{"id":"https://openalex.org/W4377235196","doi":"https://doi.org/10.1109/tifs.2023.3278458","title":"The Art of Defense: Letting Networks Fool the Attacker","display_name":"The Art of Defense: Letting Networks Fool the Attacker","publication_year":2023,"publication_date":"2023-01-01","ids":{"openalex":"https://openalex.org/W4377235196","doi":"https://doi.org/10.1109/tifs.2023.3278458"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2023.3278458","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2023.3278458","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5081247905","display_name":"Jinlai Zhang","orcid":"https://orcid.org/0000-0002-3457-1982"},"institutions":[{"id":"https://openalex.org/I150807315","display_name":"Guangxi University","ror":"https://ror.org/02c9qn167","country_code":"CN","type":"education","lineage":["https://openalex.org/I150807315"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jinlai Zhang","raw_affiliation_strings":["College of Mechanical Engineering, Guangxi University, Nanning, China"],"raw_orcid":"https://orcid.org/0000-0002-3457-1982","affiliations":[{"raw_affiliation_string":"College of Mechanical Engineering, Guangxi University, Nanning, China","institution_ids":["https://openalex.org/I150807315"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068755794","display_name":"Yinpeng Dong","orcid":"https://orcid.org/0000-0003-1299-683X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yinpeng Dong","raw_affiliation_strings":["Department of Computer Science and Technology, Tsinghua University, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Technology, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016863397","display_name":"Minchi Kuang","orcid":"https://orcid.org/0000-0002-8082-539X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Minchi Kuang","raw_affiliation_strings":["Department of Precision Instrument, Tsinghua University, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Precision Instrument, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100341732","display_name":"Binbin Liu","orcid":"https://orcid.org/0000-0002-1644-3098"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Binbin Liu","raw_affiliation_strings":["Department of Computer Science and Technology, Tsinghua University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-1644-3098","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Technology, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100750387","display_name":"Bo Ouyang","orcid":"https://orcid.org/0000-0003-2378-981X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bo Ouyang","raw_affiliation_strings":["Department of Computer Science and Technology, Tsinghua University, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Technology, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108047893","display_name":"Jihong Zhu","orcid":"https://orcid.org/0000-0001-6830-1211"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jihong Zhu","raw_affiliation_strings":["Department of Precision Instrument, Tsinghua University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-6830-1211","affiliations":[{"raw_affiliation_string":"Department of Precision Instrument, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077221218","display_name":"Houqing Wang","orcid":"https://orcid.org/0000-0002-9999-0889"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Houqing Wang","raw_affiliation_strings":["Department of Precision Instrument, Tsinghua University, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Precision Instrument, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5029956205","display_name":"Yanmei Meng","orcid":"https://orcid.org/0000-0002-3615-9465"},"institutions":[{"id":"https://openalex.org/I150807315","display_name":"Guangxi University","ror":"https://ror.org/02c9qn167","country_code":"CN","type":"education","lineage":["https://openalex.org/I150807315"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yanmei Meng","raw_affiliation_strings":["College of Mechanical Engineering, Guangxi University, Nanning, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Mechanical Engineering, Guangxi University, Nanning, China","institution_ids":["https://openalex.org/I150807315"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5081247905"],"corresponding_institution_ids":["https://openalex.org/I150807315"],"apc_list":null,"apc_paid":null,"fwci":3.2378,"has_fulltext":false,"cited_by_count":19,"citation_normalized_percentile":{"value":0.93395157,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"18","issue":null,"first_page":"3267","last_page":"3276"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11515","display_name":"Bacillus and Francisella bacterial research","score":0.9072999954223633,"subfield":{"id":"https://openalex.org/subfields/1312","display_name":"Molecular