{"id":"https://openalex.org/W3080189793","doi":"https://doi.org/10.1145/3394486.3403044","title":"Interpretability is a Kind of Safety: An Interpreter-based Ensemble for Adversary Defense","display_name":"Interpretability is a Kind of Safety: An Interpreter-based Ensemble for Adversary Defense","publication_year":2020,"publication_date":"2020-08-20","ids":{"openalex":"https://openalex.org/W3080189793","doi":"https://doi.org/10.1145/3394486.3403044","mag":"3080189793"},"language":"en","primary_location":{"id":"doi:10.1145/3394486.3403044","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3394486.3403044","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery &amp; Data Mining","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2304.06919","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100400846","display_name":"Jingyuan Wang","orcid":"https://orcid.org/0000-0003-0651-1592"},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jingyuan Wang","raw_affiliation_strings":["Beihang University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101208758","display_name":"Yufan Wu","orcid":null},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yufan Wu","raw_affiliation_strings":["Beihang University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100365316","display_name":"Mingxuan Li","orcid":"https://orcid.org/0009-0000-3137-0133"},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Mingxuan Li","raw_affiliation_strings":["Beihang University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100398281","display_name":"Xin Lin","orcid":"https://orcid.org/0000-0001-6913-4654"},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xin Lin","raw_affiliation_strings":["Beihang University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035293475","display_name":"Junjie Wu","orcid":"https://orcid.org/0000-0001-7650-3657"},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Junjie Wu","raw_affiliation_strings":["Beihang University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100323179","display_name":"Chao Li","orcid":"https://orcid.org/0000-0002-2391-7319"},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chao Li","raw_affiliation_strings":["Beihang University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100400846"],"corresponding_institution_ids":["https://openalex.org/I82880672"],"apc_list":null,"apc_paid":null,"fwci":1.2342,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.84205497,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"15","last_page":"24"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9509000182151794,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11948","display_name":"Machine Learning in Materials Science","score":0.9085000157356262,"subfield":{"id":"https://openalex.org/subfields/2505","display_name":"Materials Chemistry"},"field":{"id":"https://openalex.org/fields/25","display_name":"Materials Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7519450187683105},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6296300888061523},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5770915746688843},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.5138771533966064},{"id":"https://openalex.org/keywords/interpretability","display_name":"Interpretability","score":0.4834528863430023},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.46712997555732727},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4655640125274658},{"id":"https://openalex.org/keywords/workaround","display_name":"Workaround","score":0.43488967418670654},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4063718616962433}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7519450187683105},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6296300888061523},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5770915746688843},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.5138771533966064},{"id":"https://openalex.org/C2781067378","wikidata":"https://www.wikidata.org/wiki/Q17027399","display_name":"Interpretability","level":2,"score":0.4834528863430023},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.46712997555732727},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4655640125274658},{"id":"https://openalex.org/C194541083","wikidata":"https://www.wikidata.org/wiki/Q457174","display_name":"Workaround","level":2,"score":0.43488967418670654},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4063718616962433},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3394486.3403044","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3394486.3403044","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery &amp; Data