{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,19]],"date-time":"2025-12-19T10:08:55Z","timestamp":1766138935921,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,10,28]],"date-time":"2024-10-28T00:00:00Z","timestamp":1730073600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"the National Natural Science Foundation of China","award":["62071142"],"award-info":[{"award-number":["62071142"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,10,28]]},"DOI":"10.1145\/3664647.3680796","type":"proceedings-article","created":{"date-parts":[[2024,10,26]],"date-time":"2024-10-26T06:59:41Z","timestamp":1729925981000},"page":"10055-10064","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["DERD: Data-free Adversarial Robustness Distillation through Self-adversarial Teacher Group"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-4376-5123","authenticated-orcid":false,"given":"Yuhang","family":"Zhou","sequence":"first","affiliation":[{"name":"Harbin Institute of Technology, Shenzhen, shenzhen, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8183-8435","authenticated-orcid":false,"given":"Yushu","family":"Zhang","sequence":"additional","affiliation":[{"name":"Nanjing University of Aeronautics and Astronautics, Nanjing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9330-2662","authenticated-orcid":false,"given":"Leo Yu","family":"Zhang","sequence":"additional","affiliation":[{"name":"Griffith University, Brisbane, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3529-0541","authenticated-orcid":false,"given":"Zhongyun","family":"Hua","sequence":"additional","affiliation":[{"name":"Harbin Institute of Technology, Shenzhen & Guangdong Provincial Key Laboratory of Novel Security Intelligence Technologies, Shenzhen, China"}]}],"member":"320","published-online":{"date-parts":[[2024,10,28]]},"reference":[{"key":"e_1_3_2_1_2_1","volume-title":"2017 Decision-based adversarial attacks: Reliable attacks against black-box machine learning models. arXiv preprint arXiv:1712.04248","author":"Brendel Wieland","year":"2017","unstructured":"Wieland Brendel, Jonas Rauber, and Matthias Bethge. 2017 Decision-based adversarial attacks: Reliable attacks against black-box machine learning models. arXiv preprint arXiv:1712.04248 (2017)."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1150402.1150464"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"crossref","unstructured":"Nicholas Carlini and David Wagner. 2017. Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp). Ieee 39--57.","DOI":"10.1109\/SP.2017.49"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2019.00361"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPRW50498.2020.00363"},{"key":"e_1_3_2_1_7_1","volume-title":"International conference on machine learning. PMLR, 2206--2216","author":"Croce Francesco","year":"2020","unstructured":"Francesco Croce and Matthias Hein. 2020. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In International conference on machine learning. PMLR, 2206--2216."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00957"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00444"},{"key":"e_1_3_2_1_10_1","unstructured":"Alexey Dosovitskiy Lucas Beyer Alexander Kolesnikov Dirk Weissenborn Xiaohua Zhai Thomas Unterthiner Mostafa Dehghani Matthias Minderer Georg Heigold Sylvain Gelly et al. 2020. An image is worth 16x16 words: Transformers for image recognition at scale. arXiv preprint arXiv:2010.11929 (2020)."},{"key":"e_1_3_2_1_11_1","first-page":"11920","article-title":"Mosaicking to distill: Knowledge distillation from out-of-domain data","volume":"34","author":"Fang Gongfan","year":"2021","unstructured":"Gongfan Fang, Yifan Bao, Jie Song, Xinchao Wang, Donglin Xie, Chengchao Shen, and Mingli Song. 2021. Mosaicking to distill: Knowledge distillation from out-of-domain data. Advances in Neural Information Processing Systems 34 (2021), 11920--11932.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_12_1","volume-title":"Data-free adversarial distillation. arXiv preprint arXiv:1912.11006","author":"Fang Gongfan","year":"2019","unstructured":"Gongfan Fang, Jie Song, Chengchao Shen, Xinchao Wang, Da Chen, and Mingli Song. 2019. Data-free adversarial distillation. arXiv preprint arXiv:1912.11006 (2019)."},{"key":"e_1_3_2_1_13_1","volume-title":"Contrastive model inversion for data-free knowledge distillation. arXiv preprint arXiv:2105.08584","author":"Fang Gongfan","year":"2021","unstructured":"Gongfan Fang, Jie Song, Xinchao Wang, Chengchao Shen, Xingen Wang, and Mingli Song. 2021. Contrastive model inversion for data-free knowledge distillation. arXiv preprint arXiv:2105.08584 (2021)."