{"id":"https://openalex.org/W7154569067","doi":"https://doi.org/10.14428/esann/2026.es2026-162","title":"Model Selection Hijacking Adversarial Attack","display_name":"Model Selection Hijacking Adversarial Attack","publication_year":2026,"publication_date":"2026-01-01","ids":{"openalex":"https://openalex.org/W7154569067","doi":"https://doi.org/10.14428/esann/2026.es2026-162"},"language":null,"primary_location":{"id":"doi:10.14428/esann/2026.es2026-162","is_oa":true,"landing_page_url":"https://doi.org/10.14428/esann/2026.es2026-162","pdf_url":"https://doi.org/10.14428/esann/2026.es2026-162","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ESANN 2026 proceesdings","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.14428/esann/2026.es2026-162","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5051194788","display_name":"Luca Pajola","orcid":"https://orcid.org/0000-0002-6749-6608"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Luca Pajola","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133801709","display_name":"Riccardo Petrucci","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Riccardo Petrucci","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071242130","display_name":"Francesco Marchiori","orcid":"https://orcid.org/0000-0001-5282-0965"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Francesco Marchiori","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065003610","display_name":"Luca Pasa","orcid":"https://orcid.org/0000-0002-3023-3046"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Luca Pasa","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5133792962","display_name":"Mauro Conti","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mauro Conti","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5051194788"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.94533604,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"351","last_page":"356"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9771999716758728,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9771999716758728,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.004999999888241291,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10775","display_name":"Generative Adversarial Networks and Image Synthesis","score":0.002199999988079071,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8144000172615051},{"id":"https://openalex.org/keywords/selection","display_name":"Selection (genetic algorithm)","score":0.6230999827384949},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.5752000212669373},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.5710999965667725},{"id":"https://openalex.org/keywords/model-selection","display_name":"Model selection","score":0.5551000237464905},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.48579999804496765},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4641999900341034},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.43380001187324524}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8144000172615051},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6984000205993652},{"id":"https://openalex.org/C81917197","wikidata":"https://www.wikidata.org/wiki/Q628760","display_name":"Selection (genetic algorithm)","level":2,"score":0.6230999827384949},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.5752000212669373},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5716999769210815},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.5710999965667725},{"id":"https://openalex.org/C93959086","wikidata":"https://www.wikidata.org/wiki/Q6888345","display_name":"Model selection","level":2,"score":0.5551000237464905},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5048999786376953},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.48579999804496765},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4641999900341034},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.43380001187324524},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.43209999799728394},{"id":"https://openalex.org/C82876162","wikidata":"https://www.wikidata.org/wiki/Q17096504","display_name":"Latency (audio)","level":2,"score":0.38580000400543213},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.375},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.33410000801086426},{"id":"https://openalex.org/C40423286","wikidata":"https://www.wikidata.org/wiki/Q284172","display_name":"Selection bias","level":2,"score":0.3021000027656555},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.28940001130104065},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.28439998626708984},{"id":"https://openalex.org/C148483581","wikidata":"https://www.wikidata.org/wiki/Q446488","display_name":"Feature selection","level":2,"score":0.26350000500679016},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.257099986076355},{"id":"https://openalex.org/C148220186","wikidata":"https://www.wikidata.org/wiki/Q7111912","display_name":"Outcome (game theory)","level":2,"score":0.2517000138759613},{"id":"https://openalex.org/C107645828","wikidata":"https://www.wikidata.org/wiki/Q12070446","display_name":"System model","level":2,"score":0.25130000710487366},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.25110000371932983}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.14428/esann/2026.es2026-162","is_oa":true,"landing_page_url":"https://doi.org/10.14428/esann/2026.es2026-162","pdf_url":"https://doi.org/10.14428/esann/2026.es2026-162","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ESANN 2026 proceesdings","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.14428/esann/2026.es2026-162","is_oa":true,"landing_page_url":"https://doi.org/10.14428/esann/2026.es2026-162","pdf_url":"https://doi.org/10.14428/esann/2026.es2026-162","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ESANN 2026 proceesdings","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/5","display_name":"Gender equality","score":0.5528494715690613}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7154569067.pdf","grobid_xml":"https://content.openalex.org/works/W7154569067.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Model":[0],"selection":[1,55],"plays":[2],"a":[3,27,60,102],"critical":[4],"role":[5],"in":[6,73],"the":[7,37,54],"deployment":[8],"of":[9,35,118],"machine":[10],"learning":[11],"systems,":[12],"yet":[13],"its":[14],"vulnerability":[15],"to":[16,43,80],"adversarial":[17,119],"manipulation":[18],"remains":[19],"largely":[20],"unexplored.We":[21],"introduce":[22],"MOSHI":[23,68],"(MOdel":[24],"Selection":[25],"HIjacking),":[26],"novel":[28],"framework":[29],"that":[30,67,96],"examines":[31],"whether":[32],"targeted":[33],"poisoning":[34],"only":[36],"validation":[38],"set,":[39],"without":[40],"any":[41],"access":[42],"training":[44],"data,":[45],"model":[46,97],"internals,":[47],"or":[48],"system":[49],"configuration,":[50],"can":[51,69,105],"systematically":[52],"bias":[53],"process":[56],"toward":[57],"inferior":[58],"models.Leveraging":[59],"VAE-based":[61],"perturbation":[62],"mechanism,":[63],"we":[64],"empirically":[65],"demonstrate":[66],"induce":[70],"coherent":[71],"misselection":[72],"both":[74],"vision":[75],"and":[76,91],"speech":[77],"benchmarks,":[78],"leading":[79],"models":[81],"with":[82],"degraded":[83],"generalization,":[84],"as":[85,87,101,114],"well":[86],"increased":[88],"inference":[89],"latency":[90],"energy":[92],"consumption.Our":[93],"results":[94],"highlight":[95],"selection,":[98],"typically":[99],"viewed":[100],"benign":[103],"step,":[104],"significantly":[106],"affect":[107],"robustness,":[108],"suggesting":[109],"it":[110],"should":[111],"be":[112],"treated":[113],"an":[115],"integral":[116],"component":[117],"ML":[120],"analysis.":[121]},"counts_by_year":[],"updated_date":"2026-04-18T05:59:34.339393","created_date":"2026-04-17T00:00:00"}