http://arxiv.org/abs/2404.18567 Assessing Cybersecurity Vulnerabilities in Code Large Language Models. (99%) Md Imran Hossen; Jianyi Zhang; Yinzhi Cao; Xiali Hei http://arxiv.org/abs/2404.18514 A Systematic Evaluation of Adversarial Attacks against Speech Emotion Recognition Models. (99%) Nicolas Facchinetti; Federico Simonetta; Stavros Ntalampiras http://arxiv.org/abs/2404.18791 Certification of Speaker Recognition Models to Additive Perturbations. (54%) Dmitrii Korzh; Elvir Karimov; Mikhail Pautov; Oleg Y. Rogov; Ivan Oseledets http://arxiv.org/abs/2404.18702 Why You Should Not Trust Interpretations in Machine Learning: Adversarial Attacks on Partial Dependence Plots. (13%) Xi Xin; Fei Huang; Giles Hooker http://arxiv.org/abs/2404.18541 Machine Learning for Windows Malware Detection and Classification: Methods, Challenges and Ongoing Research. (3%) Daniel Gibert http://arxiv.org/abs/2404.18649 Towards Quantitative Evaluation of Explainable AI Methods for Deepfake Detection. (1%) Konstantinos Tsigos; Evlampios Apostolidis; Spyridon Baxevanakis; Symeon Papadopoulos; Vasileios Mezaris http://arxiv.org/abs/2404.18825 Harmonic Machine Learning Models are Robust. (1%) Nicholas S. Kersting; Yi Li; Aman Mohanty; Oyindamola Obisesan; Raphael Okochu http://arxiv.org/abs/2404.17844 Towards Robust Recommendation: A Review and an Adversarial Robustness Evaluation Library. (92%) Lei Cheng; Xiaowen Huang; Jitao Sang; Jian Yu http://arxiv.org/abs/2404.17970 Privacy-Preserving Aggregation for Decentralized Learning with Byzantine-Robustness. (70%) Ali Reza Ghavamipour; Benjamin Zi Hao Zhao; Oguzhan Ersoy; Fatih Turkmen http://arxiv.org/abs/2404.17947 Bounding the Expected Robustness of Graph Neural Networks Subject to Node Feature Attacks. (67%) Yassine Abbahaddou; Sofiane Ennadir; Johannes F. Lutzeyer; Michalis Vazirgiannis; Henrik Boström http://arxiv.org/abs/2404.17867 Are Watermarks Bugs for Deepfake Detectors? Rethinking Proactive Forensics. (2%) Xiaoshuai Wu; Xin Liao; Bo Ou; Yuling Liu; Zheng Qin http://arxiv.org/abs/2404.17760 Adversarial Examples: Generation Proposal in the Context of Facial Recognition Systems. (92%) Marina Fuster; Ignacio Vidaurreta http://arxiv.org/abs/2404.17196 Human-Imperceptible Retrieval Poisoning Attacks in LLM-Powered Applications. (54%) Quan Zhang; Binqi Zeng; Chijin Zhou; Gwihwan Go; Heyuan Shi; Yu Jiang http://arxiv.org/abs/2404.17399 Evaluations of Machine Learning Privacy Defenses are Misleading. (3%) Michael Aerni; Jie Zhang; Florian Tramèr http://arxiv.org/abs/2404.17225 Enhancing Privacy and Security of Autonomous UAV Navigation. (2%) Vatsal Aggarwal; Arjun Ramesh Kaushik; Charanjit Jutla; Nalini Ratha http://arxiv.org/abs/2404.17275 Adversarial Reweighting with $\alpha$-Power Maximization for Domain Adaptation. (1%) Xiang Gu; Xi Yu; Yan Yang; Jian Sun; Zongben Xu http://arxiv.org/abs/2404.17020 Generating Minimalist Adversarial Perturbations to Test Object-Detection Models: An Adaptive Multi-Metric Evolutionary Search Approach. (98%) Cristopher McIntyre-Garcia; Adrien Heymans; Beril Borali; Won-Sook Lee; Shiva Nejati http://arxiv.org/abs/2404.16452 PAD: Patch-Agnostic Defense against Adversarial Patch Attacks. (92%) Lihua Jing; Rui Wang; Wenqi Ren; Xin Dong; Cong Zou http://arxiv.org/abs/2404.17092 Defending Spiking Neural Networks against Adversarial Attacks through Image Purification. (84%) Weiran Chen; Qi Sun; Qi Xu http://arxiv.org/abs/2404.16369 Don't Say No: Jailbreaking LLM by Suppressing Refusal. (67%) Yukai Zhou; Wenjie Wang http://arxiv.org/abs/2404.16656 A Self-Organizing Clustering System for Unsupervised Distribution Shift Detection. (12%) Sebastián Basterrech; Line Clemmensen; Gerardo Rubino http://arxiv.org/abs/2404.16417 Constructing Optimal Noise Channels for Enhanced Robustness in Quantum Machine Learning. (2%) David Winderl; Nicola Franco; Jeanette Miriam Lorenz http://arxiv.org/abs/2404.16557 Energy-Latency Manipulation of Multi-modal Large Language Models via Verbose Samples. (2%) Kuofeng Gao; Jindong Gu; Yang Bai; Shu-Tao Xia; Philip Torr; Wei Liu; Zhifeng Li http://arxiv.org/abs/2404.17120 Talking Nonsense: Probing Large Language Models' Understanding of Adversarial Gibberish Inputs. (1%) Valeriia Cherepanova; James Zou http://arxiv.org/abs/2404.15881 Steal Now and Attack Later: Evaluating Robustness of Object Detection against Black-box Adversarial Attacks. (99%) Erh-Chung Chen; Pin-Yu Chen; I-Hsin Chung; Che-Rung Lee http://arxiv.org/abs/2404.16212 An Analysis of Recent Advances in Deepfake Image Detection in an Evolving Threat Landscape. (99%) Sifat Muhammad Abdullah; Aravind Cheruvu; Shravya Kanchi; Taejoong Chung; Peng Gao; Murtuza Jadliwala; Bimal Viswanath http://arxiv.org/abs/2404.15784 An Empirical Study of Aegis. (98%) Daniel Saragih; Paridhi Goel; Tejas Balaji; Alyssa Li http://arxiv.org/abs/2404.15744 A General Black-box Adversarial Attack on Graph-based Fake News Detectors. (96%) Peican Zhu; Zechen Pan; Yang Liu; Jiwei Tian; Keke Tang; Zhen Wang http://arxiv.org/abs/2404.15656 MISLEAD: Manipulating Importance of Selected features for Learning Epsilon in Evasion Attack Deception. (83%) Vidit Khazanchi; Pavan Kulkarni; Yuvaraj Govindarajulu; Manojkumar Parmar http://arxiv.org/abs/2404.16154 A Comparative Analysis of Adversarial Robustness for Quantum and Classical Machine Learning Models. (83%) Maximilian Wendlinger; Kilian Tscharke; Pascal Debus http://arxiv.org/abs/2404.16020 Universal Adversarial Triggers Are Not Universal. (16%) Nicholas Meade; Arkil Patel; Siva Reddy http://arxiv.org/abs/2404.16251 Investigating the prompt leakage effect and black-box defenses for multi-turn LLM interactions. (9%) Divyansh Agarwal; Alexander R. Fabbri; Philippe Laban; Ben Risher; Shafiq Joty; Caiming Xiong; Chien-Sheng Wu http://arxiv.org/abs/2404.15854 CLAD: Robust Audio Deepfake Detection Against Manipulation Attacks with Contrastive Learning. (2%) Haolin Wu; Jing Chen; Ruiying Du; Cong Wu; Kun He; Xingcan Shang; Hao Ren; Guowen Xu http://arxiv.org/abs/2404.15587 Security Analysis of WiFi-based Sensing Systems: Threats from Perturbation Attacks. (61%) Hangcheng Cao; Wenbin Huang; Guowen Xu; Xianhao Chen; Ziyang He; Jingyang Hu; Hongbo Jiang; Yuguang Fang http://arxiv.org/abs/2404.14942 Manipulating Recommender Systems: A Survey of Poisoning Attacks and Countermeasures. (61%) Thanh Toan Nguyen; Quoc Viet Hung Nguyen; Thanh Tam Nguyen; Thanh Trung Huynh; Thanh Thi Nguyen; Matthias Weidlich; Hongzhi Yin http://arxiv.org/abs/2404.15611 PoisonedFL: Model Poisoning Attacks to Federated Learning via Multi-Round Consistency. (54%) Yueqi Xie; Minghong Fang; Neil Zhenqiang Gong http://arxiv.org/abs/2404.15081 Perturbing Attention Gives You More Bang for the Buck: Subtle Imaging Perturbations That Efficiently Fool Customized Diffusion Models. (47%) Jingyao Xu; Yuetong Lu; Yandong Li; Siyang Lu; Dongdong Wang; Xiang Wei http://arxiv.org/abs/2404.14795 Talk Too Much: Poisoning Large Language Models under Token Limit. (38%) Jiaming He; Wenbo Jiang; Guanyu Hou; Wenshu Fan; Rui Zhang; Hongwei Li http://arxiv.org/abs/2404.15042 Leverage Variational Graph Representation For Model Poisoning on Federated Learning. (10%) Kai Li; Xin Yuan; Jingjing Zheng; Wei Ni; Falko Dressler; Abbas Jamalipour http://arxiv.org/abs/2404.15065 Formal Verification of Graph Convolutional Networks with Uncertain Node Features and Uncertain Graph Structure. (2%) Tobias Ladner; Michael Eichelbeck; Matthias Althoff http://arxiv.org/abs/2404.14943 Does It Make Sense to Explain a Black Box With Another Black Box? (1%) Julien Delaunay; Luis Galárraga; Christine Largouët http://arxiv.org/abs/2404.14928 Graph Machine Learning in the Era of Large Language Models (LLMs). (1%) Wenqi Fan; Shijie Wang; Jiani Huang; Zhikai Chen; Yu Song; Wenzhuo Tang; Haitao Mao; Hui Liu; Xiaorui Liu; Dawei Yin; Qing Li http://arxiv.org/abs/2404.14309 Towards Better Adversarial Purification via Adversarial Denoising Diffusion