Biology"},"field":{"id":"https://openalex.org/fields/13","display_name":"Biochemistry, Genetics and Molecular Biology"},"domain":{"id":"https://openalex.org/domains/1","display_name":"Life Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9003000259399414,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7979711294174194},{"id":"https://openalex.org/keywords/point-cloud","display_name":"Point cloud","score":0.7696495056152344},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6479357481002808},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.5902178883552551},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5685479640960693},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.5623656511306763},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.5267994999885559},{"id":"https://openalex.org/keywords/reverse-engineering","display_name":"Reverse engineering","score":0.490831196308136},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.48636820912361145},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.36458712816238403}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7979711294174194},{"id":"https://openalex.org/C131979681","wikidata":"https://www.wikidata.org/wiki/Q1899648","display_name":"Point cloud","level":2,"score":0.7696495056152344},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6479357481002808},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.5902178883552551},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5685479640960693},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.5623656511306763},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.5267994999885559},{"id":"https://openalex.org/C207850805","wikidata":"https://www.wikidata.org/wiki/Q269608","display_name":"Reverse engineering","level":2,"score":0.490831196308136},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.48636820912361145},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.36458712816238403},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2023.3278458","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2023.3278458","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4699999988079071,"id":"https://metadata.un.org/sdg/11","display_name":"Sustainable cities and communities"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":136,"referenced_works":["https://openalex.org/W1522301498","https://openalex.org/W1673923490","https://openalex.org/W1920022804","https://openalex.org/W1945616565","https://openalex.org/W2194775991","https://openalex.org/W2243397390","https://openalex.org/W2543927648","https://openalex.org/W2558580397","https://openalex.org/W2560609797","https://openalex.org/W2620038827","https://openalex.org/W2736899637","https://openalex.org/W2744026832","https://openalex.org/W2765424254","https://openalex.org/W2774644650","https://openalex.org/W2786118190","https://openalex.org/W2788106558","https://openalex.org/W2798302089","https://openalex.org/W2895033754","https://openalex.org/W2912070915","https://openalex.org/W2917809001","https://openalex.org/W2945557596","https://openalex.org/W2950048339","https://openalex.org/W2950106672","https://openalex.org/W2954978443","https://openalex.org/W2962710014","https://openalex.org/W2962759300","https://openalex.org/W2962818872","https://openalex.org/W2962972208","https://openalex.org/W2963001136","https://openalex.org/W2963037989","https://openalex.org/W2963121255","https://openalex.org/W2963143631","https://openalex.org/W2963158386","https://openalex.org/W2963231572","https://openalex.org/W2963389226","https://openalex.org/W2963680153","https://openalex.org/W2963744840","https://openalex.org/W2963857521","https://openalex.org/W2963920068","https://openalex.org/W2964197269","https://openalex.org/W2970504098","https://openalex.org/W2971180473","https://openalex.org/W2976345833","https://openalex.org/W2979750740","https://openalex.org/W2981979099","https://openalex.org/W2982104318","https://openalex.org/W2990258745","https://openalex.org/W2995554640","https://openalex.org/W2996564870","https://openalex.org/W2997811843","https://openalex.org/W3004554585","https://openalex.org/W3007802865","https://openalex.org/W3018979822","https://openalex.org/W3024886890","https://openalex.org/W3025561882","https://openalex.org/W3034214559","https://openalex.org/W3034314779","https://openalex.org/W3034376720","https://openalex.org/W3034707001","https://openalex.org/W3035067471","https://openalex.org/W3035394681","https://openalex.org/W3089221115","https://openalex.org/W3092447222","https://openalex.org/W3093060913","https://openalex.org/W3097024155","https://openalex.org/W3103340107","https://openalex.org/W3103557498","https://openalex.org/W3111197774","https://openalex.org/W3111535274","https://openalex.org/W3118969708","https://openalex.org/W3136808611","https://openalex.org/W3153465022