{"id":"https://openalex.org/W4297337468","doi":"https://doi.org/10.1109/iolts56730.2022.9897693","title":"A Closer Look at Evaluating the Bit-Flip Attack Against Deep Neural Networks","display_name":"A Closer Look at Evaluating the Bit-Flip Attack Against Deep Neural Networks","publication_year":2022,"publication_date":"2022-09-12","ids":{"openalex":"https://openalex.org/W4297337468","doi":"https://doi.org/10.1109/iolts56730.2022.9897693"},"language":"en","primary_location":{"id":"doi:10.1109/iolts56730.2022.9897693","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iolts56730.2022.9897693","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5014687757","display_name":"Kevin W. Hector","orcid":null},"institutions":[{"id":"https://openalex.org/I2738703131","display_name":"Commissariat \u00e0 l'\u00c9nergie Atomique et aux \u00c9nergies Alternatives","ror":"https://ror.org/00jjx8s55","country_code":"FR","type":"government","lineage":["https://openalex.org/I2738703131"]},{"id":"https://openalex.org/I3019848993","display_name":"Mines Saint-\u00c9tienne","ror":"https://ror.org/05a1dws80","country_code":"FR","type":"education","lineage":["https://openalex.org/I203339264","https://openalex.org/I205703379","https://openalex.org/I3019848993"]},{"id":"https://openalex.org/I4210117989","display_name":"Direction de la Recherche Technologique","ror":"https://ror.org/02ggzyd20","country_code":"FR","type":"government","lineage":["https://openalex.org/I2738703131","https://openalex.org/I4210117989"]},{"id":"https://openalex.org/I4210150049","display_name":"Laboratoire d'\u00c9lectronique des Technologies de l'Information","ror":"https://ror.org/04mf0wv34","country_code":"FR","type":"government","lineage":["https://openalex.org/I2738703131","https://openalex.org/I2738703131","https://openalex.org/I4210117989","https://openalex.org/I4210150049"]},{"id":"https://openalex.org/I899635006","display_name":"Universit\u00e9 Grenoble Alpes","ror":"https://ror.org/02rx3b187","country_code":"FR","type":"education","lineage":["https://openalex.org/I899635006"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Kevin Hector","raw_affiliation_strings":["CEA Tech, Centre CMP, Equipe Commune CEA Tech - Mines Saint-Etienne,Gardanne,France,F-13541","CEA, Leti, Univ. Grenoble Alpes, Grenoble, France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CEA Tech, Centre CMP, Equipe Commune CEA Tech - Mines Saint-Etienne,Gardanne,France,F-13541","institution_ids":["https://openalex.org/I4210117989","https://openalex.org/I3019848993","https://openalex.org/I2738703131"]},{"raw_affiliation_string":"CEA, Leti, Univ. Grenoble Alpes, Grenoble, France","institution_ids":["https://openalex.org/I899635006","https://openalex.org/I4210150049","https://openalex.org/I2738703131"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013190596","display_name":"Pierre-Alain Mo\u00ebllic","orcid":null},"institutions":[{"id":"https://openalex.org/I2738703131","display_name":"Commissariat \u00e0 l'\u00c9nergie Atomique et aux \u00c9nergies Alternatives","ror":"https://ror.org/00jjx8s55","country_code":"FR","type":"government","lineage":["https://openalex.org/I2738703131"]},{"id":"https://openalex.org/I3019848993","display_name":"Mines Saint-\u00c9tienne","ror":"https://ror.org/05a1dws80","country_code":"FR","type":"education","lineage":["https://openalex.org/I203339264","https://openalex.org/I205703379","https://openalex.org/I3019848993"]},{"id":"https://openalex.org/I4210117989","display_name":"Direction de la Recherche Technologique","ror":"https://ror.org/02ggzyd20","country_code":"FR","type":"government","lineage":["https://openalex.org/I2738703131","https://openalex.org/I4210117989"]},{"id":"https://openalex.org/I4210150049","display_name":"Laboratoire d'\u00c9lectronique des Technologies de l'Information","ror":"https://ror.org/04mf0wv34","country_code":"FR","type":"government","lineage":["https://openalex.org/I2738703131","https://openalex.org/I2738703131","https://openalex.org/I4210117989","https://openalex.org/I4210150049"]},{"id":"https://openalex.org/I899635006","display_name":"Universit\u00e9 Grenoble Alpes","ror":"https://ror.org/02rx3b187","country_code":"FR","type":"education","lineage":["https://openalex.org/I899635006"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Pierre-Alain Moellic","raw_affiliation_strings":["CEA Tech, Centre CMP, Equipe Commune CEA Tech - Mines Saint-Etienne,Gardanne,France,F-13541","CEA, Leti, Univ. Grenoble