{"id":"https://openalex.org/W3082558286","doi":"https://doi.org/10.1109/tdsc.2020.3021008","title":"Man-in-the-Middle Attacks Against Machine Learning Classifiers Via Malicious Generative Models","display_name":"Man-in-the-Middle Attacks Against Machine Learning Classifiers Via Malicious Generative Models","publication_year":2020,"publication_date":"2020-09-01","ids":{"openalex":"https://openalex.org/W3082558286","doi":"https://doi.org/10.1109/tdsc.2020.3021008","mag":"3082558286"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2020.3021008","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2020.3021008","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5081805488","display_name":"Derui Wang","orcid":"https://orcid.org/0000-0003-1388-7715"},"institutions":[{"id":"https://openalex.org/I57093077","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67","country_code":"AU","type":"education","lineage":["https://openalex.org/I57093077"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Derui Wang","raw_affiliation_strings":["School of Software and Electrical Engineering, Swinburne University of Technology, Hawthorn, VIC, Australia"],"affiliations":[{"raw_affiliation_string":"School of Software and Electrical Engineering, Swinburne University of Technology, Hawthorn, VIC, Australia","institution_ids":["https://openalex.org/I57093077"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006173142","display_name":"Chaoran Li","orcid":"https://orcid.org/0000-0001-9118-5386"},"institutions":[{"id":"https://openalex.org/I57093077","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67","country_code":"AU","type":"education","lineage":["https://openalex.org/I57093077"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Chaoran Li","raw_affiliation_strings":["School of Software and Electrical Engineering, Swinburne University of Technology, Hawthorn, VIC, Australia"],"affiliations":[{"raw_affiliation_string":"School of Software and Electrical Engineering, Swinburne University of Technology, Hawthorn, VIC, Australia","institution_ids":["https://openalex.org/I57093077"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076576641","display_name":"Sheng Wen","orcid":"https://orcid.org/0000-0003-0655-666X"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Sheng Wen","raw_affiliation_strings":["CSIRO's Data 61, North Ryde, NSW, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO's Data 61, North Ryde, NSW, Australia","institution_ids":["https://openalex.org/I1292875679","https://openalex.org/I42894916"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082256444","display_name":"\u202aSurya Nepal\u202c","orcid":"https://orcid.org/0000-0002-3289-6599"},"institutions":[{"id":"https://openalex.org/I57093077","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67","country_code":"AU","type":"education","lineage":["https://openalex.org/I57093077"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Surya Nepal","raw_affiliation_strings":["School of Software and Electrical Engineering, Swinburne University of Technology, Hawthorn, VIC, Australia"],"affiliations":[{"raw_affiliation_string":"School of Software and Electrical Engineering, Swinburne University of Technology, Hawthorn, VIC, Australia","institution_ids":["https://openalex.org/I57093077"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100666554","display_name":"Yang Xiang","orcid":"https://orcid.org/0000-0001-5252-0831"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Yang Xiang","raw_affiliation_strings":["CSIRO's Data 61, North Ryde, NSW, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO's Data 61, North Ryde, NSW, Australia","institution_ids":["https://openalex.org/I1292875679","https://openalex.org/I42894916"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5081805488"],"corresponding_institution_ids":["https://openalex.org/I57093077"],"apc_list":null,"apc_paid":null,"fwci":1.8558,"has_fulltext":false,"cited_by_count":31,"citation_normalized_percentile":{"value":0.88519155,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":93,"max":99},"biblio":{"volume":"18","issue":"5","first_page":"2074","last_page":"2087"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9480999708175659,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8518702983856201},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.839087188243866},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.720646321773529},{"id":"https://openalex.org/keywords/man-in-the-middle-attack","display_name":"Man-in-the-middle