• Publications
  • Influence
Certified Defenses against Adversarial Examples
TLDR
We introduce a method based on a semidefinite relaxation that outputs a certificate that for a given network and test input, no attack can force the error to exceed a certain value. Expand
  • 443
  • 44
  • PDF
Unlabeled Data Improves Adversarial Robustness
TLDR
We demonstrate, theoretically and empirically, that adversarial robustness can significantly benefit from semisupervised learning and use robust self-training to outperform state-of-the-art robust accuracies by over 5 points. Expand
  • 115
  • 23
  • PDF
Semidefinite relaxations for certifying robustness to adversarial examples
TLDR
We propose a new convex relaxation based on semidefinite programming (SDP) for certifying robustness that applies to arbitrary ReLU networks. Expand
  • 143
  • 18
  • PDF
Certified Robustness to Adversarial Word Substitutions
TLDR
We train the first models that are provably robust to all word substitutions in a family of label-preserving transformations, in which every word in the input can be replaced with a similar word. Expand
  • 49
  • 11
  • PDF
Adversarial Training Can Hurt Generalization
TLDR
We show that even when the optimal predictor with infinite data performs well on both objectives in the infinite data limit, a tradeoff can still manifest itself with finite data. Expand
  • 49
  • 2
  • PDF
An Investigation of Why Overparameterization Exacerbates Spurious Correlations
TLDR
We study why overparameterization -- increasing model size well beyond the point of zero training error -- can hurt test error on minority groups despite improving average test error when there are spurious correlations in the data. Expand
  • 9
  • 2
  • PDF
Estimating the unseen from multiple populations
TLDR
We generalize this extrapolation and related unseen estimation problems to the multiple population setting, where population $j$ has an unknown distribution $D_J$ from which we observe $n_j$ samples. Expand
  • 11
  • 2
  • PDF
Elevated postoperative serum procalcitonin is not indicative of bacterial infection in cardiac surgical patients
Background: Identifying infections early, commencing appropriate empiric antibiotic not only helps gain control early, but also reduces mortality and morbidity. Conventional cultures take about 5Expand
  • 11
  • 1
Understanding and Mitigating the Tradeoff Between Robustness and Accuracy
TLDR
Adversarial training augments the training set with perturbations to improve the robust error, but it often leads to an increase in the standard error (on unperturbed test inputs). Expand
  • 23
  • 1
  • PDF
A Reinforcement Learning Approach to Online Learning of Decision Trees
TLDR
We present RLDT, an RL-based online decision tree algorithm that uses Reinforcement Learning (RL) to actively examine a minimal number of features of a data point to classify it with high accuracy. Expand
  • 4
  • 1
  • PDF