{"id":"https://openalex.org/W2964043980","doi":"https://doi.org/10.1145/3128572.3140451","title":"Towards poisoning of deep learning algorithms with back-gradient optimization","display_name":"Towards poisoning of deep learning algorithms with back-gradient optimization","publication_year":2017,"publication_date":"2017-01-01","ids":{"openalex":"https://openalex.org/W2964043980","doi":"https://doi.org/10.1145/3128572.3140451","mag":"2964043980"},"language":"en","primary_location":{"id":"pmh:oai:iris.unica.it:11584/234543","is_oa":false,"landing_page_url":"http://hdl.handle.net/11584/234543","pdf_url":null,"source":{"id":"https://openalex.org/S4377196293","display_name":"UNICA IRIS Institutional Research Information System (University of Cagliari)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172446870","host_organization_name":"University of Cagliari","host_organization_lineage":["https://openalex.org/I172446870"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferencePaper"},"type":"article","indexed_in":[],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"MuA\u0303\u00b1oz-GonzA\u0303\u00a1lez, Luis","orcid":null},"institutions":[{"id":"https://openalex.org/I47508984","display_name":"Imperial College London","ror":"https://ror.org/041kmwe10","country_code":"GB","type":"education","lineage":["https://openalex.org/I47508984"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"MuA\u0303\u00b1oz-GonzA\u0303\u00a1lez, Luis","raw_affiliation_strings":["Imperial College, London, United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Imperial College, London, United Kingdom","institution_ids":["https://openalex.org/I47508984"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008367647","display_name":"Battista Biggio","orcid":"https://orcid.org/0000-0001-7752-509X"},"institutions":[{"id":"https://openalex.org/I172446870","display_name":"University of Cagliari","ror":"https://ror.org/003109y17","country_code":"IT","type":"education","lineage":["https://openalex.org/I172446870"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Biggio, Battista","raw_affiliation_strings":["University of Cagliari, Cagliari, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Cagliari, Cagliari, Italy","institution_ids":["https://openalex.org/I172446870"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005227623","display_name":"Ambra Demontis","orcid":"https://orcid.org/0000-0001-9318-6913"},"institutions":[{"id":"https://openalex.org/I172446870","display_name":"University of Cagliari","ror":"https://ror.org/003109y17","country_code":"IT","type":"education","lineage":["https://openalex.org/I172446870"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Demontis, Ambra","raw_affiliation_strings":["University of Cagliari, Cagliari, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Cagliari, Cagliari, Italy","institution_ids":["https://openalex.org/I172446870"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031096722","display_name":"Andrea Paudice","orcid":"https://orcid.org/0000-0003-1098-662X"},"institutions":[{"id":"https://openalex.org/I47508984","display_name":"Imperial College London","ror":"https://ror.org/041kmwe10","country_code":"GB","type":"education","lineage":["https://openalex.org/I47508984"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Paudice, Andrea","raw_affiliation_strings":["Imperial College, London, United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Imperial College, London, United Kingdom","institution_ids":["https://openalex.org/I47508984"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033678324","display_name":"Vasin Wongrassamee","orcid":null},"institutions":[{"id":"https://openalex.org/I47508984","display_name":"Imperial College London","ror":"https://ror.org/041kmwe10","country_code":"GB","type":"education","lineage":["https://openalex.org/I47508984"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Wongrassamee, Vasin","raw_affiliation_strings":["Imperial College, London, United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Imperial College, London, United Kingdom","institution_ids":["https://openalex.org/I47508984"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065619732","display_name":"Emil Lupu","orcid":"https://orcid.org/0000-0002-2844-3917"},"institutions":[{"id":"https://openalex.org/I47508984","display_name":"Imperial College London","ror":"https://ror.org/041kmwe10","country_code":"GB","type":"education","lineage":["https://openalex.org/I47508984"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Lupu, Emil C.","raw_affiliation_strings":["Imperial College, London, United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Imperial College, London, United Kingdom","institution_ids":["https://openalex.org/I47508984"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5065359946","display_name":"Fabio Roli","orcid":"https://orcid.org/0000-0003-4103-9190"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Roli, Fabio","raw_affiliation_strings":["University of Cagliari, Cagliari, United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Cagliari, Cagliari, United Kingdom","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I47508984"],"apc_list":null,"apc_paid":null,"fwci":35.5793,"has_fulltext":false,"cited_by_count":534,"citation_normalized_percentile":{"value":0.99750632,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9830999970436096,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9657999873161316,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7737421989440918},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.7737047672271729},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.7563707232475281},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.5779715776443481},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.5592171549797058},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5236470699310303},{"id":"https://openalex.org/keywords/online-machine-learning","display_name":"Online machine learning","score":0.5071525573730469},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.5070116519927979},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.49524250626564026},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.48877283930778503},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.4633026719093323},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.12343308329582214}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7737421989440918},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.7737047672271729},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.7563707232475281},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.5779715776443481},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.5592171549797058},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5236470699310303},{"id":"https://openalex.org/C115903097","wikidata":"https://www.wikidata.org/wiki/Q7094097","display_name":"Online