{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,4]],"date-time":"2026-06-04T16:15:25Z","timestamp":1780589725755,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":66,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3744859","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:32:38Z","timestamp":1763854358000},"page":"3087-3101","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["One Surrogate to Fool Them All: Universal, Transferable, and Targeted Adversarial Attacks with CLIP"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-1073-1837","authenticated-orcid":false,"given":"Binyan","family":"Xu","sequence":"first","affiliation":[{"name":"The Chinese University of Hong Kong, Hong Kong, Hong Kong"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-8149-9429","authenticated-orcid":false,"given":"Xilin","family":"Dai","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, Zhejiang, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7031-3315","authenticated-orcid":false,"given":"Di","family":"Tang","sequence":"additional","affiliation":[{"name":"Sun Yat-sen University, Shenzhen, Guangdong, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1519-0057","authenticated-orcid":false,"given":"Kehuan","family":"Zhang","sequence":"additional","affiliation":[{"name":"The Chinese University of Hong Kong, Hong Kong, Hong Kong"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1117\/1.JEI.32.2.023033"},{"key":"e_1_3_2_2_2_1","volume-title":"ImU: Physical Impersonating Attack for Face Recognition System with Natural Style Changes. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 899-916","author":"An Shengwei","year":"2023","unstructured":"Shengwei An, Yuan Yao, Qiuling Xu, Shiqing Ma, Guanhong Tao, Siyuan Cheng, Kaiyuan Zhang, Yingqi Liu, Guangyu Shen, Ian Kelk, et al., 2023. ImU: Physical Impersonating Attack for Face Recognition System with Natural Style Changes. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 899-916."},{"key":"e_1_3_2_2_3_1","volume-title":"arXiv preprint arXiv:2307.10490","author":"Bagdasaryan Eugene","year":"2023","unstructured":"Eugene Bagdasaryan, Tsung-Yin Hsieh, Ben Nassi, and Vitaly Shmatikov. 2023. (Ab) using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs. arXiv preprint arXiv:2307.10490 (2023)."},{"key":"e_1_3_2_2_4_1","first-page":"3009","volume-title":"Adversarial Illusions in Multi-Modal Embeddings. In 33rd USENIX Security Symposium (USENIX Security 24)","author":"Bagdasaryan Eugene","year":"2024","unstructured":"Eugene Bagdasaryan, Rishi Jha, Vitaly Shmatikov, and Tingwei Zhang. 2024. Adversarial Illusions in Multi-Modal Embeddings. In 33rd USENIX Security Symposium (USENIX Security 24). 3009-3025."},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1137\/23M1564560"},{"key":"e_1_3_2_2_6_1","volume-title":"MixedNUTS: Training-Free Accuracy-Robustness Balance via Nonlinearly Mixed Classifiers. arXiv preprint arXiv:2402.02263","author":"Bai Yatong","year":"2024","unstructured":"Yatong Bai, Mo Zhou, Vishal M Patel, and Somayeh Sojoudi. 2024b. MixedNUTS: Training-Free Accuracy-Robustness Balance via Nonlinearly Mixed Classifiers. arXiv preprint arXiv:2402.02263 (2024)."},{"key":"e_1_3_2_2_7_1","volume-title":"Daphne Ippolito, Florian Tramer, and Ludwig Schmidt.","author":"Carlini Nicholas","year":"2024","unstructured":"Nicholas Carlini, Milad Nasr, Christopher A Choquette-Choo, Matthew Jagielski, Irena Gao, Pang Wei W Koh, Daphne Ippolito, Florian Tramer, and Ludwig Schmidt. 2024. Are aligned neural networks adversarially aligned? Advances in Neural Information Processing Systems, Vol. 36 (2024)."},{"key":"e_1_3_2_2_8_1","volume-title":"Towards Evaluating the Robustness of Neural Networks. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 39-57","author":"Carlini Nicholas","year":"2017","unstructured":"Nicholas Carlini and David Wagner. 2017. Towards Evaluating the Robustness of Neural Networks. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 39-57."