{"id":"https://openalex.org/W3089065205","doi":"https://doi.org/10.1145/3411508.3421380","title":"Where Does the Robustness Come from?","display_name":"Where Does the Robustness Come from?","publication_year":2020,"publication_date":"2020-11-02","ids":{"openalex":"https://openalex.org/W3089065205","doi":"https://doi.org/10.1145/3411508.3421380","mag":"3089065205"},"language":"en","primary_location":{"id":"doi:10.1145/3411508.3421380","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3411508.3421380","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://arxiv.org/abs/2009.13033","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5052241484","display_name":"Chang Liao","orcid":null},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Chang Liao","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore","Nanyang Technological Univ"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]},{"raw_affiliation_string":"Nanyang Technological Univ","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101535095","display_name":"Yao Cheng","orcid":"https://orcid.org/0000-0002-5781-5185"},"institutions":[{"id":"https://openalex.org/I2250955327","display_name":"Huawei Technologies (China)","ror":"https://ror.org/00cmhce21","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250955327"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yao Cheng","raw_affiliation_strings":["Huawei International, Singapore, Singapore","Huawei#TAB#"],"affiliations":[{"raw_affiliation_string":"Huawei International, Singapore, Singapore","institution_ids":[]},{"raw_affiliation_string":"Huawei#TAB#","institution_ids":["https://openalex.org/I2250955327"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089400788","display_name":"Chengfang Fang","orcid":"https://orcid.org/0000-0002-8313-0980"},"institutions":[{"id":"https://openalex.org/I2250955327","display_name":"Huawei Technologies (China)","ror":"https://ror.org/00cmhce21","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250955327"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chengfang Fang","raw_affiliation_strings":["Huawei International, Singapore, Singapore","Huawei#TAB#"],"affiliations":[{"raw_affiliation_string":"Huawei International, Singapore, Singapore","institution_ids":[]},{"raw_affiliation_string":"Huawei#TAB#","institution_ids":["https://openalex.org/I2250955327"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5026840397","display_name":"Jie Shi","orcid":"https://orcid.org/0000-0002-1760-0462"},"institutions":[{"id":"https://openalex.org/I2250955327","display_name":"Huawei Technologies (China)","ror":"https://ror.org/00cmhce21","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250955327"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jie Shi","raw_affiliation_strings":["Huawei International, Singapore, Singapore","Huawei#TAB#"],"affiliations":[{"raw_affiliation_string":"Huawei International, Singapore, Singapore","institution_ids":[]},{"raw_affiliation_string":"Huawei#TAB#","institution_ids":["https://openalex.org/I2250955327"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5052241484"],"corresponding_institution_ids":["https://openalex.org/I172675005"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.11457279,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11515","display_name":"Bacillus and Francisella bacterial research","score":0.9478999972343445,"subfield":{"id":"https://openalex.org/subfields/1312","display_name":"Molecular Biology"},"field":{"id":"https://openalex.org/fields/13","display_name":"Biochemistry, Genetics and Molecular Biology"},"domain":{"id":"https://openalex.org/domains/1","display_name":"Life Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9297000169754028,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.8911653757095337},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6782451868057251},{"id":"https://openalex.org/keywords/transferability","display_name":"Transferability","score":0.6618020534515381},{"id":"https://openalex.org/keywords/transformation","display_name":"Transformation (genetics)","score":0.4816690683364868},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.46925780177116394},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.43548792600631714},{"id":"https://openalex.org/keywords/ensemble-learning","display_name":"Ensemble learning","score":0.4340583086013794},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4013037383556366},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.3484203815460205}],"concepts":[{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.8911653757095337},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6782451868057251},{"id":"https://openalex.org/C61272859","wikidata":"https://www.wikidata.org/wiki/Q7834031","display_name":"Transferability","level":3,"score":0.6618020534515381},{"id":"https://openalex.org/C204241405","wikidata":"https://www.wikidata.org/wiki/Q461499","display_name":"Transformation (genetics)","level":3,"score":0.4816690683364868},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.46925780177116394},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.43548792600631714},{"id":"https://openalex.org/C45942800","wikidata":"https://www.wikidata.org/wiki/Q245652","display_name":"Ensemble learning","level":2,"score":0.4340583086013794},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4013037383556366},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3484203815460205},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C140331021","wikidata":"https://www.wikidata.org/wiki/Q1868104","display_name":"Logit","level":2,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3411508.3421380","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3411508.3421380","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},{"id":"mag:3089065205","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2009.13033","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null}],"best_oa_location":{"id":"mag:3089065205","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2009.13033","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.44999998807907104,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W2013938876","https://openalex.org/W2180612164","https://openalex.org/W2243397390","https://openalex.org/W2536353943","https://openalex.org/W2543927648","https://openalex.org/W2592303957","https://openalex.org/W2603766943","https://openalex.org/W2607219512","https://openalex.org/W2746600820","https://openalex.org/W2750384547","https://openalex.org/W2774644650","https://openalex.org/W2912070915","https://openalex.org/W2962710014","https://openalex.org/W2962777143","https://openalex.org/W2963207607","https://openalex.org/W2963431851","https://openalex.org/W2963542245","https://openalex.org/W2963689459","https://openalex.org/W2963857521","https://openalex.org/W2964082701","https://openalex.org/W2964153729","https://openalex.org/W2964253222","https://openalex.org/W2967540978","https://openalex.org/W2970088379","https://openalex.org/W2970504098","https://openalex.org/W2971126145","https://openalex.org/W2982756474","https://openalex.org/W2991648217","https://openalex.org/W2996058201","https://openalex.org/W2997753396","https://openalex.org/W3093201595","https://openalex.org/W3103340107","https://openalex.org/W3103836116","https://openalex.org/W3159864239","https://openalex.org/W4238837791"],"related_works":["https://openalex.org/W14430987","https://openalex.org/W14024944","https://openalex.org/W12428677","https://openalex.org/W12219208","https://openalex.org/W10715555","https://openalex.org/W6479499","https://openalex.org/W5006466","https://openalex.org/W12292379","https://openalex.org/W8267861","https://openalex.org/W11883665"],"abstract_inverted_index":{"This":[0],"paper":[1],"aims":[2],"to":[3,69,79],"provide":[4],"a":[5,55,124,137],"thorough":[6],"study":[7],"on":[8,41,93],"the":[9,12,31,42,51,72,83,90,101,116,121,132],"effectiveness":[10],"of":[11,57,85,123,126,134],"transformation-based":[13,73,105,138],"ensemble":[14,74,106,122,139],"defence":[15],"for":[16],"image":[17],"classification":[18],"and":[19,128],"its":[20],"reasons.":[21,43],"It":[22],"has":[23],"been":[24],"empirically":[25],"shown":[26],"that":[27,81],"they":[28],"can":[29],"enhance":[30],"robustness":[32,52,102,112,144],"against":[33],"evasion":[34],"attacks,":[35],"while":[36],"there":[37],"is":[38,47,54,107,113],"little":[39],"analysis":[40],"In":[44,61],"particular,":[45],"it":[46],"not":[48,141],"clear":[49],"whether":[50],"improvement":[53],"result":[56],"transformation":[58],"or":[59],"ensemble.":[60],"this":[62,110],"paper,":[63],"we":[64],"design":[65],"two":[66],"adaptive":[67],"attacks":[68],"better":[70],"evaluate":[71],"defence.":[75],"We":[76],"conduct":[77],"experiments":[78],"show":[80],"1)":[82],"transferability":[84],"adversarial":[86],"examples":[87],"exists":[88],"among":[89],"models":[91],"trained":[92],"data":[94],"records":[95],"after":[96],"different":[97],"reversible":[98],"transformations;":[99],"2)":[100],"gained":[103],"through":[104],"limited;":[108],"3)":[109],"limited":[111],"mainly":[114],"from":[115],"irreversible":[117],"transformations":[118],"rather":[119],"than":[120],"number":[125,133],"models;":[127],"4)":[129],"blindly":[130],"increasing":[131],"sub-models":[135],"in":[136],"does":[140],"bring":[142],"extra":[143],"gain.":[145]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}