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i04.5816"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3422622"},{"key":"e_1_3_2_1_16_1","volume-title":"Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572","author":"Goodfellow Ian J","year":"2014","unstructured":"Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_1_18_1","volume-title":"Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531","author":"Hinton Geoffrey","year":"2015","unstructured":"Geoffrey Hinton, Oriol Vinyals, and Jeff Dean. 2015. Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 (2015)."},{"key":"e_1_3_2_1_19_1","volume-title":"Balancing transferability and discriminability for unsupervised domain adaptation","author":"Huang Jingke","year":"2022","unstructured":"Jingke Huang, Ni Xiao, and Lei Zhang. 2022. Balancing transferability and discriminability for unsupervised domain adaptation. IEEE Transactions on Neural Networks and Learning Systems (2022)."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01304"},{"key":"e_1_3_2_1_21_1","volume-title":"Adversarial machine learning at scale. arXiv preprint arXiv:1611.01236","author":"Kurakin Alexey","year":"2016","unstructured":"Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2016. Adversarial machine learning at scale. arXiv preprint arXiv:1611.01236 (2016)."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00191"},{"key":"e_1_3_2_1_24_1","volume-title":"Nesterov accelerated gradient and scale invariance for adversarial attacks. arXiv preprint arXiv:1908.06281","author":"Lin Jiadong","year":"2019","unstructured":"Jiadong Lin, Chuanbiao Song, Kun He, Liwei Wang, and John E Hopcroft. 2019. Nesterov accelerated gradient and scale invariance for adversarial attacks. arXiv preprint arXiv:1908.06281 (2019)."},{"key":"e_1_3_2_1_25_1","volume-title":"Data-free knowledge distillation for deep neural networks. arXiv preprint arXiv:1710.07535","author":"Lopes Raphael Gontijo","year":"2017","unstructured":"Raphael Gontijo Lopes, Stefano Fenu, and Thad Starner. 2017. Data-free knowledge distillation for deep neural networks. arXiv preprint arXiv:1710.07535 (2017)."},{"key":"e_1_3_2_1_26_1","volume-title":"Unifying distillation and privileged information. arXiv preprint arXiv:1511.03643","author":"Lopez-Paz David","year":"2015","unstructured":"David Lopez-Paz, L\u00e9on Bottou, Bernhard Sch\u00f6lkopf, and Vladimir Vapnik. 2015. Unifying distillation and privileged information. arXiv preprint arXiv:1511.03643 (2015)."},{"key":"e_1_3_2_1_27_1","volume-title":"Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083","author":"Madry Aleksander","year":"2017","unstructured":"Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2017. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017)."},{"key":"e_1_3_2_1_28_1","volume-title":"Zero-shot knowledge transfer via adversarial belief matching. Advances in Neural Information Processing Systems 32","author":"Micaelli Paul","year":"2019","unstructured":"Paul Micaelli and Amos J Storkey. 2019. Zero-shot knowledge transfer via adversarial belief matching. Advances in Neural Information Processing Systems 32 (2019)."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.282"},{"key":"e_1_3_2_1_30_1","volume-title":"Antoine Chassang, Carlo Gatta, and Yoshua Bengio.","author":"Romero Adriana","year":"2014","unstructured":"Adriana Romero, Nicolas Ballas, Samira Ebrahimi Kahou, Antoine Chassang, Carlo Gatta, and Yoshua Bengio. 2014. Fitnets: Hints for thin deep nets. arXiv preprint arXiv:1412.6550 (2014)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00474"},{"key":"e_1_3_2_1_32_1","volume-title":"Ape-gan: Adversarial perturbation elimination with gan. arXiv preprint arXiv:1707.05474","author":"Shen Shiwei","year":"2017","unstructured":"Shiwei Shen, Guoqing Jin, Ke Gao, and Yongdong Zhang. 2017. Ape-gan: Adversarial perturbation elimination with gan. arXiv preprint arXiv:1707.05474 (2017)."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503161.3547937"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV51070.2023.00405"},{"key":"e_1_3_2_1_35_1","volume-title":"Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199","author":"Szegedy Christian","year":"2013","unstructured":"Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2013. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.00474"},{"key":"e_1_3_2_1_37_1","volume-title":"Out of Thin Air: Exploring Data-Free Adversarial Robustness Distillation. arXiv preprint arXiv:2303.11611","author":"Wang Yuzhang","year":"2023","unstructured":"Yuzhang Wang, Zhaoyu Chen, Dingkang Yang, Pinxue Guo, Kaixun Jiang, Wenqiang Zhang, and Lizhe Qi. 2023. Out of Thin Air: Exploring Data-Free Adversarial Robustness Distillation. arXiv preprint arXiv:2303.11611 (2023)."},{"key":"e_1_3_2_1_38_1","volume-title":"International conference on learning representations.","author":"Wang Yisen","year":"2019","unstructured":"Yisen Wang, Difan Zou, Jinfeng Yi, James Bailey, Xingjun Ma, and Quanquan Gu. 2019. Improving adversarial robustness requires revisiting misclassified examples. In International conference on learning representations."},{"key":"e_1_3_2_1_39_1","volume-title":"Mitigating adversarial effects through randomization. arXiv preprint arXiv:1711.01991","author":"Xie Cihang","year":"2017","unstructured":"Cihang Xie, JianyuWang, Zhishuai Zhang, Zhou Ren, and Alan Yuille. 2017. Mitigating adversarial effects through randomization. arXiv preprint arXiv:1711.01991 (2017)."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00284"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3089249"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.00874"},{"key":"e_1_3_2_1_43_1","volume-title":"Data-Free Hard-Label Robustness Stealing Attack. arXiv preprint arXiv:2312.05924","author":"Yuan Xiaojian","year":"2023","unstructured":"Xiaojian Yuan, Kejiang Chen, Wen Huang, Jie Zhang, Weiming Zhang, and Nenghai Yu. 2023. Data-Free Hard-Label Robustness Stealing Attack. arXiv preprint arXiv:2312.05924 (2023)."},{"key":"e_1_3_2_1_44_1","volume-title":"Wide residual networks. arXiv preprint arXiv:1605.07146","author":"Zagoruyko Sergey","year":"2016","unstructured":"Sergey Zagoruyko and Nikos Komodakis. 2016. Wide residual networks. arXiv preprint arXiv:1605.07146 (2016)."},{"key":"e_1_3_2_1_45_1","volume-title":"International conference on machine learning. PMLR, 7472--7482","author":"Zhang Hongyang","year":"2019","unstructured":"Hongyang Zhang, Yaodong Yu, Jiantao Jiao, Eric Xing, Laurent El Ghaoui, and Michael Jordan. 2019. Theoretically principled trade-off between robustness and accuracy. In International conference on machine learning. PMLR, 7472--7482."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIP.2023.3263112"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.00776"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-19772-7_34"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"crossref","unstructured":"Yuhang Zhou and Zhongyun Hua. 2024. Defense without Forgetting: Continual Adversarial Defense with Anisotropic Isotropic Pseudo Replay. arXiv:2404.01828 [cs.LG]","DOI":"10.1109\/CVPR52733.2024.02290"},{"key":"e_1_3_2_1_50_1","volume-title":"Stochastic Gradient Perturbation: An Implicit Regularizer for Person Re-Identification","author":"Zhou Yuhang","year":"2023","unstructured":"Yuhang Zhou, Fuxiang Huang, Weijie Chen, Shiliang Pu, and Lei Zhang. 2023. Stochastic Gradient Perturbation: An Implicit Regularizer for Person Re-Identification. IEEE Transactions on Circuits and Systems for Video Technology (2023)."},{"key":"e_1_3_2_1_51_1","volume-title":"Reliable adversarial distillation with unreliable teachers. arXiv preprint arXiv:2106.04928","author":"Zhu Jianing","year":"2021","unstructured":"Jianing Zhu, Jiangchao Yao, Bo Han, Jingfeng Zhang, Tongliang Liu, Gang Niu, Jingren Zhou, Jianliang Xu, and Hongxia Yang. 2021. Reliable adversarial distillation with unreliable teachers. arXiv preprint arXiv:2106.04928 (2021)."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV48922.2021.01613"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58542-6_34"}],"event":{"name":"MM '24: The 32nd ACM International Conference on Multimedia","sponsor":["SIGMM ACM Special Interest Group on Multimedia"],"location":"Melbourne VIC Australia","acronym":"MM '24"},"container-title":["Proceedings of the 32nd ACM International Conference on Multimedia"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664647.3680796","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3664647.3680796","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:07Z","timestamp":1750295887000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664647.3680796"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,28]]},"references-count":52,"alternative-id":["10.1145\/3664647.3680796","10.1145\/3664647"],"URL":"https:\/\/doi.org\/10.1145\/3664647.3680796","relation":{},"subject":[],"published":{"date-parts":[[2024,10,28]]},"assertion":[{"value":"2024-10-28","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}