{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T22:31:02Z","timestamp":1775773862476,"version":"3.50.1"},"reference-count":45,"publisher":"Tech Science Press","issue":"1","license":[{"start":{"date-parts":[[2025,8,31]],"date-time":"2025-08-31T00:00:00Z","timestamp":1756598400000},"content-version":"vor","delay-in-days":242,"URL":"https:\/\/doi.org\/10.32604\/TSP-CROSSMARKPOLICY"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["CMC"],"published-print":{"date-parts":[[2025]]},"DOI":"10.32604\/cmc.2025.066370","type":"journal-article","created":{"date-parts":[[2025,8,14]],"date-time":"2025-08-14T09:08:43Z","timestamp":1755162523000},"page":"2141-2155","update-policy":"https:\/\/doi.org\/10.32604\/tsp-crossmarkpolicy","source":"Crossref","is-referenced-by-count":2,"title":["An Effective Adversarial Defense Framework: From Robust Feature Perspective"],"prefix":"10.32604","volume":"85","author":[{"given":"Baolin","family":"Li","sequence":"first","affiliation":[]},{"given":"Tao","family":"Hu","sequence":"additional","affiliation":[]},{"given":"Xinlei","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Jichao","family":"Xie","sequence":"additional","affiliation":[]},{"given":"Peng","family":"Yi","sequence":"additional","affiliation":[]}],"member":"17807","published-online":{"date-parts":[[2025]]},"reference":[{"key":"ref1","series-title":"2024 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR); 2024 Jun 16\u201322","first-page":"1639","article-title":"LAFS: landmark-based facial self-supervised learning for face recognition","author":"Sun"},{"key":"ref2","series-title":"2023 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR); 2023 Jun 17\u201324","first-page":"17853","article-title":"Planning-oriented autonomous driving","author":"Hu"},{"key":"ref3","series-title":"2024 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR); 2024 Jun 16\u201322","first-page":"4051","article-title":"MFP: making full use of probability maps for interactive image segmentation","author":"Lee"},{"key":"ref4","unstructured":"Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I, et al. Intriguing properties of neural networks.arXiv:1312.6199. 2014."},{"key":"ref5","series-title":"2024 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR); 2024 Jun 16\u201322","first-page":"10854","article-title":"Consistency and uncertainty: identifying unreliable responses from black-box vision-language models for selective visual question answering","author":"Khan"},{"key":"ref6","doi-asserted-by":"crossref","first-page":"109902","DOI":"10.1016\/j.patcog.2023.109902","article-title":"Jacobian norm with selective input gradient regularization for interpretable adversarial defense","volume":"145","author":"Liu","year":"2024","journal-title":"Pattern Recognit"},{"key":"ref7","series-title":"Proceedings of the 36th International Conference on Machine Learning (ICML); 2019 Jun 9\u201315","first-page":"1310","article-title":"Certified adversarial robustness via randomized smoothing","author":"Cohen"},{"key":"ref8","unstructured":"Goodfellow IJ, Shlens J, Szegedy C. Explaining and harnessing adversarial examples. arXiv:1412.6572. 2015."},{"key":"ref9","series-title":"Proceedings of the ICML, 2015 Workshop on Deep Learning; 2015 Jul 6\u201311","first-page":"55","article-title":"Fundamental limits on adversarial robustness","author":"Fawzi"},{"key":"ref10","series-title":"2016 International Joint Conference on Neural Networks (IJCNN); 2016 Jul 24\u201329","first-page":"426","article-title":"Exploring the space of adversarial images","author":"Tabacof"},{"key":"ref11","unstructured":"Cubuk ED, Zoph B, Schoenholz SS, Le QV. Intriguing properties of adversarial examples. arXiv:1711.02846. 2018."