{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T15:12:01Z","timestamp":1769008321018,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":63,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,10,28]],"date-time":"2024-10-28T00:00:00Z","timestamp":1730073600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"'111 Center'","award":["B16037"],"award-info":[{"award-number":["B16037"]}]},{"name":"Guangdong Provincial Key Laboratory of Novel Security Intelligence Technologies","award":["2022B1212010005"],"award-info":[{"award-number":["2022B1212010005"]}]},{"DOI":"10.13039\/https:\/\/doi.org\/10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","award":["ZYTS24140"],"award-info":[{"award-number":["ZYTS24140"]}],"id":[{"id":"10.13039\/https:\/\/doi.org\/10.13039\/501100012226","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/https:\/\/doi.org\/10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62102300, 62206207, 61960206014, and 62121001"],"award-info":[{"award-number":["62102300, 62206207, 61960206014, and 62121001"]}],"id":[{"id":"10.13039\/https:\/\/doi.org\/10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,10,28]]},"DOI":"10.1145\/3664647.3680963","type":"proceedings-article","created":{"date-parts":[[2024,10,26]],"date-time":"2024-10-26T06:59:41Z","timestamp":1729925981000},"page":"1014-1023","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Balancing Generalization and Robustness in Adversarial Training via Steering through Clean and Adversarial Gradient Directions"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-5026-6085","authenticated-orcid":false,"given":"Haoyu","family":"Tong","sequence":"first","affiliation":[{"name":"State Key Laboratory of Integrated Service Networks (ISN), Xidian University, Xi'an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5702-5749","authenticated-orcid":false,"given":"Xiaoyu","family":"Zhang","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Integrated Service Networks (ISN), Xidian University &amp; Guangdong Provincial Key Laboratory of Novel Security Intelligence Technologies, Xi'an, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1846-7502","authenticated-orcid":false,"given":"Yulin","family":"Jin","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Integrated Service Networks (ISN), Xidian University, Xi'an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4110-2068","authenticated-orcid":false,"given":"Jian","family":"Lou","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Integrated Service Networks (ISN), Xidian University, Xi'an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1852-6364","authenticated-orcid":false,"given":"Kai","family":"Wu","sequence":"additional","affiliation":[{"name":"School of Artificial Intelligence, Xidian University, Xi'an, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5858-5070","authenticated-orcid":false,"given":"Xiaofeng","family":"Chen","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Integrated Service Networks (ISN), Xidian University, Xi'an, China"}]}],"member":"320","published-online":{"date-parts":[[2024,10,28]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"Diogo Almeida, Janko Altenschmidt, Sam Altman, Shyamal Anadkat, et al.","author":"Achiam Josh","year":"2023","unstructured":"Josh Achiam, Steven Adler, Sandhini Agarwal, Lama Ahmad, Ilge Akkaya, Florencia Leoni Aleman, Diogo Almeida, Janko Altenschmidt, Sam Altman, Shyamal Anadkat, et al. 2023. Gpt-4 technical report. arXiv preprint arXiv:2303.08774 (2023)."},{"key":"e_1_3_2_2_2_1","unstructured":"AI@Meta. 2024. Llama 3 Model Card. (2024). https:\/\/github.com\/meta-llama\/llama3\/blob\/main\/MODEL_CARD.md"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/FOCS52979.2021.00098"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58592-1_29"},{"key":"e_1_3_2_2_5_1","volume-title":"Evading adversarial example detection defenses with orthogonal projected gradient descent. arXiv preprint arXiv:2106.15023","author":"Bryniarski Oliver","year":"2021","unstructured":"Oliver Bryniarski, Nabeel Hingun, Pedro Pachuca, Vincent Wang, and Nicholas Carlini. 2021. Evading adversarial example detection defenses with orthogonal projected gradient descent. arXiv preprint arXiv:2106.15023 (2021)."},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"crossref","unstructured":"Nicholas Carlini and David Wagner. 2017. Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp). Ieee 39--57.","DOI":"10.1109\/SP.2017.49"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01815"},{"key":"e_1_3_2_2_8_1","volume-title":"international conference on machine learning. PMLR, 1310--1320","author":"Cohen Jeremy","year":"2019","unstructured":"Jeremy Cohen, Elan Rosenfeld, and Zico Kolter. 2019. Certified adversarial robustness via randomized smoothing. In international conference on machine learning. PMLR, 1310--1320."},{"key":"e_1_3_2_2_9_1","volume-title":"International conference on machine learning. PMLR, 2206--2216","author":"Croce Francesco","year":"2020","unstructured":"Francesco Croce and Matthias Hein. 2020. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In International conference on machine learning. PMLR, 2206--2216."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"e_1_3_2_2_11_1","volume-title":"International Conference on Artificial Intelligence and Statistics. PMLR, 3762--3773","author":"Farajtabar Mehrdad","year":"2020","unstructured":"Mehrdad Farajtabar, Navid Azizan, Alex Mott, and Ang Li. 2020. Orthogonal gradient descent for continual learning. In International Conference on Artificial Intelligence and Statistics. PMLR, 3762--3773."},{"key":"e_1_3_2_2_12_1","volume-title":"Interactive Trimming against Evasive Online Data Manipulation Attacks: A Game-Theoretic Approach. arXiv preprint arXiv:2403.10313","author":"Fu Yue","year":"2024","unstructured":"Yue Fu, Qingqing Ye, Rong Du, and Haibo Hu. 2024. Interactive Trimming against Evasive Online Data Manipulation Attacks: A Game-Theoretic Approach. arXiv preprint arXiv:2403.10313 (2024)."},{"key":"e_1_3_2_2_13_1","volume-title":"Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572","author":"Goodfellow Ian J","year":"2014","unstructured":"Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)."},{"key":"e_1_3_2_2_14_1","volume-title":"DP-BREM: differentially-private and byzantine-robust federated learning with client momentum. arXiv preprint arXiv:2306.12608","author":"Gu Xiaolan","year":"2023","unstructured":"Xiaolan Gu, Ming Li, and Li Xiong. 2023. DP-BREM: differentially-private and byzantine-robust federated learning with client momentum. arXiv preprint arXiv:2306.12608 (2023)."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3581783.3612092"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-46493-0_38"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01295"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.00538"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.02269"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.01426"},{"key":"e_1_3_2_2_22_1","unstructured":"Alex Krizhevsky Geoffrey Hinton et al. 2009. Learning multiple layers of features from tiny images. (2009)."},{"key":"e_1_3_2_2_23_1","volume-title":"Artificial intelligence safety and security","author":"Kurakin Alexey","unstructured":"Alexey Kurakin, Ian J Goodfellow, and Samy Bengio. 2018. Adversarial examples in the physical world. In Artificial intelligence safety and security. Chapman and Hall\/CRC, 99--112."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00044"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.00035"},{"key":"e_1_3_2_2_26_1","volume-title":"Certified adversarial robustness with additive noise. Advances in neural information processing systems","author":"Li Bai","year":"2019","unstructured":"Bai Li, Changyou Chen, Wenlin Wang, and Lawrence Carin. 2019. Certified adversarial robustness with additive noise. Advances in neural information processing systems, Vol. 32 (2019)."},{"key":"e_1_3_2_2_27_1","volume-title":"Subspace based Federated Unlearning. arXiv preprint arXiv:2302.12448","author":"Li Guanghao","year":"2023","unstructured":"Guanghao Li, Li Shen, Yan Sun, Yue Hu, Han Hu, and Dacheng Tao. 2023. Subspace based Federated Unlearning. arXiv preprint arXiv:2302.12448 (2023)."},{"key":"e_1_3_2_2_28_1","volume-title":"Visualizing the loss landscape of neural nets. Advances in neural information processing systems","author":"Li Hao","year":"2018","unstructured":"Hao Li, Zheng Xu, Gavin Taylor, Christoph Studer, and Tom Goldstein. 2018. Visualizing the loss landscape of neural nets. Advances in neural information processing systems, Vol. 31 (2018)."},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01305"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.00730"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.01929"},{"key":"e_1_3_2_2_32_1","volume-title":"PreCurious: How Innocent Pre-Trained Language Models Turn into Privacy Traps. arXiv preprint arXiv:2403.09562","author":"Liu Ruixuan","year":"2024","unstructured":"Ruixuan Liu, Tianhao Wang, Yang Cao, and Li Xiong. 