{"id":"https://openalex.org/W3190013336","doi":"https://doi.org/10.1109/access.2021.3101289","title":"Cassandra: Detecting Trojaned Networks From Adversarial Perturbations","display_name":"Cassandra: Detecting Trojaned Networks From Adversarial Perturbations","publication_year":2021,"publication_date":"2021-01-01","ids":{"openalex":"https://openalex.org/W3190013336","doi":"https://doi.org/10.1109/access.2021.3101289","mag":"3190013336"},"language":"en","primary_location":{"id":"doi:10.1109/access.2021.3101289","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3101289","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09502110.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09502110.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100419434","display_name":"Xiaoyu Zhang","orcid":"https://orcid.org/0000-0003-1630-6058"},"institutions":[{"id":"https://openalex.org/I106165777","display_name":"University of Central Florida","ror":"https://ror.org/036nfer12","country_code":"US","type":"education","lineage":["https://openalex.org/I106165777"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaoyu Zhang","raw_affiliation_strings":["Department of Computer Science, University of Central Florida, Orlando, FL, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Central Florida, Orlando, FL, USA","institution_ids":["https://openalex.org/I106165777"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082971616","display_name":"Rohit Gupta","orcid":"https://orcid.org/0000-0002-9068-7429"},"institutions":[{"id":"https://openalex.org/I106165777","display_name":"University of Central Florida","ror":"https://ror.org/036nfer12","country_code":"US","type":"education","lineage":["https://openalex.org/I106165777"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rohit Gupta","raw_affiliation_strings":["Center for Research in Computer Vision, University of Central Florida, Orlando, FL, USA"],"raw_orcid":"https://orcid.org/0000-0002-9068-7429","affiliations":[{"raw_affiliation_string":"Center for Research in Computer Vision, University of Central Florida, Orlando, FL, USA","institution_ids":["https://openalex.org/I106165777"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089986388","display_name":"Ajmal Mian","orcid":"https://orcid.org/0000-0002-5206-3842"},"institutions":[{"id":"https://openalex.org/I177877127","display_name":"The University of Western Australia","ror":"https://ror.org/047272k79","country_code":"AU","type":"education","lineage":["https://openalex.org/I177877127"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Ajmal Mian","raw_affiliation_strings":["Department of Computer Science and Software Engineering, The University of Western Australia, Perth, WA, Australia"],"raw_orcid":"https://orcid.org/0000-0002-5206-3842","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Software Engineering, The University of Western Australia, Perth, WA, Australia","institution_ids":["https://openalex.org/I177877127"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109495751","display_name":"Nazanin Rahnavard","orcid":null},"institutions":[{"id":"https://openalex.org/I106165777","display_name":"University of Central Florida","ror":"https://ror.org/036nfer12","country_code":"US","type":"education","lineage":["https://openalex.org/I106165777"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nazanin Rahnavard","raw_affiliation_strings":["Department of Electrical Engineering, University of Central Florida, Orlando, FL, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, University of Central Florida, Orlando, FL, USA","institution_ids":["https://openalex.org/I106165777"]}]},{"author_position":"last","author":{"id":null,"display_name":"Mubarak Shah","orcid":"https://orcid.org/0000-0002-8216-1128"},"institutions":[{"id":"https://openalex.org/I106165777","display_name":"University of Central Florida","ror":"https://ror.org/036nfer12","country_code":"US","type":"education","lineage":["https://openalex.org/I106165777"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mubarak Shah","raw_affiliation_strings":["Center for Research in Computer Vision, University of Central Florida, Orlando, FL, USA"],"raw_orcid":"https://orcid.org/0000-0002-8216-1128","affiliations":[{"raw_affiliation_string":"Center for Research in Computer Vision, University of Central Florida, Orlando, FL, USA","institution_ids":["https://openalex.org/I106165777"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":2.099,"has_fulltext":true,"cited_by_count":17,"citation_normalized_percentile":{"value":0.89377323,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":"9","issue":null,"first_page":"135856","last_page":"135867"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9724000096321106,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9682999849319458,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8376643061637878},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7131659388542175},{"id":"https://openalex.org/keywords/mnist-database","display_name":"MNIST