{"id":"https://openalex.org/W4302008871","doi":"https://doi.org/10.1145/3605764.3623917","title":"Certifiers Make Neural Networks Vulnerable to Availability Attacks","display_name":"Certifiers Make Neural Networks Vulnerable to Availability Attacks","publication_year":2023,"publication_date":"2023-11-21","ids":{"openalex":"https://openalex.org/W4302008871","doi":"https://doi.org/10.1145/3605764.3623917"},"language":"en","primary_location":{"id":"doi:10.1145/3605764.3623917","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3605764.3623917","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2108.11299","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5058318846","display_name":"Tobias Lorenz","orcid":"https://orcid.org/0000-0003-4369-2644"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Tobias Lorenz","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"],"raw_orcid":"https://orcid.org/0000-0003-4369-2644","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081710233","display_name":"Marta Kwiatkowska","orcid":"https://orcid.org/0000-0001-9022-7599"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Marta Kwiatkowska","raw_affiliation_strings":["University of Oxford, Oxford, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0001-9022-7599","affiliations":[{"raw_affiliation_string":"University of Oxford, Oxford, United Kingdom","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5003887059","display_name":"Mario Fritz","orcid":"https://orcid.org/0000-0001-8949-9896"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Mario Fritz","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"],"raw_orcid":"https://orcid.org/0000-0001-8949-9896","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany","institution_ids":["https://openalex.org/I4210128801"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5058318846"],"corresponding_institution_ids":["https://openalex.org/I4210128801"],"apc_list":null,"apc_paid":null,"fwci":0.3408,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.6243114,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"67","last_page":"78"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.960099995136261,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9593999981880188,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.8324296474456787},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8030246496200562},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.6943708658218384},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5712728500366211},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5179075598716736},{"id":"https://openalex.org/keywords/relevance","display_name":"Relevance (law)","score":0.5163220763206482},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.41424891352653503},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.41196495294570923},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2792154550552368}],"concepts":[{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.8324296474456787},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8030246496200562},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.6943708658218384},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5712728500366211},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5179075598716736},{"id":"https://openalex.org/C158154518","wikidata":"https://www.wikidata.org/wiki/Q7310970","display_name":"Relevance (law)","level":2,"score":0.5163220763206482},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.41424891352653503},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.41196495294570923},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2792154550552368},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":5,"locations":[{"id":"doi:10.1145/3605764.3623917","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3605764.3623917","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2108.11299","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2108.11299","pdf_url":"https://arxiv.org/pdf/2108.11299","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:oai:figshare.com:article/25304446","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/Certifiers_Make_Neural_Networks_Vulnerable_to_Availability_Attacks/25304446","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},{"id":"pmh:oai:ora.ox.ac.uk:uuid:79abdbde-0dc2-49d4-8c66-dd27c7b45e29","is_oa":false,"landing_page_url":"https://ora.ox.ac.uk/objects/uuid:79abdbde-0dc2-49d4-8c66-dd27c7b45e29","pdf_url":null,"source":{"id":"https://openalex.org/S4306402636","display_name":"Oxford University Research Archive (ORA) (University of Oxford)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I40120149","host_organization_name":"University of Oxford","host_organization_lineage":["https://openalex.org/I40120149"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Symplectic Elements","raw_type":"Conference item"},{"id":"doi:10.60882/cispa.25304446.v1","is_oa":true,"landing_page_url":"https://doi.org/10.60882/cispa.25304446.v1","pdf_url":null,"source":{"id":"https://openalex.org/S7407050916","display_name":"CISPA