Skip to search formSkip to main contentSkip to account menu

Robustness May Be at Odds with Accuracy

It is shown that there may exist an inherent tension between the goal of adversarial robustness and that of standard generalization, and it is argued that this phenomenon is a consequence of robust classifiers learning fundamentally different feature representations than standard classifiers.
View PDF on arXiv (opens in a new tab)

Synthesizing Robust Adversarial Examples

The existence of robust 3D adversarial objects is demonstrated, and the first algorithm for synthesizing examples that are adversarial over a chosen distribution of transformations is presented, which synthesizes two-dimensional adversarial images that are robust to noise, distortion, and affine transformation.
View PDF on arXiv (opens in a new tab)

Black-box Adversarial Attacks with Limited Queries and Information

This work defines three realistic threat models that more accurately characterize many real-world classifiers: the query-limited setting, the partial-information setting, and the label-only setting and develops new attacks that fool classifiers under these more restrictive threat models.
View PDF on arXiv (opens in a new tab)

Adversarial Examples Are Not Bugs, They Are Features

It is demonstrated that adversarial examples can be directly attributed to the presence of non-robust features: features derived from patterns in the data distribution that are highly predictive, yet brittle and incomprehensible to humans.
View PDF on arXiv (opens in a new tab)

Prior Convictions: Black-Box Adversarial Attacks with Bandits and Priors

A framework that conceptually unifies much of the existing work on black-box attacks is introduced, and it is demonstrated that the current state-of-the-art methods are optimal in a natural sense.
View PDF on arXiv (opens in a new tab)

Noise or Signal: The Role of Image Backgrounds in Object Recognition

This work creates a toolkit for disentangling foreground and background signal on ImageNet images, and finds that models can achieve non-trivial accuracy by relying on the background alone, and more accurate models tend to depend on backgrounds less.
View PDF on arXiv (opens in a new tab)

Exploring the Landscape of Spatial Robustness

This work thoroughly investigate the vulnerability of neural network--based classifiers to rotations and translations and finds that, in contrast to the p-norm case, first-order methods cannot reliably find worst-case perturbations.
View Paper (opens in a new tab)

Do Adversarially Robust ImageNet Models Transfer Better?

It is found that adversarially robust models, while less accurate, often perform better than their standard-trained counterparts when used for transfer learning, and this work focuses on adversARially robust ImageNet classifiers.
View PDF on arXiv (opens in a new tab)

A Rotation and a Translation Suffice: Fooling CNNs with Simple Transformations

It is shown that neural networks are already vulnerable to significantly simpler - and more likely to occur naturally - transformations of the inputs, and that the current neural network-based vision models might not be as reliable as the authors tend to assume.
View PDF on arXiv (opens in a new tab)

Image Synthesis with a Single (Robust) Classifier

It turns out that adversarial robustness is precisely what the authors need to directly manipulate salient features of the input to demonstrate the utility of robustness in the broader machine learning context.
View Paper (opens in a new tab)
By clicking accept or continuing to use the site, you agree to the terms outlined in our Privacy Policy (opens in a new tab), Terms of Service (opens in a new tab), and Dataset License (opens in a new tab)