{"id":"https://openalex.org/W2906965747","doi":"https://doi.org/10.1109/milcom.2018.8599691","title":"Detecting Adversarial Examples Using Data Manifolds","display_name":"Detecting Adversarial Examples Using Data Manifolds","publication_year":2018,"publication_date":"2018-10-01","ids":{"openalex":"https://openalex.org/W2906965747","doi":"https://doi.org/10.1109/milcom.2018.8599691","mag":"2906965747"},"language":"en","primary_location":{"id":"doi:10.1109/milcom.2018.8599691","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom.2018.8599691","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5035902535","display_name":"Susmit Jha","orcid":"https://orcid.org/0000-0001-5983-9095"},"institutions":[{"id":"https://openalex.org/I1298353152","display_name":"SRI International","ror":"https://ror.org/05s570m15","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1298353152"]},{"id":"https://openalex.org/I4210099336","display_name":"Menlo School","ror":"https://ror.org/01240pn49","country_code":"US","type":"education","lineage":["https://openalex.org/I4210099336"]},{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Susmit Jha","raw_affiliation_strings":["Computer Science Department, University of Wisconsin, Madison, USA","SRI International, Computer Science Laboratory, Menlo Park, USA"],"affiliations":[{"raw_affiliation_string":"Computer Science Department, University of Wisconsin, Madison, USA","institution_ids":["https://openalex.org/I135310074"]},{"raw_affiliation_string":"SRI International, Computer Science Laboratory, Menlo Park, USA","institution_ids":["https://openalex.org/I1298353152","https://openalex.org/I4210099336"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065185410","display_name":"Uyeong Jang","orcid":null},"institutions":[{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Uyeong Jang","raw_affiliation_strings":["Computer Science Department, University of Wisconsin, Madison, USA"],"affiliations":[{"raw_affiliation_string":"Computer Science Department, University of Wisconsin, Madison, USA","institution_ids":["https://openalex.org/I135310074"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088826068","display_name":"Somesh Jha","orcid":"https://orcid.org/0000-0001-5877-0436"},"institutions":[{"id":"https://openalex.org/I4210099336","display_name":"Menlo School","ror":"https://ror.org/01240pn49","country_code":"US","type":"education","lineage":["https://openalex.org/I4210099336"]},{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]},{"id":"https://openalex.org/I1298353152","display_name":"SRI International","ror":"https://ror.org/05s570m15","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1298353152"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Somesh Jha","raw_affiliation_strings":["Computer Science Department, University of Wisconsin, Madison, USA","SRI International, Computer Science Laboratory, Menlo Park, USA"],"affiliations":[{"raw_affiliation_string":"Computer Science Department, University of Wisconsin, Madison, USA","institution_ids":["https://openalex.org/I135310074"]},{"raw_affiliation_string":"SRI International, Computer Science Laboratory, Menlo Park, USA","institution_ids":["https://openalex.org/I1298353152","https://openalex.org/I4210099336"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5084773390","display_name":"Brian Jalaian","orcid":"https://orcid.org/0000-0003-3029-601X"},"institutions":[{"id":"https://openalex.org/I166416128","display_name":"DEVCOM Army Research Laboratory","ror":"https://ror.org/011hc8f90","country_code":"US","type":"government","lineage":["https://openalex.org/I1304082316","https://openalex.org/I1330347796","https://openalex.org/I166416128","https://openalex.org/I2802705668","https://openalex.org/I4210154437"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Brian Jalaian","raw_affiliation_strings":["Computational and Information Science Directorate, U.S. Army Research Laboratory (ARL), Adelphi, USA"],"affiliations":[{"raw_affiliation_string":"Computational and Information Science Directorate, U.S. Army Research Laboratory (ARL), Adelphi, USA","institution_ids":["https://openalex.org/I166416128"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5035902535"],"corresponding_institution_ids":["https://openalex.org/I1298353152","https://openalex.org/I135310074","https://openalex.org/I4210099336"],"apc_list":null,"apc_paid":null,"fwci":2.2804,"has_fulltext":false,"cited_by_count":23,"citation_normalized_percentile":{"value":0.91139252,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"547","last_page":"552"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9523000121116638,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T14117","display_name":"Integrated Circuits and Semiconductor Failure Analysis","score":0.9103999733924866,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.9447999000549316},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7558574080467224},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.7541773915290833},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.7179949879646301},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.7040009498596191},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.6295161843299866},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.5942406058311462},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5680917501449585},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.5545091032981873}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.9447999000549316},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7558574080467224},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.7541773915290833},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.7179949879646301},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.7040009498596191},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.6295161843299866},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.5942406058311462},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5