AEGIS: A Semantic GAN and Evidential Learning Frameworkfor Robust Adversarial Detection in Vision Sensors
Pith reviewed 2026-06-30 01:23 UTC · model grok-4.3
The pith
AEGIS detects adversarial inputs by filtering them through a semantic GAN then classifying a five-dimensional instability vector with evidential deep learning.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
AEGIS combines a SemantiGAN multi-class semantic discriminator that filters inconsistent adversarial inputs with an Evidential Deep Learning classifier that receives a five-dimensional vector of instability metrics (FlipScore, Prediction Inconsistency, Layerwise Cosine Similarity in early and mid layers, and Entropy) computed from stochastic test-time augmentations; the EDL component models output evidence via a Dirichlet distribution to produce both predictions and uncertainty estimates, yielding 92.1% AUROC, 90.2% AUPRC, and 90.7% accuracy on Tiny ImageNet across clean, FGSM, PGD, patch-based, functional, and geometric inputs.
What carries the argument
The five-dimensional instability vector (FlipScore, Prediction Inconsistency, early-layer and mid-layer cosine similarity, Entropy) fed to an Evidential Deep Learning classifier that outputs Dirichlet-distributed evidence for both class and uncertainty.
If this is right
- The two-stage pipeline (SemantiGAN filtering followed by EDL on the instability vector) produces both a detection decision and a calibrated uncertainty value.
- Detection performance exceeds that of conventional softmax-based methods across six input categories on Tiny ImageNet.
- The framework supplies interpretability through the explicit instability metrics and uncertainty estimates in addition to the binary detection output.
- Robustness is claimed across FGSM, PGD, patch-based, functional, and geometric attacks without post-hoc tuning for each variant.
Where Pith is reading between the lines
- The same instability metrics might be tested on video frames or sensor streams to check whether the separation property generalizes beyond static images.
- Replacing the handcrafted metrics with learned features inside the EDL stage could reduce dependence on the current five-dimensional design.
- Deployment in resource-constrained vision pipelines would require measuring the computational cost of the stochastic augmentation step.
Load-bearing premise
The five handcrafted instability metrics will continue to separate adversarial from clean inputs for attack variants and datasets not seen during development.
What would settle it
Evaluation on an entirely new attack family or dataset where the AUROC falls below 80% while the same metrics are used without retraining or reselection.
Figures
read the original abstract
Deep neural networks (DNNs) have shown outstanding performance in visual recognition tasks within vision sensor networks; however, they are still vulnerable to adversarial manipulations and imperceptible perturbations that can lead to erroneous predictions. To address that, this paper presents AEGIS, a semantic aware and uncertainty guided adversarial detection framework designed for robust image classification in vision sensors pipelines. At its core, a SemantiGAN module functions as a multi class semantic discriminator, identifying and filtering visually inconsistent adversarial inputs before they propagate further in the pipeline. For inputs that pass this stage, a stochastic augmentation process generates test time variations, from which handcrafted instability metrics FlipScore, Prediction Inconsistency, Layerwise Cosine Similarity (early and mid layers), and Entropy are computed. These features are aggregated into a compact five dimensional vector and processed by an Evidential Deep Learning (EDL) classifier, which models output evidence using a Dirichlet distribution to yield both class predictions and calibrated uncertainty estimates. Evaluations on the Tiny ImageNet dataset across six categories clean, FGSM, PGD, patch based, functional, and geometric attacks demonstrate the effectiveness of AEGIS. The proposed framework achieves an AUROC of 92.1\%, an AUPRC of 90.2\%, and an accuracy of 90.7\%, outperforming conventional softmax-based detectors in terms of detection performance, robustness, interpretability, and uncertainty calibration.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The manuscript presents AEGIS, a framework for adversarial detection in vision sensors using a SemantiGAN module to filter inconsistent inputs and an Evidential Deep Learning (EDL) classifier on a five-dimensional vector of handcrafted instability metrics (FlipScore, Prediction Inconsistency, Layerwise Cosine Similarity in early and mid layers, Entropy) computed from stochastic augmentations. On Tiny ImageNet with clean and five attack families (FGSM, PGD, patch-based, functional, geometric), it reports AUROC 92.1%, AUPRC 90.2%, accuracy 90.7%, claiming better performance, robustness, interpretability, and uncertainty calibration than softmax-based detectors.
