{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2019:7XZGJFDFX3PDPAMO6WPFR3W2KQ","short_pith_number":"pith:7XZGJFDF","canonical_record":{"source":{"id":"1905.05454","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.LG","submitted_at":"2019-05-14T08:39:09Z","cross_cats_sorted":["cs.CR","stat.ML"],"title_canon_sha256":"3648ffcceb26a2563c2f6105e62362aac0d002d10e100cf80c422bb82d47284b","abstract_canon_sha256":"731b9461ed8e46c381d307ac8f3f35ded6f380b78b158fe2672993d92b9721f2"},"schema_version":"1.0"},"canonical_sha256":"fdf2649465bede37818ef59e58eeda5406424b04af6d6ac621f626d33517d7ce","source":{"kind":"arxiv","id":"1905.05454","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1905.05454","created_at":"2026-05-17T23:46:16Z"},{"alias_kind":"arxiv_version","alias_value":"1905.05454v1","created_at":"2026-05-17T23:46:16Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1905.05454","created_at":"2026-05-17T23:46:16Z"},{"alias_kind":"pith_short_12","alias_value":"7XZGJFDFX3PD","created_at":"2026-05-18T12:33:12Z"},{"alias_kind":"pith_short_16","alias_value":"7XZGJFDFX3PDPAMO","created_at":"2026-05-18T12:33:12Z"},{"alias_kind":"pith_short_8","alias_value":"7XZGJFDF","created_at":"2026-05-18T12:33:12Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2019:7XZGJFDFX3PDPAMO6WPFR3W2KQ","target":"record","payload":{"canonical_record":{"source":{"id":"1905.05454","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.LG","submitted_at":"2019-05-14T08:39:09Z","cross_cats_sorted":["cs.CR","stat.ML"],"title_canon_sha256":"3648ffcceb26a2563c2f6105e62362aac0d002d10e100cf80c422bb82d47284b","abstract_canon_sha256":"731b9461ed8e46c381d307ac8f3f35ded6f380b78b158fe2672993d92b9721f2"},"schema_version":"1.0"},"canonical_sha256":"fdf2649465bede37818ef59e58eeda5406424b04af6d6ac621f626d33517d7ce","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:46:16.410223Z","signature_b64":"r2beFJ3geHJwOFw6mbiCQ85zi/4WUwYqvyZuRC5dnu0Tal8vxGNuYUJYKUCi+gw8mf2gqxL2nNh2irdqs6jLAA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"fdf2649465bede37818ef59e58eeda5406424b04af6d6ac621f626d33517d7ce","last_reissued_at":"2026-05-17T23:46:16.409631Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:46:16.409631Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1905.05454","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:46:16Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"LoyqDxhkX5XELlHCql2eDXYyND4mbA2C64CVEB+pVT8wAeldHLndVgzvnmCe3m191leoJ5i5+yI8ffzsA0I8Dw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-31T22:16:06.074814Z"},"content_sha256":"636791b1535ec1ea6a61ee951c72e196f59213bb9f1a9e2abdda67856484656c","schema_version":"1.0","event_id":"sha256:636791b1535ec1ea6a61ee951c72e196f59213bb9f1a9e2abdda67856484656c"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2019:7XZGJFDFX3PDPAMO6WPFR3W2KQ","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Robustification of deep net classifiers by key based diversified aggregation with pre-filtering","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.CR","stat.ML"],"primary_cat":"cs.LG","authors_text":"Olga Taran, Shideh Rezaeifar, Slava Voloshynovskiy, Taras Holotyak","submitted_at":"2019-05-14T08:39:09Z","abstract_excerpt":"In this paper, we address a problem of machine learning system vulnerability to adversarial attacks. We propose and investigate a Key based Diversified Aggregation (KDA) mechanism as a defense strategy. The KDA assumes that the attacker (i) knows the architecture of classifier and the used defense strategy, (ii) has an access to the training data set but (iii) does not know the secret key. The robustness of the system is achieved by a specially designed key based randomization. The proposed randomization prevents the gradients' back propagation or the creating of a \"bypass\" system. The randomi"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1905.05454","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:46:16Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"qt36pOzfArEFoVqeYLRpxt2LyLaSQlpN/YQ59REq93WUXnDswvRcGXpjXW8WRw3HFSXmaOtqG09/OGm9Y+GtDg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-31T22:16:06.075733Z"},"content_sha256":"56f69eb72d068ba31bfb60b9721bea0bd178b50bbc2714a078c13176a139af69","schema_version":"1.0","event_id":"sha256:56f69eb72d068ba31bfb60b9721bea0bd178b50bbc2714a078c13176a139af69"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/7XZGJFDFX3PDPAMO6WPFR3W2KQ/bundle.json","state_url":"https://pith.science/pith/7XZGJFDFX3PDPAMO6WPFR3W2KQ/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/7XZGJFDFX3PDPAMO6WPFR3W2KQ/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-31T22:16:06Z","links":{"resolver":"https://pith.science/pith/7XZGJFDFX3PDPAMO6WPFR3W2KQ","bundle":"https://pith.science/pith/7XZGJFDFX3PDPAMO6WPFR3W2KQ/bundle.json","state":"https://pith.science/pith/7XZGJFDFX3PDPAMO6WPFR3W2KQ/state.json","well_known_bundle":"https://pith.science/.well-known/pith/7XZGJFDFX3PDPAMO6WPFR3W2KQ/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2019:7XZGJFDFX3PDPAMO6WPFR3W2KQ","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"731b9461ed8e46c381d307ac8f3f35ded6f380b78b158fe2672993d92b9721f2","cross_cats_sorted":["cs.CR","stat.ML"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.LG","submitted_at":"2019-05-14T08:39:09Z","title_canon_sha256":"3648ffcceb26a2563c2f6105e62362aac0d002d10e100cf80c422bb82d47284b"},"schema_version":"1.0","source":{"id":"1905.05454","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1905.05454","created_at":"2026-05-17T23:46:16Z"},{"alias_kind":"arxiv_version","alias_value":"1905.05454v1","created_at":"2026-05-17T23:46:16Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1905.05454","created_at":"2026-05-17T23:46:16Z"},{"alias_kind":"pith_short_12","alias_value":"7XZGJFDFX3PD","created_at":"2026-05-18T12:33:12Z"},{"alias_kind":"pith_short_16","alias_value":"7XZGJFDFX3PDPAMO","created_at":"2026-05-18T12:33:12Z"},{"alias_kind":"pith_short_8","alias_value":"7XZGJFDF","created_at":"2026-05-18T12:33:12Z"}],"graph_snapshots":[{"event_id":"sha256:56f69eb72d068ba31bfb60b9721bea0bd178b50bbc2714a078c13176a139af69","target":"graph","created_at":"2026-05-17T23:46:16Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"In this paper, we address a problem of machine learning system vulnerability to adversarial attacks. We propose and investigate a Key based Diversified Aggregation (KDA) mechanism as a defense strategy. The KDA assumes that the attacker (i) knows the architecture of classifier and the used defense strategy, (ii) has an access to the training data set but (iii) does not know the secret key. The robustness of the system is achieved by a specially designed key based randomization. The proposed randomization prevents the gradients' back propagation or the creating of a \"bypass\" system. The randomi","authors_text":"Olga Taran, Shideh Rezaeifar, Slava Voloshynovskiy, Taras Holotyak","cross_cats":["cs.CR","stat.ML"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.LG","submitted_at":"2019-05-14T08:39:09Z","title":"Robustification of deep net classifiers by key based diversified aggregation with pre-filtering"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1905.05454","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:636791b1535ec1ea6a61ee951c72e196f59213bb9f1a9e2abdda67856484656c","target":"record","created_at":"2026-05-17T23:46:16Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"731b9461ed8e46c381d307ac8f3f35ded6f380b78b158fe2672993d92b9721f2","cross_cats_sorted":["cs.CR","stat.ML"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.LG","submitted_at":"2019-05-14T08:39:09Z","title_canon_sha256":"3648ffcceb26a2563c2f6105e62362aac0d002d10e100cf80c422bb82d47284b"},"schema_version":"1.0","source":{"id":"1905.05454","kind":"arxiv","version":1}},"canonical_sha256":"fdf2649465bede37818ef59e58eeda5406424b04af6d6ac621f626d33517d7ce","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"fdf2649465bede37818ef59e58eeda5406424b04af6d6ac621f626d33517d7ce","first_computed_at":"2026-05-17T23:46:16.409631Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:46:16.409631Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"r2beFJ3geHJwOFw6mbiCQ85zi/4WUwYqvyZuRC5dnu0Tal8vxGNuYUJYKUCi+gw8mf2gqxL2nNh2irdqs6jLAA==","signature_status":"signed_v1","signed_at":"2026-05-17T23:46:16.410223Z","signed_message":"canonical_sha256_bytes"},"source_id":"1905.05454","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:636791b1535ec1ea6a61ee951c72e196f59213bb9f1a9e2abdda67856484656c","sha256:56f69eb72d068ba31bfb60b9721bea0bd178b50bbc2714a078c13176a139af69"],"state_sha256":"e4c47fc9aaff55332d3e624a96cf94b7f132fb96d44744d338d9f4fbafac0859"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"yv7W98QPZMredTwEYzwA0SxyJ2ktOt3NNV6gHPZET+jkuv19Ki1ednSkHVjuTklh+LKJNQKqWsyznR/SaC/yDQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-31T22:16:06.081171Z","bundle_sha256":"6dbf6347f37aacda0866ed9cc5b934bacfa84cd109debe39310679e1a8563cc0"}}