{"id":"https://openalex.org/W4403322843","doi":"https://doi.org/10.48550/arxiv.2410.04682","title":"On the Adversarial Risk of Test Time Adaptation: An Investigation into Realistic Test-Time Data Poisoning","display_name":"On the Adversarial Risk of Test Time Adaptation: An Investigation into Realistic Test-Time Data Poisoning","publication_year":2024,"publication_date":"2024-10-07","ids":{"openalex":"https://openalex.org/W4403322843","doi":"https://doi.org/10.48550/arxiv.2410.04682"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2410.04682","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2410.04682","pdf_url":"https://arxiv.org/pdf/2410.04682","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2410.04682","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5007736768","display_name":"Yongyi Su","orcid":"https://orcid.org/0009-0001-6911-8256"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Su, Yongyi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043691548","display_name":"Yushu Li","orcid":"https://orcid.org/0000-0002-3893-105X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Yushu","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072832353","display_name":"Nanqing Liu","orcid":"https://orcid.org/0000-0001-7564-4896"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Nanqing","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065964089","display_name":"Kui Jia","orcid":"https://orcid.org/0000-0003-2661-5700"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jia, Kui","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5104272403","display_name":"Xulei Yang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yang, Xulei","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001103949","display_name":"Chuan-Sheng Foo","orcid":"https://orcid.org/0000-0002-4748-5792"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Foo, Chuan-Sheng","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5100451924","display_name":"Xun Xu","orcid":"https://orcid.org/0000-0002-4246-4343"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xu, Xun","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5007736768"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9718999862670898,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9718999862670898,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/test","display_name":"Test (biology)","score":0.7109474539756775},{"id":"https://openalex.org/keywords/adaptation","display_name":"Adaptation (eye)","score":0.629006028175354},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.5886476039886475},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5070614814758301},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.3047177195549011},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.23190629482269287}],"concepts":[{"id":"https://openalex.org/C2777267654","wikidata":"https://www.wikidata.org/wiki/Q3519023","display_name":"Test (biology)","level":2,"score":0.7109474539756775},{"id":"https://openalex.org/C139807058","wikidata":"https://www.wikidata.org/wiki/Q352374","display_name":"Adaptation (eye)","level":2,"score":0.629006028175354},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.5886476039886475},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5070614814758301},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.3047177195549011},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.23190629482269287},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C169760540","wikidata":"https://www.wikidata.org/wiki/Q207011","display_name":"Neuroscience","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2410.04682","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2410.04682","pdf_url":"https://arxiv.org/pdf/2410.04682","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2410.04682","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2410.04682","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2410.04682","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2410.04682","pdf_url":"https://arxiv.org/pdf/2410.04682","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4403322843.pdf"},"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2502115930","https://openalex.org/W2482350142","https://openalex.org/W4246396837","https://openalex.org/W3126451824","https://openalex.org/W1561927205","https://openalex.org/W3191453585","https://openalex.org/W4297672492","https://openalex.org/W4310988119"],"abstract_inverted_index":{"Test-time":[0],"adaptation":[1],"(TTA)":[2],"updates":[3],"the":[4,8,45,53,61,136],"model":[5],"weights":[6],"during":[7],"inference":[9],"stage":[10],"using":[11],"testing":[12],"data":[13,63,80],"to":[14,22,88,111,152],"enhance":[15],"generalization.":[16],"However,":[17],"this":[18,71],"practice":[19],"exposes":[20],"TTA":[21,31,137,157],"adversarial":[23,36,55],"risks.":[24],"Existing":[25],"studies":[26],"have":[27],"shown":[28],"that":[29,104,135],"when":[30],"is":[32,64,162],"updated":[33],"with":[34],"crafted":[35],"test":[37],"samples,":[38,113],"also":[39,122],"known":[40],"as":[41],"test-time":[42,79],"poisoned":[43,62,107],"data,":[44,90],"performance":[46],"on":[47],"benign":[48,89,112],"samples":[49,108],"can":[50],"deteriorate.":[51],"Nonetheless,":[52],"perceived":[54],"risk":[56],"may":[57],"be":[58],"overstated":[59],"if":[60],"generated":[65],"under":[66],"overly":[67],"strong":[68],"assumptions.":[69],"In":[70,145],"work,":[72],"we":[73,147],"first":[74],"review":[75],"realistic":[76,101],"assumptions":[77],"for":[78],"poisoning,":[81],"including":[82],"white-box":[83],"versus":[84],"grey-box":[85],"attacks,":[86],"access":[87,110],"attack":[91,102,119,126,132],"order,":[92],"and":[93,100,114],"more.":[94],"We":[95,121],"then":[96],"propose":[97],"an":[98,116],"effective":[99,117,149],"method":[103],"better":[105],"produces":[106],"without":[109],"derive":[115],"in-distribution":[118],"objective.":[120],"design":[123],"two":[124],"TTA-aware":[125],"objectives.":[127],"Our":[128],"benchmarks":[129],"of":[130],"existing":[131],"methods":[133,138],"reveal":[134],"are":[139],"more":[140],"robust":[141,156],"than":[142],"previously":[143],"believed.":[144],"addition,":[146],"analyze":[148],"defense":[150],"strategies":[151],"help":[153],"develop":[154],"adversarially":[155],"methods.":[158],"The":[159],"source":[160],"code":[161],"available":[163],"at":[164],"https://github.com/Gorilla-Lab-SCUT/RTTDP.":[165]},"counts_by_year":[],"updated_date":"2026-03-11T14:59:36.786465","created_date":"2025-10-10T00:00:00"}