{"id":"https://openalex.org/W3149938609","doi":"https://doi.org/10.1145/3450267.3450535","title":"Real-time detectors for digital and physical adversarial inputs to perception systems","display_name":"Real-time detectors for digital and physical adversarial inputs to perception systems","publication_year":2021,"publication_date":"2021-04-01","ids":{"openalex":"https://openalex.org/W3149938609","doi":"https://doi.org/10.1145/3450267.3450535","mag":"3149938609"},"language":"en","primary_location":{"id":"doi:10.1145/3450267.3450535","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3450267.3450535","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM/IEEE 12th International Conference on Cyber-Physical Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5014874021","display_name":"Yiannis Kantaros","orcid":"https://orcid.org/0000-0002-0257-7378"},"institutions":[{"id":"https://openalex.org/I36788626","display_name":"California University of Pennsylvania","ror":"https://ror.org/01spssf70","country_code":"US","type":"education","lineage":["https://openalex.org/I36788626"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yiannis Kantaros","raw_affiliation_strings":["University of Pennsylvania"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Pennsylvania","institution_ids":["https://openalex.org/I36788626"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035357485","display_name":"Taylor J. Carpenter","orcid":"https://orcid.org/0000-0002-2397-871X"},"institutions":[{"id":"https://openalex.org/I36788626","display_name":"California University of Pennsylvania","ror":"https://ror.org/01spssf70","country_code":"US","type":"education","lineage":["https://openalex.org/I36788626"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Taylor Carpenter","raw_affiliation_strings":["University of Pennsylvania"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Pennsylvania","institution_ids":["https://openalex.org/I36788626"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043161001","display_name":"Kaustubh Sridhar","orcid":"https://orcid.org/0000-0002-7852-7043"},"institutions":[{"id":"https://openalex.org/I36788626","display_name":"California University of Pennsylvania","ror":"https://ror.org/01spssf70","country_code":"US","type":"education","lineage":["https://openalex.org/I36788626"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kaustubh Sridhar","raw_affiliation_strings":["University of Pennsylvania"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Pennsylvania","institution_ids":["https://openalex.org/I36788626"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101572701","display_name":"Yahan Yang","orcid":"https://orcid.org/0000-0003-3233-1720"},"institutions":[{"id":"https://openalex.org/I36788626","display_name":"California University of Pennsylvania","ror":"https://ror.org/01spssf70","country_code":"US","type":"education","lineage":["https://openalex.org/I36788626"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yahan Yang","raw_affiliation_strings":["University of Pennsylvania"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Pennsylvania","institution_ids":["https://openalex.org/I36788626"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030456600","display_name":"Insup Lee","orcid":"https://orcid.org/0000-0003-2672-1132"},"institutions":[{"id":"https://openalex.org/I36788626","display_name":"California University of Pennsylvania","ror":"https://ror.org/01spssf70","country_code":"US","type":"education","lineage":["https://openalex.org/I36788626"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Insup Lee","raw_affiliation_strings":["University of Pennsylvania"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Pennsylvania","institution_ids":["https://openalex.org/I36788626"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054356243","display_name":"James Weimer","orcid":"https://orcid.org/0000-0001-8167-9163"},"institutions":[{"id":"https://openalex.org/I36788626","display_name":"California University of Pennsylvania","ror":"https://ror.org/01spssf70","country_code":"US","type":"education","lineage":["https://openalex.org/I36788626"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"James Weimer","raw_affiliation_strings":["University of Pennsylvania"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Pennsylvania","institution_ids":["https://openalex.org/I36788626"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I36788626"],"apc_list":null,"apc_paid":null,"fwci":1.2258,"has_fulltext":false,"cited_by_count":13,"citation_normalized_percentile":{"value":0.82585861,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"67","last_page":"76"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9896000027656555,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9697999954223633,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7935211658477783},{"id":"https://openalex.org/keywords/mnist-database","display_name":"MNIST