},{"key":"e_1_3_2_2_9_1","volume-title":"Unlabeled data improves adversarial robustness. Advances in neural information processing systems","author":"Carmon Yair","year":"2019","unstructured":"Yair Carmon, Aditi Raghunathan, Ludwig Schmidt, John C Duchi, and Percy S Liang. 2019. Unlabeled data improves adversarial robustness. Advances in neural information processing systems, Vol. 32 (2019)."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140448"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.00078"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58555-6_17"},{"key":"e_1_3_2_2_13_1","volume-title":"How deep learning sees the world: A survey on adversarial attacks & defenses","author":"Costa Joana C","year":"2024","unstructured":"Joana C Costa, Tiago Roxo, Hugo Proen\u00e7a, and Pedro RM In\u00e1cio. 2024. How deep learning sees the world: A survey on adversarial attacks & defenses. IEEE Access (2024)."},{"key":"e_1_3_2_2_14_1","volume-title":"Thirty-fifth Conference on Neural Information Processing Systems Datasets and Benchmarks Track. https:\/\/openreview.net\/forum?id=SSKZPJCt7B","author":"Croce Francesco","year":"2021","unstructured":"Francesco Croce, Maksym Andriushchenko, Vikash Sehwag, Edoardo Debenedetti, Nicolas Flammarion, Mung Chiang, Prateek Mittal, and Matthias Hein. 2021. RobustBench: a standardized adversarial robustness benchmark. In Thirty-fifth Conference on Neural Information Processing Systems Datasets and Benchmarks Track. https:\/\/openreview.net\/forum?id=SSKZPJCt7B"},{"key":"e_1_3_2_2_15_1","volume-title":"Decoupled kullback-leibler divergence loss. arXiv preprint arXiv:2305.13948","author":"Cui Jiequan","year":"2023","unstructured":"Jiequan Cui, Zhuotao Tian, Zhisheng Zhong, Xiaojuan Qi, Bei Yu, and Hanwang Zhang. 2023. Decoupled kullback-leibler divergence loss. arXiv preprint arXiv:2305.13948 (2023)."},{"key":"e_1_3_2_2_16_1","volume-title":"How Robust is Google's Bard to Adversarial Image Attacks? arXiv preprint arXiv:2309.11751","author":"Dong Yinpeng","year":"2023","unstructured":"Yinpeng Dong, Huanran Chen, Jiawei Chen, Zhengwei Fang, Xiao Yang, Yichi Zhang, Yu Tian, Hang Su, and Jun Zhu. 2023. How Robust is Google's Bard to Adversarial Image Attacks? arXiv preprint arXiv:2309.11751 (2023)."},{"key":"e_1_3_2_2_17_1","volume-title":"Proceedings of the European Conference on Computer Vision (ECCV). 1-19","author":"Fang Hao","year":"2024","unstructured":"Hao Fang, Jiawei Kong, Bin Chen, Tao Dai, Hao Wu, and Shu-Tao Xia. 2024. CLIP-Guided Networks for Transferable Targeted Attacks. In Proceedings of the European Conference on Computer Vision (ECCV). 1-19."},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2006.79"},{"key":"e_1_3_2_2_19_1","first-page":"5","article-title":"Pixels still beat text: attacking the OpenAI CLIP model with text patches and adversarial pixel perturbations","volume":"5","author":"Fort Stanislav","year":"2021","unstructured":"Stanislav Fort. 2021. Pixels still beat text: attacking the OpenAI CLIP model with text patches and adversarial pixel perturbations. Stanislav Fort [Internet], Vol. 5, 2 (2021), 5.","journal-title":"Stanislav Fort [Internet]"},{"key":"e_1_3_2_2_20_1","first-page":"6867","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Ge Yunjie","year":"2024","unstructured":"Yunjie Ge, Qian Wang, Huayang Huang, Qi Li, Cong Wang, Chao Shen, Lingchen Zhao, Peipei Jiang, Zheng Fang, and Shenyi Zhang. 2024. Hijacking Attacks against Neural Network by Analyzing Training Data. In 33rd USENIX Security Symposium (USENIX Security 24). USENIX Association, Philadelphia, PA, 6867-6884."},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.01457"},{"key":"e_1_3_2_2_22_1","volume-title":"Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572","author":"Goodfellow Ian J","year":"2014","unstructured":"Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)."},{"key":"e_1_3_2_2_23_1","unstructured":"Jindong Gu Xiaojun Jia Pau de Jorge Wenqian Yu Xinwei Liu Avery Ma Yuan Xun Anjun Hu Ashkan Khakzar Zhijiang Li et al. [n.d.]