{"id":"https://openalex.org/W4289367668","doi":"https://doi.org/10.1145/3270101.3270111","title":"Stochastic Substitute Training","display_name":"Stochastic Substitute Training","publication_year":2018,"publication_date":"2018-01-15","ids":{"openalex":"https://openalex.org/W4289367668","doi":"https://doi.org/10.1145/3270101.3270111"},"language":"en","primary_location":{"id":"doi:10.1145/3270101.3270111","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3270101.3270111","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5035739274","display_name":"Mohammad Hashemi","orcid":"https://orcid.org/0000-0002-9585-6607"},"institutions":[{"id":"https://openalex.org/I188538660","display_name":"University of Colorado Boulder","ror":"https://ror.org/02ttsq026","country_code":"US","type":"education","lineage":["https://openalex.org/I188538660"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Mohammad Hashemi","raw_affiliation_strings":["University of Colorado Boulder, Boulder, CO, USA"],"affiliations":[{"raw_affiliation_string":"University of Colorado Boulder, Boulder, CO, USA","institution_ids":["https://openalex.org/I188538660"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020434662","display_name":"Greg Cusack","orcid":null},"institutions":[{"id":"https://openalex.org/I188538660","display_name":"University of Colorado Boulder","ror":"https://ror.org/02ttsq026","country_code":"US","type":"education","lineage":["https://openalex.org/I188538660"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Greg Cusack","raw_affiliation_strings":["University of Colorado Boulder, Boulder, CO, USA"],"affiliations":[{"raw_affiliation_string":"University of Colorado Boulder, Boulder, CO, USA","institution_ids":["https://openalex.org/I188538660"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5025861504","display_name":"Eric Keller","orcid":"https://orcid.org/0000-0003-2556-9394"},"institutions":[{"id":"https://openalex.org/I188538660","display_name":"University of Colorado Boulder","ror":"https://ror.org/02ttsq026","country_code":"US","type":"education","lineage":["https://openalex.org/I188538660"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Eric Keller","raw_affiliation_strings":["University of Colorado Boulder, Boulder, CO, USA"],"affiliations":[{"raw_affiliation_string":"University of Colorado Boulder, Boulder, CO, USA","institution_ids":["https://openalex.org/I188538660"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5035739274"],"corresponding_institution_ids":["https://openalex.org/I188538660"],"apc_list":null,"apc_paid":null,"fwci":0.59568738,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.7524672,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"25","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10036","display_name":"Advanced Neural Network Applications","score":0.9282000064849854,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9041000008583069,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.9642668962478638},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.8176923990249634},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7206344604492188},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.6872842907905579},{"id":"https://openalex.org/keywords/craft","display_name":"Craft","score":0.5868886709213257},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5533867478370667},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.43793195486068726},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.43049779534339905},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.42127370834350586},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.41805338859558105},{"id":"https://openalex.org/keywords/function","display_name":"Function (biology)","score":0.41457870602607727},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.39105162024497986}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.9642668962478638},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.8176923990249634},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7206344604492188},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.6872842907905579},{"id":"https://openalex.org/C2779732396","wikidata":"https://www.wikidata.org/wiki/Q2207288","display_name":"Craft","level":2,"score":0.5868886709213257},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5533867478370667},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.43793195486068726},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.43049779534339905},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.42127370834350586},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.41805338859558105},{"id":"https://openalex.org/C14036430","wikidata":"https://www.wikidata.org/wiki/Q3736076","display_name":"Function (biology)","level":2,"score":0.41457870602607727},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.39105162024497986},{"id":"https://openalex.org/C95457728","wikidata":"https://www.wikidata.org/wiki/Q309","display_name":"History","level":0,"score":0.0},{"id":"https://openalex.org/C78458016","wikidata":"https://www.wikidata.org/wiki/Q840400","display_name":"Evolutionary biology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3270101.3270111","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3270101.3270111","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G246210336","display_name":null,"funder_award_id":"1406192, 1652698, 1700527","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":38,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W1522301498","https://openalex.org/W1673923490","https://openalex.org/W1677182931","https://openalex.org/W1686810756","https://openalex.org/W1945616565","https://openalex.org/W2110889728","https://openalex.org/W2119112357","https://openalex.org/W2145339207","https://openalex.org/W2153110463","https://openalex.org/W2180612164","https://openalex.org/W2194775991","https://openalex.org/W2243397390","https://openalex.org/W2257979135","https://openalex.org/W2546571074","https://openalex.org/W2560162835","https://openalex.org/W2570685808","https://openalex.org/W2595668780","https://openalex.org/W2603766943","https://openalex.org/W2610321374","https://openalex.org/W2611576673","https://openalex.org/W2619479788","https://openalex.org/W2781800156","https://openalex.org/W2786118190","https://openalex.org/W2798302089","https://openalex.org/W2810611310","https://openalex.org/W2950468330","https://openalex.org/W2963143631","https://openalex.org/W2963542245","https://openalex.org/W2963564844","https://openalex.org/W2963744840","https://openalex.org/W2963857521","https://openalex.org/W2964082701","https://openalex.org/W2964137095","https://openalex.org/W2964197269","https://openalex.org/W3103836116","https://openalex.org/W3118608800","https://openalex.org/W4293846201"],"related_works":["https://openalex.org/W4320018150","https://openalex.org/W2040808657","https://openalex.org/W4239582170","https://openalex.org/W2918664383","https://openalex.org/W106056076","https://openalex.org/W4320855730","https://openalex.org/W2135200719","https://openalex.org/W2950183588","https://openalex.org/W3080754722","https://openalex.org/W4383221314"],"abstract_inverted_index":{"It":[0],"has":[1],"been":[2,21],"shown":[3],"that":[4,121,134,159],"adversaries":[5],"can":[6,122,147],"craft":[7,123,148,180],"example":[8],"inputs":[9,18],"to":[10,16,23,29,51,61,83,85,100,106,137,161,179],"neural":[11,27],"networks":[12],"which":[13,128,193,201],"are":[14,36],"similar":[15],"legitimate":[17],"but":[19],"have":[20,59,135],"created":[22],"purposely":[24],"cause":[25],"the":[26,31,52,102,108,155,163,177],"network":[28],"misclassify":[30],"input.":[32,53],"These":[33],"adversarial":[34,87,124,149,164,181,203],"examples":[35,125,150],"crafted,":[37],"for":[38,98,126],"example,":[39,99],"by":[40,65,187],"calculating":[41],"gradients":[42],"of":[43,76,94,154],"a":[44,55,80,118],"carefully":[45],"defined":[46],"loss":[47],"function":[48],"with":[49,142,151,166],"respect":[50],"As":[54],"countermeasure,":[56],"some":[57],"researchers":[58],"tried":[60,136],"design":[62],"robust":[63,197],"models":[64,139,195],"blocking":[66],"or":[67],"obfuscating":[68],"gradients,":[69],"even":[70],"in":[71],"white-box":[72],"settings.":[73],"Another":[74],"line":[75],"research":[77],"proposes":[78],"introducing":[79],"separate":[81],"detector":[82],"attempt":[84,160],"detect":[86,162,202],"examples.":[88,182,204],"This":[89],"approach":[90,120],"also":[91],"makes":[92],"use":[93],"gradient":[95],"obfuscation":[96],"techniques,":[97],"prevent":[101],"adversary":[103,146,170],"from":[104],"trying":[105],"fool":[107],"detector.":[109],"In":[110],"this":[111],"paper,":[112],"we":[113],"introduce":[114],"stochastic":[115],"substitute":[116],"training,":[117],"gray-box":[119],"defenses":[127,133,158,192,200],"obfuscate":[129],"gradients.":[130],"For":[131,157],"those":[132],"make":[138,194],"more":[140,196],"robust,":[141],"our":[143,167,185],"technique,":[144,168],"an":[145,169],"no":[152],"knowledge":[153],"defense.":[156],"examples,":[165],"only":[171],"needs":[172],"very":[173],"limited":[174],"information":[175],"about":[176],"defense":[178],"We":[183],"demonstrate":[184],"technique":[186],"applying":[188],"it":[189],"against":[190],"two":[191,199],"and":[198]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2022-08-02T00:00:00"}