{"id":"https://openalex.org/W4378195097","doi":"https://doi.org/10.1109/tc.2023.3280133","title":"Model Poisoning Attack on Neural Network Without Reference Data","display_name":"Model Poisoning Attack on Neural Network Without Reference Data","publication_year":2023,"publication_date":"2023-05-25","ids":{"openalex":"https://openalex.org/W4378195097","doi":"https://doi.org/10.1109/tc.2023.3280133"},"language":"en","primary_location":{"id":"doi:10.1109/tc.2023.3280133","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tc.2023.3280133","pdf_url":null,"source":{"id":"https://openalex.org/S157670870","display_name":"IEEE Transactions on Computers","issn_l":"0018-9340","issn":["0018-9340","1557-9956","2326-3814"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Computers","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101485671","display_name":"Xianglong Zhang","orcid":"https://orcid.org/0000-0001-7939-6279"},"institutions":[{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xianglong Zhang","raw_affiliation_strings":["School of Computer Science and Technology, Shandong University, Jinan, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Shandong University, Jinan, China","institution_ids":["https://openalex.org/I80143920"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033390700","display_name":"Huanle Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Huanle Zhang","raw_affiliation_strings":["School of Computer Science and Technology, Shandong University, Jinan, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Shandong University, Jinan, China","institution_ids":["https://openalex.org/I80143920"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100618995","display_name":"Guoming Zhang","orcid":"https://orcid.org/0000-0002-8003-0669"},"institutions":[{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Guoming Zhang","raw_affiliation_strings":["School of Computer Science and Technology, Shandong University, Jinan, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Shandong University, Jinan, China","institution_ids":["https://openalex.org/I80143920"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100339431","display_name":"Hong Li","orcid":"https://orcid.org/0000-0003-1353-7838"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hong Li","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045982340","display_name":"Dongxiao Yu","orcid":"https://orcid.org/0000-0001-6835-5981"},"institutions":[{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dongxiao Yu","raw_affiliation_strings":["School of Computer Science and Technology, Shandong University, Jinan, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Shandong University, Jinan, China","institution_ids":["https://openalex.org/I80143920"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100692488","display_name":"Xiuzhen Cheng","orcid":"https://orcid.org/0000-0001-5912-4647"},"institutions":[{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiuzhen Cheng","raw_affiliation_strings":["School of Computer Science and Technology, Shandong University, Jinan, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Shandong University, Jinan, China","institution_ids":["https://openalex.org/I80143920"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100703619","display_name":"Pengfei Hu","orcid":"https://orcid.org/0000-0002-7935-886X"},"institutions":[{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Pengfei Hu","raw_affiliation_strings":["School of Computer Science and Technology, Shandong University, Jinan, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Shandong University, Jinan, China","institution_ids":["https://openalex.org/I80143920"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5101485671"],"corresponding_institution_ids":["https://openalex.org/I80143920"],"apc_list":null,"apc_paid":null,"fwci":1.2178,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.82853571,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":"72","issue":"10","first_page":"2978","last_page":"2989"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9671000242233276,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10036","display_name":"Advanced Neural Network Applications","score":0.9043999910354614,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8206602334976196},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6054632663726807},{"id":"https://openalex.org/keywords/covert","display_name":"Covert","score":0.5686324238777161},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5472558736801147},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.48305827379226685},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4655820429325104},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.45070526003837585},{"id":"https://openalex.org/keywords/attack-model","display_name":"Attack model","score":0.44942378997802734},{"id":"https://openalex.org/keywords/training-set","display_name":"Training set","score":0.4350195527076721},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.37197571992874146},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.349895179271698}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8206602334976196},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6054632663726807},{"id":"https://openalex.org/C2779338814","wikidata":"https://www.wikidata.org/wiki/Q5179285","display_name":"Covert","level":2,"score":0.5686324238777161},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5472558736801147},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.48305827379226685},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4655820429325104},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.45070526003837585},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.44942378997802734},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.4350195527076721},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.37197571992874146},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.349895179271698},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tc.2023.3280133","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tc.2023.3280133","pdf_url":null,"source":{"id":"https://openalex.org/S157670870","display_name":"IEEE