{"id":"https://openalex.org/W2983041926","doi":"https://doi.org/10.1145/3338501.3357372","title":"Analyzing the Robustness of Open-World Machine Learning","display_name":"Analyzing the Robustness of Open-World Machine Learning","publication_year":2019,"publication_date":"2019-11-08","ids":{"openalex":"https://openalex.org/W2983041926","doi":"https://doi.org/10.1145/3338501.3357372","mag":"2983041926"},"language":"en","primary_location":{"id":"doi:10.1145/3338501.3357372","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3338501.3357372","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3338501.3357372","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3338501.3357372","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011437254","display_name":"Vikash Sehwag","orcid":"https://orcid.org/0000-0001-7160-8556"},"institutions":[{"id":"https://openalex.org/I20089843","display_name":"Princeton University","ror":"https://ror.org/00hx57361","country_code":"US","type":"education","lineage":["https://openalex.org/I20089843"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Vikash Sehwag","raw_affiliation_strings":["Princeton University, Princeton, NJ, USA"],"affiliations":[{"raw_affiliation_string":"Princeton University, Princeton, NJ, USA","institution_ids":["https://openalex.org/I20089843"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003032696","display_name":"Arjun Nitin Bhagoji","orcid":"https://orcid.org/0000-0002-2803-5649"},"institutions":[{"id":"https://openalex.org/I20089843","display_name":"Princeton University","ror":"https://ror.org/00hx57361","country_code":"US","type":"education","lineage":["https://openalex.org/I20089843"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Arjun Nitin Bhagoji","raw_affiliation_strings":["Princeton University, Princeton, NJ, USA"],"affiliations":[{"raw_affiliation_string":"Princeton University, Princeton, NJ, USA","institution_ids":["https://openalex.org/I20089843"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101908173","display_name":"Liwei Song","orcid":"https://orcid.org/0000-0003-4176-590X"},"institutions":[{"id":"https://openalex.org/I20089843","display_name":"Princeton University","ror":"https://ror.org/00hx57361","country_code":"US","type":"education","lineage":["https://openalex.org/I20089843"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Liwei Song","raw_affiliation_strings":["Princeton University, Princeton, NJ, USA"],"affiliations":[{"raw_affiliation_string":"Princeton University, Princeton, NJ, USA","institution_ids":["https://openalex.org/I20089843"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5040461332","display_name":"Chawin Sitawarin","orcid":"https://orcid.org/0000-0002-4949-9661"},"institutions":[{"id":"https://openalex.org/I95457486","display_name":"University of California, Berkeley","ror":"https://ror.org/01an7q238","country_code":"US","type":"education","lineage":["https://openalex.org/I95457486"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chawin Sitawarin","raw_affiliation_strings":["University of California, Berkeley, Berkeley, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Berkeley, Berkeley, CA, USA","institution_ids":["https://openalex.org/I95457486"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089243170","display_name":"Daniel Cullina","orcid":"https://orcid.org/0000-0002-7471-2102"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Daniel Cullina","raw_affiliation_strings":["Pennsylvania State University, Centre County, PA, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, Centre County, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5110782105","display_name":"Mung Chiang","orcid":"https://orcid.org/0000-0002-8920-651X"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mung Chiang","raw_affiliation_strings":["Purdue University, West Lafayette, IN, USA"],"affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5015619835","display_name":"Prateek Mittal","orcid":"https://orcid.org/0000-0002-4057-0118"},"institutions":[{"id":"https://openalex.org/I20089843","display_name":"Princeton University","ror":"https://ror.org/00hx57361","country_code":"US","type":"education","lineage":["https://openalex.org/I20089843"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Prateek Mittal","raw_affiliation_strings":["Princeton University, Princeton, NJ, USA"],"affiliations":[{"raw_affiliation_string":"Princeton University, Princeton, NJ, USA","institution_ids":["https://openalex.org/I20089843"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5011437254"],"corresponding_institution_ids":["https://openalex.org/I20089843"],"apc_list":null,"apc_paid":null,"fwci":5.2022,"has_fulltext":true,"cited_by_count":57,"citation_normalized_percentile":{"value":0.96422085,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"105","last_page":"116"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9891999959945679,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10800","display_name":"Forensic