. A Survey on Transferability of Adversarial Examples Across Deep Neural Networks. Transactions on Machine Learning Research ( [n. d.])."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503161.3548171"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.3390\/a13110268"},{"key":"e_1_3_2_2_26_1","volume-title":"Self-adaptive training: beyond empirical risk minimization. Advances in neural information processing systems","author":"Huang Lang","year":"2020","unstructured":"Lang Huang, Chao Zhang, and Hongyang Zhang. 2020. Self-adaptive training: beyond empirical risk minimization. Advances in neural information processing systems, Vol. 33 (2020), 19365-19376."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.00793"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00723"},{"key":"e_1_3_2_2_29_1","volume-title":"Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980","author":"Kingma DP","year":"2014","unstructured":"DP Kingma. 2014. Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)."},{"key":"e_1_3_2_2_30_1","volume-title":"Learning Multiple Layers of Features from Tiny Images. Master's thesis","author":"Krizhevsky A","unstructured":"A Krizhevsky. 2009. Learning Multiple Layers of Features from Tiny Images. Master's thesis, University of Tront (2009)."},{"key":"e_1_3_2_2_31_1","volume-title":"Interpretability-Guided Test-Time Adversarial Defense. In European Conference on Computer Vision.","author":"Kulkarni Akshay","year":"2024","unstructured":"Akshay Kulkarni and Tsui-Wei Weng. 2024. Interpretability-Guided Test-Time Adversarial Defense. In European Conference on Computer Vision."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2009.5459250"},{"key":"e_1_3_2_2_33_1","volume-title":"Tiny imagenet visual recognition challenge. CS 231N","author":"Le Ya","year":"2015","unstructured":"Ya Le and Xuan Yang. 2015. Tiny imagenet visual recognition challenge. CS 231N, Vol. 7, 7 (2015), 3."},{"key":"e_1_3_2_2_34_1","first-page":"12849","article-title":"Practical no-box adversarial attacks against dnns","volume":"33","author":"Li Qizhang","year":"2020","unstructured":"Qizhang Li, Yiwen Guo, and Hao Chen. 2020b. Practical no-box adversarial attacks against dnns. Advances in Neural Information Processing Systems, Vol. 33 (2020), 12849-12860.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58621-8_46"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcce.2020.12.004"},{"key":"e_1_3_2_2_37_1","first-page":"1195","article-title":"Boosting Decision-Based Black-Box Adversarial Attack with Gradient Priors. In 32nd International Joint Conference on Artificial Intelligence, IJCAI 2023","author":"Liu Han","year":"2023","unstructured":"Han Liu, Xingshuo Huang, Xiaotong Zhang, Qimai Li, Fenglong Ma, Wei Wang, Hongyang Chen, Hong Yu, and Xianchao Zhang. 2023. Boosting Decision-Based Black-Box Adversarial Attack with Gradient Priors. In 32nd International Joint Conference on Artificial Intelligence, IJCAI 2023. International Joint Conferences on Artificial Intelligence, 1195-1203.","journal-title":"International Joint Conferences on Artificial Intelligence"},{"key":"e_1_3_2_2_38_1","volume-title":"Delving into transferable adversarial examples and black-box attacks. arXiv preprint arXiv:1611.02770","author":"Liu Yanpei","year":"2016","unstructured":"Yanpei Liu, Xinyun Chen, Chang Liu, and Dawn Song. 2016. Delving into transferable adversarial examples and black-box attacks. arXiv preprint arXiv:1611.02770 (2016)."},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2015.425"},{"key":"e_1_3_2_2_40_1","volume-title":"The Twelfth International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=nc5GgFAvtk","author":"Luo Haochen","year":"2024","unstructured":"Haochen Luo, Jindong Gu, Fengyuan Liu, and Philip Torr. 2024. An Image Is Worth 1000 Lies: Transferability of Adversarial Images across Prompts on Vision-Language Models. In The Twelfth International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=nc5GgFAvtk"},{"key":"e_1_3_2_2_41_1","volume-title":"Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083","author":"Madry Aleksander","year":"2017","unstructured":"Aleksander Madry. 