{"id":"https://openalex.org/W4283375572","doi":"https://doi.org/10.1145/3531536.3532966","title":"Hiding Needles in a Haystack: Towards Constructing Neural Networks that Evade Verification","display_name":"Hiding Needles in a Haystack: Towards Constructing Neural Networks that Evade Verification","publication_year":2022,"publication_date":"2022-06-23","ids":{"openalex":"https://openalex.org/W4283375572","doi":"https://doi.org/10.1145/3531536.3532966"},"language":"en","primary_location":{"id":"doi:10.1145/3531536.3532966","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3531536.3532966","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Information Hiding and Multimedia Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5043014982","display_name":"\u00c1rp\u00e1d Berta","orcid":"https://orcid.org/0000-0002-4005-2273"},"institutions":[{"id":"https://openalex.org/I227486990","display_name":"University of Szeged","ror":"https://ror.org/01pnej532","country_code":"HU","type":"education","lineage":["https://openalex.org/I227486990"]}],"countries":["HU"],"is_corresponding":true,"raw_author_name":"\u00c1rp\u00e1d Berta","raw_affiliation_strings":["University of Szeged, Szeged, Hungary"],"affiliations":[{"raw_affiliation_string":"University of Szeged, Szeged, Hungary","institution_ids":["https://openalex.org/I227486990"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037746429","display_name":"G\u00e1bor Danner","orcid":"https://orcid.org/0000-0002-9983-1060"},"institutions":[{"id":"https://openalex.org/I227486990","display_name":"University of Szeged","ror":"https://ror.org/01pnej532","country_code":"HU","type":"education","lineage":["https://openalex.org/I227486990"]}],"countries":["HU"],"is_corresponding":false,"raw_author_name":"G\u00e1bor Danner","raw_affiliation_strings":["University of Szeged, Szeged, Hungary"],"affiliations":[{"raw_affiliation_string":"University of Szeged, Szeged, Hungary","institution_ids":["https://openalex.org/I227486990"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033782938","display_name":"Istv\u00e1n Heged\u0171s","orcid":"https://orcid.org/0000-0002-5356-2192"},"institutions":[{"id":"https://openalex.org/I227486990","display_name":"University of Szeged","ror":"https://ror.org/01pnej532","country_code":"HU","type":"education","lineage":["https://openalex.org/I227486990"]}],"countries":["HU"],"is_corresponding":false,"raw_author_name":"Istv\u00e1n Hegedus","raw_affiliation_strings":["University of Szeged, Szeged, Hungary"],"affiliations":[{"raw_affiliation_string":"University of Szeged, Szeged, Hungary","institution_ids":["https://openalex.org/I227486990"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054208211","display_name":"M\u00e1rk Jelasity","orcid":"https://orcid.org/0000-0001-9363-1482"},"institutions":[{"id":"https://openalex.org/I4210152167","display_name":"MTA-SZTE Research Group on Artificial Intelligence","ror":"https://ror.org/0507fk326","country_code":"HU","type":"facility","lineage":["https://openalex.org/I227486990","https://openalex.org/I4210152167","https://openalex.org/I7597260"]},{"id":"https://openalex.org/I227486990","display_name":"University of Szeged","ror":"https://ror.org/01pnej532","country_code":"HU","type":"education","lineage":["https://openalex.org/I227486990"]}],"countries":["HU"],"is_corresponding":false,"raw_author_name":"Mark Jelasity","raw_affiliation_strings":["University of Szeged &amp; ELKH SZTE Research Group on Artificial Intelligence, Szeged, Hungary"],"affiliations":[{"raw_affiliation_string":"University of Szeged &amp; ELKH SZTE Research Group on Artificial Intelligence, Szeged, Hungary","institution_ids":["https://openalex.org/I4210152167","https://openalex.org/I227486990"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5043014982"],"corresponding_institution_ids":["https://openalex.org/I227486990"],"apc_list":null,"apc_paid":null,"fwci":0.2651,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.59883998,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"51","last_page":"62"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10036","display_name":"Advanced Neural Network Applications","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9955999851226807,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/haystack","display_name":"Haystack","score":0.9583384990692139},{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9201169013977051},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7822452783584595},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6862579584121704},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.592244029045105},{"id":"https://openalex.org/keywords/subspace-topology","display_name":"Subspace topology","score":0.5869885683059692},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5364509224891663},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5080692768096924},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.43770214915275574},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.43702933192253113},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3747265636920929},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.33982014656066895},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2338787317276001}],"concepts":[{"id":"https://openalex.org/C13424479","wikidata":"https://www.wikidata.org/wiki/Q5687237","display_name":"Haystack","level":2,"score":0.9583384990692139},{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9201169013977051},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7822452783584595},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6862579584121704},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.592244029045105},{"id":"https://openalex.org/C32834561","wikidata":"https://www.wikidata.org/wiki/Q660730","display_name":"Subspace