乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,8,22]],"date-time":"2024-08-22T08:51:30Z","timestamp":1724316690474},"reference-count":48,"publisher":"Springer Science and Business Media LLC","issue":"7","license":[{"start":{"date-parts":[[2022,6,23]],"date-time":"2022-06-23T00:00:00Z","timestamp":1655942400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,6,23]],"date-time":"2022-06-23T00:00:00Z","timestamp":1655942400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Sci. China Inf. Sci."],"published-print":{"date-parts":[[2022,7]]},"DOI":"10.1007\/s11432-021-3457-7","type":"journal-article","created":{"date-parts":[[2022,6,30]],"date-time":"2022-06-30T12:05:57Z","timestamp":1656590757000},"update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Certified defense against patch attacks via mask-guided randomized smoothing"],"prefix":"10.1007","volume":"65","author":[{"given":"Kui","family":"Zhang","sequence":"first","affiliation":[]},{"given":"Hang","family":"Zhou","sequence":"additional","affiliation":[]},{"given":"Huanyu","family":"Bian","sequence":"additional","affiliation":[]},{"given":"Weiming","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Nenghai","family":"Yu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,6,23]]},"reference":[{"key":"3457_CR1","unstructured":"Szegedy C, Zaremba W, Sutskever I, et al. Intriguing properties of neural networks. In: Proceedings of the 2nd International Conference on Learning Representations, 2014"},{"key":"3457_CR2","unstructured":"Goodfellow I J, Shlens J, Szegedy C. Explaining and harnessing adversarial examples. In: Proceedings of the 3rd International Conference on Learning Representations, 2015"},{"key":"3457_CR3","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli S M, Fawzi A, Frossard P. Deepfool: a simple and accurate method to fool deep neural networks. In: Proceedings of IEEE Conference on Computer Vision and Pattern Recognition, 2016. 2574\u20132582","DOI":"10.1109\/CVPR.2016.282"},{"key":"3457_CR4","doi-asserted-by":"crossref","unstructured":"Carlini N, Wagner D. Towards evaluating the robustness of neural Networks. In: Proceedings of IEEE Symposium on Security and Privacy, 2017. 39\u201357","DOI":"10.1109\/SP.2017.49"},{"key":"3457_CR5","doi-asserted-by":"crossref","unstructured":"Chen P Y, Zhang H, Sharma Y, et al. Zoo: zeroth order optimization based black-box attacks to deep neural networks without training substitute models. In: Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, 2017. 15\u201326","DOI":"10.1145\/3128572.3140448"},{"key":"3457_CR6","unstructured":"Madry A, Makelov A, Schmidt L, et al. Towards deep learning models resistant to adversarial attacks. In: Proceedings of the 6th International Conference on Learning Representations, 2018"},{"key":"3457_CR7","unstructured":"Brown T B, Man\u00e9 D, Roy A, et al. Adversarial patch. 2017. ArXiv:1712.09665"},{"key":"3457_CR8","unstructured":"Karmon D, Zoran D, Goldberg Y. LaVAN: localized and visible adversarial noise. In: Proceedings of the 35th International Conference on Machine Learning, 2018. 2507\u20132515"},{"key":"3457_CR9","doi-asserted-by":"crossref","unstructured":"Yang C L, Kortylewski A, Xie C, et al. Patchattack: a black-box texture-based attack with reinforcement learning. In: Proceedings of the 16th European Conference on Computer Vision, 2020. 681\u2013698","DOI":"10.1007\/978-3-030-58574-7_41"},{"key":"3457_CR10","unstructured":"Li Y, Bian X, Lyu S. Attacking object detectors via imperceptible patches on background. 2018. ArXiv:1809.05966"},{"key":"3457_CR11","unstructured":"Lee M, Kolter J Z. On physical adversarial patches for object detection. 