{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,24]],"date-time":"2025-08-24T01:10:39Z","timestamp":1755997839366,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":57,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,10]],"date-time":"2023-07-10T00:00:00Z","timestamp":1688947200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,10]]},"DOI":"10.1145\/3579856.3595786","type":"proceedings-article","created":{"date-parts":[[2023,7,5]],"date-time":"2023-07-05T14:52:13Z","timestamp":1688568733000},"page":"716-730","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Boost Off\/On-Manifold Adversarial Robustness for Deep Learning with Latent Representation Mixup"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3705-7345","authenticated-orcid":false,"given":"Mengdie","family":"Huang","sequence":"first","affiliation":[{"name":"Xidian University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6884-2851","authenticated-orcid":false,"given":"Yi","family":"Xie","sequence":"additional","affiliation":[{"name":"Xidian University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5858-5070","authenticated-orcid":false,"given":"Xiaofeng","family":"Chen","sequence":"additional","affiliation":[{"name":"Xidian University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0385-8793","authenticated-orcid":false,"given":"Jin","family":"Li","sequence":"additional","affiliation":[{"name":"Guangzhou University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8625-0275","authenticated-orcid":false,"given":"Changyu","family":"Dong","sequence":"additional","affiliation":[{"name":"Newcastle University, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2984-2661","authenticated-orcid":false,"given":"Zheli","family":"Liu","sequence":"additional","affiliation":[{"name":"Nankai University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1562-5105","authenticated-orcid":false,"given":"Willy","family":"Susilo","sequence":"additional","affiliation":[{"name":"University of Wollongong, Australia"}]}],"member":"320","published-online":{"date-parts":[[2023,7,10]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"European Conference on Computer Vision (ECCV","author":"Andriushchenko Maksym","year":"2020","unstructured":"Maksym Andriushchenko , Francesco Croce , Nicolas Flammarion , and Matthias Hein . 2020 . Square Attack: a query-efficient black-box adversarial attack via random search . In European Conference on Computer Vision (ECCV 2020). 486\u2013501. Maksym Andriushchenko, Francesco Croce, Nicolas Flammarion, and Matthias Hein. 2020. Square Attack: a query-efficient black-box adversarial attack via random search. In European Conference on Computer Vision (ECCV 2020). 486\u2013501."},{"key":"e_1_3_2_1_2_1","volume-title":"Adversarial Transformation Networks: Learning to Generate Adversarial Examples. arXiv preprint arXiv:1703.09387","author":"Baluja Shumeet","year":"2017","unstructured":"Shumeet Baluja and Ian Fischer . 2017. Adversarial Transformation Networks: Learning to Generate Adversarial Examples. arXiv preprint arXiv:1703.09387 ( 2017 ). Shumeet Baluja and Ian Fischer. 2017. Adversarial Transformation Networks: Learning to Generate Adversarial Examples. arXiv preprint arXiv:1703.09387 (2017)."},{"key":"e_1_3_2_1_3_1","volume-title":"On Adversarial Mixup Resynthesis. In 33rd Annual Conference on Neural Information Processing Systems (NIPS","author":"Beckham Christopher","year":"2019","unstructured":"Christopher Beckham , Sina Honari , Vikas Verma , Alex Lamb , Farnoosh Ghadiri , R\u00a0Devon Hjelm , Yoshua Bengio , and Christopher Pal . 2019 . On Adversarial Mixup Resynthesis. In 33rd Annual Conference on Neural Information Processing Systems (NIPS 2019). Christopher Beckham, Sina Honari, Vikas Verma, Alex Lamb, Farnoosh Ghadiri, R\u00a0Devon Hjelm, Yoshua Bengio, and Christopher Pal. 2019. On Adversarial Mixup Resynthesis. In 33rd Annual Conference on Neural Information Processing Systems (NIPS 2019)."},{"key":"e_1_3_2_1_4_1","volume-title":"7th International Conference on Learning Representations (ICLR","author":"Berthelot David","year":"2019","unstructured":"David Berthelot , Colin Raffel , Aurko Roy , and Ian Goodfellow . 