Towards Black-box Adversarial Example Detection: A Data Reconstruction-based Method Article Swipe
Yifei Gao
,
Zhiyu Lin
,
Yunfan Yang
,
Jitao Sang
·
YOU?
·
· 2023
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2306.02021
YOU?
·
· 2023
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2306.02021
Adversarial example detection is known to be an effective adversarial defense method. Black-box attack, which is a more realistic threat and has led to various black-box adversarial training-based defense methods, however, does not attract considerable attention in adversarial example detection. In this paper, we fill this gap by positioning the problem of black-box adversarial example detection (BAD). Data analysis under the introduced BAD settings demonstrates (1) the incapability of existing detectors in addressing the black-box scenario and (2) the potential of exploring BAD solutions from a data perspective. To tackle the BAD problem, we propose a data reconstruction-based adversarial example detection method. Specifically, we use variational auto-encoder (VAE) to capture both pixel and frequency representations of normal examples. Then we use reconstruction error to detect adversarial examples. Compared with existing detection methods, the proposed method achieves substantially better detection performance in BAD, which helps promote the deployment of adversarial example detection-based defense solutions in real-world models.
Related Topics
Concepts
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2306.02021
- https://arxiv.org/pdf/2306.02021
- OA Status
- green
- Cited By
- 2
- Related Works
- 10
- OpenAlex ID
- https://openalex.org/W4379538695
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4379538695Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2306.02021Digital Object Identifier
- Title
-
Towards Black-box Adversarial Example Detection: A Data Reconstruction-based MethodWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2023Year of publication
- Publication date
-
2023-06-03Full publication date if available
- Authors
-
Yifei Gao, Zhiyu Lin, Yunfan Yang, Jitao SangList of authors in order
- Landing page
-
https://arxiv.org/abs/2306.02021Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2306.02021Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2306.02021Direct OA link when available
- Concepts
-
Adversarial system, Black box, Computer science, Perspective (graphical), Artificial intelligence, Software deployment, Machine learning, Data mining, Computer security, Computer vision, Operating systemTop concepts (fields/topics) attached by OpenAlex
- Cited by
-
2Total citation count in OpenAlex
- Citations by year (recent)
-
2024: 2Per-year citation counts (last 5 years)
- Related works (count)
-
10Other works algorithmically related by OpenAlex
Full payload
| id | https://openalex.org/W4379538695 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2306.02021 |
| ids.doi | https://doi.org/10.48550/arxiv.2306.02021 |
| ids.openalex | https://openalex.org/W4379538695 |
| fwci | |
| type | preprint |
| title | Towards Black-box Adversarial Example Detection: A Data Reconstruction-based Method |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T11689 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.9901000261306763 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1702 |
| topics[0].subfield.display_name | Artificial Intelligence |
| topics[0].display_name | Adversarial Robustness in Machine Learning |
| topics[1].id | https://openalex.org/T11515 |
| topics[1].field.id | https://openalex.org/fields/13 |
| topics[1].field.display_name | Biochemistry, Genetics and Molecular Biology |
| topics[1].score | 0.9790999889373779 |
| topics[1].domain.id | https://openalex.org/domains/1 |
| topics[1].domain.display_name | Life Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/1312 |
| topics[1].subfield.display_name | Molecular Biology |
| topics[1].display_name | Bacillus and Francisella bacterial research |