machine learning","level":3,"score":0.5071525573730469},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.5070116519927979},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.49524250626564026},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.48877283930778503},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.4633026719093323},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.12343308329582214}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:iris.unica.it:11584/234543","is_oa":false,"landing_page_url":"http://hdl.handle.net/11584/234543","pdf_url":null,"source":{"id":"https://openalex.org/S4377196293","display_name":"UNICA IRIS Institutional Research Information System (University of Cagliari)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172446870","host_organization_name":"University of Cagliari","host_organization_lineage":["https://openalex.org/I172446870"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferencePaper"},{"id":"pmh:oai:iris.unige.it:11567/1092894","is_oa":false,"landing_page_url":"https://hdl.handle.net/11567/1092894","pdf_url":null,"source":{"id":"https://openalex.org/S4377196291","display_name":"CINECA IRIS Institutial Research Information System (University of Genoa)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I83816512","host_organization_name":"University of Genoa","host_organization_lineage":["https://openalex.org/I83816512"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":41,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W398859631","https://openalex.org/W1492810482","https://openalex.org/W1551848773","https://openalex.org/W1868018859","https://openalex.org/W1882350379","https://openalex.org/W1968998685","https://openalex.org/W2006903949","https://openalex.org/W2007562169","https://openalex.org/W2038296020","https://openalex.org/W2082190528","https://openalex.org/W2084812512","https://openalex.org/W2089103284","https://openalex.org/W2095577883","https://openalex.org/W2105037940","https://openalex.org/W2112796928","https://openalex.org/W2125908420","https://openalex.org/W2134063365","https://openalex.org/W2142544755","https://openalex.org/W2144906988","https://openalex.org/W2151298633","https://openalex.org/W2158915909","https://openalex.org/W2162552722","https://openalex.org/W2166107799","https://openalex.org/W2167421362","https://openalex.org/W2180443860","https://openalex.org/W2180612164","https://openalex.org/W2187061624","https://openalex.org/W2224750461","https://openalex.org/W2270245739","https://openalex.org/W2293844262","https://openalex.org/W2543927648","https://openalex.org/W2550109527","https://openalex.org/W2561675875","https://openalex.org/W2603766943","https://openalex.org/W2949506549","https://openalex.org/W2949780682","https://openalex.org/W2951122980","https://openalex.org/W2963207607","https://openalex.org/W2964153729","https://openalex.org/W3111818035"],"related_works":["https://openalex.org/W3048732067","https://openalex.org/W4383468834","https://openalex.org/W4283221438","https://openalex.org/W2900159906","https://openalex.org/W4384648009","https://openalex.org/W4287828318","https://openalex.org/W2406556600","https://openalex.org/W4380352238","https://openalex.org/W3126470649","https://openalex.org/W2930249865"],"abstract_inverted_index":{"A":[0],"number":[1],"of":[2,27,38,66,75,97,114,122,153],"online":[3],"services":[4],"nowadays":[5],"rely":[6],"upon":[7],"machine":[8],"learning":[9,22,52,68,131,154,165,203],"to":[10,24,49,71,80,100,118,133,140,148,190],"extract":[11],"valuable":[12],"information":[13],"from":[14],"data":[15,28,41],"collected":[16],"in":[17,34],"the":[18,25,39,45,51,72,76,82,95,112,120,130,136],"wild.":[19],"This":[20],"exposes":[21],"algorithms":[23],"threat":[26],"poisoning,":[29],"i.e.,":[30,117],"a":[31,36,63,106,150],"coordinate":[32],"attack":[33,137],"which":[35],"fraction":[37],"training":[40,87,195],"is":[42,146],"controlled":[43],"by":[44],"attacker":[46],"and":[47,163,181],"manipulated":[48],"subvert":[50],"process.":[53],"To":[54],"date,":[55],"these":[56],"attacks":[57,99],"have":[58],"been":[59],"devised":[60],"only":[61],"against":[62],"limited":[64],"class":[65,152],"binary":[67],"algorithms,":[69,155],"due":[70],"inherent":[73],"complexity":[74],"gradient-based":[77,158],"procedure":[78,132],"used":[79],"optimize":[81],"poisoning":[83,98,108,142],"points":[84],"(a.k.a.":[85],"adversarial":[86,191,194],"examples).":[88],"In":[89],"this":[90],"work,":[91],"we":[92],"first":[93],"extend":[94],"definition":[96],"multiclass":[101],"problems.":[102],"We":[103,167,185],"then":[104],"propose":[105],"novel":[107],"algorithm":[109],"based":[110],"on":[111,172],"idea":[113],"back-gradient":[115],"optimization,":[116],"compute":[119],"gradient":[121],"interest":[123],"through":[124],"automatic":[125],"differentiation,":[126],"while":[127],"also":[128,198],"reversing":[129],"drastically":[134],"reduce":[135],"complexity.":[138],"Compared":[139],"current":[141],"strategies,":[143],"our":[144],"approach":[145],"able":[147],"target":[149],"wider":[151],"trained":[156],"with":[157],"procedures,":[159],"including":[160,176],"neural":[161],"networks":[162],"deep":[164],"architectures.":[166],"empirically":[168],"evaluate":[169],"its":[170],"effectiveness":[171],"several":[173],"application":[174],"examples,":[175,193],"spam":[177],"filtering,":[178],"malware":[179],"detection,":[180],"handwritten":[182],"digit":[183],"recognition.":[184],"finally":[186],"show":[187],"that,":[188],"similarly":[189],"test":[192],"examples":[196],"can":[197],"be":[199],"transferred":[200],"across":[201],"different":[202],"algorithms.":[204]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":45},{"year":2024,"cited_by_count":72},{"year":2023,"cited_by_count":71},{"year":2022,"cited_by_count":74},{"year":2021,"cited_by_count":99},{"year":2020,"cited_by_count":84},{"year":2019,"cited_by_count":52},{"year":2018,"cited_by_count":34},{"year":2017,"cited_by_count":1}],"updated_date":"2026-05-18T08:16:58.900851","created_date":"2019-07-30T00:00:00"}