{"id":"https://openalex.org/W4387623692","doi":"https://doi.org/10.1109/tifs.2023.3324318","title":"Toward a Critical Evaluation of Robustness for Deep Learning Backdoor Countermeasures","display_name":"Toward a Critical Evaluation of Robustness for Deep Learning Backdoor Countermeasures","publication_year":2023,"publication_date":"2023-10-13","ids":{"openalex":"https://openalex.org/W4387623692","doi":"https://doi.org/10.1109/tifs.2023.3324318"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2023.3324318","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2023.3324318","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5039324800","display_name":"Huming Qiu","orcid":"https://orcid.org/0009-0004-5385-9414"},"institutions":[{"id":"https://openalex.org/I36399199","display_name":"Nanjing University of Science and Technology","ror":"https://ror.org/00xp9wg62","country_code":"CN","type":"education","lineage":["https://openalex.org/I36399199"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Huming Qiu","raw_affiliation_strings":["School of Computer Science and Engineering, Nanjing University of Science and Technology (NJUST), Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Nanjing University of Science and Technology (NJUST), Nanjing, China","institution_ids":["https://openalex.org/I36399199"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114928939","display_name":"Hua Ma","orcid":"https://orcid.org/0000-0002-9069-7731"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I5681781","display_name":"The University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Hua Ma","raw_affiliation_strings":["School of Electrical and Electronics Engineering, The University of Adelaide, Adelaide, SA, Australia","Data61, CSIRO, Canberra, ACT, Australia"],"affiliations":[{"raw_affiliation_string":"School of Electrical and Electronics Engineering, The University of Adelaide, Adelaide, SA, Australia","institution_ids":["https://openalex.org/I5681781"]},{"raw_affiliation_string":"Data61, CSIRO, Canberra, ACT, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100410710","display_name":"Zhi Zhang","orcid":"https://orcid.org/0000-0003-3604-5369"},"institutions":[{"id":"https://openalex.org/I177877127","display_name":"The University of Western Australia","ror":"https://ror.org/047272k79","country_code":"AU","type":"education","lineage":["https://openalex.org/I177877127"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Zhi Zhang","raw_affiliation_strings":["Department of Computer Science and Software Engineering, The University of Western Australia, Perth, WA, Australia"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Software Engineering, The University of Western Australia, Perth, WA, Australia","institution_ids":["https://openalex.org/I177877127"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086357020","display_name":"Alsharif Abuadbba","orcid":"https://orcid.org/0000-0001-9695-7947"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Alsharif Abuadbba","raw_affiliation_strings":["Data61, CSIRO, Canberra, ACT, Australia"],"affiliations":[{"raw_affiliation_string":"Data61, CSIRO, Canberra, ACT, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068307574","display_name":"Wei Kang","orcid":"https://orcid.org/0000-0003-0193-2654"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Wei Kang","raw_affiliation_strings":["Data61, CSIRO, Canberra, ACT, Australia"],"affiliations":[{"raw_affiliation_string":"Data61, CSIRO, Canberra, ACT, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048592388","display_name":"Anmin Fu","orcid":"https://orcid.org/0000-0002-1632-5737"},"institutions":[{"id":"https://openalex.org/I36399199","display_name":"Nanjing University of Science and Technology","ror":"https://ror.org/00xp9wg62","country_code":"CN","type":"education","lineage":["https://openalex.org/I36399199"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Anmin Fu","raw_affiliation_strings":["School of Computer Science and Engineering, Nanjing University of Science and Technology (NJUST), Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Nanjing University of Science and Technology (NJUST), Nanjing, China","institution_ids":["https://openalex.org/I36399199"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101863680","display_name":"Yansong Gao","orcid":"https://orcid.org/0000-0001-5783-2172"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Yansong