Stop Diverse OOD Attacks: Knowledge Ensemble for Reliable Defense Article Swipe

PDF

Zhenbo Shi , Xiaoman Liu , Yuxuan Zhang , Shuchang Wang , Rui Shu , Zhidong Yu , Wei Yang , Liusheng Huang ·

YOU? · · 2025 · Open Access · · DOI: https://doi.org/10.1609/aaai.v39i19.34251

Enhancing defense through model ensemble is an emerging trend, where the challenge lies in how to use ensemble knowledge to counter Out-of-Distribution (OOD) attacks. In this paper, we propose the Reliable Defense Ensemble (REE) to address this issue. REE optimizes the ensemble knowledge of models through aggregation and enhances multidimensional robust performance through collaboration. It employs the Dynamic Synergy Amplification for weight allocation and strategy adjustment. Furthermore, we design a new Kernel Anomaly Smoothing Detection Module, which detects anomalous attacks using a smoothing feature function based on Gaussian kernel mean embedding and a multi-layer feedback structure. Particularly, we build a framework that uses reinforcement learning to iteratively fine-tune the parameters of inter-model communication and consensus. Extensive experimental results show that REE outperforms current state-of-the-art methods by a large margin in defending against OOD attacks.

Related Topics

Computer Science

Computer Security

Concepts

Computer science Computer security

Metadata

Type: article
Language: en
Landing Page: https://doi.org/10.1609/aaai.v39i19.34251
PDF: https://ojs.aaai.org/index.php/AAAI/article/download/34251/36406
OA Status: diamond
Related Works: 10
OpenAlex ID: https://openalex.org/W4409363487

All OpenAlex metadata

Raw OpenAlex JSON

OpenAlex ID: https://openalex.org/W4409363487

Canonical identifier for this work in OpenAlex
DOI: https://doi.org/10.1609/aaai.v39i19.34251

Digital Object Identifier
Title: Stop Diverse OOD Attacks: Knowledge Ensemble for Reliable Defense

Work title
Type: article

OpenAlex work type
Language: en

Primary language
Publication year: 2025

Year of publication
Publication date: 2025-04-11

Full publication date if available
Authors: Zhenbo Shi, Xiaoman Liu, Yuxuan Zhang, Shuchang Wang, Rui Shu, Zhidong Yu, Wei Yang, Liusheng Huang

List of authors in order
Landing page: https://doi.org/10.1609/aaai.v39i19.34251

Publisher landing page
PDF URL: https://ojs.aaai.org/index.php/AAAI/article/download/34251/36406

Direct link to full text PDF
Open access: Yes

Whether a free full text is available
OA status: diamond

Open access status per OpenAlex
OA URL: https://ojs.aaai.org/index.php/AAAI/article/download/34251/36406

