{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T02:27:45Z","timestamp":1769048865265,"version":"3.49.0"},"reference-count":27,"publisher":"Institute of Electronics, Information and Communications Engineers (IEICE)","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEICE Trans. Inf. & Syst."],"published-print":{"date-parts":[[2020,4,1]]},"DOI":"10.1587\/transinf.2019edp7188","type":"journal-article","created":{"date-parts":[[2020,3,31]],"date-time":"2020-03-31T22:25:26Z","timestamp":1585693526000},"page":"825-837","source":"Crossref","is-referenced-by-count":8,"title":["Evaluating Deep Learning for Image Classification in Adversarial Environment"],"prefix":"10.1587","volume":"E103.D","author":[{"given":"Ye","family":"PENG","sequence":"first","affiliation":[{"name":"College of Computer, National University of Defense Technology"}]},{"given":"Wentao","family":"ZHAO","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology"}]},{"given":"Wei","family":"CAI","sequence":"additional","affiliation":[{"name":"School of Science and Engineering, The Chinese University of Hong Kong"}]},{"given":"Jinshu","family":"SU","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology"}]},{"given":"Biao","family":"HAN","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology"}]},{"given":"Qiang","family":"LIU","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology"}]}],"member":"532","reference":[{"key":"1","doi-asserted-by":"publisher","unstructured":"[1] J. Schmidhuber, \u201cDeep learning in neural networks: An overview,\u201d Neural networks, vol.61, pp.85-117, 2015. 10.1016\/j.neunet.2014.09.003","DOI":"10.1016\/j.neunet.2014.09.003"},{"key":"2","doi-asserted-by":"publisher","unstructured":"[2] Q. Liu, P. Li, W. Zhao, W. Cai, S. Yu, and V.C.M. Leung, \u201cA survey on security threats and defensive techniques of machine learning: A Data Driven View,\u201d IEEE Access, vol.6, pp.12103-12117, 2018. 10.1109\/access.2018.2805680","DOI":"10.1109\/ACCESS.2018.2805680"},{"key":"3","doi-asserted-by":"publisher","unstructured":"[3] G. Litjens, T, Kooi, B.E, Bejnordi, A.A.A. Setio, F. Ciompi, M. Ghafoorian, J.A.W.M.V. Laak, B. van Ginneken, and C.I. S\u00e1nchez, \u201cA survey on deep learning in medical image analysis,\u201d Pattern Recognition, vol.42, pp.60-88, 2017. 10.1016\/j.media.2017.07.005","DOI":"10.1016\/j.media.2017.07.005"},{"key":"4","unstructured":"[4] G.L. Wittel and S.F. Wu, \u201cOn attacking statistical spam filters,\u201d Proc. CEAS, 2004."},{"key":"5","doi-asserted-by":"publisher","unstructured":"[5] B. Biggio and F. Roli, \u201cWild patterns: ten years after the rise of adversarial machine learning,\u201d Pattern Recognition, vol.84, pp.317-331, 2018. 10.1016\/j.patcog.2018.07.023","DOI":"10.1016\/j.patcog.2018.07.023"},{"key":"6","unstructured":"[6] A. Ilyas, L. Engstrom, A. Athalye, and J. Lin, \u201cBlack-box adversarial attacks with limited queries and information,\u201d [Online]. Available: https:\/\/arxiv.org\/abs\/1804.08598."},{"key":"7","unstructured":"[7] M. Barreno, B. Nelson, R. Sears, A.D. Jpseph, and J.D. Tygar, \u201cCan machine learning be secure?,\u201d Proc. ACM Symp. Inf. Comput. Commun. Security (ASIACCS'16), pp.16-25, 2016. 10.1145\/1128817.1128824"},{"key":"8","unstructured":"[8] T.W. Weng, H, Zhang, P.Y. Chen, et al, \u201cEvaluating the robustness of neural networks: An extreme value theory approach,\u201d Proc. International Conference on Learning Representations (ICLR'18), 2018."},{"key":"9","unstructured":"[9] O. Bastani, Y. Ioannou, L. Lampropoulos, D. Vytiniotis, A.V. Nori, and A. Criminist, \u201cMeasuring neural net robustness with constraints,\u201d Proc. Neural Information Processing Systems (NISP'16), pp.2613-2621, 2016."},{"key":"10","unstructured":"[10] V. Tjeng, K. Xiao, and R. Tedrake, \u201cEvaluating robustness of neural networks with mixed integer programming,\u201d [Online]. Available: https:\/\/arxiv.org\/abs\/1711.07356."},{"key":"11","unstructured":"[11] M, Cheng, J Yi, H, Zhang, et al, \u201cSeq2sick: Evaluating the robustness of sequence-to-sequence models with adversarial examples,\u201d [Online]. Available: https:\/\/arxiv.org\/abs\/1803.01128."},{"key":"12","unstructured":"[12] I.J. Goodfellow, J. Shlens and C. Szegedy, \u201cExplaining and harnessing adversarial examples,\u201d Proc. International Conference on Learning Representations (ICLR'15), 2015."},{"key":"13","doi-asserted-by":"crossref","unstructured":"[13] N. Carlini and D. Wagner, \u201cTowards evaluating the robustness of neural networks,\u201d Proc. IEEE Symposium on Security and Privacy (SP'17), Heidelberg, pp.39-57, 2017. 10.1109\/sp.2017.49","DOI":"10.1109\/SP.2017.49"},{"key":"14","doi-asserted-by":"crossref","unstructured":"[14] S.