{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T12:59:26Z","timestamp":1761569966869,"version":"build-2065373602"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","funder":[{"name":"Major Project of ISCAS","award":["ISCAS- ZD-202302"],"award-info":[{"award-number":["ISCAS- ZD-202302"]}]},{"name":"CAS Project for Young Scientists in Basic Research","award":["YSBR-040"],"award-info":[{"award-number":["YSBR-040"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,6,20]]},"DOI":"10.1145\/3755881.3755928","type":"proceedings-article","created":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T11:46:17Z","timestamp":1761565577000},"page":"293-304","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Def-VAE: Identifying Adversarial Inputs with Robust Latent Representations"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3493-2258","authenticated-orcid":false,"given":"Chengye","family":"Li","sequence":"first","affiliation":[{"name":"Institute of Software, Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8293-2888","authenticated-orcid":false,"given":"Changshun","family":"Wu","sequence":"additional","affiliation":[{"name":"Universit\u00e9 Grenoble Alpes, Grenoble, France"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5225-6268","authenticated-orcid":false,"given":"Rongjie","family":"Yan","sequence":"additional","affiliation":[{"name":"Institute of Software Chinese Academy of Sciences, Beijing, China"}]}],"member":"320","published-online":{"date-parts":[[2025,10,27]]},"reference":[{"key":"e_1_3_3_1_2_2","doi-asserted-by":"crossref","unstructured":"Tong Chen and Zhan Ma. 2023. Towards robust neural image compression: Adversarial attack and model finetuning. IEEE Transactions on Circuits and Systems for Video Technology (2023).","DOI":"10.1109\/TCSVT.2023.3276442"},{"key":"e_1_3_3_1_3_2","first-page":"2196","volume-title":"International Conference on Machine Learning","author":"Croce Francesco","year":"2020","unstructured":"Francesco Croce and Matthias Hein. 2020. Minimally distorted adversarial examples with a fast adaptive boundary attack. In International Conference on Machine Learning. 2196\u20132205."},{"key":"e_1_3_3_1_4_2","first-page":"2206","volume-title":"Proceedings of the International conference on machine learning","author":"Croce Francesco","year":"2020","unstructured":"Francesco Croce and Matthias Hein. 2020. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In Proceedings of the International conference on machine learning. 2206\u20132216."},{"key":"e_1_3_3_1_5_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"e_1_3_3_1_6_2","unstructured":"Laurent Dinh David Krueger and Yoshua Bengio. 2014. Nice: Non-linear independent components estimation. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/1410.8516 (2014)."},{"key":"e_1_3_3_1_7_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Dosovitskiy Alexey","year":"2020","unstructured":"Alexey Dosovitskiy, Lucas Beyer, Alexander Kolesnikov, Dirk Weissenborn, Xiaohua Zhai, Thomas Unterthiner, Mostafa Dehghani, Matthias Minderer, Georg Heigold, Sylvain Gelly, et\u00a0al. 2020. An Image is Worth 16x16 Words: Transformers for Image Recognition at Scale. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_3_1_8_2","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Esser Patrick","year":"2024","unstructured":"Patrick Esser, Sumith Kulal, Andreas Blattmann, Rahim Entezari, Jonas M\u00fcller, Harry Saini, Yam Levi, Dominik Lorenz, Axel Sauer, Frederic Boesel, et\u00a0al. 2024. Scaling rectified flow transformers for high-resolution image synthesis. In Proceedings of the International Conference on Machine Learning."},{"key":"e_1_3_3_1_9_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01817"},{"key":"e_1_3_3_1_10_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-46466-4_29"},{"key":"e_1_3_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i04.5816"},{"key":"e_1_3_3_1_12_2","unstructured":"Ian Goodfellow Jean Pouget-Abadie Mehdi Mirza Bing Xu David Warde-Farley Sherjil Ozair Aaron Courville and Yoshua Bengio. 2014. Generative adversarial nets. Advances in neural information processing systems 27 (2014)."},{"key":"e_1_3_3_1_13_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Goodfellow Ian\u00a0J.","year":"2015","unstructured":"Ian\u00a0J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In Proceedings of the International Conference on Learning Representations, Yoshua Bengio and Yann LeCun (Eds.)."},{"key":"e_1_3_3_1_14_2","unstructured":"Yiwen Guo Chao Zhang Changshui Zhang and Yurong Chen. 2018. Sparse dnns with improved adversarial robustness. Proceedings of the Advances in neural information processing systems 31 (2018)."},{"key":"e_1_3_3_1_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_3_1_16_2","first-page":"6840","volume-title":"Proceedings of the Advances in Neural Information Processing Systems","volume":"33","author":"Ho Jonathan","year":"2020","unstructured":"Jonathan Ho, Ajay Jain, and Pieter Abbeel. 