{"id":"https://openalex.org/W3204379741","doi":"https://doi.org/10.1145/3485832.3485904","title":"Two Souls in an Adversarial Image: Towards Universal Adversarial Example Detection using Multi-view Inconsistency","display_name":"Two Souls in an Adversarial Image: Towards Universal Adversarial Example Detection using Multi-view Inconsistency","publication_year":2021,"publication_date":"2021-12-06","ids":{"openalex":"https://openalex.org/W3204379741","doi":"https://doi.org/10.1145/3485832.3485904","mag":"3204379741"},"language":"en","primary_location":{"id":"doi:10.1145/3485832.3485904","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3485832.3485904","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3485832.3485904","source":{"id":"https://openalex.org/S4306417673","display_name":"Annual Computer Security Applications Conference","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3485832.3485904","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5078626746","display_name":"Sohaib Kiani","orcid":"https://orcid.org/0009-0003-8842-6929"},"institutions":[{"id":"https://openalex.org/I146416000","display_name":"University of Kansas","ror":"https://ror.org/001tmjg57","country_code":"US","type":"education","lineage":["https://openalex.org/I146416000"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Sohaib Kiani","raw_affiliation_strings":["University of Kansas"],"affiliations":[{"raw_affiliation_string":"University of Kansas","institution_ids":["https://openalex.org/I146416000"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025480144","display_name":"Sana Awan","orcid":null},"institutions":[{"id":"https://openalex.org/I146416000","display_name":"University of Kansas","ror":"https://ror.org/001tmjg57","country_code":"US","type":"education","lineage":["https://openalex.org/I146416000"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sana Awan","raw_affiliation_strings":["University of Kansas"],"affiliations":[{"raw_affiliation_string":"University of Kansas","institution_ids":["https://openalex.org/I146416000"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023655697","display_name":"Chao Lan","orcid":"https://orcid.org/0000-0003-2526-7206"},"institutions":[{"id":"https://openalex.org/I8692664","display_name":"University of Oklahoma","ror":"https://ror.org/02aqsxs83","country_code":"US","type":"education","lineage":["https://openalex.org/I8692664"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chao Lan","raw_affiliation_strings":["University of Oklahoma"],"affiliations":[{"raw_affiliation_string":"University of Oklahoma","institution_ids":["https://openalex.org/I8692664"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014556254","display_name":"Fengjun Li","orcid":"https://orcid.org/0000-0003-4079-2228"},"institutions":[{"id":"https://openalex.org/I146416000","display_name":"University of Kansas","ror":"https://ror.org/001tmjg57","country_code":"US","type":"education","lineage":["https://openalex.org/I146416000"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Fengjun Li","raw_affiliation_strings":["University of Kansas, United States of America"],"affiliations":[{"raw_affiliation_string":"University of Kansas, United States of America","institution_ids":["https://openalex.org/I146416000"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5052233895","display_name":"Bo Luo","orcid":"https://orcid.org/0000-0001-8196-2436"},"institutions":[{"id":"https://openalex.org/I146416000","display_name":"University of Kansas","ror":"https://ror.org/001tmjg57","country_code":"US","type":"education","lineage":["https://openalex.org/I146416000"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bo Luo","raw_affiliation_strings":["University of Kansas, United States of America"],"affiliations":[{"raw_affiliation_string":"University of Kansas, United States of America","institution_ids":["https://openalex.org/I146416000"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5078626746"],"corresponding_institution_ids":["https://openalex.org/I146416000"],"apc_list":null,"apc_paid":null,"fwci":0.8882,"has_fulltext":true,"cited_by_count":13,"citation_normalized_percentile":{"value":0.774122,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"31","last_page":"44"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9697999954223633,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11515","display_name":"Bacillus and Francisella bacterial research","score":0.9648000001907349,"subfield":{"id":"https://openalex.org/subfields/1312","display_name":"Molecular Biology"},"field":{"id":"https://openalex.org/fields/13","display_name":"Biochemistry, Genetics and Molecular Biology"},"domain":{"id":"https://openalex.org/domains/1","display_name":"Life Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.9066108465194702},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7575787901878357},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6930218935012817},{"id":"https://openalex.org/keywords/pixel","display_name":"Pixel","score":0.6645058393478394},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.6533826589584351},{"id":"https://openalex.org/keywords/image","display_name":"Image (mathematics)","score":0.5292864441871643},{"id":"https://openalex.org/keywords/computer-vision","display_name":"Computer vision","score":0.4662818908691406},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.4479755461215973},{"id":"https://openalex.org/keywords/detector","display_name":"Detector","score":0.4271474778652191},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.39613229036331177},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.32181376218795776}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.9066108465194702},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7575787901878357},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6930218935012817},{"id":"https://openalex.org/C160633673","wikidata":"https://www.wikidata.org/wiki/Q355198","display_name":"Pixel","level":2,"score":0.6645058393478394},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.6533826589584351},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.5292864441871643},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.4662818908691406},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.4479755461215973},{"id":"https://openalex.org/C94915269","wikidata":"https://www.wikidata.org/wiki/Q1834857","display_name":"Detector","level":2,"score":0.4271474778652191},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.39613229036331177},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.32181376218795776},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3485832.3485904","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3485832.3485904","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3485832.3485904","source":{"id":"https://openalex.org/S4306417673","display_name":"Annual Computer Security Applications Conference","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Annual Computer Security Applications Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2109.12459","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2109.12459","pdf_url":"https://arxiv.org/pdf/2109.12459","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/3485832.3485904","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3485832.3485904","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3485832.3485904","source":{"id":"https://openalex.org/S4306417673","display_name":"Annual Computer Security Applications Conference","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/10","score":0.5199999809265137,"display_name":"Reduced inequalities"}],"awards":[{"id":"https://openalex.org/G2964244014","display_name":null,"funder_award_id":"DGE-1922649","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6844055625","display_name":"CRII: III: Fair Machine Learning with Restricted Access to Sensitive Personal Data","funder_award_id":"2101936","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G808396644","display_name":"NRT-HDR: Internet of Catalysis - Harnessing Data Science for Catalyst Design","funder_award_id":"1922649","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G8216956235","display_name":"SCH: INT: Collaborative Research: Privacy-Preserving Federated Transfer Learning for Early Acute Kidney Injury Risk Prediction","funder_award_id":"2014552","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3204379741.pdf","grobid_xml":"https://content.openalex.org/works/W3204379741.grobid-xml"},"referenced_works_count":98,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W107619411","https://openalex.org/W398859631","https://openalex.org/W569478347","https://openalex.org/W1581231885","https://openalex.org/W1673923490","https://openalex.org/W1932198206","https://openalex.org/W1934184906","https://openalex.org/W1945616565","https://openalex.org/W2051267297","https://openalex.org/W2067713319","https://openalex.org/W2117539524","https://openalex.org/W2140609507","https://openalex.org/W2180612164","https://openalex.org/W2243397390","https://openalex.org/W2257979135","https://openalex.org/W2267126114","https://openalex.org/W2296719434","https://openalex.org/W2401231614","https://openalex.org/W2423557781","https://openalex.org/W2512472178","https://openalex.org/W2590523583","https://openalex.org/W2593390416","https://openalex.org/W2594867206","https://openalex.org/W2605631833","https://openalex.org/W2606529538","https://openalex.org/W2607219512","https://openalex.org/W2619479788","https://openalex.org/W2622826443","https://openalex.org/W2753783305","https://openalex.org/W2754049786","https://openalex.org/W2774644650","https://openalex.org/W2783377890","https://openalex.org/W2787496614","https://openalex.org/W2796004214","https://openalex.org/W2804342109","https://openalex.org/W2810611310","https://openalex.org/W2867167548","https://openalex.org/W2890038638","https://openalex.org/W2911634294","https://openalex.org/W2911964244","