Significance. If the reported separation holds under proper cross-attack validation, the integration of semantic filtering with EDL-derived uncertainty could offer a practical, interpretable approach to robust detection in sensor pipelines. The handcrafted metrics provide an explicit, non-black-box feature set that may aid calibration, though this remains to be demonstrated.
major comments (2)
- [Abstract] Abstract: The central performance claims (AUROC of 92.1%, AUPRC of 90.2%, accuracy of 90.7%) are presented as aggregate numbers with no accompanying experimental protocol, baseline code or implementations, statistical significance tests, or ablation results. This information is load-bearing for verifying whether the five-metric vector plus EDL actually supports the robustness claim.
- [Evaluation] Evaluation section: No description is given of whether the EDL was trained under a leave-one-attack-out regime or whether the five instability metrics (and their aggregation) were fixed prior to seeing the test attacks. Without this, the reported separation on the five attack families does not establish generalization to unseen perturbations, which is required for the central robustness claim.
minor comments (1)
- [Abstract] Abstract: The acronym 'SemantiGAN' is introduced without expansion or reference to its definition or prior work.
Simulated Author's Rebuttal
We thank the referee for the constructive comments, which help clarify the presentation of our experimental claims. We address each major point below and will revise the manuscript accordingly to strengthen the description of our evaluation protocol and generalization analysis.
read point-by-point responses
-
Referee: [Abstract] Abstract: The central performance claims (AUROC of 92.1%, AUPRC of 90.2%, accuracy of 90.7%) are presented as aggregate numbers with no accompanying experimental protocol, baseline code or implementations, statistical significance tests, or ablation results. This information is load-bearing for verifying whether the five-metric vector plus EDL actually supports the robustness claim.
Authors: The abstract is a concise summary and conventionally omits full protocol details. The Evaluation section describes the Tiny ImageNet setup, six attack categories, stochastic augmentation process for the five instability metrics, and EDL training on the resulting vectors, with comparisons to softmax baselines. Ablations on individual metrics and the SemantiGAN component appear in Section 4.3, and results include standard deviations from multiple runs. We will revise the abstract to include a one-sentence reference to the evaluation protocol and add an explicit statement on baseline implementations. We will also ensure the main text cross-references all supporting tables. revision: yes
-
Referee: [Evaluation] Evaluation section: No description is given of whether the EDL was trained under a leave-one-attack-out regime or whether the five instability metrics (and their aggregation) were fixed prior to seeing the test attacks. Without this, the reported separation on the five attack families does not establish generalization to unseen perturbations, which is required for the central robustness claim.
Authors: We agree that explicit clarification of the training regime is necessary to support the generalization claim. The five metrics were designed from general properties of adversarial instability (prediction flips, layer similarities, entropy) and fixed before any attack-specific testing. The EDL was trained on a combined set of clean and attacked samples across all families. However, the manuscript does not currently report leave-one-attack-out results. To address this, we will add leave-one-attack-out experiments in the revised Evaluation section, training on four attack families and testing on the held-out family, and report the resulting AUROC/AUPRC to demonstrate robustness to unseen perturbations. revision: yes
Circularity Check
Empirical framework exhibits no circular derivation
full rationale
The paper describes an empirical pipeline: SemantiGAN filtering followed by computation of five fixed handcrafted instability metrics aggregated into a vector and classified by EDL. No equations, predictions, or first-principles claims are shown to reduce by construction to their own inputs, fitted parameters, or self-citation chains. The reported AUROC/AUPRC/accuracy are direct empirical outcomes on the stated dataset and attack families; the derivation chain remains self-contained against external benchmarks.