2020. Denoising diffusion probabilistic models. In Proceedings of the Advances in Neural Information Processing Systems, Vol.\u00a033. 6840\u20136851."},{"key":"e_1_3_3_1_17_2","unstructured":"Jeremy Howard. [n. d.]. imagenette. https:\/\/github.com\/fastai\/imagenette\/"},{"key":"e_1_3_3_1_18_2","doi-asserted-by":"crossref","unstructured":"Jeremy Howard and Sylvain Gugger. 2020. Fastai: a layered API for deep learning. Information 11 2 (2020) 108.","DOI":"10.3390\/info11020108"},{"key":"e_1_3_3_1_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/3474085.3475171"},{"key":"e_1_3_3_1_20_2","unstructured":"Yuzhou Huang Ziyang Yuan Quande Liu Qiulin Wang Xintao Wang Ruimao Zhang Pengfei Wan Di Zhang and Kun Gai. 2025. ConceptMaster: Multi-Concept Video Customization on Diffusion Transformer Models Without Test-Time Tuning. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2501.04698 (2025)."},{"key":"e_1_3_3_1_21_2","first-page":"2273","volume-title":"Proceedings of the 30th USENIX Security Symposium (USENIX Security 21)","author":"Hussain Shehzeen","year":"2021","unstructured":"Shehzeen Hussain, Paarth Neekhara, Shlomo Dubnov, Julian McAuley, and Farinaz Koushanfar. 2021. { WaveGuard} : Understanding and mitigating audio adversarial examples. In Proceedings of the 30th USENIX Security Symposium (USENIX Security 21). 2273\u20132290."},{"key":"e_1_3_3_1_22_2","doi-asserted-by":"crossref","unstructured":"Uiwon Hwang Jaewoo Park Hyemi Jang Sungroh Yoon and Nam\u00a0Ik Cho. 2019. Puvae: A variational autoencoder to purify adversarial examples. IEEE Access 7 (2019) 126582\u2013126593.","DOI":"10.1109\/ACCESS.2019.2939352"},{"key":"e_1_3_3_1_23_2","unstructured":"Mintong Kang Dawn Song and Bo Li. 2024. DiffAttack: Evasion Attacks Against Diffusion-Based Adversarial Purification. Proceedings of the Advances in Neural Information Processing Systems 36 (2024)."},{"key":"e_1_3_3_1_24_2","unstructured":"Hoki Kim. 2020. Torchattacks : A Pytorch Repository for Adversarial Attacks. CoRR abs\/2010.01950 (2020). arXiv:https:\/\/arXiv.org\/abs\/2010.01950"},{"key":"e_1_3_3_1_25_2","volume-title":"Proceedings of the Advances in Neural Information Processing Systems","volume":"31","author":"Kingma Durk\u00a0P","year":"2018","unstructured":"Durk\u00a0P Kingma and Prafulla Dhariwal. 2018. Glow: Generative flow with invertible 1x1 convolutions. In Proceedings of the Advances in Neural Information Processing Systems, Vol.\u00a031."},{"key":"e_1_3_3_1_26_2","volume-title":"2nd International Conference on Learning Representations, ICLR","author":"Kingma Diederik\u00a0P.","year":"2014","unstructured":"Diederik\u00a0P. Kingma and Max Welling. 2014. Auto-Encoding Variational Bayes. In 2nd International Conference on Learning Representations, ICLR, Yoshua Bengio and Yann LeCun (Eds.)."},{"key":"e_1_3_3_1_27_2","unstructured":"Alex Krizhevsky et\u00a0al. 2009. Learning multiple layers of features from tiny images. (2009)."},{"key":"e_1_3_3_1_28_2","unstructured":"Alex Krizhevsky Ilya Sutskever and Geoffrey\u00a0E Hinton. 2012. Imagenet classification with deep convolutional neural networks. Proceedings of the Advances in Neural Information Processing Systems 25 (2012)."},{"key":"e_1_3_3_1_29_2","unstructured":"Zongjian Li Bin Lin Yang Ye Liuhan Chen Xinhua Cheng Shenghai Yuan and Li Yuan. 2024. WF-VAE: Enhancing Video VAE by Wavelet-Driven Energy Flow for Latent Video Diffusion Model. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2411.17459 (2024)."},{"key":"e_1_3_3_1_30_2","unstructured":"Bin Lin Yunyang Ge Xinhua Cheng Zongjian Li Bin Zhu Shaodong Wang Xianyi He Yang Ye Shenghai Yuan Liuhan Chen et\u00a0al. 2024. Open-sora plan: Open-source large video generation model. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2412.00131 (2024)."},{"key":"e_1_3_3_1_31_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Lipman Yaron","year":"2023","unstructured":"Yaron Lipman, Ricky T.\u00a0Q. Chen, Heli Ben-Hamu, Maximilian Nickel, and Matthew Le. 2023. Flow Matching for Generative Modeling. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_3_1_32_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2017.56"},{"key":"e_1_3_3_1_33_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Madry Aleksander","year":"2018","unstructured":"Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2018. Towards Deep Learning Models Resistant to Adversarial Attacks. In Proceedings of the International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=rJzIBfZAb"},{"key":"e_1_3_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134057"},{"key":"e_1_3_3_1_35_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.41"},{"key":"e_1_3_3_1_36_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01042"},{"key":"e_1_3_3_1_37_2","first-page":"9179","volume-title":"International conference on machine learning","author":"Rybkin Oleh","year":"2021","unstructured":"Oleh Rybkin, Kostas Daniilidis, and Sergey Levine. 