{"id":"https://openalex.org/W3132118961","doi":"https://doi.org/10.1109/dsc49826.2021.9346264","title":"A Black-Box Adversarial Attack via Deep Reinforcement Learning on the Feature Space","display_name":"A Black-Box Adversarial Attack via Deep Reinforcement Learning on the Feature Space","publication_year":2021,"publication_date":"2021-01-30","ids":{"openalex":"https://openalex.org/W3132118961","doi":"https://doi.org/10.1109/dsc49826.2021.9346264","mag":"3132118961"},"language":"en","primary_location":{"id":"doi:10.1109/dsc49826.2021.9346264","is_oa":false,"landing_page_url":"https://doi.org/10.1109/dsc49826.2021.9346264","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5050272463","display_name":"Lyue Li","orcid":null},"institutions":[{"id":"https://openalex.org/I148366613","display_name":"National Yang Ming Chiao Tung University","ror":"https://ror.org/00se2k293","country_code":"TW","type":"education","lineage":["https://openalex.org/I148366613"]}],"countries":["TW"],"is_corresponding":true,"raw_author_name":"Lyue Li","raw_affiliation_strings":["National Chiao Tung University,Computer Science Department,Hsinchu,Taiwan,30050"],"affiliations":[{"raw_affiliation_string":"National Chiao Tung University,Computer Science Department,Hsinchu,Taiwan,30050","institution_ids":["https://openalex.org/I148366613"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021109938","display_name":"Amir Rezapour","orcid":"https://orcid.org/0000-0002-1879-4668"},"institutions":[{"id":"https://openalex.org/I148366613","display_name":"National Yang Ming Chiao Tung University","ror":"https://ror.org/00se2k293","country_code":"TW","type":"education","lineage":["https://openalex.org/I148366613"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Amir Rezapour","raw_affiliation_strings":["National Chiao Tung University,Computer Science Department,Hsinchu,Taiwan,30050"],"affiliations":[{"raw_affiliation_string":"National Chiao Tung University,Computer Science Department,Hsinchu,Taiwan,30050","institution_ids":["https://openalex.org/I148366613"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5050112080","display_name":"Wen-Guey Tzeng","orcid":"https://orcid.org/0000-0002-0441-5006"},"institutions":[{"id":"https://openalex.org/I148366613","display_name":"National Yang Ming Chiao Tung University","ror":"https://ror.org/00se2k293","country_code":"TW","type":"education","lineage":["https://openalex.org/I148366613"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Wen-Guey Tzeng","raw_affiliation_strings":["National Chiao Tung University,Computer Science Department,Hsinchu,Taiwan,30050"],"affiliations":[{"raw_affiliation_string":"National Chiao Tung University,Computer Science Department,Hsinchu,Taiwan,30050","institution_ids":["https://openalex.org/I148366613"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5050272463"],"corresponding_institution_ids":["https://openalex.org/I148366613"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.02665074,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11515","display_name":"Bacillus and Francisella bacterial research","score":0.9714999794960022,"subfield":{"id":"https://openalex.org/subfields/1312","display_name":"Molecular Biology"},"field":{"id":"https://openalex.org/fields/13","display_name":"Biochemistry, Genetics and Molecular Biology"},"domain":{"id":"https://openalex.org/domains/1","display_name":"Life Sciences"}},{"id":"https://openalex.org/T14117","display_name":"Integrated Circuits and Semiconductor Failure Analysis","score":0.9366000294685364,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7499054670333862},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7468300461769104},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.7030919790267944},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6596139669418335},{"id":"https://openalex.org/keywords/pixel","display_name":"Pixel","score":0.5770045518875122},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.576903760433197},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.5268862247467041},{"id":"https://openalex.org/keywords/feature-vector","display_name":"Feature vector","score":0.489229679107666},{"id":"https://openalex.org/keywords/contextual-image-classification","display_name":"Contextual image classification","score":0.4776117503643036},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4258248805999756},{"id":"https://openalex.org/keywords/image","display_name":"Image (mathematics)","score":0.250493586063385}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7499054670333862},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7468300461769104},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.7030919790267944},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6596139669418335},{"id":"https://openalex.org/C160633673","wikidata":"https://www.wikidata.org/wiki/Q355198","display_name":"Pixel","level":2,"score":0.5770045518875122},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.576903760433197},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.5268862247467041},{"id":"https://openalex.org/C83665646","wikidata":"https://www.wikidata.org/wiki/Q42139305","display_name":"Feature