2017. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017)."},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV48922.2021.00761"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV48922.2021.00761"},{"key":"e_1_3_2_2_44_1","volume-title":"Fahad Shahbaz Khan, and Fatih Porikli.","author":"Naseer Muhammad Muzammal","year":"2019","unstructured":"Muhammad Muzammal Naseer, Salman H Khan, Muhammad Haris Khan, Fahad Shahbaz Khan, and Fatih Porikli. 2019. Cross-domain transferability of adversarial perturbations. Advances in Neural Information Processing Systems, Vol. 32 (2019)."},{"key":"e_1_3_2_2_45_1","volume-title":"Diffusion Models for Adversarial Purification. In International Conference on Machine Learning (ICML).","author":"Nie Weili","year":"2022","unstructured":"Weili Nie, Brandon Guo, Yujia Huang, Chaowei Xiao, Arash Vahdat, and Anima Anandkumar. 2022. Diffusion Models for Adversarial Purification. In International Conference on Machine Learning (ICML)."},{"key":"e_1_3_2_2_46_1","volume-title":"Robust Principles: Architectural Design Principles for Adversarially Robust CNNs. In 34th British Machine Vision Conference 2023, BMVC 2023","author":"Peng ShengYun","year":"2023","unstructured":"ShengYun Peng, Weilin Xu, Cory Cornelius, Matthew Hull, Kevin Li, Rahul Duggal, Mansi Phute, Jason Martin, and Duen Horng Chau. 2023. Robust Principles: Architectural Design Principles for Adversarially Robust CNNs. In 34th British Machine Vision Conference 2023, BMVC 2023, Aberdeen, UK, November 20--24, 2023. BMVA. https:\/\/papers.bmvc2023.org\/0739.pdf"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v38i19.30150"},{"key":"e_1_3_2_2_48_1","volume-title":"International conference on machine learning. PMLR, 8748-8763","author":"Radford Alec","year":"2021","unstructured":"Alec Radford, Jong Wook Kim, Chris Hallacy, Aditya Ramesh, Gabriel Goh, Sandhini Agarwal, Girish Sastry, Amanda Askell, Pamela Mishkin, Jack Clark, et al., 2021. Learning transferable visual models from natural language supervision. In International conference on machine learning. PMLR, 8748-8763."},{"key":"e_1_3_2_2_49_1","volume-title":"Fixing data augmentation to improve adversarial robustness. arXiv preprint arXiv:2103.01946","author":"Rebuffi Sylvestre-Alvise","year":"2021","unstructured":"Sylvestre-Alvise Rebuffi, Sven Gowal, Dan A Calian, Florian Stimberg, Olivia Wiles, and Timothy Mann. 2021. Fixing data augmentation to improve adversarial robustness. arXiv preprint arXiv:2103.01946 (2021)."},{"key":"e_1_3_2_2_50_1","volume-title":"International conference on machine learning. PMLR, 8093-8104","author":"Rice Leslie","year":"2020","unstructured":"Leslie Rice, Eric Wong, and Zico Kolter. 2020. Overfitting in adversarially robust deep learning. In International conference on machine learning. PMLR, 8093-8104."},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"crossref","unstructured":"Olga Russakovsky Jia Deng Hao Su Jonathan Krause Sanjeev Satheesh Sean Ma Zhiheng Huang Andrej Karpathy Aditya Khosla Michael Bernstein et al. 2015. Imagenet large scale visual recognition challenge. International journal of computer vision Vol. 115 (2015) 211-252.","DOI":"10.1007\/s11263-015-0816-y"},{"key":"e_1_3_2_2_52_1","first-page":"25278","article-title":"Laion-5b: An open large-scale dataset for training next generation image-text models","volume":"35","author":"Schuhmann Christoph","year":"2022","unstructured":"Christoph Schuhmann, Romain Beaumont, Richard Vencu, Cade Gordon, Ross Wightman, Mehdi Cherti, Theo Coombes, Aarush Katta, Clayton Mullis, Mitchell Wortsman, et al., 2022. Laion-5b: An open large-scale dataset for training next generation image-text models. Advances in Neural Information Processing Systems, Vol. 35 (2022), 25278-25294.