Direct OA link when available
Concepts: Computer science, Computer security

Top concepts (fields/topics) attached by OpenAlex
Cited by: 0

Total citation count in OpenAlex
Related works (count): 10

Other works algorithmically related by OpenAlex

Full payload

id	https://openalex.org/W4409363487
doi	https://doi.org/10.1609/aaai.v39i19.34251
ids.doi	https://doi.org/10.1609/aaai.v39i19.34251
ids.openalex	https://openalex.org/W4409363487
fwci	0.0
type	article
title	Stop Diverse OOD Attacks: Knowledge Ensemble for Reliable Defense
biblio.issue	19
biblio.volume	39
biblio.last_page	20444
biblio.first_page	20436
topics[0].id	https://openalex.org/T10400
topics[0].field.id	https://openalex.org/fields/17
topics[0].field.display_name	Computer Science
topics[0].score	0.9926000237464905
topics[0].domain.id	https://openalex.org/domains/3
topics[0].domain.display_name	Physical Sciences
topics[0].subfield.id	https://openalex.org/subfields/1705
topics[0].subfield.display_name	Computer Networks and Communications
topics[0].display_name	Network Security and Intrusion Detection
topics[1].id	https://openalex.org/T11241
topics[1].field.id	https://openalex.org/fields/17
topics[1].field.display_name	Computer Science
topics[1].score	0.9764999747276306
topics[1].domain.id	https://openalex.org/domains/3
topics[1].domain.display_name	Physical Sciences
topics[1].subfield.id	https://openalex.org/subfields/1711
topics[1].subfield.display_name	Signal Processing
topics[1].display_name	Advanced Malware Detection Techniques
topics[2].id	https://openalex.org/T10734
topics[2].field.id	https://openalex.org/fields/17
topics[2].field.display_name	Computer Science
topics[2].score	0.9646000266075134
topics[2].domain.id	https://openalex.org/domains/3
topics[2].domain.display_name	Physical Sciences
topics[2].subfield.id	https://openalex.org/subfields/1710
topics[2].subfield.display_name	Information Systems
topics[2].display_name	Information and Cyber Security
is_xpac	False
apc_list
apc_paid
concepts[0].id	https://openalex.org/C41008148
concepts[0].level	0
concepts[0].score	0.4547015130519867
concepts[0].wikidata	https://www.wikidata.org/wiki/Q21198
concepts[0].display_name	Computer science
concepts[1].id	https://openalex.org/C38652104
concepts[1].level	1
concepts[1].score	0.3382062613964081
concepts[1].wikidata	https://www.wikidata.org/wiki/Q3510521
concepts[1].display_name	Computer security
keywords[0].id	https://openalex.org/keywords/computer-science
keywords[0].score	0.4547015130519867
keywords[0].display_name	Computer science
keywords[1].id	https://openalex.org/keywords/computer-security
keywords[1].score	0.3382062613964081
keywords[1].display_name	Computer security
language	en
locations[0].id	doi:10.1609/aaai.v39i19.34251
locations[0].is_oa	True
locations[0].source.id	https://openalex.org/S4210191458
locations[0].source.issn	2159-5399, 2374-3468
locations[0].source.type	conference
locations[0].source.is_oa	True
locations[0].source.issn_l	2159-5399
locations[0].source.is_core	False
locations[0].source.is_in_doaj	False
locations[0].source.display_name	Proceedings of the AAAI Conference on Artificial Intelligence
locations[0].source.host_organization	https://openalex.org/P4310320058
locations[0].source.host_organization_name	Association for the Advancement of Artificial Intelligence
locations[0].source.host_organization_lineage	https://openalex.org/P4310320058
locations[0].license
locations[0].pdf_url	https://ojs.aaai.org/index.php/AAAI/article/download/34251/36406
locations[0].version	publishedVersion
locations[0].raw_type	journal-article
locations[0].license_id
locations[0].is_accepted	True
locations[0].is_published	True
locations[0].raw_source_name	Proceedings of the AAAI Conference on Artificial Intelligence
locations[0].landing_page_url	https://doi.org/10.1609/aaai.v39i19.34251
indexed_in	crossref
authorships[0].author.id	https://openalex.org/A5078030239
authorships[0].author.orcid
authorships[0].author.display_name	Zhenbo Shi
authorships[0].author_position	first
authorships[0].raw_author_name	Zhenbo Shi
authorships[0].is_corresponding	False
authorships[1].author.id	https://openalex.org/A5077840287
authorships[1].author.orcid
authorships[1].author.display_name	Xiaoman Liu
authorships[1].author_position	middle
authorships[1].raw_author_name	Xiaoman Liu
authorships[1].is_corresponding	False
authorships[2].author.id	https://openalex.org/A5100319905
authorships[2].author.orcid	https://orcid.org/0000-0002-3760-1083
authorships[2].author.display_name	Yuxuan Zhang
authorships[2].author_position	middle
authorships[2].raw_author_name	Yuxuan Zhang
authorships[2].is_corresponding	False
authorships[3].author.id	https://openalex.org/A5087258671