Axiom & Free-Parameter Ledger
Reference graph
Works this paper leans on
-
[1]
A survey of artificial neural network computing systems.Cognitive Computation, 17(1):4, 2025
Fotis Foukalas. A survey of artificial neural network computing systems.Cognitive Computation, 17(1):4, 2025
2025
-
[2]
Jon Vadillo, Roberto Santana, and Jose A Lozano. Adversarial attacks in explainable machine learning: A survey of threats against models and humans.Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 15(1):e1567, 2025
2025
-
[3]
A survey of adversarial attacks on machine learning.Neurocomputing, page 132573, 2026
Fahri Anıl Yerlikaya and ¸ Serif Bahtiyar. A survey of adversarial attacks on machine learning.Neurocomputing, page 132573, 2026
2026
-
[4]
Adversarial examples in the physical world
Alexey Kurakin, Ian Goodfellow, and Samy Bengio. Adversarial examples in the physical world. InArtificial Intelligence Safety and Security, pages 99–112, 2017
2017
-
[5]
The limitations of deep learning in adversarial settings
Nicolas Papernot, Patrick McDaniel, Somesh Jha, Matt Fredrikson, Z Berkay Celik, and Ananthram Swami. The limitations of deep learning in adversarial settings. InIEEE European Symposium on Security and Privacy (EuroS&P), pages 372–387, 2016
2016
-
[6]
Ngoc N Tran, Anh Tuan Bui, Dinh Phung, and Trung Le. Multiple perturbation attack: Attack pixelwise under different p norms for better adversarial performance.arXiv preprint arXiv:2212.03069, 2022
-
[7]
Evaluating the robustness of deep learning models against adversarial attacks: An analysis with fgsm, pgd and cw.Big Data and Cognitive Computing, 8(1):8, 2024
William Villegas-Ch, Angel Jaramillo-Alcázar, and Sergio Luján-Mora. Evaluating the robustness of deep learning models against adversarial attacks: An analysis with fgsm, pgd and cw.Big Data and Cognitive Computing, 8(1):8, 2024
2024
-
[8]
Semantically stealthy adversarial attacks against segmentation models
Zhenhua Chen, Chuhua Wang, and David Crandall. Semantically stealthy adversarial attacks against segmentation models. InProceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision, pages 4080– 4089, 2022
2022
-
[9]
Attacktracer: Semantic-level adversarial attack location traceability via evidential diffusion model.Neurocomputing, page 131535, 2025
Zhentong Zhang, Xinde Li, Pengfei Zhang, Wang Kui, Tianrong Gao, and Tao Shen. Attacktracer: Semantic-level adversarial attack location traceability via evidential diffusion model.Neurocomputing, page 131535, 2025
2025
-
[10]
Tom B Brown, Dandelion Mané, Aurko Roy, Martín Abadi, and Justin Gilmer. Adversarial patch.arXiv preprint arXiv:1712.09665, 2017
work page internal anchor Pith review Pith/arXiv arXiv 2017
-
[11]
Spatially Transformed Adversarial Examples
Chaowei Xiao, Jun-Yan Zhu, Bo Li, Warren He, Mingyan Liu, and Dawn Song. Spatially transformed adversarial examples.arXiv preprint arXiv:1801.02612, 2018
work page internal anchor Pith review Pith/arXiv arXiv 2018
-
[12]
Spat: semantic-preserving adversarial transformation for perceptually similar adversarial examples
Subrat Kumar Swain, Vireshwar Kumar, Dan Dongseong Kim, and Guangdong Bai. Spat: semantic-preserving adversarial transformation for perceptually similar adversarial examples. InECAI 2023, pages 2266–2273. IOS Press, 2023
2023
-
[13]
Exploiting multi-object relationships for detecting adversarial attacks in complex scenes
Mingjun Yin, Shasha Li, Zikui Cai, Chengyu Song, M Salman Asif, Amit K Roy-Chowdhury, and Srikanth V Krishnamurthy. Exploiting multi-object relationships for detecting adversarial attacks in complex scenes. In proceedings of the IEEE/CVF international conference on computer vision, pages 7858–7867, 2021
2021
-
[14]
Semantic adversarial examples
Hossein Hosseini and Radha Poovendran. Semantic adversarial examples. InProceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops, pages 1614–1619, 2018