2019 . Understanding and Improving Interpolation in Autoencoders via an Adversarial Regularizer . In 7th International Conference on Learning Representations (ICLR 2019). David Berthelot, Colin Raffel, Aurko Roy, and Ian Goodfellow. 2019. Understanding and Improving Interpolation in Autoencoders via an Adversarial Regularizer. In 7th International Conference on Learning Representations (ICLR 2019)."},{"key":"e_1_3_2_1_5_1","volume-title":"Towards Evaluating the Robustness of Neural Networks. In 38th IEEE Symposium on Security and Privacy (SP","author":"Carlini Nicholas","year":"2017","unstructured":"Nicholas Carlini and David Wagner . 2017 . Towards Evaluating the Robustness of Neural Networks. In 38th IEEE Symposium on Security and Privacy (SP 2017). Nicholas Carlini and David Wagner. 2017. Towards Evaluating the Robustness of Neural Networks. In 38th IEEE Symposium on Security and Privacy (SP 2017)."},{"key":"e_1_3_2_1_6_1","volume-title":"Adversarially Robust Representations with Smooth Encoders. In 8th International Conference on Learning Representations (ICLR","author":"Cemgil Taylan","year":"2020","unstructured":"Taylan Cemgil , Sumedh Ghaisas , Krishnamurthy\u00a0Dj Dvijotham , and Pushmeet Kohli . 2020 . Adversarially Robust Representations with Smooth Encoders. In 8th International Conference on Learning Representations (ICLR 2020). Taylan Cemgil, Sumedh Ghaisas, Krishnamurthy\u00a0Dj Dvijotham, and Pushmeet Kohli. 2020. Adversarially Robust Representations with Smooth Encoders. In 8th International Conference on Learning Representations (ICLR 2020)."},{"key":"e_1_3_2_1_7_1","volume-title":"MixText: Linguistically-Informed Interpolation of Hidden Space for Semi-Supervised Text Classification. In 58th Annual Meeting of the Association for Computational Linguistics. 2147\u20132157","author":"Chen Jiaao","year":"2020","unstructured":"Jiaao Chen , Zichao Yang , and Diyi Yang . 2020 . MixText: Linguistically-Informed Interpolation of Hidden Space for Semi-Supervised Text Classification. In 58th Annual Meeting of the Association for Computational Linguistics. 2147\u20132157 . Jiaao Chen, Zichao Yang, and Diyi Yang. 2020. MixText: Linguistically-Informed Interpolation of Hidden Space for Semi-Supervised Text Classification. In 58th Annual Meeting of the Association for Computational Linguistics. 2147\u20132157."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1038\/s41467-020-14578-5"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/3524938.3525143"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5555\/3524938.3525144"},{"key":"e_1_3_2_1_11_1","volume-title":"AdverTorch v0. 1: An adversarial robustness toolbox based on pytorch. arXiv preprint arXiv:1902.07623","author":"Ding Gavin\u00a0Weiguang","year":"2019","unstructured":"Gavin\u00a0Weiguang Ding , Luyu Wang , and Xiaomeng Jin . 2019. AdverTorch v0. 1: An adversarial robustness toolbox based on pytorch. arXiv preprint arXiv:1902.07623 ( 2019 ). Gavin\u00a0Weiguang Ding, Luyu Wang, and Xiaomeng Jin. 2019. AdverTorch v0. 1: An adversarial robustness toolbox based on pytorch. arXiv preprint arXiv:1902.07623 (2019)."},{"key":"e_1_3_2_1_12_1","volume-title":"Boosting Adversarial Attacks With Momentum. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR","author":"Dong Yinpeng","year":"2018","unstructured":"Yinpeng Dong , Fangzhou Liao , Tianyu Pang , Hang Su , Jun Zhu , Xiaolin Hu , and Jianguo Li . 2018 . Boosting Adversarial Attacks With Momentum. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2018). 9185\u20139193. Yinpeng Dong, Fangzhou Liao, Tianyu Pang, Hang Su, Jun Zhu, Xiaolin Hu, and Jianguo Li. 2018. Boosting Adversarial Attacks With Momentum. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2018). 9185\u20139193."},{"key":"e_1_3_2_1_13_1","volume-title":"STEMM: Self-learning with Speech-text Manifold Mixup for Speech Translation. In Annual Meeting of the Association for Computational Linguistics. 7050\u20137062","author":"Fang Qingkai","year":"2022","unstructured":"Qingkai Fang , Rong Ye , Lei Li , Yang Feng , and Mingxuan Wang . 2022 . STEMM: Self-learning with Speech-text Manifold Mixup for Speech Translation. In Annual Meeting of the Association for Computational Linguistics. 