authorships[3].author.orcid	https://orcid.org/0000-0001-8191-1188
authorships[3].author.display_name	Shuchang Wang
authorships[3].author_position	middle
authorships[3].raw_author_name	Shuchang Wang
authorships[3].is_corresponding	False
authorships[4].author.id	https://openalex.org/A5100746782
authorships[4].author.orcid	https://orcid.org/0000-0001-8937-7274
authorships[4].author.display_name	Rui Shu
authorships[4].author_position	middle
authorships[4].raw_author_name	Rui Shu
authorships[4].is_corresponding	False
authorships[5].author.id	https://openalex.org/A5113536741
authorships[5].author.orcid	https://orcid.org/0000-0001-7168-6423
authorships[5].author.display_name	Zhidong Yu
authorships[5].author_position	middle
authorships[5].raw_author_name	Zhidong Yu
authorships[5].is_corresponding	False
authorships[6].author.id	https://openalex.org/A5100613524
authorships[6].author.orcid	https://orcid.org/0000-0002-5338-7347
authorships[6].author.display_name	Wei Yang
authorships[6].author_position	middle
authorships[6].raw_author_name	Wei Yang
authorships[6].is_corresponding	False
authorships[7].author.id	https://openalex.org/A5019604942
authorships[7].author.orcid	https://orcid.org/0000-0001-8417-3256
authorships[7].author.display_name	Liusheng Huang
authorships[7].author_position	last
authorships[7].raw_author_name	Liusheng Huang
authorships[7].is_corresponding	False
has_content.pdf	True
has_content.grobid_xml	True
is_paratext	False
open_access.is_oa	True
open_access.oa_url	https://ojs.aaai.org/index.php/AAAI/article/download/34251/36406
open_access.oa_status	diamond
open_access.any_repository_has_fulltext	False
created_date	2025-10-10T00:00:00
display_name	Stop Diverse OOD Attacks: Knowledge Ensemble for Reliable Defense
has_fulltext	False
is_retracted	False
updated_date	2025-11-06T03:46:38.306776
primary_topic.id	https://openalex.org/T10400
primary_topic.field.id	https://openalex.org/fields/17
primary_topic.field.display_name	Computer Science
primary_topic.score	0.9926000237464905
primary_topic.domain.id	https://openalex.org/domains/3
primary_topic.domain.display_name	Physical Sciences
primary_topic.subfield.id	https://openalex.org/subfields/1705
primary_topic.subfield.display_name	Computer Networks and Communications
primary_topic.display_name	Network Security and Intrusion Detection
related_works	https://openalex.org/W4391375266, https://openalex.org/W2899084033, https://openalex.org/W2748952813, https://openalex.org/W2390279801, https://openalex.org/W4391913857, https://openalex.org/W2358668433, https://openalex.org/W4396701345, https://openalex.org/W2376932109, https://openalex.org/W2001405890, https://openalex.org/W4396696052
cited_by_count	0
locations_count	1
best_oa_location.id	doi:10.1609/aaai.v39i19.34251
best_oa_location.is_oa	True
best_oa_location.source.id	https://openalex.org/S4210191458
best_oa_location.source.issn	2159-5399, 2374-3468
best_oa_location.source.type	conference
best_oa_location.source.is_oa	True
best_oa_location.source.issn_l	2159-5399
best_oa_location.source.is_core	False
best_oa_location.source.is_in_doaj	False
best_oa_location.source.display_name	Proceedings of the AAAI Conference on Artificial Intelligence
best_oa_location.source.host_organization	https://openalex.org/P4310320058
best_oa_location.source.host_organization_name	Association for the Advancement of Artificial Intelligence
best_oa_location.source.host_organization_lineage	https://openalex.org/P4310320058
best_oa_location.license
best_oa_location.pdf_url	https://ojs.aaai.org/index.php/AAAI/article/download/34251/36406
best_oa_location.version	publishedVersion
best_oa_location.raw_type	journal-article
best_oa_location.license_id
best_oa_location.is_accepted	True
best_oa_location.is_published	True
best_oa_location.raw_source_name	Proceedings of the AAAI Conference on Artificial Intelligence
best_oa_location.landing_page_url	https://doi.org/10.1609/aaai.v39i19.34251
primary_location.id	doi:10.1609/aaai.v39i19.34251
primary_location.is_oa	True
primary_location.source.id	https://openalex.org/S4210191458
primary_location.source.issn	2159-5399, 2374-3468
primary_location.source.type	conference
primary_location.source.is_oa	True
primary_location.source.issn_l	2159-5399
primary_location.source.is_core	False
primary_location.source.is_in_doaj	False
primary_location.source.display_name	Proceedings of the AAAI Conference on Artificial Intelligence
primary_location.source.host_organization	https://openalex.org/P4310320058
primary_location.source.host_organization_name	Association for the Advancement of Artificial Intelligence
primary_location.source.host_organization_lineage	https://openalex.org/P4310320058
