{"id":"https://openalex.org/W2789959313","doi":"https://doi.org/10.1145/3176258.3176321","title":"Server-Based Manipulation Attacks Against Machine Learning Models","display_name":"Server-Based Manipulation Attacks Against Machine Learning Models","publication_year":2018,"publication_date":"2018-03-13","ids":{"openalex":"https://openalex.org/W2789959313","doi":"https://doi.org/10.1145/3176258.3176321","mag":"2789959313"},"language":"en","primary_location":{"id":"doi:10.1145/3176258.3176321","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3176258.3176321","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5038330098","display_name":"Cong Liao","orcid":null},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Cong Liao","raw_affiliation_strings":["Pennsylvania State University, University Park, PA, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049726439","display_name":"Haoti Zhong","orcid":null},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haoti Zhong","raw_affiliation_strings":["Pennsylvania State University, University Park, PA, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101952501","display_name":"Sencun Zhu","orcid":"https://orcid.org/0000-0002-1047-7967"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sencun Zhu","raw_affiliation_strings":["Pennsylvania State University, University Park, PA, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5062519505","display_name":"Anna Squicciarini","orcid":"https://orcid.org/0000-0002-7396-1895"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Anna Squicciarini","raw_affiliation_strings":["Pennsylvania State University, University Park, PA, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5038330098"],"corresponding_institution_ids":["https://openalex.org/I130769515"],"apc_list":null,"apc_paid":null,"fwci":0.6515,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.75542781,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"24","last_page":"34"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9950000047683716,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8699735999107361},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.7784531116485596},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.7370724081993103},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.7277413606643677},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6520944833755493},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.629604697227478},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.5934387445449829},{"id":"https://openalex.org/keywords/analytics","display_name":"Analytics","score":0.47755011916160583},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4297649562358856},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.4288296699523926},{"id":"https://openalex.org/keywords/online-machine-learning","display_name":"Online machine learning","score":0.4270378053188324},{"id":"https://openalex.org/keywords/stochastic-gradient-descent","display_name":"Stochastic gradient descent","score":0.42678302526474},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.40942278504371643},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.235009104013443},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1806964874267578},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.17788797616958618}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8699735999107361},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.7784531116485596},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.7370724081993103},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.7277413606643677},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6520944833755493},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.629604697227478},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.5934387445449829},{"id":"https://openalex.org/C79158427","wikidata":"https://www.wikidata.org/wiki/Q485396","display_name":"Analytics","level":2,"score":0.47755011916160583},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4297649562358856},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.4288296699523926},{"id":"https://openalex.org/C115903097","wikidata":"https://www.wikidata.org/wiki/Q7094097","display_name":"Online machine learning","level":3,"score":0.4270378053188324},{"id":"https://openalex.org/C206688291","wikidata":"https://www.wikidata.org/wiki/Q7617819","display_name":"Stochastic gradient descent","level":3,"score":0.42678302526474},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.40942278504371643},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.235009104013443},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1806964874267578},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.17788797616958618}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3176258.3176321","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3176258.3176321","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G169035714","display_name":null,"funder_award_id":"CNS-1618684","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4158540093","display_name":null,"funder_award_id":"1421776","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W114517082","https://openalex.org/W155995321","https://openalex.org/W1473189865","https://openalex.org/W1968411139","https://openalex.org/W2051267297","https://openalex.org/W2083032136","https://openalex.org/W2119821739","https://openalex.org/W2160536005","https://openalex.org/W2163605009","https://openalex.org/W2169384781","https://openalex.org/W2180612164","https://openalex.org/W2243397390","https://openalex.org/W2253429366","https://openalex.org/W2350778671","https://openalex.org/W2402144811","https://openalex.org/W2406556600","https://openalex.org/W2503410159","https://openalex.org/W2542786524","https://openalex.org/W2559840118","https://openalex.org/W2603766943","https://openalex.org/W2754049786","https://openalex.org/W2774607536","https://openalex.org/W2896556344","https://openalex.org/W2952511938","https://openalex.org/W3103836116"],"related_works":["https://openalex.org/W2118190631","https://openalex.org/W2899532525","https://openalex.org/W4389775782","https://openalex.org/W4394734788","https://openalex.org/W4213079490","https://openalex.org/W2913715341","https://openalex.org/W114517082","https://openalex.org/W2165651264","https://openalex.org/W4323366756","https://openalex.org/W4285259204"],"abstract_inverted_index":{"Machine":[0],"learning":[1,42,78,111,117,149,152],"approaches":[2],"have":[3,29,166],"been":[4],"increasingly":[5],"applied":[6],"to":[7,36,58,70,82,131,178],"various":[8,26],"applications":[9],"for":[10,34],"data":[11],"analytics":[12],"(e.g.":[13],"spam":[14],"filtering,":[15],"image":[16,161],"classification).":[17],"Further,":[18],"with":[19,68],"the":[20,49,53,64,71,93,102,172,184,188],"growing":[21],"adoption":[22],"of":[23,95,187],"cloud":[24,27,54],"computing,":[25],"services":[28],"provided":[30],"an":[31,45],"efficient":[32],"way":[33],"users":[35],"train,":[37],"store":[38],"or":[39,85,150],"deploy":[40],"machine":[41,77,148],"algorithms":[43],"in":[44,52],"easy-to-use":[46],"manner.":[47],"However,":[48],"models":[50,112],"deployed":[51],"may":[55],"be":[56],"exposed":[57],"potential":[59],"malicious":[60,176],"attacks":[61,97,146,169],"launched":[62],"at":[63,101],"server":[65,72,103],"side.":[66,104],"Attackers":[67],"access":[69],"can":[73,170],"stealthily":[74],"manipulate":[75,171],"a":[76,121],"model":[79,173],"so":[80],"as":[81,98],"enable":[83],"misclassification":[84],"introduce":[86],"bias.":[87],"In":[88,119],"this":[89],"work,":[90],"we":[91],"study":[92],"problem":[94],"manipulation":[96,145],"they":[99],"occur":[100],"We":[105,143],"consider":[106],"not":[107],"only":[108],"traditional":[109],"supervised":[110],"but":[113,123],"also":[114],"state-of-the-art":[115],"deep":[116,151],"models.":[118,142],"particular,":[120],"simple":[122],"effective":[124],"gradient":[125],"descent":[126],"based":[127],"approach":[128],"is":[129],"presented":[130],"exploit":[132],"Logistic":[133],"Regression":[134],"(LR)":[135],"and":[136,159],"Convolutional":[137],"Neural":[138],"Networks":[139],"(CNN)":[140],"[16]":[141],"evaluate":[144],"against":[147],"systems":[153],"using":[154],"both":[155],"Enron":[156],"email":[157],"text":[158],"MINIST":[160],"dataset":[162],"[17].":[163],"Experimental":[164],"results":[165],"demonstrated":[167],"such":[168],"that":[174],"allows":[175],"samples":[177],"evade":[179],"detection":[180],"easily":[181],"without":[182],"compromising":[183],"overall":[185],"performance":[186],"systems.":[189]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}