{"id":"https://openalex.org/W4380607137","doi":"https://doi.org/10.1109/tnnls.2023.3281872","title":"On the Effectiveness of Adversarial Training Against Backdoor Attacks","display_name":"On the Effectiveness of Adversarial Training Against Backdoor Attacks","publication_year":2023,"publication_date":"2023-06-14","ids":{"openalex":"https://openalex.org/W4380607137","doi":"https://doi.org/10.1109/tnnls.2023.3281872","pmid":"https://pubmed.ncbi.nlm.nih.gov/37314915"},"language":"en","primary_location":{"id":"doi:10.1109/tnnls.2023.3281872","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnnls.2023.3281872","pdf_url":null,"source":{"id":"https://openalex.org/S4210175523","display_name":"IEEE Transactions on Neural Networks and Learning Systems","issn_l":"2162-237X","issn":["2162-237X","2162-2388"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Neural Networks and Learning Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","pubmed"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101902398","display_name":"Yinghua Gao","orcid":"https://orcid.org/0000-0002-7158-2613"},"institutions":[{"id":"https://openalex.org/I3131625388","display_name":"University Town of Shenzhen","ror":"https://ror.org/05f5j6225","country_code":"CN","type":"education","lineage":["https://openalex.org/I3131625388"]},{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yinghua Gao","raw_affiliation_strings":["Shenzhen International Graduate School, Tsinghua University, Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"Shenzhen International Graduate School, Tsinghua University, Shenzhen, China","institution_ids":["https://openalex.org/I3131625388","https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052115680","display_name":"Dongxian Wu","orcid":null},"institutions":[{"id":"https://openalex.org/I14396692","display_name":"Tokyo University of Information Sciences","ror":"https://ror.org/044bdx604","country_code":"JP","type":"education","lineage":["https://openalex.org/I14396692"]},{"id":"https://openalex.org/I74801974","display_name":"The University of Tokyo","ror":"https://ror.org/057zh3y96","country_code":"JP","type":"education","lineage":["https://openalex.org/I74801974"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Dongxian Wu","raw_affiliation_strings":["Department of Complexity Science and Engineering, The University of Tokyo, Chiba, Japan"],"affiliations":[{"raw_affiliation_string":"Department of Complexity Science and Engineering, The University of Tokyo, Chiba, Japan","institution_ids":["https://openalex.org/I14396692","https://openalex.org/I74801974"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100749004","display_name":"Jingfeng Zhang","orcid":"https://orcid.org/0000-0003-3491-8074"},"institutions":[{"id":"https://openalex.org/I4210126580","display_name":"RIKEN Center for Advanced Intelligence Project","ror":"https://ror.org/03ckxwf91","country_code":"JP","type":"facility","lineage":["https://openalex.org/I4210110652","https://openalex.org/I4210126580"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Jingfeng Zhang","raw_affiliation_strings":["RIKEN Center for Advanced Intelligence Project (AIP), Tokyo, Japan"],"affiliations":[{"raw_affiliation_string":"RIKEN Center for Advanced Intelligence Project (AIP), Tokyo, Japan","institution_ids":["https://openalex.org/I4210126580"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078590086","display_name":"Guanhao Gan","orcid":null},"institutions":[{"id":"https://openalex.org/I3131625388","display_name":"University Town of Shenzhen","ror":"https://ror.org/05f5j6225","country_code":"CN","type":"education","lineage":["https://openalex.org/I3131625388"]},{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Guanhao Gan","raw_affiliation_strings":["Shenzhen International Graduate School, Tsinghua University, Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"Shenzhen International Graduate School, Tsinghua University, Shenzhen, China","institution_ids":["https://openalex.org/I3131625388","https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034104790","display_name":"Shu\u2010Tao Xia","orcid":"https://orcid.org/0000-0002-8639-982X"},"institutions":[{"id":"https://openalex.org/I3131625388","display_name":"University Town of