{"id":"https://openalex.org/W4415353159","doi":"https://doi.org/10.1109/tdsc.2025.3621213","title":"Adaptive Attractors: A Defense Strategy Against Adversarial Collusion Attacks in Machine Learning","display_name":"Adaptive Attractors: A Defense Strategy Against Adversarial Collusion Attacks in Machine Learning","publication_year":2025,"publication_date":"2025-10-20","ids":{"openalex":"https://openalex.org/W4415353159","doi":"https://doi.org/10.1109/tdsc.2025.3621213"},"language":null,"primary_location":{"id":"doi:10.1109/tdsc.2025.3621213","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3621213","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103182069","display_name":"Jiyi Zhang","orcid":"https://orcid.org/0000-0002-7777-3162"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Jiyi Zhang","raw_affiliation_strings":["School of Computing, National University of Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"School of Computing, National University of Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032465074","display_name":"Han Fang","orcid":"https://orcid.org/0000-0001-9635-9859"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Han Fang","raw_affiliation_strings":["School of Computing, National University of Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"School of Computing, National University of Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5105408906","display_name":"Ee\u2010Chien Chang","orcid":"https://orcid.org/0000-0003-4613-0866"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Ee-Chien Chang","raw_affiliation_strings":["School of Computing, National University of Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"School of Computing, National University of Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5103182069"],"corresponding_institution_ids":["https://openalex.org/I165932596"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.16014315,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"23","issue":"2","first_page":"2046","last_page":"2053"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9850000143051147,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.982200026512146,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8686000108718872},{"id":"https://openalex.org/keywords/collusion","display_name":"Collusion","score":0.8445000052452087},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.580299973487854},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.5418000221252441},{"id":"https://openalex.org/keywords/convergence","display_name":"Convergence (economics)","score":0.5184999704360962},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.40529999136924744},{"id":"https://openalex.org/keywords/attack-model","display_name":"Attack model","score":0.36160001158714294}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8686000108718872},{"id":"https://openalex.org/C2781198186","wikidata":"https://www.wikidata.org/wiki/Q701521","display_name":"Collusion","level":2,"score":0.8445000052452087},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8148999810218811},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.580299973487854},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5766000151634216},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5419999957084656},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.5418000221252441},{"id":"https://openalex.org/C2777303404","wikidata":"https://www.wikidata.org/wiki/Q759757","display_name":"Convergence (economics)","level":2,"score":0.5184999704360962},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.40529999136924744},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.36160001158714294},{"id":"https://openalex.org/C112972136","wikidata":"https://www.wikidata.org/wiki/Q7595718","display_name":"Stability (learning theory)","level":2,"score":0.32179999351501465},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3188000023365021},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.3100999891757965},{"id":"https://openalex.org/C164380108","wikidata":"https://www.wikidata.org/wiki/Q507187","display_name":"Attractor","level":2,"score":0.2849000096321106},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.2833000123500824},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.27790001034736633},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.2685999870300293},{"id":"https://openalex.org/C3020028006","wikidata":"https://www.wikidata.org/wiki/Q9158","display_name":"Electronic mail","level":2,"score":0.2574999928474426},{"id":"https://openalex.org/C57869625","wikidata":"https://www.wikidata.org/wiki/Q1783502","display_name":"Rate of convergence","level":3,"score":0.2549000084400177}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2025.3621213","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3621213","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W2002427601","https://openalex.org/W2243397390","https://openalex.org/W2605631833","https://openalex.org/W2808631503","https://openalex.org/W2963034614","https://openalex.org/W2963542245","https://openalex.org/W3013020904","https://openalex.org/W3015625436","https://openalex.org/W3034619610","https://openalex.org/W3040300753","https://openalex.org/W3087267795","https://openalex.org/W3209815338","https://openalex.org/W4362474101","https://openalex.org/W4383221476"],"related_works":[],"abstract_inverted_index":{"In":[0,73,182],"the":[1,8,15,107,113,125,152,185],"seller-buyer":[2],"setting":[3],"on":[4,14,28,36,66,71,78,106,176],"machine":[5],"learning":[6],"models,":[7],"seller":[9],"generates":[10],"different":[11,49,52,56,60,104],"copies":[12,159],"based":[13],"original":[16,186],"model":[17],"and":[18,93,110,171,178,199],"distributes":[19],"them":[20],"to":[21,51,86,97,190],"buyers,":[22],"such":[23],"that":[24,117],"adversarial":[25,57,63],"samples":[26,64],"generated":[27,65],"one":[29,67],"buyer's":[30],"copy":[31,68],"would":[32],"likely":[33],"not":[34,69,122],"work":[35],"other":[37],"copies.":[38,53],"A":[39],"known":[40],"approach":[41],"achieves":[42,165],"this":[43,74],"using":[44],"attractor-based":[45,119,187],"rewriter":[46,188],"which":[47],"injects":[48],"attractors":[50,140],"This":[54],"induces":[55],"regions":[58],"in":[59,193],"copies,":[61],"making":[62],"replicable":[70],"others.":[72],"paper,":[75],"we":[76,137],"focus":[77],"a":[79,146,166],"scenario":[80],"where":[81],"multiple":[82],"malicious":[83],"buyers":[84],"collude":[85],"attack.":[87],"We":[88,115],"first":[89],"give":[90],"two":[91],"formulations":[92],"conduct":[94],"empirical":[95],"studies":[96],"analyze":[98],"effectiveness":[99],"of":[100,112,129,154,168],"collusion":[101],"attack":[102,173,194],"under":[103],"assumptions":[105],"attacker's":[108],"capabilities":[109],"properties":[111],"attractors.":[114],"observe":[116],"existing":[118],"methods":[120],"do":[121],"effectively":[123],"mislead":[124],"colluders":[126,130],"as":[127],"number":[128],"increases":[131],"(Figure":[132],"2).":[133],"To":[134],"address":[135],"this,":[136],"propose":[138],"adaptive":[139],"whose":[141],"weight":[142],"is":[143],"guided":[144],"by":[145],"U-shape":[147],"curve.":[148],"Experimental":[149],"results":[150],"demonstrate":[151],"efficacy":[153],"our":[155,163],"approach.":[156],"With":[157],"40":[158],"used":[160],"for":[161],"collusion,":[162],"method":[164],"convergence":[167],"approximately":[169],"15%":[170],"6%":[172],"success":[174,195],"rates":[175],"CIFAR-10":[177],"GTSRB":[179],"datasets":[180],"respectively.":[181,201],"contrast,":[183],"employing":[184],"leads":[189],"linear":[191],"increase":[192],"rates,":[196],"reaching":[197],"29%":[198],"19%":[200]},"counts_by_year":[],"updated_date":"2026-03-17T06:59:57.516163","created_date":"2025-10-21T00:00:00"}