| Robust physical-world attacks on deep learning visual classification K Eykholt, I Evtimov, E Fernandes, B Li, A Rahmati, C Xiao, A Prakash, ... Proceedings of the IEEE Conference on Computer Vision and Pattern …, 2018 | 934* | 2018 |
| Targeted backdoor attacks on deep learning systems using data poisoning X Chen, C Liu, B Li, K Lu, D Song arXiv preprint arXiv:1712.05526, 2017 | 247 | 2017 |
| Characterizing adversarial subspaces using local intrinsic dimensionality X Ma, B Li, Y Wang, SM Erfani, S Wijewickrema, G Schoenebeck, D Song, ... arXiv preprint arXiv:1801.02613, 2018 | 233 | 2018 |
| Generating adversarial examples with adversarial networks C Xiao, B Li, JY Zhu, W He, M Liu, D Song arXiv preprint arXiv:1801.02610, 2018 | 221 | 2018 |
| Deepgauge: Multi-granularity testing criteria for deep learning systems L Ma, F Juefei-Xu, F Zhang, J Sun, M Xue, B Li, C Chen, T Su, L Li, Y Liu, ... Proceedings of the 33rd ACM/IEEE International Conference on Automated …, 2018 | 206 | 2018 |
| Manipulating machine learning: Poisoning attacks and countermeasures for regression learning M Jagielski, A Oprea, B Biggio, C Liu, C Nita-Rotaru, B Li 2018 IEEE Symposium on Security and Privacy (SP), 19-35, 2018 | 198 | 2018 |
| Spatially transformed adversarial examples C Xiao, JY Zhu, B Li, W He, M Liu, D Song arXiv preprint arXiv:1801.02612, 2018 | 187 | 2018 |
| Data poisoning attacks on factorization-based collaborative filtering B Li, Y Wang, A Singh, Y Vorobeychik Advances in neural information processing systems, 1885-1893, 2016 | 126 | 2016 |
| Data Poisoning Attacks on Factorization-based Collaborative Filtering YV B. Li, Y. Wang, A. Singh In Proceedings of the Neural Information Processing Systems (NIPS), 2016 | 126* | 2016 |
| Deepmutation: Mutation testing of deep learning systems L Ma, F Zhang, J Sun, M Xue, B Li, F Juefei-Xu, C Xie, L Li, Y Liu, J Zhao, ... 2018 IEEE 29th International Symposium on Software Reliability Engineering …, 2018 | 113 | 2018 |
| Physical adversarial examples for object detectors D Song, K Eykholt, I Evtimov, E Fernandes, B Li, A Rahmati, F Tramer, ... 12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18), 2018 | 99 | 2018 |
| Feature cross-substitution in adversarial classification B Li, Y Vorobeychik Advances in neural information processing systems, 2087-2095, 2014 | 99 | 2014 |
| Combinatorial testing for deep learning systems L Ma, F Zhang, M Xue, B Li, Y Liu, J Zhao, Y Wang arXiv preprint arXiv:1806.07723, 2018 | 78* | 2018 |
| Orthogonal weight normalization: Solution to optimization over multiple dependent stiefel manifolds in deep neural networks L Huang, X Liu, B Lang, AW Yu, Y Wang, B Li arXiv preprint arXiv:1709.06079, 2017 | 73 | 2017 |
| Textbugger: Generating adversarial text against real-world applications J Li, S Ji, T Du, B Li, T Wang arXiv preprint arXiv:1812.05271, 2018 | 72 | 2018 |
| Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach S Chen, M Xue, L Fan, S Hao, L Xu, H Zhu, B Li computers & security 73, 326-344, 2018 | 69 | 2018 |
| The seventh visual object tracking vot2019 challenge results M Kristan, J Matas, A Leonardis, M Felsberg, R Pflugfelder, ... Proceedings of the IEEE International Conference on Computer Vision …, 2019 | 68 | 2019 |
| Practical black-box attacks on deep neural networks using efficient query mechanisms AN Bhagoji, W He, B Li, D Song European Conference on Computer Vision, 158-174, 2018 | 67 | 2018 |
| Deephunter: A coverage-guided fuzz testing framework for deep neural networks X Xie, L Ma, F Juefei-Xu, M Xue, H Chen, Y Liu, J Zhao, B Li, J Yin, S See Proceedings of the 28th ACM SIGSOFT International Symposium on Software …, 2019 | 59 | 2019 |
| Optimal randomized classification in adversarial settings. Y Vorobeychik, B Li AAMAS, 485-492, 2014 | 59 | 2014 |
Dawn SongProfessor of Computer Science, UC BerkeleyVerified email at cs.berkeley.edu