Training. (98%) Yiming Liu; Kezhao Liu; Yao Xiao; Ziyi Dong; Xiaogang Xu; Pengxu Wei; Liang Lin http://arxiv.org/abs/2404.14693 Double Privacy Guard: Robust Traceable Adversarial Watermarking against Face Recognition. (91%) Yunming Zhang; Dengpan Ye; Sipeng Shen; Caiyun Xie; Ziyi Liu; Jiacheng Deng; Long Tang http://arxiv.org/abs/2404.14042 CloudFort: Enhancing Robustness of 3D Point Cloud Classification Against Backdoor Attacks via Spatial Partitioning and Ensemble Prediction. (74%) Wenhao Lan; Yijun Yang; Haihua Shen; Shan Li http://arxiv.org/abs/2404.13879 Explicit Lipschitz Value Estimation Enhances Policy Robustness Against Perturbation. (67%) Xulin Chen; Ruipeng Liu; Garrett E. Katz http://arxiv.org/abs/2404.13914 Audio Anti-Spoofing Detection: A Survey. (62%) Menglu Li; Yasaman Ahmadiadli; Xiao-Ping Zhang http://arxiv.org/abs/2404.13946 Dual Model Replacement:invisible Multi-target Backdoor Attack based on Federal Learning. (41%) Rong Wang; Guichen Zhou; Mingjun Gao; Yunpeng Xiao http://arxiv.org/abs/2404.13968 Protecting Your LLMs with Information Bottleneck. (26%) Zichuan Liu; Zefan Wang; Linjie Xu; Jinyu Wang; Lei Song; Tianchun Wang; Chunlin Chen; Wei Cheng; Jiang Bian http://arxiv.org/abs/2404.14461 Competition Report: Finding Universal Jailbreak Backdoors in Aligned LLMs. (13%) Javier Rando; Francesco Croce; Kryštof Mitka; Stepan Shabalin; Maksym Andriushchenko; Nicolas Flammarion; Florian Tramèr http://arxiv.org/abs/2404.14265 Deep Learning as Ricci Flow. (2%) Anthony Baptista; Alessandro Barp; Tapabrata Chakraborti; Chris Harbron; Ben D. MacArthur; Christopher R. S. Banerji http://arxiv.org/abs/2404.14406 Hyp-OC: Hyperbolic One Class Classification for Face Anti-Spoofing. (1%) Kartik Narayan; Vishal M. Patel http://arxiv.org/abs/2404.13948 Typos that Broke the RAG's Back: Genetic Attack on RAG Pipeline by Simulating Documents in the Wild via Low-level Perturbations. (1%) Sukmin Cho; Soyeong Jeong; Jeongyeon Seo; Taeho Hwang; Jong C. Park http://arxiv.org/abs/2404.14389 Poisoning Attacks on Federated Learning-based Wireless Traffic Prediction. (1%) Zifan Zhang; Minghong Fang; Jiayuan Huang; Yuchen Liu http://arxiv.org/abs/2404.13621 Attack on Scene Flow using Point Clouds. (98%) Haniyeh Ehsani Oskouie; Mohammad-Shahram Moin; Shohreh Kasaei http://arxiv.org/abs/2404.13631 Fermi-Bose Machine. (87%) Mingshan Xie; Yuchen Wang; Haiping Huang http://arxiv.org/abs/2404.15373 Robust EEG-based Emotion Recognition Using an Inception and Two-sided Perturbation Model. (50%) Shadi Sartipi; Mujdat Cetin http://arxiv.org/abs/2404.16873 AdvPrompter: Fast Adaptive Adversarial Prompting for LLMs. (47%) Anselm Paulus; Arman Zharmagambetov; Chuan Guo; Brandon Amos; Yuandong Tian http://arxiv.org/abs/2404.13827 Swap It Like Its Hot: Segmentation-based spoof attacks on eye-tracking images. (26%) Anish S. Narkar; Brendan David-John http://arxiv.org/abs/2404.13660 Trojan Detection in Large Language Models: Insights from The Trojan Detection Challenge. (1%) Narek Maloyan; Ekansh Verma; Bulat Nutfullin; Bislan Ashinov http://arxiv.org/abs/2404.13518 Reliable Model Watermarking: Defending Against Theft without Compromising on Evasion. (99%) Hongyu Zhu; Sichu Liang; Wentao Hu; Fangqi Li; Ju Jia; Shilin Wang http://arxiv.org/abs/2404.13277 Beyond Score Changes: Adversarial Attack on No-Reference Image Quality Assessment from Two Perspectives. (99%) Chenxi Yang; Yujia Liu; Dingquan Li; Yan Zhong; Tingting Jiang http://arxiv.org/abs/2404.13320 Pixel is a Barrier: Diffusion Models Are More Adversarially Robust Than We Think. (99%) Haotian Xue; Yongxin Chen http://arxiv.org/abs/2404.13279 Backdoor Attacks and Defenses on Semantic-Symbol Reconstruction in Semantic Communications. (41%) Yuan Zhou; Rose Qingyang Hu; Yi Qian http://arxiv.org/abs/2404.12653 How Real Is Real? A Human Evaluation Framework for Unrestricted Adversarial Examples. (99%) Dren Fazlija; Arkadij Orlov; Johanna Schrader; Monty-Maximilian Zühlke; Michael Rohs; Daniel Kudenko http://arxiv.org/abs/2404.12635 AED-PADA:Improving Generalizability of Adversarial Example Detection via Principal Adversarial Domain Adaptation. (99%) Heqi Peng; Yunhong Wang; Ruijie Yang; Beichen Li; Rui Wang; Yuanfang Guo http://arxiv.org/abs/2404.12704 A Clean-graph Backdoor Attack against Graph Convolutional Networks with Poisoned Label Only. (75%) Jiazhu Dai; Haoyu Sun http://arxiv.org/abs/2404.12916 Physical Backdoor Attack can Jeopardize Driving with Vision-Large-Language Models. (5%) Zhenyang Ni; Rui Ye; Yuxi Wei; Zhen Xiang; Yanfeng Wang; Siheng Chen http://arxiv.org/abs/2404.12679 MLSD-GAN -- Generating Strong High Quality Face Morphing Attacks using Latent Semantic Disentanglement. (3%) Aravinda Reddy PN; Raghavendra Ramachandra; Krothapalli Sreenivasa Rao; Pabitra Mitra http://arxiv.org/abs/2404.13224 Model-Based Counterfactual Explanations Incorporating Feature Space Attributes for Tabular Data. (1%) Yuta Sumiya; Hayaru shouno http://arxiv.org/abs/2404.12852 LSP Framework: A Compensatory Model for Defeating Trigger Reverse Engineering via Label Smoothing Poisoning. (1%) Beichen Li; Yuanfang Guo; Heqi Peng; Yangxi Li; Yunhong Wang http://arxiv.org/abs/2404.12120 Fortify the Guardian, Not the Treasure: Resilient Adversarial Detectors. (99%) Raz Lapid; Almog Dubin; Moshe Sipper http://arxiv.org/abs/2404.12274 Advancing the Robustness of Large Language Models through Self-Denoised Smoothing. (98%) Jiabao Ji; Bairu Hou; Zhen Zhang; Guanhua Zhang; Wenqi Fan; Qing Li; Yang Zhang; Gaowen Liu; Sijia Liu; Shiyu Chang http://arxiv.org/abs/2404.12612 SA-Attack: Speed-adaptive stealthy adversarial attack on trajectory prediction. (98%) Huilin Yin; Jiaxiang Li; Pengju Zhen; Jun Yan http://arxiv.org/abs/2404.12014 Enhance Robustness of Language Models Against Variation Attack through Graph Integration. (33%) Zi Xiong; Lizhi Qing; Yangyang Kang; Jiawei Liu; Hongsong Li; Changlong Sun; Xiaozhong Liu; Wei Lu http://arxiv.org/abs/2404.12512 Proteus: Preserving Model Confidentiality during Graph Optimizations. (15%) Yubo Gao; Maryam Haghifam; Christina Giannoula; Renbo Tu; Gennady Pekhimenko; Nandita Vijaykumar http://arxiv.org/abs/2404.12038 Uncovering Safety Risks in Open-source LLMs through Concept Activation Vector. (13%) Zhihao Xu; Ruixuan Huang; Xiting Wang; Fangzhao Wu; Jing Yao; Xing Xie http://arxiv.org/abs/2404.12139 Omniview-Tuning: Boosting Viewpoint Invariance of Vision-Language Pre-training Models. (2%) Shouwei Ruan; Yinpeng Dong; Hanqing Liu; Yao Huang; Hang Su; Xingxing Wei http://arxiv.org/abs/2404.11265 The Victim and The Beneficiary: Exploiting a Poisoned Model to Train a Clean Model on Poisoned Data. (83%) Zixuan Zhu; Rui Wang; Cong Zou; Lihua Jing http://arxiv.org/abs/2404.11538 GenFighter: A Generative and Evolutive Textual Attack Removal. (82%) Md Athikul Islam; Edoardo Serra; Sushil Jajodia http://arxiv.org/abs/2404.11819 Utilizing Adversarial Examples for Bias Mitigation and Accuracy Enhancement. (80%) Pushkar Shukla; Dhruv Srikanth; Lee Cohen; Matthew Turk http://arxiv.org/abs/2404.11665 Exploring DNN Robustness Against Adversarial Attacks Using Approximate Multipliers. (75%) Mohammad Javad Askarizadeh; Ebrahim Farahmand; Jorge Castro-Godinez; Ali Mahani; Laura Cabrera-Quiros; Carlos Salazar-Garcia http://arxiv.org/abs/2404.11207 Exploring the Transferability of Visual Prompting for Multimodal Large Language Models. (2%) Yichi Zhang; Yinpeng Dong; Siyuan Zhang; Tianzan Min; Hang Su; Jun Zhu http://arxiv.org/abs/2404.11330 Toward Understanding the Disagreement Problem in Neural Network Feature Attribution. (1%) Niklas Koenen; Marvin N. Wright http://arxiv.org/abs/2404.11357 Detector Collapse: Backdooring Object Detection to Catastrophic Overload or Blindness. (1%) Hangtao Zhang; Shengshan Hu; Yichen Wang; Leo Yu Zhang; Ziqi Zhou; Xianlong Wang; Yanjun Zhang; Chao Chen http://arxiv.org/abs/2404.15360 Towards Robust and Interpretable EMG-based Hand Gesture Recognition using Deep Metric