Transactions on Computers","issn_l":"0018-9340","issn":["0018-9340","1557-9956","2326-3814"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Computers","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1423280369","display_name":null,"funder_award_id":"62072278","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4959332381","display_name":null,"funder_award_id":"62202276","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8942805157","display_name":null,"funder_award_id":"62232010","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":54,"referenced_works":["https://openalex.org/W1945616565","https://openalex.org/W2024922353","https://openalex.org/W2053637704","https://openalex.org/W2102605133","https://openalex.org/W2119112357","https://openalex.org/W2180612164","https://openalex.org/W2295107390","https://openalex.org/W2324464293","https://openalex.org/W2473930607","https://openalex.org/W2581082771","https://openalex.org/W2618492571","https://openalex.org/W2618530766","https://openalex.org/W2753783305","https://openalex.org/W2775907600","https://openalex.org/W2785729136","https://openalex.org/W2787323722","https://openalex.org/W2810065831","https://openalex.org/W2897865027","https://openalex.org/W2934843808","https://openalex.org/W2942091739","https://openalex.org/W2962851944","https://openalex.org/W2963777745","https://openalex.org/W2963857521","https://openalex.org/W2985913519","https://openalex.org/W2986013765","https://openalex.org/W2996800219","https://openalex.org/W3021654819","https://openalex.org/W3022179901","https://openalex.org/W3024103409","https://openalex.org/W3081178496","https://openalex.org/W3090898103","https://openalex.org/W3096264229","https://openalex.org/W3105009650","https://openalex.org/W3106646114","https://openalex.org/W3118608800","https://openalex.org/W3119388964","https://openalex.org/W3120073944","https://openalex.org/W3138669064","https://openalex.org/W3146139378","https://openalex.org/W3170720090","https://openalex.org/W3174908416","https://openalex.org/W4285203950","https://openalex.org/W4293651439","https://openalex.org/W4299518610","https://openalex.org/W6640425456","https://openalex.org/W6682132143","https://openalex.org/W6685133223","https://openalex.org/W6744557953","https://openalex.org/W6752600739","https://openalex.org/W6756943956","https://openalex.org/W6779739866","https://openalex.org/W6787959460","https://openalex.org/W6787972765","https://openalex.org/W6788654946"],"related_works":["https://openalex.org/W2523525694","https://openalex.org/W2998642566","https://openalex.org/W2497612952","https://openalex.org/W2392682561","https://openalex.org/W4387796593","https://openalex.org/W2604394466","https://openalex.org/W2952603690","https://openalex.org/W2941205169","https://openalex.org/W4328053081","https://openalex.org/W4387687104"],"abstract_inverted_index":{"Due":[0],"to":[1,41,48,74,171],"the":[2,42,75,80,86,95,120,125,136,144,147,154,173,176],"substantial":[3],"computational":[4],"cost":[5],"of":[6,85,97,146],"neural":[7],"network":[8],"training,":[9],"adopting":[10],"third-party":[11,22],"models":[12,23],"has":[13],"become":[14],"increasingly":[15],"popular.":[16],"However,":[17],"recent":[18],"works":[19],"demonstrate":[20],"that":[21,64,119,180],"can":[24,65,128],"be":[25,129],"poisoned.":[26],"Nonetheless,":[27],"most":[28],"model":[29,61,87,99,138,149,156],"poisoning":[30,62],"attacks":[31],"require":[32],"reference":[33,58],"data,":[34],"e.g.,":[35],"training":[36,96],"dataset":[37],"or":[38],"data":[39,59],"belonging":[40],"target":[43,76],"label,":[44,77],"making":[45],"them":[46],"difficult":[47],"launch":[49,172],"in":[50],"practice.":[51],"In":[52],"this":[53],"paper,":[54],"we":[55],"propose":[56],"a":[57,112,132,167],"independent":[60],"attack":[63,121,182],"(1)":[66],"directly":[67],"search":[68],"for":[69],"sensitive":[70,90],"features":[71],"with":[72,111,139],"respect":[73],"(2)":[78],"quantify":[79],"positive":[81],"and":[82,92,115,160,188,197],"negative":[83],"effects":[84],"parameters":[88],"on":[89,109,157,192],"features,":[91],"(3)":[93],"accomplish":[94],"poisoned":[98,137,148],"by":[100,135],"our":[101,181],"parameter":[102],"selective":[103],"update":[104],"strategy.":[105],"The":[106],"extensive":[107],"evaluation":[108,177],"datasets":[110],"few":[113],"classes":[114,117],"numerous":[116],"show":[118,179],"is":[122,150],"(I)":[123],"effective:":[124],"trigger":[126],"input":[127],"labeled":[130],"as":[131],"deliberate":[133],"class":[134],"high":[140],"probability;":[141],"(II)":[142],"covert:":[143],"performance":[145],"almost":[151],"indistinguishable":[152],"from":[153],"intact":[155],"non-trigger":[158],"inputs;":[159],"(III)":[161],"straightforward:":[162],"an":[163],"adversary":[164],"only":[165],"needs":[166],"little":[168],"background":[169],"knowledge":[170],"attack.":[174],"Overall,":[175],"results":[178],"achieves":[183],"95%,":[184],"100%,":[185],"81%,":[186],"96%,":[187],"96%":[189],"success":[190],"rates":[191],"Cifar10,":[193],"Cifar100,":[194],"ISIC2018,":[195],"FaceScrub,":[196],"ImageNet":[198],"datasets,":[199],"respectively.":[200]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":3}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}