2024. PreCurious: How Innocent Pre-Trained Language Models Turn into Privacy Traps. arXiv preprint arXiv:2403.09562 (2024)."},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01204"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP49357.2023.10096889"},{"key":"e_1_3_2_2_35_1","volume-title":"Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083","author":"Madry Aleksander","year":"2017","unstructured":"Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2017. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017)."},{"key":"e_1_3_2_2_36_1","volume-title":"Diffusion models for adversarial purification. arXiv preprint arXiv:2205.07460","author":"Nie Weili","year":"2022","unstructured":"Weili Nie, Brandon Guo, Yujia Huang, Chaowei Xiao, Arash Vahdat, and Anima Anandkumar. 2022. Diffusion models for adversarial purification. arXiv preprint arXiv:2205.07460 (2022)."},{"key":"e_1_3_2_2_37_1","volume-title":"International Conference on Machine Learning. PMLR, 17258--17277","author":"Pang Tianyu","year":"2022","unstructured":"Tianyu Pang, Min Lin, Xiao Yang, Jun Zhu, and Shuicheng Yan. 2022. Robustness and accuracy could be reconcilable by (proper) definition. In International Conference on Machine Learning. PMLR, 17258--17277."},{"key":"e_1_3_2_2_38_1","volume-title":"ICML 2021 Workshop on Adversarial Machine Learning.","author":"Rade Rahul","year":"2021","unstructured":"Rahul Rade and Seyed-Mohsen Moosavi-Dezfooli. 2021. Helper-based adversarial training: Reducing excessive margin to achieve a better accuracy vs. robustness trade-off. In ICML 2021 Workshop on Adversarial Machine Learning."},{"key":"e_1_3_2_2_39_1","volume-title":"International Conference on Learning Representations.","author":"Rade Rahul","year":"2021","unstructured":"Rahul Rade and Seyed-Mohsen Moosavi-Dezfooli. 2021. Reducing excessive margin to achieve a better accuracy vs. robustness trade-off. In International Conference on Learning Representations."},{"key":"e_1_3_2_2_40_1","volume-title":"Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199","author":"Szegedy Christian","year":"2013","unstructured":"Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2013. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)."},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v36i8.20817"},{"key":"e_1_3_2_2_42_1","volume-title":"Robustness may be at odds with accuracy. arXiv preprint arXiv:1805.12152","author":"Tsipras Dimitris","year":"2018","unstructured":"Dimitris Tsipras, Shibani Santurkar, Logan Engstrom, Alexander Turner, and Aleksander Madry. 2018. Robustness may be at odds with accuracy. arXiv preprint arXiv:1805.12152 (2018)."},{"key":"e_1_3_2_2_43_1","volume-title":"International Conference on Machine Learning. PMLR, 5025--5034","author":"Uesato Jonathan","year":"2018","unstructured":"Jonathan Uesato, Brendan O'donoghue, Pushmeet Kohli, and Aaron Oord. 2018. Adversarial risk and the dangers of evaluating against weak attacks. In International Conference on Machine Learning. PMLR, 5025--5034."},{"key":"e_1_3_2_2_44_1","first-page":"7449","article-title":"Once-for-all adversarial training: In-situ tradeoff between robustness and accuracy for free","volume":"33","author":"Wang Haotao","year":"2020","unstructured":"Haotao Wang, Tianlong Chen, Shupeng Gui, TingKuei Hu, Ji Liu, and Zhangyang Wang. 2020. Once-for-all adversarial training: In-situ tradeoff between robustness and accuracy for free. Advances in Neural Information Processing Systems, Vol. 33 (2020), 7449--7461.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_2_45_1","volume-title":"International conference on learning representations.","author":"Wang Yisen","year":"2019","unstructured":"Yisen Wang, Difan Zou, Jinfeng Yi, James Bailey, Xingjun Ma, and Quanquan Gu. 2019. Improving adversarial robustness requires revisiting misclassified examples. In International conference on learning representations."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3581783.3612163"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.00792"},{"key":"e_1_3_2_2_48_1","first-page":"2958","article-title":"Adversarial weight perturbation helps robust generalization","volume":"33","author":"Wu Dongxian","year":"2020","unstructured":"Dongxian Wu, Shu-Tao Xia, and Yisen Wang. 2020. Adversarial weight perturbation helps robust generalization. Advances in Neural Information Processing Systems, Vol. 33 (2020), 2958--2969.