{"id":"https://openalex.org/W3168062695","doi":"https://doi.org/10.1145/3433210.3453114","title":"AMEBA: An Adaptive Approach to the Black-Box Evasion of Machine Learning Models","display_name":"AMEBA: An Adaptive Approach to the Black-Box Evasion of Machine Learning Models","publication_year":2021,"publication_date":"2021-05-24","ids":{"openalex":"https://openalex.org/W3168062695","doi":"https://doi.org/10.1145/3433210.3453114","mag":"3168062695"},"language":"en","primary_location":{"id":"doi:10.1145/3433210.3453114","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3433210.3453114","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5084675121","display_name":"Stefano Calzavara","orcid":"https://orcid.org/0000-0001-9179-8270"},"institutions":[{"id":"https://openalex.org/I149461666","display_name":"Ca' Foscari University of Venice","ror":"https://ror.org/04yzxz566","country_code":"IT","type":"education","lineage":["https://openalex.org/I149461666"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Stefano Calzavara","raw_affiliation_strings":["Universit\u00e0 Ca' Foscari Venezia, Venezia, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 Ca' Foscari Venezia, Venezia, Italy","institution_ids":["https://openalex.org/I149461666"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063068141","display_name":"Lorenzo Cazzaro","orcid":"https://orcid.org/0000-0001-6479-2949"},"institutions":[{"id":"https://openalex.org/I149461666","display_name":"Ca' Foscari University of Venice","ror":"https://ror.org/04yzxz566","country_code":"IT","type":"education","lineage":["https://openalex.org/I149461666"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Lorenzo Cazzaro","raw_affiliation_strings":["Universit\u00e0 Ca' Foscari Venezia, Venezia, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 Ca' Foscari Venezia, Venezia, Italy","institution_ids":["https://openalex.org/I149461666"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5030358452","display_name":"Claudio Lucchese","orcid":"https://orcid.org/0000-0002-2545-0425"},"institutions":[{"id":"https://openalex.org/I149461666","display_name":"Ca' Foscari University of Venice","ror":"https://ror.org/04yzxz566","country_code":"IT","type":"education","lineage":["https://openalex.org/I149461666"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Claudio Lucchese","raw_affiliation_strings":["Universit\u00e0 Ca' Foscari Venezia, Venezia, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 Ca' Foscari Venezia, Venezia, Italy","institution_ids":["https://openalex.org/I149461666"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5084675121"],"corresponding_institution_ids":["https://openalex.org/I149461666"],"apc_list":null,"apc_paid":null,"fwci":0.2719,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.61724373,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"292","last_page":"306"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9663000106811523,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9575999975204468,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.8470066785812378},{"id":"https://openalex.org/keywords/black-box","display_name":"Black box","score":0.7549509406089783},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6194245219230652},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.36929064989089966},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3644428253173828},{"id":"https://openalex.org/keywords/biology","display_name":"Biology","score":0.06370192766189575}],"concepts":[{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.8470066785812378},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.7549509406089783},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6194245219230652},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.36929064989089966},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3644428253173828},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.06370192766189575},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3433210.3453114","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3433210.3453114","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:iris.unive.it:10278/3742611","is_oa":false,"landing_page_url":"http://hdl.handle.net/10278/3742611","pdf_url":null,"source":{"id":"https://openalex.org/S4306402336","display_name":"ARCA (Universit\u00e0 Ca' Foscari Venezia)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I149461666","host_organization_name":"Ca' Foscari University of Venice","host_organization_lineage":["https://openalex.org/I149461666"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7200000286102295,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":32,"referenced_works":["https://openalex.org/W3805906","https://openalex.org/W9657784","https://openalex.org/W2121863487","https://openalex.org/W2504108613","https://openalex.org/W2603766943","https://openalex.org/W2746600820","https://openalex.org/W2773446523","https://openalex.org/W2774644650","https://openalex.org/W2883285025","https://openalex.org/W2895097814","https://openalex.org/W2950864148","https://openalex.org/W2963007936","https://openalex.org/W2963070423","https://openalex.org/W2963207607","https://openalex.org/W2963744840","https://openalex.org/W2963777610","https://openalex.org/W2964153729","https://openalex.org/W2964346747","https://openalex.org/W2967540978","https://openalex.org/W2969542116","https://openalex.org/W2971126145","https://openalex.org/W2985924367","https://openalex.org/W2987337476","https://openalex.org/W2990289029","https://openalex.org/W2997591727","https://openalex.org/W3006076803","https://openalex.org/W3049502060","https://openalex.org/W3103836116","https://openalex.org/W4206275166","https://openalex.org/W4206547457","https://openalex.org/W4214717370","https://openalex.org/W4247200422"],"related_works":["https://openalex.org/W2961085424","https://openalex.org/W4306674287","https://openalex.org/W3046775127","https://openalex.org/W3107602296","https://openalex.org/W3170094116","https://openalex.org/W4386462264","https://openalex.org/W4364306694","https://openalex.org/W4312192474","https://openalex.org/W4283697347","https://openalex.org/W4210805261"],"abstract_inverted_index":{"Machine":[0],"learning":[1,147],"models":[2],"are":[3],"vulnerable":[4],"to":[5,22,37,78,81,101,141,160],"evasion":[6,55,91,144,173],"attacks,":[7],"where":[8,30],"the":[9,27,31,38,51,68,75,94,102,117,122,137,142,162],"attacker":[10,32,63,128],"starts":[11],"from":[12],"a":[13,24,45,83,113,126,152],"correctly":[14],"classified":[15],"instance":[16],"and":[17,88,120,172],"perturbs":[18],"it":[19,111],"so":[20],"as":[21,48,157],"induce":[23],"misclassification.":[25],"In":[26,131],"black-box":[28,143],"setting":[29],"only":[33],"has":[34],"query":[35,74],"access":[36],"target":[39,76,103],"model,":[40,96],"traditional":[41,185],"attack":[42,71,106,174,187],"strategies":[43],"exploit":[44],"property":[46],"known":[47,156],"transferability,":[49],"i.e.,":[50],"empirical":[52],"observation":[53],"that":[54,98,125,182],"attacks":[56,92],"often":[57],"generalize":[58],"across":[59],"different":[60],"models.":[61,148],"The":[62],"can":[64],"thus":[65],"rely":[66],"on":[67,151,179],"following":[69],"two-step":[70,186],"strategy:":[72],"(i)":[73],"model":[77,85,170],"learn":[79],"how":[80],"train":[82],"surrogate":[84,95,169],"approximating":[86],"it;":[87],"(ii)":[89],"craft":[90],"against":[93],"hoping":[97],"they":[99],"\"transfer\"":[100],"model.":[104],"This":[105],"strategy":[107],"is":[108],"sub-optimal,":[109],"because":[110],"assumes":[112],"strict":[114],"separation":[115],"of":[116,145,165],"two":[118],"steps":[119],"under-approximates":[121],"possible":[123],"actions":[124,166],"real":[127],"might":[129],"take.":[130],"this":[132],"work":[133],"we":[134],"propose":[135],"AMEBA,":[136],"first":[138],"adaptive":[139],"approach":[140],"machine":[146],"AMEBA":[149,183],"builds":[150],"well-known":[153],"optimization":[154],"problem,":[155],"Multi-Armed":[158],"Bandit,":[159],"infer":[161],"best":[163],"alternation":[164],"spent":[167],"for":[168],"training":[171],"crafting.":[175],"We":[176],"experimentally":[177],"show":[178],"public":[180],"datasets":[181],"outperforms":[184],"strategies.":[188]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2022,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}