2018
-
[15]
Segtrans: Transferable adversarial examples for segmentation models.IEEE Transactions on Multimedia, 2026
Yufei Song, Ziqi Zhou, Qi Lu, Hangtao Zhang, Yifan Hu, Lulu Xue, Shengshan Hu, Minghui Li, and Leo Yu Zhang. Segtrans: Transferable adversarial examples for segmentation models.IEEE Transactions on Multimedia, 2026
2026
-
[16]
Towards Deep Learning Models Resistant to Adversarial Attacks
Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. Towards deep learning models resistant to adversarial attacks.arXiv preprint arXiv:1706.06083, 2017
work page internal anchor Pith review Pith/arXiv arXiv 2017
-
[17]
Detecting Adversarial Samples from Artifacts
Reuben Feinman, Ryan R Curtin, Saurabh Shintre, and Andrew B Gardner. Detecting adversarial samples from artifacts.arXiv preprint arXiv:1703.00410, 2017
work page internal anchor Pith review Pith/arXiv arXiv 2017
-
[18]
Enhancing the reliability of out- of-distribution image detection in neural networks,
Shiyu Liang, Yixuan Li, and Rayadurgam Srikant. Enhancing the reliability of out-of-distribution image detection in neural networks.arXiv preprint arXiv:1706.02690, 2017
-
[19]
Multi-scale simulations of black hole accretion in barred galaxies: Self-gravitating disk models
Yuxuan Zhou and Murat Kantarcioglu. Classification by re-generation: Towards classification-based adversarial detection.arXiv preprint arXiv:1802.06873, 2018
work page internal anchor Pith review Pith/arXiv arXiv 2018
-
[20]
Adagat: Adaptive guidance adversarial training for the robustness of deep neural networks
Zhenyu Liu, Xinrun Li, Huizhi Liang, Vaclav Snasel, and Varun Ojha. Adagat: Adaptive guidance adversarial training for the robustness of deep neural networks. InChinese Conference on Pattern Recognition and Computer Vision (PRCV), pages 181–194. Springer, 2025
2025
-
[21]
Mutual-modality adversarial attack with semantic perturbation
Jingwen Ye, Ruonan Yu, Songhua Liu, and Xinchao Wang. Mutual-modality adversarial attack with semantic perturbation. InProceedings of the AAAI Conference on Artificial Intelligence, volume 38, pages 6657–6665, 2024. 18 APREPRINT- JUNE30, 2026
2024
-
[22]
Chinmay Prakash Swami and Deepak Joshi. Investigating the impact of adversarial attacks on deep learning-based wearable robot controllers: Security, reliability, and safety concerns.IEEE Transactions on Industrial Informatics, 2025
2025
-
[23]
Two-stage uncertainty-aware adversarial patch attack for semantic segmentation.International Journal of Intelligent Computing and Cybernetics, pages 1–23, 2026
Jun Li, Haoze Wu, Yawei Ren, Jianyi Zhang, and Liyan Shen. Two-stage uncertainty-aware adversarial patch attack for semantic segmentation.International Journal of Intelligent Computing and Cybernetics, pages 1–23, 2026
2026
-
[24]
Towards evaluating the robustness of neural networks
Nicholas Carlini and David Wagner. Towards evaluating the robustness of neural networks. In2017 ieee symposium on security and privacy (sp), pages 39–57. Ieee, 2017
2017
-
[25]
A simple unified framework for detecting out-of- distribution samples and adversarial attacks.Advances in neural information processing systems, 31, 2018
Kimin Lee, Kibok Lee, Honglak Lee, and Jinwoo Shin. A simple unified framework for detecting out-of- distribution samples and adversarial attacks.Advances in neural information processing systems, 31, 2018
2018
-
[26]
Characterizing Adversarial Subspaces Using Local Intrinsic Dimensionality
Xingjun Ma, Bo Li, Yisen Wang, Sarah M Erfani, Sudanthi Wijewickrema, Grant Schoenebeck, Dawn Song, Michael E Houle, and James Bailey. Characterizing adversarial subspaces using local intrinsic dimensionality. arXiv preprint arXiv:1801.02613, 2018
work page internal anchor Pith review Pith/arXiv arXiv 2018
-
[27]
Detection of adversarial examples using robustness discrepancies