| topics[2].id | https://openalex.org/T11512 |
| topics[2].field.id | https://openalex.org/fields/17 |
| topics[2].field.display_name | Computer Science |
| topics[2].score | 0.9732000231742859 |
| topics[2].domain.id | https://openalex.org/domains/3 |
| topics[2].domain.display_name | Physical Sciences |
| topics[2].subfield.id | https://openalex.org/subfields/1702 |
| topics[2].subfield.display_name | Artificial Intelligence |
| topics[2].display_name | Anomaly Detection Techniques and Applications |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| concepts[0].id | https://openalex.org/C37736160 |
| concepts[0].level | 2 |
| concepts[0].score | 0.9537086486816406 |
| concepts[0].wikidata | https://www.wikidata.org/wiki/Q1801315 |
| concepts[0].display_name | Adversarial system |
| concepts[1].id | https://openalex.org/C94966114 |
| concepts[1].level | 2 |
| concepts[1].score | 0.7506321668624878 |
| concepts[1].wikidata | https://www.wikidata.org/wiki/Q29256 |
| concepts[1].display_name | Black box |
| concepts[2].id | https://openalex.org/C41008148 |
| concepts[2].level | 0 |
| concepts[2].score | 0.7186518311500549 |
| concepts[2].wikidata | https://www.wikidata.org/wiki/Q21198 |
| concepts[2].display_name | Computer science |
| concepts[3].id | https://openalex.org/C12713177 |
| concepts[3].level | 2 |
| concepts[3].score | 0.6469947099685669 |
| concepts[3].wikidata | https://www.wikidata.org/wiki/Q1900281 |
| concepts[3].display_name | Perspective (graphical) |
| concepts[4].id | https://openalex.org/C154945302 |
| concepts[4].level | 1 |
| concepts[4].score | 0.5315043330192566 |
| concepts[4].wikidata | https://www.wikidata.org/wiki/Q11660 |
| concepts[4].display_name | Artificial intelligence |
| concepts[5].id | https://openalex.org/C105339364 |
| concepts[5].level | 2 |
| concepts[5].score | 0.47712230682373047 |
| concepts[5].wikidata | https://www.wikidata.org/wiki/Q2297740 |
| concepts[5].display_name | Software deployment |
| concepts[6].id | https://openalex.org/C119857082 |
| concepts[6].level | 1 |
| concepts[6].score | 0.4214113652706146 |
| concepts[6].wikidata | https://www.wikidata.org/wiki/Q2539 |
| concepts[6].display_name | Machine learning |
| concepts[7].id | https://openalex.org/C124101348 |
| concepts[7].level | 1 |
| concepts[7].score | 0.3639270067214966 |
| concepts[7].wikidata | https://www.wikidata.org/wiki/Q172491 |
| concepts[7].display_name | Data mining |
| concepts[8].id | https://openalex.org/C38652104 |
| concepts[8].level | 1 |
| concepts[8].score | 0.3352363109588623 |
| concepts[8].wikidata | https://www.wikidata.org/wiki/Q3510521 |
| concepts[8].display_name | Computer security |
| concepts[9].id | https://openalex.org/C31972630 |
| concepts[9].level | 1 |
| concepts[9].score | 0.32174983620643616 |
| concepts[9].wikidata | https://www.wikidata.org/wiki/Q844240 |
| concepts[9].display_name | Computer vision |
| concepts[10].id | https://openalex.org/C111919701 |
| concepts[10].level | 1 |
| concepts[10].score | 0.0 |
| concepts[10].wikidata | https://www.wikidata.org/wiki/Q9135 |
| concepts[10].display_name | Operating system |
| keywords[0].id | https://openalex.org/keywords/adversarial-system |
| keywords[0].score | 0.9537086486816406 |
| keywords[0].display_name | Adversarial system |
| keywords[1].id | https://openalex.org/keywords/black-box |
| keywords[1].score | 0.7506321668624878 |
| keywords[1].display_name | Black box |
| keywords[2].id | https://openalex.org/keywords/computer-science |
| keywords[2].score | 0.7186518311500549 |
| keywords[2].display_name | Computer science |
| keywords[3].id | https://openalex.org/keywords/perspective |
| keywords[3].score | 0.6469947099685669 |
| keywords[3].display_name | Perspective (graphical) |
| keywords[4].id | https://openalex.org/keywords/artificial-intelligence |
| keywords[4].score | 0.5315043330192566 |
| keywords[4].display_name | Artificial intelligence |
| keywords[5].id | https://openalex.org/keywords/software-deployment |
| keywords[5].score | 0.47712230682373047 |