","https://openalex.org/W3158405343","https://openalex.org/W3171433839","https://openalex.org/W3178946670","https://openalex.org/W3212055905","https://openalex.org/W3213180143","https://openalex.org/W4287726855","https://openalex.org/W4288346627","https://openalex.org/W4288360049","https://openalex.org/W4288363925","https://openalex.org/W4289121525","https://openalex.org/W4292779060","https://openalex.org/W4292956067","https://openalex.org/W4293846201","https://openalex.org/W4298289240","https://openalex.org/W4300677102","https://openalex.org/W4312962761","https://openalex.org/W4313165153","https://openalex.org/W4394644156","https://openalex.org/W6631190155","https://openalex.org/W6637162671","https://openalex.org/W6637568146","https://openalex.org/W6640300118","https://openalex.org/W6640425456","https://openalex.org/W6729756640","https://openalex.org/W6739778489","https://openalex.org/W6739868092","https://openalex.org/W6741036071","https://openalex.org/W6743284318","https://openalex.org/W6744679260","https://openalex.org/W6745272055","https://openalex.org/W6746402973","https://openalex.org/W6747819456","https://openalex.org/W6747920752","https://openalex.org/W6748013272","https://openalex.org/W6748204703","https://openalex.org/W6748475379","https://openalex.org/W6748711285","https://openalex.org/W6754160155","https://openalex.org/W6754762128","https://openalex.org/W6758684365","https://openalex.org/W6758779121","https://openalex.org/W6759334943","https://openalex.org/W6759946342","https://openalex.org/W6761100157","https://openalex.org/W6762749081","https://openalex.org/W6762775584","https://openalex.org/W6763194189","https://openalex.org/W6767354759","https://openalex.org/W6768008261","https://openalex.org/W6768628267","https://openalex.org/W6769767596","https://openalex.org/W6771326840","https://openalex.org/W6771809012","https://openalex.org/W6774348459","https://openalex.org/W6774549192","https://openalex.org/W6777349897","https://openalex.org/W6778883912","https://openalex.org/W6780176858","https://openalex.org/W6783104308","https://openalex.org/W6784134718","https://openalex.org/W6803512974","https://openalex.org/W6804242807","https://openalex.org/W6841865961","https://openalex.org/W6864546407"],"related_works":["https://openalex.org/W2502115930","https://openalex.org/W2015591542","https://openalex.org/W4312596780","https://openalex.org/W2351477033","https://openalex.org/W2393966857","https://openalex.org/W2085239170","https://openalex.org/W2351324719","https://openalex.org/W2358149864","https://openalex.org/W2385447786","https://openalex.org/W1979412361"],"abstract_inverted_index":{"3D":[0,21,36,121,186,199],"perception":[1,22],"of":[2,71,99,129,132,141,151],"objects":[3],"is":[4,180],"critical":[5],"for":[6,120,175],"many":[7],"real-world":[8],"applications,":[9],"such":[10],"as":[11],"autonomous":[12],"cars":[13],"and":[14,75,96],"robots.":[15],"Among":[16],"them,":[17],"most":[18,64,76],"state-of-the-art":[19],"(SOTA)":[20],"systems":[23],"are":[24,46,61,82],"based":[25,42],"on":[26,39,43,79,84,160],"deep":[27,44,72],"learning":[28,45,73],"models.":[29],"Recently,":[30],"the":[31,63,69,93,97,100,130,133,139,149,155],"research":[32],"community":[33],"found":[34],"that":[35,125],"object":[37],"classifiers":[38,103,124,147],"point":[40,51,80,101,122,134,142,145,157],"cloud":[41,52,81,102,123,135,146],"easily":[47],"fooled":[48],"by":[49,54],"adversarial":[50,59,77,118],"craft":[53],"attackers.":[55],"To":[56,108],"overcome":[57],"this,":[58],"defenses":[60,78],"considered":[62],"effective":[65],"ways":[66],"to":[67,138,154,196],"improve":[68],"robustness":[70],"models,":[74],"focused":[83],"input":[85,156],"transformation.":[86],"However,":[87],"all":[88,144],"previous":[89,197],"defense":[90,119,167,183],"methods":[91],"decrease":[92],"natural":[94],"accuracy,":[95],"nature":[98,131],"itself":[104],"has":[105],"been":[106],"overlooked.":[107],"this":[109,112,161],"end,":[110],"in":[111],"paper,":[113],"we":[114,163],"propose":[115],"a":[116,181],"novel":[117],"makes":[126],"full":[127],"use":[128],"classifiers.":[136],"Due":[137],"disorder":[140],"cloud,":[143],"have":[148],"property":[150],"permutation":[152],"invariant":[153,165],"cloud.":[158],"Based":[159],"nature,":[162],"design":[164],"transformations":[166],"(IT-Defense).":[168],"We":[169],"show":[170],"that,":[171],"even":[172],"after":[173],"accounting":[174],"obfuscated":[176],"gradients,":[177],"our":[178],"IT-Defense":[179,189],"resilient":[182],"against":[184],"SOTA":[185,198],"attacks.":[187],"Moreover,":[188],"does":[190],"not":[191],"hurt":[192],"clean":[193],"accuracy":[194],"compared":[195],"defenses.":[200],"Our":[201],"code":[202],"will":[203],"be":[204],"available":[205],"at:":[206],"https://github.com/cuge1995/IT-Defense.":[207]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}