{"id":"https://openalex.org/W4365445214","doi":"https://doi.org/10.1145/3579988.3585054","title":"Vulnerability of CNNs against Multi-Patch Attacks","display_name":"Vulnerability of CNNs against Multi-Patch Attacks","publication_year":2023,"publication_date":"2023-04-13","ids":{"openalex":"https://openalex.org/W4365445214","doi":"https://doi.org/10.1145/3579988.3585054"},"language":"en","primary_location":{"id":"doi:10.1145/3579988.3585054","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3579988.3585054","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5078916246","display_name":"Abhijith Sharma","orcid":"https://orcid.org/0000-0002-4592-2928"},"institutions":[{"id":"https://openalex.org/I141945490","display_name":"University of British Columbia","ror":"https://ror.org/03rmrcq20","country_code":"CA","type":"education","lineage":["https://openalex.org/I141945490"]},{"id":"https://openalex.org/I4405260628","display_name":"University of British Columbia, Okanagan Campus","ror":"https://ror.org/04241wz75","country_code":"CA","type":"education","lineage":["https://openalex.org/I141945490","https://openalex.org/I4405260628"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Abhijith Sharma","raw_affiliation_strings":["University of British Columbia, Kelowna, BC, Canada"],"raw_orcid":"https://orcid.org/0000-0002-4592-2928","affiliations":[{"raw_affiliation_string":"University of British Columbia, Kelowna, BC, Canada","institution_ids":["https://openalex.org/I141945490","https://openalex.org/I4405260628"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079057846","display_name":"Yijun Bian","orcid":"https://orcid.org/0000-0002-5926-7100"},"institutions":[{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yijun Bian","raw_affiliation_strings":["University of Science and Technology of China, Hefei, China"],"raw_orcid":"https://orcid.org/0000-0002-5926-7100","affiliations":[{"raw_affiliation_string":"University of Science and Technology of China, Hefei, China","institution_ids":["https://openalex.org/I126520041"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068328184","display_name":"Vatsal Nanda","orcid":"https://orcid.org/0000-0001-5255-4724"},"institutions":[{"id":"https://openalex.org/I162030827","display_name":"Thapar Institute of Engineering & Technology","ror":"https://ror.org/00wdq3744","country_code":"IN","type":"education","lineage":["https://openalex.org/I162030827"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Vatsal Nanda","raw_affiliation_strings":["Thapar Institute of Engineering and Technology, Patiala, India"],"raw_orcid":"https://orcid.org/0000-0001-5255-4724","affiliations":[{"raw_affiliation_string":"Thapar Institute of Engineering and Technology, Patiala, India","institution_ids":["https://openalex.org/I162030827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011866354","display_name":"Phil Munz","orcid":"https://orcid.org/0009-0008-1219-2480"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Phil Munz","raw_affiliation_strings":["TrojAI Inc., Saint John, NB, Canada"],"raw_orcid":"https://orcid.org/0009-0008-1219-2480","affiliations":[{"raw_affiliation_string":"TrojAI Inc., Saint John, NB, Canada","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000267964","display_name":"Apurva Narayan","orcid":"https://orcid.org/0000-0001-7203-8698"},"institutions":[{"id":"https://openalex.org/I125749732","display_name":"Western University","ror":"https://ror.org/02grkyz14","country_code":"CA","type":"education","lineage":["https://openalex.org/I125749732"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Apurva Narayan","raw_affiliation_strings":["Western University, London, ON, Canada"],"raw_orcid":"https://orcid.org/0000-0001-7203-8698","affiliations":[{"raw_affiliation_string":"Western University, London, ON, Canada","institution_ids":["https://openalex.org/I125749732"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5078916246"],"corresponding_institution_ids":["https://openalex.org/I141945490","https://openalex.org/I4405260628"],"apc_list":null,"apc_paid":null,"fwci":0.852,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.77760892,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"23","last_page":"32"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9678000211715698,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.785632848739624},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5659407377243042},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.5518350601196289},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.5200273990631104},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.5071303844451904},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.4966509938240051},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.43996259570121765},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.43789276480674744},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.32574695348739624}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.785632848739624},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5659407377243042},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.5518350601196289},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.5200273990631104},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.5071303844451904},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.4966509938240051},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.43996259570121765},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.43789276480674744},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.32574695348739624}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3579988.3585054","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3579988.3585054","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems","raw_type":"proceedings-article"},{"id":"pmh:oai:pure.atira.dk:openaire_cris_publications/afbaf535-e6ec-4695-a71b-a707c675cd95","is_oa":false,"landing_page_url":"https://researchprofiles.ku.dk/da/publications/afbaf535-e6ec-4695-a71b-a707c675cd95","pdf_url":null,"source":{"id":"https://openalex.org/S4306401983","display_name":"Research