{"id":"https://openalex.org/W3195903209","doi":"https://doi.org/10.1145/3447548.3470812","title":"Adversarial Robustness in Deep Learning: From Practices to Theories","display_name":"Adversarial Robustness in Deep Learning: From Practices to Theories","publication_year":2021,"publication_date":"2021-08-12","ids":{"openalex":"https://openalex.org/W3195903209","doi":"https://doi.org/10.1145/3447548.3470812","mag":"3195903209"},"language":"en","primary_location":{"id":"doi:10.1145/3447548.3470812","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3447548.3470812","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery &amp; Data Mining","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5043650155","display_name":"Han Xu","orcid":"https://orcid.org/0000-0002-4016-6748"},"institutions":[{"id":"https://openalex.org/I87216513","display_name":"Michigan State University","ror":"https://ror.org/05hs6h993","country_code":"US","type":"education","lineage":["https://openalex.org/I87216513"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Han Xu","raw_affiliation_strings":["Michigan State University, East Lansing, MI, USA"],"affiliations":[{"raw_affiliation_string":"Michigan State University, East Lansing, MI, USA","institution_ids":["https://openalex.org/I87216513"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100378842","display_name":"Yaxin Li","orcid":"https://orcid.org/0000-0002-2460-5093"},"institutions":[{"id":"https://openalex.org/I87216513","display_name":"Michigan State University","ror":"https://ror.org/05hs6h993","country_code":"US","type":"education","lineage":["https://openalex.org/I87216513"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yaxin Li","raw_affiliation_strings":["Michigan State University, East Lansing, MI, USA"],"affiliations":[{"raw_affiliation_string":"Michigan State University, East Lansing, MI, USA","institution_ids":["https://openalex.org/I87216513"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100621795","display_name":"Xiaorui Liu","orcid":"https://orcid.org/0000-0001-8217-5688"},"institutions":[{"id":"https://openalex.org/I87216513","display_name":"Michigan State University","ror":"https://ror.org/05hs6h993","country_code":"US","type":"education","lineage":["https://openalex.org/I87216513"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaorui Liu","raw_affiliation_strings":["Michigan State University, East Lansing, MI, USA"],"affiliations":[{"raw_affiliation_string":"Michigan State University, East Lansing, MI, USA","institution_ids":["https://openalex.org/I87216513"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100394126","display_name":"Wentao Wang","orcid":"https://orcid.org/0000-0001-9919-7488"},"institutions":[{"id":"https://openalex.org/I87216513","display_name":"Michigan State University","ror":"https://ror.org/05hs6h993","country_code":"US","type":"education","lineage":["https://openalex.org/I87216513"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wentao Wang","raw_affiliation_strings":["Michigan State University, East Lansing, MI, USA"],"affiliations":[{"raw_affiliation_string":"Michigan State University, East Lansing, MI, USA","institution_ids":["https://openalex.org/I87216513"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5040639891","display_name":"Jiliang Tang","orcid":"https://orcid.org/0000-0001-7125-3898"},"institutions":[{"id":"https://openalex.org/I87216513","display_name":"Michigan State University","ror":"https://ror.org/05hs6h993","country_code":"US","type":"education","lineage":["https://openalex.org/I87216513"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jiliang Tang","raw_affiliation_strings":["Michigan State University, East Lansing, MI, USA"],"affiliations":[{"raw_affiliation_string":"Michigan State University, East Lansing, MI, USA","institution_ids":["https://openalex.org/I87216513"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5043650155"],"corresponding_institution_ids":["https://openalex.org/I87216513"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.11663771,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"4086","last_page":"4087"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T14117","display_name":"Integrated Circuits and Semiconductor Failure Analysis","score":0.9297999739646912,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9071999788284302,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.9606170654296875},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.809837818145752},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.7574957609176636},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.7271503210067749},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6679138541221619},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6639998555183411},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.5991136431694031},{"id":"https://openalex.org/keywords/generalization","display_name":"Generalization","score":0.5405595898628235},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5030674338340759},{"id":"https://openalex.org/keywords/field","display_name":"Field (mathematics)","score":0.42204049229621887},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.33293473720550537},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1571546494960785},{"id":"https://openalex.org/keywords/epistemology","display_name":"Epistemology","score":0.06740069389343262}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.9606170654296875},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.809837818145752},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.7574957609176636},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.7271503210067749},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6679138541221619},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6639998555183411},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.5991136431694031},{"id":"https://openalex.org/C177148314","wikidata":"https://www.wikidata.org/wiki/Q170084","display_name":"Generalization","level":2,"score":0.5405595898628235},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5030674338340759},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.42204049229621887},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.33293473720550537},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1571546494960785},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.06740069389343262},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C202444582","wikidata":"https://www.wikidata.org/wiki/Q837863","display_name":"Pure mathematics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3447548.3470812","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3447548.3470812","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery &amp; Data Mining","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":4,"referenced_works":["https://openalex.org/W2787708942","https://openalex.org/W2963857521","https://openalex.org/W2964153729","https://openalex.org/W3013520104"],"related_works":["https://openalex.org/W4320018150","https://openalex.org/W2040808657","https://openalex.org/W4239582170","https://openalex.org/W2918664383","https://openalex.org/W106056076","https://openalex.org/W4320855730","https://openalex.org/W2135200719","https://openalex.org/W2950183588","https://openalex.org/W3080754722","https://openalex.org/W4383221314"],"abstract_inverted_index":{"Deep":[0],"neural":[1],"networks":[2],"(DNNs)":[3],"have":[4,73],"achieved":[5],"unprecedented":[6],"accomplishments":[7],"in":[8],"various":[9],"machine":[10,44],"learning":[11,45,185],"tasks.":[12],"However,":[13],"recent":[14,93],"studies":[15],"demonstrate":[16],"that":[17],"DNNs":[18,164],"are":[19,26,48,135,166],"extremely":[20],"vulnerable":[21],"to":[22,120,137,147,189,196],"adversarial":[23,55,96,122,184,212],"examples.":[24],"They":[25],"manually":[27],"synthesized":[28],"input":[29],"samples":[30],"which":[31,165,187],"look":[32],"benign":[33],"but":[34,68],"can":[35,70,206],"severely":[36],"fool":[37],"the":[38,52,63,77,81,92,108,117,132,152,204,208],"prediction":[39],"of":[40,54,65,80,95,116,159,162,211,221],"DNN":[41],"models.":[42],"For":[43],"practitioners":[46],"who":[47],"applying":[49],"DNNs,":[50,170],"understanding":[51],"behavior":[53],"examples":[56,97,123],"will":[57],"not":[58],"only":[59],"help":[60,71],"them":[61,72],"improve":[62],"safety":[64],"their":[66,99,173],"models,":[67],"also":[69,129],"deeper":[74],"insights":[75],"into":[76],"working":[78],"mechanism":[79],"DNNs.":[82],"In":[83],"this":[84,198],"tutorial,":[85,203],"we":[86,111,155,179],"provide":[87],"a":[88,113,157,182,191,218],"comprehensive":[89,192],"overview":[90],"on":[91],"advances":[94],"and":[98,104,141,175,193,214,216],"countermeasures,":[100],"from":[101,168],"both":[102],"practical":[103,109],"theoretical":[105,153],"perspectives.":[106],"From":[107,151],"aspect,":[110,154],"give":[112],"detailed":[114],"introduction":[115],"popular":[118],"algorithms":[119],"generate":[121],"under":[124],"different":[125,167],"adversary's":[126],"goals.":[127],"We":[128],"discuss":[130,156],"how":[131,142],"defending":[133],"strategies":[134],"developed":[136],"resist":[138],"these":[139,149],"attacks,":[140],"new":[143],"attacks":[144,213],"come":[145],"out":[146],"break":[148],"defenses.":[150],"series":[158],"intrinsic":[160],"behaviors":[161],"robust":[163],"traditional":[169],"especially":[171],"about":[172],"optimization":[174],"generalization":[176],"properties.":[177],"Finally,":[178],"introduce":[180],"DeepRobust,":[181],"Pytorch":[183],"library":[186],"aims":[188],"build":[190],"easy-to-use":[194],"platform":[195],"foster":[197],"research":[199],"field.":[200],"Via":[201],"our":[202],"audience":[205],"grip":[207],"main":[209],"ideas":[210],"defenses":[215],"gain":[217],"deep":[219],"insight":[220],"DNN's":[222],"robustness.":[223],"The":[224],"tutorial":[225],"official":[226],"website":[227],"is":[228],"at":[229],"https://sites.google.com/view/kdd21-tutorial-adv-robust.":[230]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}