{"id":"https://openalex.org/W2966658324","doi":"https://doi.org/10.24963/ijcai.2019/833","title":"Protecting Neural Networks with Hierarchical Random Switching: Towards Better Robustness-Accuracy Trade-off for Stochastic Defenses","display_name":"Protecting Neural Networks with Hierarchical Random Switching: Towards Better Robustness-Accuracy Trade-off for Stochastic Defenses","publication_year":2019,"publication_date":"2019-07-28","ids":{"openalex":"https://openalex.org/W2966658324","doi":"https://doi.org/10.24963/ijcai.2019/833","mag":"2966658324"},"language":"en","primary_location":{"id":"doi:10.24963/ijcai.2019/833","is_oa":true,"landing_page_url":"https://doi.org/10.24963/ijcai.2019/833","pdf_url":"https://www.ijcai.org/proceedings/2019/0833.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.ijcai.org/proceedings/2019/0833.pdf","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100411426","display_name":"Xiao Wang","orcid":"https://orcid.org/0000-0001-6117-6745"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Xiao Wang","raw_affiliation_strings":["Boston University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Boston University","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035205195","display_name":"Siyue Wang","orcid":"https://orcid.org/0009-0005-5705-942X"},"institutions":[{"id":"https://openalex.org/I87182695","display_name":"Universidad del Noreste","ror":"https://ror.org/02ahky613","country_code":"MX","type":"education","lineage":["https://openalex.org/I87182695"]}],"countries":["MX"],"is_corresponding":false,"raw_author_name":"Siyue Wang","raw_affiliation_strings":["Northeastern University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Northeastern University","institution_ids":["https://openalex.org/I87182695"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050344371","display_name":"Pin\u2010Yu Chen","orcid":"https://orcid.org/0000-0003-1039-8369"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pin-Yu Chen","raw_affiliation_strings":["IBM Research"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100651384","display_name":"Yanzhi Wang","orcid":"https://orcid.org/0000-0002-3024-7990"},"institutions":[{"id":"https://openalex.org/I87182695","display_name":"Universidad del Noreste","ror":"https://ror.org/02ahky613","country_code":"MX","type":"education","lineage":["https://openalex.org/I87182695"]}],"countries":["MX"],"is_corresponding":false,"raw_author_name":"Yanzhi Wang","raw_affiliation_strings":["Northeastern University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Northeastern University","institution_ids":["https://openalex.org/I87182695"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049134079","display_name":"Brian Kulis","orcid":"https://orcid.org/0000-0002-1704-3838"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Brian Kulis","raw_affiliation_strings":["Boston University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Boston University","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043582832","display_name":"Xue Lin","orcid":"https://orcid.org/0000-0001-6210-8883"},"institutions":[{"id":"https://openalex.org/I87182695","display_name":"Universidad del Noreste","ror":"https://ror.org/02ahky613","country_code":"MX","type":"education","lineage":["https://openalex.org/I87182695"]}],"countries":["MX"],"is_corresponding":false,"raw_author_name":"Xue Lin","raw_affiliation_strings":["Northeastern University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Northeastern University","institution_ids":["https://openalex.org/I87182695"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5103044811","display_name":"Sang Chin","orcid":"https://orcid.org/0000-0002-1913-4223"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sang Chin","raw_affiliation_strings":["Boston University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Boston University","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5100411426"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":4.3526,"has_fulltext":false,"cited_by_count":49,"citation_normalized_percentile":{"value":0.95510727,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"6013","last_page":"6019"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9452999830245972,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12166","display_name":"Ion-surface interactions and analysis","score":0.9053999781608582,"subfield":{"id":"https://openalex.org/subfields/2206","display_name":"Computational Mechanics"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.7210193872451782},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7073912620544434},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6546037197113037},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5627421140670776},{"id":"https://openalex.org/keywords/performance-metric","display_name":"Performance metric","score":0.4457123577594757},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.44117027521133423},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.41099822521209717},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3873286247253418}],"concepts":[{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.7210193872451782},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7073912620544434},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6546037197113037},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5627421140670776},{"id":"https://openalex.org/C2780898871","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Performance metric","level":2,"score":0.4457123577594757},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.44117027521133423},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.41099822521209717},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3873286247253418},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.24963/ijcai.2019/833","is_oa":true,"landing_page_url":"https://doi.org/10.24963/ijcai.2019/833","pdf_url":"https://www.ijcai.org/proceedings/2019/0833.