Shashank Goyal, Jean-Baptiste Alayrac, Andras Kovacs, and Pushmeet Kohli. Detection of adversarial examples using robustness discrepancies. InAdvances in Neural Information Processing Systems (NeurIPS), 2020
2020
-
[28]
Test-time data augmentation: Improving predictions of recurrent neural network models of composites.Engineering Applications of Artificial Intelligence, 160:111983, 2025
Petter Uvdal and Mohsen Mirkhalaf. Test-time data augmentation: Improving predictions of recurrent neural network models of composites.Engineering Applications of Artificial Intelligence, 160:111983, 2025
2025
-
[29]
Adversarial examples detection in deep networks with convolutional filter statistics
Xin Li and Fuxin Li. Adversarial examples detection in deep networks with convolutional filter statistics. In Proceedings of the IEEE international conference on computer vision, pages 5764–5772, 2017
2017
-
[30]
Improving adversarial training from the perspective of class-flipping distribution.IEEE Transactions on Pattern Analysis and Machine Intelligence, 2025
Dawei Zhou, Nannan Wang, Tongliang Liu, and Xinbo Gao. Improving adversarial training from the perspective of class-flipping distribution.IEEE Transactions on Pattern Analysis and Machine Intelligence, 2025
2025
-
[31]
Towards adversarial patch attacks on deep crowd-counting networks via density-aware normalized feature learning.Knowledge-Based Systems, page 114785, 2025
Yatie Xiao, Siyuan Chen, Kongyang Chen, Qingxiao Guan, and Zhenbang Liu. Towards adversarial patch attacks on deep crowd-counting networks via density-aware normalized feature learning.Knowledge-Based Systems, page 114785, 2025
2025
-
[32]
Density estimation helps adversarial robustness
Afsaneh Hasanebrahimi, Bahareh Kaviani Baghbaderani, Reshad Hosseini, and Ahmad Kalhor. Density estimation helps adversarial robustness. In2023 13th International Conference on Computer and Knowledge Engineering (ICCKE), pages 102–107. IEEE, 2023
2023
-
[33]
Amira Guesmi and Muhammad Shafique. Drift: Divergent response in filtered transformations for robust adversarial defense.arXiv preprint arXiv:2509.24359, 2025
-
[34]
Adversarial defense method to face forgery detection based on masked conditional diffusion model.Expert Systems with Applications, 287:128156, 2025
Chaolong Jia, Zerui Wu, Chen Su, Hong Liu, and Yunpeng Xiao. Adversarial defense method to face forgery detection based on masked conditional diffusion model.Expert Systems with Applications, 287:128156, 2025
2025
-
[35]
Dong Lao, Yuxiang Zhang, Haniyeh Ehsani Oskouie, Yangchao Wu, Alex Wong, and Stefano Soatto. Test-time defense against adversarial attacks via stochastic resonance of latent ensembles.arXiv preprint arXiv:2510.03224, 2025
-
[36]
Interpretation of white box adversarial attacks on machine learning model using grad-cam
Ug Dheeraj Sai, Vinay Sai Yogeesh, N Vindya, Akanksha P Mulgund, and Bhaskarjyoti Das. Interpretation of white box adversarial attacks on machine learning model using grad-cam. In2024 8th International Symposium on Innovative Approaches in Smart Technologies (ISAS), pages 1–10. IEEE, 2024
2024
-
[37]
Scenetap: Scene-coherent typographic adversarial planner against vision-language models in real-world environments
Yue Cao, Yun Xing, Jie Zhang, Di Lin, Tianwei Zhang, Ivor Tsang, Yang Liu, and Qing Guo. Scenetap: Scene-coherent typographic adversarial planner against vision-language models in real-world environments. In Proceedings of the Computer Vision and Pattern Recognition Conference, pages 25050–25059, 2025
2025
-
[38]
Adversarial example detection using semantic graph matching.Applied Soft Computing, 141:110317, 2023
Yuxin Gong, Shen Wang, Xunzhi Jiang, Liyao Yin, and Fanghui Sun. Adversarial example detection using semantic graph matching.Applied Soft Computing, 141:110317, 2023
2023
-
[39]
