research
∙
08/21/2023
On the Adversarial Robustness of Multi-Modal Foundation Models
Multi-modal foundation models combining vision and language models such ...
share
research
∙
06/22/2023
Robust Semantic Segmentation: Strong Adversarial Attacks and Fast Training of Robust Models
While a large amount of work has focused on designing adversarial attack...
research
∙
06/07/2023
Normalization Layers Are All That Sharpness-Aware Minimization Needs
Sharpness-aware minimization (SAM) was proposed to reduce sharpness of m...
research
∙
06/01/2023
In or Out? Fixing ImageNet Out-of-Distribution Detection Evaluation
Out-of-distribution (OOD) detection is the problem of identifying inputs...
research
∙
03/03/2023
Revisiting Adversarial Training for ImageNet: Architectures, Training and Generalization across Threat Models
While adversarial training has been extensively studied for ResNet archi...
research
∙
02/14/2023
A modern look at the relationship between sharpness and generalization
Sharpness of minima is a promising quantity that can correlate with gene...
research
∙
12/09/2022
Spurious Features Everywhere – Large-Scale Detection of Harmful Spurious Features in ImageNet
Benchmark performance of deep learning classifiers alone is not a reliab...
research
∙
10/21/2022
Diffusion Visual Counterfactual Explanations
Visual Counterfactual Explanations (VCEs) are an important tool to under...
research
∙
09/14/2022
On the interplay of adversarial robustness and architecture components: patches, convolution and attention
In recent years novel architecture components for image classification h...
research
∙
09/13/2022
Certified Defences Against Adversarial Patch Attacks on Semantic Segmentation
Adversarial patch attacks are an emerging security threat for real world...
research
∙
08/05/2022
Adversarial Robustness of MR Image Reconstruction under Realistic Perturbations
Deep Learning (DL) methods have shown promising results for solving ill-...
research
∙
07/14/2022
Sound Randomized Smoothing in Floating-Point Arithmetics
Randomized smoothing is sound when using infinite precision. However, we...
research
∙
07/14/2022
Provably Adversarially Robust Nearest Prototype Classifiers
Nearest prototype classifiers (NPCs) assign to each input point the labe...
research
∙
06/20/2022
Breaking Down Out-of-Distribution Detection: Many Methods Based on OOD Training Data Estimate a Combination of the Same Core Quantities
It is an important problem in trustworthy machine learning to recognize ...
research
∙
05/16/2022
Sparse Visual Counterfactual Explanations in Image Space
Visual counterfactual explanations (VCEs) in image space are an importan...
research
∙
02/28/2022
Evaluating the Adversarial Robustness of Adaptive Test-time Defenses
Adaptive defenses that use test-time optimization promise to improve rob...
research
∙
11/02/2021
Meta-Learning the Search Distribution of Black-Box Random Search Based Adversarial Attacks
Adversarial attacks based on randomized search schemes have obtained sta...
research
∙
06/18/2021
Being a Bit Frequentist Improves Bayesian Neural Networks
Despite their compelling theoretical properties, Bayesian neural network...
research
∙
06/08/2021
Provably Robust Detection of Out-of-distribution Data (almost) for free
When applying machine learning in safety-critical systems, a reliable as...
research
∙
05/26/2021
Adversarial robustness against multiple l_p-threat models at the price of one and how to quickly fine-tune robust models to another threat model
Adversarial training (AT) in order to achieve adversarial robustness wrt...
research
∙
04/16/2021
Random and Adversarial Bit Error Robustness: Energy-Efficient and Secure DNN Accelerators
Deep neural network (DNN) accelerators received considerable attention i...
research
∙
04/09/2021
Relating Adversarially Robust Generalization to Flat Minima
Adversarial training (AT) has become the de-facto standard to obtain mod...
research
∙
03/01/2021
Mind the box: l_1-APGD for sparse adversarial attacks on image classifiers
We show that when taking into account also the image domain [0,1]^d, est...
research
∙
12/21/2020
Out-distribution aware Self-training in an Open World Setting
Deep Learning heavily depends on large labeled datasets which limits fur...