680917501449585},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.5545091032981873},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/milcom.2018.8599691","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom.2018.8599691","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5699999928474426,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":52,"referenced_works":["https://openalex.org/W1496559305","https://openalex.org/W1673923490","https://openalex.org/W1821462560","https://openalex.org/W1945616565","https://openalex.org/W2001141328","https://openalex.org/W2053186076","https://openalex.org/W2108447811","https://openalex.org/W2173905264","https://openalex.org/W2180612164","https://openalex.org/W2187089797","https://openalex.org/W2243397390","https://openalex.org/W2269778407","https://openalex.org/W2344365922","https://openalex.org/W2460937040","https://openalex.org/W2513314332","https://openalex.org/W2516574342","https://openalex.org/W2528914598","https://openalex.org/W2590523583","https://openalex.org/W2593892853","https://openalex.org/W2594717275","https://openalex.org/W2594867206","https://openalex.org/W2603766943","https://openalex.org/W2607219512","https://openalex.org/W2618043096","https://openalex.org/W2640329709","https://openalex.org/W2765233338","https://openalex.org/W2787708942","https://openalex.org/W2791953061","https://openalex.org/W2949311987","https://openalex.org/W2950468330","https://openalex.org/W2952742172","https://openalex.org/W2962759300","https://openalex.org/W2963143631","https://openalex.org/W2963165448","https://openalex.org/W2963834268","https://openalex.org/W2963857521","https://openalex.org/W2964153729","https://openalex.org/W2964253222","https://openalex.org/W4285719527","https://openalex.org/W4293439130","https://openalex.org/W4293584023","https://openalex.org/W4293846201","https://openalex.org/W4295803779","https://openalex.org/W4297573953","https://openalex.org/W4300511536","https://openalex.org/W6629606793","https://openalex.org/W6638523607","https://openalex.org/W6725672702","https://openalex.org/W6733645847","https://openalex.org/W6734547408","https://openalex.org/W6748475379","https://openalex.org/W6748965907"],"related_works":["https://openalex.org/W3048732067","https://openalex.org/W4383468834","https://openalex.org/W4283221438","https://openalex.org/W2900159906","https://openalex.org/W4384648009","https://openalex.org/W4287828318","https://openalex.org/W2406556600","https://openalex.org/W4380352238","https://openalex.org/W2950183588","https://openalex.org/W3126470649"],"abstract_inverted_index":{"Models":[0],"produced":[1],"by":[2,294,304],"machine":[3,13,120,153,296,329],"learning,":[4],"particularly":[5],"deep":[6,62],"neural":[7,63,101,142],"networks,":[8],"are":[9,25,287],"state-of-the-art":[10],"for":[11],"many":[12],"learning":[14,71,112,121,154,178,203,297,330],"tasks":[15],"and":[16,29,81,97,231,332],"demonstrate":[17],"very":[18,27],"high":[19],"prediction":[20,293],"accuracy.":[21],"Unfortunately,":[22],"these":[23,43,70,111],"models":[24,44,72,155,179,188],"also":[26,300],"brittle":[28],"vulnerable":[30],"to":[31,50,53,68,93,107,118,140,151,185,193,210,243,289,302],"specially":[32],"crafted":[33],"adversarial":[34,57,77,135,159,170,194,213,250,258,276,284,334],"examples.":[35,58,171],"Recent":[36],"results":[37],"have":[38,89],"shown":[39],"that":[40,257,286,321],"accuracy":[41],"of":[42,61,87,110,127,133,168,198,201,236,274,327],"can":[45,322],"be":[46,83,181],"reduced":[47],"from":[48,240,265,272],"close":[49],"hundred":[51],"percent":[52],"below":[54],"5%":[55],"using":[56,233],"This":[59,172,196,307],"brittleness":[60],"networks":[64,102],"makes":[65],"it":[66],"challenging":[67],"deploy":[69],"in":[73,225],"security-critical":[74],"areas":[75],"where":[76],"activity":[78],"is":[79,217,249,299,308],"expected,":[80],"cannot":[82,180],"ignored.":[84],"A":[85],"number":[86],"methods":[88,139],"been":[90],"recently":[91],"proposed":[92,138],"craft":[94],"more":[95,123,207],"effective":[96],"generalizable":[98],"attacks":[99,136],"on":[100,219,318],"along":[103],"with":[104,279],"competing":[105],"efforts":[106],"improve":[108],"robustness":[109,144],"models.":[113],"But":[114],"the":[115,131,166,177,187,202,227,234,266,275,280,295,324],"current":[116],"approaches":[117],"make":[119,190],"techniques":[122],"resilient":[124],"fall":[125],"short":[126],"their":[128],"goal.":[129],"Further,":[130],"succession":[132],"new":[134,238],"against":[137,156,212],"increase":[141],"network":[143],"raises":[145],"doubts":[146],"about":[147],"a":[148,206,221,237,309,314,328],"foolproof":[149],"approach":[150,209,216,316],"robustify":[152],"all":[157],"possible":[158],"attacks.":[160,195,214,335],"In":[161],"this":[162,241,246,270],"paper,":[163],"we":[164],"consider":[165],"problem":[167],"detecting":[169],"would":[173],"help":[174],"identify":[175,244,323],"when":[176],"trusted":[182],"without":[183],"attempting":[184],"repair":[186],"or":[189,251],"them":[191],"robust":[192],"goal":[197],"finding":[199],"limitations":[200],"model":[204,298],"presents":[205],"tractable":[208],"protecting":[211],"Our":[215,253],"based":[218,317],"identifying":[220],"low":[222],"dimensional":[223],"manifold":[224,242,273],"which":[226],"training":[228],"samples":[229],"lie,":[230],"then":[232],"distance":[235,271],"observation":[239],"whether":[245],"data":[247,267],"point":[248],"not.":[252],"empirical":[254],"study":[255],"demonstrates":[256],"examples":[259,277,285],"not":[260],"only":[261],"lie":[262],"farther":[263],"away":[264],"manifold,":[268],"but":[269],"increases":[278],"attack":[281],"confidence.":[282],"Thus,":[283],"likely":[288],"result":[290],"into":[291],"incorrect":[292],"easier":[301],"detect":[303,333],"our":[305],"approach.":[306],"first":[310],"step":[311],"towards":[312],"formulating":[313],"novel":[315],"computational":[319],"geometry":[320],"limiting":[325],"boundaries":[326],"model,":[331]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}