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_2_49_1","volume-title":"Unsupervised data augmentation for consistency training. Advances in neural information processing systems","author":"Xie Qizhe","year":"2020","unstructured":"Qizhe Xie, Zihang Dai, Eduard Hovy, Thang Luong, and Quoc Le. 2020. Unsupervised data augmentation for consistency training. Advances in neural information processing systems, Vol. 33 (2020), 6256--6268."},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.00707"},{"key":"e_1_3_2_2_51_1","volume-title":"Detection of word adversarial examples in text classification: Benchmark and baseline via robust density estimation. arXiv preprint arXiv:2203.01677","author":"Yoo KiYoon","year":"2022","unstructured":"KiYoon Yoo, Jangho Kim, Jiho Jang, and Nojun Kwak. 2022. Detection of word adversarial examples in text classification: Benchmark and baseline via robust density estimation. arXiv preprint arXiv:2203.01677 (2022)."},{"key":"e_1_3_2_2_52_1","volume-title":"International Conference on Machine Learning. PMLR, 12062--12072","author":"Yoon Jongmin","year":"2021","unstructured":"Jongmin Yoon, Sung Ju Hwang, and Juho Lee. 2021. Adversarial purification with score-based generative models. In International Conference on Machine Learning. PMLR, 12062--12072."},{"key":"e_1_3_2_2_53_1","volume-title":"Wide residual networks. arXiv preprint arXiv:1605.07146","author":"Zagoruyko Sergey","year":"2016","unstructured":"Sergey Zagoruyko and Nikos Komodakis. 2016. Wide residual networks. arXiv preprint arXiv:1605.07146 (2016)."},{"key":"e_1_3_2_2_54_1","volume-title":"Generalization bounds for domain adaptation. Advances in neural information processing systems","author":"Zhang Chao","year":"2012","unstructured":"Chao Zhang, Lei Zhang, and Jieping Ye. 2012. Generalization bounds for domain adaptation. Advances in neural information processing systems, Vol. 25 (2012)."},{"key":"e_1_3_2_2_55_1","volume-title":"International conference on machine learning. PMLR, 7472--7482","author":"Zhang Hongyang","year":"2019","unstructured":"Hongyang Zhang, Yaodong Yu, Jiantao Jiao, Eric Xing, Laurent El Ghaoui, and Michael Jordan. 2019. Theoretically principled trade-off between robustness and accuracy. In International conference on machine learning. PMLR, 7472--7482."},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v37i9.26329"},{"key":"e_1_3_2_2_57_1","volume-title":"Geometry-aware instance-reweighted adversarial training. arXiv preprint arXiv:2010.01736","author":"Zhang Jingfeng","year":"2020","unstructured":"Jingfeng Zhang, Jianing Zhu, Gang Niu, Bo Han, Masashi Sugiyama, and Mohan Kankanhalli. 2020. Geometry-aware instance-reweighted adversarial training. arXiv preprint arXiv:2010.01736 (2020)."},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2019.2941244"},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503161.3548065"},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3348204"},{"key":"e_1_3_2_2_61_1","unstructured":"Yu Zhang Wei Han James Qin Yongqiang Wang Ankur Bapna Zhehuai Chen Nanxin Chen Bo Li Vera Axelrod Gary Wang et al. 2023. Google usm: Scaling automatic speech recognition beyond 100 languages. arXiv preprint arXiv:2303.01037 (2023)."},{"key":"e_1_3_2_2_62_1","first-page":"14435","article-title":"Maximum-entropy adversarial data augmentation for improved generalization and robustness","volume":"33","author":"Zhao Long","year":"2020","unstructured":"Long Zhao, Ting Liu, Xi Peng, and Dimitris Metaxas. 2020. Maximum-entropy adversarial data augmentation for improved generalization and robustness. Advances in Neural Information Processing Systems, Vol. 33 (2020), 14435--14447.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_2_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV51070.2023.00408"}],"event":{"name":"MM '24: The 32nd ACM International Conference on Multimedia","location":"Melbourne VIC Australia","acronym":"MM '24","sponsor":["SIGMM ACM Special Interest Group on Multimedia"]},"container-title":["Proceedings of the 32nd ACM International Conference on Multimedia"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664647.3680963","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3664647.3680963","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:17:34Z","timestamp":1750295854000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664647.3680963"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,28]]},"references-count":63,"alternative-id":["10.1145\/3664647.3680963","10.1145\/3664647"],"URL":"https:\/\/doi.org\/10.1145\/3664647.3680963","relation":{},"subject":[],"published":{"date-parts":[[2024,10,28]]},"assertion":[{"value":"2024-10-28","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}