references.bib

@article{jabary2024seeing,
  title={Seeing Through the Mask: Rethinking Adversarial Examples for CAPTCHAs},
  author={Jabary, Yahya and Plesner, Andreas and Kuzhagaliyev, Turlan and Wattenhofer, Roger},
  journal={arXiv preprint arXiv:2409.05558},
  year={2024}
}
@inproceedings{plesner2024breaking,
  title={Breaking reCAPTCHAv2},
  author={Plesner, Andreas and Vontobel, Tobias and Wattenhofer, Roger},
  booktitle={48th IEEE International Conference on Computers, Software, and Applications (COMPSAC 2024)},
  year={2024},
  organization={IEEE}
}
@inproceedings {218395,
  author = {James Mickens},
  title = {Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible? A: Because Keynote Speakers Make Bad Life Decisions and Are Poor Role Models},
  booktitle = {27th USENIX Security Symposium (USENIX Security 18)},
  year = {2018},
  isbn = {978-1-939133-04-5},
  address = {Baltimore, MD},
  url = {https://www.usenix.org/conference/usenixsecurity18/presentation/mickens},
  publisher = {USENIX Association},
  month = aug
}

% 
% computational geometry stuff
% 

@article{hornik1989multilayer,
  title={Multilayer feedforward networks are universal approximators},
  author={Hornik, Kurt and Stinchcombe, Maxwell and White, Halbert},
  journal={Neural networks},
  volume={2},
  number={5},
  pages={359--366},
  year={1989},
  publisher={Elsevier}
}
@article{mentzer2020high,
  title={High-Fidelity Generative Image Compression},
  author={Mentzer, Fabian and Toderici, George D and Tschannen, Michael and Agustsson, Eirikur},
  journal={Advances in Neural Information Processing Systems},
  volume={33},
  year={2020}
}
@article{seidel1998nature,
  title={The nature and meaning of perturbations in geometric computing},
  author={Seidel, Raimund},
  journal={Discrete \& Computational Geometry},
  volume={19},
  pages={1--17},
  year={1998},
  publisher={Springer}
}
@book{de2000computational,
  title={Computational geometry: algorithms and applications},
  author={De Berg, Mark},
  year={2000},
  publisher={Springer Science \& Business Media}
}
@article{edelsbrunner2002topological,
  title={Topological persistence and simplification},
  author={Edelsbrunner and Letscher and Zomorodian},
  journal={Discrete \& computational geometry},
  volume={28},
  pages={511--533},
  year={2002},
  publisher={Springer}
}
@inproceedings{edelsbrunner2001sink,
  title={Sink-insertion for mesh improvement},
  author={Edelsbrunner, Herbert and Guoy, Damrong},
  booktitle={Proceedings of the seventeenth annual symposium on Computational geometry},
  pages={115--123},
  year={2001}
}
@article{edelsbrunner1990simulation,
  title={Simulation of simplicity: a technique to cope with degenerate cases in geometric algorithms},
  author={Edelsbrunner, Herbert and M{\"u}cke, Ernst Peter},
  journal={ACM Transactions on Graphics (tog)},
  volume={9},
  number={1},
  pages={66--104},
  year={1990},
  publisher={ACM New York, NY, USA}
}
@article{levy2016robustness,
  title={Robustness and efficiency of geometric programs: The Predicate Construction Kit (PCK)},
  author={L{\'e}vy, Bruno},
  journal={Computer-Aided Design},
  volume={72},
  pages={3--12},
  year={2016},
  publisher={Elsevier}
}
@article{franklin2022implementing,
  title={Implementing Simulation of Simplicity for geometric degeneracies},
  author={Franklin, W Randolph and de Magalh{\~a}es, Salles Viana Gomes},
  journal={arXiv preprint arXiv:2212.08226},
  year={2022}
}
@article{schorn1993axiomatic,
  title={An axiomatic approach to robust geometric programs},
  author={Schorn, Peter},
  journal={Journal of symbolic computation},
  volume={16},
  number={2},
  pages={155--165},
  year={1993},
  publisher={Elsevier}
}

