{"id":"https://openalex.org/W4281687663","doi":"https://doi.org/10.3233/jcs-210133","title":"Certifying machine learning models against evasion attacks by program analysis","display_name":"Certifying machine learning models against evasion attacks by program analysis","publication_year":2022,"publication_date":"2022-06-01","ids":{"openalex":"https://openalex.org/W4281687663","doi":"https://doi.org/10.3233/jcs-210133"},"language":"en","primary_location":{"id":"doi:10.3233/jcs-210133","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-210133","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5084675121","display_name":"Stefano Calzavara","orcid":"https://orcid.org/0000-0001-9179-8270"},"institutions":[{"id":"https://openalex.org/I149461666","display_name":"Ca' Foscari University of Venice","ror":"https://ror.org/04yzxz566","country_code":"IT","type":"education","lineage":["https://openalex.org/I149461666"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Stefano Calzavara","raw_affiliation_strings":["Universit\u00e0 Ca\u2019 Foscari Venezia, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 Ca\u2019 Foscari Venezia, Italy","institution_ids":["https://openalex.org/I149461666"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070919681","display_name":"Pietro Ferrara","orcid":"https://orcid.org/0000-0002-4678-933X"},"institutions":[{"id":"https://openalex.org/I149461666","display_name":"Ca' Foscari University of Venice","ror":"https://ror.org/04yzxz566","country_code":"IT","type":"education","lineage":["https://openalex.org/I149461666"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Pietro Ferrara","raw_affiliation_strings":["Universit\u00e0 Ca\u2019 Foscari Venezia, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 Ca\u2019 Foscari Venezia, Italy","institution_ids":["https://openalex.org/I149461666"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5030358452","display_name":"Claudio Lucchese","orcid":"https://orcid.org/0000-0002-2545-0425"},"institutions":[{"id":"https://openalex.org/I149461666","display_name":"Ca' Foscari University of Venice","ror":"https://ror.org/04yzxz566","country_code":"IT","type":"education","lineage":["https://openalex.org/I149461666"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Claudio Lucchese","raw_affiliation_strings":["Universit\u00e0 Ca\u2019 Foscari Venezia, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 Ca\u2019 Foscari Venezia, Italy","institution_ids":["https://openalex.org/I149461666"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5084675121"],"corresponding_institution_ids":["https://openalex.org/I149461666"],"apc_list":null,"apc_paid":null,"fwci":0.5305,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.7000089,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":96},"biblio":{"volume":"31","issue":"1","first_page":"57","last_page":"84"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9782999753952026,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.8863651156425476},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8477827310562134},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.6586107015609741},{"id":"https://openalex.org/keywords/range","display_name":"Range (aeronautics)","score":0.6233282685279846},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5595650672912598},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5116827487945557},{"id":"https://openalex.org/keywords/transformation","display_name":"Transformation (genetics)","score":0.47669264674186707}],"concepts":[{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.8863651156425476},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8477827310562134},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.6586107015609741},{"id":"https://openalex.org/C204323151","wikidata":"https://www.wikidata.org/wiki/Q905424","display_name":"Range (aeronautics)","level":2,"score":0.6233282685279846},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5595650672912598},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5116827487945557},{"id":"https://openalex.org/C204241405","wikidata":"https://www.wikidata.org/wiki/Q461499","display_name":"Transformation (genetics)","level":3,"score":0.47669264674186707},{"id":"https://openalex.org/C192562407","wikidata":"https://www.wikidata.org/wiki/Q228736","display_name":"Materials