{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2016:F2FTGVKK6TRALMSXBXI35YSIRV","short_pith_number":"pith:F2FTGVKK","schema_version":"1.0","canonical_sha256":"2e8b33554af4e205b2570dd1bee2488d4e105dec9b1a481fe96863b58e58077e","source":{"kind":"arxiv","id":"1602.02697","version":4},"attestation_state":"computed","paper":{"title":"Practical Black-Box Attacks against Machine Learning","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.LG"],"primary_cat":"cs.CR","authors_text":"Ananthram Swami, Ian Goodfellow, Nicolas Papernot, Patrick McDaniel, Somesh Jha, Z. Berkay Celik","submitted_at":"2016-02-08T19:12:25Z","abstract_excerpt":"Machine learning (ML) models, e.g., deep neural networks (DNNs), are vulnerable to adversarial examples: malicious inputs modified to yield erroneous model outputs, while appearing unmodified to human observers. Potential attacks include having malicious content like malware identified as legitimate or controlling vehicle behavior. Yet, all existing adversarial example attacks require knowledge of either the model internals or its training data. We introduce the first practical demonstration of an attacker controlling a remotely hosted DNN with no such knowledge. Indeed, the only capability of"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"1602.02697","kind":"arxiv","version":4},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-02-08T19:12:25Z","cross_cats_sorted":["cs.LG"],"title_canon_sha256":"0316bdd3d4e3898411aa99f0a617d081a578c078d4a1607790ec88d393c2271a","abstract_canon_sha256":"0ad4ee9f7b2d40fc64e428463838da4db5dda92ef65ff1047022fc60097e0c87"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:48:28.501993Z","signature_b64":"Uxn43hjbTlDY41KoZBC7WliX73plLqT/B/fnMJVYPpA00Ukr9xI9r5LlECSaavEMi9lXIvWMZpZnxS/2tHoPAQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"2e8b33554af4e205b2570dd1bee2488d4e105dec9b1a481fe96863b58e58077e","last_reissued_at":"2026-05-18T00:48:28.501432Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:48:28.501432Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Practical Black-Box Attacks against Machine Learning","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.LG"],"primary_cat":"cs.CR","authors_text":"Ananthram Swami, Ian Goodfellow, Nicolas Papernot, Patrick McDaniel, Somesh Jha, Z. Berkay Celik","submitted_at":"2016-02-08T19:12:25Z","abstract_excerpt":"Machine learning (ML) models, e.g., deep neural networks (DNNs), are vulnerable to adversarial examples: malicious inputs modified to yield erroneous model outputs, while appearing unmodified to human observers. Potential attacks include having malicious content like malware identified as legitimate or controlling vehicle behavior. Yet, all existing adversarial example attacks require knowledge of either the model internals or its training data. We introduce the first practical demonstration of an attacker controlling a remotely hosted DNN with no such knowledge. Indeed, the only capability of"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1602.02697","kind":"arxiv","version":4},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"1602.02697","created_at":"2026-05-18T00:48:28.501514+00:00"},{"alias_kind":"arxiv_version","alias_value":"1602.02697v4","created_at":"2026-05-18T00:48:28.501514+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1602.02697","created_at":"2026-05-18T00:48:28.501514+00:00"},{"alias_kind":"pith_short_12","alias_value":"F2FTGVKK6TRA","created_at":"2026-05-18T12:30:15.759754+00:00"},{"alias_kind":"pith_short_16","alias_value":"F2FTGVKK6TRALMSX","created_at":"2026-05-18T12:30:15.759754+00:00"},{"alias_kind":"pith_short_8","alias_value":"F2FTGVKK","created_at":"2026-05-18T12:30:15.759754+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":9,"internal_anchor_count":5,"sample":[{"citing_arxiv_id":"1907.05274","citing_title":"Affine Disentangled GAN for Interpretable and Robust AV Perception","ref_index":21,"is_internal_anchor":true},{"citing_arxiv_id":"1907.05587","citing_title":"Stateful Detection of Black-Box Adversarial Attacks","ref_index":32,"is_internal_anchor":true},{"citing_arxiv_id":"1907.06632","citing_title":"Metamorphic Testing of a Deep Learning based Forecaster","ref_index":20,"is_internal_anchor":true},{"citing_arxiv_id":"2406.10162","citing_title":"Sycophancy to Subterfuge: Investigating Reward-Tampering in Large Language Models","ref_index":247,"is_internal_anchor":true},{"citing_arxiv_id":"2603.13970","citing_title":"Shapes are not enough: CONSERVAttack and its use for finding vulnerabilities and uncertainties in machine learning applications","ref_index":23,"is_internal_anchor":true},{"citing_arxiv_id":"1712.05526","citing_title":"Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning","ref_index":53,"is_internal_anchor":false},{"citing_arxiv_id":"2605.11170","citing_title":"Unlearning with Asymmetric Sources: Improved Unlearning-Utility Trade-off with Public Data","ref_index":86,"is_internal_anchor":false},{"citing_arxiv_id":"2605.06357","citing_title":"Memory Efficient Full-gradient Attacks (MEFA) Framework for Adversarial Defense Evaluations","ref_index":40,"is_internal_anchor":false},{"citing_arxiv_id":"1606.06565","citing_title":"Concrete Problems in AI Safety","ref_index":116,"is_internal_anchor":false}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/F2FTGVKK6TRALMSXBXI35YSIRV","json":"https://pith.science/pith/F2FTGVKK6TRALMSXBXI35YSIRV.json","graph_json":"https://pith.science/api/pith-number/F2FTGVKK6TRALMSXBXI35YSIRV/graph.json","events_json":"https://pith.science/api/pith-number/F2FTGVKK6TRALMSXBXI35YSIRV/events.json","paper":"https://pith.science/paper/F2FTGVKK"},"agent_actions":{"view_html":"https://pith.science/pith/F2FTGVKK6TRALMSXBXI35YSIRV","download_json":"https://pith.science/pith/F2FTGVKK6TRALMSXBXI35YSIRV.json","view_paper":"https://pith.science/paper/F2FTGVKK","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=1602.02697&json=true","fetch_graph":"https://pith.science/api/pith-number/F2FTGVKK6TRALMSXBXI35YSIRV/graph.json","fetch_events":"https://pith.science/api/pith-number/F2FTGVKK6TRALMSXBXI35YSIRV/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/F2FTGVKK6TRALMSXBXI35YSIRV/action/timestamp_anchor","attest_storage":"https://pith.science/pith/F2FTGVKK6TRALMSXBXI35YSIRV/action/storage_attestation","attest_author":"https://pith.science/pith/F2FTGVKK6TRALMSXBXI35YSIRV/action/author_attestation","sign_citation":"https://pith.science/pith/F2FTGVKK6TRALMSXBXI35YSIRV/action/citation_signature","submit_replication":"https://pith.science/pith/F2FTGVKK6TRALMSXBXI35YSIRV/action/replication_record"}},"created_at":"2026-05-18T00:48:28.501514+00:00","updated_at":"2026-05-18T00:48:28.501514+00:00"}