database","score":0.7624634504318237},{"id":"https://openalex.org/keywords/detector","display_name":"Detector","score":0.7583935260772705},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6539192199707031},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6409117579460144},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5865857601165771},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.4872197210788727},{"id":"https://openalex.org/keywords/perception","display_name":"Perception","score":0.46136990189552307},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4291457235813141},{"id":"https://openalex.org/keywords/computer-vision","display_name":"Computer vision","score":0.40882590413093567},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.3658931255340576},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.32814711332321167}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7935211658477783},{"id":"https://openalex.org/C190502265","wikidata":"https://www.wikidata.org/wiki/Q17069496","display_name":"MNIST database","level":3,"score":0.7624634504318237},{"id":"https://openalex.org/C94915269","wikidata":"https://www.wikidata.org/wiki/Q1834857","display_name":"Detector","level":2,"score":0.7583935260772705},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6539192199707031},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6409117579460144},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5865857601165771},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.4872197210788727},{"id":"https://openalex.org/C26760741","wikidata":"https://www.wikidata.org/wiki/Q160402","display_name":"Perception","level":2,"score":0.46136990189552307},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4291457235813141},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.40882590413093567},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.3658931255340576},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.32814711332321167},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.0},{"id":"https://openalex.org/C169760540","wikidata":"https://www.wikidata.org/wiki/Q207011","display_name":"Neuroscience","level":1,"score":0.0},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3450267.3450535","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3450267.3450535","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM/IEEE 12th International Conference on Cyber-Physical Systems","raw_type":"proceedings-article"},{"id":"pmh:oai:repository.upenn.edu:20.500.14332/6956","is_oa":false,"landing_page_url":"https://repository.upenn.edu/handle/20.500.14332/6956","pdf_url":null,"source":{"id":"https://openalex.org/S4306402083","display_name":"ScholarlyCommons (University of Pennsylvania)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79576946","host_organization_name":"University of Pennsylvania","host_organization_lineage":["https://openalex.org/I79576946"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"published","raw_type":"Presentation"},{"id":"pmh:oai:repository.upenn.edu:cis_papers-1918","is_oa":false,"landing_page_url":"https://repository.upenn.edu/cis_papers/873","pdf_url":null,"source":{"id":"https://openalex.org/S4377196331","display_name":"Scholarly Commons (University of Pennsylvania)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79576946","host_organization_name":"University of Pennsylvania","host_organization_lineage":["https://openalex.org/I79576946"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Departmental Papers (CIS)","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6074853558","display_name":null,"funder_award_id":"W911NF-20-1-0080","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G8519615577","display_name":null,"funder_award_id":"N00014-17-1-2012","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G8586329510","display_name":null,"funder_award_id":"FA8750-18-C-0090","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"}],"funders":[{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"},{"id":"https://openalex.org/F4320338281","display_name":"Army Research