Shenzhen","ror":"https://ror.org/05f5j6225","country_code":"CN","type":"education","lineage":["https://openalex.org/I3131625388"]},{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shu-Tao Xia","raw_affiliation_strings":["Shenzhen International Graduate School, Tsinghua University, Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"Shenzhen International Graduate School, Tsinghua University, Shenzhen, China","institution_ids":["https://openalex.org/I3131625388","https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077897263","display_name":"Gang Niu","orcid":"https://orcid.org/0000-0002-7353-5079"},"institutions":[{"id":"https://openalex.org/I4210126580","display_name":"RIKEN Center for Advanced Intelligence Project","ror":"https://ror.org/03ckxwf91","country_code":"JP","type":"facility","lineage":["https://openalex.org/I4210110652","https://openalex.org/I4210126580"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Gang Niu","raw_affiliation_strings":["RIKEN Center for Advanced Intelligence Project (AIP), Tokyo, Japan"],"affiliations":[{"raw_affiliation_string":"RIKEN Center for Advanced Intelligence Project (AIP), Tokyo, Japan","institution_ids":["https://openalex.org/I4210126580"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072744508","display_name":"Masashi Sugiyama","orcid":"https://orcid.org/0000-0001-6658-6743"},"institutions":[{"id":"https://openalex.org/I14396692","display_name":"Tokyo University of Information Sciences","ror":"https://ror.org/044bdx604","country_code":"JP","type":"education","lineage":["https://openalex.org/I14396692"]},{"id":"https://openalex.org/I4210126580","display_name":"RIKEN Center for Advanced Intelligence Project","ror":"https://ror.org/03ckxwf91","country_code":"JP","type":"facility","lineage":["https://openalex.org/I4210110652","https://openalex.org/I4210126580"]},{"id":"https://openalex.org/I74801974","display_name":"The University of Tokyo","ror":"https://ror.org/057zh3y96","country_code":"JP","type":"education","lineage":["https://openalex.org/I74801974"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Masashi Sugiyama","raw_affiliation_strings":["Department of Complexity Science and Engineering, The University of Tokyo, Chiba, Japan","RIKEN Center for Advanced Intelligence Project (AIP), Tokyo, Japan"],"affiliations":[{"raw_affiliation_string":"Department of Complexity Science and Engineering, The University of Tokyo, Chiba, Japan","institution_ids":["https://openalex.org/I14396692","https://openalex.org/I74801974"]},{"raw_affiliation_string":"RIKEN Center for Advanced Intelligence Project (AIP), Tokyo, Japan","institution_ids":["https://openalex.org/I4210126580"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5101902398"],"corresponding_institution_ids":["https://openalex.org/I3131625388","https://openalex.org/I99065089"],"apc_list":null,"apc_paid":null,"fwci":2.9574,"has_fulltext":false,"cited_by_count":17,"citation_normalized_percentile":{"value":0.92701393,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"35","issue":"10","first_page":"14878","last_page":"14888"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.978600025177002,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9776999950408936,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9987509250640869},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7490341663360596},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5222212076187134},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.49912548065185547},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.230069100856781}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9987509250640869},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7490341663360596},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5222212076187134},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.49912548065185547},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.230069100856781}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tnnls.2023.3281872","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnnls.2023.3281872","pdf_url":null,"source":{"id":"https://openalex.org/S4210175523","display_name":"IEEE Transactions on Neural Networks and Learning Systems","issn_l":"2162-237X","issn":["2162-237X","2162-2388"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Neural