{"id":"https://openalex.org/W4384948583","doi":"https://doi.org/10.1109/sp46215.2023.10179473","title":"AI-Guardian: Defeating Adversarial Attacks using Backdoors","display_name":"AI-Guardian: Defeating Adversarial Attacks using Backdoors","publication_year":2023,"publication_date":"2023-05-01","ids":{"openalex":"https://openalex.org/W4384948583","doi":"https://doi.org/10.1109/sp46215.2023.10179473"},"language":"en","primary_location":{"id":"doi:10.1109/sp46215.2023.10179473","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179473","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103837552","display_name":"Hong Zhu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Hong Zhu","raw_affiliation_strings":["Chinese Academy of Sciences,SKLOIS, Institute of Information Engineering,China","SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China","School of Cyber Security, University of Chinese Academy of Sciences, China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,SKLOIS, Institute of Information Engineering,China","institution_ids":["https://openalex.org/I4210156404"]},{"raw_affiliation_string":"SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027504758","display_name":"Shengzhi Zhang","orcid":"https://orcid.org/0000-0001-9432-9779"},"institutions":[{"id":"https://openalex.org/I111088046","display_name":"Boston University","ror":"https://ror.org/05qwgg493","country_code":"US","type":"education","lineage":["https://openalex.org/I111088046"]},{"id":"https://openalex.org/I92609107","display_name":"Metropolitan College of New York","ror":"https://ror.org/012saek46","country_code":"US","type":"education","lineage":["https://openalex.org/I92609107"]},{"id":"https://openalex.org/I203428652","display_name":"Metropolitan University College","ror":"https://ror.org/032rem971","country_code":"DK","type":"education","lineage":["https://openalex.org/I203428652"]}],"countries":["DK","US"],"is_corresponding":false,"raw_author_name":"Shengzhi Zhang","raw_affiliation_strings":["Boston University,Metropolitan College,USA","Metropolitan College, Boston University, USA"],"affiliations":[{"raw_affiliation_string":"Boston University,Metropolitan College,USA","institution_ids":["https://openalex.org/I203428652"]},{"raw_affiliation_string":"Metropolitan College, Boston University, USA","institution_ids":["https://openalex.org/I92609107","https://openalex.org/I111088046"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100437976","display_name":"Kai Chen","orcid":"https://orcid.org/0000-0002-5624-2987"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kai Chen","raw_affiliation_strings":["Chinese Academy of Sciences,SKLOIS, Institute of Information Engineering,China","School of Cyber Security, University of Chinese Academy of Sciences, China","SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,SKLOIS, Institute of Information Engineering,China","institution_ids":["https://openalex.org/I4210156404"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210165038"]},{"raw_affiliation_string":"SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5103837552"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404","https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":2.0948,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.89538221,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"701","last_page":"718"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9918000102043152,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10036","display_name":"Advanced Neural Network Applications","score":0.9860000014305115,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.9275076389312744},{"id":"https://openalex.org/keywords/guardian","display_name":"Guardian","score":0.8322584629058838},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8104879856109619},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5908163189888},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.43382734060287476},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3877507746219635},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.0986594557762146},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.07384815812110901},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.06593441963195801}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.9275076389312744},{"id":"https://openalex.org/C2776680780","wikidata":"https://www.wikidata.org/wiki/Q15964604","display_name":"Guardian","level":2,"score":0.8322584629058838},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8104879856109619},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5908163189888},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.43382734060287476},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3877507746219635},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0986594557762146},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.07384815812110901},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.06593441963195801},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp46215.2023.10179473","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179473","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":100,"referenced_works":["https://openalex.org/W34239198","https://openalex.org/W1832693441","https://openalex.org/W1995562189","https://openalex.org/W2019464758","https://openalex.org/W2051267297","https://openalex.org/W2067713319","https://openalex.org/W2133665775","https://openalex.org/W2135310007","https://openalex.org/W2325939864","https://openalex.org