{"id":"https://openalex.org/W4313120717","doi":"https://doi.org/10.1109/icpr56361.2022.9956476","title":"Boundary Defense Against Black-box Adversarial Attacks","display_name":"Boundary Defense Against Black-box Adversarial Attacks","publication_year":2022,"publication_date":"2022-08-21","ids":{"openalex":"https://openalex.org/W4313120717","doi":"https://doi.org/10.1109/icpr56361.2022.9956476"},"language":"en","primary_location":{"id":"doi:10.1109/icpr56361.2022.9956476","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icpr56361.2022.9956476","pdf_url":null,"source":{"id":"https://openalex.org/S4363607731","display_name":"2022 26th International Conference on Pattern Recognition (ICPR)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 26th International Conference on Pattern Recognition (ICPR)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5017805934","display_name":"Manjushree B. Aithal","orcid":"https://orcid.org/0000-0001-8953-5906"},"institutions":[{"id":"https://openalex.org/I123946342","display_name":"Binghamton University","ror":"https://ror.org/008rmbt77","country_code":"US","type":"education","lineage":["https://openalex.org/I123946342"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Manjushree B. Aithal","raw_affiliation_strings":["Binghamton University,Department of Electrical and Computer Engineering,Binghamton,NY,USA,13902"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Binghamton University,Department of Electrical and Computer Engineering,Binghamton,NY,USA,13902","institution_ids":["https://openalex.org/I123946342"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100434102","display_name":"Xiaohua Li","orcid":"https://orcid.org/0000-0002-1209-7837"},"institutions":[{"id":"https://openalex.org/I123946342","display_name":"Binghamton University","ror":"https://ror.org/008rmbt77","country_code":"US","type":"education","lineage":["https://openalex.org/I123946342"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaohua Li","raw_affiliation_strings":["Binghamton University,Department of Electrical and Computer Engineering,Binghamton,NY,USA,13902"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Binghamton University,Department of Electrical and Computer Engineering,Binghamton,NY,USA,13902","institution_ids":["https://openalex.org/I123946342"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5017805934"],"corresponding_institution_ids":["https://openalex.org/I123946342"],"apc_list":null,"apc_paid":null,"fwci":0.5215,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.65039746,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"2349","last_page":"2356"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9901999831199646,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9832000136375427,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7511416673660278},{"id":"https://openalex.org/keywords/black-box","display_name":"Black box","score":0.6151476502418518},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5855178236961365},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5713866353034973},{"id":"https://openalex.org/keywords/boundary","display_name":"Boundary (topology)","score":0.5482516884803772},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.1814272701740265},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.1631896197795868},{"id":"https://openalex.org/keywords/mathematical-analysis","display_name":"Mathematical analysis","score":0.08420532941818237}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7511416673660278},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.6151476502418518},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5855178236961365},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5713866353034973},{"id":"https://openalex.org/C62354387","wikidata":"https://www.wikidata.org/wiki/Q875399","display_name":"Boundary (topology)","level":2,"score":0.5482516884803772},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.1814272701740265},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.1631896197795868},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.08420532941818237}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icpr56361.2022.9956476","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icpr56361.2022.9956476","pdf_url":null,"source":{"id":"https://openalex.org/S4363607731","display_name":"2022 26th International Conference on Pattern Recognition (ICPR)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 26th International Conference on Pattern Recognition (ICPR)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":93,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W1673923490","https://openalex.org/W1945616565","https://openalex.org/W2119112357","https://openalex.org/W2160815625","https://openalex.org/W2163605009","https://openalex.org/W2620038827","https://openalex.org/W2746600820","https://openalex.org/W2754049786","https://openalex.org/W2786118190","https://openalex.org/W2918288556","https://openalex.org/W2950048339","https://openalex.org/W2950782995","https://openalex.org/W2951735139","https://openalex.org/W2952104986","https://openalex.org/W2962710014","https://openalex.org/W2962711307","https://openalex.org/W2963001136","https://openalex.org/W2963062382","https://openalex.org/W2963070423","https://openalex.org/W2963143631","https://openalex.org/W2963361074","https://openalex.org/W2963485691","https://openalex.org/W2963564844","https://openalex.org/W2963693747","https://openalex.org/W2963744840","https://openalex.org/W2963857521","https://openalex.org/W2963920068","https://openalex.org/W2963952467","https://openalex.org/W2964082701","https://openalex.org/W2964197269","https://openalex.org/W2964205597","https://openalex.org/W2964346747","https://openalex.org/W2966658324","https://openalex.org/W2989696285","https://openalex.org/W2996409713","https://openalex.org/W3009870288","https://openalex.org/W3015625436","https://openalex.org/W3034558552","https://openalex.org/W3035032188","https://openalex.org/W3037843220","https://openalex.org/W3080260826","https://openalex.org/W3087293208","https://openalex.org/W3091857398","https://openalex.org/W3103340107","https://openalex.org/W3103836116","https://openalex.org/W3105009650","https://openalex.org/W3106412272","https://openalex.org/W3106797537","https://openalex.org/W3107235539","https://openalex.org/W3119704641","https://openalex.org/W3122061855","https://openalex.org/W3155629911","https://openalex.org/W3203257711","https://openalex.org/W3213164726","https://openalex.org/W4287637349","https://openalex.org/W4288103143","https://openalex.org/W4288337581","https://openalex.org/W4300725094","https://openalex.org/W6637162671","https://openalex.org/W6640425456","https://openalex.org/W6678097026","https://openalex.org/W6684191040","https://openalex.org/W6725195833","https://openalex.org/W6745272055","https://openalex.org/W6746402973","https://openalex.org/W6746484425","https://openalex.org/W6746608116","https://openalex.org/W6747920752","https://openalex.org/W6748204703","https://openalex.org/W6748475379","https://openalex.org/W6750404860","https://openalex.org/W6752985256","https://openalex.org/W6758684365","https://openalex.org/W6759580348","https://openalex.org/W6761833289","https://openalex.org/W6764522968","https://openalex.org/W6764550947","https://openalex.org/W6767666165","https://openalex.org/W6768928678","https://openalex.org/W6769353967","https://openalex.org/W6771468614","https://openalex.org/W6771784742","https://openalex.org/W6774549192","https://openalex.org/W6774681163","https://openalex.org/W6779685411","https://openalex.org/W6780215168","https://openalex.org/W6783055306","https://openalex.org/W6784493056","https://openalex.org/W6786165312","https://openalex.org/W6788235018","https://openalex.org/W6794729402","https://openalex.org/W6802755634"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2502115930","https://openalex.org/W2482350142","https://openalex.org/W4246396837","https://openalex.org/W3126451824","https://openalex.org/W1561927205","https://openalex.org/W3191453585","https://openalex.org/W3009622996","https://openalex.org/W3037859390"],"abstract_inverted_index":{"Black-box":[0],"adversarial":[1,4,43],"attacks":[2,18,36],"generate":[3],"samples":[5,47,57],"via":[6],"iterative":[7],"optimizations":[8,44],"using":[9],"repeated":[10],"queries.":[11],"Defending":[12],"deep":[13,77],"neural":[14],"networks":[15],"against":[16,99],"such":[17],"has":[19],"been":[20],"challenging.":[21],"In":[22],"this":[23],"paper,":[24],"we":[25],"propose":[26],"an":[27],"efficient":[28],"Boundary":[29],"Defense":[30],"(BD)":[31],"method":[32,53,95],"which":[33],"mitigates":[34],"black-box":[35,105],"by":[37,118],"exploiting":[38],"the":[39,42,49,55,76,89,93,129,140,143,152],"fact":[40],"that":[41,92],"often":[45],"need":[46],"on":[48,75],"classification":[50,62,79,135,153],"boundary.":[51],"Our":[52],"detects":[54],"boundary":[56],"as":[58],"those":[59,132],"with":[60,124,134],"low":[61],"confidence":[63,136],"and":[64,88,102],"adds":[65],"white":[66,121],"Gaussian":[67,122],"noise":[68,123],"to":[69,128,147,156],"their":[70],"logits.":[71],"The":[72],"method\u2019s":[73],"impact":[74],"network\u2019s":[78],"accuracy":[80,154],"is":[81],"analyzed":[82],"theoretically.":[83],"Extensive":[84],"experiments":[85],"are":[86],"conducted":[87],"results":[90],"show":[91],"BD":[94],"can":[96],"reliably":[97],"defend":[98],"both":[100],"soft":[101],"hard":[103],"label":[104],"attacks.":[106],"It":[107],"outperforms":[108],"a":[109],"list":[110],"of":[111,131],"existing":[112],"defense":[113,141],"methods.":[114],"For":[115],"IMAGENET":[116],"models,":[117],"adding":[119],"zero-mean":[120],"standard":[125],"deviation":[126],"0.1":[127],"logits":[130],"images":[133],"less":[137],"than":[138],"0.3,":[139],"reduces":[142],"attack":[144],"success":[145],"rate":[146],"almost":[148],"0":[149],"while":[150],"limiting":[151],"degradation":[155],"around":[157],"1":[158],"percent.":[159]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1}],"updated_date":"2026-05-02T08:42:23.175194","created_date":"2025-10-10T00:00:00"}