{"id":"https://openalex.org/W4383221476","doi":"https://doi.org/10.1145/3579856.3582824","title":"Mitigating Adversarial Attacks by Distributing Different Copies to Different Buyers","display_name":"Mitigating Adversarial Attacks by Distributing Different Copies to Different Buyers","publication_year":2023,"publication_date":"2023-07-05","ids":{"openalex":"https://openalex.org/W4383221476","doi":"https://doi.org/10.1145/3579856.3582824"},"language":"en","primary_location":{"id":"doi:10.1145/3579856.3582824","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3579856.3582824","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3579856.3582824","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3579856.3582824","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103182069","display_name":"Jiyi Zhang","orcid":"https://orcid.org/0000-0002-7777-3162"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Jiyi Zhang","raw_affiliation_strings":["School of Computing, National University of Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-7777-3162","affiliations":[{"raw_affiliation_string":"School of Computing, National University of Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032465074","display_name":"Han Fang","orcid":"https://orcid.org/0000-0001-9635-9859"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Han Fang","raw_affiliation_strings":["School of Computing, National University of Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-9635-9859","affiliations":[{"raw_affiliation_string":"School of Computing, National University of Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066428042","display_name":"Wesley Joon-Wie Tann","orcid":"https://orcid.org/0000-0002-5595-531X"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Wesley Joon-Wie Tann","raw_affiliation_strings":["School of Computing, National University of Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-5595-531X","affiliations":[{"raw_affiliation_string":"School of Computing, National University of Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100737915","display_name":"Ke Xu","orcid":"https://orcid.org/0000-0001-7462-3348"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ke Xu","raw_affiliation_strings":["Huawei International, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-7462-3348","affiliations":[{"raw_affiliation_string":"Huawei International, Singapore","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089400788","display_name":"Chengfang Fang","orcid":"https://orcid.org/0000-0002-8313-0980"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chengfang Fang","raw_affiliation_strings":["Huawei International, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-8313-0980","affiliations":[{"raw_affiliation_string":"Huawei International, Singapore","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5105408906","display_name":"Ee\u2010Chien Chang","orcid":"https://orcid.org/0000-0003-4613-0866"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Ee-Chien Chang","raw_affiliation_strings":["School of Computing, National University of Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0003-4613-0866","affiliations":[{"raw_affiliation_string":"School of Computing, National University of Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5103182069"],"corresponding_institution_ids":["https://openalex.org/I165932596"],"apc_list":null,"apc_paid":null,"fwci":0.6816,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.75017413,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"704","last_page":"715"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11307","display_name":"Domain Adaptation and Few-Shot Learning","score":0.9700000286102295,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9541000127792358,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7908994555473328},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7831168174743652},{"id":"https://openalex.org/keywords/randomness","display_name":"Randomness","score":0.6946320533752441},{"id":"https://openalex.org/keywords/rewriting","display_name":"Rewriting","score":0.5914087295532227},{"id":"https://openalex.org/keywords/retraining","display_name":"Retraining","score":0.5690548419952393},{"id":"https://openalex.org/keywords/jump","display_name":"Jump","score":0.5297045707702637},{"id":"https://openalex.org/keywords/point","display_name":"Point (geometry)","score":0.47590431571006775},{"id":"https://openalex.org/keywords/replication","display_name":"Replication (statistics)","score":0.4738255739212036},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.34940940141677856},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3291524648666382},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.32890236377716064},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.12013959884643555}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7908994555473328},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7831168174743652},{"id":"https://openalex.org/C125112378","wikidata":"https://www.wikidata.org/wiki/Q176640","display_name":"Randomness","level":2,"score":0.6946320533752441},{"id":"https://openalex.org/C154690210","wikidata":"https://www.wikidata.org/wiki/Q1668499","display_name":"Rewriting","level":2,"score":0.5914087295532227},{"id":"https://openalex.org/C2778712577","wikidata":"https://www.wikidata.org/wiki/Q3505966","display_name":"Retraining","level":2,"score":0.5690548419952393},{"id":"https://openalex.org/C2780695682","wikidata":"https://www.wikidata.org/wiki/Q4005959","display_name":"Jump","level":2,"score":0.5297045707702637},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.47590431571006775},{"id":"https://openalex.org/C12590798","wikidata":"https://www.wikidata.org/wiki/Q3933199","display_name":"Replication (statistics)","level":2,"score":0.4738255739212036},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34940940141677856},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3291524648666382},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.32890236377716064},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.12013959884643555},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C155202549","wikidata":"https://www.wikidata.org/wiki/Q178803","display_name":"International trade","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3579856.3582824","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3579856.3582824","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3579856.3582824","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3579856.3582824","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3579856.3582824","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3579856.3582824","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4383221476.pdf","grobid_xml":"https://content.openalex.org/works/W4383221476.grobid-xml"},"referenced_works_count":19,"referenced_works":["https://openalex.org/W2002427601","https://openalex.org/W2108645386","https://openalex.org/W2157531972","https://openalex.org/W2243397390","https://openalex.org/W2269778407","https://openalex.org/W2296452361","https://openalex.org/W2474861573","https://openalex.org/W2543927648","https://openalex.org/W2603766943","https://openalex.org/W2963542245","https://openalex.org/W2963560987","https://openalex.org/W2963844355","https://openalex.org/W3015625436","https://openalex.org/W3034619610","https://openalex.org/W3040300753","https://openalex.org/W3082860856","https://openalex.org/W3087267795","https://openalex.org/W4300837091","https://openalex.org/W4301726735"],"related_works":["https://openalex.org/W2502115930","https://openalex.org/W2006651773","https://openalex.org/W2027050655","https://openalex.org/W2120204135","https://openalex.org/W1796293478","https://openalex.org/W3028244590","https://openalex.org/W2014369232","https://openalex.org/W4246396837","https://openalex.org/W2482350142","https://openalex.org/W3176240006"],"abstract_inverted_index":{"Machine":[0],"learning":[1],"models":[2,146],"are":[3,265],"vulnerable":[4],"to":[5,20,29,42,53,62,77,112,134,184,225,242,256],"adversarial":[6,45,87,201],"attacks.":[7],"In":[8],"this":[9,259],"paper,":[10],"we":[11,80,161,261],"consider":[12],"the":[13,40,50,54,58,64,75,83,131,136,154,171,211,235,240,253],"scenario":[14],"where":[15,196],"a":[16,25,103,113,141,163,186,192],"model":[17,41,59,76,104],"is":[18,118,123,182],"distributed":[19],"multiple":[21],"buyers,":[22,79],"among":[23,138],"which":[24],"malicious":[26,34],"buyer":[27,35],"attempts":[28],"attack":[30,84,241],"another":[31,97],"buyer.":[32],"The":[33],"probes":[36],"its":[37],"copy":[38,56,92,198],"of":[39,57,74,128,145,189,238],"search":[43],"for":[44],"samples":[46,52,88],"and":[47,121,153,181],"then":[48],"presents":[49],"found":[51,89],"victim\u2019s":[55],"in":[60,191],"order":[61],"replicate":[63],"attack.":[65],"We":[66,99],"point":[67],"out":[68],"that":[69,86,101,168,206,263],"by":[70],"distributing":[71],"different":[72,78,106,200,249],"copies":[73,190,247],"can":[81,147,208,233,251],"mitigate":[82,210],"such":[85,110,151],"on":[90,96,220],"one":[91],"would":[93],"not":[94,177],"work":[95],"copy.":[98],"observed":[100],"training":[102,180,246],"with":[105,223,248],"randomness":[107,250],"indeed":[108],"mitigates":[109],"replication":[111],"certain":[114],"degree.":[115],"However,":[116,140],"there":[117,264],"no":[119],"guarantee":[120],"retraining":[122,132],"computationally":[124],"expensive.":[125],"A":[126],"number":[127,144,188],"works":[129],"extended":[130],"method":[133,167,175],"enhance":[135],"differences":[137],"models.":[139],"very":[142],"limited":[143],"be":[148],"produced":[149],"using":[150,230],"methods":[152],"computational":[155],"cost":[156],"becomes":[157],"even":[158],"higher.":[159],"Therefore,":[160],"propose":[162],"flexible":[164],"parameter":[165],"rewriting":[166,207],"directly":[169],"modifies":[170],"model\u2019s":[172],"parameters.":[173],"This":[174],"does":[176],"require":[178],"additional":[179],"able":[183],"generate":[185],"large":[187],"more":[193],"controllable":[194],"manner,":[195],"each":[197],"induces":[199],"regions.":[202],"Experimentation":[203],"studies":[204],"show":[205],"significantly":[209],"attacks":[212],"while":[213,244],"retaining":[214],"high":[215],"classification":[216],"accuracy.":[217],"For":[218],"instance,":[219],"GTSRB":[221],"dataset":[222],"respect":[224],"Hop":[226],"Skip":[227],"Jump":[228],"attack,":[229],"attractor-based":[231],"rewriter":[232],"reduce":[234,252],"success":[236,254],"rate":[237,255],"replicating":[239],"0.5%":[243],"independently":[245],"6.5%.":[257],"From":[258],"study,":[260],"believe":[262],"many":[266],"further":[267],"directions":[268],"worth":[269],"exploring.":[270]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}