{"id":"https://openalex.org/W4288057770","doi":"https://doi.org/10.1109/sp46214.2022.9833688","title":"Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security","display_name":"Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security","publication_year":2022,"publication_date":"2022-05-01","ids":{"openalex":"https://openalex.org/W4288057770","doi":"https://doi.org/10.1109/sp46214.2022.9833688"},"language":"en","primary_location":{"id":"doi:10.1109/sp46214.2022.9833688","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46214.2022.9833688","pdf_url":null,"source":{"id":"https://openalex.org/S4363606603","display_name":"2022 IEEE Symposium on Security and Privacy (SP)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5014842586","display_name":"Guanhong Tao","orcid":"https://orcid.org/0000-0002-4701-1327"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Guanhong Tao","raw_affiliation_strings":["Purdue University,Department of Computer Science","Department of Computer Science, Purdue University"],"affiliations":[{"raw_affiliation_string":"Purdue University,Department of Computer Science","institution_ids":["https://openalex.org/I219193219"]},{"raw_affiliation_string":"Department of Computer Science, Purdue University","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080886129","display_name":"Yingqi Liu","orcid":"https://orcid.org/0000-0002-8312-0088"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yingqi Liu","raw_affiliation_strings":["Purdue University,Department of Computer Science","Department of Computer Science, Purdue University"],"affiliations":[{"raw_affiliation_string":"Purdue University,Department of Computer Science","institution_ids":["https://openalex.org/I219193219"]},{"raw_affiliation_string":"Department of Computer Science, Purdue University","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114076473","display_name":"Guangyu Shen","orcid":"https://orcid.org/0009-0003-0701-1124"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Guangyu Shen","raw_affiliation_strings":["Purdue University,Department of Computer Science","Department of Computer Science, Purdue University"],"affiliations":[{"raw_affiliation_string":"Purdue University,Department of Computer Science","institution_ids":["https://openalex.org/I219193219"]},{"raw_affiliation_string":"Department of Computer Science, Purdue University","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008082286","display_name":"Qiuling Xu","orcid":null},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Qiuling Xu","raw_affiliation_strings":["Purdue University,Department of Computer Science","Department of Computer Science, Purdue University"],"affiliations":[{"raw_affiliation_string":"Purdue University,Department of Computer Science","institution_ids":["https://openalex.org/I219193219"]},{"raw_affiliation_string":"Department of Computer Science, Purdue University","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030118506","display_name":"Shengwei An","orcid":null},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shengwei An","raw_affiliation_strings":["Purdue University,Department of Computer Science","Department of Computer Science, Purdue University"],"affiliations":[{"raw_affiliation_string":"Purdue University,Department of Computer Science","institution_ids":["https://openalex.org/I219193219"]},{"raw_affiliation_string":"Department of Computer Science, Purdue University","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100429710","display_name":"Zhuo Zhang","orcid":"https://orcid.org/0000-0002-6515-0021"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhuo Zhang","raw_affiliation_strings":["Purdue University,Department of Computer Science","Department of Computer Science, Purdue University"],"affiliations":[{"raw_affiliation_string":"Purdue University,Department of Computer Science","institution_ids":["https://openalex.org/I219193219"]},{"raw_affiliation_string":"Department of Computer Science, Purdue University","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5107249133","display_name":"Xiangyu Zhang","orcid":"https://orcid.org/0000-0002-9544-2500"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiangyu Zhang","raw_affiliation_strings":["Purdue University,Department of Computer Science","Department of Computer Science, Purdue University"],"affiliations":[{"raw_affiliation_string":"Purdue University,Department of Computer Science","institution_ids":["https://openalex.org/I219193219"]},{"raw_affiliation_string":"Department of Computer Science, Purdue