%
% motivation
%

@misc{vulnhuntr,
  title = {vulnhuntr},
  author = {ProtectAI},
  year = {2024},
  publisher = {GitHub},
  howpublished = {\url{https://github.com/protectai/vulnhuntr}},
  note = {GitHub repository},
  commit = {}
}
@online{carlini2019adversarial,
    author = {Carlini, Nicholas},
    title = {A Complete List of All Adversarial Example Papers},
    year = {2019},
    month = {6},
    day = {15},
    url = {https://nicholas.carlini.com/writing/2019/all-adversarial-example-papers.html}
}
@article{keysers2019measuring,
  title={Measuring compositional generalization: A comprehensive method on realistic data},
  author={Keysers, Daniel and Sch{\"a}rli, Nathanael and Scales, Nathan and Buisman, Hylke and Furrer, Daniel and Kashubin, Sergii and Momchev, Nikola and Sinopalnikov, Danila and Stafiniak, Lukasz and Tihon, Tibor and others},
  journal={arXiv preprint arXiv:1912.09713},
  year={2019}
}
@article{Miller2017ComputerVO,
  title={Computer Vision on the Battlefield: Can Machines Distinguish Between Enemy and Civilian in Military Urban Operations?},
  author={Ian Miller},
  journal={Mechanical Engineering eJournal},
  year={2017},
  url={https://api.semanticscholar.org/CorpusID:237530499}
}
@online{bigsleep2024,
  author = {{Big Sleep Team}},
  title = {From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code},
  year = {2024},
  month = {10},
  organization = {Google Project Zero},
  note = {A collaboration between Google Project Zero and Google DeepMind}
}
@article{Ananthaswamy2024,
  title={New Theory Suggests Chatbots Can Understand Text},
  author={Ananthaswamy, Anil},
  journal={Quanta Magazine},
  year={2024},
  month={January},
  day={22},
  publisher={Simons Foundation}
}
@article{qiu2024can,
  title={Can Large Language Models Understand Symbolic Graphics Programs?},
  author={Qiu, Zeju and Liu, Weiyang and Feng, Haiwen and Liu, Zhen and Xiao, Tim Z and Collins, Katherine M and Tenenbaum, Joshua B and Weller, Adrian and Black, Michael J and Sch{\"o}lkopf, Bernhard},
  journal={arXiv preprint arXiv:2408.08313},
  year={2024}
}
@misc{FLI2023pause,
    title = {Pause Giant {AI} Experiments: An Open Letter},
    author = {{Future of Life Institute}},
    year = {2023},
    month = {March},
    day = {22},
    howpublished = {Future of Life Institute},
    note = {Open letter calling for pause in AI development}
}
@article{hendrycks2021unsolved,
  title={Unsolved problems in ml safety},
  author={Hendrycks, Dan and Carlini, Nicholas and Schulman, John and Steinhardt, Jacob},
  journal={arXiv preprint arXiv:2109.13916},
  year={2021}
}
@online{80000hours_infosec,
    title = {Information security in high-impact areas career review},
    author = {80000 Hours},
    organization = {80000 Hours},
    year = {2024},
    url = {https://80000hours.org/career-reviews/information-security/},
    urldate = {2024-12-27}
}
@online{80000hours_ai_2024,
    author = {80000 Hours},
    title = {Preventing an AI-related catastrophe},
    year = {2024},
    url = {https://80000hours.org/problem-profiles/artificial-intelligence/},
    organization = {80000 Hours},
    urldate = {2024-12-27}
}
@online{boozallen2023adversarialother,
    title = {Booz Allen Hamilton Expands Adversarial AI Capabilities},
    author = {MSSPAlert},
    year = {2023},
    month = {September},
    day = {26},
    publisher = {MSSPAlert},
    keywords = {artificial intelligence, cybersecurity, HiddenLayer, Booz Allen Hamilton}
}
@online{boozallen2023adversarial,
    title = {Booz Allen Doubles Down on Adversarial AI Capabilities With New Investment},
    organization = {Business Wire},
    author = {{Booz Allen Hamilton}},
    year = {2023},
    month = {9},
    day = {26},
    location = {McLean, Virginia},
    publisher = {Business Wire},
    note = {Press Release}
}
@online{huggingface2024security,
    title = {Hugging Face partners with Wiz Research to Improve AI Security},
    author = {Hugging Face},
    year = {2024},
    organization = {Hugging Face},
    url = {https://huggingface.co/blog/hugging-face-wiz-security-blog},
    note = {Blog post discussing security improvements, pickle file security concerns, and partnership with Wiz Research}
}
@article{mitre2024ml,
    title = {MITRE, Microsoft, and 11 Other Organizations Take on Machine-Learning Threats},
    author = {Eidson, Bill},
    journal = {MITRE News and Insights},
    organization = {MITRE},
    year = {2024},
    url = {https://www.mitre.org/news-insights/impact-story/mitre-microsoft-and-11-other-organizations-take-machine-learning-threats},
    note = {Impact Story on the Adversarial Machine Learning Threat Matrix initiative},
    keywords = {artificial intelligence, machine learning, cybersecurity, threat matrix}
}
@misc{openphil2024adversarial,
    title = {Carnegie Mellon University — Research on Adversarial Examples},
    author = {{Open Philanthropy}},
    year = {2024},
    institution = {Open Philanthropy},
    note = {Grant of \$343,235 to support research on adversarial examples led by Professor Aditi Raghunathan}
}
@online{roy2020darpa,
    author = {Roy-Chowdhury, Amit and Krishnamurthy, Srikanth and Song, Chengyu and Asif, Salman},
    title = {{ECE and CSE faculty receive new DARPA grant on adversarial machine learning}},
    year = {2020},
    month = {7},
    day = {29},
    organization = {University of California, Riverside},
    type = {Web Article},
    note = {DARPA Machine Vision Disruption program grant announcement}
}
@online{coursera_adversarial_2024,
    author = {{Coursera Editorial Team}},
    title = {What Is Adversarial Machine Learning?},
    year = {2024},
    publisher = {Coursera},
    url = {https://www.coursera.org/articles/adversarial-machine-learning},
    urldate = {2024-12-09}
}
@article{cai2020robust,
    author = {Cai, Kenrick},
    title = {Robust Intelligence Raises \$14 Million Series A Led By Sequoia To Build Platform For Testing Machine Learning Applications},
    journal = {Forbes},
    year = {2020},
    month = {October},
    day = {21},
    publisher = {Forbes Media LLC}
}
@online{robustintelligence2024,
    title = {AI Application Security},
    author = {{Robust Intelligence}},
    year = {2024},
    organization = {Robust Intelligence},
    url = {https://www.robustintelligence.com/ai-application-security},
    urldate = {2024-12-09}
}
@ARTICLE{9154468,
  author={Rahman, Abdur and Hossain, M. Shamim and Alrajeh, Nabil A. and Alsolami, Fawaz},
  journal={IEEE Internet of Things Journal}, 
  title={Adversarial Examples—Security Threats to COVID-19 Deep Learning Systems in Medical IoT Devices}, 
  year={2021},
  volume={8},
  number={12},
  pages={9603-9610},
  keywords={Machine learning;Medical diagnostic imaging;Perturbation methods;Computed tomography;Biological system modeling;Image recognition;Adversarial examples (AEs);COVID-19;deep learning (DL);medical IoT},
  doi={10.1109/JIOT.2020.3013710}
}
@article{najafi2024dft,
  title={DFT-Based Adversarial Attack Detection in MRI Brain Imaging: Enhancing Diagnostic Accuracy in Alzheimer's Case Studies},
  author={Najafi, Mohammad Hossein and Morsali, Mohammad and Vahediahmar, Mohammadmahdi and Shouraki, Saeed Bagheri},
  journal={arXiv preprint arXiv:2408.08489},
  year={2024}
}
@article{jogani2022analysis,
  title={Analysis of Explainable Artificial Intelligence Methods on Medical Image Classification},
  author={Jogani, Vinay and Purohit, Joy and Shivhare, Ishaan and Shrawne, Seema C},
  journal={arXiv preprint arXiv:2212.10565},
  year={2022}
}
@inproceedings{Rudolph2008DevelopingPS,
  title={Developing Protective Strategies forCriticalBuilding Infrastructures Potentially Subjected to M alevolentThreats* By},
  author={Rudolph and Rudolph V. Matalucci and Jon T. Matalucci},
  year={2008},
  url={https://api.semanticscholar.org/CorpusID:111438592}
}
@article{Halak2022TowardsAP,
  title={Towards Autonomous Physical Security Defenses using Machine Learning},
  author={Basel Halak and Christian Hall and Syed Fathir and Nelson Kit and Ruwaydah Raymonde and Michael Gimson and Ahmad Kida and Hugo Vincent},
  journal={IEEE Access},
  year={2022},
  volume={PP},
  pages={1-1},
  url={https://api.semanticscholar.org/CorpusID:248849785}
}
@article{Ulybyshev2021TrustworthyDA,
  title={Trustworthy Data Analysis and Sensor Data Protection in Cyber-Physical Systems},
  author={Denis A. Ulybyshev and Ibrahim Yilmaz and Bradley Northern and Vadim Kholodilo and Mike Rogers},
  journal={Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems},
  year={2021},
  url={https://api.semanticscholar.org/CorpusID:233384629}
}
@article{Chevardin2023AnalysisOA,
  title={Analysis of adversarial attacks on the machine learning models of cyberprotection systems.},
  author={V. Chevardin and O. Yurchenko and O. V. Zaluzhnyi and Ye. Peleshok},
  journal={Communication, informatization and cybersecurity systems and technologies},
  year={2023},
  url={https://api.semanticscholar.org/CorpusID:266487123}
}
@article{Moradpoor2023TheTO,
  title={The Threat of Adversarial Attacks Against Machine Learning-based Anomaly Detection Approach in a Clean Water Treatment System},
  author={Naghmeh Moradpoor and Leandros A. Maglaras and Ezra Abah and Andres Robles-Durazno},
  journal={2023 19th International Conference on Distributed Computing in Smart Systems and the Internet of Things (DCOSS-IoT)},
  year={2023},
  pages={453-460},
  url={https://api.semanticscholar.org/CorpusID:262980912}
}
@article{Tsai2024EffectiveAE,
  title={Effective Adversarial Examples Identification of Credit Card Transactions},
  author={Min-Yan Tsai and Hsin-Hung Cho and Chia-Mu Yu and Yao-Chung Chang and Han-Chieh Chao},
  journal={IEEE Intelligent Systems},
  year={2024},
  volume={39},
  pages={50-59},
  url={https://api.semanticscholar.org/CorpusID:268628851}
}
@inproceedings{Agarwal2021BlackBoxAE,
  title={Black-Box Adversarial Entry in Finance through Credit Card Fraud Detection},
  author={Akshay Agarwal and Nalini K. Ratha},
  booktitle={CIKM Workshops},
  year={2021},
  url={https://api.semanticscholar.org/CorpusID:245540840}
}
@article{Gu2022DeepLT,
  title={Deep Learning Techniques in Financial Fraud Detection},
  author={Kuangyi Gu},
  journal={Proceedings of the 7th International Conference on Cyber Security and Information Engineering},
  year={2022},
  url={https://api.semanticscholar.org/CorpusID:253120915}
}
@article{Patel2019AdaptiveAV,
  title={Adaptive Adversarial Videos on Roadside Billboards: Dynamically Modifying Trajectories of Autonomous Vehicles},
  author={Naman Patel and Prashanth Krishnamurthy and Siddharth Garg and Farshad Khorrami},
  journal={2019 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS)},
  year={2019},
  pages={5916-5921},
  url={https://api.semanticscholar.org/CorpusID:210971572}
}
@article{Ji2021PoltergeistAA,
  title={Poltergeist: Acoustic Adversarial Machine Learning against Cameras and Computer Vision},
  author={Xiaoyu Ji and Yushi Cheng and Yuepeng Zhang and Kai Wang and Chen Yan and Wenyuan Xu and Kevin Fu},
  journal={2021 IEEE Symposium on Security and Privacy (SP)},
  year={2021},
  pages={160-175},
  url={https://api.semanticscholar.org/CorpusID:235601506}
}
@article{Axelrod2017CybersecurityCO,
  title={Cybersecurity challenges of systems-of-systems for fully-autonomous road vehicles},
  author={C. Warren Axelrod},
  journal={2017 13th International Conference and Expo on Emerging Technologies for a Smarter World (CEWIT)},
  year={2017},
  pages={1-6},
  url={https://api.semanticscholar.org/CorpusID:29935654}
}
@article{Chahar2024AdversarialTI,
  title={Adversarial Threats in Machine Learning: A Critical Analysis},
  author={Suman Chahar and Sonali Gupta and Isha Dhingra and Kuldeep Singh Kaswan},
  journal={2024 International Conference on Computational Intelligence and Computing Applications (ICCICA)},
  year={2024},
  volume={1},
  pages={253-258},
  url={https://api.semanticscholar.org/CorpusID:271116821}
}
@ARTICLE{9099439,
  author={Sadeghi, Koosha and Banerjee, Ayan and Gupta, Sandeep K. S.},
  journal={IEEE Transactions on Emerging Topics in Computational Intelligence}, 
  title={A System-Driven Taxonomy of Attacks and Defenses in Adversarial Machine Learning}, 
  year={2020},
  volume={4},
  number={4},
  pages={450-467},
  keywords={Taxonomy;Machine learning;Robustness;Security;Observers;Machine learning algorithms;Computational intelligence;Computational intelligence (CI);adversarial machine learning;supervised learning;attack model;defense model},
  doi={10.1109/TETCI.2020.2968933}
}
@article{Khadka2022ResilientML,
  title={Resilient Machine Learning in Space Systems: Pose Estimation as a Case Study},
  author={Anita Khadka and Saurav Sthapit and Gregory Epiphaniou and Carsten Maple},
  journal={2022 IEEE Aerospace Conference (AERO)},
  year={2022},
  pages={1-9},
  url={https://api.semanticscholar.org/CorpusID:251472990}
}
@inproceedings{yilmaz2021privacy,
  title={Privacy protection of grid users data with blockchain and adversarial machine learning},
  author={Yilmaz, Ibrahim and Kapoor, Kavish and Siraj, Ambareen and Abouyoussef, Mahmoud},
  booktitle={proceedings of the 2021 ACM workshop on secure and trustworthy cyber-physical systems},
  pages={33--38},
  year={2021}
}
@inproceedings{apruzzese2023real,
  title={“real attackers don't compute gradients”: bridging the gap between adversarial ml research and practice},
  author={Apruzzese, Giovanni and Anderson, Hyrum S and Dambra, Savino and Freeman, David and Pierazzi, Fabio and Roundy, Kevin},
  booktitle={2023 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)},
  pages={339--364},
  year={2023},
  organization={IEEE}
}
@article{kumar2020legal,
  title={Legal risks of adversarial machine learning research},
  author={Kumar, Ram Shankar Siva and Penney, Jonathon and Schneier, Bruce and Albert, Kendra},
  journal={arXiv preprint arXiv:2006.16179},
  year={2020}
}
@inproceedings{Cao2020HateGANAG,
  title={HateGAN: Adversarial Generative-Based Data Augmentation for Hate Speech Detection},
  author={Rui Cao and Roy Ka-Wei Lee},
  booktitle={International Conference on Computational Linguistics},
  year={2020},
  url={https://api.semanticscholar.org/CorpusID:227230383}
}
@article{Nurseitov2022ApplicationOM,
  title={Application of machine learning methods to detect and classify Core images using GAN and texture recognition},
  author={Daniyar B. Nurseitov and Kairat A. Bostanbekov and Galymzhan Abdimanap and Abdelrahman Abdallah and Anel N. Alimova and Darkhan Kurmangaliyev},
  journal={ArXiv},
  year={2022},
  volume={abs/2204.14224},
  url={https://api.semanticscholar.org/CorpusID:265674547}
}
@article{Zolotukhin2022AttacksAM,
  title={Attacks against Machine Learning Models in 5G Networks},
  author={Mikhail Zolotukhin and Di Zhang and Parsa Miraghaie and Timo H{\"a}m{\"a}l{\"a}inen and Wang Ke and Marja Dunderfelt},
  journal={2022 6th European Conference on Electrical Engineering \& Computer Science (ELECS)},
  year={2022},
  pages={106-114},
  url={https://api.semanticscholar.org/CorpusID:259102662}
}
@article{Yuan2023MultiSpacePhishET,
  title={Multi-SpacePhish: Extending the Evasion-space of Adversarial Attacks against Phishing Website Detectors Using Machine Learning},
  author={Ying Yuan and Giovanni Apruzzese and Mauro Conti},
  journal={Digital Threats: Research and Practice},
  year={2023},
  volume={5},
  pages={1 - 51},
  url={https://api.semanticscholar.org/CorpusID:266363431}
}
@inproceedings{Radlak2021DefendingAS,
  title={Defending against sparse adversarial attacks using impulsive noise reduction filters},
  author={Krystian Radlak and Michal Szczepankiewicz and Bogdan Smolka},
  booktitle={Defense + Commercial Sensing},
  year={2021},
  url={https://api.semanticscholar.org/CorpusID:234868177}
}
@article{to2023effectiveness,
  title={On the Effectiveness of Adversarial Samples against Ensemble Learning-based Windows PE Malware Detectors},
  author={To, Trong-Nghia and Kim, Danh Le and Hien, Do Thi Thu and Khoa, Nghi Hoang and Hoang, Hien Do and Duy, Phan The and Pham, Van-Hau},
  journal={arXiv preprint arXiv:2309.13841},
  year={2023}
}
@article{ifci2023AnalysisOT,
  title={Analysis of Turkey's Cybersecurity Strategies: Historical Developments, Scope, Content and Objectives},
  author={Hasan Çifci},
  journal={Sakarya University Journal of Science},
  year={2023},
  url={https://api.semanticscholar.org/CorpusID:268035521}
}
@INPROCEEDINGS{10585001,
  author={Chahar, Suman and Gupta, Sonali and Dhingra, Isha and Kaswan, Kuldeep Singh},
  booktitle={2024 International Conference on Computational Intelligence and Computing Applications (ICCICA)}, 
  title={Adversarial Threats in Machine Learning: A Critical Analysis}, 
  year={2024},
  volume={1},
  number={},
  pages={253-258},
  keywords={Training;Surveys;Technological innovation;Ethics;Terminology;Collaboration;Machine learning;Automobiles;Transportation;Cybersecurity;Adversarial Attacks;Model Explain-ability},
  doi={10.1109/ICCICA60014.2024.10585001}
}
@article{yuan2020fooling,
  title={Fooling the primate brain with minimal, targeted image manipulation},
  author={Yuan, Li and Xiao, Will and Dellaferrera, Giorgia and Kreiman, Gabriel and Tay, Francis EH and Feng, Jiashi and Livingstone, Margaret S},
  journal={arXiv preprint arXiv:2011.05623},
  year={2020}
}