Meta Learning. (1%) Simon Tam; Shriram Tallam Puranam Raghu; Étienne Buteau; Erik Scheme; Mounir Boukadoum; Alexandre Campeau-Lecours; Benoit Gosselin http://arxiv.org/abs/2404.10335 Efficiently Adversarial Examples Generation for Visual-Language Models under Targeted Transfer Scenarios using Diffusion Models. (99%) Qi Guo; Shanmin Pang; Xiaojun Jia; Qing Guo http://arxiv.org/abs/2404.10408 Adversarial Identity Injection for Semantic Face Image Synthesis. (38%) Giuseppe Tarollo; Tomaso Fontanini; Claudio Ferrari; Guido Borghi; Andrea Prati http://arxiv.org/abs/2404.10499 Robust Noisy Label Learning via Two-Stream Sample Distillation. (1%) Sihan Bai; Sanping Zhou; Zheng Qin; Le Wang; Nanning Zheng http://arxiv.org/abs/2404.10796 Black-box Adversarial Transferability: An Empirical Study in Cybersecurity Perspective. (99%) Khushnaseeb Roshan; Aasim Zafar http://arxiv.org/abs/2404.10202 Towards a Novel Perspective on Adversarial Examples Driven by Frequency. (99%) Zhun Zhang; Yi Zeng; Qihe Liu; Shijie Zhou http://arxiv.org/abs/2404.09961 Ti-Patch: Tiled Physical Adversarial Patch for no-reference video quality metrics. (83%) Victoria Leonenkova; Ekaterina Shumitskaya; Anastasia Antsiferova; Dmitriy Vatolin http://arxiv.org/abs/2404.09475 Improving Weakly-Supervised Object Localization Using Adversarial Erasing and Pseudo Label. (1%) Byeongkeun Kang; Sinhae Cha; Yeejin Lee http://arxiv.org/abs/2404.09599 Enhancing Code Vulnerability Detection via Vulnerability-Preserving Data Augmentation. (1%) Shangqing Liu; Wei Ma; Jian Wang; Xiaofei Xie; Ruitao Feng; Yang Liu http://arxiv.org/abs/2404.10193 Consistency and Uncertainty: Identifying Unreliable Responses From Black-Box Vision-Language Models for Selective Visual Question Answering. (1%) Zaid Khan; Yun Fu http://arxiv.org/abs/2404.09352 Counteracting Concept Drift by Learning with Future Malware Predictions. (96%) Branislav Bosansky; Lada Hospodkova; Michal Najman; Maria Rigaki; Elnaz Babayeva; Viliam Lisy http://arxiv.org/abs/2404.09401 Watermark-embedded Adversarial Examples for Copyright Protection against Diffusion Models. (96%) Peifei Zhu; Tsubasa Takahashi; Hirokatsu Kataoka http://arxiv.org/abs/2404.09349 Adversarial Robustness Limits via Scaling-Law and Human-Alignment Studies. (76%) Brian R. Bartoldson; James Diffenderfer; Konstantinos Parasyris; Bhavya Kailkhura http://arxiv.org/abs/2404.09193 FaceCat: Enhancing Face Recognition Security with a Unified Generative Model Framework. (22%) Jiawei Chen; Xiao Yang; Yinpeng Dong; Hang Su; Jianteng Peng; Zhaoxia Yin http://arxiv.org/abs/2404.08980 Stability and Generalization in Free Adversarial Training. (96%) Xiwei Cheng; Kexin Fu; Farzan Farnia http://arxiv.org/abs/2404.09005 Proof-of-Learning with Incentive Security. (2%) Zishuo Zhao; Zhixuan Fang; Xuechao Wang; Yuan Zhou http://arxiv.org/abs/2404.10789 PASA: Attack Agnostic Unsupervised Adversarial Detection using Prediction & Attribution Sensitivity Analysis. (99%) Dipkamal Bhusal; Md Tanvirul Alam; Monish K. Veerabhadran; Michael Clifford; Sara Rampazzi; Nidhi Rastogi http://arxiv.org/abs/2404.08341 Counterfactual Explanations for Face Forgery Detection via Adversarial Removal of Artifacts. (99%) Yang Li; Songlin Yang; Wei Wang; Ziwen He; Bo Peng; Jing Dong http://arxiv.org/abs/2404.08273 Struggle with Adversarial Defense? Try Diffusion. (99%) Yujie Li; Yanbin Wang; Haitao xu; Bin Liu; Jianguo Sun; Zhenhao Guo; Wenrui Ma http://arxiv.org/abs/2404.10790 Multimodal Attack Detection for Action Recognition Models. (83%) Furkan Mumcu; Yasin Yilmaz http://arxiv.org/abs/2404.08285 A Survey of Neural Network Robustness Assessment in Image Recognition. (83%) Jie Wang; Jun Ai; Minyan Lu; Haoran Su; Dan Yu; Yutao Zhang; Junda Zhu; Jingyu Liu http://arxiv.org/abs/2404.08255 Practical Region-level Attack against Segment Anything Models. (81%) Yifan Shen; Zhengyuan Li; Gang Wang http://arxiv.org/abs/2404.08631 FCert: Certifiably Robust Few-Shot Classification in the Era of Foundation Models. (69%) Yanting Wang; Wei Zou; Jinyuan Jia http://arxiv.org/abs/2404.14418 Mitigating Cascading Effects in Large Adversarial Graph Environments. (2%) James D. Cunningham; Conrad S. Tucker http://arxiv.org/abs/2404.08540 On the Robustness of Language Guidance for Low-Level Vision Tasks: Findings from Depth Estimation. (1%) Agneet Chatterjee; Tejas Gokhale; Chitta Baral; Yezhou Yang http://arxiv.org/abs/2404.08818 Empowering Malware Detection Efficiency within Processing-in-Memory Architecture. (1%) Sreenitha Kasarapu; Sathwika Bavikadi; Sai Manoj Pudukotai Dinakarrao http://arxiv.org/abs/2404.08069 Persistent Classification: A New Approach to Stability of Data and Adversarial Examples. (98%) Brian Bell; Michael Geyer; David Glickenstein; Keaton Hamm; Carlos Scheidegger; Amanda Fernandez; Juston Moore http://arxiv.org/abs/2404.08154 Eliminating Catastrophic Overfitting Via Abnormal Adversarial Examples Regularization. (98%) Runqi Lin; Chaojian Yu; Tongliang Liu http://arxiv.org/abs/2404.07863 Backdoor Contrastive Learning via Bi-level Trigger Optimization. (96%) Weiyu Sun; Xinyu Zhang; Hao Lu; Yingcong Chen; Ting Wang; Jinghui Chen; Lu Lin http://arxiv.org/abs/2404.15344 Adversarial Robustness of Distilled and Pruned Deep Learning-based Wireless Classifiers. (92%) Nayan Moni Baishya; B. R. Manoj http://arxiv.org/abs/2404.07921 AmpleGCG: Learning a Universal and Transferable Generative Model of Adversarial Suffixes for Jailbreaking Both Open and Closed LLMs. (12%) Zeyi Liao; Huan Sun http://arxiv.org/abs/2404.07878 LeapFrog: The Rowhammer Instruction Skip Attack. (4%) Andrew Adiletta; Caner Tol; Berk Sunar http://arxiv.org/abs/2404.08197 Scaling (Down) CLIP: A Comprehensive Analysis of Data, Architecture, and Training Strategies. (1%) Zichao Li; Cihang Xie; Ekin Dogus Cubuk http://arxiv.org/abs/2404.06776 Logit Calibration and Feature Contrast for Robust Federated Learning on Non-IID Data. (99%) Yu Qiao; Chaoning Zhang; Apurba Adhikary; Choong Seon Hong http://arxiv.org/abs/2404.07153 Lost in Translation: Modern Neural Networks Still Struggle With Small Realistic Image Transformations. (82%) Ofir Shifman; Yair Weiss http://arxiv.org/abs/2404.06957 Adversarial purification for no-reference image-quality metrics: applicability study and new methods. (26%) Aleksandr Gushchin; Anna Chistyakova; Vladislav Minashkin; Anastasia Antsiferova; Dmitriy Vatolin http://arxiv.org/abs/2404.06838 Simpler becomes Harder: Do LLMs Exhibit a Coherent Behavior on Simplified Corpora? (2%) Miriam Anschütz; Edoardo Mosca; Georg Groh http://arxiv.org/abs/2404.06971 TrajPRed: Trajectory Prediction with Region-based Relation Learning. (1%) Chen Zhou; Ghassan AlRegib; Armin Parchami; Kunjan Singh http://arxiv.org/abs/2404.08690 Towards Building a Robust Toxicity Predictor. (99%) Dmitriy Bespalov; Sourav Bhabesh; Yi Xiang; Liutong Zhou; Yanjun Qi http://arxiv.org/abs/2404.06313 On adversarial training and the 1 Nearest Neighbor classifier. (99%) Amir Hagai; Yair Weiss http://arxiv.org/abs/2404.06247 LRR: Language-Driven Resamplable Continuous Representation against Adversarial Tracking Attacks. (80%) Jianlang Chen; Xuhong Ren; Qing Guo; Felix Juefei-Xu; Di Lin; Wei Feng; Lei Ma; Jianjun Zhao http://arxiv.org/abs/2404.06236 Towards Robust Domain Generation Algorithm Classification. (80%) Arthur Drichel; Marc Meyer; Ulrike Meyer http://arxiv.org/abs/2404.06666 SafeGen: Mitigating Unsafe Content Generation in Text-to-Image Models. (38%) Xinfeng Li; Yuchen Yang; Jiangyi Deng; Chen Yan; Yanjiao Chen; Xiaoyu Ji; Wenyuan Xu http://arxiv.org/abs/2404.07242 Sandwich attack: Multi-language Mixture Adaptive Attack on LLMs. (31%) Bibek Upadhayay; Vahid Behzadan http://arxiv.org/abs/2404.06230 Aggressive or Imperceptible, or Both: Network Pruning Assisted Hybrid Byzantines in Federated Learning. (26%) Emre Ozfatura; Kerem Ozfatura; Alptekin Kupcu; Deniz Gunduz http://arxiv.org/abs/2404.06694 How to Craft Backdoors with Unlabeled Data