{"id":"https://openalex.org/W3009360213","doi":"https://doi.org/10.1109/globecom38437.2019.9013408","title":"Towards Robust Ensemble Defense Against Adversarial Examples Attack","display_name":"Towards Robust Ensemble Defense Against Adversarial Examples Attack","publication_year":2019,"publication_date":"2019-12-01","ids":{"openalex":"https://openalex.org/W3009360213","doi":"https://doi.org/10.1109/globecom38437.2019.9013408","mag":"3009360213"},"language":"en","primary_location":{"id":"doi:10.1109/globecom38437.2019.9013408","is_oa":false,"landing_page_url":"https://doi.org/10.1109/globecom38437.2019.9013408","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE Global Communications Conference (GLOBECOM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071069365","display_name":"Nag Mani","orcid":"https://orcid.org/0000-0002-1294-9745"},"institutions":[{"id":"https://openalex.org/I51504820","display_name":"San Jose State University","ror":"https://ror.org/04qyvz380","country_code":"US","type":"education","lineage":["https://openalex.org/I51504820"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Nag Mani","raw_affiliation_strings":["Dept. of Computer Science, San Jose State University, San Jose, USA"],"affiliations":[{"raw_affiliation_string":"Dept. of Computer Science, San Jose State University, San Jose, USA","institution_ids":["https://openalex.org/I51504820"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021884742","display_name":"Melody Moh","orcid":"https://orcid.org/0000-0002-8313-6645"},"institutions":[{"id":"https://openalex.org/I51504820","display_name":"San Jose State University","ror":"https://ror.org/04qyvz380","country_code":"US","type":"education","lineage":["https://openalex.org/I51504820"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Melody Moh","raw_affiliation_strings":["Dept. of Computer Science, San Jose State University, San Jose, USA"],"affiliations":[{"raw_affiliation_string":"Dept. of Computer Science, San Jose State University, San Jose, USA","institution_ids":["https://openalex.org/I51504820"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019298277","display_name":"Teng-Sheng Moh","orcid":"https://orcid.org/0000-0002-2726-102X"},"institutions":[{"id":"https://openalex.org/I51504820","display_name":"San Jose State University","ror":"https://ror.org/04qyvz380","country_code":"US","type":"education","lineage":["https://openalex.org/I51504820"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Teng-Sheng Moh","raw_affiliation_strings":["Dept. of Computer Science, San Jose State University, San Jose, USA"],"affiliations":[{"raw_affiliation_string":"Dept. of Computer Science, San Jose State University, San Jose, USA","institution_ids":["https://openalex.org/I51504820"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5071069365"],"corresponding_institution_ids":["https://openalex.org/I51504820"],"apc_list":null,"apc_paid":null,"fwci":0.7001,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.79060089,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.955730676651001},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.754895031452179},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6288174986839294},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.6191715598106384},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.5703397393226624},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.46705400943756104},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4244844615459442},{"id":"https://openalex.org/keywords/retraining","display_name":"Retraining","score":0.4121546447277069},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.09737694263458252}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.955730676651001},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.754895031452179},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6288174986839294},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.6191715598106384},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.5703397393226624},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.46705400943756104},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4244844615459442},{"id":"https://openalex.org/C2778712577","wikidata":"https://www.wikidata.org/wiki/Q3505966","display_name":"Retraining","level":2,"score":0.4121546447277069},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.09737694263458252},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/globecom38437.2019.9013408","is_oa":false,"landing_page_url":"https://doi.org/10.1109/globecom38437.2019.9013408","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 IEEE Global Communications Conference (GLOBECOM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W1673923490","https://openalex.org/W1883420340","https://openalex.org/W1945616565","https://openalex.org/W2047237187","https://openalex.org/W2194775991","https://openalex.org/W2243397390","https://openalex.org/W2293768274","https://openalex.org/W2460937040","https://openalex.org/W2922358462","https://openalex.org/W2963389226","https://openalex.org/W2963857521","https://openalex.org/W2964082701","https://openalex.org/W2964253222","https://openalex.org/W4293846201","https://openalex.org/W4300511536"],"related_works":["https://openalex.org/W4247200422","https://openalex.org/W4364305260","https://openalex.org/W4367364209","https://openalex.org/W4293054861","https://openalex.org/W4283771505","https://openalex.org/W3045863126","https://openalex.org/W4310877287","https://openalex.org/W2952919291","https://openalex.org/W4312101771","https://openalex.org/W4310473936"],"abstract_inverted_index":{"With":[0],"recent":[1],"advancements":[2],"in":[3,15,24,110],"the":[4,16,87,95,105,127,152,168,176],"field":[5],"of":[6,69,76,101,107,129,151,166,178,211,223],"artificial":[7],"intelligence,":[8],"deep":[9,32],"learning":[10,33],"has":[11,48,148],"created":[12],"a":[13,73,161,199,220],"niche":[14],"technology":[17],"space":[18],"and":[19,26,118],"is":[20,144,209],"being":[21],"actively":[22],"used":[23,154],"autonomous":[25,116],"IoT":[27],"systems":[28],"globally.":[29],"Unfortunately,":[30],"these":[31,102,142],"models":[34,53,103],"have":[35,125],"become":[36],"susceptible":[37],"to":[38,56,79,86],"adversarial":[39,61,64,82,133,169,205,214],"attacks":[40,57,134,215],"that":[41,50,182,208],"can":[42,92],"severely":[43],"impact":[44],"its":[45],"integrity.":[46],"Research":[47],"shown":[49],"many":[51],"state-of-the-art":[52],"are":[54,66,84],"vulnerable":[55],"by":[58,172],"well-":[59],"crafted":[60],"examples.":[62],"These":[63,81],"examples":[65,170],"perturbed":[67],"versions":[68],"clean":[70],"data":[71],"with":[72,219],"small":[74],"amount":[75],"noise":[77],"added":[78],"it.":[80],"samples":[83],"imperceptible":[85],"human":[88],"eye":[89],"yet":[90],"they":[91],"easily":[93],"fool":[94],"targeted":[96],"model.":[97,139],"The":[98],"exposed":[99],"vulnerabilities":[100],"raise":[104],"question":[106],"their":[108],"usability":[109],"safety-critical":[111],"real-world":[112],"applications":[113],"such":[114],"as":[115],"driving":[117],"medical":[119],"applications.":[120],"In":[121],"this":[122],"work,":[123],"we":[124],"documented":[126],"effectiveness":[128],"six":[130,213],"different":[131],"gradient-based":[132],"on":[135,216],"ResNet":[136],"image":[137],"recognition":[138],"Defending":[140],"against":[141,186,193],"adversaries":[143,188],"challenging.":[145],"Adversarial":[146],"re-training":[147],"been":[149],"one":[150],"widely":[153],"defense":[155,202],"technique.":[156],"It":[157],"aims":[158],"at":[159],"training":[160],"more":[162,194],"robust":[163],"model":[164],"capable":[165,210],"handling":[167],"attack":[171],"itself.":[173],"We":[174,197],"showcase":[175],"limitations":[177],"traditional":[179],"adversarial-retraining":[180],"techniques":[181],"could":[183],"be":[184],"effective":[185],"some":[187],"but":[189],"does":[190],"not":[191],"protect":[192],"sophisticated":[195],"attacks.":[196],"present":[198],"new":[200],"ensemble":[201],"strategy":[203],"using":[204],"retraining":[206],"technique":[207],"withstanding":[212],"cifar10":[217],"dataset":[218],"minimum":[221],"accuracy":[222],"89.31%.":[224]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}