Helmholtz Center","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2108.11299","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2108.11299","pdf_url":"https://arxiv.org/pdf/2108.11299","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1966752340","display_name":null,"funder_award_id":"ZT-I-OO1 4","funder_id":"https://openalex.org/F4320325698","funder_display_name":"Helmholtz Association"},{"id":"https://openalex.org/G4067274845","display_name":null,"funder_award_id":"834115","funder_id":"https://openalex.org/F4320334678","funder_display_name":"European Research Council"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320325698","display_name":"Helmholtz Association","ror":null},{"id":"https://openalex.org/F4320334678","display_name":"European Research Council","ror":"https://ror.org/0472cxd90"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W1539670134","https://openalex.org/W1583837637","https://openalex.org/W2112796928","https://openalex.org/W2165073069","https://openalex.org/W2543296129","https://openalex.org/W2572504188","https://openalex.org/W2794609696","https://openalex.org/W2807363941","https://openalex.org/W2887603965","https://openalex.org/W2900153411","https://openalex.org/W2931858311","https://openalex.org/W2934843808","https://openalex.org/W2963857521","https://openalex.org/W2963952467","https://openalex.org/W2963998105","https://openalex.org/W2990138404","https://openalex.org/W3010216907","https://openalex.org/W3012113073","https://openalex.org/W3083878034","https://openalex.org/W3186732165","https://openalex.org/W3213748123","https://openalex.org/W4214878189","https://openalex.org/W4224917599"],"related_works":["https://openalex.org/W4388150944","https://openalex.org/W4242235492","https://openalex.org/W4237162029","https://openalex.org/W2367268135","https://openalex.org/W2385701518","https://openalex.org/W4379116102","https://openalex.org/W3210882018","https://openalex.org/W2970990331","https://openalex.org/W3207178610","https://openalex.org/W3211782752"],"abstract_inverted_index":{"To":[0],"achieve":[1],"reliable,":[2],"robust,":[3],"and":[4,68,101,139,199,224],"safe":[5,100],"AI":[6,16],"systems,":[7],"it":[8],"is":[9,95,193],"vital":[10],"to":[11,29,73,89,132,147,195,207,245],"implement":[12],"fallback":[13,70,121,151,198],"strategies":[14,122],"when":[15],"predictions":[17,40,58],"cannot":[18],"be":[19,74,124],"trusted.":[20],"Certifiers":[21],"for":[22,38,106,136,205,252],"neural":[23],"networks":[24],"are":[25,243],"a":[26,42,66,69,83,96],"reliable":[27],"way":[28],"check":[30],"the":[31,53,56,61,107,141,150,157,162,165,179,197,202,214,227,247,250],"robustness":[32],"of":[33,45,182,209,230],"these":[34,183,231],"predictions.":[35],"They":[36],"guarantee":[37],"some":[39,137],"that":[41,110,240],"certain":[43],"class":[44],"manipulations":[46],"or":[47,86],"attacks":[48,146],"could":[49],"not":[50],"have":[51],"changed":[52],"outcome.":[54],"For":[55,185],"remaining":[57],"without":[59],"guarantees,":[60],"method":[62],"abstains":[63,135],"from":[64],"making":[65],"prediction,":[67],"strategy":[71],"needs":[72],"invoked,":[75],"which":[76,177],"typically":[77],"incurs":[78],"additional":[79],"costs,":[80],"can":[81,123,143],"require":[82],"human":[84],"operator,":[85],"even":[87],"fail":[88],"provide":[90],"any":[91],"prediction.":[92],"While":[93],"this":[94,111],"key":[97],"concept":[98],"towards":[99],"secure":[102],"AI,":[103],"we":[104],"show":[105,178],"first":[108],"time":[109],"approach":[112],"comes":[113],"with":[114,152],"its":[115],"own":[116],"security":[117],"risks,":[118],"as":[119],"such":[120],"deliberately":[125,148],"triggered":[126],"by":[127,212],"an":[128],"adversary.":[129],"In":[130],"addition":[131],"naturally":[133],"occurring":[134],"inputs":[138,211],"perturbations,":[140],"adversary":[142],"use":[144],"training-time":[145],"trigger":[149,196],"high":[153],"probability.":[154],"This":[155],"transfers":[156],"main":[158],"system":[159],"load":[160],"onto":[161],"fallback,":[163],"reducing":[164],"overall":[166],"system's":[167],"integrity":[168],"and/or":[169],"availability.":[170],"We":[171],"design":[172],"two":[173],"novel":[174],"availability":[175],"attacks,":[176],"practical":[180],"relevance":[181],"threats.":[184],"example,":[186],"adding":[187],"1%":[188],"poisoned":[189],"data":[190],"during":[191],"training":[192],"sufficient":[194],"hence":[200],"make":[201],"model":[203,222],"unavailable":[204],"up":[206],"100%":[208],"all":[210],"inserting":[213],"trigger.":[215],"Our":[216],"extensive":[217],"experiments":[218],"across":[219],"multiple":[220],"datasets,":[221],"architectures,":[223],"certifiers":[225],"demonstrate":[226],"broad":[228],"applicability":[229],"attacks.":[232],"An":[233],"initial":[234],"investigation":[235],"into":[236],"potential":[237],"defenses":[238],"shows":[239],"current":[241],"approaches":[242],"insufficient":[244],"mitigate":[246],"issue,":[248],"highlighting":[249],"need":[251],"new,":[253],"specific":[254],"solutions.":[255]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}