attack","score":0.6873810291290283},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.5748456120491028},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5423581600189209},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5116715431213379},{"id":"https://openalex.org/keywords/generative-grammar","display_name":"Generative grammar","score":0.5000729560852051},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4682508707046509},{"id":"https://openalex.org/keywords/generative-adversarial-network","display_name":"Generative adversarial network","score":0.4298855662345886},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4258754849433899},{"id":"https://openalex.org/keywords/mnist-database","display_name":"MNIST database","score":0.424782931804657},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.39317840337753296},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.15299013257026672}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8518702983856201},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.839087188243866},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.720646321773529},{"id":"https://openalex.org/C196491621","wikidata":"https://www.wikidata.org/wiki/Q554830","display_name":"Man-in-the-middle attack","level":3,"score":0.6873810291290283},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.5748456120491028},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5423581600189209},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5116715431213379},{"id":"https://openalex.org/C39890363","wikidata":"https://www.wikidata.org/wiki/Q36108","display_name":"Generative grammar","level":2,"score":0.5000729560852051},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4682508707046509},{"id":"https://openalex.org/C2988773926","wikidata":"https://www.wikidata.org/wiki/Q25104379","display_name":"Generative adversarial network","level":3,"score":0.4298855662345886},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4258754849433899},{"id":"https://openalex.org/C190502265","wikidata":"https://www.wikidata.org/wiki/Q17069496","display_name":"MNIST database","level":3,"score":0.424782931804657},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.39317840337753296},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.15299013257026672}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tdsc.2020.3021008","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2020.3021008","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},{"id":"pmh:oai:researchbank.swinburne.edu.au:c80cafdc-53b2-4ac7-99d4-d6b94cba55c6/1","is_oa":false,"landing_page_url":"http://hdl.handle.net/1959.3/457543","pdf_url":null,"source":{"id":"https://openalex.org/S4306401157","display_name":"Swinburne Research Bank (Swinburne University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I57093077","host_organization_name":"Swinburne University of Technology","host_organization_lineage":["https://openalex.org/I57093077"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing (2020), pp. 1-1","raw_type":""}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5099999904632568,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":84,"referenced_works":["https://openalex.org/W1673923490","https://openalex.org/W1849243243","https://openalex.org/W1945616565","https://openalex.org/W2025768430","https://openalex.org/W2124563017","https://openalex.org/W2180612164","https://openalex.org/W2243397390","https://openalex.org/W2460937040","https://openalex.org/W2483814582","https://openalex.org/W2524985544","https://openalex.org/W2535873859","https://openalex.org/W2543927648","https://openalex.org/W2570685808","https://openalex.org/W2594717275","https://openalex.org/W2603766943","https://openalex.org/W2612637113","https://openalex.org/W2620038827","https://openalex.org/W2725606191","https://openalex.org/W2736899637","https://openalex.org/W2744095836","https://openalex.org/W2773726006","https://openalex.org/W2799194071","https://openalex.org/W2803300317","https://openalex.org/W2810065831","https://openalex.org/W2895097814","https://openalex.org/W2897865027","https://openalex.org/W2903470619","https://openalex.org/W2911290044","https://openalex.org/W2948811271","https://openalex.org/W2950864148","https://openalex.org/W2962711307","https://openalex.org/W2962820504","https://openalex.org/W2963062382","https://openalex.org/W2963143631","https://openalex.org/W2963207607","https://openalex.org/W2963243330","https://openalex.org/W2963448658","https://openalex.org/W2963557656","https://openalex.org/W2963564844","https://openalex.org/W2963744840","https://openalex.org/W2963746531","https://openalex.org/W2963800716","https://openalex.org/W2963857521","https://openalex.org/W2963969878","https://openalex.org/W2964049407