Defense-gan: Protecting classifiers against adversarial attacks using generative models
Pouya Samangouei, Mohammad Kabkab, and Rama Chellappa. Defense-gan: Protecting classifiers against adversarial attacks using generative models. InInternational Conference on Learning Representations (ICLR), 2018
2018
-
[40]
Ganomaly: Semi-supervised anomaly detection via adversarial training
Samet Akcay, Amir Atapour-Abarghouei, and Toby P Breckon. Ganomaly: Semi-supervised anomaly detection via adversarial training. InAsian conference on computer vision, pages 622–637. Springer, 2018
2018
-
[41]
G-vae: Variational autoencoder-based adversarial attacks and defenses in industrial control systems.Computers and Electrical Engineering, 124:110290, 2025
Lijuan Xu, Zhi Yang, Dawei Zhao, Fuqiang Yu, Yang Zhou, and Hu Zhang. G-vae: Variational autoencoder-based adversarial attacks and defenses in industrial control systems.Computers and Electrical Engineering, 124:110290, 2025
2025
-
[42]
Cheng Qian, Wenzhong Tang, and Yanyang Wang. Rganomaly: Data reconstruction-based generative adversarial networks for multivariate time series anomaly detection in the internet of things.Future Generation Computer Systems, 167:107751, 2025. 19 APREPRINT- JUNE30, 2026
2025
-
[43]
Generating Adversarial Examples with Adversarial Networks
Chaowei Xiao, Bo Li, Jun-Yan Zhu, Warren He, Mingyan Liu, and Dawn Song. Generating adversarial examples with adversarial networks.arXiv preprint arXiv:1801.02610, 2018
work page internal anchor Pith review Pith/arXiv arXiv 2018
-
[44]
Robust pre-training by adversarial contrastive learning.Advances in neural information processing systems, 33:16199–16210, 2020
Ziyu Jiang, Tianlong Chen, Ting Chen, and Zhangyang Wang. Robust pre-training by adversarial contrastive learning.Advances in neural information processing systems, 33:16199–16210, 2020
2020
-
[45]
Gan-enabled u-shaped network for adversarial attack generation for autonomous unmanned vehicles.IEEE Transactions on Automation Science and Engineering, 2025
Zhitao He, Yongyi Chen, Ankang Chen, Dan Zhang, Hui Zhang, and Jingbing Zhang. Gan-enabled u-shaped network for adversarial attack generation for autonomous unmanned vehicles.IEEE Transactions on Automation Science and Engineering, 2025
2025
-
[46]
Fsd-gan: Generative adversarial training for face swap detection via the latent noise fingerprint.Journal of Computer Science and Technology, 40(2):397–412, 2025
Jia-Wei Ge, Jiu-Xin Cao, Zhi-Xiang Zhao, and Bo Liu. Fsd-gan: Generative adversarial training for face swap detection via the latent noise fingerprint.Journal of Computer Science and Technology, 40(2):397–412, 2025
2025
-
[47]
Fahimeh Fakour, Ali Mosleh, and Ramin Ramezani. A structured review of literature on uncertainty in machine learning & deep learning.arXiv preprint arXiv:2406.00332, 2024
-
[48]
Exploiting epistemic uncertainty of the deep learning models to generate adversarial samples.Multimedia Tools and Applications, 81(8):11479–11500, 2022
Omer Faruk Tuna, Ferhat Ozgur Catak, and M Taner Eskil. Exploiting epistemic uncertainty of the deep learning models to generate adversarial samples.Multimedia Tools and Applications, 81(8):11479–11500, 2022
2022
-
[49]
Dropout as a bayesian approximation: Representing model uncertainty in deep learning
Yarin Gal and Zoubin Ghahramani. Dropout as a bayesian approximation: Representing model uncertainty in deep learning. Ininternational conference on machine learning, pages 1050–1059. PMLR, 2016
2016
-
[50]
Simple and scalable predictive uncertainty estimation using deep ensembles.Advances in neural information processing systems, 30, 2017
Balaji Lakshminarayanan, Alexander Pritzel, and Charles Blundell. Simple and scalable predictive uncertainty estimation using deep ensembles.Advances in neural information processing systems, 30, 2017
2017
-
[51]
Evidential deep learning to quantify classification uncertainty
