{"id":"https://openalex.org/W3173829726","doi":"https://doi.org/10.1109/tsc.2021.3090365","title":"Defending Adversarial Attacks via Semantic Feature Manipulation","display_name":"Defending Adversarial Attacks via Semantic Feature Manipulation","publication_year":2021,"publication_date":"2021-06-18","ids":{"openalex":"https://openalex.org/W3173829726","doi":"https://doi.org/10.1109/tsc.2021.3090365","mag":"3173829726"},"language":"en","primary_location":{"id":"doi:10.1109/tsc.2021.3090365","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tsc.2021.3090365","pdf_url":null,"source":{"id":"https://openalex.org/S204223317","display_name":"IEEE Transactions on Services Computing","issn_l":"1939-1374","issn":["1939-1374","2372-0204"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Services Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100400133","display_name":"Shuo Wang","orcid":"https://orcid.org/0000-0001-8938-2364"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Shuo Wang","raw_affiliation_strings":["CSIRO&#x0027;s Data61 &amp; Cybersecurity CRC, Eveleigh, NSW, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO&#x0027;s Data61 &amp; Cybersecurity CRC, Eveleigh, NSW, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082256444","display_name":"\u202aSurya Nepal\u202c","orcid":"https://orcid.org/0000-0002-3289-6599"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Surya Nepal","raw_affiliation_strings":["CSIRO&#x0027;s Data61 &amp; Cybersecurity CRC, Eveleigh, NSW, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO&#x0027;s Data61 &amp; Cybersecurity CRC, Eveleigh, NSW, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086593836","display_name":"Carsten Rudolph","orcid":"https://orcid.org/0000-0001-9050-5675"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Carsten Rudolph","raw_affiliation_strings":["Faculty of Information Technology, Monash University, Melbourne, VIC, Australia"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Monash University, Melbourne, VIC, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058516861","display_name":"Marthie Grobler","orcid":"https://orcid.org/0000-0001-6933-0145"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Marthie Grobler","raw_affiliation_strings":["CSIRO&#x0027;s Data61 &amp; Cybersecurity CRC, Eveleigh, NSW, Australia"],"affiliations":[{"raw_affiliation_string":"CSIRO&#x0027;s Data61 &amp; Cybersecurity CRC, Eveleigh, NSW, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059005780","display_name":"Shangyu Chen","orcid":"https://orcid.org/0000-0002-3768-5715"},"institutions":[{"id":"https://openalex.org/I165779595","display_name":"The University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Shangyu Chen","raw_affiliation_strings":["University of Melbourne, Melbourne, VIC, Australia"],"affiliations":[{"raw_affiliation_string":"University of Melbourne, Melbourne, VIC, Australia","institution_ids":["https://openalex.org/I165779595"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088531741","display_name":"Tianle Chen","orcid":"https://orcid.org/0009-0000-5930-0145"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Tianle Chen","raw_affiliation_strings":["Faculty of Information Technology, Monash University, Melbourne, VIC, Australia"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Monash University, Melbourne, VIC, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5071395191","display_name":"Zike An","orcid":null},"institutions":[{"id":"https://openalex.org/I141945490","display_name":"University of British Columbia","ror":"https://ror.org/03rmrcq20","country_code":"CA","type":"education","lineage":["https://openalex.org/I141945490"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Zike An","raw_affiliation_strings":["University of British Columbia, Vancouver, BC, Canada"],"affiliations":[{"raw_affiliation_string":"University of British Columbia, Vancouver, BC, Canada","institution_ids":["https://openalex.org/I141945490"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5100400133"],"corresponding_institution_ids":["https://openalex.org/I1292875679","https://openalex.org/I42894916"],"apc_list":null,"apc_paid":null,"fwci":1.0877,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.81589846,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"15","issue":"6","first_page":"3184","last_page":"3197"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9409000277519226,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9401000142097473,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8510144948959351},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7822601795196533},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6491597890853882},{"id":"https://openalex.org/keywords/autoencoder","display_name":"Autoencoder","score":0.5675680041313171},{"id":"https://openalex.org/keywords/transferability","display_name":"Transferability","score":0.5546073317527771},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.5093415975570679},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.48208481073379517},{"id":"https://openalex.org/keywords/intuition","display_name":"Intuition","score":0.4768475294113159},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.42775222659111023},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.29289305210113525}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8510144948959351},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7822601795196533},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6491597890853882},{"id":"https://openalex.org/C101738243","wikidata":"https://www.wikidata.org/wiki/Q786435","display_name":"Autoencoder","level":3,"score":0.5675680041313171},{"id":"https://openalex.org/C61272859","wikidata":"https://www.wikidata.org/wiki/Q7834031","display_name":"Transferability","level":3,"score":0.5546073317527771},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.5093415975570679},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.48208481073379517},{"id":"https://openalex.org/C132010649","wikidata":"https://www.wikidata.org/wiki/Q189222","display_name":"Intuition","level":2,"score":0.4768475294113159},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.42775222659111023},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.29289305210113525},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C140331021","wikidata":"https://www.wikidata.org/wiki/Q1868104","display_name":"Logit","level":2,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tsc.2021.3090365","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tsc.2021.3090365","pdf_url":null,"source":{"id":"https://openalex.org/S204223317","display_name":"IEEE