7050\u20137062 . Qingkai Fang, Rong Ye, Lei Li, Yang Feng, and Mingxuan Wang. 2022. STEMM: Self-learning with Speech-text Manifold Mixup for Speech Translation. In Annual Meeting of the Association for Computational Linguistics. 7050\u20137062."},{"key":"e_1_3_2_1_14_1","volume-title":"PatchUp: A Feature-Space Block-Level Regularization Technique for Convolutional Neural Networks. AAAI Conference on Artificial Intelligence (AAAI 2022)","author":"Faramarzi Mojtaba","year":"2022","unstructured":"Mojtaba Faramarzi , Mohammad Amini , Akilesh Badrinaaraayanan , Vikas Verma , and Sarath Chandar . 2022 . PatchUp: A Feature-Space Block-Level Regularization Technique for Convolutional Neural Networks. AAAI Conference on Artificial Intelligence (AAAI 2022) (2022). Mojtaba Faramarzi, Mohammad Amini, Akilesh Badrinaaraayanan, Vikas Verma, and Sarath Chandar. 2022. PatchUp: A Feature-Space Block-Level Regularization Technique for Convolutional Neural Networks. AAAI Conference on Artificial Intelligence (AAAI 2022) (2022)."},{"volume-title":"Deep learning","author":"Goodfellow Ian","key":"e_1_3_2_1_15_1","unstructured":"Ian Goodfellow , Yoshua Bengio , and Aaron Courville . 2016. Deep learning . MIT press . Ian Goodfellow, Yoshua Bengio, and Aaron Courville. 2016. Deep learning. MIT press."},{"key":"e_1_3_2_1_16_1","volume-title":"Explaining and Harnessing Adversarial Examples. In 3rd International Conference on Learning Representations (ICLR","author":"Goodfellow J","year":"2015","unstructured":"Ian\u00a0 J Goodfellow , Jonathon Shlens , and Christian Szegedy . 2015 . Explaining and Harnessing Adversarial Examples. In 3rd International Conference on Learning Representations (ICLR 2015). Ian\u00a0J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In 3rd International Conference on Learning Representations (ICLR 2015)."},{"key":"e_1_3_2_1_17_1","volume-title":"Adversarial and Natural Perturbations for General Robustness. arXiv preprint arXiv:2010.01401","author":"Gulshad Sadaf","year":"2020","unstructured":"Sadaf Gulshad , Jan\u00a0Hendrik Metzen , and Arnold Smeulders . 2020. Adversarial and Natural Perturbations for General Robustness. arXiv preprint arXiv:2010.01401 ( 2020 ). Sadaf Gulshad, Jan\u00a0Hendrik Metzen, and Arnold Smeulders. 2020. Adversarial and Natural Perturbations for General Robustness. arXiv preprint arXiv:2010.01401 (2020)."},{"key":"e_1_3_2_1_18_1","volume-title":"AAAI Conference on Artificial Intelligence (AAAI","author":"Guo Hongyu","year":"2020","unstructured":"Hongyu Guo . 2020 . Nonlinear mixup: Out-of-manifold data augmentation for text classification . In AAAI Conference on Artificial Intelligence (AAAI 2020). Hongyu Guo. 2020. Nonlinear mixup: Out-of-manifold data augmentation for text classification. In AAAI Conference on Artificial Intelligence (AAAI 2020)."},{"key":"e_1_3_2_1_19_1","volume-title":"33rd AAAI Conference on Artificial Intelligence (AAAI","author":"Guo Hongyu","year":"2019","unstructured":"Hongyu Guo , Yongyi Mao , and Richong Zhang . 2019 . MixUp as Locally Linear Out-of-Manifold Regularization . In 33rd AAAI Conference on Artificial Intelligence (AAAI 2019). 3714\u20133722. Hongyu Guo, Yongyi Mao, and Richong Zhang. 2019. MixUp as Locally Linear Out-of-Manifold Regularization. In 33rd AAAI Conference on Artificial Intelligence (AAAI 2019). 3714\u20133722."},{"key":"e_1_3_2_1_20_1","volume-title":"IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR","author":"He Kaiming","year":"2016","unstructured":"Kaiming He , Xiangyu Zhang , Shaoqing Ren , and Jian Sun . 2016 . Deep residual learning for image recognition . In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2016). 770\u2013778. Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep residual learning for image recognition. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2016). 770\u2013778."},{"key":"e_1_3_2_1_21_1","volume-title":"European Conference on Computer Vision (ECCV","author":"He Kaiming","year":"2016","unstructured":"Kaiming He , Xiangyu Zhang , Shaoqing Ren , and Jian Sun . 2016 . Identity mappings in deep residual networks . In European Conference on Computer Vision (ECCV 2016). Springer, 630\u2013645. Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Identity mappings in deep residual networks. In European Conference on Computer Vision (ECCV 2016). Springer, 630\u2013645."