{"@context":{"@vocab":"https://cir.nii.ac.jp/schema/1.0/","rdfs":"http://www.w3.org/2000/01/rdf-schema#","dc":"http://purl.org/dc/elements/1.1/","dcterms":"http://purl.org/dc/terms/","foaf":"http://xmlns.com/foaf/0.1/","prism":"http://prismstandard.org/namespaces/basic/2.0/","cinii":"http://ci.nii.ac.jp/ns/1.0/","datacite":"https://schema.datacite.org/meta/kernel-4/","ndl":"http://ndl.go.jp/dcndl/terms/","jpcoar":"https://github.com/JPCOAR/schema/blob/master/2.0/"},"@id":"https://cir.nii.ac.jp/crid/1362825893671764864.json","@type":"Article","productIdentifier":[{"identifier":{"@type":"DOI","@value":"10.1109/sp.2017.49"}},{"identifier":{"@type":"URI","@value":"http://xplorestaging.ieee.org/ielx7/7957740/7958557/07958570.pdf?arnumber=7958570"}}],"dc:title":[{"@value":"Towards Evaluating the Robustness of Neural Networks"}],"creator":[{"@id":"https://cir.nii.ac.jp/crid/1382825893671764865","@type":"Researcher","foaf:name":[{"@value":"Nicholas Carlini"}]},{"@id":"https://cir.nii.ac.jp/crid/1382825893671764864","@type":"Researcher","foaf:name":[{"@value":"David Wagner"}]}],"publication":{"prism:publicationName":[{"@value":"2017 IEEE Symposium on Security and Privacy (SP)"}],"dc:publisher":[{"@value":"IEEE"}],"prism:publicationDate":"2017-05","prism:startingPage":"39","prism:endingPage":"57"},"reviewed":"false","url":[{"@id":"http://xplorestaging.ieee.org/ielx7/7957740/7958557/07958570.pdf?arnumber=7958570"}],"createdAt":"2017-06-26","modifiedAt":"2019-09-26","relatedProduct":[{"@id":"https://cir.nii.ac.jp/crid/1050294407570983936","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"Backdoor Attacks on Deep Neural Networks via Transfer Learning from Natural Images"}]},{"@id":"https://cir.nii.ac.jp/crid/1050573407752944512","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"Simple Black-Box Universal Adversarial Attacks on Deep Neural Networks for Medical Image Classification"}]},{"@id":"https://cir.nii.ac.jp/crid/1360017280636237440","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Purifying Adversarial Images Using Adversarial Autoencoder With Conditional Normalizing Flows"}]},{"@id":"https://cir.nii.ac.jp/crid/1360017282240497536","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Transferability of features for neural networks links to adversarial attacks and defences"}]},{"@id":"https://cir.nii.ac.jp/crid/1360017282465101184","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Learning to Adversarially Blur Visual Object Tracking"}]},{"@id":"https://cir.nii.ac.jp/crid/1360025430638212736","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Rectifying Adversarial Examples Using Their Vulnerabilities"}]},{"@id":"https://cir.nii.ac.jp/crid/1360294643815132544","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"<i>DeepRepair:</i> Style-Guided Repairing for Deep Neural Networks in the Real-World Operational Environment"}]},{"@id":"https://cir.nii.ac.jp/crid/1360294643864628480","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Adversarial Attack and Defense on Deep Neural Network-Based Voice Processing Systems: An Overview"}]},{"@id":"https://cir.nii.ac.jp/crid/1360298336569150336","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Adversarial robustness assessment: Why in evaluation both L0 and L∞ attacks are necessary"}]},{"@id":"https://cir.nii.ac.jp/crid/1360298757172425728","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Pixel to Binary Embedding Towards Robustness for CNNs"}]},{"@id":"https://cir.nii.ac.jp/crid/1360306905611267456","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"A Fast and Efficient Adversarial Attack Based on Feasible Direction Method"}]},{"@id":"https://cir.nii.ac.jp/crid/1360306906077393792","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Repairs and Breaks Prediction for Deep Neural Networks"}]},{"@id":"https://cir.nii.ac.jp/crid/1360568465052152832","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Towards Logical Specification of Statistical Machine Learning"}]},{"@id":"https://cir.nii.ac.jp/crid/1360572092406632832","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Adversarial Patch Attacks on Monocular Depth Estimation Networks"}]},{"@id":"https://cir.nii.ac.jp/crid/1360576118790111872","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"NPC:\n            <u>N</u>\n            euron\n            <u>P</u>\n            ath\n            <u>C</u>\n            overage via Characterizing Decision Logic of Deep Neural Networks"}]},{"@id":"https://cir.nii.ac.jp/crid/1360582246450114432","@type":"Article","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Evolutionary Perturbation