vector","level":2,"score":0.489229679107666},{"id":"https://openalex.org/C75294576","wikidata":"https://www.wikidata.org/wiki/Q5165192","display_name":"Contextual image classification","level":3,"score":0.4776117503643036},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4258248805999756},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.250493586063385}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/dsc49826.2021.9346264","is_oa":false,"landing_page_url":"https://doi.org/10.1109/dsc49826.2021.9346264","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE Conference on Dependable and Secure Computing (DSC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4699999988079071,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G1787585599","display_name":null,"funder_award_id":"107-2221-E-009-024-MY2","funder_id":"https://openalex.org/F4320309618","funder_display_name":"Ministry of Science and Technology"},{"id":"https://openalex.org/G6560411740","display_name":null,"funder_award_id":"l06-EC-17-A-24-0619","funder_id":"https://openalex.org/F4320320999","funder_display_name":"The Ministry of Economic Affairs and Employment"}],"funders":[{"id":"https://openalex.org/F4320309618","display_name":"Ministry of Science and Technology","ror":"https://ror.org/02b207r52"},{"id":"https://openalex.org/F4320320999","display_name":"The Ministry of Economic Affairs and Employment","ror":"https://ror.org/008d1xp69"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W1673923490","https://openalex.org/W1945616565","https://openalex.org/W2108598243","https://openalex.org/W2112796928","https://openalex.org/W2163605009","https://openalex.org/W2243397390","https://openalex.org/W2460937040","https://openalex.org/W2603766943","https://openalex.org/W2618043096","https://openalex.org/W2746600820","https://openalex.org/W2948487788","https://openalex.org/W2962711307","https://openalex.org/W2962878175","https://openalex.org/W2963207607","https://openalex.org/W2963448658","https://openalex.org/W2963857521","https://openalex.org/W2964153729","https://openalex.org/W2964197269","https://openalex.org/W3106412272","https://openalex.org/W4300511536","https://openalex.org/W6637162671","https://openalex.org/W6640425456","https://openalex.org/W6684191040","https://openalex.org/W6719080892","https://openalex.org/W6747838381","https://openalex.org/W6748204703"],"related_works":["https://openalex.org/W2502115930","https://openalex.org/W4246396837","https://openalex.org/W2482350142","https://openalex.org/W3176240006","https://openalex.org/W3126451824","https://openalex.org/W1561927205","https://openalex.org/W3191453585","https://openalex.org/W2005234362","https://openalex.org/W2162970382","https://openalex.org/W1997235926"],"abstract_inverted_index":{"In":[0],"this":[1],"paper":[2],"we":[3,164],"propose":[4],"a":[5,31,97,128,145,151,183],"novel":[6],"black-box":[7],"adversarial":[8,59,102],"attack":[9,93,173,193],"by":[10,174],"using":[11],"the":[12,17,20,54,62,68,75,109,125,198],"reinforcement":[13],"learning":[14],"to":[15,29,39,56,112,170,203],"learn":[16],"characteristics":[18,126],"of":[19,52,71,74,77,127,137,159],"target":[21,199],"classifier":[22,33,200],"C.":[23],"Our":[24,80,88,101],"method":[25,46,81,89,122,139,190],"does":[26],"not":[27],"need":[28],"find":[30],"substitute":[32],"that":[34,166,188],"resembles":[35],"C":[36],"with":[37],"respect":[38],"its":[40],"structure":[41],"and":[42,148],"parameters.":[43],"Instead,":[44],"our":[45,121,138,172,189],"learns":[47],"an":[48,58],"optimal":[49],"attacking":[50],"policy":[51],"guiding":[53],"attacker":[55],"build":[57],"image":[60],"from":[61],"original":[63,113],"image.":[64],"We":[65,186],"work":[66],"on":[67,85,96,124],"feature":[69],"space":[70],"images,":[72],"instead":[73],"pixels":[76],"images":[78,103,114],"directly.":[79],"achieves":[82,90,191],"better":[83,105,132],"results":[84,158],"many":[86],"measures.":[87],"94.5":[91],"%":[92,143],"success":[94,194],"rate":[95,136,195],"well-trained":[98],"digit":[99],"classifier.":[100],"have":[104],"imperceptibility":[106],"even":[107,196],"though":[108,197],"norm":[110],"distances":[111],"are":[115],"larger":[116],"than":[117],"other":[118],"methods.":[119],"Since":[120],"works":[123],"classifier,":[129],"it":[130,167],"has":[131],"transferability.":[133],"The":[134],"transfer":[135,161],"could":[140],"reach":[141],"52.1":[142],"for":[144,150],"targeted":[146],"class":[147],"65.9%":[149],"non-targeted":[152],"class.":[153],"This":[154],"improves":[155],"over":[156],"previous":[157],"single-digit":[160],"rates.":[162],"Also,":[163],"show":[165,187],"is":[168],"harder":[169],"defend":[171],"incorporating":[175],"defense":[176],"mechanisms,":[177],"such":[178],"as":[179],"MagNet,":[180],"which":[181],"uses":[182],"denoising":[184],"technique.":[185],"65%":[192],"employs":[201],"MagNet":[202],"defend.":[204]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}