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_2_53_1","first-page":"19655","article-title":"Hydra: Pruning adversarially robust neural networks","volume":"33","author":"Sehwag Vikash","year":"2020","unstructured":"Vikash Sehwag, Shiqi Wang, Prateek Mittal, and Suman Jana. 2020. Hydra: Pruning adversarially robust neural networks. Advances in Neural Information Processing Systems, Vol. 33 (2020), 19655-19666.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_2_54_1","volume-title":"Plug and Pray: Exploiting off-the-shelf components of Multi-Modal Models. arXiv preprint arXiv:2307.14539","author":"Shayegani Erfan","year":"2023","unstructured":"Erfan Shayegani, Yue Dong, and Nael Abu-Ghazaleh. 2023. Plug and Pray: Exploiting off-the-shelf components of Multi-Modal Models. arXiv preprint arXiv:2307.14539 (2023)."},{"key":"e_1_3_2_2_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52733.2024.02298"},{"key":"e_1_3_2_2_56_1","volume-title":"Instructta: Instruction-tuned targeted attack for large vision-language models. arXiv preprint arXiv:2312.01886","author":"Wang Xunguang","year":"2023","unstructured":"Xunguang Wang, Zhenlan Ji, Pingchuan Ma, Zongjie Li, and Shuai Wang. 2023a. Instructta: Instruction-tuned targeted attack for large vision-language models. arXiv preprint arXiv:2312.01886 (2023)."},{"key":"e_1_3_2_2_57_1","volume-title":"International Conference on Machine Learning. PMLR, 36246-36263","author":"Wang Zekai","year":"2023","unstructured":"Zekai Wang, Tianyu Pang, Chao Du, Min Lin, Weiwei Liu, and Shuicheng Yan. 2023b. Better diffusion models further improve adversarial training. In International Conference on Machine Learning. PMLR, 36246-36263."},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.01182"},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3284649"},{"key":"e_1_3_2_2_60_1","volume-title":"Exploring and Exploiting Decision Boundary Dynamics for Adversarial Robustness. In The Eleventh International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=aRTKuscKByJ","author":"Xu Yuancheng","year":"2023","unstructured":"Yuancheng Xu, Yanchao Sun, Micah Goldblum, Tom Goldstein, and Furong Huang. 2023. Exploring and Exploiting Decision Boundary Dynamics for Adversarial Robustness. In The Eleventh International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=aRTKuscKByJ"},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP48485.2024.10446654"},{"key":"e_1_3_2_2_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616617"},{"key":"e_1_3_2_2_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV51070.2023.01100"},{"key":"e_1_3_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/3626772.3657781"},{"key":"e_1_3_2_2_65_1","first-page":"6115","article-title":"On success and simplicity: A second look at transferable targeted attacks","volume":"34","author":"Zhao Zhengyu","year":"2021","unstructured":"Zhengyu Zhao, Zhuoran Liu, and Martha Larson. 2021. On success and simplicity: A second look at transferable targeted attacks. Advances in Neural Information Processing Systems, Vol. 34 (2021), 6115-6128.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_2_66_1","volume-title":"BlackboxBench: A Comprehensive Benchmark of Black-box Adversarial Attacks. arXiv preprint arXiv:2312.16979","author":"Zheng Meixi","year":"2023","unstructured":"Meixi Zheng, Xuanchen Yan, Zihao Zhu, Hongrui Chen, and Baoyuan Wu. 2023. BlackboxBench: A Comprehensive Benchmark of Black-box Adversarial Attacks. arXiv preprint arXiv:2312.16979 (2023)."}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","location":"Taipei Taiwan","acronym":"CCS '25","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3744859","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:10:41Z","timestamp":1766441441000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3744859"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":66,"alternative-id":["10.1145\/3719027.3744859","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3744859","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}