},{"key":"e_1_3_2_1_22_1","volume-title":"Reducing the Dimensionality of Data with Neural Networks. science 313, 5786","author":"Hinton E","year":"2006","unstructured":"Geoffrey\u00a0 E Hinton and Ruslan\u00a0 R Salakhutdinov . 2006. Reducing the Dimensionality of Data with Neural Networks. science 313, 5786 ( 2006 ), 504\u2013507. Geoffrey\u00a0E Hinton and Ruslan\u00a0R Salakhutdinov. 2006. Reducing the Dimensionality of Data with Neural Networks. science 313, 5786 (2006), 504\u2013507."},{"key":"e_1_3_2_1_23_1","volume-title":"IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR","author":"Huang Gao","year":"2017","unstructured":"Gao Huang , Zhuang Liu , Laurens Van Der\u00a0Maaten , and Kilian\u00a0 Q Weinberger . 2017 . Densely connected convolutional networks . In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2017). 4700\u20134708. Gao Huang, Zhuang Liu, Laurens Van Der\u00a0Maaten, and Kilian\u00a0Q Weinberger. 2017. Densely connected convolutional networks. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2017). 4700\u20134708."},{"key":"e_1_3_2_1_24_1","volume-title":"The Robust Manifold Defense: Adversarial Training using Generative Models. arXiv preprint arXiv:1712.09196","author":"Jalal Ajil","year":"2017","unstructured":"Ajil Jalal , Andrew Ilyas , Constantinos Daskalakis , and Alexandros\u00a0 G Dimakis . 2017. The Robust Manifold Defense: Adversarial Training using Generative Models. arXiv preprint arXiv:1712.09196 ( 2017 ). Ajil Jalal, Andrew Ilyas, Constantinos Daskalakis, and Alexandros\u00a0G Dimakis. 2017. The Robust Manifold Defense: Adversarial Training using Generative Models. arXiv preprint arXiv:1712.09196 (2017)."},{"key":"e_1_3_2_1_25_1","volume-title":"Testing robustness against unforeseen adversaries. arXiv preprint arXiv:1908.08016","author":"Kang Daniel","year":"2019","unstructured":"Daniel Kang , Yi Sun , Dan Hendrycks , Tom Brown , and Jacob Steinhardt . 2019. Testing robustness against unforeseen adversaries. arXiv preprint arXiv:1908.08016 ( 2019 ). Daniel Kang, Yi Sun, Dan Hendrycks, Tom Brown, and Jacob Steinhardt. 2019. Testing robustness against unforeseen adversaries. arXiv preprint arXiv:1908.08016 (2019)."},{"key":"e_1_3_2_1_26_1","volume-title":"Training Generative Adversarial Networks with Limited Data. In 34th Annual Conference on Neural Information Processing Systems (NIPS","author":"Karras Tero","year":"2020","unstructured":"Tero Karras , Miika Aittala , Janne Hellsten , Samuli Laine , Jaakko Lehtinen , and Timo Aila . 2020 . Training Generative Adversarial Networks with Limited Data. In 34th Annual Conference on Neural Information Processing Systems (NIPS 2020). Tero Karras, Miika Aittala, Janne Hellsten, Samuli Laine, Jaakko Lehtinen, and Timo Aila. 2020. Training Generative Adversarial Networks with Limited Data. In 34th Annual Conference on Neural Information Processing Systems (NIPS 2020)."},{"key":"e_1_3_2_1_27_1","volume-title":"IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR","author":"Karras Tero","year":"2019","unstructured":"Tero Karras , Samuli Laine , and Timo Aila . 2019 . A Style-Based Generator Architecture for Generative Adversarial Networks . In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2019). 4401\u20134410. Tero Karras, Samuli Laine, and Timo Aila. 2019. A Style-Based Generator Architecture for Generative Adversarial Networks. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2019). 4401\u20134410."},{"key":"e_1_3_2_1_28_1","volume-title":"Analyzing and Improving the Image Quality of StyleGAN. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR","author":"Karras Tero","year":"2020","unstructured":"Tero Karras , Samuli Laine , Miika Aittala , Janne Hellsten , Jaakko Lehtinen , and Timo Aila . 2020 . Analyzing and Improving the Image Quality of StyleGAN. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2020). 8107\u20138116. Tero Karras, Samuli Laine, Miika Aittala, Janne Hellsten, Jaakko Lehtinen, and Timo Aila. 2020. Analyzing and Improving the Image Quality of StyleGAN. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2020). 8107\u20138116."