},{"key":"ref12","series-title":"Advances in Neural Information Processing Systems 33 (NeurIPS 2019); 2019 Dec 8\u201314","first-page":"125","article-title":"Adversarial examples are not bugs, they are features","author":"Ilyas"},{"key":"ref13","series-title":"Advances in Neural Information Processing Systems 35 (NeurIPS 2021); 2021 Dec 6-14; Online","first-page":"16051","article-title":"Class-disentanglement and applications in adversarial detection and defense","author":"Yang"},{"key":"ref14","series-title":"Proceedings of the 36th International Conference on Machine Learning (ICML); 2019 Jun 9\u201315","first-page":"4114","article-title":"Challenging common assumptions in the unsupervised learning of disentangled representations","author":"Locatello"},{"key":"ref15","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1145\/3422622","article-title":"Generative adversarial networks","volume":"63","author":"Goodfellow","year":"2020","journal-title":"Commun ACM"},{"key":"ref16","doi-asserted-by":"crossref","first-page":"109010","DOI":"10.1016\/j.patcog.2022.109010","article-title":"BH2I-GAN: bidirectional hash_code-to-image translation using multi-generative multi-adversarial nets","volume":"133","author":"Xu","year":"2023","journal-title":"Pattern Recognit"},{"key":"ref17","series-title":"The 5th International Conference on Learning Representations (ICLR); 2017 Apr 24\u201326","first-page":"1","article-title":"beta-VAE: learning basic visual concepts with a constrained variational framework","author":"Higgins"},{"key":"ref18","series-title":"The 5th International Conference on Learning Representations (ICLR); 2017 Apr 24\u201326","first-page":"1","article-title":"Adversarial examples in the physical world","author":"Kurakin"},{"key":"ref19","series-title":"The 6th International Conference on Learning Representations (ICLR); 2018 Apr 30\u2013May 3","first-page":"1","article-title":"Ensemble adversarial training: attacks and defenses","author":"Tram\u00e8r"},{"key":"ref20","series-title":"The 6th International Conference on Learning Representations (ICLR); 2018 Apr\u2013May 3","first-page":"1","article-title":"Towards deep learning models resistant to adversarial attacks","author":"Madry"},{"key":"ref21","first-page":"284","volume":"80","author":"Athalye","year":"2018","journal-title":"Proceedings of the 35th International Conference on Machine Learning (ICML)"},{"key":"ref22","first-page":"2206","article-title":"Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks","author":"Croce","journal-title":"Proceedings of The 37th International Conference on Machine Learning (ICML); 2020 Jul 13\u201318; Online"},{"key":"ref23","series-title":"2021 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR); 2021 Jun 20\u201325","first-page":"1924","article-title":"Enhancing the transferability of adversarial attacks through variance tuning","author":"Wang"},{"key":"ref24","doi-asserted-by":"crossref","first-page":"1725","DOI":"10.1109\/TPAMI.2020.3032061","article-title":"A hamiltonian monte carlo method for probabilistic adversarial attack and learning","volume":"44","author":"Wang","year":"2022","journal-title":"IEEE Trans Pattern Anal Mach Intell"},{"key":"ref25","series-title":"2017 IEEE Symposium on Security and Privacy (SP); 2017 May 22\u201326","first-page":"39","article-title":"Towards evaluating the robustness of neural networks","author":"Carlini"},{"key":"ref26","series-title":"2023 China Automation Congress (CAC); 2023 Nov 17\u201319","first-page":"910","article-title":"Generating adversarial examples for white-box attacks based on GAN","author":"Su"},{"key":"ref27","series-title":"2022 International Joint Conference on Neural Networks (IJCNN); 2022 Jul 18\u201323","first-page":"1","article-title":"Pixle: a fast and effective black-box attack based on rearranging pixels","author":"Pomponi"},{"key":"ref28","series-title":"Computer Vision\u2014ECCV 2020\u201416th European Conference","first-page":"484","article-title":"A query-efficient black-box adversarial attack via random search","author":"Andriushchenko","year":"2020"},{"key":"ref29","first-page":"1829","author":"Zhang","year":"2019","journal-title":"Advances in Neural Information Processing Systems 33 (NeurIPS 2019)"},{"key":"ref30","series-title":"25th Annual Network and Distributed System Security Symposium (NDSS); 2018 Feb 18\u201321","first-page":"1","article-title":"Feature squeezing: detecting adversarial examples in deep neural networks","author":"Xu"},{"key":"ref31","series-title":"The 6th International Conference on Learning Representations (ICLR); 2018 Apr 30\u2013May 3","first-page":"1","article-title":"Countering adversarial images using