%
% intro
%

@article{szegedy2013intriguing,
  title={Intriguing properties of neural networks},
  author={Szegedy, C},
  journal={arXiv preprint arXiv:1312.6199},
  year={2013}
}
@article{zhang2019adversarial,
  title={Adversarial examples: Opportunities and challenges},
  author={Zhang, Jiliang and Li, Chen},
  journal={IEEE transactions on neural networks and learning systems},
  volume={31},
  number={7},
  pages={2578--2593},
  year={2019},
  publisher={IEEE}
}
@inproceedings{korkmaz2023detecting,
  title={Detecting adversarial directions in deep reinforcement learning to make robust decisions},
  author={Korkmaz, Ezgi and Brown-Cohen, Jonah},
  booktitle={International Conference on Machine Learning},
  pages={17534--17543},
  year={2023},
  organization={PMLR}
}
@article{Han2022TextAA,
  title={Text Adversarial Attacks and Defenses: Issues, Taxonomy, and Perspectives},
  author={Xuechun Han and Ying Zhang and Wei Wang and Bin Wang},
  journal={Security and Communication Networks},
  year={2022},
  url={https://api.semanticscholar.org/CorpusID:248369346}
}
@inproceedings{rajaratnam2018noise,
  title={Noise flooding for detecting audio adversarial examples against automatic speech recognition},
  author={Rajaratnam, Krishan and Kalita, Jugal},
  booktitle={2018 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT)},
  pages={197--201},
  year={2018},
  organization={IEEE}
}
@article{Bai2018AdversarialEC,
  title={Adversarial Examples Construction Towards White-Box Q Table Variation in DQN Pathfinding Training},
  author={XiaoXuan Bai and Wenjia Niu and Jiqiang Liu and Xu Gao and Yingxiao Xiang and Jingjing Liu},
  journal={2018 IEEE Third International Conference on Data Science in Cyberspace (DSC)},
  year={2018},
  pages={781-787},
  url={https://api.semanticscholar.org/CorpusID:49895854}
}
@inproceedings{eisenhofer2023no,
  title={No more Reviewer\# 2: Subverting Automatic $\{$Paper-Reviewer$\}$ Assignment using Adversarial Learning},
  author={Eisenhofer, Thorsten and Quiring, Erwin and M{\"o}ller, Jonas and Riepel, Doreen and Holz, Thorsten and Rieck, Konrad},
  booktitle={32nd USENIX Security Symposium (USENIX Security 23)},
  pages={5109--5126},
  year={2023}
}
@article{capozzi2024adversarial,
  title={Adversarial Attacks against Binary Similarity Systems},
  author={Capozzi, Gianluca and D’Elia, Daniele Cono and Di Luna, Giuseppe Antonio and Querzoni, Leonardo},
  journal={IEEE Access},
  year={2024},
  publisher={IEEE}
}
@article{Kashyap2024AdversarialAA,
  title={Adversarial Attacks and Defenses in Deep Learning},
  author={Swati Kashyap and Akshay Sharma and Savit Gautam and Rishabh Sharma and Sneha Chauhan and Simran},
  journal={2024 International Conference on Emerging Innovations and Advanced Computing (INNOCOMP)},
  year={2024},
  pages={318-323},
  url={https://api.semanticscholar.org/CorpusID:272716335}
}
@article{browne2020semantics,
  title={Semantics and explanation: why counterfactual explanations produce adversarial examples in deep neural networks},
  author={Browne, Kieran and Swift, Ben},
  journal={arXiv preprint arXiv:2012.10076},
  year={2020}
}
@article{Khaleel2024AdversarialAI,
  title={Adversarial Attacks in Machine Learning: Key Insights and Defense Approaches},
  author={Yahya Layth Khaleel and Mustafa Abdulfattah Habeeb and Hussein Alnabulsi},
  journal={Applied Data Science and Analysis},
  year={2024},
  url={https://api.semanticscholar.org/CorpusID:272000855}
}
@article{garg2020bae,
  title={Bae: Bert-based adversarial examples for text classification},
  author={Garg, Siddhant and Ramakrishnan, Goutham},
  journal={arXiv preprint arXiv:2004.01970},
  year={2020}
}
@article{Li2022ASO,
  title={A Survey of Defense Methods Against Adversarial Examples},
  author={Yishan Li and Yanming Guo and Yuxiang Xie and Qi Wang},
  journal={2022 8th International Conference on Big Data and Information Analytics (BigDIA)},
  year={2022},
  pages={453-460},
  url={https://api.semanticscholar.org/CorpusID:252165991}
}
@article{li2022review,
  title={A review of adversarial attack and defense for classification methods},
  author={Li, Yao and Cheng, Minhao and Hsieh, Cho-Jui and Lee, Thomas CM},
  journal={The American Statistician},
  volume={76},
  number={4},
  pages={329--345},
  year={2022},
  publisher={Taylor \& Francis}
}
@inproceedings{li2019nattack,
  title={Nattack: Learning the distributions of adversarial examples for an improved black-box attack on deep neural networks},
  author={Li, Yandong and Li, Lijun and Wang, Liqiang and Zhang, Tong and Gong, Boqing},
  booktitle={International Conference on Machine Learning},
  pages={3866--3876},
  year={2019},
  organization={PMLR}
}
@article{zheng2023black,
  title={Black-box targeted adversarial attack on segment anything (sam)},
  author={Zheng, Sheng and Zhang, Chaoning and Hao, Xinhong},
  journal={arXiv preprint arXiv:2310.10010},
  year={2023}
}
@article{meng2020geometry,
  title={A geometry-inspired attack for generating natural language adversarial examples},
  author={Meng, Zhao and Wattenhofer, Roger},
  journal={arXiv preprint arXiv:2010.01345},
  year={2020}
}
@article{yang2024assessing,
  title={Assessing Adversarial Robustness of Large Language Models: An Empirical Study},
  author={Yang, Zeyu and Meng, Zhao and Zheng, Xiaochen and Wattenhofer, Roger},
  journal={arXiv preprint arXiv:2405.02764},
  year={2024}
}