2021. Simple and effective VAE training with calibrated decoders. In International conference on machine learning. 9179\u20139189."},{"key":"e_1_3_3_1_38_2","unstructured":"Hadi Salman Jerry Li Ilya Razenshteyn Pengchuan Zhang Huan Zhang Sebastien Bubeck and Greg Yang. 2019. Provably robust deep learning via adversarially trained smoothed classifiers. Advances in neural information processing systems 32 (2019)."},{"key":"e_1_3_3_1_39_2","volume-title":"6th International Conference on Learning Representations, ICLR","author":"Samangouei Pouya","year":"2018","unstructured":"Pouya Samangouei, Maya Kabkab, and Rama Chellappa. 2018. Defense-GAN: Protecting Classifiers Against Adversarial Attacks Using Generative Models. In 6th International Conference on Learning Representations, ICLR. OpenReview.net."},{"key":"e_1_3_3_1_40_2","doi-asserted-by":"crossref","unstructured":"Leo Schwinn Ren\u00e9 Raab An Nguyen Dario Zanca and Bjoern Eskofier. 2023. Exploring misclassifications of robust neural networks to enhance adversarial attacks. Applied Intelligence 53 17 (2023) 19843\u201319859.","DOI":"10.1007\/s10489-023-04532-5"},{"key":"e_1_3_3_1_41_2","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417231"},{"key":"e_1_3_3_1_42_2","first-page":"2256","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Sohl-Dickstein Jascha","year":"2015","unstructured":"Jascha Sohl-Dickstein, Eric Weiss, Niru Maheswaranathan, and Surya Ganguli. 2015. Deep unsupervised learning using nonequilibrium thermodynamics. In Proceedings of the International Conference on Machine Learning. 2256\u20132265."},{"key":"e_1_3_3_1_43_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Song Jiaming","year":"2021","unstructured":"Jiaming Song, Chenlin Meng, and Stefano Ermon. 2021. Denoising Diffusion Implicit Models. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_3_1_44_2","volume-title":"International Conference on Learning Representations","author":"Song Yang","year":"2018","unstructured":"Yang Song, Taesup Kim, Sebastian Nowozin, Stefano Ermon, and Nate Kushman. 2018. PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples. In International Conference on Learning Representations."},{"key":"e_1_3_3_1_45_2","first-page":"1747","volume-title":"International conference on machine learning","author":"Den\u00a0Oord A\u00e4ron Van","year":"2016","unstructured":"A\u00e4ron Van Den\u00a0Oord, Nal Kalchbrenner, and Koray Kavukcuoglu. 2016. Pixel recurrent neural networks. In International conference on machine learning. 1747\u20131756."},{"key":"e_1_3_3_1_46_2","first-page":"36246","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Wang Zekai","year":"2023","unstructured":"Zekai Wang, Tianyu Pang, Chao Du, Min Lin, Weiwei Liu, and Shuicheng Yan. 2023. Better diffusion models further improve adversarial training. In Proceedings of the International Conference on Machine Learning. 36246\u201336263."},{"key":"e_1_3_3_1_47_2","unstructured":"Han Xiao Kashif Rasul and Roland Vollgraf. 2017. Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/1708.07747 (2017)."},{"key":"e_1_3_3_1_48_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Xie Cihang","year":"2018","unstructured":"Cihang Xie, Jianyu Wang, Zhishuai Zhang, Zhou Ren, and Alan Yuille. 2018. Mitigating Adversarial Effects Through Randomization. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_3_1_49_2","first-page":"5670","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Yingzhen Li","year":"2018","unstructured":"Li Yingzhen and Stephan Mandt. 2018. Disentangled sequential autoencoder. In Proceedings of the International Conference on Machine Learning. 5670\u20135679."},{"key":"e_1_3_3_1_50_2","unstructured":"Zangwei Zheng Xiangyu Peng Tianji Yang Chenhui Shen Shenggui Li Hongxin Liu Yukun Zhou Tianyi Li and Yang You. 2024. Open-sora: Democratizing efficient video production for all. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2412.20404 (2024)."}],"event":{"name":"Internetware 2025: the 16th International Conference on Internetware","location":"Trondheim Norway","acronym":"Internetware 2025","sponsor":["SIGSOFT ACM Special Interest Group on Artificial Intelligence"]},"container-title":["Proceedings of the 16th International Conference on Internetware"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3755881.3755928","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T11:48:47Z","timestamp":1761565727000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3755881.3755928"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,20]]},"references-count":49,"alternative-id":["10.1145\/3755881.3755928","10.1145\/3755881"],"URL":"https:\/\/doi.org\/10.1145\/3755881.3755928","relation":{},"subject":[],"published":{"date-parts":[[2025,6,20]]},"assertion":[{"value":"2025-10-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}