Alone? (1%) Yifei Wang; Wenhan Ma; Yisen Wang http://arxiv.org/abs/2404.05350 Certified PEFTSmoothing: Parameter-Efficient Fine-Tuning with Randomized Smoothing. (99%) Chengyan Fu; Wenjie Wang http://arxiv.org/abs/2404.05688 David and Goliath: An Empirical Evaluation of Attacks and Defenses for QNNs at the Deep Edge. (99%) Miguel Costa; Sandro Pinto http://arxiv.org/abs/2404.05311 BruSLeAttack: A Query-Efficient Score-Based Black-Box Sparse Adversarial Attack. (99%) Viet Quoc Vo; Ehsan Abbasnejad; Damith C. Ranasinghe http://arxiv.org/abs/2404.05703 Case Study: Neural Network Malware Detection Verification for Feature and Image Datasets. (98%) Preston K. Robinette; Diego Manzanas Lopez; Serena Serbinowska; Kevin Leach; Taylor T. Johnson http://arxiv.org/abs/2404.05219 Out-of-Distribution Data: An Acquaintance of Adversarial Examples -- A Survey. (98%) Naveen Karunanayake; Ravin Gunawardena; Suranga Seneviratne; Sanjay Chawla http://arxiv.org/abs/2404.05824 Quantum Adversarial Learning for Kernel Methods. (75%) Giuseppe Montalbano; Leonardo Banchi http://arxiv.org/abs/2404.05639 Investigating the Impact of Quantization on Adversarial Robustness. (50%) Qun Li; Yuan Meng; Chen Tang; Jiacheng Jiang; Zhi Wang http://arxiv.org/abs/2404.05680 SphereHead: Stable 3D Full-head Synthesis with Spherical Tri-plane Representation. (1%) Heyuan Li; Ce Chen; Tianhao Shi; Yuda Qiu; Sizhe An; Guanying Chen; Xiaoguang Han http://arxiv.org/abs/2404.05159 Semantic Stealth: Adversarial Text Attacks on NLP Using Several Methods. (99%) Roopkatha Dey; Aivy Debnath; Sayak Kumar Dutta; Kaustav Ghosh; Arijit Mitra; Arghya Roy Chowdhury; Jaydip Sen http://arxiv.org/abs/2404.05130 Enabling Privacy-Preserving Cyber Threat Detection with Federated Learning. (15%) Yu Bi; Yekai Li; Xuan Feng; Xianghang Mi http://arxiv.org/abs/2404.05088 How much reliable is ChatGPT's prediction on Information Extraction under Input Perturbations? (5%) Ishani Mondal; Abhilasha Sancheti http://arxiv.org/abs/2404.04963 SemEval-2024 Task 2: Safe Biomedical Natural Language Inference for Clinical Trials. (1%) Mael Jullien; Marco Valentino; André Freitas http://arxiv.org/abs/2404.04648 CANEDERLI: On The Impact of Adversarial Training and Transferability on CAN Intrusion Detection Systems. (86%) Francesco Marchiori; Mauro Conti http://arxiv.org/abs/2404.04662 Learning Minimal NAP Specifications for Neural Network Verification. (78%) Chuqin Geng; Zhaoyue Wang; Haolin Ye; Saifei Liao; Xujie Si http://arxiv.org/abs/2404.07234 Goal-guided Generative Prompt Injection Attack on Large Language Models. (67%) Chong Zhang; Mingyu Jin; Qinkai Yu; Chengzhi Liu; Haochen Xue; Xiaobo Jin http://arxiv.org/abs/2404.04714 Data Poisoning Attacks on Off-Policy Policy Evaluation Methods. (67%) Elita Lobo; Harvineet Singh; Marek Petrik; Cynthia Rudin; Himabindu Lakkaraju http://arxiv.org/abs/2404.04647 Structured Gradient-based Interpretations via Norm-Regularized Adversarial Training. (61%) Shizhan Gong; Qi Dou; Farzan Farnia http://arxiv.org/abs/2404.04601 Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi Networks. (3%) Yuxiang Yang; Xuewei Feng; Qi Li; Kun Sun; Ziqiang Wang; Ke Xu http://arxiv.org/abs/2404.04245 Evaluating Adversarial Robustness: A Comparison Of FGSM, Carlini-Wagner Attacks, And The Role of Distillation as Defense Mechanism. (99%) Trilokesh Ranjan Sarkar; Nilanjan Das; Pralay Sankar Maitra; Bijoy Some; Ritwik Saha; Orijita Adhikary; Bishal Bose; Jaydip Sen http://arxiv.org/abs/2404.04188 Reliable Feature Selection for Adversarially Robust Cyber-Attack Detection. (98%) João Vitorino; Miguel Silva; Eva Maia; Isabel Praça http://arxiv.org/abs/2404.04375 Compositional Estimation of Lipschitz Constants for Deep Neural Networks. (13%) Yuezhu Xu; S. Sivaranjani http://arxiv.org/abs/2404.04139 Precision Guided Approach to Mitigate Data Poisoning Attacks in Federated Learning. (12%) K Naveen Kumar; C Krishna Mohan; Aravind Machiry http://arxiv.org/abs/2404.03340 Meta Invariance Defense Towards Generalizable Robustness to Unknown Adversarial Attacks. (99%) Lei Zhang; Yuhang Zhou; Yi Yang; Xinbo Gao http://arxiv.org/abs/2404.03225 FACTUAL: A Novel Framework for Contrastive Learning Based Robust SAR Image Classification. (98%) Xu Wang; Tian Ye; Rajgopal Kannan; Viktor Prasanna http://arxiv.org/abs/2404.03233 Learn What You Want to Unlearn: Unlearning Inversion Attacks against Machine Unlearning. (16%) Hongsheng Hu; Shuo Wang; Tian Dong; Minhui Xue http://arxiv.org/abs/2404.03411 Red Teaming GPT-4V: Are GPT-4V Safe Against Uni/Multi-Modal Jailbreak Attacks? (2%) Shuo Chen; Zhen Han; Bailan He; Zifeng Ding; Wenqian Yu; Philip Torr; Volker Tresp; Jindong Gu http://arxiv.org/abs/2404.03348 Knowledge Distillation-Based Model Extraction Attack using Private Counterfactual Explanations. (2%) Fatima Ezzeddine; Omran Ayoub; Silvia Giordano http://arxiv.org/abs/2404.02660 Adversarial Attacks and Dimensionality in Text Classifiers. (99%) Nandish Chattopadhyay; Atreya Goswami; Anupam Chattopadhyay http://arxiv.org/abs/2404.02585 Unsegment Anything by Simulating Deformation. (97%) Jiahao Lu; Xingyi Yang; Xinchao Wang http://arxiv.org/abs/2404.02832 "Are Adversarial Phishing Webpages a Threat in Reality?" Understanding the Users' Perception of Adversarial Webpages. (81%) Ying Yuan; Qingying Hao; Giovanni Apruzzese; Mauro Conti; Gang Wang http://arxiv.org/abs/2404.03027 JailBreakV-28K: A Benchmark for Assessing the Robustness of MultiModal Large Language Models against Jailbreak Attacks. (75%) Weidi Luo; Siyuan Ma; Xiaogeng Liu; Xiaoyu Guo; Chaowei Xiao http://arxiv.org/abs/2404.02532 Learn to Disguise: Avoid Refusal Responses in LLM's Defense via a Multi-agent Attacker-Disguiser Game. (11%) Qianqiao Xu; Zhiliang Tian; Hongyan Wu; Zhen Huang; Yiping Song; Feng Liu; Dongsheng Li http://arxiv.org/abs/2404.02462 A Unified Membership Inference Method for Visual Self-supervised Encoder via Part-aware Capability. (9%) Jie Zhu; Jirong Zha; Ding Li; Leye Wang http://arxiv.org/abs/2404.02889 Steganographic Passport: An Owner and User Verifiable Credential for Deep Model IP Protection Without Retraining. (1%) Qi Cui; Ruohan Meng; Chaohui Xu; Chip-Hong Chang http://arxiv.org/abs/2404.01907 Humanizing Machine-Generated Content: Evading AI-Text Detection through Adversarial Attack. (99%) Ying Zhou; Ben He; Le Sun http://arxiv.org/abs/2404.01642 ADVREPAIR:Provable Repair of Adversarial Attack. (99%) Zhiming Chi; Jianan Ma; Pengfei Yang; Cheng-Chao Huang; Renjue Li; Xiaowei Huang; Lijun Zhang http://arxiv.org/abs/2404.02928 Jailbreaking Prompt Attack: A Controllable Adversarial Attack against Diffusion Models. (97%) Jiachen Ma; Anda Cao; Zhiqing Xiao; Jie Zhang; Chao Ye; Junbo Zhao http://arxiv.org/abs/2404.02287 One Noise to Rule Them All: Multi-View Adversarial Attacks with Universal Perturbation. (92%) Mehmet Ergezer; Phat Duong; Christian Green; Tommy Nguyen; Abdurrahman Zeybey http://arxiv.org/abs/2404.01828 Defense without Forgetting: Continual Adversarial Defense with Anisotropic & Isotropic Pseudo Replay. (88%) Yuhang Zhou; Zhongyun Hua http://arxiv.org/abs/2404.02151 Jailbreaking Leading Safety-Aligned LLMs with Simple Adaptive Attacks. (82%) Maksym Andriushchenko; Francesco Croce; Nicolas Flammarion http://arxiv.org/abs/2404.02931 READ: Improving Relation Extraction from an ADversarial Perspective. (81%) Dawei Li; William Hogan; Jingbo Shang http://arxiv.org/abs/2404.02356 Two Heads are Better than One: Nested PoE for Robust Defense Against Multi-Backdoors. (64%) Victoria Graf; Qin Liu; Muhao Chen http://arxiv.org/abs/2404.02067 Red-Teaming Segment Anything Model. (45%) Krzysztof Jankowski; Bartlomiej Sobieski; Mateusz Kwiatkowski; Jakub Szulc; Michal Janik; Hubert Baniecki; Przemyslaw Biecek http://arxiv.org/abs/2404.02242 Towards Robust 3D Pose Transfer with Adversarial Learning. (31%) Haoyu Chen; Hao Tang; Ehsan Adeli; Guoying Zhao http://arxiv.org/abs/2404.02440 Designing a Photonic Physically Unclonable