Attack on Temporal Link Prediction"}]},{"@id":"https://cir.nii.ac.jp/crid/1360588379369138432","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"An Adversarial Attack via Penalty Method"}]},{"@id":"https://cir.nii.ac.jp/crid/1360588379369203712","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Black-box l<sub>1</sub> and £2 Adversarial Attack Based on Genetic Algorithm"}]},{"@id":"https://cir.nii.ac.jp/crid/1360588380161843840","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"LRNAS: Differentiable Searching for Adversarially Robust Lightweight Neural Architecture"}]},{"@id":"https://cir.nii.ac.jp/crid/1360848660236690176","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"DeepMutation: Mutation Testing of Deep Learning Systems"}]},{"@id":"https://cir.nii.ac.jp/crid/1360861705567227904","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Certified Defense for Content Based Image Retrieval"}]},{"@id":"https://cir.nii.ac.jp/crid/1360861707162680320","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Regularization Meets Enhanced Multi-Stage Fusion Features: Making CNN More Robust against White-Box Adversarial Attacks"}]},{"@id":"https://cir.nii.ac.jp/crid/1360865815512281088","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Decision Boundary-aware Data Augmentation for Adversarial Training"}]},{"@id":"https://cir.nii.ac.jp/crid/1360865816783262208","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Adversarial attacks and defenses using feature-space stochasticity"}]},{"@id":"https://cir.nii.ac.jp/crid/1360869856020075264","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Proposal of Adversarial Attack Traffic Detection Using Adversarial Attack Techniques for Network Intrusion Detection System"}]},{"@id":"https://cir.nii.ac.jp/crid/1361131420017304448","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Adversarial Robustness by One Bit Double Quantization for Visual Classification"}]},{"@id":"https://cir.nii.ac.jp/crid/1361694370282285824","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Machine Learning Testing: Survey, Landscapes and Horizons"}]},{"@id":"https://cir.nii.ac.jp/crid/1361975844947448960","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Pixel-Based Image Encryption Without Key Management for Privacy-Preserving Deep Neural Networks"}]},{"@id":"https://cir.nii.ac.jp/crid/1390009142391319168","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"Effects of Image Processing Operations on Adversarial Noise and Their Use in Detecting and Correcting Adversarial Images"}]},{"@id":"https://cir.nii.ac.jp/crid/1390011108724431616","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"A Hybrid Bayesian-Convolutional Neural Network for Adversarial Robustness"}]},{"@id":"https://cir.nii.ac.jp/crid/1390013485543000192","@type":"Article","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"Toward Selective Adversarial Attack for Gait Recognition Systems Based on Deep Neural Network"}]},{"@id":"https://cir.nii.ac.jp/crid/1390015984923531392","@type":"Article","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"ASRA-Q: AI Security Risk Assessment by Selective Questions"}]},{"@id":"https://cir.nii.ac.jp/crid/1390289920606324608","@type":"Article","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"Flexible Bayesian Inference by Weight Transfer for Robust Deep Neural Networks"}]},{"@id":"https://cir.nii.ac.jp/crid/1390564238027417856","@type":"Article","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"Advanced Ensemble Adversarial Example on Unknown Deep Neural Network Classifiers"}]},{"@id":"https://cir.nii.ac.jp/crid/1390565134824803072","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"Simple Black-Box Adversarial Examples Generation with Very Few Queries"}]},{"@id":"https://cir.nii.ac.jp/crid/1390573407599797504","@type":"Article","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"Feature-Based Adversarial Training for Deep Learning Models Resistant to Transferable Adversarial Examples"}]},{"@id":"https://cir.nii.ac.jp/crid/1390584243404862848","@type":"Article","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"Adversarial Training with Misclassification Risk in Image Classification"},{"@language":"ja","@value":"画像分類における誤分類リスクを考慮した敵対的学習"},{"@language":"ja-Kana","@value":"ガゾウ ブンルイ ニ オケル ゴブンルイ リスク オ コウリョ シタ テキタイテキ ガクシュウ"}]},{"@id":"https://cir.nii.ac.jp/crid/1390585172431009536","@type":"Article","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"ja","@value":"MNISTに対する敵対的サンプル攻撃耐性を有する説明困難なルールを用いた分類手法"},{"@language":"en","@value":"Classification Method of Deploying Hard-to-Explain Rules