Gao","raw_affiliation_strings":["Data61, CSIRO, Canberra, ACT, Australia"],"affiliations":[{"raw_affiliation_string":"Data61, CSIRO, Canberra, ACT, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5039324800"],"corresponding_institution_ids":["https://openalex.org/I36399199"],"apc_list":null,"apc_paid":null,"fwci":1.7303,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.87777778,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"19","issue":null,"first_page":"455","last_page":"468"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.941100001335144,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9114000201225281,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9924807548522949},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.8182711005210876},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7571982145309448},{"id":"https://openalex.org/keywords/mathematical-proof","display_name":"Mathematical proof","score":0.6327487826347351},{"id":"https://openalex.org/keywords/hyperparameter","display_name":"Hyperparameter","score":0.5404826402664185},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5307208299636841},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.49691322445869446},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4413706064224243},{"id":"https://openalex.org/keywords/countermeasure","display_name":"Countermeasure","score":0.42370206117630005},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4135143756866455},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.1256992220878601},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.08015680313110352}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9924807548522949},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.8182711005210876},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7571982145309448},{"id":"https://openalex.org/C108710211","wikidata":"https://www.wikidata.org/wiki/Q11538","display_name":"Mathematical proof","level":2,"score":0.6327487826347351},{"id":"https://openalex.org/C8642999","wikidata":"https://www.wikidata.org/wiki/Q4171168","display_name":"Hyperparameter","level":2,"score":0.5404826402664185},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5307208299636841},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.49691322445869446},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4413706064224243},{"id":"https://openalex.org/C21593369","wikidata":"https://www.wikidata.org/wiki/Q1032176","display_name":"Countermeasure","level":2,"score":0.42370206117630005},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4135143756866455},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.1256992220878601},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.08015680313110352},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C146978453","wikidata":"https://www.wikidata.org/wiki/Q3798668","display_name":"Aerospace engineering","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tifs.2023.3324318","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2023.3324318","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},{"id":"pmh:oai:pure.atira.dk:publications/d1a00a1f-1ce0-402a-8f9d-def870014795","is_oa":false,"landing_page_url":"https://research-repository.uwa.edu.au/en/publications/d1a00a1f-1ce0-402a-8f9d-def870014795","pdf_url":null,"source":{"id":"https://openalex.org/S4306402523","display_name":"UWA Profiles and Research Repository (University of Western Australia)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I177877127","host_organization_name":"The University of Western Australia","host_organization_lineage":["https://openalex.org/I177877127"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Qiu, H, Ma, H, Zhang, Z, Abuadbba, A, Kang, W, Fu, A & Gao, Y 2024, 'Towards A Critical Evaluation of Robustness for Deep Learning Backdoor Countermeasures', IEEE Transactions on Information Forensics and Security, vol. 19, pp. 455-468. https://doi.org/10.1109/TIFS.2023.3324318","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6200000047683716,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G5663473917","display_name":null,"funder_award_id":"62072239","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7884758391","display_name":null,"funder_award_id":"62002167","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G913869186","display_name":null,"funder_award_id":"62372236","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":48,"referenced_works":["https://openalex.org/W1686810756","https://openalex.org/W2194775991","https://openalex.org/W2549139847","https://openalex.org/W2774423163","https://openalex.org/W2913848079","https://openalex.org/W2934843808","https://openalex.org/W2942091739","https://openalex.org/W2947133760","https://openalex.org/W2947864246","https://openalex.org/W2963564844","https://openalex.org/W2966689772","https://openalex.org/W2971661634","https://openalex.org/W2986013765","https://openalex.org/W2990270730","https://openalex.org/W3034258347","https://openalex.org/W3044223678","https://openalex.org/W3112001526","https://openalex.org/W3117572899","https://openalex.org/W3119388964","https://openalex.org/W3127616799","https://openalex.org/W3128663834","https://openalex.org/W3152758407","https://openalex.org/W3175215793","https://openalex.org/W3208328782","https://openalex.org/W3215174415","https://openalex.org/W3215966579","https://openalex.org/W4221145075","https://openalex.org/W4230172274","https://openalex.org/W4252979261","https://openalex.org/W4285233920","https://openalex.org/W4287022642","https://openalex.org/W4288057793","https://openalex.org/W4289300166","https://openalex.org/W4304099366","https://openalex.org/W4383221538","https://openalex.org/W6637373629","https://openalex.org/W6746897123","https://openalex.org/W6756074407","https://openalex.org/W6756333562","https://openalex.org/W6758975236","https://openalex.org/W6766336336","https://openalex.org/W6781420246","https://openalex.org/W6784558051","https://openalex.org/W6788654946","https://openalex.org/W6803053407","https://openalex.org/W6803899221","https://openalex.org/W6809873772","https://openalex.org/W6840471665"],"related_works":["https://openalex.org/W4320031223","https://openalex.org/W3015678314","https://openalex.org/W4281902577","https://openalex.org/W4200629851","https://openalex.org/W3009072493","https://openalex.org/W4386185023","https://openalex.org/W4317672133","https://openalex.org/W3140988292","https://openalex.org/W4386080799","https://openalex.org/W4382469137"],"abstract_inverted_index":{"Since":[0],"Deep":[1],"Learning":[2],"(DL)":[3],"backdoor":[4,58,71,108,229],"attacks":[5],"have":[6,21,158],"been":[7,22],"revealed":[8],"as":[9,211,213],"one":[10,137],"of":[11,19,57,69,112,140,223,228],"the":[12,61,67,188,221,226],"most":[13],"insidious":[14],"adversarial":[15],"attacks,":[16],"a":[17,46,54],"number":[18],"countermeasures":[20,110,146,230],"developed":[23],"with":[24,180],"certain":[25],"assumptions":[26],"defined":[27],"in":[28,53,237],"their":[29,34,133,153,181,233],"respective":[30,154,182],"threat":[31,155,183],"models.":[32],"However,":[33],"robustness":[35,68,227],"is":[36,101,209],"currently":[37],"inadvertently":[38],"ignored,":[39],"which":[40,163],"can":[41,48],"introduce":[42],"severe":[43],"consequences,":[44],"e.g.,":[45],"countermeasure":[47],"be":[49],"misused":[50],"and":[51,94,121,124],"result":[52],"false":[55],"implication":[56],"detection.":[59],"For":[60],"first":[62,78],"time,":[63],"we":[64,77,103],"critically":[65],"examine":[66,132],"existing":[70],"countermeasures.":[72],"As":[73,97],"an":[74],"initial":[75],"study,":[76],"identify":[79],"five":[80],"potential":[81],"non-robust":[82,161,205,239],"failure":[83,134],"factors":[84],"including":[85,115,127],"binary":[86],"classification,":[87],"poison":[88],"rate,":[89],"model":[90],"complexity,":[91],"single-model":[92],"justification,":[93],"hyperparameter":[95],"sensitivity.":[96],"exhaustively":[98],"examining":[99],"defenses":[100],"infeasible,":[102],"instead":[104],"focus":[105],"on":[106],"influential":[107],"detection-based":[109],"consisting":[111],"model-inspection":[113],"ones":[114,126],"Neural":[116],"Cleanse":[117],"(S&P\u201919),":[118],"ABS":[119],"(CCS\u201919),":[120],"MNTD":[122],"(S&P\u201921),":[123],"data-inspection":[125],"SCAn":[128],"(USENIX":[129],"SECURITY\u201921)":[130],"to":[131,175,202,231],"cases":[135,206],"under":[136,152],"or":[138,197,216],"more":[139],"these":[141,144],"factors.":[142,190],"Although":[143],"investigated":[145],"claim":[147],"that":[148],"they":[149,157],"work":[150,219],"well":[151],"models,":[156],"inherent":[159],"unexplored":[160],"cases,":[162],"are":[164,200],"not":[165,210],"even":[166],"rooted":[167],"from":[168],"delicate":[169],"adaptive":[170],"attacks.":[171],"We":[172],"demonstrate":[173],"how":[174],"trivially":[176],"bypass":[177],"them":[178],"aligned":[179],"models":[184],"by":[185],"simply":[186],"varying":[187],"aforementioned":[189],"Particularly,":[191],"for":[192],"each":[193],"defense,":[194],"formal":[195],"proofs":[196],"empirical":[198],"studies":[199],"used":[201],"reveal":[203],"its":[204],"where":[207],"it":[208,214],"robust":[212],"claims":[215],"expects.":[217],"This":[218],"highlights":[220],"necessity":[222],"thoroughly":[224],"evaluating":[225],"avoid":[232],"misleading":[234],"security":[235],"implications":[236],"unknown":[238],"cases.":[240]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":3}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}