Function Having Resilience to Machine Learning Attacks. (12%) Elena R. Henderson; Jessie M. Henderson; Hiva Shahoei; William V. Oxford; Eric C. Larson; Duncan L. MacFarlane; Mitchell A. Thornton http://arxiv.org/abs/2404.02406 Exploring Backdoor Vulnerabilities of Chat Models. (2%) Yunzhuo Hao; Wenkai Yang; Yankai Lin http://arxiv.org/abs/2404.02388 CAPE: CAM as a Probabilistic Ensemble for Enhanced DNN Interpretation. (1%) Townim Faisal Chowdhury; Kewen Liao; Vu Minh Hieu Phan; Minh-Son To; Yutong Xie; Kevin Hung; David Ross; Anton van den Hengel; Johan W. Verjans; Zhibin Liao http://arxiv.org/abs/2404.01356 The Double-Edged Sword of Input Perturbations to Robust Accurate Fairness. (99%) Xuran Li; Peng Wu; Yanting Chen; Xingjun Ma; Zhen Zhang; Kaixiang Dong http://arxiv.org/abs/2404.01574 Multi-granular Adversarial Attacks against Black-box Neural Ranking Models. (99%) Yu-An Liu; Ruqing Zhang; Jiafeng Guo; Rijke Maarten de; Yixing Fan; Xueqi Cheng http://arxiv.org/abs/2404.00924 BadPart: Unified Black-box Adversarial Patch Attacks against Pixel-wise Regression Tasks. (93%) Zhiyuan Cheng; Zhaoyi Liu; Tengda Guo; Shiwei Feng; Dongfang Liu; Mingjie Tang; Xiangyu Zhang http://arxiv.org/abs/2404.01177 Poisoning Decentralized Collaborative Recommender System and Its Countermeasures. (33%) Ruiqi Zheng; Liang Qu; Tong Chen; Kai Zheng; Yuhui Shi; Hongzhi Yin http://arxiv.org/abs/2404.01509 Can Biases in ImageNet Models Explain Generalization? (10%) Paul Gavrikov; Janis Keuper http://arxiv.org/abs/2404.01101 UFID: A Unified Framework for Input-level Backdoor Detection on Diffusion Models. (10%) Zihan Guan; Mengxuan Hu; Sheng Li; Anil Vullikanti http://arxiv.org/abs/2404.01231 Privacy Backdoors: Enhancing Membership Inference through Poisoning Pre-trained Models. (2%) Yuxin Wen; Leo Marchyok; Sanghyun Hong; Jonas Geiping; Tom Goldstein; Nicholas Carlini http://arxiv.org/abs/2404.01109 An incremental hybrid adaptive network-based IDS in Software Defined Networks to detect stealth attacks. (1%) Abdullah H Alqahtani http://arxiv.org/abs/2404.00828 PID Control-Based Self-Healing to Improve the Robustness of Large Language Models. (75%) Zhuotong Chen; Zihu Wang; Yifan Yang; Qianxiao Li; Zheng Zhang http://arxiv.org/abs/2404.00897 Machine Learning Robustness: A Primer. (62%) Houssem Ben Braiek; Foutse Khomh http://arxiv.org/abs/2404.00362 STBA: Towards Evaluating the Robustness of DNNs for Query-Limited Black-box Scenario. (99%) Renyang Liu; Kwok-Yan Lam; Wei Zhou; Sixing Wu; Jun Zhao; Dongting Hu; Mingming Gong http://arxiv.org/abs/2404.00540 Embodied Active Defense: Leveraging Recurrent Feedback to Counter Adversarial Patches. (98%) Lingxuan Wu; Xiao Yang; Yinpeng Dong; Liuwei Xie; Hang Su; Jun Zhu http://arxiv.org/abs/2404.00461 Shortcuts Arising from Contrast: Effective and Covert Clean-Label Attacks in Prompt-Based Learning. (5%) Xiaopeng Xie; Ming Yan; Xiwen Zhou; Chenlong Zhao; Suli Wang; Yong Zhang; Joey Tianyi Zhou http://arxiv.org/abs/2404.00185 On Inherent Adversarial Robustness of Active Vision Systems. (99%) Amitangshu Mukherjee; Timur Ibrayev; Kaushik Roy http://arxiv.org/abs/2403.20254 Benchmarking the Robustness of Temporal Action Detection Models Against Temporal Corruptions. (68%) Runhao Zeng; Xiaoyong Chen; Jiaming Liang; Huisi Wu; Guangzhong Cao; Yong Guo http://arxiv.org/abs/2404.00114 Deepfake Sentry: Harnessing Ensemble Intelligence for Resilient Detection and Generalisation. (8%) Liviu-Daniel University "Politehnica" of Bucharest, Romania Ştefan; Dan-Cristian University "Politehnica" of Bucharest, Romania Stanciu; Mihai University "Politehnica" of Bucharest, Romania Dogariu; Mihai Gabriel University "Politehnica" of Bucharest, Romania Constantin; Andrei Cosmin University "Politehnica" of Bucharest, Romania Jitaru; Bogdan University "Politehnica" of Bucharest, Romania Ionescu http://arxiv.org/abs/2403.20127 The Impact of Prompts on Zero-Shot Detection of AI-Generated Text. (2%) Kaito Taguchi; Yujie Gu; Kouichi Sakurai http://arxiv.org/abs/2404.00095 GDA: Generalized Diffusion for Robust Test-time Adaptation. (1%) Yun-Yun Tsai; Fu-Chen Chen; Albert Y. C. Chen; Junfeng Yang; Che-Chun Su; Min Sun; Cheng-Hao Kuo http://arxiv.org/abs/2404.00108 Efficient Data-Free Model Stealing with Label Diversity. (1%) Yiyong Liu; Rui Wen; Michael Backes; Yang Zhang http://arxiv.org/abs/2403.20056 Cross-Lingual Transfer Robustness to Lower-Resource Languages on Adversarial Datasets. (1%) Shadi Manafi; Nikhil Krishnaswamy http://arxiv.org/abs/2403.19150 Towards Understanding Dual BN In Hybrid Adversarial Training. (82%) Chenshuang Zhang; Chaoning Zhang; Kang Zhang; Axi Niu; Junmo Kim; In So Kweon http://arxiv.org/abs/2403.19559 Improving Adversarial Data Collection by Supporting Annotators: Lessons from GAHD, a German Hate Speech Dataset. (82%) Janis Goldzycher; Paul Röttger; Gerold Schneider http://arxiv.org/abs/2403.19510 On the Robustness of LDP Protocols for Numerical Attributes under Data Poisoning Attacks. (41%) Xiaoguang Li; Zitao Li; Ninghui Li; Wenhai Sun http://arxiv.org/abs/2403.19326 MedBN: Robust Test-Time Adaptation against Malicious Test Samples. (10%) Hyejin Park; Jeongyeon Hwang; Sunung Mun; Sangdon Park; Jungseul Ok http://arxiv.org/abs/2404.00076 A Backdoor Approach with Inverted Labels Using Dirty Label-Flipping Attacks. (1%) Orson Mengara http://arxiv.org/abs/2403.19254 Imperceptible Protection against Style Imitation from Diffusion Models. (1%) Namhyuk Ahn; Wonhyuk Ahn; KiYoon Yoo; Daesik Kim; Seung-Hun Nam http://arxiv.org/abs/2403.18318 Uncertainty-Aware SAR ATR: Defending Against Adversarial Attacks via Bayesian Neural Networks. (99%) Tian Ye; Rajgopal Kannan; Viktor Prasanna; Carl Busart http://arxiv.org/abs/2403.18554 CosalPure: Learning Concept from Group Images for Robust Co-Saliency Detection. (99%) Jiayi Zhu; Qing Guo; Felix Juefei-Xu; Yihao Huang; Yang Liu; Geguang Pu http://arxiv.org/abs/2403.19080 MMCert: Provable Defense against Adversarial Attacks to Multi-modal Models. (98%) Yanting Wang; Hongye Fu; Wei Zou; Jinyuan Jia http://arxiv.org/abs/2403.18309 Bayesian Learned Models Can Detect Adversarial Malware For Free. (97%) Bao Gia Doan; Dang Quang Nguyen; Paul Montague; Tamas Abraham; Vel Olivier De; Seyit Camtepe; Salil S. Kanhere; Ehsan Abbasnejad; Damith C. Ranasinghe http://arxiv.org/abs/2403.18580 MisGUIDE : Defense Against Data-Free Deep Learning Model Extraction. (95%) Mahendra Gurve; Sankar Behera; Satyadev Ahlawat; Yamuna Prasad http://arxiv.org/abs/2403.19009 Towards Sustainable SecureML: Quantifying Carbon Footprint of Adversarial Machine Learning. (83%) Syed Mhamudul Hasan; Abdur R. Shahid; Ahmed Imteaj http://arxiv.org/abs/2403.18674 Deep Learning for Robust and Explainable Models in Computer Vision. (82%) Mohammadreza Amirian http://arxiv.org/abs/2403.18423 SemRoDe: Macro Adversarial Training to Learn Representations That are Robust to Word-Level Attacks. (81%) Brian Formento; Wenjie Feng; Chuan Sheng Foo; Luu Anh Tuan; See-Kiong Ng http://arxiv.org/abs/2404.01318 JailbreakBench: An Open Robustness Benchmark for Jailbreaking Large Language Models. (50%) Patrick Chao; Edoardo Debenedetti; Alexander Robey; Maksym Andriushchenko; Francesco Croce; Vikash Sehwag; Edgar Dobriban; Nicolas Flammarion; George J. Pappas; Florian Tramer; Hamed Hassani; Eric Wong http://arxiv.org/abs/2403.18624 Vulnerability Detection with Code Language Models: How Far Are We? (26%) Yangruibo Ding; Yanjun Fu; Omniyyah Ibrahim; Chawin Sitawarin; Xinyun Chen; Basel Alomair; David Wagner; Baishakhi Ray; Yizheng Chen http://arxiv.org/abs/2403.18607 Spikewhisper: Temporal Spike Backdoor Attacks on Federated Neuromorphic Learning over Low-power Devices. (15%) Hanqing Fu; Gaolei Li; Jun Wu; Jianhua Li; Xi Lin; Kai Zhou; Yuchen Liu http://arxiv.org/abs/2403.18985 Robustness and Visual Explanation for Black Box Image, Video, and ECG Signal Classification with Reinforcement Learning. (15%) Soumyendu Sarkar; Ashwin Ramesh Babu; Sajad Mousavi; Vineet Gundecha; Avisek Naug; Sahand Ghorbanpour http://arxiv.org/abs/2403.18587 The Impact of Uniform Inputs on Activation Sparsity and Energy-Latency Attacks in Computer Vision. (11%) Andreas Müller; Erwin Quiring http://arxiv.org/abs/2403.18671 Fact Checking Beyond Training Set. (1%) Payam Karisani; Heng Ji http://arxiv.org/abs/2403.18373 BAM: Box Abstraction Monitors for Real-time OoD Detection in Object Detection. (1%) Changshun Wu; Weicheng He; Chih-Hong Cheng; Xiaowei Huang; Saddek Bensalem http://arxiv.org/abs/2403.17755 DataCook: Crafting Anti-Adversarial Examples for Healthcare Data Copyright Protection. (92%) Sihan Shang; Jiancheng Yang; Zhenglong Sun; Pascal Fua http://arxiv.org/abs/2403.17494 FaultGuard: A Generative Approach to Resilient Fault Prediction in Smart Electrical Grids. (78%) Emad Efatinasab; Francesco Marchiori; Alessandro Brighente; Mirco Rampazzo; Mauro Conti http://arxiv.org/abs/2403.17520 Boosting Adversarial Training via Fisher-Rao Norm-based Regularization. (69%) Xiangyu Yin; Wenjie Ruan http://arxiv.org/abs/2403.18872 Targeted Visualization of the Backbone of Encoder LLMs. (9%) Isaac Roberts; Alexander Schulz; Luca Hermes; Barbara Hammer http://arxiv.org/abs/2403.17710 Optimization-based Prompt Injection Attack to LLM-as-a-Judge. (4%) Jiawen Shi; Zenghui Yuan; Yinuo Liu; Yue Huang; Pan Zhou; Lichao Sun; Neil Zhenqiang Gong http://arxiv.org/abs/2403.18144 Leak and Learn: An Attacker's Cookbook to Train Using Leaked Data from Federated Learning. (1%) Joshua C. Zhao; Ahaan Dabholkar; Atul Sharma; Saurabh Bagchi http://arxiv.org/abs/2403.17860 Exploring LLMs as a Source of Targeted Synthetic Textual Data to Minimize High Confidence Misclassifications. (1%) Philip Lippmann; Matthijs Spaan; Jie Yang http://arxiv.org/abs/2403.16432 $\textit{LinkPrompt}$: Natural and Universal Adversarial Attacks on Prompt-based Language Models. (99%) Yue Xu; Wenjie Wang http://arxiv.org/abs/2403.17301 Physical 3D Adversarial Attacks against Monocular Depth Estimation in Autonomous Driving. (98%) Junhao Zheng; Chenhao Lin; Jiahao Sun; Zhengyu Zhao; Qian Li; Chao Shen http://arxiv.org/abs/2403.16782 The Anatomy of Adversarial Attacks: Concept-based XAI Dissection. (87%) Georgii Mikriukov; Gesina Schwalbe; Franz Motzkus; Korinna Bade http://arxiv.org/abs/2403.16768 DeepKnowledge: Generalisation-Driven Deep Learning Testing. (82%) Sondess Missaoui; Simos Gerasimou; Nikolaos Matragkas http://arxiv.org/abs/2403.16569 Revealing Vulnerabilities of Neural Networks in Parameter Learning and Defense Against Explanation-Aware Backdoors. (70%) Md Abdul Kadir; GowthamKrishna Addluri; Daniel Sonntag http://arxiv.org/abs/2403.17188 LOTUS: Evasive and Resilient Backdoor Attacks through Sub-Partitioning. (69%) Siyuan Cheng; Guanhong Tao; Yingqi Liu; Guangyu Shen; Shengwei An; Shiwei Feng; Xiangzhe Xu; Kaiyuan Zhang; Shiqing Ma; Xiangyu Zhang http://arxiv.org/abs/2403.16479 Model-less Is the Best Model: Generating Pure Code Implementations to Replace On-Device DL Models. (1%) Mingyi Zhou; Xiang Gao; Pei Liu; John Grundy; Chunyang Chen; Xiao Chen; Li Li http://arxiv.org/abs/2403.16176 Subspace Defense: Discarding Adversarial Perturbations by Learning a Subspace for Clean Signals. (99%) Rui Zheng; Yuhao Zhou; Zhiheng Xi; Tao Gui; Qi Zhang; Xuanjing Huang http://arxiv.org/abs/2403.16405 Ensemble Adversarial Defense via Integration of Multiple Dispersed Low Curvature Models. (98%) Kaikang Zhao; Xi Chen; Wei Huang; Liuxin Ding; Xianglong Kong; Fan Zhang http://arxiv.org/abs/2403.16067 Robust Diffusion Models for Adversarial Purification. (73%) Guang Lin; Zerui Tao; Jianhai Zhang; Toshihisa Tanaka; Qibin Zhao http://arxiv.org/abs/2403.16257 Unlearning Backdoor Threats: Enhancing Backdoor Defense in Multimodal Contrastive Learning via Local Token Unlearning. (5%) Siyuan Liang; Kuanrong Liu; Jiajun Gong; Jiawei Liang; Yuan Xun; Ee-Chien Chang; Xiaochun Cao http://arxiv.org/abs/2403.16206 Rumor Detection with a novel graph neural network approach. (4%) Tianrui Liu; Qi Cai; Changxin Xu; Bo Hong; Fanghao Ni; Yuxin Qiao; Tsungwei Yang http://arxiv.org/abs/2403.16365 Generating Potent Poisons and Backdoors from Scratch with Guided Diffusion. (2%) Hossein Souri; Arpit Bansal; Hamid Kazemi; Liam Fowl; Aniruddha Saha; Jonas Geiping; Andrew Gordon Wilson; Rama Chellappa; Tom Goldstein; Micah Goldblum http://arxiv.org/abs/2403.16050 A General and Efficient Federated Split Learning with Pre-trained Image Transformers for Heterogeneous Data. (1%) Yifan Shi; Yuhui Zhang; Ziyue Huang; Xiaofeng Yang; Li Shen; Wei Chen; Xueqian Wang http://arxiv.org/abs/2403.15918 An Embarrassingly Simple Defense Against Backdoor Attacks On SSL. (70%) Aryan Satpathy; Nilaksh; Dhruva Rajwade http://arxiv.org/abs/2403.15786 Adversarial Defense Teacher for Cross-Domain Object Detection under Poor Visibility Conditions. (64%) Kaiwen Wang; Yinzhe Shen; Martin Lauer http://arxiv.org/abs/2403.15207 Robust optimization for adversarial learning with finite sample complexity guarantees. (96%) André Bertolace; Konstatinos Gatsis; Kostas Margellos http://arxiv.org/abs/2403.15365 A Transfer Attack to Image Watermarks. (95%) Yuepeng Hu; Zhengyuan Jiang; Moyang Guo; Neil Gong http://arxiv.org/abs/2403.15271 From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices. (26%) Yue Xiao; Yi He; Xiaoli Zhang; Qian Wang; Renjie Xie; Kun Sun; Ke Xu; Qi Li http://arxiv.org/abs/2403.15010 Clean-image Backdoor Attacks. (12%) Dazhong Rong; Guoyao Yu; Shuheng Shen; Xinyi Fu; Peng Qian; Jianhai Chen; Qinming He; Xing Fu; Weiqiang Wang http://arxiv.org/abs/2403.15603 Forward Learning for Gradient-based Black-box Saliency Map Generation. (1%) Zeliang Zhang; Mingqian Feng; Jinyang Jiang; Rongyi Zhu; Yijie Peng; Chenliang Xu http://arxiv.org/abs/2403.14778 Diffusion Attack: Leveraging Stable Diffusion for Naturalistic Image Attacking. (99%) Qianyu Guo; Jiaming Fu; Yawen Lu; Dongming Gan http://arxiv.org/abs/2403.14774 Few-Shot Adversarial Prompt Learning on Vision-Language Models. (98%) Yiwei Zhou; Xiaobo Xia; Zhiwei Lin; Bo Han; Tongliang Liu http://arxiv.org/abs/2403.14731 Reversible Jump Attack to Textual Classifiers with Modification Reduction. (98%) Mingze Ni; Zhensu Sun; Wei Liu http://arxiv.org/abs/2403.14772 Improving Robustness to Model Inversion Attacks via Sparse Coding Architectures. (82%) Sayanton V. Dibbo; Adam Breuer; Juston Moore; Michael Teti http://arxiv.org/abs/2403.14489 Adversary-Robust Graph-Based Learning of WSIs. (45%) Saba Heidari Gheshlaghi; Milan Aryal; Nasim Yahyasoltani; Masoud Ganji http://arxiv.org/abs/2403.14250 Safeguarding Medical Image Segmentation Datasets against Unauthorized Training via Contour- and Texture-Aware Perturbations. (4%) Xun Lin; Yi Yu; Song Xia; Jue Jiang; Haoran Wang; Zitong Yu; Yizhong Liu; Ying Fu; Shuai Wang; Wenzhong Tang; Alex Kot http://arxiv.org/abs/2403.13507 FMM-Attack: A Flow-based Multi-modal Adversarial Attack on Video-based LLMs. (97%) Jinmin Li; Kuofeng Gao; Yang Bai; Jingyun Zhang; Shu-tao Xia; Yisen Wang http://arxiv.org/abs/2403.13322 DD-RobustBench: An Adversarial Robustness Benchmark for Dataset Distillation. (96%) Yifan Wu; Jiawei Du; Ping Liu; Yuewei Lin; Wenqing Cheng; Wei Xu http://arxiv.org/abs/2403.13867 Capsule Neural Networks as Noise Stabilizer for Time Series Data. (93%) Soyeon Kim; Jihyeon Seong; Hyunkyung Han; Jaesik Choi http://arxiv.org/abs/2403.13502 Adversarial Attacks and Defenses in Automated Control Systems: A Comprehensive Benchmark. (70%) Vitaliy Pozdnyakov; Aleksandr Kovalenko; Ilya Makarov; Mikhail Drobyshevskiy; Kirill Lukyanov http://arxiv.org/abs/2403.13778 Certified Human Trajectory Prediction. (61%) Mohammadhossein Bahari; Saeed Saadatnejad; Amirhossein Asgari Farsangi; Seyed-Mohsen Moosavi-Dezfooli; Alexandre Alahi http://arxiv.org/abs/2403.13523 Have You Poisoned My Data? Defending Neural Networks against Data Poisoning. (54%) Gaspari Fabio De; Dorjan Hitaj; Luigi