Alpes, Grenoble, France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CEA Tech, Centre CMP, Equipe Commune CEA Tech - Mines Saint-Etienne,Gardanne,France,F-13541","institution_ids":["https://openalex.org/I4210117989","https://openalex.org/I3019848993","https://openalex.org/I2738703131"]},{"raw_affiliation_string":"CEA, Leti, Univ. Grenoble Alpes, Grenoble, France","institution_ids":["https://openalex.org/I899635006","https://openalex.org/I4210150049","https://openalex.org/I2738703131"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085999686","display_name":"Mathieu Dumont","orcid":null},"institutions":[{"id":"https://openalex.org/I2738703131","display_name":"Commissariat \u00e0 l'\u00c9nergie Atomique et aux \u00c9nergies Alternatives","ror":"https://ror.org/00jjx8s55","country_code":"FR","type":"government","lineage":["https://openalex.org/I2738703131"]},{"id":"https://openalex.org/I3019848993","display_name":"Mines Saint-\u00c9tienne","ror":"https://ror.org/05a1dws80","country_code":"FR","type":"education","lineage":["https://openalex.org/I203339264","https://openalex.org/I205703379","https://openalex.org/I3019848993"]},{"id":"https://openalex.org/I4210117989","display_name":"Direction de la Recherche Technologique","ror":"https://ror.org/02ggzyd20","country_code":"FR","type":"government","lineage":["https://openalex.org/I2738703131","https://openalex.org/I4210117989"]},{"id":"https://openalex.org/I4210150049","display_name":"Laboratoire d'\u00c9lectronique des Technologies de l'Information","ror":"https://ror.org/04mf0wv34","country_code":"FR","type":"government","lineage":["https://openalex.org/I2738703131","https://openalex.org/I2738703131","https://openalex.org/I4210117989","https://openalex.org/I4210150049"]},{"id":"https://openalex.org/I899635006","display_name":"Universit\u00e9 Grenoble Alpes","ror":"https://ror.org/02rx3b187","country_code":"FR","type":"education","lineage":["https://openalex.org/I899635006"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Mathieu Dumont","raw_affiliation_strings":["CEA Tech, Centre CMP, Equipe Commune CEA Tech - Mines Saint-Etienne,Gardanne,France,F-13541","CEA, Leti, Univ. Grenoble Alpes, Grenoble, France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CEA Tech, Centre CMP, Equipe Commune CEA Tech - Mines Saint-Etienne,Gardanne,France,F-13541","institution_ids":["https://openalex.org/I4210117989","https://openalex.org/I3019848993","https://openalex.org/I2738703131"]},{"raw_affiliation_string":"CEA, Leti, Univ. Grenoble Alpes, Grenoble, France","institution_ids":["https://openalex.org/I899635006","https://openalex.org/I4210150049","https://openalex.org/I2738703131"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5070109221","display_name":"Jean-Max Dutertre","orcid":"https://orcid.org/0000-0002-2251-7815"},"institutions":[{"id":"https://openalex.org/I2738703131","display_name":"Commissariat \u00e0 l'\u00c9nergie Atomique et aux \u00c9nergies Alternatives","ror":"https://ror.org/00jjx8s55","country_code":"FR","type":"government","lineage":["https://openalex.org/I2738703131"]},{"id":"https://openalex.org/I3019848993","display_name":"Mines Saint-\u00c9tienne","ror":"https://ror.org/05a1dws80","country_code":"FR","type":"education","lineage":["https://openalex.org/I203339264","https://openalex.org/I205703379","https://openalex.org/I3019848993"]},{"id":"https://openalex.org/I4210150049","display_name":"Laboratoire d'\u00c9lectronique des Technologies de l'Information","ror":"https://ror.org/04mf0wv34","country_code":"FR","type":"government","lineage":["https://openalex.org/I2738703131","https://openalex.org/I2738703131","https://openalex.org/I4210117989","https://openalex.org/I4210150049"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Jean-Max Dutertre","raw_affiliation_strings":["Mines Saint-Etienne, CEA, Leti, Centre CMP,Gardanne,France,F-13541"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Mines Saint-Etienne, CEA, Leti, Centre