-M. Moosavi-Dezfooli, A, Fawzi, P, Frossard, \u201cDeepfool: a simple and accurate method to fool deep neural networks,\u201d Proc. Computer Vision and Pattern Recognition (CVPR'16), pp.2574-2582, 2016. 10.1109\/cvpr.2016.282","DOI":"10.1109\/CVPR.2016.282"},{"key":"15","doi-asserted-by":"crossref","unstructured":"[15] N. Papernot, P. McDaniel, S. Jha, M. Fredrikson, Z.B. Celik, and A.Swami, \u201cThe limitations of deep learning in adversarial settings,\u201d Proc.Eur.Symp.SecurityPrivacy(EuroS&P'16),pp.372-387,2016. 10.1109\/eurosp.2016.36","DOI":"10.1109\/EuroSP.2016.36"},{"key":"16","unstructured":"[16] A. Kurakin and I.J. Goodfellow, \u201cAdversarial examples in physical world,\u201d [Online]. Available: https:\/\/arxiv.org\/abs\/1607.02533."},{"key":"17","doi-asserted-by":"crossref","unstructured":"[17] Y. Dong, F. Liao, T. Pang, H. Su, J. Zhu, X. Hu, and J. Li, \u201cBoosting adversarial attacks with momentum,\u201d Proc. IEEE Conf. Comput. Vis. Pattern Recognit. (CVPR'2018), pp.9185-9193, 2018. 10.1109\/cvpr.2018.00957","DOI":"10.1109\/CVPR.2018.00957"},{"key":"18","unstructured":"[18] A. Madry and A. Makelov, \u201cTowards deep learning models resistant to adversaria,\u201d [Online]. Available: https:\/\/arxiv.org\/abs\/1706.06083."},{"key":"19","doi-asserted-by":"crossref","unstructured":"[19] P. Chen and Y. Sharma, \u201cEAD: Elastic-net attacks to deep neural networks via adversarial examples,\u201d Proc. The Association for the Advancement of Artificial Intelligence (AAAI'18), 2018.","DOI":"10.1609\/aaai.v32i1.11302"},{"key":"20","unstructured":"[20] A. Athalye, N. Carlini, and D. Wagner, \u201cObfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples,\u201d Proc. International Conference on Machine Learning (ICML'18), pp.274-283, 2018."},{"key":"21","doi-asserted-by":"publisher","unstructured":"[21] S. Chen, M. Xue, L. Fan, S. Hao, L. Xu, H. Zhu, and B. Li, \u201cAutomated Poisoning Attacks and Defenses in Malware Detection Systems: An Adversarial Machine Learning Approach,\u201d computers & security, vol.73, pp.326-344, 2018. 10.1016\/j.cose.2017.11.007","DOI":"10.1016\/j.cose.2017.11.007"},{"key":"22","doi-asserted-by":"crossref","unstructured":"[22] C. Liu, B. Li, Y. Vorobeychik, and A. Oprea, \u201cRobust linear regression against training data poisoning,\u201d Proc. Artificial Intelligence and Security (AIsec'17), Boston, MA, USA, pp.91-102, 2017. 10.1145\/3128572.3140447","DOI":"10.1145\/3128572.3140447"},{"key":"23","doi-asserted-by":"crossref","unstructured":"[23] B. Biggio, I. Corona, G. Fumera, G. Giacinto, and F. Roli, \u201cBagging classifiers for fighting poisoning attacks in adversarial classification tasks,\u201d Proc. Multiple Classifier Systems (MCS'11), Springer, Berlin, Heidelberg, pp.350-359, 2011. 10.1007\/978-3-642-21557-5_37","DOI":"10.1007\/978-3-642-21557-5_37"},{"key":"24","unstructured":"[24] F. Tramer and A. Kurakin, \u201cEnsemble adversarial training: Attacks and defenses,\u201d Proc. International Conference on Learning Representations (ICLR'2018), 2018."},{"key":"25","doi-asserted-by":"crossref","unstructured":"[25] N. Das, M. Shanbhogue, S.-T. Chen, F. Hohman, S. Li, L. Chen, M.E. Kounavis, and D.H. Chau, \u201cShield: Fast, practical defense and vaccination for deep learning using jpeg compression,\u201d Proc. International Conference on Knowledge Discovery & Data Mining (SIGKDD'18), pp.196-204, 2018. 10.1145\/3219819.3219910","DOI":"10.1145\/3219819.3219910"},{"key":"26","doi-asserted-by":"publisher","unstructured":"[26] B., Battista, G. Fumera, and F. Roli. \u201cSecurity evaluation of pattern classifiers under attack,\u201d IEEE Transactions on Knowledge and Data Engineering, vol.26, no.4, pp.984-996, 2013. 10.1109\/tkde.2013.57","DOI":"10.1109\/TKDE.2013.57"},{"key":"27","unstructured":"[27] T.-W. Weng, H. Zhang, P.-Y. Chen, J. Yi, D. Su, Y. Gao, C.-J. Hsieh, and L. Daniel, \u201cEvaluating the robustness of neural networks: An extreme value theory approach,\u201d arXiv preprint arXiv:1801.10578, 2018."}],"container-title":["IEICE Transactions on Information and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E103.D\/4\/E103.D_2019EDP7188\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,20]],"date-time":"2022-10-20T03:47:21Z","timestamp":1666237641000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E103.D\/4\/E103.D_2019EDP7188\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,4,1]]},"references-count":27,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2020]]}},"URL":"https:\/\/doi.org\/10.1587\/transinf.2019edp7188","relation":{},"ISSN":["0916-8532","1745-1361"],"issn-type":[{"value":"0916-8532","type":"print"},{"value":"1745-1361","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,4,1]]}}}