},{"key":"e_1_3_2_1_29_1","volume-title":"Puzzle Mix: Exploiting Saliency and Local Statistics for Optimal Mixup. In 37th International Conference on Machine Learning (ICML","author":"Kim Jang-Hyun","year":"2020","unstructured":"Jang-Hyun Kim , Wonho Choo , and Hyun\u00a0Oh Song . 2020 . Puzzle Mix: Exploiting Saliency and Local Statistics for Optimal Mixup. In 37th International Conference on Machine Learning (ICML 2020). 5275\u20135285. Jang-Hyun Kim, Wonho Choo, and Hyun\u00a0Oh Song. 2020. Puzzle Mix: Exploiting Saliency and Local Statistics for Optimal Mixup. In 37th International Conference on Machine Learning (ICML 2020). 5275\u20135285."},{"key":"e_1_3_2_1_30_1","unstructured":"Alex Krizhevsky Geoffrey Hinton 2009. Learning Multiple Layers of Features from Tiny Images. (2009).  Alex Krizhevsky Geoffrey Hinton 2009. Learning Multiple Layers of Features from Tiny Images. (2009)."},{"key":"e_1_3_2_1_31_1","volume-title":"Imagenet Classification with Deep Convolutional Neural Networks. Commun. ACM","author":"Krizhevsky Alex","year":"2017","unstructured":"Alex Krizhevsky , Ilya Sutskever , and Geoffrey\u00a0 E Hinton . 2017. Imagenet Classification with Deep Convolutional Neural Networks. Commun. ACM ( 2017 ). Alex Krizhevsky, Ilya Sutskever, and Geoffrey\u00a0E Hinton. 2017. Imagenet Classification with Deep Convolutional Neural Networks. Commun. ACM (2017)."},{"key":"e_1_3_2_1_32_1","volume-title":"5th International Conference on Learning Representations (ICLR","author":"Kurakin Alexey","year":"2017","unstructured":"Alexey Kurakin , Ian Goodfellow , and Samy Bengio . 2017 . Adversarial Machine Learning at Scale . In 5th International Conference on Learning Representations (ICLR 2017). Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2017. Adversarial Machine Learning at Scale. In 5th International Conference on Learning Representations (ICLR 2017)."},{"key":"e_1_3_2_1_33_1","volume-title":"5th International Conference on Learning Representations (ICLR","author":"Kurakin Alexey","year":"2017","unstructured":"Alexey Kurakin , Ian Goodfellow , Samy Bengio , 2017 . Adversarial examples in the physical world . In 5th International Conference on Learning Representations (ICLR 2017). Alexey Kurakin, Ian Goodfellow, Samy Bengio, 2017. Adversarial examples in the physical world. In 5th International Conference on Learning Representations (ICLR 2017)."},{"key":"e_1_3_2_1_34_1","volume-title":"Adversarial Vertex Mixup: Toward Better Adversarially Robust Generalization. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR","author":"Lee Saehyung","year":"2020","unstructured":"Saehyung Lee , Hyungyu Lee , and Sungroh Yoon . 2020 . Adversarial Vertex Mixup: Toward Better Adversarially Robust Generalization. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2020). 272\u2013281. Saehyung Lee, Hyungyu Lee, and Sungroh Yoon. 2020. Adversarial Vertex Mixup: Toward Better Adversarially Robust Generalization. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2020). 272\u2013281."},{"key":"e_1_3_2_1_35_1","volume-title":"34th Annual Conference on Neural Information Processing Systems (NIPS","author":"Lin Wei-An","year":"2020","unstructured":"Wei-An Lin , Chun\u00a0Pong Lau , Alexander Levine , Rama Chellappa , and Soheil Feizi . 2020 . Dual Manifold Adversarial Robustness: Defense against Lp and non-Lp Adversarial Attacks . In 34th Annual Conference on Neural Information Processing Systems (NIPS 2020). Wei-An Lin, Chun\u00a0Pong Lau, Alexander Levine, Rama Chellappa, and Soheil Feizi. 2020. Dual Manifold Adversarial Robustness: Defense against Lp and non-Lp Adversarial Attacks. In 34th Annual Conference on Neural Information Processing Systems (NIPS 2020)."},{"key":"e_1_3_2_1_36_1","volume-title":"6th International Conference on Learning Representations (ICLR","author":"Madry Aleksander","year":"2018","unstructured":"Aleksander Madry , Aleksandar Makelov , Ludwig Schmidt , Dimitris Tsipras , and Adrian Vladu . 2018 . Towards Deep Learning Models Resistant to Adversarial Attacks . In 6th International Conference on Learning Representations (ICLR 2018). Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2018. Towards Deep Learning Models Resistant to Adversarial Attacks. In 6th International Conference on Learning Representations (ICLR 2018)."