database","score":0.6083850264549255},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5690122842788696},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.528287947177887},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.4888996183872223},{"id":"https://openalex.org/keywords/trojan","display_name":"Trojan","score":0.4836103022098541},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.4483696520328522},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4258754849433899},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.4170660376548767},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.365980327129364},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.34186118841171265},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.33447688817977905},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3336179256439209}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8376643061637878},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7131659388542175},{"id":"https://openalex.org/C190502265","wikidata":"https://www.wikidata.org/wiki/Q17069496","display_name":"MNIST database","level":3,"score":0.6083850264549255},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5690122842788696},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.528287947177887},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.4888996183872223},{"id":"https://openalex.org/C174333608","wikidata":"https://www.wikidata.org/wiki/Q19635","display_name":"Trojan","level":2,"score":0.4836103022098541},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.4483696520328522},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4258754849433899},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.4170660376548767},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.365980327129364},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34186118841171265},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.33447688817977905},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3336179256439209},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1109/access.2021.3101289","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3101289","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09502110.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:pure.atira.dk:openaire/b0766c01-8961-4bf0-b0a5-f731defd866a","is_oa":true,"landing_page_url":"https://admin.research-repository.uwa.edu.au/en/publications/b0766c01-8961-4bf0-b0a5-f731defd866a","pdf_url":null,"source":{"id":"https://openalex.org/S4306402492","display_name":"UWA Profiles and Research Repository (UWA)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I177877127","host_organization_name":"The University of Western Australia","host_organization_lineage":["https://openalex.org/I177877127"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Zhang, X, Gupta, R, Mian, A, Rahnavard, N & Shah, M 2021, 'Cassandra : Detecting Trojaned Networks from Adversarial Perturbations', IEEE Access, vol. 9, pp. 135856-135867. https://doi.org/10.1109/ACCESS.2021.3101289","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:pure.atira.dk:publications/b0766c01-8961-4bf0-b0a5-f731defd866a","is_oa":true,"landing_page_url":"https://research-repository.uwa.edu.au/en/publications/b0766c01-8961-4bf0-b0a5-f731defd866a","pdf_url":null,"source":{"id":"https://openalex.org/S4306402492","display_name":"UWA Profiles and Research Repository (UWA)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I177877127","host_organization_name":"The University of Western Australia","host_organization_lineage":["https://openalex.org/I177877127"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Zhang, X, Gupta, R, Mian, A, Rahnavard, N & Shah, M 2021, 'Cassandra : Detecting Trojaned Networks from Adversarial Perturbations', IEEE Access, vol. 9, pp. 135856-135867. https://doi.org/10.1109/ACCESS.2021.3101289","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:doaj.org/article:cb27039fc3c4436aaaae44fdcb11766e","is_oa":true,"landing_page_url":"https://doaj.org/article/cb27039fc3c4436aaaae44fdcb11766e","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 9, Pp 135856-135867 (2021)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2021.3101289","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3101289","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09502110.