/W2470972006","https://openalex.org/W2607219512","https://openalex.org/W2612372205","https://openalex.org/W2618043096","https://openalex.org/W2620038827","https://openalex.org/W2753783305","https://openalex.org/W2765424254","https://openalex.org/W2774423163","https://openalex.org/W2798302089","https://openalex.org/W2799194071","https://openalex.org/W2886234956","https://openalex.org/W2887603965","https://openalex.org/W2890883923","https://openalex.org/W2907212742","https://openalex.org/W2912581782","https://openalex.org/W2934843808","https://openalex.org/W2942091739","https://openalex.org/W2947133760","https://openalex.org/W2952370363","https://openalex.org/W2962747881","https://openalex.org/W2963477629","https://openalex.org/W2963542245","https://openalex.org/W2963857521","https://openalex.org/W2964082701","https://openalex.org/W2966689772","https://openalex.org/W2967177252","https://openalex.org/W2983044655","https://openalex.org/W2984260944","https://openalex.org/W2986013765","https://openalex.org/W2990270730","https://openalex.org/W2992808132","https://openalex.org/W2996800219","https://openalex.org/W3006808893","https://openalex.org/W3015625436","https://openalex.org/W3021636956","https://openalex.org/W3034258347","https://openalex.org/W3034414373","https://openalex.org/W3035616549","https://openalex.org/W3081178496","https://openalex.org/W3088733693","https://openalex.org/W3091857398","https://openalex.org/W3095530010","https://openalex.org/W3102720581","https://openalex.org/W3102725307","https://openalex.org/W3103557498","https://openalex.org/W3105806188","https://openalex.org/W3107337211","https://openalex.org/W3108175762","https://openalex.org/W3127402166","https://openalex.org/W3127616799","https://openalex.org/W3152758407","https://openalex.org/W3184920807","https://openalex.org/W3190231162","https://openalex.org/W3198840923","https://openalex.org/W3204379741","https://openalex.org/W3211753216","https://openalex.org/W3213559212","https://openalex.org/W3213785680","https://openalex.org/W3213831029","https://openalex.org/W3213849916","https://openalex.org/W4214587150","https://openalex.org/W4293363567","https://openalex.org/W4293846201","https://openalex.org/W4296596384","https://openalex.org/W4300725094","https://openalex.org/W4311427498","https://openalex.org/W4316654951","https://openalex.org/W6601402213","https://openalex.org/W6639568328","https://openalex.org/W6640425456","https://openalex.org/W6680138562","https://openalex.org/W6681673350","https://openalex.org/W6725195833","https://openalex.org/W6737443998","https://openalex.org/W6745272055","https://openalex.org/W6746608116","https://openalex.org/W6746897123","https://openalex.org/W6747819456","https://openalex.org/W6748204703","https://openalex.org/W6748475379","https://openalex.org/W6751839145","https://openalex.org/W6752654261","https://openalex.org/W6756074407","https://openalex.org/W6756333562","https://openalex.org/W6766336336","https://openalex.org/W6771809012","https://openalex.org/W6774469542","https://openalex.org/W6782072790","https://openalex.org/W6790503462","https://openalex.org/W6840571915","https://openalex.org/W6846960784"],"related_works":["https://openalex.org/W3024390022","https://openalex.org/W2903917280","https://openalex.org/W3040865353","https://openalex.org/W4205705013","https://openalex.org/W2901368259","https://openalex.org/W2081647779","https://openalex.org/W3198184493","https://openalex.org/W1858327386","https://openalex.org/W4295850094","https://openalex.org/W4280605518"],"abstract_inverted_index":{"Deep":[0],"neural":[1],"networks":[2],"(DNNs)":[3],"have":[4],"been":[5],"widely":[6],"used":[7],"in":[8,43,105,150],"many":[9],"fields":[10],"due":[11],"to":[12,22,29,65,74,118,143],"their":[13],"increasingly":[14],"high":[15],"accuracy.":[16,136],"However,":[17],"they":[18],"are":[19,41],"also":[20,48],"vulnerable":[21],"adversarial":[23,67,77,95,107],"attacks,":[24,46],"posing":[25],"a":[26,62,129],"serious":[27],"threat":[28],"security-critical":[30],"applications":[31],"such":[32,45],"as":[33],"autonomous":[34],"driving,":[35],"remote":[36],"diagnosis,":[37],"etc.":[38],"Existing":[39],"solutions":[40],"limited":[42],"detecting/preventing":[44],"and":[47,79,99],"impacting":[49],"the":[50,53,76,81,84,112,122,133,144],"performance":[51,82],"on":[52,132],"original":[54,85],"tasks.":[55],"In":[56],"this":[57],"paper,":[58],"we":[59],"present":[60],"AI-Guardian,":[61],"novel":[63],"approach":[64],"defeating":[66,106],"attacks":[68],"that":[69],"leverages":[70],"intentionally":[71],"embedded":[72],"backdoors":[73],"fail":[75],"perturbations":[78],"maintain":[80],"of":[83],"main":[86],"task.":[87],"We":[88],"extensively":[89],"evaluate":[90],"AI-Guardian":[91,110,138],"using":[92],"five":[93],"popular":[94],"example":[96],"generation":[97],"approaches,":[98],"experimental":[100],"results":[101],"demonstrate":[102],"its":[103],"efficacy":[104],"attacks.":[108],"Specifically,":[109],"reduces":[111],"attack":[113],"success":[114],"rate":[115],"from":[116],"97.3%":[117],"3.2%,":[119],"which":[120],"outperforms":[121],"state-of-the-art":[123],"works":[124],"by":[125],"30.9%,":[126],"with":[127],"only":[128,140],"0.9%":[130],"decline":[131],"clean":[134],"data":[135],"Furthermore,":[137],"introduces":[139],"0.36%":[141],"overhead":[142],"model":[145],"prediction":[146],"time,":[147],"almost":[148],"negligible":[149],"most":[151],"cases.":[152]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":6}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}