%
% imperceptibliity
%

@online{brown2018unrestricted,
  author    = {Brown, Tom B. and Olsson, Catherine},
  title     = {Introducing the Unrestricted Adversarial Examples Challenge},
  year      = {2018},
  month     = {9},
  day       = {13},
  publisher = {Google Research Blog},
  organization = {Google Brain Team}
}
@article{theis2024makes,
  title={What makes an image realistic?},
  author={Theis, Lucas},
  journal={arXiv preprint arXiv:2403.04493},
  year={2024}
}
@article{lee2020semantics,
  title={Semantics-preserving adversarial training},
  author={Lee, Wonseok and Lee, Hanbit and Lee, Sang-goo},
  journal={arXiv preprint arXiv:2009.10978},
  year={2020}
}
@article{dia2019semantics,
  title={Semantics Preserving Adversarial Learning},
  author={Dia, Ousmane Amadou and Barshan, Elnaz and Babanezhad, Reza},
  journal={arXiv preprint arXiv:1903.03905},
  year={2019}
}
@incollection{herel2023preserving,
  title={Preserving semantics in textual adversarial attacks},
  author={Herel, David and Cisneros, Hugo and Mikolov, Tomas},
  booktitle={ECAI 2023},
  pages={1036--1043},
  year={2023},
  publisher={IOS Press}
}
@article{elsayed2018adversarial,
  title={Adversarial examples that fool both computer vision and time-limited humans},
  author={Elsayed, Gamaleldin and Shankar, Shreya and Cheung, Brian and Papernot, Nicolas and Kurakin, Alexey and Goodfellow, Ian and Sohl-Dickstein, Jascha},
  journal={Advances in neural information processing systems},
  volume={31},
  year={2018}
}
@article{cubuk2017intriguing,
  title={Intriguing properties of adversarial examples},
  author={Cubuk, Ekin D and Zoph, Barret and Schoenholz, Samuel S and Le, Quoc V},
  journal={arXiv preprint arXiv:1711.02846},
  year={2017}
}
@inproceedings{ning2023hflic,
  title={HFLIC: Human Friendly Perceptual Learned Image Compression with Reinforced Transform},
  author={Ning, Peirong and Jiang, Wei and Wang, Ronggang},
  booktitle={2023 International Conference on Communications, Computing and Artificial Intelligence (CCCAI)},
  pages={188--194},
  year={2023},
  organization={IEEE}
}
@inproceedings{careil2023towards,
  title={Towards image compression with perfect realism at ultra-low bitrates},
  author={Careil, Marlene and Muckley, Matthew J and Verbeek, Jakob and Lathuili{\`e}re, St{\'e}phane},
  booktitle={The Twelfth International Conference on Learning Representations},
  year={2023}
}
@article{veerabadran2023subtle,
  title={Subtle adversarial image manipulations influence both human and machine perception},
  author={Veerabadran, Vijay and Goldman, Josh and Shankar, Shreya and Cheung, Brian and Papernot, Nicolas and Kurakin, Alexey and Goodfellow, Ian and Shlens, Jonathon and Sohl-Dickstein, Jascha and Mozer, Michael C and others},
  journal={Nature Communications},
  volume={14},
  number={1},
  pages={4933},
  year={2023},
  publisher={Nature Publishing Group UK London}
}
@inproceedings{chen2023imperceptible,
  title={Imperceptible adversarial attack via invertible neural networks},
  author={Chen, Zihan and Wang, Ziyue and Huang, Jun-Jie and Zhao, Wentao and Liu, Xiao and Guan, Dejian},
  booktitle={Proceedings of the AAAI Conference on Artificial Intelligence},
  volume={37},
  number={1},
  pages={414--424},
  year={2023}
}
@inproceedings{mcguire2023neural,
  title={Do neural networks trained with topological features learn different internal representations?},
  author={McGuire, Sarah and Jackson, Shane and Emerson, Tegan and Kvinge, Henry},
  booktitle={NeurIPS Workshop on Symmetry and Geometry in Neural Representations},
  pages={122--136},
  year={2023},
  organization={PMLR}
}
@article{murphy2024correcting,
  title={Correcting Biased Centered Kernel Alignment Measures in Biological and Artificial Neural Networks},
  author={Murphy, Alex and Zylberberg, Joel and Fyshe, Alona},
  journal={arXiv preprint arXiv:2405.01012},
  year={2024}
}
@article{bansal2021revisiting,
  title={Revisiting model stitching to compare neural representations},
  author={Bansal, Yamini and Nakkiran, Preetum and Barak, Boaz},
  journal={Advances in neural information processing systems},
  volume={34},
  pages={225--236},
  year={2021}
}
@article{Agafonov2022AnEO,
  title={An Experiment on Localization of Ontology Concepts in Deep Convolutional Neural Networks},
  author={Anton Agafonov and Andrew Ponomarev},
  journal={Proceedings of the 11th International Symposium on Information and Communication Technology},
  year={2022},
  url={https://api.semanticscholar.org/CorpusID:254045293}
}
@article{Agafonov2022LocalizationOO,
  title={Localization of Ontology Concepts in Deep Convolutional Neural Networks},
  author={Anton Agafonov and Andrew Ponomarev},
  journal={2022 IEEE International Multi-Conference on Engineering, Computer and Information Sciences (SIBIRCON)},
  year={2022},
  pages={160-165},
  url={https://api.semanticscholar.org/CorpusID:256215614}
}
@article{bangaru2022interpreting,
  title={Interpreting Bias in the Neural Networks: A Peek Into Representational Similarity},
  author={Bangaru, Gnyanesh and Baru, Lalith Bharadwaj and Chakravarthula, Kiran},
  journal={arXiv preprint arXiv:2211.07774},
  year={2022}
}
@article{huh2024platonic,
  title={The platonic representation hypothesis},
  author={Huh, Minyoung and Cheung, Brian and Wang, Tongzhou and Isola, Phillip},
  journal={arXiv preprint arXiv:2405.07987},
  year={2024}
}
@inproceedings{moosavi2017universal,
  title={Universal adversarial perturbations},
  author={Moosavi-Dezfooli, Seyed-Mohsen and Fawzi, Alhussein and Fawzi, Omar and Frossard, Pascal},
  booktitle={Proceedings of the IEEE conference on computer vision and pattern recognition},
  pages={1765--1773},
  year={2017}
}
@article{geirhos2021partial,
  title={Partial success in closing the gap between human and machine vision},
  author={Geirhos, Robert and Narayanappa, Kantharaju and Mitzkus, Benjamin and Thieringer, Tizian and Bethge, Matthias and Wichmann, Felix A and Brendel, Wieland},
  journal={Advances in Neural Information Processing Systems},
  volume={34},
  pages={23885--23899},
  year={2021}
}
@ONLINE{teenybiscuittweet,
  author = {Zack, Karen},
  title = {Archive of deleted tweet by @teenybiscuit},
  url = {https://imgur.com/a/deep-learning-training-set-K4RWn},
  urldate = {2024-06-04}
}
@inproceedings{hendrycks2021natural,
  title={Natural adversarial examples},
  author={Hendrycks, Dan and Zhao, Kevin and Basart, Steven and Steinhardt, Jacob and Song, Dawn},
  booktitle={Proceedings of the IEEE/CVF conference on computer vision and pattern recognition},
  pages={15262--15271},
  year={2021}
}
@inproceedings{engstrom2019exploring,
  title={Exploring the landscape of spatial robustness},
  author={Engstrom, Logan and Tran, Brandon and Tsipras, Dimitris and Schmidt, Ludwig and Madry, Aleksander},
  booktitle={International conference on machine learning},
  pages={1802--1811},
  year={2019},
  organization={PMLR}
}
@article{gilmer2018motivating,
  title={Motivating the rules of the game for adversarial example research},
  author={Gilmer, Justin and Adams, Ryan P and Goodfellow, Ian and Andersen, David and Dahl, George E},
  journal={arXiv preprint arXiv:1807.06732},
  year={2018}
}
@article{fazlija2024real,
  title={How Real Is Real? A Human Evaluation Framework for Unrestricted Adversarial Examples},
  author={Fazlija, Dren and Orlov, Arkadij and Schrader, Johanna and Z{\"u}hlke, Monty-Maximilian and Rohs, Michael and Kudenko, Daniel},
  journal={arXiv preprint arXiv:2404.12653},
  year={2024}
}