topology","level":2,"score":0.5869885683059692},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5364509224891663},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5080692768096924},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.43770214915275574},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.43702933192253113},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3747265636920929},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.33982014656066895},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2338787317276001}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3531536.3532966","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3531536.3532966","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Information Hiding and Multimedia Security","raw_type":"proceedings-article"},{"id":"pmh:oai:publicatio.bibl.u-szeged.hu:24585","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306400436","display_name":"SZTE Publicatio Repozit\u00f3rium (University of Szeged)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I227486990","host_organization_name":"University of Szeged","host_organization_lineage":["https://openalex.org/I227486990"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"","raw_type":"K\u00f6nyv r\u00e9sze"}],"best_oa_location":{"id":"pmh:oai:publicatio.bibl.u-szeged.hu:24585","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306400436","display_name":"SZTE Publicatio Repozit\u00f3rium (University of Szeged)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I227486990","host_organization_name":"University of Szeged","host_organization_lineage":["https://openalex.org/I227486990"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"","raw_type":"K\u00f6nyv r\u00e9sze"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2259076280","display_name":null,"funder_award_id":"TKP2021-NVA-09 and MILAB","funder_id":"https://openalex.org/F4320336675","funder_display_name":"National Research, Development and Innovation Office"}],"funders":[{"id":"https://openalex.org/F4320336675","display_name":"National Research, Development and Innovation Office","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W2108598243","https://openalex.org/W2560674852","https://openalex.org/W2942091739","https://openalex.org/W2972713160","https://openalex.org/W3007264885","https://openalex.org/W3012981624","https://openalex.org/W3081178496","https://openalex.org/W3083185154","https://openalex.org/W3092005433","https://openalex.org/W3173775589","https://openalex.org/W3205902815","https://openalex.org/W4214680449"],"related_works":["https://openalex.org/W4253878822","https://openalex.org/W4320031223","https://openalex.org/W3015678314","https://openalex.org/W4281902577","https://openalex.org/W3030221677","https://openalex.org/W4200629851","https://openalex.org/W1965563707","https://openalex.org/W3009072493","https://openalex.org/W4386185023","https://openalex.org/W4317672133"],"abstract_inverted_index":{"Machine":[0],"learning":[1],"models":[2,264],"are":[3,158],"vulnerable":[4],"to":[5,33,43,54,75,84,117,128,149,161,180],"adversarial":[6,40,78,94,145,247],"attacks,":[7],"where":[8],"a":[9,36,44,57,62,82,85,102,130,133,190,204,207,219],"small,":[10],"invisible,":[11],"malicious":[12],"perturbation":[13],"of":[14,24,112,119],"the":[15,18,93,99,110,113,120,144,155,184,193,214,227,237,253,256,261],"input":[16,95],"changes":[17],"predicted":[19],"label.":[20],"A":[21],"large":[22],"area":[23],"research":[25],"is":[26,65,74,115,189,196,200],"concerned":[27],"with":[28,163],"verification":[29,55,194],"techniques":[30],"that":[31,51,64,97,118,143],"attempt":[32],"decide":[34],"whether":[35],"given":[37,45],"model":[38,63,114],"has":[39,101],"inputs":[41],"close":[42],"benign":[46],"input.":[47],"Here,":[48],"we":[49,60,126,140,217],"show":[50],"current":[52,70],"approaches":[53],"have":[56],"key":[58],"vulnerability:":[59],"construct":[61],"not":[66,177],"robust":[67,86,148],"but":[68,174],"passes":[69],"verifiers.":[71],"The":[72],"idea":[73],"insert":[76],"artificial":[77],"perturbations":[79],"by":[80],"adding":[81],"backdoor":[83,100,221,250],"neural":[87],"network":[88,209,222],"model.":[89,122],"In":[90,123],"our":[91,232,243],"construction,":[92],"subspace":[96,109],"triggers":[98],"very":[103],"small":[104],"volume,":[105],"and":[106,186,206,223,249,255,263],"outside":[107],"this":[108,171,188],"gradient":[111],"identical":[116],"clean":[121],"other":[124],"words,":[125],"seek":[127],"create":[129,218],"\"needle":[131,153],"in":[132,154,172],"haystack\"":[134,156],"search":[135,165],"problem.":[136],"For":[137],"practical":[138],"purposes,":[139],"also":[141],"require":[142],"samples":[146],"be":[147],"JPEG":[150],"compression.":[151],"Large":[152],"problems":[157],"practically":[159],"impossible":[160],"solve":[162],"any":[164],"algorithm.":[166],"Formal":[167],"verifiers":[168],"can":[169],"handle":[170],"principle,":[173],"they":[175],"do":[176],"scale":[178],"up":[179],"real-world":[181],"networks":[182,235],"at":[183,267],"moment,":[185],"achieving":[187],"challenge":[191],"because":[192],"problem":[195],"NP-complete.":[197],"Our":[198],"construction":[199,244],"based":[201],"on":[202],"training":[203],"hiding":[205],"revealing":[208,215],"using":[210,245],"deep":[211,233],"steganography.":[212],"Using":[213],"network,":[216],"separate":[220],"integrate":[224],"it":[225],"into":[226],"target":[228],"network.":[229],"We":[230,240,259],"train":[231],"steganography":[234],"over":[236,252],"CIFAR-10":[238,254],"dataset.":[239],"then":[241],"evaluate":[242],"state-of-the-art":[246],"attacks":[248],"detectors":[251],"ImageNet":[257],"datasets.":[258],"made":[260],"code":[262],"publicly":[265],"available":[266],"https://github.com/szegedai/hiding-needles-in-a-haystack.":[268]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}