From 6679b7069943ccdf58edf1ff0e93b64d10bf9a38 Mon Sep 17 00:00:00 2001
From: Justin Hsu <email@justinh.su>
Date: Thu, 26 Sep 2019 12:18:11 -0500
Subject: [PATCH] Add paper on adversarial clustering.

---
 website/docs/resources/readings.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/website/docs/resources/readings.md b/website/docs/resources/readings.md
index fd7eb8a..ac782f6 100644
--- a/website/docs/resources/readings.md
+++ b/website/docs/resources/readings.md
@@ -54,6 +54,9 @@
 - Battista Biggio, Blaine Nelson, and Pavel Laskov.
   [*Poisoning Attacks against Support Vector Machines*](https://arxiv.org/pdf/1206.6389).
   ICML 2012.
+- Battista Biggio, Ignazio Pillai, Samuel Rota Bulò, Davide Ariu, Marcello Pelillo, and Fabio Roli.
+  [*Is Data Clustering in Adversarial Settings Secure?*](https://arxiv.org/abs/1811.09982). 
+  AISec 2013.
 - Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus.
   [*Intriguing Properties of Neural Networks*](https://arxiv.org/pdf/1312.6199.pdf).
   ICLR 2014.