Office","ror":"https://ror.org/05epdh915"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":47,"referenced_works":["https://openalex.org/W1483870316","https://openalex.org/W1945616565","https://openalex.org/W2067713319","https://openalex.org/W2174868984","https://openalex.org/W2180612164","https://openalex.org/W2194775991","https://openalex.org/W2243397390","https://openalex.org/W2342045095","https://openalex.org/W2408141691","https://openalex.org/W2516574342","https://openalex.org/W2619479788","https://openalex.org/W2626967530","https://openalex.org/W2738001131","https://openalex.org/W2765384636","https://openalex.org/W2767831601","https://openalex.org/W2777449390","https://openalex.org/W2787496614","https://openalex.org/W2788262295","https://openalex.org/W2788848944","https://openalex.org/W2798302089","https://openalex.org/W2891257730","https://openalex.org/W2906965747","https://openalex.org/W2949311987","https://openalex.org/W2952388520","https://openalex.org/W2952477728","https://openalex.org/W2953303875","https://openalex.org/W2963037989","https://openalex.org/W2963539306","https://openalex.org/W2972262177","https://openalex.org/W2972646545","https://openalex.org/W2996230445","https://openalex.org/W3003341680","https://openalex.org/W3035182590","https://openalex.org/W3044541995","https://openalex.org/W3090855408","https://openalex.org/W4256044039","https://openalex.org/W6637162671","https://openalex.org/W6638523607","https://openalex.org/W6687483927","https://openalex.org/W6719080892","https://openalex.org/W6729756640","https://openalex.org/W6734483310","https://openalex.org/W6739651123","https://openalex.org/W6747706139","https://openalex.org/W6747749088","https://openalex.org/W6748347497","https://openalex.org/W6771955841"],"related_works":["https://openalex.org/W2950475743","https://openalex.org/W4386603768","https://openalex.org/W2886711096","https://openalex.org/W4380078352","https://openalex.org/W3046591097","https://openalex.org/W2590796488","https://openalex.org/W4389249638","https://openalex.org/W2734358244","https://openalex.org/W3015200942","https://openalex.org/W2750384547"],"abstract_inverted_index":{"Deep":[0],"neural":[1],"network":[2],"(DNN)":[3],"models":[4],"have":[5,207],"proven":[6],"to":[7,10,35,53,58],"be":[8,157],"vulnerable":[9],"adversarial":[11,33,49,168],"digital":[12],"and":[13,24,26,108,149,176,190,203],"physical":[14,177],"attacks.":[15],"In":[16,39],"this":[17],"paper,":[18],"we":[19,97,127,164],"propose":[20,165],"a":[21,79,88,137,219,224],"novel":[22],"attack-":[23],"dataset-agnostic":[25],"real-time":[27,115,160],"detector":[28,43,69,102,134,212],"for":[29,114,143],"both":[30,105,174],"types":[31],"of":[32,74,91,131,146,201],"inputs":[34],"DNN-based":[36],"perception":[37],"systems.":[38],"particular,":[40],"the":[41,46,67,72,75,92,100,129,132,144,166,186,210],"proposed":[42,68,101,133,211],"relies":[44],"on":[45,78,135,150,185,213,218],"observation":[47],"that":[48,99,117,139,155,172,194],"images":[50],"are":[51],"sensitive":[52],"certain":[54],"label-invariant":[55],"transformations.":[56],"Specifically,":[57],"determine":[59],"if":[60,71],"an":[61],"image":[62,82,93,122],"has":[63],"been":[64],"adversarially":[65],"manipulated,":[66],"checks":[70],"output":[73],"target":[76],"classifier":[77],"given":[80],"input":[81],"changes":[83],"significantly":[84],"after":[85],"feeding":[86],"it":[87,112],"transformed":[89],"version":[90],"under":[94,228],"investigation.":[95],"Moreover,":[96],"show":[98,193],"is":[103,140],"computationally-light":[104],"at":[106],"runtime":[107],"design-time":[109],"which":[110],"makes":[111],"suitable":[113],"applications":[116],"may":[118,156],"also":[119,208],"involve":[120],"large-scale":[121],"domains.":[123],"To":[124],"highlight":[125],"this,":[126],"demonstrate":[128],"efficiency":[130],"ImageNet,":[136,189],"task":[138],"computationally":[141],"challenging":[142],"majority":[145],"relevant":[147],"defenses,":[148],"physically":[151],"attacked":[152],"traffic":[153,178],"signs":[154],"encountered":[158],"in":[159,199],"autonomy":[161],"applications.":[162],"Finally,":[163],"first":[167],"dataset,":[169],"called":[170],"AdvNet":[171,191],"includes":[173],"clean":[175],"sign":[179],"images.":[180],"Our":[181],"extensive":[182],"comparative":[183],"experiments":[184],"MNIST,":[187],"CIFAR10,":[188],"datasets":[192],"VisionGuard":[195],"outperforms":[196],"existing":[197],"defenses":[198],"terms":[200],"scalability":[202],"detection":[204],"performance.":[205],"We":[206],"evaluated":[209],"field":[214],"test":[215],"data":[216],"obtained":[217],"moving":[220],"vehicle":[221],"equipped":[222],"with":[223],"perception-based":[225],"DNN":[226],"being":[227],"attack.":[229]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":4}],"updated_date":"2026-07-02T09:51:11.867554","created_date":"2025-10-10T00:00:00"}