Murat Sensoy, Lance Kaplan, and Melih Kandemir. Evidential deep learning to quantify classification uncertainty. Advances in Neural Information Processing Systems (NeurIPS), 31, 2018
2018
-
[52]
Yulong Wang, Tong Sun, Shenghong Li, Xin Yuan, Wei Ni, Ekram Hossain, and H Vincent Poor. Adversarial attacks and defenses in machine learning-empowered communication systems and networks: A contemporary survey.IEEE Communications Surveys & Tutorials, 25(4):2245–2298, 2023
2023
-
[53]
Mutual evidential deep learning for semi-supervised medical image segmentation
Yuanpeng He, Yali Bi, Lijian Li, Chi-Man Pun, Wenpin Jiao, and Zhi Jin. Mutual evidential deep learning for semi-supervised medical image segmentation. In2024 IEEE International Conference on Bioinformatics and Biomedicine (BIBM), pages 2010–2017. IEEE, 2024
2010
-
[54]
Evidential deep learning for class-incremental semantic segmentation
Karl Holmquist, Lena Klasén, and Michael Felsberg. Evidential deep learning for class-incremental semantic segmentation. InScandinavian conference on image analysis, pages 32–48. Springer, 2023
2023
-
[55]
Intriguing properties of neural networks
Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. Intriguing properties of neural networks. InInternational Conference on Learning Representations (ICLR), 2014
2014
-
[56]
Explaining and Harnessing Adversarial Examples
Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572, 2015
work page internal anchor Pith review Pith/arXiv arXiv 2015
-
[57]
Gradient correction for white-box adversarial attacks.IEEE Transactions on Neural Networks and Learning Systems, 35(12):18419–18430, 2023
Hongying Liu, Zhijin Ge, Zhenyu Zhou, Fanhua Shang, Yuanyuan Liu, and Licheng Jiao. Gradient correction for white-box adversarial attacks.IEEE Transactions on Neural Networks and Learning Systems, 35(12):18419–18430, 2023
2023
-
[58]
A review of black-box adversarial attacks on image classification.Neurocomputing, 610:128512, 2024
Yanfei Zhu, Yaochi Zhao, Zhuhua Hu, Tan Luo, and Like He. A review of black-box adversarial attacks on image classification.Neurocomputing, 610:128512, 2024
2024
-
[59]
Lisard: learning image similarity to defend against gray-box adversarial attacks.PeerJ Computer Science, 12:e3735, 2026
Joana Cabral Costa, Tiago Roxo, Hugo Proença, and Pedro RM Inácio. Lisard: learning image similarity to defend against gray-box adversarial attacks.PeerJ Computer Science, 12:e3735, 2026
2026
-
[60]
White-box adversarial exploitation of nids: Insights from fgsm, pgd, and c&w
Uliya Ashfaque Ali, Krish Dogra, and Seema Sharma. White-box adversarial exploitation of nids: Insights from fgsm, pgd, and c&w. In2025 2nd International Conference on Computational Intelligence, Communication Technology and Networking (CICTN), pages 668–673. IEEE, 2025
2025
-
[61]
Pgd–ppm: A hybrid framework for enhancing adversarial robustness in traffic sign recognition system.IEEE Access, 2026
Raiyah Rub, Shaheena Noor, Irfan Ahmed Usmani, and Zain Anwar Ali. Pgd–ppm: A hybrid framework for enhancing adversarial robustness in traffic sign recognition system.IEEE Access, 2026
2026
-
[62]
Benchmarking adversarial patch against aerial detection.IEEE Transactions on Geoscience and Remote Sensing, 60:1–16, 2022
Jiawei Lian, Shaohui Mei, Shun Zhang, and Mingyang Ma. Benchmarking adversarial patch against aerial detection.IEEE Transactions on Geoscience and Remote Sensing, 60:1–16, 2022
2022
-
[63]
Semantic adversarial attacks: Parametric transformations that fool deep classifiers
Ameya Joshi, Amitangshu Mukherjee, Soumik Sarkar, and Chinmay Hegde. Semantic adversarial attacks: Parametric transformations that fool deep classifiers. InProceedings of the IEEE/CVF international conference on computer vision, pages 4773–4783, 2019
2019
-
[64]
G&g attack: General and geometry-aware adversarial attack on the point cloud.Applied Sciences, 15(1):448, 2025
