. McDaniel, Somesh Jha, Matt Fredrikson, Z.\u00a0Berkay Celik, and Ananthram Swami. 2016. The Limitations of Deep Learning in Adversarial Settings. In IEEE EuroS&P. 372\u2013387."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Ali Rahmati Seyed-Mohsen Moosavi-Dezfooli Pascal Frossard and Huaiyu Dai. 2020. GeoDA: A Geometric Framework for Black-Box Adversarial Attacks. In CVPR. 8443\u20138452.  Ali Rahmati Seyed-Mohsen Moosavi-Dezfooli Pascal Frossard and Huaiyu Dai. 2020. GeoDA: A Geometric Framework for Black-Box Adversarial Attacks. In CVPR. 8443\u20138452.","DOI":"10.1109\/CVPR42600.2020.00847"},{"key":"e_1_3_2_1_36_1","unstructured":"Binxin Ru Adam\u00a0D. Cobb Arno Blaas and Yarin Gal. 2020. BayesOpt Adversarial Attack. In ICLR.  Binxin Ru Adam\u00a0D. Cobb Arno Blaas and Yarin Gal. 2020. BayesOpt Adversarial Attack. In ICLR."},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the 2016 ACM Workshop on Software PROtection(SPRO \u201916)","author":"Schunter Matthias","year":"2016","unstructured":"Matthias Schunter . 2016 . Intel Software Guard Extensions: Introduction and Open Research Challenges . In Proceedings of the 2016 ACM Workshop on Software PROtection(SPRO \u201916) . Association for Computing Machinery. Matthias Schunter. 2016. Intel Software Guard Extensions: Introduction and Open Research Challenges. In Proceedings of the 2016 ACM Workshop on Software PROtection(SPRO \u201916). Association for Computing Machinery."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2018.04.027"},{"key":"e_1_3_2_1_39_1","unstructured":"Karen Simonyan and Andrew Zisserman. 2015. Very Deep Convolutional Networks for Large-Scale Image Recognition. In ICLR Yoshua Bengio and Yann LeCun (Eds.).  Karen Simonyan and Andrew Zisserman. 2015. Very Deep Convolutional Networks for Large-Scale Image Recognition. In ICLR Yoshua Bengio and Yann LeCun (Eds.)."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.2008.926307"},{"key":"e_1_3_2_1_41_1","unstructured":"Christian Szegedy Wojciech Zaremba Ilya Sutskever Joan Bruna Dumitru Erhan Ian\u00a0J. Goodfellow and Rob Fergus. 2014. Intriguing properties of neural networks. In ICLR.  Christian Szegedy Wojciech Zaremba Ilya Sutskever Joan Bruna Dumitru Erhan Ian\u00a0J. Goodfellow and Rob Fergus. 2014. Intriguing properties of neural networks. In ICLR."},{"key":"e_1_3_2_1_42_1","unstructured":"Florian Tram\u00e8r Fan Zhang Ari Juels Michael\u00a0K. Reiter and Thomas Ristenpart. 2016. Stealing Machine Learning Models via Prediction APIs. In USENIX.  Florian Tram\u00e8r Fan Zhang Ari Juels Michael\u00a0K. Reiter and Thomas Ristenpart. 2016. Stealing Machine Learning Models via Prediction APIs. In USENIX."},{"key":"e_1_3_2_1_43_1","unstructured":"Jonathan Uesato Brendan O\u2019Donoghue Pushmeet Kohli and A\u00e4ron van\u00a0den Oord. 2018. Adversarial Risk and the Dangers of Evaluating Against Weak Attacks. In ICML. 5032\u20135041.  Jonathan Uesato Brendan O\u2019Donoghue Pushmeet Kohli and A\u00e4ron van\u00a0den Oord. 2018. Adversarial Risk and the Dangers of Evaluating Against Weak Attacks. In ICML. 5032\u20135041."},{"key":"e_1_3_2_1_44_1","volume-title":"Stealing Hyperparameters in Machine Learning","author":"Wang Binghui","unstructured":"Binghui Wang and Neil\u00a0Zhenqiang Gong . 2018. Stealing Hyperparameters in Machine Learning . In IEEE S &P. 36\u201352. Binghui Wang and Neil\u00a0Zhenqiang Gong. 2018. Stealing Hyperparameters in Machine Learning. In IEEE S&P. 36\u201352."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIP.2005.847284"},{"key":"e_1_3_2_1_46_1","unstructured":"Weibin Wu Yuxin Su Xixian Chen Shenglin Zhao Irwin King Michael\u00a0R. Lyu and Yu-Wing Tai. 2020. Boosting the Transferability of Adversarial Samples via Attention. In CVPR.  Weibin Wu Yuxin Su Xixian Chen Shenglin Zhao Irwin King Michael\u00a0R. Lyu and Yu-Wing Tai. 2020. Boosting the Transferability of Adversarial Samples via Attention. In CVPR."},{"key":"e_1_3_2_1_47_1","unstructured":"Weibin Wu Yuxin Su Michael\u00a0R. Lyu and Irwin King. 2021. Improving the Transferability of Adversarial Samples With Adversarial Transformations. In CVPR.  Weibin Wu Yuxin Su Michael\u00a0R. Lyu and Irwin King. 2021. Improving the Transferability of Adversarial Samples With Adversarial Transformations. In CVPR."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"crossref","unstructured":"Jiyi Zhang Ee\u00a0Chien Chang and Hwee\u00a0Kuan Lee. 2022. Confusing and Detecting ML Adversarial Attacks with Injected Attractors. In ASIA CCS. 322\u2013336.  Jiyi Zhang Ee\u00a0Chien Chang and Hwee\u00a0Kuan Lee. 2022. Confusing and Detecting ML Adversarial Attacks with Injected Attractors. In ASIA CCS. 322\u2013336.","DOI":"10.1145\/3488932.3497752"}],"event":{"name":"ASIA CCS '23: ACM ASIA Conference on Computer and Communications Security","location":"Melbourne VIC Australia","acronym":"ASIA CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3582824","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:51:27Z","timestamp":1750182687000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3582824"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,10]]},"references-count":47,"alternative-id":["10.1145\/3579856.3582824","10.1145\/3579856"],"URL":"https:\/\/doi.org\/10.1145\/3579856.3582824","relation":{},"subject":[],"published":{"date-parts":[[2023,7,10]]},"assertion":[{"value":"2023-07-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}