V. Mancini http://arxiv.org/abs/2403.14720 Defending Against Indirect Prompt Injection Attacks With Spotlighting. (31%) Keegan Hines; Gary Lopez; Matthew Hall; Federico Zarfati; Yonatan Zunger; Emre Kiciman http://arxiv.org/abs/2403.15467 Don't be a Fool: Pooling Strategies in Offensive Language Detection from User-Intended Adversarial Attacks. (11%) Seunguk Yu; Juhwan Choi; Youngbin Kim http://arxiv.org/abs/2403.13355 BadEdit: Backdooring large language models by model editing. (1%) Yanzhou Li; Tianlin Li; Kangjie Chen; Jian Zhang; Shangqing Liu; Wenhan Wang; Tianwei Zhang; Yang Liu http://arxiv.org/abs/2403.13590 Teacher-Student Training for Debiasing: General Permutation Debiasing for Large Language Models. (1%) Adian Liusie; Yassir Fathullah; Mark J. F. Gales http://arxiv.org/abs/2403.13682 Threats, Attacks, and Defenses in Machine Unlearning: A Survey. (1%) Ziyao Liu; Huanyi Ye; Chen Chen; Kwok-Yan Lam http://arxiv.org/abs/2403.12693 As Firm As Their Foundations: Can open-sourced foundation models be used to create adversarial examples for downstream tasks? (99%) Anjun Hu; Jindong Gu; Francesco Pinto; Konstantinos Kamnitsas; Philip Torr http://arxiv.org/abs/2403.12445 Boosting Transferability in Vision-Language Attacks via Diversification along the Intersection Region of Adversarial Trajectory. (99%) Sensen Gao; Xiaojun Jia; Xuhong Ren; Ivor Tsang; Qing Guo http://arxiv.org/abs/2403.13196 ADAPT to Robustify Prompt Tuning Vision Transformers. (98%) Masih Eskandar; Tooba Imtiaz; Zifeng Wang; Jennifer Dy http://arxiv.org/abs/2403.13031 RigorLLM: Resilient Guardrails for Large Language Models against Undesired Content. (8%) Zhuowen Yuan; Zidi Xiong; Yi Zeng; Ning Yu; Ruoxi Jia; Dawn Song; Bo Li http://arxiv.org/abs/2403.13134 Robust NAS under adversarial training: benchmark, theory, and beyond. (2%) Yongtao Wu; Fanghui Liu; Carl-Johann Simon-Gabriel; Grigorios G Chrysos; Volkan Cevher http://arxiv.org/abs/2403.12777 Discover and Mitigate Multiple Biased Subgroups in Image Classifiers. (1%) Zeliang Zhang; Mingqian Feng; Zhiheng Li; Chenliang Xu http://arxiv.org/abs/2403.11981 Diffusion Denoising as a Certified Defense against Clean-label Poisoning. (99%) Sanghyun Hong; Nicholas Carlini; Alexey Kurakin http://arxiv.org/abs/2403.11833 SSCAE -- Semantic, Syntactic, and Context-aware natural language Adversarial Examples generator. (99%) Javad Rafiei Asl; Mohammad H. Rafiei; Manar Alohaly; Daniel Takabi http://arxiv.org/abs/2403.11656 LocalStyleFool: Regional Video Style Transfer Attack Using Segment Anything Model. (99%) Yuxin Cao; Jinghao Li; Xi Xiao; Derui Wang; Minhui Xue; Hao Ge; Wei Liu; Guangwu Hu http://arxiv.org/abs/2403.13018 Invisible Backdoor Attack Through Singular Value Decomposition. (96%) Wenmin Chen; Xiaowei Xu http://arxiv.org/abs/2403.11830 Problem space structural adversarial attacks for Network Intrusion Detection Systems based on Graph Neural Networks. (88%) Andrea Venturi; Dario Stabili; Mirco Marchetti http://arxiv.org/abs/2403.13017 Impart: An Imperceptible and Effective Label-Specific Backdoor Attack. (83%) Jingke Zhao; Zan Wang; Yongwei Wang; Lanjun Wang http://arxiv.org/abs/2403.11515 SSAP: A Shape-Sensitive Adversarial Patch for Comprehensive Disruption of Monocular Depth Estimation in Autonomous Navigation Applications. (78%) Amira Guesmi; Muhammad Abdullah Hanif; Ihsen Alouani; Bassem Ouni; Muhammad Shafique http://arxiv.org/abs/2403.12399 Electioneering the Network: Dynamic Multi-Step Adversarial Attacks for Community Canvassing. (61%) Saurabh Sharma; Ambuj SIngh http://arxiv.org/abs/2403.12371 Advancing Time Series Classification with Multimodal Language Modeling. (1%) Mingyue Cheng; Yiheng Chen; Qi Liu; Zhiding Liu; Yucong Luo http://arxiv.org/abs/2403.11397 Defense Against Adversarial Attacks on No-Reference Image Quality Models with Gradient Norm Regularization. (99%) Yujia Liu; Chenxi Yang; Dingquan Li; Jianhao Ding; Tingting Jiang http://arxiv.org/abs/2403.11297 A Modified Word Saliency-Based Adversarial Attack on Text Classification Models. (99%) Hetvi Waghela; Sneha Rakshit; Jaydip Sen http://arxiv.org/abs/2403.11448 Robust Overfitting Does Matter: Test-Time Adversarial Purification With FGSM. (99%) Linyu Tang; Lei Zhang http://arxiv.org/abs/2403.11265 Forging the Forger: An Attempt to Improve Authorship Verification via Data Augmentation. (76%) Silvia Corbara; Alejandro Moreo http://arxiv.org/abs/2403.11082 RobustSentEmbed: Robust Sentence Embeddings Using Adversarial Self-Supervised Contrastive Learning. (50%) Javad Rafiei Asl; Prajwal Panzade; Eduardo Blanco; Daniel Takabi; Zhipeng Cai http://arxiv.org/abs/2403.11348 COLEP: Certifiably Robust Learning-Reasoning Conformal Prediction via Probabilistic Circuits. (22%) Mintong Kang; Nezihe Merve Gürel; Linyi Li; Bo Li http://arxiv.org/abs/2403.13010 A Dual-Tier Adaptive One-Class Classification IDS for Emerging Cyberthreats. (9%) Md. Ashraf Uddin; Sunil Aryal; Mohamed Reda Bouadjenek; Muna Al-Hawawreh; Md. Alamin Talukder http://arxiv.org/abs/2403.13013 Hierarchical Classification for Intrusion Detection System: Effective Design and Empirical Analysis. (2%) Md. Ashraf Uddin; Sunil Aryal; Mohamed Reda Bouadjenek; Muna Al-Hawawreh; Md. Alamin Talukder http://arxiv.org/abs/2403.11206 CBR - Boosting Adaptive Classification By Retrieval of Encrypted Network Traffic with Out-of-distribution. (1%) Amir Lukach; Ran Dubin; Amit Dvir; Chen Hajaj http://arxiv.org/abs/2403.11166 Pencil: Private and Extensible Collaborative Learning without the Non-Colluding Assumption. (1%) Xuanqi Liu; Zhuotao Liu; Qi Li; Ke Xu; Mingwei Xu http://arxiv.org/abs/2403.10801 Securely Fine-tuning Pre-trained Encoders Against Adversarial Examples. (98%) Ziqi Zhou; Minghui Li; Wei Liu; Shengshan Hu; Yechao Zhang; Wei Wan; Lulu Xue; Leo Yu Zhang; Dezhong Yang; Hai Jin http://arxiv.org/abs/2403.10935 Understanding Robustness of Visual State Space Models for Image Classification. (98%) Chengbin Du; Yanxi Li; Chang Xu http://arxiv.org/abs/2403.10883 Improving Adversarial Transferability of Visual-Language Pre-training Models through Collaborative Multimodal Interaction. (92%) Jiyuan Fu; Zhaoyu Chen; Kaixun Jiang; Haijing Guo; Jiafeng Wang; Shuyong Gao; Wenqiang Zhang http://arxiv.org/abs/2403.10995 Edge Private Graph Neural Networks with Singular Value Perturbation. (11%) Tingting Tang; Yue Niu; Salman Avestimehr; Murali Annavaram http://arxiv.org/abs/2403.10076 Benchmarking Adversarial Robustness of Image Shadow Removal with Shadow-adaptive Attacks. (99%) Chong Wang; Yi Yu; Lanqing Guo; Bihan Wen http://arxiv.org/abs/2403.10330 Towards Non-Adversarial Algorithmic Recourse. (99%) Tobias Leemann; Martin Pawelczyk; Bardh Prenkaj; Gjergji Kasneci http://arxiv.org/abs/2403.10021 Time-Frequency Jointed Imperceptible Adversarial Attack to Brainprint Recognition with Deep Learning Models. (99%) Hangjie Yi; Yuhang Ming; Dongjun Liu; Wanzeng Kong http://arxiv.org/abs/2403.10461 Introducing Adaptive Continuous Adversarial Training (ACAT) to Enhance ML Robustness. (87%) Mohamed elShehaby; Aditya Kotha; Ashraf Matrawy http://arxiv.org/abs/2403.10073 Revisiting Adversarial Training under Long-Tailed Distributions. (80%) Xinli Yue; Ningping Mou; Qian Wang; Lingchen Zhao http://arxiv.org/abs/2403.10045 Towards Adversarially Robust Dataset Distillation by Curvature Regularization. (54%) Eric Xue; Yijiang Li; Haoyang Liu; Yifan Shen; Haohan Wang http://arxiv.org/abs/2403.10313 Interactive Trimming against Evasive Online Data Manipulation Attacks: A Game-Theoretic Approach. (50%) Yue Fu; Qingqing Ye; Rong Du; Haibo Hu http://arxiv.org/abs/2403.10005 Securing Federated Learning with Control-Flow Attestation: A Novel Framework for Enhanced Integrity and Resilience against Adversarial Attacks. (12%) Zahir Alsulaimawi http://arxiv.org/abs/2403.10499 Benchmarking Zero-Shot Robustness of Multimodal Foundation Models: A Pilot Study. (11%) Chenguang Wang; Ruoxi Jia; Xin Liu; Dawn Song