Geng Chen, Zhiwen Zhang, Yuanxi Peng, Chunchao Li, and Teng Li. G&g attack: General and geometry-aware adversarial attack on the point cloud.Applied Sciences, 15(1):448, 2025. 20 APREPRINT- JUNE30, 2026
2025
-
[65]
Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples
Nicolas Papernot, Patrick McDaniel, Ananthram Swami, and Richard Harang. Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. InarXiv preprint arXiv:1605.07277, 2016
work page internal anchor Pith review Pith/arXiv arXiv 2016
-
[66]
Why relu networks yield high-confidence predictions far away from the training data and how to mitigate the problem
Matthias Hein and Maksym Andriushchenko. Why relu networks yield high-confidence predictions far away from the training data and how to mitigate the problem. InIEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 41–50, 2019
2019
-
[67]
Post-selection inference in multiverse analysis (pima): an inferential framework based on the sign flipping score test.psychometrika, 89(2):542–568, 2024
Paolo Girardi, Anna Vesely, Daniël Lakens, Gianmarco Altoè, Massimiliano Pastore, Antonio Calcagnì, and Livio Finos. Post-selection inference in multiverse analysis (pima): an inferential framework based on the sign flipping score test.psychometrika, 89(2):542–568, 2024
2024
-
[68]
Rlsbench: Domain adaptation under relaxed label shift
Saurabh Garg, Nick Erickson, James Sharpnack, Alex Smola, Sivaraman Balakrishnan, and Zachary Chase Lipton. Rlsbench: Domain adaptation under relaxed label shift. InInternational Conference on Machine Learning, pages 10879–10928. PMLR, 2023
2023
-
[69]
Good seed makes a good crop: Discovering secret seeds in text-to-image diffusion models
Katherine Xu, Lingzhi Zhang, and Jianbo Shi. Good seed makes a good crop: Discovering secret seeds in text-to-image diffusion models. In2025 IEEE/CVF Winter Conference on Applications of Computer Vision (WACV), pages 3024–3034. IEEE, 2025
2025
-
[70]
Bridging auditory perception and natural language processing with semantically informed deep neural networks.Scientific Reports, 14(1):20994, 2024
Michele Esposito, Giancarlo Valente, Yenisel Plasencia-Calaña, Michel Dumontier, Bruno L Giordano, and Elia Formisano. Bridging auditory perception and natural language processing with semantically informed deep neural networks.Scientific Reports, 14(1):20994, 2024
2024
-
[71]
Improving machine learning based phase and hardness prediction of high-entropy alloys by using gaussian noise augmented data.Computational Materials Science, 223:112140, 2023
Yicong Ye, Yahao Li, Runlong Ouyang, Zhouran Zhang, Yu Tang, and Shuxin Bai. Improving machine learning based phase and hardness prediction of high-entropy alloys by using gaussian noise augmented data.Computational Materials Science, 223:112140, 2023
2023
-
[72]
Constructing semantics-aware adversarial examples with a probabilistic perspective.Advances in Neural Information Processing Systems, 37:136259–136285, 2024
Andi Zhang, Mingtian Zhang, and Damon Wischik. Constructing semantics-aware adversarial examples with a probabilistic perspective.Advances in Neural Information Processing Systems, 37:136259–136285, 2024
2024
-
[73]
Robust adversarial quantification via conflict-aware evidential deep learning
Charmaine Barker, Daniel Bethell, and Simos Gerasimou. Robust adversarial quantification via conflict-aware evidential deep learning. InThe Fourteenth International Conference on Learning Representations. York, 2026
2026
-
[74]
Uncertainty estimation using a single deep deterministic neural network
Joost Van Amersfoort, Lewis Smith, Yee Whye Teh, and Yarin Gal. Uncertainty estimation using a single deep deterministic neural network. InInternational Conference on Machine Learning (ICML), pages 9690–9700, 2020. 21
2020
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.