","https://openalex.org/W2964077693","https://openalex.org/W2964144352","https://openalex.org/W2964153729","https://openalex.org/W2964167449","https://openalex.org/W2964171870","https://openalex.org/W2964253222","https://openalex.org/W2964923388","https://openalex.org/W2966583097","https://openalex.org/W3009606699","https://openalex.org/W3034530016","https://openalex.org/W3037024761","https://openalex.org/W3153872861","https://openalex.org/W4245089706","https://openalex.org/W4289147263","https://openalex.org/W4293846201","https://openalex.org/W4293874330","https://openalex.org/W4300511536","https://openalex.org/W6637162671","https://openalex.org/W6640425456","https://openalex.org/W6687506355","https://openalex.org/W6690607325","https://openalex.org/W6719080892","https://openalex.org/W6722063826","https://openalex.org/W6727420689","https://openalex.org/W6731927902","https://openalex.org/W6739868092","https://openalex.org/W6741036071","https://openalex.org/W6745535286","https://openalex.org/W6746307094","https://openalex.org/W6748475379","https://openalex.org/W6750404860","https://openalex.org/W6751761103","https://openalex.org/W6751777967","https://openalex.org/W6752600739","https://openalex.org/W6756436328","https://openalex.org/W6758800702","https://openalex.org/W6763559720","https://openalex.org/W6775858742","https://openalex.org/W7016021835"],"related_works":["https://openalex.org/W3048732067","https://openalex.org/W4383468834","https://openalex.org/W4384648009","https://openalex.org/W4303645823","https://openalex.org/W4285263558","https://openalex.org/W2900159906","https://openalex.org/W4287828318","https://openalex.org/W2406556600","https://openalex.org/W4283221438","https://openalex.org/W4385421777"],"abstract_inverted_index":{"Deep":[0],"Neural":[1],"Networks":[2],"(DNNs)":[3],"are":[4,79,111],"vulnerable":[5],"to":[6,25,136,175,180,191,202],"deliberately":[7],"crafted":[8],"adversarial":[9,27,76,138,149,182,193],"examples.":[10,194],"In":[11,45,131,234],"the":[12,39,55,68,74,88,91,103,124,129,141,145,148,152,209,235,237,247],"past":[13],"few":[14],"years,":[15],"many":[16],"efforts":[17],"have":[18,62],"been":[19,64,162],"spent":[20],"on":[21,140,206,219],"exploring":[22],"query-optimisation":[23,232,248],"attacks":[24,78,85,110],"find":[26],"examples":[28,139],"of":[29,51,57,70,126,151],"either":[30,176],"black-box":[31],"or":[32,184,228],"white-box":[33],"DNN":[34,52],"models,":[35,154],"as":[36,38,156],"well":[37],"defending":[40],"countermeasures":[41],"against":[42],"those":[43],"attacks.":[44,233,249],"this":[46],"article,":[47],"we":[48,169],"explore":[49],"vulnerabilities":[50],"models":[53,92,135],"under":[54],"umbrella":[56],"Man-in-the-Middle":[58],"(MitM)":[59],"attacks,":[60,98],"which":[61,99,122,225],"not":[63,80,161],"investigated":[65],"before.":[66],"From":[67],"perspective":[69],"an":[71],"MitM":[72,104,203],"adversary,":[73],"aforementioned":[75],"example":[77],"viable":[81],"anymore.":[82],"First,":[83],"such":[84,109,155],"must":[86],"acquire":[87],"outputs":[89,186],"from":[90,187],"multiple":[93],"times":[94,244],"before":[95],"actually":[96],"launching":[97],"is":[100,226,239],"difficult":[101],"for":[102,128],"adversary":[105],"in":[106],"practice.":[107],"Second,":[108],"one-off":[112],"and":[113,222],"cannot":[114],"be":[115,192],"directly":[116],"generalised":[117],"onto":[118],"new":[119],"data":[120],"examples,":[121],"decreases":[123],"rate":[125],"return":[127],"attacker.":[130],"contrast,":[132],"using":[133,171],"generative":[134,153],"craft":[137],"fly":[142],"can":[143,198,212],"mitigate":[144],"drawbacks.":[146],"However,":[147],"capability":[150,201],"Variational":[157],"Auto-Encoder":[158],"(VAE),":[159],"has":[160],"extensively":[163],"studied.":[164],"Therefore,":[165],"given":[166],"a":[167,172],"classifier,":[168],"investigate":[170],"VAE":[173,189],"decoder":[174],"transform":[177],"benign":[178,188],"inputs":[179],"their":[181],"counterparts":[183],"decode":[185],"encoders":[190],"The":[195],"proposed":[196,210],"method":[197],"endue":[199],"more":[200],"attackers.":[204],"Based":[205],"our":[207],"evaluation,":[208],"attack":[211,238],"achieve":[213],"above":[214],"95":[215],"percent":[216],"success":[217],"rates":[218],"both":[220],"MNIST":[221],"CIFAR10":[223],"datasets,":[224],"better":[227],"comparable":[229],"with":[230],"state-of-the-art":[231],"meantime,":[236],"10":[240],"<sup":[241],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[242],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">4</sup>":[243],"faster":[245],"than":[246]},"counts_by_year":[{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}