},{"key":"e_1_3_2_1_37_1","volume-title":"Universal Adversarial Perturbations. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR","author":"Moosavi-Dezfooli Seyed-Mohsen","year":"2017","unstructured":"Seyed-Mohsen Moosavi-Dezfooli , Alhussein Fawzi , Omar Fawzi , and Pascal Frossard . 2017 . Universal Adversarial Perturbations. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2017). 1765\u20131773. Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Omar Fawzi, and Pascal Frossard. 2017. Universal Adversarial Perturbations. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2017). 1765\u20131773."},{"key":"e_1_3_2_1_38_1","volume-title":"IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR","author":"Moosavi-Dezfooli Seyed-Mohsen","year":"2016","unstructured":"Seyed-Mohsen Moosavi-Dezfooli , Alhussein Fawzi , and Pascal Frossard . 2016 . DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks . In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2016). 2574\u20132582. Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, and Pascal Frossard. 2016. DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2016). 2574\u20132582."},{"key":"e_1_3_2_1_39_1","unstructured":"Yuval Netzer Tao Wang Adam Coates Alessandro Bissacco Bo Wu and Andrew\u00a0Y Ng. 2011. Reading Digits in Natural Images with Unsupervised Feature Learning. (2011).  Yuval Netzer Tao Wang Adam Coates Alessandro Bissacco Bo Wu and Andrew\u00a0Y Ng. 2011. Reading Digits in Natural Images with Unsupervised Feature Learning. (2011)."},{"key":"e_1_3_2_1_40_1","volume-title":"Adversarial Robustness Toolbox v1. 0.0. arXiv preprint arXiv:1807.01069","author":"Nicolae Maria-Irina","year":"2018","unstructured":"Maria-Irina Nicolae , Mathieu Sinn , Minh\u00a0Ngoc Tran , Beat Buesser , Ambrish Rawat , Martin Wistuba , Valentina Zantedeschi , Nathalie Baracaldo , Bryant Chen , Heiko Ludwig , 2018. Adversarial Robustness Toolbox v1. 0.0. arXiv preprint arXiv:1807.01069 ( 2018 ). Maria-Irina Nicolae, Mathieu Sinn, Minh\u00a0Ngoc Tran, Beat Buesser, Ambrish Rawat, Martin Wistuba, Valentina Zantedeschi, Nathalie Baracaldo, Bryant Chen, Heiko Ludwig, 2018. Adversarial Robustness Toolbox v1. 0.0. arXiv preprint arXiv:1807.01069 (2018)."},{"key":"e_1_3_2_1_41_1","volume-title":"8th International Conference on Learning Representations (ICLR","author":"Pang Tianyu","year":"2020","unstructured":"Tianyu Pang , Kun Xu , and Jun Zhu . 2020 . Mixup Inference: Better Exploiting Mixup to Defend Adversarial Attacks . In 8th International Conference on Learning Representations (ICLR 2020). Tianyu Pang, Kun Xu, and Jun Zhu. 2020. Mixup Inference: Better Exploiting Mixup to Defend Adversarial Attacks. In 8th International Conference on Learning Representations (ICLR 2020)."},{"key":"e_1_3_2_1_42_1","volume-title":"The Limitations of Deep Learning in Adversarial Settings. In IEEE European symposium on security and privacy (EuroS&P","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot , Patrick McDaniel , Somesh Jha , Matt Fredrikson , Z\u00a0Berkay Celik , and Ananthram Swami . 2016 . The Limitations of Deep Learning in Adversarial Settings. In IEEE European symposium on security and privacy (EuroS&P 2016). Nicolas Papernot, Patrick McDaniel, Somesh Jha, Matt Fredrikson, Z\u00a0Berkay Celik, and Ananthram Swami. 2016. The Limitations of Deep Learning in Adversarial Settings. In IEEE European symposium on security and privacy (EuroS&P 2016)."},{"key":"e_1_3_2_1_43_1","volume-title":"High-performance Deep Learning Library. 33rd Annual Conference on Neural Information Processing Systems (NIPS 2019)","author":"Paszke Adam","year":"2019","unstructured":"Adam Paszke , Sam Gross , Francisco Massa , Adam Lerer , James Bradbury , Gregory Chanan , Trevor Killeen , Zeming Lin , Natalia Gimelshein , Luca Antiga , 2019 . Pytorch: An Imperative Style , High-performance Deep Learning Library. 33rd Annual Conference on Neural Information Processing Systems (NIPS 2019) 32 (2019). Adam Paszke, Sam Gross, Francisco Massa, Adam Lerer, James Bradbury, Gregory Chanan, Trevor Killeen, Zeming Lin, Natalia Gimelshein, Luca Antiga, 2019. Pytorch: An Imperative Style, High-performance Deep Learning Library. 33rd Annual Conference on Neural Information Processing Systems (NIPS 2019) 32 (2019)."