Transactions on Services Computing","issn_l":"1939-1374","issn":["1939-1374","2372-0204"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Services Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":62,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W1673923490","https://openalex.org/W1686810756","https://openalex.org/W1821462560","https://openalex.org/W1834627138","https://openalex.org/W1945616565","https://openalex.org/W2095439994","https://openalex.org/W2112796928","https://openalex.org/W2117539524","https://openalex.org/W2125908420","https://openalex.org/W2163922914","https://openalex.org/W2180612164","https://openalex.org/W2185528074","https://openalex.org/W2194775991","https://openalex.org/W2243397390","https://openalex.org/W2296452361","https://openalex.org/W2556467266","https://openalex.org/W2570685808","https://openalex.org/W2618043096","https://openalex.org/W2750384547","https://openalex.org/W2753738274","https://openalex.org/W2785519580","https://openalex.org/W2788848944","https://openalex.org/W2804084874","https://openalex.org/W2807108439","https://openalex.org/W2906298613","https://openalex.org/W2950468330","https://openalex.org/W2963564844","https://openalex.org/W2963857521","https://openalex.org/W2964082701","https://openalex.org/W2964197269","https://openalex.org/W2974383094","https://openalex.org/W2983219069","https://openalex.org/W3035182590","https://openalex.org/W3088362263","https://openalex.org/W3099088591","https://openalex.org/W3101202235","https://openalex.org/W3103836116","https://openalex.org/W3122061855","https://openalex.org/W4297573953","https://openalex.org/W4300511536","https://openalex.org/W4301206121","https://openalex.org/W4394663350","https://openalex.org/W6637162671","https://openalex.org/W6637373629","https://openalex.org/W6638523607","https://openalex.org/W6640425456","https://openalex.org/W6719080892","https://openalex.org/W6730333270","https://openalex.org/W6731927902","https://openalex.org/W6733645847","https://openalex.org/W6734787559","https://openalex.org/W6743688258","https://openalex.org/W6744627333","https://openalex.org/W6748204703","https://openalex.org/W6748223763","https://openalex.org/W6751445234","https://openalex.org/W6751982602","https://openalex.org/W6765779288","https://openalex.org/W6780507278","https://openalex.org/W6864274290","https://openalex.org/W6929233984"],"related_works":["https://openalex.org/W4288055406","https://openalex.org/W3137894200","https://openalex.org/W3092178728","https://openalex.org/W4226402597","https://openalex.org/W4200630034","https://openalex.org/W3132910851","https://openalex.org/W4377864639","https://openalex.org/W2997056298","https://openalex.org/W2950864148","https://openalex.org/W2570685808"],"abstract_inverted_index":{"Machine":[0],"learning":[1],"models":[2],"have":[3],"demonstrated":[4],"vulnerability":[5],"to":[6,27,53,71,89,100,115,123],"adversarial":[7,13,31,67,126,163,169],"attacks,":[8],"more":[9,173],"specifically":[10],"misclassification":[11],"of":[12,46,62,82,142,146,162,188],"examples.":[14,190],"In":[15,65],"this":[16],"article,":[17],"we":[18],"propose":[19],"a":[20,47,84],"one-off":[21],"and":[22,29,36,109,134,144],"attack-agnostic":[23],"Feature":[24],"Manipulation":[25],"(FM)-Defense":[26],"detect":[28,116,158],"purify":[30,124],"examples":[32,68,127,164],"in":[33],"an":[34],"interpretable":[35],"efficient":[37],"manner.":[38],"The":[39,98],"intuition":[40],"is":[41,50,87,113,121],"that":[42,94,155,184],"the":[43,60,75,104,125,140,181,186],"classification":[44,101],"result":[45],"normal":[48],"image":[49],"generally":[51],"resistant":[52],"non-significant":[54],"intrinsic":[55],"feature":[56],"changes,":[57],"e.g.,":[58],"varying":[59,108],"thickness":[61],"handwritten":[63],"digits.":[64],"contrast,":[66],"are":[69],"sensitive":[70],"such":[72],"changes":[73],"since":[74],"perturbation":[76],"lacks":[77],"transferability.":[78],"To":[79],"enable":[80],"manipulation":[81],"features,":[83],"Combo-variational":[85],"autoencoder":[86],"applied":[88],"learn":[90],"disentangled":[91],"latent":[92,111],"codes":[93],"reveal":[95],"semantic":[96],"features.":[97,136],"resistance":[99],"change":[102],"over":[103],"morphs,":[105],"derived":[106],"by":[107,131,166],"reconstructing":[110],"codes,":[112],"used":[114],"suspicious":[117,182],"inputs.":[118],"Furthermore,":[119],"Combo-VAE":[120],"enhanced":[122],"with":[128],"good":[129],"quality":[130,145],"considering":[132],"class-shared":[133],"class-unique":[135],"We":[137],"empirically":[138],"demonstrate":[139],"effectiveness":[141],"detection":[143],"purified":[147],"instances.":[148],"Our":[149],"experiments":[150],"on":[151,180],"three":[152],"datasets":[153],"show":[154],"FM-Defense":[156],"can":[157],"nearly":[159],"100":[160],"percent":[161,176],"produced":[165],"different":[167],"state-of-the-art":[168],"attacks.":[170],"It":[171],"achieves":[172],"than":[174],"99":[175],"overall":[177],"purification":[178],"accuracy":[179],"instances":[183],"close":[185],"manifold":[187],"clean":[189]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}