{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,2]],"date-time":"2025-11-02T16:56:54Z","timestamp":1762102614792,"version":"build-2065373602"},"publisher-location":"New York, NY, USA","reference-count":20,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,5,13]],"date-time":"2024-05-13T00:00:00Z","timestamp":1715558400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100006374","name":"Natural Science Foundation of Jiangsu Province","doi-asserted-by":"publisher","award":["BK20220075"],"award-info":[{"award-number":["BK20220075"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Fok Ying-Tung Education Foundation for Young Teachers in the Higher Education Institutions of China","award":["20193218210004"],"award-info":[{"award-number":["20193218210004"]}]},{"DOI":"10.13039\/501100006374","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62227805, 62072398, 62172405"],"award-info":[{"award-number":["62227805, 62072398, 62172405"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,5,13]]},"DOI":"10.1145\/3589335.3651524","type":"proceedings-article","created":{"date-parts":[[2024,5,12]],"date-time":"2024-05-12T18:41:21Z","timestamp":1715539281000},"page":"529-532","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Improving Model Robustness against Adversarial Examples with Redundant Fully Connected Layer"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1455-4330","authenticated-orcid":false,"given":"Ziming","family":"Zhao","sequence":"first","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2195-0799","authenticated-orcid":false,"given":"Zhaoxuan","family":"Li","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, CAS, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6589-3706","authenticated-orcid":false,"given":"Tingting","family":"Li","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2888-4499","authenticated-orcid":false,"given":"Jiongchi","family":"Yu","sequence":"additional","affiliation":[{"name":"Singapore Management University, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6087-8243","authenticated-orcid":false,"given":"Fan","family":"Zhang","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0002-5593","authenticated-orcid":false,"given":"Rui","family":"Zhang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, CAS, Beijing, China"}]}],"member":"320","published-online":{"date-parts":[[2024,5,13]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"ICLR","author":"Wieland","year":"2018","unstructured":"Wieland Brendel et al. Decision-based adversarial attacks: Reliable attacks against black-box machine learning models. In ICLR, 2018."},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"e_1_3_2_2_3_1","unstructured":"Yair Carmon et al. Unlabeled data improves adversarial robustness."},{"key":"e_1_3_2_2_4_1","volume-title":"ICCV","author":"Jiequan","year":"2021","unstructured":"Jiequan Cui et al. Learnable boundary guided adversarial training. In ICCV, 2021."},{"key":"e_1_3_2_2_5_1","volume-title":"A light recipe to train robust vision transformers. CoRR, abs\/2209.07399","author":"Debenedetti Edoardo","year":"2022","unstructured":"Edoardo Debenedetti, Vikash Sehwag, and Prateek Mittal. A light recipe to train robust vision transformers. CoRR, abs\/2209.07399, 2022."},{"key":"e_1_3_2_2_6_1","volume-title":"CVPR","author":"Yinpeng","year":"2019","unstructured":"Yinpeng Dong et al. Efficient decision-based black-box adversarial attacks on face recognition. In CVPR, 2019."},{"key":"e_1_3_2_2_7_1","first-page":"318","volume-title":"CVPR","author":"Yinpeng","year":"2020","unstructured":"Yinpeng Dong et al. Benchmarking adversarial robustness on image classification. In CVPR, pages 318--328. Computer Vision Foundation \/ IEEE, 2020."},{"key":"e_1_3_2_2_8_1","volume-title":"ICLR (Poster)","author":"Goodfellow Ian J.","year":"2015","unstructured":"Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. Explaining and harnessing adversarial examples. In ICLR (Poster), 2015."},{"key":"e_1_3_2_2_9_1","volume-title":"NeurIPS","author":"Sven","year":"2021","unstructured":"Sven Gowal et al. Improving robustness using generated data. In NeurIPS, 2021."},{"key":"e_1_3_2_2_10_1","volume-title":"ICML","author":"Ilyas Andrew","year":"2018","unstructured":"Andrew Ilyas, Logan Engstrom, Anish Athalye, and Jessy Lin. Black-box adversarial attacks with limited queries and information. In ICML, 2018."},{"key":"e_1_3_2_2_11_1","unstructured":"ImageNet. Imagenet large scale visual recognition challenge 2012 (ilsvrc2012). [EB\/OL]. http:\/\/image-net.org\/challenges\/LSVRC\/2012\/2012-downloads."},{"key":"e_1_3_2_2_12_1","unstructured":"Alex Krizhevsky et al. Learning multiple layers of features from tiny images."},{"key":"e_1_3_2_2_13_1","volume-title":"ICLR (Workshop). OpenReview.net","author":"Kurakin Alexey","year":"2017","unstructured":"Alexey Kurakin, Ian J. Goodfellow, and Samy Bengio. Adversarial examples in the physical world. In ICLR (Workshop). OpenReview.net, 2017."},{"key":"e_1_3_2_2_14_1","volume-title":"IEEE SP","author":"Nicolas","year":"2016","unstructured":"Nicolas Papernot et al. Distillation as a defense to adversarial perturbations against deep neural networks. In IEEE SP, 2016."},{"key":"e_1_3_2_2_15_1","first-page":"506","volume-title":"AsiaCCS","author":"Nicolas","year":"2017","unstructured":"Nicolas Papernot et al. Practical black-box attacks against machine learning. In AsiaCCS, pages 506--519. ACM, 2017."},{"key":"e_1_3_2_2_16_1","volume-title":"ICLR. OpenReview.net","author":"Wong Eric","year":"2020","unstructured":"Eric Wong, Leslie Rice, and J. Zico Kolter. Fast is better than free: Revisiting adversarial training. In ICLR. OpenReview.net, 2020."},{"key":"e_1_3_2_2_17_1","first-page":"227","volume-title":"NeurIPS","author":"Dinghuai","year":"2019","unstructured":"Dinghuai Zhang et al. You only propagate once: Accelerating adversarial training via maximal principle. In NeurIPS, pages 227--238, 2019."},{"key":"e_1_3_2_2_18_1","volume-title":"ICML","author":"Hongyang","year":"2019","unstructured":"Hongyang Zhang et al. Theoretically principled trade-off between robustness and accuracy. In ICML, 2019."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3226572"},{"key":"e_1_3_2_2_20_1","first-page":"3636","volume-title":"CCS","author":"Zhao Ziming","year":"2023","unstructured":"Ziming Zhao, Zhaoxuan Li, Tingting Li, et al. Poster: Detecting adversarial examples hidden under watermark perturbation via usable information theory. In CCS, pages 3636--3638. ACM, 2023."}],"event":{"name":"WWW '24: The ACM Web Conference 2024","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"],"location":"Singapore Singapore","acronym":"WWW '24"},"container-title":["Companion Proceedings of the ACM Web Conference 2024"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589335.3651524","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3589335.3651524","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T00:35:01Z","timestamp":1755822901000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589335.3651524"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5,13]]},"references-count":20,"alternative-id":["10.1145\/3589335.3651524","10.1145\/3589335"],"URL":"https:\/\/doi.org\/10.1145\/3589335.3651524","relation":{},"subject":[],"published":{"date-parts":[[2024,5,13]]},"assertion":[{"value":"2024-05-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}