{"id":"https://openalex.org/W2964246311","doi":"https://doi.org/10.1109/icassp.2019.8682578","title":"When Not to Classify: Detection of Reverse Engineering Attacks on DNN Image Classifiers","display_name":"When Not to Classify: Detection of Reverse Engineering Attacks on DNN Image Classifiers","publication_year":2019,"publication_date":"2019-04-17","ids":{"openalex":"https://openalex.org/W2964246311","doi":"https://doi.org/10.1109/icassp.2019.8682578","mag":"2964246311"},"language":"en","primary_location":{"id":"doi:10.1109/icassp.2019.8682578","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icassp.2019.8682578","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ICASSP 2019 - 2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100767801","display_name":"Yujia Wang","orcid":"https://orcid.org/0000-0002-6733-4967"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Yujia Wang","raw_affiliation_strings":["School of EECS, The Pennsylvania State University, PA"],"affiliations":[{"raw_affiliation_string":"School of EECS, The Pennsylvania State University, PA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101739086","display_name":"David J. Miller","orcid":"https://orcid.org/0000-0001-8848-1643"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"David J. Miller","raw_affiliation_strings":["School of EECS, The Pennsylvania State University, PA"],"affiliations":[{"raw_affiliation_string":"School of EECS, The Pennsylvania State University, PA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063903486","display_name":"George Kesidis","orcid":"https://orcid.org/0000-0001-7947-8127"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"George Kesidis","raw_affiliation_strings":["School of EECS, The Pennsylvania State University, PA"],"affiliations":[{"raw_affiliation_string":"School of EECS, The Pennsylvania State University, PA","institution_ids":["https://openalex.org/I130769515"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5100767801"],"corresponding_institution_ids":["https://openalex.org/I130769515"],"apc_list":null,"apc_paid":null,"fwci":0.7001,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.77825708,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"8063","last_page":"8066"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9751999974250793,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11515","display_name":"Bacillus and Francisella bacterial research","score":0.9610999822616577,"subfield":{"id":"https://openalex.org/subfields/1312","display_name":"Molecular Biology"},"field":{"id":"https://openalex.org/fields/13","display_name":"Biochemistry, Genetics and Molecular Biology"},"domain":{"id":"https://openalex.org/domains/1","display_name":"Life Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.810273289680481},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.757393479347229},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6309645175933838},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.6158947348594666},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5392872095108032},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5243668556213379},{"id":"https://openalex.org/keywords/reverse-engineering","display_name":"Reverse engineering","score":0.5166493058204651},{"id":"https://openalex.org/keywords/contextual-image-classification","display_name":"Contextual image classification","score":0.4537934362888336},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.44041192531585693},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.4273374378681183},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.41448289155960083},{"id":"https://openalex.org/keywords/image","display_name":"Image (mathematics)","score":0.30384740233421326},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.08687880635261536}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.810273289680481},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.757393479347229},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6309645175933838},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.6158947348594666},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5392872095108032},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5243668556213379},{"id":"https://openalex.org/C207850805","wikidata":"https://www.wikidata.org/wiki/Q269608","display_name":"Reverse engineering","level":2,"score":0.5166493058204651},{"id":"https://openalex.org/C75294576","wikidata":"https://www.wikidata.org/wiki/Q5165192","display_name":"Contextual image classification","level":3,"score":0.4537934362888336},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.44041192531585693},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.4273374378681183},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.41448289155960083},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.30384740233421326},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.08687880635261536},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icassp.2019.8682578","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icassp.2019.8682578","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ICASSP 2019 - 2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.8199999928474426,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W1945616565","https://openalex.org/W2124415900","https://openalex.org/W2140412375","https://openalex.org/W2180612164","https://openalex.org/W2181089405","https://openalex.org/W2461943168","https://openalex.org/W2603766943","https://openalex.org/W2617376838","https://openalex.org/W2781036271","https://openalex.org/W2898780854","https://openalex.org/W2963207607","https://openalex.org/W2963564844","https://openalex.org/W2963857521","https://openalex.org/W2964318098","https://openalex.org/W4299147078","https://openalex.org/W6640425456","https://openalex.org/W6747323232"],"related_works":["https://openalex.org/W2363831530","https://openalex.org/W2363845219","https://openalex.org/W2381057835","https://openalex.org/W1789649838","https://openalex.org/W1780668307","https://openalex.org/W1984362519","https://openalex.org/W2051831113","https://openalex.org/W2650054517","https://openalex.org/W2808001300","https://openalex.org/W1548771250"],"abstract_inverted_index":{"This":[0],"paper":[1],"addresses":[2],"detection":[3],"of":[4,38],"a":[5,11,44],"reverse":[6],"engineering":[7],"(RE)":[8],"attack":[9],"targeting":[10],"deep":[12],"neural":[13],"network":[14],"(DNN)":[15],"image":[16],"classifier;":[17],"by":[18],"querying,":[19],"RE's":[20],"aim":[21],"is":[22,69],"to":[23,49,60,80],"discover":[24],"the":[25,39],"classifier's":[26],"decision":[27],"rule.":[28],"RE":[29,62,74],"can":[30],"enable":[31],"test-time":[32,51,83],"evasion":[33,52,84],"attacks,":[34],"which":[35],"require":[36],"knowledge":[37],"classifier.":[40],"Recently,":[41],"we":[42,57],"proposed":[43],"quite":[45],"effective":[46,82],"approach":[47],"(ADA)":[48],"detect":[50,61],"attacks.":[53,85],"In":[54],"this":[55],"paper,":[56],"extend":[58],"ADA":[59],"attacks":[63,75],"(ADA-RE).":[64],"We":[65],"demonstrate":[66],"our":[67],"method":[68],"successful":[70],"in":[71],"detecting":[72],"\"stealthy\"":[73],"before":[76],"they":[77],"learn":[78],"enough":[79],"launch":[81]},"counts_by_year":[{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}