input transformations","author":"Guo"},{"key":"ref32","series-title":"2018 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR); 2018 Jun 18\u201323","first-page":"1778","article-title":"Defense against adversarial attacks using high-level representation guided denoiser","author":"Liao"},{"key":"ref33","series-title":"2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP); 2019 May 12\u201317","first-page":"3842","article-title":"APE-GAN: adversarial perturbation elimination with GAN","author":"Jin"},{"key":"ref34","series-title":"Proceedings of the 39th International Conference on Machine Learning (ICML); 2022 Jul 17\u201323","first-page":"16805","article-title":"Diffusion models for adversarial purification","author":"Nie"},{"key":"ref35","series-title":"2016 IEEE Symposium on Security and Privacy (SP); 2016 May 22\u201326","first-page":"582","article-title":"Distillation as a defense to adversarial perturbations against deep neural networks","author":"Papernot"},{"key":"ref36","doi-asserted-by":"crossref","first-page":"6679","DOI":"10.1109\/TNNLS.2024.3386642","article-title":"On the robustness of bayesian neural networks to adversarial attacks","volume":"36","author":"Bortolussi","year":"2025","journal-title":"IEEE Trans Neural Netw Learn Syst"},{"key":"ref37","series-title":"The 34th British Machine Vision Conference 2023 (BMVC); 2023 Nov 20\u201324","first-page":"739","article-title":"Robust principles: architectural design principles for adversarially robust CNNs","author":"Peng"},{"key":"ref38","series-title":"Advances in Neural Information Processing Systems 35 (NeurIPS 2021)","first-page":"17642","article-title":"TRS: transferability reduced ensemble via promoting gradient diversity and model smoothness","author":"Yang","year":"2021"},{"key":"ref39","series-title":"2019 IEEE Conference on Computer Vision and Pattern Recognition (CVPR); 2019 Jun 15\u201320","first-page":"9078","article-title":"Robustness via curvature regularization, and vice versa","author":"Moosavi-Dezfooli"},{"key":"ref40","series-title":"2020 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR); 2020 Jun 13\u201319","first-page":"14509","article-title":"Understanding adversarial examples from the mutual influence of images and perturbations","author":"Zhang"},{"key":"ref41","unstructured":"Kim H. Torchattacks: a pytorch repository for adversarial attacks. arXiv:2010.01950. 2020."},{"key":"ref42","doi-asserted-by":"crossref","first-page":"2278","DOI":"10.1109\/5.726791","article-title":"Gradient-based learning applied to document recognition","volume":"86","author":"Lecun","year":"1998","journal-title":"Proc IEEE"},{"key":"ref43","series-title":"Technical report","article-title":"Learning multiple layers of features from tiny images","author":"Krizhevsky","year":"2009"},{"key":"ref44","series-title":"Proceedings of the British Machine Vision Conference (BMVC); 2016 Sep 19\u201322","first-page":"87.1","article-title":"Wide residual networks","author":"Zagoruyko"},{"key":"ref45","series-title":"2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR); 2016 Jun 27\u201330","first-page":"770","article-title":"Deep residual learning for image recognition","author":"He"}],"container-title":["Computers, Materials &amp; Continua"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/cdn.techscience.cn\/files\/cmc\/2025\/TSP_CMC-85-1\/TSP_CMC_66370\/TSP_CMC_66370.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,17]],"date-time":"2025-11-17T02:06:01Z","timestamp":1763345161000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.techscience.com\/cmc\/v85n1\/63536"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":45,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025]]},"published-print":{"date-parts":[[2025]]}},"URL":"https:\/\/doi.org\/10.32604\/cmc.2025.066370","relation":{},"ISSN":["1546-2226"],"issn-type":[{"value":"1546-2226","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"2025-04-07","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-07-24","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-08-29","order":2,"name":"published","label":"Published Online","group":{"name":"publication_history","label":"Publication History"}}]}}