2019. ArXiv:1906.11897"},{"key":"3457_CR12","doi-asserted-by":"crossref","unstructured":"Wu Z, Lim S N, Davis L, et al. Making an invisibility cloak: real world adversarial attacks on object detectors. In: Proceedings of the 16th European Conference on Computer Vision, 2020. 1\u201317","DOI":"10.1007\/978-3-030-58548-8_1"},{"key":"3457_CR13","doi-asserted-by":"crossref","unstructured":"Xu K, Zhang G, Liu S, et al. Adversarial T-shirt! Evading person detectors in a physical world. In: Proceedings of the 16th European Conference on Computer Vision, 2020. 665\u2013681","DOI":"10.1007\/978-3-030-58558-7_39"},{"key":"3457_CR14","doi-asserted-by":"crossref","unstructured":"Saha A, Subramanya A, Patil K, et al. Role of spatial context in adversarial robustness for object detection. In: Proceedings of IEEE Conference on Computer Vision and Pattern Recognition Workshops, 2020. 784\u2013785","DOI":"10.1109\/CVPRW50498.2020.00400"},{"key":"3457_CR15","unstructured":"Redmon J, Farhadi A. YOLOv3: an incremental improvement. 2018. ArXiv:1804.02767"},{"key":"3457_CR16","doi-asserted-by":"publisher","first-page":"1137","DOI":"10.1109\/TPAMI.2016.2577031","volume":"39","author":"S Ren","year":"2017","unstructured":"Ren S, He K, Girshick R, et al. Faster R-CNN: towards real-time object detection with region proposal networks. IEEE Trans Pattern Anal Mach Intell, 2017, 39: 1137\u20131149","journal-title":"IEEE Trans Pattern Anal Mach Intell"},{"key":"3457_CR17","doi-asserted-by":"crossref","unstructured":"Pautov M, Melnikov G, Kaziakhmedov E, et al. On adversarial patches: real-world attack on ArcFace-100 face recognition system. In: Proceedings of International Multi-Conference on Engineering, Computer and Information Sciences, 2019. 391\u2013396","DOI":"10.1109\/SIBIRCON48586.2019.8958134"},{"key":"3457_CR18","doi-asserted-by":"crossref","unstructured":"Komkov S A, Petiushko A. Advhat: real-world adversarial attack on arcface face id system. In: Proceedings of the 25th International Conference on Pattern Recognition, 2021. 819\u2013826","DOI":"10.1109\/ICPR48806.2021.9412236"},{"key":"3457_CR19","doi-asserted-by":"crossref","unstructured":"Yang X, Wei F, Zhang H, et al. Design and interpretation of universal adversarial patches in face detection. In: Proceedings of the 16th European Conference on Computer Vision, 2020. 174\u2013191","DOI":"10.1007\/978-3-030-58520-4_11"},{"key":"3457_CR20","doi-asserted-by":"crossref","unstructured":"Hayes J. On visible adversarial perturbations & digital watermarking. In: Proceedings of IEEE Conference on Computer Vision and Pattern Recognition Workshops, 2018. 1597\u20131604","DOI":"10.1109\/CVPRW.2018.00210"},{"key":"3457_CR21","doi-asserted-by":"crossref","unstructured":"Naseer M, Khan S, Porikli F. Local gradients smoothing: defense against localized adversarial attacks. In: Proceedings of IEEE Winter Conference on Applications of Computer Vision, 2019. 1300\u20131307","DOI":"10.1109\/WACV.2019.00143"},{"key":"3457_CR22","unstructured":"Wu T, Tong L, Vorobeychik Y. Defending against physically realizable attacks on image classification. In: Proceedings of the 8th International Conference on Learning Representations, 2020"},{"key":"3457_CR23","doi-asserted-by":"crossref","unstructured":"Rao S, Stutz D, Schiele B. Adversarial training against location-optimized adversarial patches. In: Proceedings of European Conference on Computer Vision Workshops, 2020. 429\u2013448","DOI":"10.1007\/978-3-030-68238-5_32"},{"key":"3457_CR24","unstructured":"Athalye A, Carlini N, Wagner D A. Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples. In: Proceedings of the 35th International Conference on Machine Learning, 2018. 