at the University of Copenhagen (University of Copenhagen)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I124055696","host_organization_name":"University of Copenhagen","host_organization_lineage":["https://openalex.org/I124055696"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Sharma , A , Bian , Y , Nanda , V , Munz , P & Narayan , A 2023 , Vulnerability of CNNs against Multi-Patch Attacks . in Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (SaT-CPS\u201923) . https://doi.org/10.1145/3579988.3585054","raw_type":"contributionToPeriodical"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.47999998927116394,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W2117539524","https://openalex.org/W2194775991","https://openalex.org/W2350778671","https://openalex.org/W2535873859","https://openalex.org/W2621285511","https://openalex.org/W2622826443","https://openalex.org/W2901458284","https://openalex.org/W2902867332","https://openalex.org/W2905423756","https://openalex.org/W2910121883","https://openalex.org/W2962858109","https://openalex.org/W2963302614","https://openalex.org/W2963726920","https://openalex.org/W2963952467","https://openalex.org/W2964194231","https://openalex.org/W2981579652","https://openalex.org/W2983371255","https://openalex.org/W3035289617","https://openalex.org/W3086579950","https://openalex.org/W3088678766","https://openalex.org/W3090358134","https://openalex.org/W3097269597","https://openalex.org/W3100321043","https://openalex.org/W3101424466","https://openalex.org/W3114686421","https://openalex.org/W3119652083","https://openalex.org/W3128390792","https://openalex.org/W3150962209","https://openalex.org/W3168542916","https://openalex.org/W3196107314","https://openalex.org/W3200780444","https://openalex.org/W3205945722","https://openalex.org/W3212077589","https://openalex.org/W4236965008","https://openalex.org/W4283071535"],"related_works":["https://openalex.org/W2502115930","https://openalex.org/W2482350142","https://openalex.org/W4246396837","https://openalex.org/W4320018150","https://openalex.org/W4239582170","https://openalex.org/W2918664383","https://openalex.org/W106056076","https://openalex.org/W4320855730","https://openalex.org/W2135200719","https://openalex.org/W2588995807"],"abstract_inverted_index":{"Convolutional":[0],"Neural":[1],"Networks":[2],"have":[3],"become":[4],"an":[5,97],"integral":[6],"part":[7],"of":[8,20,26,38,63,84,121,174,191],"anomaly":[9],"detection":[10],"in":[11,78,180],"Cyber-Physical":[12],"Systems":[13],"(CPS).":[14],"Although":[15],"highly":[16],"accurate,":[17],"the":[18,24,52,64,82,85,119,125,148,158,164,169,172,177,185,189,192],"advent":[19],"adversarial":[21,46],"patches":[22,50,65,73,122,175],"exposed":[23],"vulnerability":[25],"CNNs,":[27],"posing":[28],"a":[29,44,56,75,110,181],"security":[30],"concern":[31],"for":[32,118,136,200],"safety-critical":[33],"CPS.":[34],"The":[35,144],"current":[36],"form":[37],"patch":[39,178,202],"attacks":[40,156],"often":[41],"involves":[42],"only":[43],"single":[45,201],"patch.":[47],"Using":[48],"multiple":[49,72,100],"enables":[51],"attacker":[53],"to":[54,81,95,123,162,195],"craft":[55],"stronger":[57],"adversary":[58],"by":[59],"utilizing":[60],"various":[61,137],"combinations":[62],"and":[66,104,133,154,157,176],"their":[67],"respective":[68],"locations.":[69],"Moreover,":[70],"mitigating":[71],"is":[74],"challenging":[76],"task":[77],"practice":[79],"due":[80],"nascence":[83],"domain.":[86],"In":[87,184],"this":[88],"work,":[89],"we":[90,187],"present":[91],"three":[92],"novel":[93],"ways":[94],"perform":[96],"attack":[98,150,194],"with":[99],"patches:":[101],"Split,":[102],"Mono-Multi,":[103],"Poly-Multi":[105,149],"attacks.":[106,203],"We":[107,166],"also":[108,167],"propose":[109],"search":[111],"method":[112],"named":[113],"'Boundary":[114],"Space":[115],"Search":[116],"(BSS)'":[117],"placement":[120],"enhance":[124],"attack's":[126],"efficacy":[127],"further,":[128],"experimenting":[129],"on":[130],"EuroSAT,":[131],"Imagenette,":[132],"CIFAR10":[134],"datasets":[135],"perturbation":[138],"levels":[139],"across":[140],"diverse":[141],"model":[142],"architectures.":[143],"results":[145],"show":[146],"that":[147],"outperforms":[151],"other":[152],"multi-patch":[153],"single-patch":[155],"best":[159],"perception":[160],"stealth":[161],"surpass":[163],"detection.":[165],"highlight":[168],"trade-off":[170],"between":[171],"number":[173],"size":[179],"Multi-Patch":[182,193],"attack.":[183],"end,":[186],"analyze":[188],"ability":[190],"overcome":[196],"state-of-the-art":[197],"defenses":[198],"designed":[199]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}