%
% mental models
%

@inproceedings{sutskever2014sequence,
  title={Sequence to Sequence Learning with Neural Networks},
  author={Sutskever, Ilya and Vinyals, Oriol and Le, Quoc V.},
  booktitle={Neural Information Processing Systems (NeurIPS) Test of Time Award},
  year={2024},
  address={West Exhibition Hall C, B3},
  note={Presented at NeurIPS 2024 Test of Time Award Session}
}
@techreport{guerzhoy_ann,
    author = {Guerzhoy, Michael},
    title = {Understanding How Neural Networks See},
    institution = {University of Toronto},
    year = {2020},
    type = {Lecture Notes},
    series = {SML201},
    url = {https://www.cs.toronto.edu/~guerzhoy/201s20/lec/W12/ann.pdf}
}
@inproceedings{zhang2019theoretically,
  title={Theoretically principled trade-off between robustness and accuracy},
  author={Zhang, Hongyang and Yu, Yaodong and Jiao, Jiantao and Xing, Eric and El Ghaoui, Laurent and Jordan, Michael},
  booktitle={International conference on machine learning},
  pages={7472--7482},
  year={2019},
  organization={PMLR}
}
@article{Jha2018DetectingAE,
  title={Detecting Adversarial Examples Using Data Manifolds},
  author={Susmit Jha and Uyeong Jang and Somesh Jha and Borhan Jalaeian},
  journal={MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM)},
  year={2018},
  pages={547-552},
  url={https://api.semanticscholar.org/CorpusID:57376324}
}
@article{Sha2020ADA,
  title={A Defensive Approach against Adversarial Examples Based on Manifold Learning},
  author={Wei Sha and Yigui Luo and Yisi Wang and Zhongming Pan},
  journal={2020 IEEE 3rd International Conference on Computer and Communication Engineering Technology (CCET)},
  year={2020},
  pages={167-171},
  url={https://api.semanticscholar.org/CorpusID:222222557}
}
@article{dube2018high,
  title={High dimensional spaces, deep learning and adversarial examples},
  author={Dube, Simant},
  journal={arXiv preprint arXiv:1801.00634},
  year={2018}
}
@article{shamir2021dimpled,
  title={The dimpled manifold model of adversarial examples in machine learning},
  author={Shamir, Adi and Melamed, Odelia and BenShmuel, Oriel},
  journal={arXiv preprint arXiv:2106.10151},
  year={2021}
}
@article{Alatwi2023RealismVP,
  title={Realism versus Performance for Adversarial Examples Against DL-based NIDS},
  author={Huda Ali Alatwi and Charles Morisset},
  journal={Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing},
  year={2023},
  url={https://api.semanticscholar.org/CorpusID:259099406}
}
@inproceedings{dyrmishi2023empirical,
  title={On the empirical effectiveness of unrealistic adversarial hardening against realistic adversarial attacks},
  author={Dyrmishi, Salijona and Ghamizi, Salah and Simonetto, Thibault and Le Traon, Yves and Cordy, Maxime},
  booktitle={2023 IEEE symposium on security and privacy (SP)},
  pages={1384--1400},
  year={2023},
  organization={IEEE}
}
@article{khoury2018geometry,
  title={On the geometry of adversarial examples},
  author={Khoury, Marc and Hadfield-Menell, Dylan},
  journal={arXiv preprint arXiv:1811.00525},
  year={2018}
}
@article{engstrom2019a,
  author = {Engstrom, Logan and Gilmer, Justin and Goh, Gabriel and Hendrycks, Dan and Ilyas, Andrew and Madry, Aleksander and Nakano, Reiichiro and Nakkiran, Preetum and Santurkar, Shibani and Tran, Brandon and Tsipras, Dimitris and Wallace, Eric},
  title = {A Discussion of 'Adversarial Examples Are Not Bugs, They Are Features'},
  journal = {Distill},
  year = {2019},
  note = {https://distill.pub/2019/advex-bugs-discussion},
  doi = {10.23915/distill.00019}
}
@article{raghunathan2018certified,
  title={Certified defenses against adversarial examples},
  author={Raghunathan, Aditi and Steinhardt, Jacob and Liang, Percy},
  journal={arXiv preprint arXiv:1801.09344},
  year={2018}
}
@inproceedings{wong2018provable,
  title={Provable defenses against adversarial examples via the convex outer adversarial polytope},
  author={Wong, Eric and Kolter, Zico},
  booktitle={International conference on machine learning},
  pages={5286--5295},
  year={2018},
  organization={PMLR}
}
@article{xiao2018training,
  title={Training for faster adversarial robustness verification via inducing relu stability},
  author={Xiao, Kai Y and Tjeng, Vincent and Shafiullah, Nur Muhammad and Madry, Aleksander},
  journal={arXiv preprint arXiv:1809.03008},
  year={2018}
}
@inproceedings{cohen2019certified,
  title={Certified adversarial robustness via randomized smoothing},
  author={Cohen, Jeremy and Rosenfeld, Elan and Kolter, Zico},
  booktitle={international conference on machine learning},
  pages={1310--1320},
  year={2019},
  organization={PMLR}
}
@article{fawzi2018adversarial,
  title={Adversarial vulnerability for any classifier},
  author={Fawzi, Alhussein and Fawzi, Hamza and Fawzi, Omar},
  journal={Advances in neural information processing systems},
  volume={31},
  year={2018}
}
@inproceedings{mahloujifar2019curse,
  title={The curse of concentration in robust learning: Evasion and poisoning attacks from concentration of measure},
  author={Mahloujifar, Saeed and Diochnos, Dimitrios I and Mahmoody, Mohammad},
  booktitle={Proceedings of the AAAI Conference on Artificial Intelligence},
  volume={33},
  number={01},
  pages={4536--4543},
  year={2019}
}
@article{shafahi2018adversarial,
  title={Are adversarial examples inevitable?},
  author={Shafahi, Ali and Huang, W Ronny and Studer, Christoph and Feizi, Soheil and Goldstein, Tom},
  journal={arXiv preprint arXiv:1809.02104},
  year={2018}
}
@article{gilmer2018adversarial,
  title={Adversarial spheres},
  author={Gilmer, Justin and Metz, Luke and Faghri, Fartash and Schoenholz, Samuel S and Raghu, Maithra and Wattenberg, Martin and Goodfellow, Ian},
  journal={arXiv preprint arXiv:1801.02774},
  year={2018}
}
@article{madry2017towards,
  title={Towards deep learning models resistant to adversarial attacks},
  author={Madry, Aleksander},
  journal={arXiv preprint arXiv:1706.06083},
  year={2017}
}
@article{schmidt2018adversarially,
  title={Adversarially robust generalization requires more data},
  author={Schmidt, Ludwig and Santurkar, Shibani and Tsipras, Dimitris and Talwar, Kunal and Madry, Aleksander},
  journal={Advances in neural information processing systems},
  volume={31},
  year={2018}
}
@article{tanay2016boundary,
  title={A boundary tilting persepective on the phenomenon of adversarial examples},
  author={Tanay, Thomas and Griffin, Lewis},
  journal={arXiv preprint arXiv:1608.07690},
  year={2016}
}
@article{kim2019bridging,
  title={Bridging adversarial robustness and gradient interpretability},
  author={Kim, Beomsu and Seo, Junghoon and Jeon, Taegyun},
  journal={arXiv preprint arXiv:1903.11626},
  year={2019}
}
@article{fawzi2016robustness,
  title={Robustness of classifiers: from adversarial to random noise},
  author={Fawzi, Alhussein and Moosavi-Dezfooli, Seyed-Mohsen and Frossard, Pascal},
  journal={Advances in neural information processing systems},
  volume={29},
  year={2016}
}
@article{ford2019adversarial,
  title={Adversarial examples are a natural consequence of test error in noise},
  author={Ford, Nic and Gilmer, Justin and Carlini, Nicolas and Cubuk, Dogus},
  journal={arXiv preprint arXiv:1901.10513},
  year={2019}
}
@inproceedings{lecuyer2019certified,
  title={Certified robustness to adversarial examples with differential privacy},
  author={Lecuyer, Mathias and Atlidakis, Vaggelis and Geambasu, Roxana and Hsu, Daniel and Jana, Suman},
  booktitle={2019 IEEE symposium on security and privacy (SP)},
  pages={656--672},
  year={2019},
  organization={IEEE}
}
@article{goodfellow2014explaining,
  title={Explaining and harnessing adversarial examples},
  author={Goodfellow, Ian J and Shlens, Jonathon and Szegedy, Christian},
  journal={arXiv preprint arXiv:1412.6572},
  year={2014}
}
@inproceedings{athalye2018obfuscated,
  title={Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples},
  author={Athalye, Anish and Carlini, Nicholas and Wagner, David},
  booktitle={International conference on machine learning},
  pages={274--283},
  year={2018},
  organization={PMLR}
}
@inproceedings{bubeck2019adversarial,
  title={Adversarial examples from computational constraints},
  author={Bubeck, S{\'e}bastien and Lee, Yin Tat and Price, Eric and Razenshteyn, Ilya},
  booktitle={International Conference on Machine Learning},
  pages={831--840},
  year={2019},
  organization={PMLR}
}
@article{nakkiran2019adversarial,
  title={Adversarial robustness may be at odds with simplicity},
  author={Nakkiran, Preetum},
  journal={arXiv preprint arXiv:1901.00532},
  year={2019}
}
@misc{kilcher2021dimpled,
  author = {Yannic Kilcher},
  title = {{The Dimpled Manifold Model of Adversarial Examples in Machine Learning (Research Paper Explained)}},
  howpublished = "\url{https://www.youtube.com/watch?v=k_hUdZJNzkU/}",
  year = {2021}, 
  note = "[Online; accessed 17-July-2024]"
}
@misc{kilcher2021dimpledcode,
  author = {Yannic Kilcher},
  title = {{Dimpled Manifold Counter Example}},
  howpublished = "\url{https://gist.github.com/yk/de8d987c4eb6a39b6d9c08f0744b1f64/}",
  year = {2021}, 
  note = "[Online; accessed 17-July-2024]"
}
@misc{karner2023dimpled,
  author = {Lukas Karner},
  title = {{The Dimpled Manifold Revisited}},
  howpublished = "\url{https://github.com/LukasKarner/dimpled-manifolds/}",
  year = {2023}, 
  note = "[Online; accessed 17-July-2024]"
}
@article{ilyas2019adversarial,
  title={Adversarial examples are not bugs, they are features},
  author={Ilyas, Andrew and Santurkar, Shibani and Tsipras, Dimitris and Engstrom, Logan and Tran, Brandon and Madry, Aleksander},
  journal={Advances in neural information processing systems},
  volume={32},
  year={2019}
}
@ONLINE{tomastweet,
  author = {Daniš, Tomáš},
  title = {there is no evidence humans can't be adversarially attacked like neural networks can. there could be an artificially constructed sensory input that makes you go insane forever},
  month = {June},
  year = {2024},
  url = {https://x.com/tmdanis/status/1798054359613542552},
  urldate = {2024-06-04}
}