research
∙
10/19/2020
RobustBench: a standardized adversarial robustness benchmark
Evaluation of adversarial robustness is often error-prone leading to ove...
research
∙
10/06/2020
Learnable Uncertainty under Laplace Approximations
Laplace approximations are classic, computationally lightweight means fo...
research
∙
10/06/2020
Fixing Asymptotic Uncertainty of Bayesian Neural Networks with Infinite ReLU Features
Approximate Bayesian methods can mitigate overconfidence in ReLU network...
research
∙
07/16/2020
Provable Worst Case Guarantees for the Detection of Out-of-Distribution Data
Deep neural networks are known to be overconfident when applied to out-o...
research
∙
06/24/2020
Bit Error Robustness for Energy-Efficient DNN Accelerators
Deep neural network (DNN) accelerators received considerable attention i...
research
∙
06/23/2020
Sparse-RS: a versatile framework for query-efficient sparse black-box adversarial attacks
A large body of research has focused on adversarial attacks which requir...
research
∙
03/20/2020
Adversarial Robustness on In- and Out-Distribution Improves Explainability
Neural networks have led to major improvements in image classification b...
research
∙
03/03/2020
Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks
The field of defense strategies against adversarial attacks has signific...
research
∙
02/24/2020
Being Bayesian, Even Just a Bit, Fixes Overconfidence in ReLU Networks
The point estimates of ReLU classification networks—arguably the most wi...
research
∙
02/06/2020
Computing the norm of nonnegative matrices and the log-Sobolev constant of Markov chains
We analyze the global convergence of the power iterates for the computat...
research
∙
11/29/2019
Square Attack: a query-efficient black-box adversarial attack via random search
We propose the Square Attack, a new score-based black-box l_2 and l_∞ ad...
research
∙
10/30/2019
Generalized Matrix Means for Semi-Supervised Learning with Multilayer Graphs
We study the task of semi-supervised learning on multilayer graphs by ta...
research
∙
10/14/2019
Confidence-Calibrated Adversarial Training: Towards Robust Models Generalizing Beyond the Attack Used During Training
Adversarial training is the standard to train models robust against adve...
research
∙
09/26/2019
Towards neural networks that provably know when they don't know
It has recently been shown that ReLU networks produce arbitrarily over-c...
research
∙
09/11/2019
Sparse and Imperceivable Adversarial Attacks
Neural networks have been proven to be vulnerable to a variety of advers...
research
∙
07/03/2019
Minimally distorted Adversarial Examples with a Fast Adaptive Boundary Attack
The evaluation of robustness against adversarial manipulation of neural ...
research
∙
06/08/2019
Provably Robust Boosted Decision Stumps and Trees against Adversarial Attacks
The problem of adversarial samples has been studied extensively for neur...
research
∙
05/27/2019
Provable robustness against all adversarial l_p-perturbations for p≥ 1
In recent years several adversarial attacks and defenses have been propo...
research
∙
05/15/2019
Spectral Clustering of Signed Graphs via Matrix Power Means
Signed graphs encode positive (attractive) and negative (repulsive) rela...
research
∙
03/27/2019
Scaling up the randomized gradient-free adversarial attack reveals overestimation of robustness using established attacks
Modern neural networks are highly non-robust against adversarial manipul...
research
∙
12/13/2018
Why ReLU networks yield high-confidence predictions far away from the training data and how to mitigate the problem
Classifiers used in the wild, in particular for safety-critical systems,...
research
∙
12/03/2018
Disentangling Adversarial Robustness and Generalization
Obtaining deep networks that are robust against adversarial examples and...
research
∙
11/28/2018
A randomized gradient-free attack on ReLU networks
It has recently been shown that neural networks but also other classifie...
research
∙
10/29/2018
Logit Pairing Methods Can Fool Gradient-Based Attacks
Recently, several logit regularization methods have been proposed in [Ka...
research
∙
10/17/2018
Provable Robustness of ReLU networks via Maximization of Linear Regions
It has been shown that neural network classifiers are not robust. This r...
research
∙
09/27/2018