science","level":0,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C159985019","wikidata":"https://www.wikidata.org/wiki/Q181790","display_name":"Composite material","level":1,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3233/jcs-210133","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-210133","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},{"id":"pmh:oai:iris.unive.it:10278/5020963","is_oa":false,"landing_page_url":"https://hdl.handle.net/10278/5020963","pdf_url":null,"source":{"id":"https://openalex.org/S4306402336","display_name":"ARCA (Universit\u00e0 Ca' Foscari Venezia)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I149461666","host_organization_name":"Ca' Foscari University of Venice","host_organization_lineage":["https://openalex.org/I149461666"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.8299999833106995,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":32,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W1515906028","https://openalex.org/W1518247129","https://openalex.org/W1678356000","https://openalex.org/W2014764321","https://openalex.org/W2043100293","https://openalex.org/W2044870852","https://openalex.org/W2132661148","https://openalex.org/W2296452361","https://openalex.org/W2535873859","https://openalex.org/W2543296129","https://openalex.org/W2594877703","https://openalex.org/W2765424254","https://openalex.org/W2784876765","https://openalex.org/W2794609696","https://openalex.org/W2809895662","https://openalex.org/W2911964244","https://openalex.org/W2951207901","https://openalex.org/W2963739340","https://openalex.org/W2963793947","https://openalex.org/W2971223760","https://openalex.org/W2987678574","https://openalex.org/W2997425368","https://openalex.org/W3023761398","https://openalex.org/W3036568938","https://openalex.org/W3091382611","https://openalex.org/W3103557498","https://openalex.org/W3103836116","https://openalex.org/W3125213333","https://openalex.org/W3158747708","https://openalex.org/W4247200422","https://openalex.org/W4288072399"],"related_works":["https://openalex.org/W1557094818","https://openalex.org/W2183246718","https://openalex.org/W2099261052","https://openalex.org/W2373230814","https://openalex.org/W3209204065","https://openalex.org/W2105707930","https://openalex.org/W1755711892","https://openalex.org/W2160907113","https://openalex.org/W2164205946","https://openalex.org/W2070813941"],"abstract_inverted_index":{"Machine":[0],"learning":[1,43],"has":[2],"proved":[3,14],"invaluable":[4],"for":[5,144],"a":[6,34,71,105,130,145],"range":[7,106],"of":[8,23,41,73,107,133],"different":[9,108],"tasks,":[10],"yet":[11],"it":[12],"also":[13],"vulnerable":[15],"to":[16,26,37,50,101,104,139],"evasion":[17,46],"attacks,":[18],"i.e.,":[19],"maliciously":[20],"crafted":[21],"perturbations":[22],"inputs":[24],"designed":[25],"force":[27],"mispredictions.":[28],"In":[29],"this":[30],"article":[31],"we":[32],"propose":[33],"novel":[35],"technique":[36,127],"certify":[38],"the":[39,56,74,88],"security":[40],"machine":[42],"models":[44],"against":[45],"attacks":[47],"with":[48],"respect":[49],"an":[51,62,79],"expressive":[52],"threat":[53],"model,":[54],"where":[55],"attacker":[57],"can":[58],"be":[59,102],"represented":[60],"by":[61],"arbitrary":[63],"imperative":[64,81],"program.":[65],"Our":[66,118],"approach":[67],"is":[68,84,95],"based":[69],"on":[70,120],"transformation":[72],"model":[75],"under":[76],"attack":[77],"into":[78],"equivalent":[80],"program,":[82],"which":[83,141],"then":[85],"analyzed":[86],"using":[87],"traditional":[89],"abstract":[90],"interpretation":[91],"framework.":[92],"This":[93],"solution":[94],"sound,":[96],"efficient":[97],"and":[98,115,136],"general":[99],"enough":[100],"applied":[103],"models,":[109],"including":[110],"decision":[111],"trees,":[112],"logistic":[113],"regression":[114],"neural":[116],"networks.":[117],"experiments":[119],"publicly":[121],"available":[122],"datasets":[123],"show":[124],"that":[125],"our":[126],"yields":[128],"only":[129],"minimal":[131],"number":[132],"false":[134],"positives":[135],"scales":[137],"up":[138],"cases":[140],"are":[142],"intractable":[143],"competitor":[146],"approach.":[147]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}