https://openalex.org/W2913266441","https://openalex.org/W2914897181","https://openalex.org/W2950048339","https://openalex.org/W2950106672","https://openalex.org/W2950468330","https://openalex.org/W2950799135","https://openalex.org/W2951133631","https://openalex.org/W2953318193","https://openalex.org/W2953790959","https://openalex.org/W2962729158","https://openalex.org/W2962759300","https://openalex.org/W2962990490","https://openalex.org/W2963143631","https://openalex.org/W2963207607","https://openalex.org/W2963448658","https://openalex.org/W2963564844","https://openalex.org/W2963695663","https://openalex.org/W2963857521","https://openalex.org/W2963888996","https://openalex.org/W2964115871","https://openalex.org/W2964116600","https://openalex.org/W2964122153","https://openalex.org/W2964137095","https://openalex.org/W2964153729","https://openalex.org/W2964197269","https://openalex.org/W2964253222","https://openalex.org/W2966108112","https://openalex.org/W2970115835","https://openalex.org/W2971661634","https://openalex.org/W2981207549","https://openalex.org/W2995106777","https://openalex.org/W2996458309","https://openalex.org/W3008966268","https://openalex.org/W3024103409","https://openalex.org/W3035182590","https://openalex.org/W3080080468","https://openalex.org/W3081178496","https://openalex.org/W3096264229","https://openalex.org/W3102720581","https://openalex.org/W3103340107","https://openalex.org/W3103836116","https://openalex.org/W3109309187","https://openalex.org/W3112001526","https://openalex.org/W3112288498","https://openalex.org/W3118608800","https://openalex.org/W3131764679","https://openalex.org/W3132412896","https://openalex.org/W3156423484","https://openalex.org/W3174972444","https://openalex.org/W3203600060","https://openalex.org/W4288359148","https://openalex.org/W4293584023","https://openalex.org/W4293846201","https://openalex.org/W4297573953","https://openalex.org/W4298140072","https://openalex.org/W4302278417","https://openalex.org/W4381325153"],"related_works":["https://openalex.org/W3176659669","https://openalex.org/W2950183588","https://openalex.org/W3080754722","https://openalex.org/W4383221314","https://openalex.org/W3093978547","https://openalex.org/W2953536436","https://openalex.org/W3203790781","https://openalex.org/W4313346231","https://openalex.org/W2738001131","https://openalex.org/W4285785480"],"abstract_inverted_index":{"In":[0,31],"the":[1,9,25,60,67,71,78,100,111,118,124,128,145,148,160,176],"evasion":[2],"attacks":[3],"against":[4,202],"deep":[5],"neural":[6],"networks":[7],"(DNN),":[8],"attacker":[10],"generates":[11,93],"adversarial":[12,39,57,174,194,205],"instances":[13],"that":[14,92,134,188],"are":[15],"visually":[16,61],"indistinguishable":[17],"from":[18,99,110,123],"benign":[19],"samples":[20],"and":[21,70,106,154,168,200],"sends":[22],"them":[23],"to":[24,28,66,77,137,180],"target":[26],"DNN":[27],"trigger":[29],"misclassifications.":[30],"this":[32,140],"paper,":[33],"we":[34],"propose":[35],"a":[36,46,103,163,181],"novel":[37,47],"multi-view":[38],"image":[40,153,172],"detector,":[41],"namely":[42],"Argos,":[43],"based":[44],"on":[45],"observation.":[48],"That":[49],"is,":[50],"there":[51],"exist":[52],"two":[53,192],"\u201csouls\u201d":[54],"in":[55,196],"an":[56,88,152,171],"instance,":[58],"i.e.,":[59],"unchanged":[62],"content,":[63],"which":[64,75],"corresponds":[65,76],"true":[68],"label,":[69,105],"added":[72],"invisible":[73],"perturbation,":[74],"misclassified":[79,156],"label.":[80],"Such":[81],"inconsistencies":[82,133],"could":[83],"be":[84],"further":[85],"amplified":[86],"through":[87],"autoregressive":[89],"generative":[90],"approach":[91],"images":[94,116],"with":[95],"seed":[96],"pixels":[97],"selected":[98,104],"original":[101,125],"image,":[102],"pixel":[107],"distributions":[108],"learned":[109],"training":[112],"data.":[113],"The":[114],"generated":[115],"(i.e.,":[117],"\u201cviews\u201d)":[119],"will":[120],"deviate":[121,179],"significantly":[122,190],"one":[126],"if":[127,175],"label":[129,157],"is":[130,208],"adversarial,":[131],"demonstrating":[132],"Argos":[135,142,189],"expects":[136],"detect.":[138],"To":[139],"end,":[141],"first":[143],"amplifies":[144],"discrepancies":[146],"between":[147],"visual":[149],"content":[150],"of":[151,165],"its":[155],"induced":[158],"by":[159],"attack":[161],"using":[162],"set":[164],"regeneration":[166],"mechanisms":[167],"then":[169],"identifies":[170],"as":[173],"reproduced":[177],"views":[178],"preset":[182],"degree.":[183],"Our":[184],"experimental":[185],"results":[186],"show":[187],"outperforms":[191],"representative":[193],"detectors":[195],"both":[197],"detection":[198],"accuracy":[199],"robustness":[201],"six":[203],"well-known":[204],"attacks.":[206],"Code":[207],"available":[209],"at:":[210],"https://github.com/sohaib730/Argos-Adversarial_Detection":[211]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2}],"updated_date":"2026-04-21T08:09:41.155169","created_date":"2021-10-11T00:00:00"}