that is Robust against Adversarial Example Attacks on MNIST"},{"@language":"ja-Kana","@value":"MNIST ニ タイスル テキタイテキ サンプル コウゲキ タイセイ オ ユウスル セツメイ コンナン ナ ルール オ モチイタ ブンルイ シュホウ"}]},{"@id":"https://cir.nii.ac.jp/crid/1390846609821057792","@type":"Article","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"Evaluating Deep Learning for Image Classification in Adversarial Environment"}]},{"@id":"https://cir.nii.ac.jp/crid/1390850857224558080","@type":"Article","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"MTGAN: Extending Test Case set for Deep Learning Image Classifier"}]},{"@id":"https://cir.nii.ac.jp/crid/1390856893076965120","@type":"Article","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"Priority Evasion Attack: An Adversarial Example That Considers the Priority of Attack on Each Classifier"}]},{"@id":"https://cir.nii.ac.jp/crid/1390866040573353856","@type":"Article","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"Detecting Textual Backdoor Attacks via Class Difference for Text Classification System"}]},{"@id":"https://cir.nii.ac.jp/crid/1391975831225646080","@type":"Article","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"Property Analysis of Adversarially Robust Representation"},{"@language":"ja","@value":"敵対的サンプルに頑健な特徴表現の性質の分析"}]}],"dataSourceIdentifier":[{"@type":"CROSSREF","@value":"10.1109/sp.2017.49"},{"@type":"CROSSREF","@value":"10.1587/transinf.2020edp7162_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1587/transinf.2021edp7046_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/issre.2018.00021_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/access.2020.3027372_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/ojsp.2023.3275053_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1371/journal.pone.0266060_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/iccv48922.2021.01066_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/access.2025.3550024_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.2493/jjspe.87.83_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/tr.2021.3096332_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1587/transinf.2022ngp0002_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1371/journal.pone.0265723_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.2197/ipsjjip.31.654_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/access.2019.2958358_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1587/transinf.2021edp7198_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/icpr56361.2022.9956572_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1587/transinf.2023edp7160_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.2493/jjspe.91.89_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/access.2024.3411055_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1145/3702983_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1007/978-3-030-30446-1_16_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/tse.2019.2962027_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1587/transinf.2021edp7239_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1587/transinf.2021edl8080_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.7566/jpsj.93.074002_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1541/ieejeiss.145.498_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/access.2025.3529217_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/aitest62860.2024.00021_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/tnnls.2024.3382724_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1587/transinf.2019inp0002_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1587/transinf.2019edp7188_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1587/transinf.2018edp7073_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1587/transinf.2021mup0005_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1145/3490489_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/access.2019.2959017_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/wacv56688.2023.00454_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.3390/app122412564_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.3390/a15050144_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.3390/s22145431_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.3390/app11188450_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1109/tdsc.2022.3165889_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1016/j.neunet.2023.08.022_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"},{"@type":"CROSSREF","@value":"10.1007/978-3-031-72325-4_17_references_DOI_33Qb9hUwTossLEgufjpEC8ENzEp"}]}