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.24963/ijcai.2019/833","is_oa":true,"landing_page_url":"https://doi.org/10.24963/ijcai.2019/833","pdf_url":"https://www.ijcai.org/proceedings/2019/0833.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6200000047683716,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2966658324.pdf","grobid_xml":"https://content.openalex.org/works/W2966658324.grobid-xml"},"referenced_works_count":22,"referenced_works":["https://openalex.org/W1673923490","https://openalex.org/W1945616565","https://openalex.org/W2095705004","https://openalex.org/W2106479238","https://openalex.org/W2504108613","https://openalex.org/W2619479788","https://openalex.org/W2736899637","https://openalex.org/W2796620423","https://openalex.org/W2802487143","https://openalex.org/W2887603965","https://openalex.org/W2945429037","https://openalex.org/W2951359136","https://openalex.org/W2962710014","https://openalex.org/W2963143631","https://openalex.org/W2963612069","https://openalex.org/W2963744840","https://openalex.org/W2963857521","https://openalex.org/W2964082701","https://openalex.org/W3100646226","https://openalex.org/W3118608800","https://openalex.org/W4293846201","https://openalex.org/W4298312696"],"related_works":["https://openalex.org/W2950183588","https://openalex.org/W3080754722","https://openalex.org/W4383221314","https://openalex.org/W3093978547","https://openalex.org/W2953536436","https://openalex.org/W3203790781","https://openalex.org/W4313346231","https://openalex.org/W2738001131","https://openalex.org/W4285785480","https://openalex.org/W2997056298"],"abstract_inverted_index":{"Despite":[0],"achieving":[1],"remarkable":[2],"success":[3],"in":[4,88,123,132,189,206,219],"various":[5],"domains,":[6],"recent":[7],"studies":[8],"have":[9],"uncovered":[10],"the":[11,71,76,121,128,202,212,222],"vulnerability":[12],"of":[13,66,78,130,135,164,204,225],"deep":[14],"neural":[15,151],"networks":[16,152],"to":[17,51,56,168],"adversarial":[18,101,196,208,216],"perturbations,":[19],"creating":[20],"concerns":[21],"on":[22,82],"model":[23,160,174],"generalizability":[24],"and":[25,103,176,194],"new":[26],"threats":[27],"such":[28,42],"as":[29,43],"prediction-evasive":[30],"misclassification":[31,197],"or":[32,48],"stealthy":[33],"reprogramming.":[34],"Among":[35],"different":[36],"defense":[37,214],"proposals,":[38],"stochastic":[39,107,234],"network":[40,108,235],"defenses":[41,68],"random":[44,49,146],"neuron":[45],"activation":[46],"pruning":[47],"perturbation":[50],"layer":[52],"inputs":[53],"are":[54],"shown":[55],"be":[57],"promising":[58],"for":[59,96,106,178],"attack":[60,125],"mitigation.":[61],"However,":[62],"one":[63],"critical":[64],"drawback":[65],"current":[67,233],"is":[69,74,92,187,211,227],"that":[70,119,185],"robustness":[72,102],"enhancement":[73],"at":[75,127,228],"cost":[77,129],"noticeable":[79],"performance":[80],"degradation":[81],"legitimate":[83],"data,":[84],"e.g.,":[85],"large":[86],"drop":[87,131],"test":[89,104,133],"accuracy.This":[90],"paper":[91],"motivated":[93],"by":[94],"pursuing":[95],"a":[97,116,140,154],"better":[98,141],"trade-off":[99],"between":[100],"accuracy":[105,134],"defenses.":[109],"We":[110,199],"propose":[111,144],"Defense":[112],"Efficiency":[113],"Score":[114],"(DES),":[115],"comprehensive":[117],"metric":[118],"measures":[120],"gain":[122],"unsuccessful":[124],"attempts":[126],"any":[136],"defense.":[137],"To":[138],"achieve":[139],"DES,":[142],"we":[143],"hierarchical":[145],"switching":[147,166],"(HRS),":[148],"which":[149,210],"protects":[150],"through":[153],"novel":[155],"randomization":[156],"scheme.":[157],"A":[158],"HRS-protected":[159],"contains":[161],"several":[162],"blocks":[163],"randomly":[165],"channels":[167],"prevent":[169],"adversaries":[170],"from":[171],"exploiting":[172],"fixed":[173],"structures":[175],"parameters":[177],"their":[179],"malicious":[180],"purposes.":[181],"Extensive":[182],"experiments":[183],"show":[184],"HRS":[186,205,226],"superior":[188],"defending":[190,207],"against":[191,215],"state-of-the-art":[192],"white-box":[193],"adaptive":[195],"attacks.":[198],"also":[200],"demonstrate":[201],"effectiveness":[203],"reprogramming,":[209],"first":[213],"programs.":[217],"Moreover,":[218],"most":[220],"settings":[221],"average":[223],"DES":[224],"least":[229],"5X":[230],"higher":[231],"than":[232],"defenses,":[236],"validating":[237],"its":[238],"significantly":[239],"improved":[240],"robustness-accuracy":[241],"trade-off.":[242]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":12},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":9},{"year":2019,"cited_by_count":2}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}