Toxicology and Drug Analysis","score":0.916100025177002,"subfield":{"id":"https://openalex.org/subfields/3005","display_name":"Toxicology"},"field":{"id":"https://openalex.org/fields/30","display_name":"Pharmacology, Toxicology and Pharmaceutics"},"domain":{"id":"https://openalex.org/domains/1","display_name":"Life Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.8445593118667603},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.742392361164093},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6927091479301453},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.6443606019020081},{"id":"https://openalex.org/keywords/trustworthiness","display_name":"Trustworthiness","score":0.6216171383857727},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6198744773864746},{"id":"https://openalex.org/keywords/open-research","display_name":"Open research","score":0.5252903699874878},{"id":"https://openalex.org/keywords/labeled-data","display_name":"Labeled data","score":0.43797656893730164},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.4141422510147095},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.18108269572257996}],"concepts":[{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.8445593118667603},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.742392361164093},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6927091479301453},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6443606019020081},{"id":"https://openalex.org/C153701036","wikidata":"https://www.wikidata.org/wiki/Q659974","display_name":"Trustworthiness","level":2,"score":0.6216171383857727},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6198744773864746},{"id":"https://openalex.org/C2778464652","wikidata":"https://www.wikidata.org/wiki/Q309849","display_name":"Open research","level":2,"score":0.5252903699874878},{"id":"https://openalex.org/C2776145971","wikidata":"https://www.wikidata.org/wiki/Q30673951","display_name":"Labeled data","level":2,"score":0.43797656893730164},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.4141422510147095},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.18108269572257996},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3338501.3357372","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3338501.3357372","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3338501.3357372","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3338501.3357372","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3338501.3357372","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3338501.3357372","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.4399999976158142,"id":"https://metadata.un.org/sdg/17","display_name":"Partnerships for the goals"}],"awards":[{"id":"https://openalex.org/G2619300959","display_name":null,"funder_award_id":"Faculty research award","funder_id":"https://openalex.org/F4320307102","funder_display_name":"Intel Corporation"},{"id":"https://openalex.org/G2800119129","display_name":null,"funder_award_id":"CNS-1553437","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5165965387","display_name":"CAREER: Trustworthy Social Systems Using Network Science","funder_award_id":"1553437","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5272242595","display_name":null,"funder_award_id":"1642962","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5334156545","display_name":"SaTC: CORE: Medium: Collaborative: A Linguistically-Informed Approach for Measuring and Circumventing Internet Censorship","funder_award_id":"1704105","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G549728197","display_name":"CIF: Small: Collaborative Research: Analytics on Edge-labeled Hypergraphs: Limits to De-anonymization","funder_award_id":"1617286","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6461670301","display_name":null,"funder_award_id":"CNS-1704105,CNS-1553437,CIF-1617286,EARS1642962","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6894402473","display_name":null,"funder_award_id":"Fellowship","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320307102","display_name":"Intel Corporation","ror":"https://ror.org/01ek73717"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"},{"id":"https://openalex.org/F4320338281","display_name":"Army Research