Networks and Learning Systems","raw_type":"journal-article"},{"id":"pmid:37314915","is_oa":false,"landing_page_url":"https://pubmed.ncbi.nlm.nih.gov/37314915","pdf_url":null,"source":{"id":"https://openalex.org/S4306525036","display_name":"PubMed","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE transactions on neural networks and learning systems","raw_type":null}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2802018518","display_name":null,"funder_award_id":"62171248","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":52,"referenced_works":["https://openalex.org/W2051434435","https://openalex.org/W2187089797","https://openalex.org/W2194775991","https://openalex.org/W2748789698","https://openalex.org/W2753783305","https://openalex.org/W2765407302","https://openalex.org/W2774423163","https://openalex.org/W2807363941","https://openalex.org/W2970335439","https://openalex.org/W2992308087","https://openalex.org/W2995271548","https://openalex.org/W3007358161","https://openalex.org/W3011700838","https://openalex.org/W3038010422","https://openalex.org/W3135766489","https://openalex.org/W3162804012","https://openalex.org/W3206773754","https://openalex.org/W4287117242","https://openalex.org/W4287322937","https://openalex.org/W4287550786","https://openalex.org/W4287998266","https://openalex.org/W4293846201","https://openalex.org/W4300250944","https://openalex.org/W6640425456","https://openalex.org/W6743581629","https://openalex.org/W6746897123","https://openalex.org/W6747473890","https://openalex.org/W6759129252","https://openalex.org/W6761664358","https://openalex.org/W6768030517","https://openalex.org/W6770897281","https://openalex.org/W6772461460","https://openalex.org/W6773424267","https://openalex.org/W6774177702","https://openalex.org/W6775361835","https://openalex.org/W6780292011","https://openalex.org/W6783646676","https://openalex.org/W6784347383","https://openalex.org/W6784426856","https://openalex.org/W6785996230","https://openalex.org/W6788455265","https://openalex.org/W6788876066","https://openalex.org/W6789325072","https://openalex.org/W6790438916","https://openalex.org/W6791834630","https://openalex.org/W6795961950","https://openalex.org/W6802862418","https://openalex.org/W6803044166","https://openalex.org/W6803053407","https://openalex.org/W6809905531","https://openalex.org/W6839936186","https://openalex.org/W6845886309"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W4320031223","https://openalex.org/W4200629851","https://openalex.org/W4281902577","https://openalex.org/W4309417370","https://openalex.org/W4292107232","https://openalex.org/W3009072493","https://openalex.org/W4386080799","https://openalex.org/W3140988292"],"abstract_inverted_index":{"Although":[0],"adversarial":[1,98],"training":[2],"(AT)":[3],"is":[4,75],"regarded":[5],"as":[6],"a":[7],"potential":[8],"defense":[9],"against":[10,45,115],"backdoor":[11,27,46,54,80,94,116],"attacks,":[12],"AT":[13,44,52,67,71],"and":[14,34,53,61,70,100],"its":[15],"variants":[16],"have":[17,23],"only":[18,76,106],"yielded":[19],"unsatisfactory":[20],"results":[21],"or":[22],"even":[24],"inversely":[25],"strengthened":[26],"attacks.":[28,55],"The":[29],"large":[30],"discrepancy":[31],"between":[32],"expectations":[33],"reality":[35],"motivates":[36],"us":[37],"to":[38,113],"thoroughly":[39],"evaluate":[40],"the":[41,59],"effectiveness":[42],"of":[43,63],"attacks":[47,117],"across":[48],"various":[49],"settings":[50],"for":[51,78,93,124],"We":[56],"find":[57],"that":[58],"type":[60],"budget":[62],"perturbations":[64,74],"used":[65],"in":[66,110],"are":[68],"important,":[69],"with":[72],"common":[73],"effective":[77],"certain":[79],"trigger":[81],"patterns.":[82],"Based":[83],"on":[84],"these":[85],"empirical":[86],"findings,":[87],"we":[88],"present":[89],"some":[90,121],"practical":[91],"suggestions":[92],"defense,":[95],"including":[96],"relaxed":[97],"perturbation":[99],"composite":[101],"AT.":[102],"This":[103],"work":[104],"not":[105],"boosts":[107],"our":[108],"confidence":[109],"AT's":[111],"ability":[112],"defend":[114],"but":[118],"also":[119],"provides":[120],"important":[122],"insights":[123],"future":[125],"research.":[126]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":5}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}