CMP,Gardanne,France,F-13541","institution_ids":["https://openalex.org/I3019848993","https://openalex.org/I4210150049","https://openalex.org/I2738703131"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.9714,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.79916363,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"5"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9765999913215637,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9750999808311462,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8234056234359741},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.793573260307312},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.7015639543533325},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5919704437255859},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.5823231339454651},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.5814077854156494},{"id":"https://openalex.org/keywords/attack-model","display_name":"Attack model","score":0.5297133922576904},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.5291048884391785},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.5231931209564209},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.48069387674331665},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.47496387362480164},{"id":"https://openalex.org/keywords/computer-engineering","display_name":"Computer engineering","score":0.47184351086616516},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.46960362792015076},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.44460198283195496},{"id":"https://openalex.org/keywords/massively-parallel","display_name":"Massively parallel","score":0.43923380970954895},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.39644190669059753},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.36169540882110596},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.34595954418182373},{"id":"https://openalex.org/keywords/parallel-computing","display_name":"Parallel computing","score":0.15309631824493408}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8234056234359741},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.793573260307312},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.7015639543533325},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5919704437255859},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.5823231339454651},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.5814077854156494},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.5297133922576904},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.5291048884391785},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.5231931209564209},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.48069387674331665},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.47496387362480164},{"id":"https://openalex.org/C113775141","wikidata":"https://www.wikidata.org/wiki/Q428691","display_name":"Computer engineering","level":1,"score":0.47184351086616516},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.46960362792015076},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.44460198283195496},{"id":"https://openalex.org/C190475519","wikidata":"https://www.wikidata.org/wiki/Q544384","display_name":"Massively parallel","level":2,"score":0.43923380970954895},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.39644190669059753},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.36169540882110596},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.34595954418182373},{"id":"https://openalex.org/C173608175","wikidata":"https://www.wikidata.org/wiki/Q232661","display_name":"Parallel computing","level":1,"score":0.15309631824493408},{"id":"https://openalex.org/C153349607","wikidata":"https://www.wikidata.org/wiki/Q36649","display_name":"Visual arts","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C142362112","wikidata":"https://www.wikidata.org/wiki/Q735","display_name":"Art","level":0,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/iolts56730.2022.9897693","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iolts56730.2022.9897693","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)","raw_type":"proceedings-article"},{"id":"pmh:oai:HAL:hal-03827382v1","is_oa":false,"landing_page_url":"https://hal.science/hal-03827382","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://ieeexplore.ieee.org/document/9897693","raw_type":"Conference papers"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G144364290","display_name":null,"funder_award_id":"876038","funder_id":"https://openalex.org/F4320327207","funder_display_name":"Electronic Components and Systems for European Leadership"},{"id":"https://openalex.org/G1831681157","display_name":null,"funder_award_id":"ANR-10-AIRT-05","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"},{"id":"https://openalex.org/G5178133838","display_name":null,"funder_award_id":"AAPG2020","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"},{"id":"https://openalex.org/G5675205005","display_name":null,"funder_award_id":"10-AIRT-05","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"},{"id":"https://openalex.org/G7240651115","display_name":null,"funder_award_id":"ANR-10","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"},{"id":"https://openalex.org/G7398482525","display_name":"NANOELEC","funder_award_id":"ANR-10-AIRT-0005","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"},{"id":"https://openalex.org/G8331128928","display_name":"Physical and Intrinsic Security of Embedded Neural Networks","funder_award_id":"ANR-20-CE39-0013","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"}],"funders":[{"id":"https://openalex.org/F4320320883","display_name":"Agence Nationale de la Recherche","ror":"https://ror.org/00rbzpz17"},{"id":"https://openalex.org/F4320327207","display_name":"Electronic Components and Systems for European Leadership","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W1673923490","https://openalex.org/W1686810756","https://openalex.org/W1945616565","https://openalex.org/W2108857396","https://openalex.org/W2194775991","https://openalex.org/W2807835252","https://openalex.org/W2913848079","https://openalex.org/W2963143631","https://openalex.org/W2963564844","https://openalex.org/W2963857521","https://openalex.org/W2981860227","https://openalex.org/W3034665124","https://openalex.org/W3082761341","https://openalex.org/W3103340107","https://openalex.org/W3199792160","https://openalex.org/W3212502396","https://openalex.org/W3214556310","https://openalex.org/W4224919922","https://openalex.org/W4242053016","https://openalex.org/W4283733745","https://openalex.org/W6637162671","https://openalex.org/W6637373629","https://openalex.org/W6640425456","https://openalex.org/W6748475379","https://openalex.org/W6758975236","https://openalex.org/W6774549192","https://openalex.org/W6775611046"],"related_works":["https://openalex.org/W3174927864","https://openalex.org/W2591273803","https://openalex.org/W2998983696","https://openalex.org/W3081645608","https://openalex.org/W4390187619","https://openalex.org/W4378191128","https://openalex.org/W4312119938","https://openalex.org/W4387039884","https://openalex.org/W2995862995","https://openalex.org/W3155916161"],"abstract_inverted_index":{"Deep":[0],"neural":[1,142],"network":[2],"models":[3],"are":[4],"massively":[5],"deployed":[6],"on":[7],"a":[8,51,175],"wide":[9],"variety":[10],"of":[11,19,39,50,81,109,116,129,149,161,171],"hardware":[12],"platforms.":[13],"This":[14,120],"results":[15,145],"in":[16,58,85],"the":[17,26,33,40,48,61,76,79,86,100,107,114,117,123,127,130,147,159,168],"appearance":[18],"new":[20],"attack":[21,28,42],"vectors":[22],"that":[23,43,135],"significantly":[24],"extend":[25],"standard":[27,87],"surface,":[29],"extensively":[30],"studied":[31],"by":[32,53,174],"adversarial":[34],"machine":[35],"learning":[36],"community.":[37],"One":[38],"first":[41,124],"aims":[44],"at":[45],"drastically":[46],"dropping":[47],"performance":[49],"model":[52,89,118],"targeting":[54],"its":[55],"parameters":[56,112],"stored":[57],"memory,":[59],"is":[60,90,122],"Bit-Flip":[62],"Attack":[63],"(BFA).":[64],"In":[65],"this":[66],"work,":[67],"we":[68,105],"point":[69],"out":[70],"several":[71],"evaluation":[72,154],"challenges":[73],"related":[74],"to":[75,125,140,156],"BFA.":[77],"First,":[78],"lack":[80],"an":[82],"adversary\u2019s":[83],"budget":[84],"threat":[88],"problematic,":[91],"especially":[92],"when":[93],"dealing":[94],"with":[95],"physical":[96],"attacks.":[97],"Moreover,":[98],"since":[99],"BFA":[101,131],"presents":[102],"critical":[103],"variability,":[104],"discuss":[106],"influence":[108],"some":[110],"training":[111],"and":[113,152],"importance":[115,148],"architecture.":[119],"work":[121],"present":[126,136],"impact":[128],"against":[132],"fully-connected":[133],"architectures":[134],"different":[137],"behaviors":[138],"compared":[139],"convolutional":[141],"networks.":[143],"These":[144],"highlight":[146],"defining":[150],"robust":[151],"sound":[153],"methodologies":[155],"properly":[157],"evaluate":[158],"dangers":[160],"parameter-based":[162],"attacks":[163],"as":[164,166],"well":[165],"measure":[167],"real":[169],"level":[170],"robustness":[172],"offered":[173],"defense.":[176]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":4}],"updated_date":"2026-06-22T08:00:12.763002","created_date":"2025-10-10T00:00:00"}