$
$ countermeasures
$

@inproceedings{croce2021robustbench,
  title     = {{RobustBench: a standardized adversarial robustness benchmark}},
  author    = {Croce, Francesco and Andriushchenko, Maksym and Sehwag, Vikash and Debenedetti, Edoardo and Flammarion, Nicolas and Chiang, Mung and Mittal, Prateek and Hein, Matthias},
  booktitle = {Thirty-fifth Conference on Neural Information Processing Systems Datasets and Benchmarks Track},
  year      = {2021},
  url       = {https://openreview.net/forum?id=SSKZPJCt7B}
}
@article{Ou2022ChineseAE,
  title={Chinese adversarial examples generation approach with multi-strategy based on semantic},
  author={Hongxu Ou and Long Yu and Sheng Tian and Xin Chen},
  journal={Knowledge and Information Systems},
  year={2022},
  volume={64},
  pages={1101 - 1119},
  url={https://api.semanticscholar.org/CorpusID:247542812}
}
@inproceedings{araujo2020advocating,
  title={Advocating for multiple defense strategies against adversarial examples},
  author={Araujo, Alexandre and Meunier, Laurent and Pinot, Rafael and Negrevergne, Benjamin},
  booktitle={Joint European Conference on Machine Learning and Knowledge Discovery in Databases},
  pages={165--177},
  year={2020},
  organization={Springer}
}
@article{KokaljFilipovic2019AdversarialEI,
  title={Adversarial Examples in RF Deep Learning: Detection and Physical Robustness},
  author={Silvija Kokalj-Filipovic and Rob Miller and Garrett M. Vanhoy},
  journal={2019 IEEE Global Conference on Signal and Information Processing (GlobalSIP)},
  year={2019},
  pages={1-5},
  url={https://api.semanticscholar.org/CorpusID:210971684}
}
@article{Li2023wAdvMTDAM,
  title={wAdvMTD: A Mitigation to White-box Adversarial Examples Using Heterogeneous Models and Moving Target Defense},
  author={Yuanpei Li and Qinglei Zhou and Shibo Li and Bin Li},
  journal={2023 3rd Asia-Pacific Conference on Communications Technology and Computer Science (ACCTCS)},
  year={2023},
  pages={592-597},
  url={https://api.semanticscholar.org/CorpusID:259122131}
}
@article{feng2020towards,
  title={Towards Robust Classification with Image Quality Assessment},
  author={Feng, Yeli and Cai, Yiyu},
  journal={arXiv preprint arXiv:2004.06288},
  year={2020}
}
@article{Wang2023DeepFC,
  title={Deep Fusion: Crafting Transferable Adversarial Examples and Improving Robustness of Industrial Artificial Intelligence of Things},
  author={Yajie Wang and Yu-an Tan and Thar Baker and Neeraj Kumar and Quan-xin Zhang},
  journal={IEEE Transactions on Industrial Informatics},
  year={2023},
  volume={19},
  pages={7480-7488},
  url={https://api.semanticscholar.org/CorpusID:248359267}
}
@inproceedings{ji2023benchmarking,
  title={Benchmarking and Analyzing Robust Point Cloud Recognition: Bag of Tricks for Defending Adversarial Examples},
  author={Ji, Qiufan and Wang, Lin and Shi, Cong and Hu, Shengshan and Chen, Yingying and Sun, Lichao},
  booktitle={Proceedings of the IEEE/CVF International Conference on Computer Vision},
  pages={4295--4304},
  year={2023}
}
@article{Ren2022VulnerabilityAR,
  title={Vulnerability Analysis, Robustness Verification, and Mitigation Strategy for Machine Learning-Based Power System Stability Assessment Model Under Adversarial Examples},
  author={Chao Ren and Xiaoning Du and Yan Xu and Qun Song and Yang Liu and Rui Tan},
  journal={IEEE Transactions on Smart Grid},
  year={2022},
  volume={13},
  pages={1622-1632},
  url={https://api.semanticscholar.org/CorpusID:245103286}
}
@article{Zhao2023EITGANAT,
  title={EITGAN: A Transformation-based Network for recovering adversarial examples},
  author={Junjie Zhao and Junfeng Wu and James Msughter Adeke and Guangjie Liu and Yue-wei Dai},
  journal={Electronic Research Archive},
  year={2023},
  url={https://api.semanticscholar.org/CorpusID:264180609}
}
@article{Adeke2023SecuringNT,
  title={Securing Network Traffic Classification Models against Adversarial Examples Using Derived Variables},
  author={James Msughter Adeke and Guangjie Liu and Junjie Zhao and Nannan Wu and Hafsat Muhammad Bashir},
  journal={Future Internet},
  year={2023},
  volume={15},
  pages={405},
  url={https://api.semanticscholar.org/CorpusID:266389288}
}
@article{Doss2023GeneratingAD,
  title={Generating and Defending Against Adversarial Examples for Loan Eligibility Prediction},
  author={Lourdu Mahimai Doss and Dr. M. Gunasekaran and India Puducherry},
  journal={2023 International Conference on System, Computation, Automation and Networking (ICSCAN)},
  year={2023},
  pages={1-6},
  url={https://api.semanticscholar.org/CorpusID:267260150}
}
@article{Rakhimberdina2022StrengtheningRU,
  title={Strengthening Robustness Under Adversarial Attacks Using Brain Visual Codes},
  author={Zarina Rakhimberdina and Xin Liu and Tsuyoshi Murata},
  journal={IEEE Access},
  year={2022},
  volume={10},
  pages={96149-96158},
  url={https://api.semanticscholar.org/CorpusID:252393135}
}
@article{xie2024fermi,
  title={Fermi-Bose Machine},
  author={Xie, Mingshan and Wang, Yuchen and Huang, Haiping},
  journal={arXiv preprint arXiv:2404.13631},
  year={2024}
}
@article{fort2024ensemble,
  title={Ensemble everything everywhere: Multi-scale aggregation for adversarial robustness},
  author={Fort, Stanislav and Lakshminarayanan, Balaji},
  journal={arXiv preprint arXiv:2408.05446},
  year={2024}
}
@inproceedings{rauker2023toward,
  title={Toward transparent ai: A survey on interpreting the inner structures of deep neural networks},
  author={R{\"a}uker, Tilman and Ho, Anson and Casper, Stephen and Hadfield-Menell, Dylan},
  booktitle={2023 ieee conference on secure and trustworthy machine learning (satml)},
  pages={464--483},
  year={2023},
  organization={IEEE}
}

%
% methodology
%

@misc{hcaptcha_challenger,
    title = {hcaptcha-challenger},
    author = {ForestCrazy},
    year = {2024},
    publisher = {GitHub},
    journal = {GitHub repository},
    howpublished = {\url{https://github.com/ForestCrazy/hcaptcha-challenger}}
}
@misc{hcaptcha2024base64,
    title = {url 'https://api.hcaptcha.com/getcaptcha/' returning base64 instead json},
    author = {12189108 and others},
    year = {2024},
    month = {February},
    publisher = {GitHub},
    journal = {GitHub Issues},
    howpublished = {GitHub Repository: QIN2DIM/hcaptcha-challenger},
    number = {976},
    type = {Issue}
}
@online{authkong2024recaptcha,
    author = {AuthKong},
    title = {Top 10 User-Friendly reCAPTCHA Alternatives for 2024},
    year = {2024},
    url = {https://authkong.com/blog/best-recaptcha-alternatives/},
    urldate = {2024-12-09},
    organization = {AuthKong}
}
@misc{BlackForestLabs2024FLUX,
  title = {FLUX.1: A Suite of Text-to-Image Models},
  author = {BlackForestLabs},
  year = {2024},
  howpublished = {BlackForestLabs Website},
  note = {Accessed: December 09, 2024}
}
@article{wang2024benchmarking,
  title={Benchmarking Zero-Shot Robustness of Multimodal Foundation Models: A Pilot Study},
  author={Wang, Chenguang and Jia, Ruoxi and Liu, Xin and Song, Dawn},
  journal={arXiv preprint arXiv:2403.10499},
  year={2024}
}
@article{goldblum2024battle,
  title={Battle of the backbones: A large-scale comparison of pretrained models across computer vision tasks},
  author={Goldblum, Micah and Souri, Hossein and Ni, Renkun and Shu, Manli and Prabhu, Viraj and Somepalli, Gowthami and Chattopadhyay, Prithvijit and Ibrahim, Mark and Bardes, Adrien and Hoffman, Judy and others},
  journal={Advances in Neural Information Processing Systems},
  volume={36},
  year={2024}
}
@online{howard_image_models,
    author    = {Jeremy Howard},
    title     = {Which Image Models are Best?},
    year      = {2024},
    publisher = {Kaggle},
    url       = {https://www.kaggle.com/code/jhoward/which-image-models-are-best},
    urldate   = {2024-12-10}
}

