{"id":"https://openalex.org/W3106788038","doi":"https://doi.org/10.1145/3380446.3430628","title":"R2AD: Randomization and Reconstructor-based Adversarial Defense on Deep Neural Network","display_name":"R2AD: Randomization and Reconstructor-based Adversarial Defense on Deep Neural Network","publication_year":2020,"publication_date":"2020-11-16","ids":{"openalex":"https://openalex.org/W3106788038","doi":"https://doi.org/10.1145/3380446.3430628","mag":"3106788038"},"language":"en","primary_location":{"id":"doi:10.1145/3380446.3430628","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3380446.3430628","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3380446.3430628","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2020 ACM/IEEE Workshop on Machine Learning for CAD","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3380446.3430628","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5032229403","display_name":"Marzieh Ashrafiamiri","orcid":null},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Marzieh Ashrafiamiri","raw_affiliation_strings":["University of California, Irvine, Irvine, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Irvine, Irvine, CA, USA","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047725314","display_name":"Sai Manoj Pudukotai Dinakarrao","orcid":"https://orcid.org/0000-0002-4417-2387"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sai Manoj Pudukotai Dinakarrao","raw_affiliation_strings":["George Mason University, Fairfax City, VA, USA"],"affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax City, VA, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052446318","display_name":"Amir Hosein Afandizadeh Zargari","orcid":"https://orcid.org/0000-0001-5797-3215"},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Amir Hosein Afandizadeh Zargari","raw_affiliation_strings":["University of California, Irvine, Irvine, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Irvine, Irvine, CA, USA","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002016081","display_name":"Minjun Seo","orcid":"https://orcid.org/0000-0002-0877-9261"},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Minjun Seo","raw_affiliation_strings":["University of California, Irvine, Irvine, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Irvine, Irvine, CA, USA","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008034875","display_name":"Fadi Kurdahi","orcid":"https://orcid.org/0000-0002-6982-365X"},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Fadi Kurdahi","raw_affiliation_strings":["University of California, Irvine, Irvine, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Irvine, Irvine, CA, USA","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047382437","display_name":"Houman Homayoun","orcid":"https://orcid.org/0000-0001-8904-4699"},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Houman Homayoun","raw_affiliation_strings":["University of California, Davis, Davis, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Davis, Davis, CA, USA","institution_ids":["https://openalex.org/I84218800"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5032229403"],"corresponding_institution_ids":["https://openalex.org/I204250578"],"apc_list":null,"apc_paid":null,"fwci":1.3594,"has_fulltext":true,"cited_by_count":10,"citation_normalized_percentile":{"value":0.85721013,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"21","last_page":"26"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9864000082015991,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.949400007724762,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/mnist-database","display_name":"MNIST database","score":0.8258227109909058},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8167680501937866},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7495753765106201},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.6569778919219971},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.6042782664299011},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.544860303401947},{"id":"https://openalex.org/keywords/autoencoder","display_name":"Autoencoder","score":0.47023671865463257},{"id":"https://openalex.org/keywords/noise","display_name":"Noise (video)","score":0.4606132507324219},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.4483354687690735},{"id":"https://openalex.org/keywords/random-noise","display_name":"Random noise","score":0.4410795271396637},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.42721307277679443},{"id":"https://openalex.org/keywords/artificial-noise","display_name":"Artificial noise","score":0.417414128780365},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.35826951265335083},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.2894746959209442},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.12845999002456665},{"id":"https://openalex.org/keywords/channel","display_name":"Channel (broadcasting)","score":0.12392330169677734}],"concepts":[{"id":"https://openalex.org/C190502265","wikidata":"https://www.wikidata.org/wiki/Q17069496","display_name":"MNIST database","level":3,"score":0.8258227109909058},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8167680501937866},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7495753765106201},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.6569778919219971},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.6042782664299011},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.544860303401947},{"id":"https://openalex.org/C101738243","wikidata":"https://www.wikidata.org/wiki/Q786435","display_name":"Autoencoder","level":3,"score":0.47023671865463257},{"id":"https://openalex.org/C99498987","wikidata":"https://www.wikidata.org/wiki/Q2210247","display_name":"Noise (video)","level":3,"score":0.4606132507324219},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.4483354687690735},{"id":"https://openalex.org/C2986577269","wikidata":"https://www.wikidata.org/wiki/Q11306265","display_name":"Random noise","level":2,"score":0.4410795271396637},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.42721307277679443},{"id":"https://openalex.org/C2780909371","wikidata":"https://www.wikidata.org/wiki/Q4801092","display_name":"Artificial