Office","ror":"https://ror.org/05epdh915"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2983041926.pdf","grobid_xml":"https://content.openalex.org/works/W2983041926.grobid-xml"},"referenced_works_count":64,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W1551760018","https://openalex.org/W1917989004","https://openalex.org/W1932198206","https://openalex.org/W2031342017","https://openalex.org/W2031489346","https://openalex.org/W2095577883","https://openalex.org/W2108598243","https://openalex.org/W2116400298","https://openalex.org/W2119112357","https://openalex.org/W2140609507","https://openalex.org/W2163605009","https://openalex.org/W2194775991","https://openalex.org/W2325939864","https://openalex.org/W2535873859","https://openalex.org/W2592929672","https://openalex.org/W2607219512","https://openalex.org/W2608948251","https://openalex.org/W2612445135","https://openalex.org/W2618043096","https://openalex.org/W2618169590","https://openalex.org/W2727431395","https://openalex.org/W2750384547","https://openalex.org/W2766462876","https://openalex.org/W2768899812","https://openalex.org/W2783882201","https://openalex.org/W2787496614","https://openalex.org/W2787708942","https://openalex.org/W2806075129","https://openalex.org/W2867167548","https://openalex.org/W2886462939","https://openalex.org/W2890884881","https://openalex.org/W2895097814","https://openalex.org/W2910068345","https://openalex.org/W2919115771","https://openalex.org/W2943281030","https://openalex.org/W2947099774","https://openalex.org/W2949311987","https://openalex.org/W2951883849","https://openalex.org/W2952053192","https://openalex.org/W2962835968","https://openalex.org/W2962872506","https://openalex.org/W2962943487","https://openalex.org/W2963149653","https://openalex.org/W2963207607","https://openalex.org/W2963291921","https://openalex.org/W2963382180","https://openalex.org/W2963384319","https://openalex.org/W2963431851","https://openalex.org/W2963446712","https://openalex.org/W2963557656","https://openalex.org/W2963626025","https://openalex.org/W2963693742","https://openalex.org/W2963744840","https://openalex.org/W2963857521","https://openalex.org/W2963968551","https://openalex.org/W2964137095","https://openalex.org/W2964153729","https://openalex.org/W2964253222","https://openalex.org/W3102616566","https://openalex.org/W3103185335","https://openalex.org/W3103836116","https://openalex.org/W4242177601","https://openalex.org/W4289038676"],"related_works":["https://openalex.org/W3048732067","https://openalex.org/W4383468834","https://openalex.org/W4384648009","https://openalex.org/W4303645823","https://openalex.org/W4285263558","https://openalex.org/W2900159906","https://openalex.org/W4287828318","https://openalex.org/W2406556600","https://openalex.org/W4283221438","https://openalex.org/W2899811703"],"abstract_inverted_index":{"When":[0],"deploying":[1],"machine":[2,50,181],"learning":[3,10,27,51,96,133,182],"models":[4],"in":[5,78,98,151],"real-world":[6],"applications,":[7],"an":[8,70],"open-world":[9,95,132,180],"framework":[11],"is":[12,60,73],"needed":[13],"to":[14,34,62,145],"deal":[15],"with":[16],"both":[17],"normal":[18],"in-distribution":[19,157],"inputs":[20],"and":[21,69,105,164],"undesired":[22],"out-of-distribution":[23],"(OOD)":[24],"inputs.":[25],"Open-world":[26],"frameworks":[28,97],"include":[29],"OOD":[30,58,67,114,124,170],"detectors":[31,59,115],"that":[32,112,138],"aim":[33],"discard":[35],"input":[36],"examples":[37],"which":[38],"are":[39,76],"not":[40],"from":[41],"the":[42,46,63,79,88,92,99,166],"same":[43],"distribution":[44],"as":[45],"training":[47,147],"data":[48],"of":[49,56,65,81,91,94,101,130,153,169],"classifiers.":[52],"However,":[53],"our":[54],"understanding":[55],"current":[57,113,131],"limited":[61],"setting":[64],"benign":[66,123],"data,":[68],"open":[71],"question":[72],"whether":[74],"they":[75],"robust":[77,179],"presence":[80,100],"adversaries.":[82],"In":[83],"this":[84],"paper,":[85],"we":[86,136,172],"present":[87],"first":[89],"analysis":[90],"robustness":[93],"adversaries":[102],"by":[103,120],"introducing":[104],"designing":[106],"\u00f8odAdvExamples.":[107],"Our":[108],"experimental":[109],"results":[110],"show":[111],"can":[116],"be":[117],"easily":[118],"evaded":[119],"slightly":[121],"perturbing":[122],"inputs,":[125,171],"revealing":[126],"a":[127,142,174,178],"severe":[128],"limitation":[129],"frameworks.":[134],"Furthermore,":[135],"find":[137],"\u00f8odAdvExamples":[139],"also":[140],"pose":[141],"strong":[143],"threat":[144],"adversarial":[146,158],"based":[148],"defense":[149],"methods":[150],"spite":[152],"their":[154],"effectiveness":[155],"against":[156],"attacks.":[159],"To":[160],"counteract":[161],"these":[162],"threats":[163],"ensure":[165],"trustworthy":[167],"detection":[168],"outline":[173],"preliminary":[175],"design":[176],"for":[177],"framework.":[183]},"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":13},{"year":2021,"cited_by_count":9},{"year":2020,"cited_by_count":13},{"year":2019,"cited_by_count":1}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}