%
% everything from our arxiv paper
%

@article{stigliani2015temporal,
  title={Temporal processing capacity in high-level visual cortex is domain specific},
  author={Stigliani, Anthony and Weiner, Kevin S and Grill-Spector, Kalanit},
  journal={Journal of Neuroscience},
  volume={35},
  number={36},
  pages={12412--12424},
  year={2015},
  publisher={Soc Neuroscience}
}
@article{mulazimouglu2021role,
  title={The Role of Visual Features in Text-Based CAPTCHAs: An fNIRS Study for Usable Security},
  author={M{\"u}lazimo{\u{g}}lu, Emre and {\c{C}}ak{\i}r, Murat P and Acart{\"u}rk, Cengiz},
  journal={Computational intelligence and neuroscience},
  volume={2021},
  number={1},
  pages={8842420},
  year={2021},
  publisher={Wiley Online Library}
}
@misc{fort2024ensembleeverywheremultiscaleaggregation,
      title={Ensemble everything everywhere: Multi-scale aggregation for adversarial robustness}, 
      author={Stanislav Fort and Balaji Lakshminarayanan},
      year={2024},
      eprint={2408.05446},
      archivePrefix={arXiv},
      primaryClass={cs.CV},
      url={https://arxiv.org/abs/2408.05446}, 
}
@incollection{kurakin2018adversarial,
  title={Adversarial examples in the physical world},
  author={Kurakin, Alexey and Goodfellow, Ian J and Bengio, Samy},
  booktitle={Artificial intelligence safety and security},
  pages={99--112},
  year={2018},
  publisher={Chapman and Hall/CRC}
}
@article{Hajjdiab2017RandomIM,
  title={Random Image Matching CAPTCHA System},
  author={Hassan Hajjdiab},
  journal={Electronic Letters on Computer Vision and Image Analysis},
  year={2017},
  volume={16},
  pages={1-13},
  url={https://api.semanticscholar.org/CorpusID:55436383}
}
@article{sheikh2022novel,
  title={A Novel Animated CAPTCHA Technique based on Persistence of Vision},
  author={Sheikh, Shafiya Afzal and Banday, M Tariq},
  journal={International Journal of Advanced Computer Science and Applications},
  volume={13},
  number={2},
  year={2022},
  publisher={Science and Information (SAI) Organization Limited}
}
@article{li2024survey,
  title={A survey of robustness and safety of 2d and 3d deep learning models against adversarial attacks},
  author={Li, Yanjie and Xie, Bin and Guo, Songtao and Yang, Yuanyuan and Xiao, Bin},
  journal={ACM Computing Surveys},
  volume={56},
  number={6},
  pages={1--37},
  year={2024},
  publisher={ACM New York, NY}
}
@article{wiyatno2019adversarial,
  title={Adversarial examples in modern machine learning: A review},
  author={Wiyatno, Rey Reza and Xu, Anqi and Dia, Ousmane and De Berker, Archy},
  journal={arXiv preprint arXiv:1911.05268},
  year={2019}
}
@article{singhal2001modern,
  title={Modern information retrieval: A brief overview},
  author={Singhal, Amit and others},
  journal={IEEE Data Eng. Bull.},
  volume={24},
  number={4},
  pages={35--43},
  year={2001}
}
@ARTICLE{9311108,
  author={Faragallah, Osama S. and El-Hoseny, Heba and El-Shafai, Walid and El-Rahman, Wael Abd and El-Sayed, Hala S. and El-Rabaie, El-Sayed M. and El-Samie, Fathi E. Abd and Geweid, Gamal G. N.},
  journal={IEEE Access}, 
  title={A Comprehensive Survey Analysis for Present Solutions of Medical Image Fusion and Future Directions}, 
  year={2021},
  volume={9},
  number={},
  pages={11358-11371},
  keywords={Biomedical imaging;Medical diagnostic imaging;Image fusion;Imaging;Diseases;Transforms;Medical imaging;fusion process;imaging modalities;dual-tree complex wavelet transform;curvelet transform;discrete wavelet transform;principal component analysis},
  doi={10.1109/ACCESS.2020.3048315}
}
@article{wang2004image,
  title={Image quality assessment: from error visibility to structural similarity},
  author={Wang, Zhou and Bovik, Alan C and Sheikh, Hamid R and Simoncelli, Eero P},
  journal={IEEE transactions on image processing},
  volume={13},
  number={4},
  pages={600--612},
  year={2004},
  publisher={IEEE}
}
@article{singh2022ThreatOA,
  title={Threat of Adversarial Attacks within Deep Learning: Survey},
  author={Roshni singh and Ataussamad},
  journal={Recent Advances in Computer Science and Communications},
  year={2022},
  url={https://api.semanticscholar.org/CorpusID:256776356}
}
@article{venkatesh2022detecting,
  title={Detecting Adversarial Examples in Batches--a geometrical approach},
  author={Venkatesh, Danush Kumar and Steinbach, Peter},
  journal={arXiv preprint arXiv:2206.08738},
  year={2022}
}
@article{akhtar2021advances,
  title={Advances in adversarial attacks and defenses in computer vision: A survey},
  author={Akhtar, Naveed and Mian, Ajmal and Kardan, Navid and Shah, Mubarak},
  journal={IEEE Access},
  volume={9},
  pages={155161--155196},
  year={2021},
  publisher={IEEE}
}
@article{fang2024eva,
  title={Eva-02: A visual representation for neon genesis},
  author={Fang, Yuxin and Sun, Quan and Wang, Xinggang and Huang, Tiejun and Wang, Xinlong and Cao, Yue},
  journal={Image and Vision Computing},
  volume={149},
  pages={105171},
  year={2024},
  publisher={Elsevier}
}
@article{fang2023data,
  title={Data filtering networks},
  author={Fang, Alex and Jose, Albin Madappally and Jain, Amit and Schmidt, Ludwig and Toshev, Alexander and Shankar, Vaishaal},
  journal={arXiv preprint arXiv:2309.17425},
  year={2023}
}
@InProceedings{Fang_2023_CVPR,
    author    = {Fang, Yuxin and Wang, Wen and Xie, Binhui and Sun, Quan and Wu, Ledell and Wang, Xinggang and Huang, Tiejun and Wang, Xinlong and Cao, Yue},
    title     = {EVA: Exploring the Limits of Masked Visual Representation Learning at Scale},
    booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
    month     = {June},
    year      = {2023},
    pages     = {19358-19369}
}
@misc{dosovitskiy2021imageworth16x16words,
      title={An Image is Worth 16x16 Words: Transformers for Image Recognition at Scale}, 
      author={Alexey Dosovitskiy and Lucas Beyer and Alexander Kolesnikov and Dirk Weissenborn and Xiaohua Zhai and Thomas Unterthiner and Mostafa Dehghani and Matthias Minderer and Georg Heigold and Sylvain Gelly and Jakob Uszkoreit and Neil Houlsby},
      year={2021},
      eprint={2010.11929},
      archivePrefix={arXiv},
      primaryClass={cs.CV},
      url={https://arxiv.org/abs/2010.11929}, 
}
@InProceedings{Liu_2022_CVPR,
    author    = {Liu, Zhuang and Mao, Hanzi and Wu, Chao-Yuan and Feichtenhofer, Christoph and Darrell, Trevor and Xie, Saining},
    title     = {A ConvNet for the 2020s},
    booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
    month     = {June},
    year      = {2022},
    pages     = {11976-11986}
}
@article{serban2020adversarial,
  title={Adversarial examples on object recognition: A comprehensive survey},
  author={Serban, Alex and Poll, Erik and Visser, Joost},
  journal={ACM Computing Surveys (CSUR)},
  volume={53},
  number={3},
  pages={1--38},
  year={2020},
  publisher={ACM New York, NY, USA}
}
@InProceedings{Hendrycks_2021_CVPR,
    author    = {Hendrycks, Dan and Zhao, Kevin and Basart, Steven and Steinhardt, Jacob and Song, Dawn},
    title     = {Natural Adversarial Examples},
    booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
    month     = {June},
    year      = {2021},
    pages     = {15262-15271}
}
@article{chen2022recent,
  title={Recent advances and clinical applications of deep learning in medical image analysis},
  author={Chen, Xuxin and Wang, Ximin and Zhang, Ke and Fung, Kar-Ming and Thai, Theresa C and Moore, Kathleen and Mannel, Robert S and Liu, Hong and Zheng, Bin and Qiu, Yuchen},
  journal={Medical image analysis},
  volume={79},
  pages={102444},
  year={2022},
  publisher={Elsevier}
}
@article{shamshad2023transformers,
  title={Transformers in medical imaging: A survey},
  author={Shamshad, Fahad and Khan, Salman and Zamir, Syed Waqas and Khan, Muhammad Haris and Hayat, Munawar and Khan, Fahad Shahbaz and Fu, Huazhu},
  journal={Medical Image Analysis},
  volume={88},
  pages={102802},
  year={2023},
  publisher={Elsevier}
}
@ARTICLE{9046805,
  author={Yurtsever, Ekim and Lambert, Jacob and Carballo, Alexander and Takeda, Kazuya},
  journal={IEEE Access}, 
  title={A Survey of Autonomous Driving: Common Practices and Emerging Technologies}, 
  year={2020},
  volume={8},
  number={},
  pages={58443-58469},
  keywords={Automation;Task analysis;Systems architecture;Accidents;Planning;Vehicle dynamics;Robot sensing systems;Autonomous vehicles;control;robotics;automation;intelligent vehicles;intelligent transportation systems},
  doi={10.1109/ACCESS.2020.2983149}
}
@InProceedings{He_2015_ICCV,
  author = {He, Kaiming and Zhang, Xiangyu and Ren, Shaoqing and Sun, Jian},
  title = {Delving Deep into Rectifiers: Surpassing Human-Level Performance on ImageNet Classification},
  booktitle = {Proceedings of the IEEE International Conference on Computer Vision (ICCV)},
  month = {December},
  year = {2015}
}
@article{russakovsky2015imagenet,
  title={Imagenet large scale visual recognition challenge},
  author={Russakovsky, Olga and Deng, Jia and Su, Hao and Krause, Jonathan and Satheesh, Sanjeev and Ma, Sean and Huang, Zhiheng and Karpathy, Andrej and Khosla, Aditya and Bernstein, Michael and others},
  journal={International journal of computer vision},
  volume={115},
  pages={211--252},
  year={2015},
  publisher={Springer}
}
@article{zhang2023text,
  title={Text-crs: A generalized certified robustness framework against textual adversarial attacks},
  author={Zhang, Xinyu and Hong, Hanbin and Hong, Yuan and Huang, Peng and Wang, Binghui and Ba, Zhongjie and Ren, Kui},
  journal={arXiv preprint arXiv:2307.16630},
  year={2023}
}
@article{dong2023robust,
  title={How Robust is Google's Bard to Adversarial Image Attacks?},
  author={Dong, Yinpeng and Chen, Huanran and Chen, Jiawei and Fang, Zhengwei and Yang, Xiao and Zhang, Yichi and Tian, Yu and Su, Hang and Zhu, Jun},
  journal={arXiv preprint arXiv:2309.11751},
  year={2023}
}
@article{shayegani2023plug,
  title={Plug and Pray: Exploiting off-the-shelf components of Multi-Modal Models},
  author={Shayegani, Erfan and Dong, Yue and Abu-Ghazaleh, Nael},
  journal={arXiv preprint arXiv:2307.14539},
  year={2023}
}
@inproceedings{dong2022robust,
  title={Robust Deep Convolutional Neural Network inspired by the Primary Visual Cortex},
  author={Dong, Zhanguo and Ke, Ming and Wang, Jiarong and Wang, Lubin and Wang, Gang},
  booktitle={Proceedings of the 2022 11th International Conference on Computing and Pattern Recognition},
  pages={584--589},
  year={2022}
}
@article{jain2023selectivity,
  title={Selectivity for food in human ventral visual cortex},
  author={Jain, Nidhi and Wang, Aria and Henderson, Margaret M and Lin, Ruogu and Prince, Jacob S and Tarr, Michael J and Wehbe, Leila},
  journal={Communications Biology},
  volume={6},
  number={1},
  pages={175},
  year={2023},
  publisher={Nature Publishing Group UK London}
}
@article{koizumi2019threat,
  title={Threat anticipation in pulvinar and in superficial layers of primary visual cortex (V1). Evidence from layer-specific ultra-high field 7T fMRI},
  author={Koizumi, Ai and Zhan, Minye and Ban, Hiroshi and Kida, Ikuhiro and De Martino, Federico and Vaessen, Maarten J and de Gelder, Beatrice and Amano, Kaoru},
  journal={eneuro},
  volume={6},
  number={6},
  year={2019},
  publisher={Society for Neuroscience}
}
@article{marques2021multi,
  title={Multi-scale hierarchical neural network models that bridge from single neurons in the primate primary visual cortex to object recognition behavior},
  author={Marques, Tiago and Schrimpf, Martin and DiCarlo, James J},
  journal={bioRxiv},
  pages={2021--03},
  year={2021},
  publisher={Cold Spring Harbor Laboratory}
}
@article{tootell1998functional,
  title={Functional analysis of primary visual cortex (V1) in humans},
  author={Tootell, Roger BH and Hadjikhani, Nouchine K and Vanduffel, Wim and Liu, Arthur K and Mendola, Janine D and Sereno, Martin I and Dale, Anders M},
  journal={Proceedings of the National Academy of Sciences},
  volume={95},
  number={3},
  pages={811--817},
  year={1998},
  publisher={National Acad Sciences}
}
@misc{qin2dim,
  author = {QIN2DIM},
  title = {{hcaptcha-challenger}},
  howpublished = "\url{https://github.com/QIN2DIM/hcaptcha-challenger}",
  year = {2022}, 
  note = "[Online; accessed 01-Aug-2024]"
}
@misc{qin2dim2023challenge,
  author = {allerallegro},
  title = {{hcaptcha-challenger Github Issue Ticket}},
  howpublished = "\url{https://github.com/QIN2DIM/hcaptcha-challenger/issues/976}",
  year = {2022}, 
  note = "[Online; accessed 01-Aug-2024]"
}
@misc{clipbench,
  author = {Gabriel Ilharco},
  title = {{Open CLIP Benchmark results}},
  howpublished = "\url{https://github.com/mlfoundations/open_clip/blob/main/docs/openclip_results.csv}",
  year = {2023},
  note = "[Online; accessed 17-July-2024]"
}
@misc{captchashare,
  author = {6sense},
  title = {{Google Captcha Market Share}},
  howpublished = "\url{https://6sense.com/tech/captcha/recaptcha-market-share#:~:text=What%20is%20reCAPTCHA%20market%20share,of%2099.93%25%20in%20captcha%20market}",
  year = {2023},
  note = "[Online; accessed 17-July-2024]"
}
@article{wang2024roz,
  title={Benchmarking Zero-Shot Robustness of Multimodal Foundation Models: A Pilot Study},
  author={Wang, Chenguang and Jia, Ruoxi and Liu, Xin and Song, Dawn},
  journal={arXiv preprint},
  year={2024}
}
@INPROCEEDINGS{20.500.11850/679226,
	year = {2024},
	type = {Conference Paper},
	author = {Plesner, Andreas and Vontobel, Tobias and Wattenhofer, Roger},
	size = {10 p.},
	abstract = {Our work examines the efficacy of employing advanced machine learning methods to solve captchas from Google’s reCAPTCHAv2 system. We evaluate the effectiveness of automated systems in solving captchas by utilizing advanced YOLO models for image segmentation and classification. Our main result is that we can solve 100% of the captchas, while previous work only solved 68-71%. Furthermore, our findings suggest that there is no significant difference in the number of challenges humans and bots must solve to pass the captchas in reCAPTCHAv2. This implies that current AI technologies can exploit advanced image-based captchas. We also look under the hood of reCAPTCHAv2, and find evidence that reCAPTCHAv2 is heavily based on cookie and browser history data when evaluating whether a user is human or not. The code is provided alongside this paper.},
	keywords = {reCAPTCHAv2; Proof-of-personhood; Machine Learning; Image Classification; Image Segmentation; YOLO; Machine Intelligence},
	language = {en},
	publisher = {IEEE},
	title = {Breaking reCAPTCHAv2},
	Note = {48th IEEE International Conference on Computers, Software, and Applications (COMPSAC 2024); Conference Location: Osaka, Japan; Conference Date: July 2-4, 2024}
}
@article{osadchy2017no,
  title={No bot expects the DeepCAPTCHA! Introducing immutable adversarial examples, with applications to CAPTCHA generation},
  author={Osadchy, Margarita and Hernandez-Castro, Julio and Gibson, Stuart and Dunkelman, Orr and P{\'e}rez-Cabo, Daniel},
  journal={IEEE Transactions on Information Forensics and Security},
  volume={12},
  number={11},
  pages={2640--2653},
  year={2017},
  publisher={IEEE}
}
@inproceedings{lpips,
  title={The unreasonable effectiveness of deep features as a perceptual metric},
  author={Zhang, Richard and Isola, Phillip and Efros, Alexei A and Shechtman, Eli and Wang, Oliver},
  booktitle={Proceedings of the IEEE conference on computer vision and pattern recognition},
  pages={586--595},
  year={2018}
}
@software{Howard_Imagenette_2019,
    title={Imagenette: A smaller subset of 10 easily classified classes from Imagenet},
    author={Jeremy Howard},
    year={2019},
    month={March},
    publisher = {GitHub},
    url = {https://github.com/fastai/imagenette}
}
@misc{conneau2020unsupervisedcrosslingualrepresentationlearning,
      title={Unsupervised Cross-lingual Representation Learning at Scale}, 
      author={Alexis Conneau and Kartikay Khandelwal and Naman Goyal and Vishrav Chaudhary and Guillaume Wenzek and Francisco Guzmán and Edouard Grave and Myle Ott and Luke Zettlemoyer and Veselin Stoyanov},
      year={2020},
      eprint={1911.02116},
      archivePrefix={arXiv},
      primaryClass={cs.CL},
      url={https://arxiv.org/abs/1911.02116}, 
}