| keywords[5].display_name | Software deployment |
| keywords[6].id | https://openalex.org/keywords/machine-learning |
| keywords[6].score | 0.4214113652706146 |
| keywords[6].display_name | Machine learning |
| keywords[7].id | https://openalex.org/keywords/data-mining |
| keywords[7].score | 0.3639270067214966 |
| keywords[7].display_name | Data mining |
| keywords[8].id | https://openalex.org/keywords/computer-security |
| keywords[8].score | 0.3352363109588623 |
| keywords[8].display_name | Computer security |
| keywords[9].id | https://openalex.org/keywords/computer-vision |
| keywords[9].score | 0.32174983620643616 |
| keywords[9].display_name | Computer vision |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2306.02021 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2306.02021 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2306.02021 |
| locations[1].id | doi:10.48550/arxiv.2306.02021 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2306.02021 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5114804187 |
| authorships[0].author.orcid | https://orcid.org/0009-0006-0436-5930 |
| authorships[0].author.display_name | Yifei Gao |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Gao, Yifei |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5069028297 |
| authorships[1].author.orcid | https://orcid.org/0000-0001-8045-9556 |
| authorships[1].author.display_name | Zhiyu Lin |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Lin, Zhiyu |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5100314060 |
| authorships[2].author.orcid | https://orcid.org/0000-0002-4307-5569 |
| authorships[2].author.display_name | Yunfan Yang |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | Yang, Yunfan |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5023834030 |
| authorships[3].author.orcid | https://orcid.org/0000-0002-0699-3205 |
| authorships[3].author.display_name | Jitao Sang |
| authorships[3].author_position | last |
| authorships[3].raw_author_name | Sang, Jitao |
| authorships[3].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2306.02021 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2023-06-07T00:00:00 |
| display_name | Towards Black-box Adversarial Example Detection: A Data Reconstruction-based Method |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T11689 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.9901000261306763 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1702 |
| primary_topic.subfield.display_name | Artificial Intelligence |
| primary_topic.display_name | Adversarial Robustness in Machine Learning |
| related_works | https://openalex.org/W2502115930, https://openalex.org/W2482350142, https://openalex.org/W4246396837, https://openalex.org/W3176240006, https://openalex.org/W3126451824, https://openalex.org/W1561927205, https://openalex.org/W3191453585, https://openalex.org/W4297672492, https://openalex.org/W3037859390, https://openalex.org/W4379538695 |
| cited_by_count | 2 |
| counts_by_year[0].year | 2024 |
| counts_by_year[0].cited_by_count | 2 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2306.02021 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2306.02021 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2306.02021 |
| primary_location.id | pmh:oai:arXiv.org:2306.02021 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2306.02021 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2306.02021 |
| publication_date | 2023-06-03 |
| publication_year | 2023 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 16, 85, 95 |
| abstract_inverted_index.In | 40 |
| abstract_inverted_index.To | 88 |
| abstract_inverted_index.an | 7 |
| abstract_inverted_index.be | 6 |
| abstract_inverted_index.by | 47 |
| abstract_inverted_index.in | 36, 71, 140, 153 |
| abstract_inverted_index.is | 3, 15 |
| abstract_inverted_index.of | 51, 68, 80, 115, 147 |
| abstract_inverted_index.to | 5, 23, 108, 123 |
| abstract_inverted_index.we | 43, 93, 103, 119 |
| abstract_inverted_index.(1) | 65 |