},{"key":"e_1_3_2_1_44_1","volume-title":"The manifold ways of perception. science 290, 5500","author":"Seung H\u00a0Sebastian","year":"2000","unstructured":"H\u00a0Sebastian Seung and Daniel\u00a0 D Lee . 2000. The manifold ways of perception. science 290, 5500 ( 2000 ), 2268\u20132269. H\u00a0Sebastian Seung and Daniel\u00a0D Lee. 2000. The manifold ways of perception. science 290, 5500 (2000), 2268\u20132269."},{"key":"e_1_3_2_1_45_1","volume-title":"Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556","author":"Simonyan Karen","year":"2014","unstructured":"Karen Simonyan and Andrew Zisserman . 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 ( 2014 ). Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)."},{"key":"e_1_3_2_1_46_1","volume-title":"Constructing Unrestricted Adversarial Examples with Generative Models. In 32nd Annual Conference on Neural Information Processing Systems (NIPS","author":"Song Yang","year":"2018","unstructured":"Yang Song , Rui Shu , Nate Kushman , and Stefano Ermon . 2018 . Constructing Unrestricted Adversarial Examples with Generative Models. In 32nd Annual Conference on Neural Information Processing Systems (NIPS 2018). 8322\u20138333. Yang Song, Rui Shu, Nate Kushman, and Stefano Ermon. 2018. Constructing Unrestricted Adversarial Examples with Generative Models. In 32nd Annual Conference on Neural Information Processing Systems (NIPS 2018). 8322\u20138333."},{"key":"e_1_3_2_1_47_1","volume-title":"Disentangling Adversarial Robustness and Generalization. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR","author":"Stutz David","year":"2019","unstructured":"David Stutz , Matthias Hein , and Bernt Schiele . 2019 . Disentangling Adversarial Robustness and Generalization. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2019). 6976\u20136987. David Stutz, Matthias Hein, and Bernt Schiele. 2019. Disentangling Adversarial Robustness and Generalization. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2019). 6976\u20136987."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/TEVC.2019.2890858"},{"key":"e_1_3_2_1_49_1","volume-title":"IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR","author":"Szegedy Christian","year":"2015","unstructured":"Christian Szegedy , Wei Liu , Yangqing Jia , Pierre Sermanet , Scott Reed , Dragomir Anguelov , Dumitru Erhan , Vincent Vanhoucke , and Andrew Rabinovich . 2015 . Going deeper with convolutions . In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2015). 1\u20139. Christian Szegedy, Wei Liu, Yangqing Jia, Pierre Sermanet, Scott Reed, Dragomir Anguelov, Dumitru Erhan, Vincent Vanhoucke, and Andrew Rabinovich. 2015. Going deeper with convolutions. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2015). 1\u20139."},{"key":"e_1_3_2_1_50_1","volume-title":"2nd International Conference on Learning Representations (ICLR","author":"Szegedy Christian","year":"2014","unstructured":"Christian Szegedy , Wojciech Zaremba , Ilya Sutskever , Joan Bruna , Dumitru Erhan , Ian Goodfellow , and Rob Fergus . 2014 . Intriguing properties of neural networks . In 2nd International Conference on Learning Representations (ICLR 2014). Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2014. Intriguing properties of neural networks. In 2nd International Conference on Learning Representations (ICLR 2014)."},{"key":"e_1_3_2_1_51_1","volume-title":"Measuring robustness to natural distribution shifts in image classification. arXiv preprint arXiv:2007.00644","author":"Taori Rohan","year":"2020","unstructured":"Rohan Taori , Achal Dave , Vaishaal Shankar , Nicholas Carlini , Benjamin Recht , and Ludwig Schmidt . 2020. Measuring robustness to natural distribution shifts in image classification. arXiv preprint arXiv:2007.00644 ( 2020 ). Rohan Taori, Achal Dave, Vaishaal Shankar, Nicholas Carlini, Benjamin Recht, and Ludwig Schmidt. 2020. Measuring robustness to natural distribution shifts in image classification. arXiv preprint arXiv:2007.00644 (2020)."},{"key":"e_1_3_2_1_52_1","volume-title":"36th International Conference on Machine Learning (ICML","author":"Verma Vikas","year":"2019","unstructured":"Vikas Verma , Alex Lamb , Christopher Beckham , Amir Najafi , Ioannis Mitliagkas , David Lopez-Paz , and Yoshua Bengio . 