{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2018:OWRPA2GKASZRLSVUICNRHOI22D","short_pith_number":"pith:OWRPA2GK","schema_version":"1.0","canonical_sha256":"75a2f068ca04b315cab4409b13b91ad0e48a3ac266a68cdcd74292727c21f491","source":{"kind":"arxiv","id":"1805.04613","version":2},"attestation_state":"computed","paper":{"title":"Breaking Transferability of Adversarial Samples with Randomness","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.LG"],"primary_cat":"cs.CR","authors_text":"Bowei Xi, Murat Kantarcioglu, Yan Zhou","submitted_at":"2018-05-11T22:50:33Z","abstract_excerpt":"We investigate the role of transferability of adversarial attacks in the observed vulnerabilities of Deep Neural Networks (DNNs). We demonstrate that introducing randomness to the DNN models is sufficient to defeat adversarial attacks, given that the adversary does not have an unlimited attack budget. Instead of making one specific DNN model robust to perfect knowledge attacks (a.k.a, white box attacks), creating randomness within an army of DNNs completely eliminates the possibility of perfect knowledge acquisition, resulting in a significantly more robust DNN ensemble against the strongest f"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"1805.04613","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-05-11T22:50:33Z","cross_cats_sorted":["cs.LG"],"title_canon_sha256":"832255eaa6bc29081efc1988c2a776082a97d46c9f38da883ccc1dc00115a808","abstract_canon_sha256":"cbfcd17c8a85bbe6e97bc9a7d3fec3bc4699bd482c0350ff3a92051b39405a80"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:13:04.086226Z","signature_b64":"593yzQTv1ptRcyj84nQGxsVwfGB+7suUxDtMWqq5NPJLfCcoWsuoYXz0AAS/e/rIUkLPlYKZ63ronP4+V2OYCQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"75a2f068ca04b315cab4409b13b91ad0e48a3ac266a68cdcd74292727c21f491","last_reissued_at":"2026-05-18T00:13:04.085579Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:13:04.085579Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Breaking Transferability of Adversarial Samples with Randomness","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.LG"],"primary_cat":"cs.CR","authors_text":"Bowei Xi, Murat Kantarcioglu, Yan Zhou","submitted_at":"2018-05-11T22:50:33Z","abstract_excerpt":"We investigate the role of transferability of adversarial attacks in the observed vulnerabilities of Deep Neural Networks (DNNs). We demonstrate that introducing randomness to the DNN models is sufficient to defeat adversarial attacks, given that the adversary does not have an unlimited attack budget. Instead of making one specific DNN model robust to perfect knowledge attacks (a.k.a, white box attacks), creating randomness within an army of DNNs completely eliminates the possibility of perfect knowledge acquisition, resulting in a significantly more robust DNN ensemble against the strongest f"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1805.04613","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"1805.04613","created_at":"2026-05-18T00:13:04.085679+00:00"},{"alias_kind":"arxiv_version","alias_value":"1805.04613v2","created_at":"2026-05-18T00:13:04.085679+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1805.04613","created_at":"2026-05-18T00:13:04.085679+00:00"},{"alias_kind":"pith_short_12","alias_value":"OWRPA2GKASZR","created_at":"2026-05-18T12:32:43.782077+00:00"},{"alias_kind":"pith_short_16","alias_value":"OWRPA2GKASZRLSVU","created_at":"2026-05-18T12:32:43.782077+00:00"},{"alias_kind":"pith_short_8","alias_value":"OWRPA2GK","created_at":"2026-05-18T12:32:43.782077+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/OWRPA2GKASZRLSVUICNRHOI22D","json":"https://pith.science/pith/OWRPA2GKASZRLSVUICNRHOI22D.json","graph_json":"https://pith.science/api/pith-number/OWRPA2GKASZRLSVUICNRHOI22D/graph.json","events_json":"https://pith.science/api/pith-number/OWRPA2GKASZRLSVUICNRHOI22D/events.json","paper":"https://pith.science/paper/OWRPA2GK"},"agent_actions":{"view_html":"https://pith.science/pith/OWRPA2GKASZRLSVUICNRHOI22D","download_json":"https://pith.science/pith/OWRPA2GKASZRLSVUICNRHOI22D.json","view_paper":"https://pith.science/paper/OWRPA2GK","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=1805.04613&json=true","fetch_graph":"https://pith.science/api/pith-number/OWRPA2GKASZRLSVUICNRHOI22D/graph.json","fetch_events":"https://pith.science/api/pith-number/OWRPA2GKASZRLSVUICNRHOI22D/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/OWRPA2GKASZRLSVUICNRHOI22D/action/timestamp_anchor","attest_storage":"https://pith.science/pith/OWRPA2GKASZRLSVUICNRHOI22D/action/storage_attestation","attest_author":"https://pith.science/pith/OWRPA2GKASZRLSVUICNRHOI22D/action/author_attestation","sign_citation":"https://pith.science/pith/OWRPA2GKASZRLSVUICNRHOI22D/action/citation_signature","submit_replication":"https://pith.science/pith/OWRPA2GKASZRLSVUICNRHOI22D/action/replication_record"}},"created_at":"2026-05-18T00:13:04.085679+00:00","updated_at":"2026-05-18T00:13:04.085679+00:00"}