{"id":"https://openalex.org/W2786184167","doi":"https://doi.org/10.1109/ijcnn.2019.8851970","title":"Hardening Deep Neural Networks via Adversarial Model Cascades","display_name":"Hardening Deep Neural Networks via Adversarial Model Cascades","publication_year":2019,"publication_date":"2019-07-01","ids":{"openalex":"https://openalex.org/W2786184167","doi":"https://doi.org/10.1109/ijcnn.2019.8851970","mag":"2786184167"},"language":"en","primary_location":{"id":"doi:10.1109/ijcnn.2019.8851970","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcnn.2019.8851970","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 International Joint Conference on Neural Networks (IJCNN)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1802.01448","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5035470346","display_name":"Deepak Vijaykeerthy","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Deepak Vijaykeerthy","raw_affiliation_strings":["IBM Research","IBM research"],"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]},{"raw_affiliation_string":"IBM research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028439718","display_name":"Anshuman Suri","orcid":"https://orcid.org/0000-0003-4846-0797"},"institutions":[{"id":"https://openalex.org/I68891433","display_name":"Indian Institute of Technology Delhi","ror":"https://ror.org/049tgcd06","country_code":"IN","type":"education","lineage":["https://openalex.org/I68891433"]},{"id":"https://openalex.org/I119939252","display_name":"Indraprastha Institute of Information Technology Delhi","ror":"https://ror.org/03vfp4g33","country_code":"IN","type":"education","lineage":["https://openalex.org/I119939252"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Anshuman Suri","raw_affiliation_strings":["IIIT Delhi","IIIT, Delhi"],"affiliations":[{"raw_affiliation_string":"IIIT Delhi","institution_ids":["https://openalex.org/I119939252","https://openalex.org/I68891433"]},{"raw_affiliation_string":"IIIT, Delhi","institution_ids":["https://openalex.org/I119939252","https://openalex.org/I68891433"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046646390","display_name":"Sameep Mehta","orcid":"https://orcid.org/0000-0002-9599-1526"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sameep Mehta","raw_affiliation_strings":["IBM Research","IBM research"],"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]},{"raw_affiliation_string":"IBM research","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5077509916","display_name":"Ponnurangam Kumaraguru","orcid":"https://orcid.org/0000-0001-5082-2078"},"institutions":[{"id":"https://openalex.org/I119939252","display_name":"Indraprastha Institute of Information Technology Delhi","ror":"https://ror.org/03vfp4g33","country_code":"IN","type":"education","lineage":["https://openalex.org/I119939252"]},{"id":"https://openalex.org/I68891433","display_name":"Indian Institute of Technology Delhi","ror":"https://ror.org/049tgcd06","country_code":"IN","type":"education","lineage":["https://openalex.org/I68891433"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Ponnurangam Kumaraguru","raw_affiliation_strings":["IIIT Delhi","IIIT, Delhi"],"affiliations":[{"raw_affiliation_string":"IIIT Delhi","institution_ids":["https://openalex.org/I119939252","https://openalex.org/I68891433"]},{"raw_affiliation_string":"IIIT, Delhi","institution_ids":["https://openalex.org/I119939252","https://openalex.org/I68891433"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5035470346"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.1445,"has_fulltext":true,"cited_by_count":2,"citation_normalized_percentile":{"value":0.54462802,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":"abs 1803 9868","issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8649735450744629},{"id":"https://openalex.org/keywords/mnist-database","display_name":"MNIST database","score":0.838417649269104},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.814773678779602},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.7518229484558105},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.7411069869995117},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6975038647651672},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6404410600662231},{"id":"https://openalex.org/keywords/margin","display_name":"Margin (machine learning)","score":0.579666256904602},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5749938488006592},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5092529058456421},{"id":"https://openalex.org/keywords/cascade","display_name":"Cascade","score":0.47595736384391785},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.4123815596103668},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1169879138469696},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.06720897555351257}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8649735450744629},{"id":"https://openalex.org/C190502265","wikidata":"https://www.wikidata.org/wiki/Q17069496","display_name":"MNIST database","level":3,"score":0.838417649269104},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.814773678779602},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.7518229484558105},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.7411069869995117},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6975038647651672},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6404410600662231},{"id":"https://openalex.org/C774472","wikidata":"https://www.wikidata.org/wiki/Q6760393","display_name":"Margin (machine learning)","level":2,"score":0.579666256904602},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5749938488006592},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5092529058456421},{"id":"https://openalex.org/C34146451","wikidata":"https://www.wikidata.org/wiki/Q5048094","display_name":"Cascade","level":2,"score":0.47595736384391785},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.4123815596103668},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1169879138469696},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.06720897555351257},{"id":"https://openalex.org/C42360764","wikidata":"https://www.wikidata.org/wiki/Q83588","display_name":"Chemical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1109/ijcnn.2019.8851970","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcnn.2019.8851970","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 International Joint Conference on Neural Networks (IJCNN)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1802.01448","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1802.01448","pdf_url":"https://arxiv.org/pdf/1802.01448","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"mag:2786184167","is_oa":true,"landing_page_url":"https://arxiv.org/pdf/1802.01448.pdf","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},{"id":"doi:10.48550/arxiv.1802.01448","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.1802.01448","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1802.01448","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1802.01448","pdf_url":"https://arxiv.org/pdf/1802.01448","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6000000238418579,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2786184167.pdf","grobid_xml":"https://content.openalex.org/works/W2786184167.grobid-xml"},"referenced_works_count":23,"referenced_works":["https://openalex.org/W2112796928","https://openalex.org/W2117539524","https://openalex.org/W2194775991","https://openalex.org/W2544661862","https://openalex.org/W2603766943","https://openalex.org/W2620038827","https://openalex.org/W2963857521","https://openalex.org/W6640425456","https://openalex.org/W6677919164","https://openalex.org/W6697597873","https://openalex.org/W6703116779","https://openalex.org/W6731927902","https://openalex.org/W6736207377","https://openalex.org/W6739868092","https://openalex.org/W6744511767","https://openalex.org/W6747438147","https://openalex.org/W6748277150","https://openalex.org/W6748711285","https://openalex.org/W6750024290","https://openalex.org/W6752307889","https://openalex.org/W6765694979","https://openalex.org/W6787972765","https://openalex.org/W6929233984"],"related_works":["https://openalex.org/W2977839830","https://openalex.org/W2617106563","https://openalex.org/W3004077551","https://openalex.org/W3203712946","https://openalex.org/W2946089113","https://openalex.org/W3106286647","https://openalex.org/W2773246606","https://openalex.org/W3109936213","https://openalex.org/W3158953723","https://openalex.org/W2895097814","https://openalex.org/W2947994715","https://openalex.org/W2620038827","https://openalex.org/W3030040666","https://openalex.org/W3121289877","https://openalex.org/W2805459565","https://openalex.org/W3163066589","https://openalex.org/W2884277299","https://openalex.org/W3023057171","https://openalex.org/W2947059738","https://openalex.org/W3013954922"],"abstract_inverted_index":{"Deep":[0],"neural":[1,20],"networks":[2,21],"(DNNs)":[3],"are":[4,38,55],"vulnerable":[5],"to":[6,13,57,63,76,94,167],"malicious":[7],"inputs":[8,164],"crafted":[9],"by":[10,139],"an":[11,127],"adversary":[12],"produce":[14],"erroneous":[15],"outputs.":[16],"Works":[17],"on":[18,29,43,162],"securing":[19],"against":[22,112,135],"adversarial":[23],"examples":[24],"achieve":[25],"high":[26],"empirical":[27,133],"robustness":[28,134],"simple":[30],"datasets":[31],"such":[32,47],"as":[33,48,73],"MNIST.":[34],"However,":[35],"these":[36],"techniques":[37,54],"inadequate":[39],"when":[40],"empirically":[41],"tested":[42],"complex":[44],"data":[45],"sets":[46],"CIFAR-10":[49,153],"and":[50,61,124,150],"SVHN.":[51],"Further,":[52],"existing":[53],"designed":[56],"target":[58],"specific":[59],"attacks":[60,137],"fail":[62],"generalize":[64],"across":[65],"attacks.":[66,102],"We":[67],"propose":[68],"Adversarial":[69,122],"Model":[70],"Cascades":[71],"(AMC)":[72],"a":[74,84,98,106,113,140],"way":[75],"tackle":[77],"the":[78,131,156,159,168],"above":[79],"inadequacies.":[80],"Our":[81],"approach":[82],"trains":[83],"cascade":[85],"of":[86,100,116],"models":[87],"sequentially":[88],"where":[89],"each":[90],"model":[91,108],"is":[92,110,165],"optimized":[93],"be":[95],"robust":[96],"towards":[97],"mixture":[99],"multiple":[101],"Ultimately,":[103],"it":[104],"yields":[105],"single":[107],"which":[109],"secure":[111],"wide":[114],"range":[115],"attacks;":[117],"namely":[118],"FGSM,":[119],"Elastic,":[120],"Virtual":[121],"Perturbations":[123],"Madry.":[125],"On":[126],"average,":[128],"AMC":[129],"increases":[130],"model's":[132,160],"various":[136],"simultaneously,":[138],"significant":[141],"margin":[142],"(of":[143],"6.225%":[144],"for":[145,148,152],"MNIST,":[146],"5.075%":[147],"SVHN":[149],"2.65%":[151],").":[154],"At":[155],"same":[157],"time,":[158],"performance":[161],"non-adversarial":[163],"comparable":[166],"state-of-the-art":[169],"models.":[170]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}