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2514911462","display_name":null,"funder_award_id":"DP190102443","funder_id":"https://openalex.org/F4320334704","funder_display_name":"Australian Research Council"}],"funders":[{"id":"https://openalex.org/F4320334704","display_name":"Australian Research Council","ror":"https://ror.org/05mmh0f86"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3190013336.pdf","grobid_xml":"https://content.openalex.org/works/W3190013336.grobid-xml"},"referenced_works_count":59,"referenced_works":["https://openalex.org/W1673923490","https://openalex.org/W1945616565","https://openalex.org/W1989898472","https://openalex.org/W2243397390","https://openalex.org/W2543927648","https://openalex.org/W2590523583","https://openalex.org/W2593892853","https://openalex.org/W2594867206","https://openalex.org/W2606529538","https://openalex.org/W2611576673","https://openalex.org/W2618043096","https://openalex.org/W2620038827","https://openalex.org/W2738229973","https://openalex.org/W2753783305","https://openalex.org/W2774018344","https://openalex.org/W2774423163","https://openalex.org/W2798302089","https://openalex.org/W2807363941","https://openalex.org/W2900018096","https://openalex.org/W2934843808","https://openalex.org/W2942091739","https://openalex.org/W2950468330","https://openalex.org/W2962700793","https://openalex.org/W2962872506","https://openalex.org/W2963047332","https://openalex.org/W2963178695","https://openalex.org/W2963184668","https://openalex.org/W2963207607","https://openalex.org/W2963695663","https://openalex.org/W2963744840","https://openalex.org/W2963809642","https://openalex.org/W2964153729","https://openalex.org/W2966187620","https://openalex.org/W2966689772","https://openalex.org/W2982083293","https://openalex.org/W2988471847","https://openalex.org/W3011696425","https://openalex.org/W3034258347","https://openalex.org/W3041840141","https://openalex.org/W3043705394","https://openalex.org/W3109235236","https://openalex.org/W3196523899","https://openalex.org/W3198208730","https://openalex.org/W4289300166","https://openalex.org/W4293584023","https://openalex.org/W4297573953","https://openalex.org/W6637162671","https://openalex.org/W6640425456","https://openalex.org/W6733645847","https://openalex.org/W6734483310","https://openalex.org/W6734787559","https://openalex.org/W6736296761","https://openalex.org/W6742113789","https://openalex.org/W6746897123","https://openalex.org/W6756074407","https://openalex.org/W6766253520","https://openalex.org/W6770286897","https://openalex.org/W6774646902","https://openalex.org/W6780521961"],"related_works":["https://openalex.org/W4293054861","https://openalex.org/W4293846201","https://openalex.org/W2952919291","https://openalex.org/W2786184167","https://openalex.org/W4300080427","https://openalex.org/W3208723233","https://openalex.org/W2597787948","https://openalex.org/W2947175736","https://openalex.org/W4380925710","https://openalex.org/W4286890323"],"abstract_inverted_index":{"Deep":[0],"neural":[1],"networks":[2],"are":[3,15,75,156],"being":[4],"widely":[5],"deployed":[6],"for":[7,119],"critical":[8],"tasks.":[9],"In":[10],"many":[11],"cases,":[12],"pre-trained":[13,166],"models":[14,167],"sourced":[16],"from":[17,88],"vendors":[18],"who":[19],"may":[20],"have":[21],"disrupted":[22],"the":[23,37,48,96,103,130,141,172,181],"training":[24],"pipeline":[25],"to":[26,94,128,140,175],"insert":[27],"Trojan":[28,83],"behaviors.":[29],"These":[30],"malicious":[31],"behaviors":[32],"can":[33],"be":[34],"triggered":[35,153],"at":[36],"adversary\u2019s":[38],"will,":[39],"which":[40,74],"is":[41,138,185],"a":[42,51,56,68,134],"serious":[43],"security":[44],"threat.":[45],"To":[46],"verify":[47],"integrity":[49],"of":[50,133],"deep":[52],"model,":[53],"we":[54],"propose":[55],"method":[57,110,123],"that":[58],"captures":[59],"its":[60,71,92],"fingerprint":[61],"with":[62,115,164],"adversarial":[63,79,89],"perturbations.":[64,80],"Inserting":[65],"backdoors":[66],"into":[67],"network":[69,85,136,146],"alters":[70],"decision":[72,104],"boundaries":[73,105],"effectively":[76],"encoded":[77],"by":[78,107],"Our":[81,109,122],"proposed":[82],"detection":[84,127,179],"learns":[86],"features":[87],"patterns":[90],"and":[91,100,137,148,161,180],"properties":[93],"encode":[95],"unknown":[97],"trigger":[98,142,144],"shape":[99],"deviations":[101],"in":[102,168],"caused":[106],"backdoors.":[108],"works":[111],"completely":[112],"without":[113],"or":[114],"limited":[116],"clean":[117],"samples":[118],"improved":[120],"performance.":[121],"also":[124],"performs":[125],"anomaly":[126],"identify":[129],"target":[131],"class":[132],"Trojaned":[135,178],"invariant":[139],"type,":[143],"size,":[145],"architecture":[147],"does":[149],"not":[150],"require":[151],"any":[152],"samples.":[154],"Experiments":[155],"performed":[157],"on":[158,177],"MNIST,":[159],"NIST-TrojAI":[160],"Odysseus":[162],"datasets,":[163],"5000":[165],"total,":[169],"making":[170],"this":[171],"largest":[173],"study":[174],"date":[176],"new":[182],"state-of-the-art":[183],"accuracy":[184],"achieved.":[186]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":5}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}