Mining","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2304.06919","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2304.06919","pdf_url":"https://arxiv.org/pdf/2304.06919","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2304.06919","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2304.06919","pdf_url":"https://arxiv.org/pdf/2304.06919","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"score":0.5400000214576721,"id":"https://metadata.un.org/sdg/12","display_name":"Responsible consumption and production"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":44,"referenced_works":["https://openalex.org/W1673923490","https://openalex.org/W1686810756","https://openalex.org/W1945616565","https://openalex.org/W2108598243","https://openalex.org/W2123045220","https://openalex.org/W2194775991","https://openalex.org/W2243397390","https://openalex.org/W2570685808","https://openalex.org/W2583466634","https://openalex.org/W2594633041","https://openalex.org/W2618043096","https://openalex.org/W2619479788","https://openalex.org/W2744444739","https://openalex.org/W2750384547","https://openalex.org/W2786118190","https://openalex.org/W2808955427","https://openalex.org/W2867167548","https://openalex.org/W2940009958","https://openalex.org/W2949311987","https://openalex.org/W2949389295","https://openalex.org/W2950475205","https://openalex.org/W2950799135","https://openalex.org/W2952785130","https://openalex.org/W2962700793","https://openalex.org/W2962759300","https://openalex.org/W2962772482","https://openalex.org/W2963001136","https://openalex.org/W2963178695","https://openalex.org/W2963207607","https://openalex.org/W2963564844","https://openalex.org/W2963693747","https://openalex.org/W2963857521","https://openalex.org/W2964153729","https://openalex.org/W2965672544","https://openalex.org/W2969599988","https://openalex.org/W2971180473","https://openalex.org/W2973136764","https://openalex.org/W3000716014","https://openalex.org/W3101796500","https://openalex.org/W3103557498","https://openalex.org/W3118608800","https://openalex.org/W3125259362","https://openalex.org/W4293846201","https://openalex.org/W6785841629"],"related_works":["https://openalex.org/W4320018150","https://openalex.org/W2040808657","https://openalex.org/W4239582170","https://openalex.org/W2918664383","https://openalex.org/W3123119822","https://openalex.org/W106056076","https://openalex.org/W4320855730","https://openalex.org/W2135200719","https://openalex.org/W1986582023","https://openalex.org/W2883749686"],"abstract_inverted_index":{"While":[0],"having":[1],"achieved":[2],"great":[3],"success":[4],"in":[5,66,131],"rich":[6],"real-life":[7],"applications,":[8],"deep":[9],"neural":[10],"network":[11],"(DNN)":[12],"models":[13],"have":[14,27],"long":[15],"been":[16,28],"criticized":[17],"for":[18,119,162],"their":[19],"vulnerability":[20],"to":[21,30,55,155,200],"adversarial":[22,35,42,85,93,163],"attacks.":[23],"Tremendous":[24],"research":[25],"efforts":[26],"dedicated":[29],"mitigating":[31],"the":[32,38,81,89,101,150,179,196],"threats":[33],"of":[34,41,64,84,92,105,141,170,181,188,198],"attacks,":[36],"but":[37],"essential":[39],"trait":[40],"examples":[43],"is":[44],"not":[45],"yet":[46,53],"clear,":[47],"and":[48,58,80,95,108,129,135,191],"most":[49],"existing":[50],"methods":[51],"are":[52],"vulnerable":[54],"hybrid":[56,164],"attacks":[57,94,165,190],"suffer":[59],"from":[60],"counterattacks.":[61],"In":[62],"light":[63,97],"this,":[65],"this":[67],"paper,":[68],"we":[69],"first":[70],"reveal":[71],"a":[72,125,136,175],"gradient-based":[73],"correlation":[74],"between":[75],"sensitivity":[76],"analysis-based":[77],"DNN":[78],"interpreters":[79],"generation":[82],"process":[83,128],"examples,":[86],"which":[87],"indicates":[88],"Achilles's":[90],"heel":[91],"sheds":[96],"on":[98],"linking":[99],"together":[100],"two":[102],"long-standing":[103],"challenges":[104],"DNN:":[106],"fragility":[107],"unexplainability.":[109],"We":[110],"then":[111],"propose":[112],"an":[113,159],"interpreter-based":[114],"ensemble":[115,160],"framework":[116],"called":[117],"X-Ensemble":[118,123,148,199],"robust":[120],"adversary":[121],"defense.":[122,166],"adopts":[124],"novel":[126],"detection-rectification":[127],"features":[130],"building":[132],"multiple":[133],"sub-detectors":[134,157],"rectifier":[137],"upon":[138],"various":[139,186],"types":[140,187],"interpretation":[142],"information":[143],"toward":[144],"target":[145],"classifiers.":[146],"Moreover,":[147],"employs":[149],"Random":[151],"Forests":[152],"(RF)":[153],"model":[154],"combine":[156],"into":[158],"detector":[161],"The":[167],"non-differentiable":[168],"property":[169],"RF":[171],"further":[172],"makes":[173],"it":[174],"precious":[176],"choice":[177],"against":[178],"counterattack":[180],"adversaries.":[182],"Extensive":[183],"experiments":[184],"under":[185],"state-of-the-art":[189],"diverse":[192],"attack":[193],"scenarios":[194],"demonstrate":[195],"advantages":[197],"competitive":[201],"baseline":[202],"methods.":[203]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2020-09-01T00:00:00"}