2019 . Manifold Mixup: Better Representations by Interpolating Hidden States . In 36th International Conference on Machine Learning (ICML 2019). 6438\u20136447. Vikas Verma, Alex Lamb, Christopher Beckham, Amir Najafi, Ioannis Mitliagkas, David Lopez-Paz, and Yoshua Bengio. 2019. Manifold Mixup: Better Representations by Interpolating Hidden States. In 36th International Conference on Machine Learning (ICML 2019). 6438\u20136447."},{"key":"e_1_3_2_1_53_1","volume-title":"Improving Transferability of Adversarial Examples With Input Diversity. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR","author":"Xie Cihang","year":"2019","unstructured":"Cihang Xie , Zhishuai Zhang , Yuyin Zhou , Song Bai , Jianyu Wang , Zhou Ren , and Alan\u00a0 L Yuille . 2019 . Improving Transferability of Adversarial Examples With Input Diversity. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2019). 2730\u20132739. Cihang Xie, Zhishuai Zhang, Yuyin Zhou, Song Bai, Jianyu Wang, Zhou Ren, and Alan\u00a0L Yuille. 2019. Improving Transferability of Adversarial Examples With Input Diversity. In IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2019). 2730\u20132739."},{"key":"e_1_3_2_1_54_1","volume-title":"IEEE\/CVF International Conference on Computer Vision (ICCV","author":"Yun Sangdoo","year":"2019","unstructured":"Sangdoo Yun , Dongyoon Han , Seong\u00a0Joon Oh , Sanghyuk Chun , Junsuk Choe , and Youngjoon Yoo . 2019 . CutMix: Regularization Strategy to Train Strong Classifiers With Localizable Features . In IEEE\/CVF International Conference on Computer Vision (ICCV 2019). 6023\u20136032. Sangdoo Yun, Dongyoon Han, Seong\u00a0Joon Oh, Sanghyuk Chun, Junsuk Choe, and Youngjoon Yoo. 2019. CutMix: Regularization Strategy to Train Strong Classifiers With Localizable Features. In IEEE\/CVF International Conference on Computer Vision (ICCV 2019). 6023\u20136032."},{"key":"e_1_3_2_1_55_1","volume-title":"Wide residual networks. arXiv preprint arXiv:1605.07146","author":"Zagoruyko Sergey","year":"2016","unstructured":"Sergey Zagoruyko and Nikos Komodakis . 2016. Wide residual networks. arXiv preprint arXiv:1605.07146 ( 2016 ). Sergey Zagoruyko and Nikos Komodakis. 2016. Wide residual networks. arXiv preprint arXiv:1605.07146 (2016)."},{"key":"e_1_3_2_1_56_1","volume-title":"6th International Conference on Learning Representations (ICLR","author":"Zhang Hongyi","year":"2018","unstructured":"Hongyi Zhang , Moustapha Cisse , Yann\u00a0 N Dauphin , and David Lopez-Paz . 2018 . mixup: Beyond Empirical Risk Minimization . In 6th International Conference on Learning Representations (ICLR 2018). Hongyi Zhang, Moustapha Cisse, Yann\u00a0N Dauphin, and David Lopez-Paz. 2018. mixup: Beyond Empirical Risk Minimization. In 6th International Conference on Learning Representations (ICLR 2018)."},{"key":"e_1_3_2_1_57_1","volume-title":"International ACM SIGIR Conference on Research and Development in Information Retrieval. 1778\u20131782","author":"Zhao Jiahao","year":"2021","unstructured":"Jiahao Zhao , Penghui Wei , and Wenji Mao . 2021 . Robust Neural Text Classification and Entailment via Mixup Regularized Adversarial Training . In International ACM SIGIR Conference on Research and Development in Information Retrieval. 1778\u20131782 . Jiahao Zhao, Penghui Wei, and Wenji Mao. 2021. Robust Neural Text Classification and Entailment via Mixup Regularized Adversarial Training. In International ACM SIGIR Conference on Research and Development in Information Retrieval. 1778\u20131782."}],"event":{"name":"ASIA CCS '23: ACM ASIA Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Melbourne VIC Australia","acronym":"ASIA CCS '23"},"container-title":["Proceedings of the ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3595786","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:08:17Z","timestamp":1750183697000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3595786"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,10]]},"references-count":57,"alternative-id":["10.1145\/3579856.3595786","10.1145\/3579856"],"URL":"https:\/\/doi.org\/10.1145\/3579856.3595786","relation":{},"subject":[],"published":{"date-parts":[[2023,7,10]]},"assertion":[{"value":"2023-07-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}