274\u2013283"},{"key":"3457_CR25","unstructured":"Carlini N, Athalye A, Papernot N, et al. On evaluating adversarial robustness. 2019. ArXiv:1902.06705"},{"key":"3457_CR26","unstructured":"Chiang P Y, Ni R, Abdelkader A, et al. Certified defenses for adversarial patches. In: Proceedings of the 8th International Conference on Learning Representations, 2020"},{"key":"3457_CR27","unstructured":"Levine A, Feizi S. (De) randomized smoothing for certifiable defense against patch attacks. In: Proceedings of Advances in Neural Information Processing Systems, 2020"},{"key":"3457_CR28","doi-asserted-by":"crossref","unstructured":"Zhang Z, Yuan B, McCoyd M, et al. Clipped bagNet: defending against sticker attacks with clipped bag-of-features. In: Proceedings of IEEE Security and Privacy Workshops, 2020. 55\u201361","DOI":"10.1109\/SPW50608.2020.00026"},{"key":"3457_CR29","unstructured":"Xiang C, Bhagoji A N, Sehwag V, et al. Patchguard: a provably robust defense against adversarial patches via small receptive fields and masking. In: Proceedings of the 30th USENIX Security Symposium, 2021"},{"key":"3457_CR30","unstructured":"Metzen J H, Yatsura M. Efficient certified defenses against patch attacks on image classifiers. In: Proceedings of the 9th International Conference on Learning Representations, 2021"},{"key":"3457_CR31","doi-asserted-by":"crossref","unstructured":"Subramanya A, Pillai V, Pirsiavash H. Fooling network interpretation in image classification. In: Proceedings of IEEE International Conference on Computer Vision, 2019. 2020\u20132029","DOI":"10.1109\/ICCV.2019.00211"},{"key":"3457_CR32","unstructured":"Gittings T, Schneider S, Collomosse J. Robust synthesis of adversarial visual examples using a deep image prior. In: Proceedings of the 30th British Machine Vision Conference, 2019"},{"key":"3457_CR33","unstructured":"Ulyanov D, Vedaldi A S, Lempitsky V. Deep image prior. In: Proceedings of IEEE Conference on Computer Vision and Pattern Recognition, 2018. 9446\u20139454"},{"key":"3457_CR34","doi-asserted-by":"crossref","unstructured":"Fendley N, Lennon M, Wang I, et al. Jacks of all trades, masters of none: addressing distributional shift and obtrusiveness via transparent patch attacks. In: Proceedings of European Conference on Computer Vision Workshops, 2020. 105\u2013119","DOI":"10.1007\/978-3-030-66415-2_7"},{"key":"3457_CR35","unstructured":"Brunner T, Diehl F, Knoll A. Copy and paste: a simple but effective initialization method for black-box adversarial attacks. In: Proceedings of IEEE Conference on Computer Vision and Pattern Recognition Workshops, 2019"},{"key":"3457_CR36","doi-asserted-by":"crossref","unstructured":"Liu A, Liu X, Fan J, et al. Perceptual-sensitive GAN for generating adversarial patches. In: Proceedings of the 33rd AAAI Conference on Artificial Intelligence, 2019. 1028\u20131035","DOI":"10.1609\/aaai.v33i01.33011028"},{"key":"3457_CR37","doi-asserted-by":"crossref","unstructured":"Luo J, Bai T, Zhao J, et al. Generating adversarial yet inconspicuous patches with a single image. In: Proceedings of the 35th AAAI Conference on Artificial Intelligence, 2021. 15837\u201315838","DOI":"10.1609\/aaai.v35i18.17915"},{"key":"3457_CR38","doi-asserted-by":"crossref","unstructured":"Gowal S, Stanforth R. Scalable verified training for provably robust image classification. In: Proceedings of IEEE International Conference on Computer Vision, 2019. 4841\u20134850","DOI":"10.1109\/ICCV.2019.00494"},{"key":"3457_CR39","unstructured":"Cohen J, Rosenfeld E, Kolter Z. Certified adversarial robustness via randomized smoothing. In: Proceedings of the 36th International Conference on Machine Learning, 2019. 