| abstract_inverted_index.(2) | 77 |
| abstract_inverted_index.BAD | 62, 82, 91 |
| abstract_inverted_index.and | 20, 76, 112 |
| abstract_inverted_index.gap | 46 |
| abstract_inverted_index.has | 21 |
| abstract_inverted_index.led | 22 |
| abstract_inverted_index.not | 32 |
| abstract_inverted_index.the | 49, 60, 66, 73, 78, 90, 132, 145 |
| abstract_inverted_index.use | 104, 120 |
| abstract_inverted_index.BAD, | 141 |
| abstract_inverted_index.Data | 57 |
| abstract_inverted_index.Then | 118 |
| abstract_inverted_index.both | 110 |
| abstract_inverted_index.data | 86, 96 |
| abstract_inverted_index.does | 31 |
| abstract_inverted_index.fill | 44 |
| abstract_inverted_index.from | 84 |
| abstract_inverted_index.more | 17 |
| abstract_inverted_index.this | 41, 45 |
| abstract_inverted_index.with | 128 |
| abstract_inverted_index.(VAE) | 107 |
| abstract_inverted_index.error | 122 |
| abstract_inverted_index.helps | 143 |
| abstract_inverted_index.known | 4 |
| abstract_inverted_index.pixel | 111 |
| abstract_inverted_index.under | 59 |
| abstract_inverted_index.which | 14, 142 |
| abstract_inverted_index.(BAD). | 56 |
| abstract_inverted_index.better | 137 |
| abstract_inverted_index.detect | 124 |
| abstract_inverted_index.method | 134 |
| abstract_inverted_index.normal | 116 |
| abstract_inverted_index.paper, | 42 |
| abstract_inverted_index.tackle | 89 |
| abstract_inverted_index.threat | 19 |
| abstract_inverted_index.attack, | 13 |
| abstract_inverted_index.attract | 33 |
| abstract_inverted_index.capture | 109 |
| abstract_inverted_index.defense | 10, 28, 151 |
| abstract_inverted_index.example | 1, 38, 54, 99, 149 |
| abstract_inverted_index.method. | 11, 101 |
| abstract_inverted_index.models. | 155 |
| abstract_inverted_index.problem | 50 |
| abstract_inverted_index.promote | 144 |
| abstract_inverted_index.propose | 94 |
| abstract_inverted_index.various | 24 |
| abstract_inverted_index.Compared | 127 |
| abstract_inverted_index.achieves | 135 |
| abstract_inverted_index.analysis | 58 |
| abstract_inverted_index.existing | 69, 129 |
| abstract_inverted_index.however, | 30 |
| abstract_inverted_index.methods, | 29, 131 |
| abstract_inverted_index.problem, | 92 |
| abstract_inverted_index.proposed | 133 |
| abstract_inverted_index.scenario | 75 |
| abstract_inverted_index.settings | 63 |
| abstract_inverted_index.Black-box | 12 |
| abstract_inverted_index.attention | 35 |
| abstract_inverted_index.black-box | 25, 52, 74 |
| abstract_inverted_index.detection | 2, 55, 100, 130, 138 |
| abstract_inverted_index.detectors | 70 |
| abstract_inverted_index.effective | 8 |
| abstract_inverted_index.examples. | 117, 126 |
| abstract_inverted_index.exploring | 81 |
| abstract_inverted_index.frequency | 113 |
| abstract_inverted_index.potential | 79 |
| abstract_inverted_index.realistic | 18 |
| abstract_inverted_index.solutions | 83, 152 |
| abstract_inverted_index.addressing | 72 |
| abstract_inverted_index.deployment | 146 |
| abstract_inverted_index.detection. | 39 |
| abstract_inverted_index.introduced | 61 |
| abstract_inverted_index.real-world | 154 |
| abstract_inverted_index.Adversarial | 0 |
| abstract_inverted_index.adversarial | 9, 26, 37, 53, 98, 125, 148 |
| abstract_inverted_index.performance | 139 |
| abstract_inverted_index.positioning | 48 |
| abstract_inverted_index.variational | 105 |
| abstract_inverted_index.auto-encoder | 106 |
| abstract_inverted_index.considerable | 34 |
| abstract_inverted_index.demonstrates | 64 |
| abstract_inverted_index.incapability | 67 |
| abstract_inverted_index.perspective. | 87 |
| abstract_inverted_index.Specifically, | 102 |
| abstract_inverted_index.substantially | 136 |
| abstract_inverted_index.reconstruction | 121 |
| abstract_inverted_index.training-based | 27 |
| abstract_inverted_index.detection-based | 150 |
| abstract_inverted_index.representations | 114 |
| abstract_inverted_index.reconstruction-based | 97 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 4 |
| citation_normalized_percentile |