noise","level":4,"score":0.417414128780365},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35826951265335083},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.2894746959209442},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.12845999002456665},{"id":"https://openalex.org/C127162648","wikidata":"https://www.wikidata.org/wiki/Q16858953","display_name":"Channel (broadcasting)","level":2,"score":0.12392330169677734},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C47798520","wikidata":"https://www.wikidata.org/wiki/Q190157","display_name":"Transmitter","level":3,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3380446.3430628","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3380446.3430628","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3380446.3430628","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2020 ACM/IEEE Workshop on Machine Learning for CAD","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3380446.3430628","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3380446.3430628","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3380446.3430628","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2020 ACM/IEEE Workshop on Machine Learning for CAD","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6700000166893005,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G3942271338","display_name":null,"funder_award_id":"1704859","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5347621380","display_name":null,"funder_award_id":"CCF-1704859","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3106788038.pdf","grobid_xml":"https://content.openalex.org/works/W3106788038.grobid-xml"},"referenced_works_count":27,"referenced_works":["https://openalex.org/W569478347","https://openalex.org/W2112796928","https://openalex.org/W2180612164","https://openalex.org/W2269778407","https://openalex.org/W2402144811","https://openalex.org/W2570685808","https://openalex.org/W2590523583","https://openalex.org/W2593390416","https://openalex.org/W2593892853","https://openalex.org/W2610321374","https://openalex.org/W2615926487","https://openalex.org/W2618043096","https://openalex.org/W2742947407","https://openalex.org/W2750384547","https://openalex.org/W2786118190","https://openalex.org/W2804093830","https://openalex.org/W2809457377","https://openalex.org/W2810611310","https://openalex.org/W2884001105","https://openalex.org/W2894811292","https://openalex.org/W2945698147","https://openalex.org/W2950159395","https://openalex.org/W2963207607","https://openalex.org/W2963542245","https://openalex.org/W2963857521","https://openalex.org/W2964082701","https://openalex.org/W2964153729"],"related_works":["https://openalex.org/W2912987408","https://openalex.org/W4296978181","https://openalex.org/W2937381246","https://openalex.org/W4281672036","https://openalex.org/W4313444753","https://openalex.org/W4230582276","https://openalex.org/W2618574054","https://openalex.org/W4385524141","https://openalex.org/W3018979822","https://openalex.org/W3026616975"],"abstract_inverted_index":{"Machine":[0],"learning":[1],"(ML)":[2],"has":[3,34],"been":[4,35],"widely":[5],"adopted":[6],"in":[7,57,172,258],"a":[8,54,107,128,170,186],"plethora":[9],"of":[10,39,69,82,98,117,137,148,163,175,207,227],"applications":[11],"ranging":[12],"from":[13,140],"simple":[14],"time-series":[15],"forecasting":[16],"to":[17,43,53,63,79,88,144,155,169,192,219,262],"computer":[18],"security":[19],"and":[20,151,215,235,247,270],"autonomous":[21],"systems.":[22],"Despite":[23],"the":[24,27,44,58,67,96,99,115,118,123,138,141,146,157,161,173,176,183,194,205,208,213,220,225,232,259,263],"robustness":[25],"by":[26,122,197],"ML":[28,59],"algorithms":[29],"against":[30,238],"random":[31,129],"noise,":[32],"it":[33],"shown":[36],"that":[37],"inclusion":[38],"specially":[40],"crafted":[41],"perturbations":[42],"input":[45,142,164,195],"data":[46,196],"termed":[47],"as":[48,254,256,267],"adversarial":[49,70,73,103,109,149,221,240,268],"samples":[50,71],"can":[51],"lead":[52,87],"significant":[55],"degradation":[56],"performance.":[60],"Existing":[61],"defenses":[62,265],"mitigate":[64],"or":[65,75],"minimize":[66],"impact":[68,147],"including":[72,242],"training":[74,269],"randomization":[76],"are":[77],"confined":[78],"specific":[80],"categories":[81],"adversaries,":[83],"compute-intensive":[84],"and/or":[85],"often":[86],"reduce":[89,145],"performance":[90,174,226,260],"even":[91],"without":[92],"adversaries.":[93],"To":[94,113],"overcome":[95],"shortcomings":[97],"existing":[100,264],"works":[101],"on":[102,204,231],"defense,":[104],"we":[105,125,181],"propose":[106],"two-stage":[108],"defense":[110],"technique":[111],"(R2AD).":[112],"thwart":[114],"exploitation":[116],"deep":[119],"neural":[120],"network":[121,184],"attacker,":[124],"first":[126],"include":[127],"nullification":[130],"(RNF)":[131],"layer.":[132],"The":[133,188],"RNF":[134,167],"nullifies/removes":[135],"some":[136],"features":[139,165],"randomly":[143],"noise":[150],"minimizes":[152],"attacker's":[153],"feasibility":[154],"extract":[156],"model":[158],"parameters.":[159],"However,":[160],"removal":[162],"through":[166],"leads":[168],"reduction":[171],"ML.":[177],"As":[178],"an":[179,199],"antidote,":[180],"equip":[182],"with":[185],"Reconstructor.":[187],"Reconstructor":[189],"primarily":[190],"contributes":[191],"reconstructing":[193],"utilizing":[198],"autoencoder":[200],"network,":[201],"but":[202],"based":[203],"distribution":[206],"normal":[209],"samples,":[210],"thereby":[211],"improving":[212],"performance,":[214],"also":[216],"being":[217],"robust":[218],"noise.":[222],"We":[223],"evaluated":[224],"proposed":[228],"multi-stage":[229],"R^2AD":[230],"MNIST":[233],"digits":[234],"Fashion-MNIST":[236],"datasets":[237],"multiple":[239],"attacks":[241],"FGSM,":[243],"JSMA,":[244],"BIM,":[245],"Deepfool,":[246],"CW":[248],"attacks.":[249],"Our":[250],"findings":[251],"report":[252],"improvements":[253],"high":[255],"80%":[257],"compared":[261],"such":[266],"randomization-based":[271],"defense.":[272]},"counts_by_year":[{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":4}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}