1310\u20131320"},{"key":"3457_CR40","doi-asserted-by":"crossref","unstructured":"Levine A, Feizi S. Robustness certificates for sparse adversarial attacks by randomized ablation. In: Proceedings of the 34th AAAI Conference on Artificial Intelligence, 2020. 4585\u20134593","DOI":"10.1609\/aaai.v34i04.5888"},{"key":"3457_CR41","doi-asserted-by":"crossref","unstructured":"McCoyd M, Park W, Chen S, et al. Minority reports defense: defending against adversarial patches. In: Proceedings of Applied Cryptography and Network Security Workshops, 2020. 564\u2013582","DOI":"10.1007\/978-3-030-61638-0_31"},{"key":"3457_CR42","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1098\/rsta.1933.0009","volume":"231","author":"J Neyman","year":"1933","unstructured":"Neyman J, Pearson E S. On the problem of the most efficient tests of statistical hypotheses. Phil Trans R Soc Lond A, 1933, 231: 289\u2013337","journal-title":"Phil Trans R Soc Lond A"},{"key":"3457_CR43","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1080\/10867651.2004.10487596","volume":"9","author":"A Telea","year":"2004","unstructured":"Telea A. An image inpainting technique based on the fast marching method. J Graphics Tools, 2004, 9: 23\u201334","journal-title":"J Graphics Tools"},{"key":"3457_CR44","doi-asserted-by":"publisher","first-page":"828","DOI":"10.1109\/TEVC.2019.2890858","volume":"23","author":"J Su","year":"2019","unstructured":"Su J, Vargas D V, Sakurai K. One pixel attack for fooling deep neural networks. IEEE Trans Evol Comput, 2019, 23: 828\u2013841","journal-title":"IEEE Trans Evol Comput"},{"key":"3457_CR45","doi-asserted-by":"crossref","unstructured":"Black S, Keshavarz S, Souvenir R. Evaluation of image inpainting for classification and retrieval. In: Proceedings of IEEE Winter Conference on Applications of Computer Vision, 2020. 1060\u20131069","DOI":"10.1109\/WACV45572.2020.9093362"},{"key":"3457_CR46","unstructured":"Krizhevsky A, Hinton G. Learning multiple layers of features from tiny images. 2009"},{"key":"3457_CR47","doi-asserted-by":"crossref","unstructured":"Deng J, Dong W, Socher R, et al. ImageNet: a large-scale hierarchical image database. In: Proceedings of IEEE conference on Computer Vision and Pattern Recognition, 2009. 248\u2013255","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"3457_CR48","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/s11263-019-01228-7","volume":"128","author":"R R Selvaraju","year":"2020","unstructured":"Selvaraju R R, Cogswell M, Das A, et al. Grad-CAM: visual explanations from deep networks via gradient-based localization. Int J Comput Vis, 2020, 128: 336\u2013359","journal-title":"Int J Comput Vis"}],"container-title":["Science China Information Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11432-021-3457-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11432-021-3457-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11432-021-3457-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,8,4]],"date-time":"2023-08-04T21:04:36Z","timestamp":1691183076000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11432-021-3457-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,6,23]]},"references-count":48,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2022,7]]}},"alternative-id":["3457"],"URL":"https:\/\/doi.org\/10.1007\/s11432-021-3457-7","relation":{},"ISSN":["1674-733X","1869-1919"],"issn-type":[{"value":"1674-733X","type":"print"},{"value":"1869-1919","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,6,23]]},"assertion":[{"value":"31 August 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 January 2022","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 March 2022","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 June 2022","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"170306"}}