University","institution_ids":["https://openalex.org/I219193219"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5014842586"],"corresponding_institution_ids":["https://openalex.org/I219193219"],"apc_list":null,"apc_paid":null,"fwci":3.534,"has_fulltext":false,"cited_by_count":34,"citation_normalized_percentile":{"value":0.94193062,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1372","last_page":"1389"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9904000163078308,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9273999929428101,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.881151556968689},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7146311402320862},{"id":"https://openalex.org/keywords/orthogonalization","display_name":"Orthogonalization","score":0.709274411201477},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5898183584213257},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.5507262945175171},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.4800366163253784},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.4783693850040436},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4725123345851898},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.45756796002388},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.4324081242084503},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4315912127494812},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.3170325756072998},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.13774165511131287}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.881151556968689},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7146311402320862},{"id":"https://openalex.org/C47559304","wikidata":"https://www.wikidata.org/wiki/Q1702189","display_name":"Orthogonalization","level":2,"score":0.709274411201477},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5898183584213257},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.5507262945175171},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.4800366163253784},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.4783693850040436},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4725123345851898},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.45756796002388},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.4324081242084503},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4315912127494812},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3170325756072998},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.13774165511131287}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp46214.2022.9833688","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46214.2022.9833688","pdf_url":null,"source":{"id":"https://openalex.org/S4363606603","display_name":"2022 IEEE Symposium on Security and Privacy (SP)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":123,"referenced_works":["https://openalex.org/W1590456070","https://openalex.org/W1686810756","https://openalex.org/W1979596264","https://openalex.org/W2115579991","https://openalex.org/W2126628495","https://openalex.org/W2168405694","https://openalex.org/W2183341477","https://openalex.org/W2194775991","https://openalex.org/W2340897893","https://openalex.org/W2519904008","https://openalex.org/W2543927648","https://openalex.org/W2609920186","https://openalex.org/W2620038827","https://openalex.org/W2753783305","https://openalex.org/W2774423163","https://openalex.org/W2798302089","https://openalex.org/W2807363941","https://openalex.org/W2810065831","https://openalex.org/W2888940765","https://openalex.org/W2898759955","https://openalex.org/W2934843808","https://openalex.org/W2942091739","https://openalex.org/W2946227741","https://openalex.org/W2947133760","https://openalex.org/W2959364614","https://openalex.org/W2963118571","https://openalex.org/W2963389226","https://openalex.org/W2963446712","https://openalex.org/W2963726920","https://openalex.org/W2963744840","https://openalex.org/W2982977353","https://openalex.org/W2985913519","https://openalex.org/W2986013765","https://openalex.org/W2988471847","https://openalex.org/W2990270730","https://openalex.org/W2995164118","https://openalex.org/W2996458309","https://openalex.org/W2996564870","https://openalex.org/W2996800219","https://openalex.org/W2997502936","https://openalex.org/W3007437825","https://openalex.org/W3011120880","https://openalex.org/W3015481738","https://openalex.org/W3015678314","https://openalex.org/W3034258347","https://openalex.org/W3034414373","https://openalex.org/W3035367371","https://openalex.org/W3038046627","https://openalex.org/W3041340781","https://openalex.org/W3043786973","https://openalex.org/W3048715803","https://openalex.org/W3087391814","https://openalex.org/W3093239278","https://openalex.org/W3096024872","https://openalex.org/W3098881644","https://openalex.org/W3106047871","https://openalex.org/W3106646114","https://openalex.org/W3107337211","https://openalex.org/W3108535146","https://openalex.org/W3109235236","https://openalex.org/W3111491915","https://openalex.org/W3114686421","https://openalex.org/W3114838227","https://openalex.org/W3121478722","https://openalex.org/W3127616799","https://openalex.org/W3152758407","https://openalex.org/W3156423484","https://openalex.org/W3156877806","https://openalex.org/W3162804012","https://openalex.org/W3163966458","https://openalex.org/W3190013336","https://openalex.org/W3195462295","https://openalex.org/W3213508244","https://openalex.org/W4288093767","https://openalex.org/W4288363925","https://openalex.org/W4289300166","https://openalex.org/W4293846201","https://openalex.org/W4294149583","https://openalex.org/W4294679663","https://openalex.org/W4297775537","https://openalex.org/W4298140072","https://openalex.org/W6637373629","https://openalex.org/W6638444622","https://openalex.org/W6681673350","https://openalex.org/W6703848168","https://openalex.org/W6729756640","https://openalex.org/W6737664043","https://openalex.org/W6739868092","https://openalex.org/W6746172121","https://openalex.org/W6746897123","https://openalex.org/W6749464311","https://openalex.org/W6750462152","https://openalex.org/W6752073087","https://openalex.org/W6752600739","https://openalex.org/W6754279747","https://openalex.org/W6756074407","https://openalex.org/W6756333562","https://openalex.org/W6761076018","https://openalex.org/W6761100157","https://openalex.org/W6766336336","https://openalex.org/W6767183785","https://openalex.org/W6770046844","https://openalex.org/W6770286897","https://openalex.org/W6770634426","https://openalex.org/W6771533808","https://openalex.org/W6771809012","https://openalex.org/W6774271729","https://openalex.org/W6774904085","https://openalex.org/W6775678023","https://openalex.org/W6775686901","https://openalex.org/W6775918922","https://openalex.org/W6776469819","https://openalex.org/W6779690972","https://openalex.org/W6779989257","https://openalex.org/W6780170441","https://openalex.org/W6780450028","https://openalex.org/W6780640148","https://openalex.org/W6780973103","https://openalex.org/W6781450928","https://openalex.org/W6784216616","https://openalex.org/W6784558051","https://openalex.org/W6785458352","https://openalex.org/W6788876066"],"related_works":["https://openalex.org/W2950183588","https://openalex.org/W3080754722","https://openalex.org/W3093978547","https://openalex.org/W3203790781","https://openalex.org/W2997056298","https://openalex.org/W2738001131","https://openalex.org/W4285785480","https://openalex.org/W3127875750","https://openalex.org/W4383221314","https://openalex.org/W2953536436"],"abstract_inverted_index":{"The":[0,31],"distance":[1,59],"between":[2],"two":[3],"classes":[4,53,61],"for":[5,175],"a":[6,26,79,86,176],"deep":[7],"learning":[8],"classifier":[9],"can":[10,113,140],"be":[11],"measured":[12],"by":[13,77,144],"the":[14,29,39,66,181,186],"level":[15],"of":[16,34],"difficulty":[17],"in":[18,25,38,201],"flipping":[19],"all":[20],"(or":[21],"majority":[22],"of)":[23],"samples":[24],"class":[27,32,116,142,183],"to":[28,69,74,82,100,188],"other.":[30],"distances":[33,117,143,184],"many":[35],"pre-trained":[36],"models":[37,67],"wild":[40],"are":[41],"very":[42],"small":[43],"and":[44,55,63,108,122,165,192,195],"do":[45],"not":[46],"align":[47],"well":[48],"with":[49,118,132,148],"humans\u2019":[50],"intuition":[51],"(e.g.,":[52],"turtle":[54],"bird":[56],"have":[57],"smaller":[58],"than":[60,150],"cat":[62],"dog),":[64],"making":[65],"vulnerable":[68],"backdoor":[70,178],"attacks,":[71],"which":[72,94],"aim":[73],"cause":[75],"misclassification":[76],"stamping":[78],"specific":[80],"pattern":[81],"inputs.":[83],"We":[84],"propose":[85],"novel":[87],"model":[88,92,134],"hardening":[89,156],"technique":[90,139],"called":[91],"orthogonalization":[93],"is":[95],"an":[96],"add-on":[97],"training":[98,120],"step":[99],"pretrained":[101],"models,":[102,105,107,194],"including":[103],"clean":[104,191],"poisoned":[106,193],"adversarially":[109],"trained":[110],"models.":[111],"It":[112,170],"substantially":[114,196],"enlarge":[115,141],"reasonable":[119],"cost":[121],"without":[123],"much":[124],"accuracy":[125,152],"degradation.":[126],"Our":[127],"evaluation":[128],"on":[129,146],"5":[130],"datasets":[131],"22":[133],"structures":[135],"show":[136],"that":[137],"our":[138],"177.63%":[145],"average":[147],"less":[149],"1%":[151],"loss,":[153],"outperforming":[154],"existing":[155,199],"techniques":[157,200],"such":[158],"as":[159,180],"adversarial":[160,163],"training,":[161],"universal":[162],"perturbation,":[164],"directly":[166],"using":[167],"generated":[168],"backdoors.":[169,204],"reduces":[171],"80%":[172],"false":[173],"positives":[174],"state-of-the-art":[177],"scanner":[179,187],"enlarged":[182],"allow":[185],"easily":[189],"distinguish":[190],"outperforms":[197],"three":[198],"removing":[202],"injected":[203]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":14},{"year":2023,"cited_by_count":13},{"year":2022,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}