primary_location.license
primary_location.pdf_url	https://ojs.aaai.org/index.php/AAAI/article/download/34251/36406
primary_location.version	publishedVersion
primary_location.raw_type	journal-article
primary_location.license_id
primary_location.is_accepted	True
primary_location.is_published	True
primary_location.raw_source_name	Proceedings of the AAAI Conference on Artificial Intelligence
primary_location.landing_page_url	https://doi.org/10.1609/aaai.v39i19.34251
publication_date	2025-04-11
publication_year	2025
referenced_works_count	0
abstract_inverted_index.a	69, 81, 92, 99, 126
abstract_inverted_index.In	24
abstract_inverted_index.It	54
abstract_inverted_index.an	6
abstract_inverted_index.by	125
abstract_inverted_index.in	13, 129
abstract_inverted_index.is	5
abstract_inverted_index.of	43, 110
abstract_inverted_index.on	86
abstract_inverted_index.to	15, 19, 34, 105
abstract_inverted_index.we	27, 67, 97
abstract_inverted_index.OOD	132
abstract_inverted_index.REE	38, 120
abstract_inverted_index.and	47, 63, 91, 113
abstract_inverted_index.for	60
abstract_inverted_index.how	14
abstract_inverted_index.new	70
abstract_inverted_index.the	10, 29, 40, 56, 108
abstract_inverted_index.use	16
abstract_inverted_index.lies	12
abstract_inverted_index.mean	89
abstract_inverted_index.show	118
abstract_inverted_index.that	101, 119
abstract_inverted_index.this	25, 36
abstract_inverted_index.uses	102
abstract_inverted_index.(OOD)	22
abstract_inverted_index.(REE)	33
abstract_inverted_index.based	85
abstract_inverted_index.build	98
abstract_inverted_index.large	127
abstract_inverted_index.model	3
abstract_inverted_index.using	80
abstract_inverted_index.where	9
abstract_inverted_index.which	76
abstract_inverted_index.Kernel	71
abstract_inverted_index.design	68
abstract_inverted_index.issue.	37
abstract_inverted_index.kernel	88
abstract_inverted_index.margin	128
abstract_inverted_index.models	44
abstract_inverted_index.paper,	26
abstract_inverted_index.robust	50
abstract_inverted_index.trend,	8
abstract_inverted_index.weight	61
abstract_inverted_index.Anomaly	72
abstract_inverted_index.Defense	31
abstract_inverted_index.Dynamic	57
abstract_inverted_index.Module,	75
abstract_inverted_index.Synergy	58
abstract_inverted_index.address	35
abstract_inverted_index.against	131
abstract_inverted_index.attacks	79
abstract_inverted_index.counter	20
abstract_inverted_index.current	122
abstract_inverted_index.defense	1
abstract_inverted_index.detects	77
abstract_inverted_index.employs	55
abstract_inverted_index.feature	83
abstract_inverted_index.methods	124
abstract_inverted_index.propose	28
abstract_inverted_index.results	117
abstract_inverted_index.through	2, 45, 52
abstract_inverted_index.Ensemble	32
abstract_inverted_index.Gaussian	87
abstract_inverted_index.Reliable	30
abstract_inverted_index.attacks.	23, 133
abstract_inverted_index.emerging	7
abstract_inverted_index.enhances	48
abstract_inverted_index.ensemble	4, 17, 41
abstract_inverted_index.feedback	94
abstract_inverted_index.function	84
abstract_inverted_index.learning	104
abstract_inverted_index.strategy	64
abstract_inverted_index.Detection	74
abstract_inverted_index.Enhancing	0
abstract_inverted_index.Extensive	115
abstract_inverted_index.Smoothing	73
abstract_inverted_index.anomalous	78
abstract_inverted_index.challenge	11
abstract_inverted_index.defending	130
abstract_inverted_index.embedding	90
abstract_inverted_index.fine-tune	107
abstract_inverted_index.framework	100
abstract_inverted_index.knowledge	18, 42
abstract_inverted_index.optimizes	39
abstract_inverted_index.smoothing	82
abstract_inverted_index.allocation	62
abstract_inverted_index.consensus.	114
abstract_inverted_index.parameters	109
abstract_inverted_index.structure.	95
abstract_inverted_index.adjustment.	65
abstract_inverted_index.aggregation	46
abstract_inverted_index.inter-model	111
abstract_inverted_index.iteratively	106
abstract_inverted_index.multi-layer	93
abstract_inverted_index.outperforms	121
abstract_inverted_index.performance	51
abstract_inverted_index.Furthermore,	66
abstract_inverted_index.experimental	116
abstract_inverted_index.Amplification	59
abstract_inverted_index.Particularly,	96
abstract_inverted_index.communication	112
abstract_inverted_index.reinforcement	103
abstract_inverted_index.collaboration.	53
abstract_inverted_index.multidimensional	49
abstract_inverted_index.state-of-the-art	123
abstract_inverted_index.Out-of-Distribution	21
cited_by_percentile_year
countries_distinct_count	0
institutions_distinct_count	8
citation_normalized_percentile.value	0.25641026
citation_normalized_percentile.is_in_top_1_percent	False
citation_normalized_percentile.is_in_top_10_percent	False