%
% self ensemble
%

@ARTICLE{6954500,
  author={Sanchez Giraldo, Luis Gonzalo and Rao, Murali and Principe, Jose C.},
  journal={IEEE Transactions on Information Theory}, 
  title={Measures of Entropy From Data Using Infinitely Divisible Kernels}, 
  year={2015},
  volume={61},
  number={1},
  pages={535-548},
  keywords={Entropy;Kernel;Hilbert space;Eigenvalues and eigenfunctions;Estimation;Joints;Random variables;Infinitely divisible kernels;Renyi’s Entropy;Positive definite functions;Learning;Independence test;Infinitely divisible kernels;Renyi’s entropy;positive definite functions;learning;independence test},
  doi={10.1109/TIT.2014.2370058}
}
@InProceedings{pmlr-v80-belghazi18a,
  title = 	 {Mutual Information Neural Estimation},
  author =       {Belghazi, Mohamed Ishmael and Baratin, Aristide and Rajeshwar, Sai and Ozair, Sherjil and Bengio, Yoshua and Courville, Aaron and Hjelm, Devon},
  booktitle = 	 {Proceedings of the 35th International Conference on Machine Learning},
  pages = 	 {531--540},
  year = 	 {2018},
  editor = 	 {Dy, Jennifer and Krause, Andreas},
  volume = 	 {80},
  series = 	 {Proceedings of Machine Learning Research},
  month = 	 {10--15 Jul},
  publisher =    {PMLR},
  pdf = 	 {http://proceedings.mlr.press/v80/belghazi18a/belghazi18a.pdf},
  url = 	 {https://proceedings.mlr.press/v80/belghazi18a.html},
  abstract = 	 {We argue that the estimation of mutual information between high dimensional continuous random variables can be achieved by gradient descent over neural networks. We present a Mutual Information Neural Estimator (MINE) that is linearly scalable in dimensionality as well as in sample size, trainable through back-prop, and strongly consistent. We present a handful of applications on which MINE can be used to minimize or maximize mutual information. We apply MINE to improve adversarially trained generative models. We also use MINE to implement the Information Bottleneck, applying it to supervised classification; our results demonstrate substantial improvement in flexibility and performance in these settings.}
}

%
% addendum
%

@misc{acm_authorship_2024,
  title={ACM Policy on Authorship: Frequently Asked Questions},
  author={{Association for Computing Machinery}},
  year={2024},
  publisher={Association for Computing Machinery},
  howpublished={\url{https://www.acm.org/publications/policies/frequently-asked-questions}},
  note={Accessed: 2024-12-19}
}