http://arxiv.org/abs/2403.10663 Not Just Change the Labels, Learn the Features: Watermarking Deep Neural Networks with Multi-View Data. (4%) Yuxuan Li; Sarthak Kumar Maharana; Yunhui Guo http://arxiv.org/abs/2403.10717 Backdoor Secrets Unveiled: Identifying Backdoor Data with Optimized Scaled Prediction Consistency. (3%) Soumyadeep Pal; Yuguang Yao; Ren Wang; Bingquan Shen; Sijia Liu http://arxiv.org/abs/2403.10698 Robust Influence-based Training Methods for Noisy Brain MRI. (1%) Minh-Hao Van; Alycia N. Carey; Xintao Wu http://arxiv.org/abs/2403.09766 An Image Is Worth 1000 Lies: Adversarial Transferability across Prompts on Vision-Language Models. (99%) Haochen Luo; Jindong Gu; Fengyuan Liu; Philip Torr http://arxiv.org/abs/2403.10562 Counter-Samples: A Stateless Strategy to Neutralize Black Box Adversarial Attacks. (99%) Roey Bokobza; Yisroel Mirsky http://arxiv.org/abs/2403.09441 Adversarial Fine-tuning of Compressed Neural Networks for Joint Improvement of Robustness and Efficiency. (98%) Hallgrimur Thorsteinsson; Valdemar J Henriksen; Tong Chen; Raghavendra Selvan http://arxiv.org/abs/2403.09101 Soften to Defend: Towards Adversarial Robustness via Self-Guided Label Refinement. (83%) Daiwei Yu; Zhuorong Li; Lina Wei; Canghong Jin; Yun Zhang; Sixian Chan http://arxiv.org/abs/2403.09901 Robust Subgraph Learning by Monitoring Early Training Representations. (80%) Sepideh Neshatfar; Salimeh Yasaei Sekeh http://arxiv.org/abs/2403.09351 LDPRecover: Recovering Frequencies from Poisoning Attacks against Local Differential Privacy. (76%) Xinyue Sun; Qingqing Ye; Haibo Hu; Jiawei Duan; Tianyu Wo; Jie Xu; Renyu Yang http://arxiv.org/abs/2403.09513 AdaShield: Safeguarding Multimodal Large Language Models from Structure-based Attack via Adaptive Shield Prompting. (74%) Yu Wang; Xiaogeng Liu; Yu Li; Muhao Chen; Chaowei Xiao http://arxiv.org/abs/2403.09863 Towards White Box Deep Learning. (15%) Maciej Satkiewicz http://arxiv.org/abs/2403.10570 Symbiotic Game and Foundation Models for Cyber Deception Operations in Strategic Cyber Warfare. (13%) Tao Li; Quanyan Zhu http://arxiv.org/abs/2403.09562 PreCurious: How Innocent Pre-Trained Language Models Turn into Privacy Traps. (8%) Ruixuan Liu; Tianhao Wang; Yang Cao; Li Xiong http://arxiv.org/abs/2403.09346 AVIBench: Towards Evaluating the Robustness of Large Vision-Language Model on Adversarial Visual-Instructions. (2%) Hao Zhang; Wenqi Shao; Hong Liu; Yongqiang Ma; Ping Luo; Yu Qiao; Kaipeng Zhang http://arxiv.org/abs/2403.10573 Medical Unlearnable Examples: Securing Medical Data from Unauthorized Traning via Sparsity-Aware Local Masking. (1%) Weixiang Sun; Yixin Liu; Zhiling Yan; Kaidi Xu; Lichao Sun http://arxiv.org/abs/2403.08294 Attack Deterministic Conditional Image Generative Models for Diverse and Controllable Generation. (92%) Tianyi Chu; Wei Xing; Jiafu Chen; Zhizhong Wang; Jiakai Sun; Lei Zhao; Haibo Chen; Huaizhong Lin http://arxiv.org/abs/2403.08333 Fast Inference of Removal-Based Node Influence. (54%) Weikai Li; Zhiping Xiao; Xiao Luo; Yizhou Sun http://arxiv.org/abs/2403.08424 Tastle: Distract Large Language Models for Automatic Jailbreak Attack. (31%) Zeguan Xiao; Yan Yang; Guanhua Chen; Yun Chen http://arxiv.org/abs/2403.10558 Adaptive Hybrid Masking Strategy for Privacy-Preserving Face Recognition Against Model Inversion Attack. (8%) Yinggui Wang; Yuanqing Huang; Jianshu Li; Le Yang; Kai Song; Lei Wang http://arxiv.org/abs/2403.08383 RAF-GI: Towards Robust, Accurate and Fast-Convergent Gradient Inversion Attack in Federated Learning. (2%) Can Liu; Jin Wang; Dongyang Yu http://arxiv.org/abs/2403.08618 Verifix: Post-Training Correction to Improve Label Noise Robustness with Verified Samples. (1%) Sangamesh Kodge; Deepak Ravikumar; Gobinda Saha; Kaushik Roy http://arxiv.org/abs/2403.08170 Versatile Defense Against Adversarial Attacks on Image Recognition. (99%) Haibo Zhang; Zhihua Yao; Kouichi Sakurai http://arxiv.org/abs/2403.07673 Towards Model Extraction Attacks in GAN-Based Image Translation via Domain Shift Mitigation. (61%) Di Mi; Yanjun Zhang; Leo Yu Zhang; Shengshan Hu; Qi Zhong; Haizhuan Yuan; Shirui Pan http://arxiv.org/abs/2403.07463 Backdoor Attack with Mode Mixture Latent Modification. (8%) Hongwei Zhang; Xiaoyin Xu; Dongsheng An; Xianfeng Gu; Min Zhang http://arxiv.org/abs/2403.13000 Duwak: Dual Watermarks in Large Language Models. (2%) Chaoyi Zhu; Jeroen Galjaard; Pin-Yu Chen; Lydia Y. Chen http://arxiv.org/abs/2403.14678 Towards a Framework for Deep Learning Certification in Safety-Critical Applications Using Inherently Safe Design and Run-Time Error Detection. (2%) Romeo Valentin http://arxiv.org/abs/2403.07588 Visual Privacy Auditing with Diffusion Models. (1%) Kristian Schwethelm; Johannes Kaiser; Moritz Knolle; Daniel Rueckert; Georgios Kaissis; Alexander Ziller http://arxiv.org/abs/2403.06428 Intra-Section Code Cave Injection for Adversarial Evasion Attacks on Windows PE Malware File. (99%) Kshitiz Aryal; Maanak Gupta; Mahmoud Abdelsalam; Moustafa Saleh http://arxiv.org/abs/2403.06661 epsilon-Mesh Attack: A Surface-based Adversarial Point Cloud Attack for Facial Expression Recognition. (99%) Batuhan Cengiz; Mert Gulsen; Yusuf H. Sahin; Gozde Unal http://arxiv.org/abs/2403.06668 PeerAiD: Improving Adversarial Distillation from a Specialized Peer Tutor. (98%) Jaewon Jung; Hongsun Jang; Jaeyong Song; Jinho Lee http://arxiv.org/abs/2403.06798 Dynamic Perturbation-Adaptive Adversarial Training on Medical Image Classification. (97%) Shuai Li; Xiaoguang Ma; Shancheng Jiang; Lu Meng http://arxiv.org/abs/2403.07261 Disentangling Policy from Offline Task Representation Learning via Adversarial Data Augmentation. (96%) Chengxing Jia; Fuxiang Zhang; Yi-Chen Li; Chen-Xiao Gao; Xu-Hui Liu; Lei Yuan; Zongzhang Zhang; Yang Yu http://arxiv.org/abs/2403.06698 PCLD: Point Cloud Layerwise Diffusion for Adversarial Purification. (86%) Mert Gulsen; Batuhan Cengiz; Yusuf H. Sahin; Gozde Unal http://arxiv.org/abs/2403.07095 Overcoming the Paradox of Certified Training with Gaussian Smoothing. (81%) Stefan Balauca; Mark Niklas Müller; Yuhao Mao; Maximilian Baader; Marc Fischer; Martin Vechev http://arxiv.org/abs/2403.06610 Real is not True: Backdoor Attacks Against Deepfake Detection. (78%) Hong Sun; Ziqiang Li; Lei Liu; Bin Li http://arxiv.org/abs/2403.07078 Improving deep learning with prior knowledge and cognitive models: A survey on enhancing explainability, adversarial robustness and zero-shot learning. (61%) Fuseinin Mumuni; Alhassan Mumuni http://arxiv.org/abs/2403.06634 Stealing Part of a Production Language Model. (33%) Nicholas Carlini; Daniel Paleka; Krishnamurthy Dj Dvijotham; Thomas Steinke; Jonathan Hayase; A. Feder Cooper; Katherine Lee; Matthew Jagielski; Milad Nasr; Arthur Conmy; Eric Wallace; David Rolnick; Florian Tramèr http://arxiv.org/abs/2403.06430 AS-FIBA: Adaptive Selective Frequency-Injection for Backdoor Attack on Deep Face Restoration. (9%) Zhenbo Song; Wenhao Gao; Kaihao Zhang; Wenhan Luo; Zhaoxin Fan; Jianfeng Lu http://arxiv.org/abs/2404.00011 A novel interface for adversarial trivia question-writing. (3%) Jason Liu http://arxiv.org/abs/2403.06462 Towards the Uncharted: Density-Descending Feature Perturbation for Semi-supervised Semantic Segmentation. (2%) Xiaoyang Wang; Huihui Bai; Limin Yu; Yao Zhao; Jimin Xiao http://arxiv.org/abs/2403.06869 Learning with Noisy Foundation Models. (1%) Hao Chen; Jindong Wang; Zihan Wang; Ran Tao; Hongxin Wei; Xing Xie; Masashi Sugiyama; Bhiksha Raj http://arxiv.org/abs/2403.06581 DNNShield: Embedding Identifiers for Deep Neural Network Ownership Verification. (1%) Jasper Stang; Torsten Krauß; Alexandra Dmitrienko http://arxiv.org/abs/2403.06388 A Zero Trust Framework for Realization and Defense Against Generative AI Attacks in Power Grid. (22%) Md. Shirajum Munir; Sravanthi Proddatoori; Manjushree Muralidhara; Walid Saad; Zhu Han; Sachin Shetty http://arxiv.org/abs/2403.06014 Hard-label based Small Query Black-box Adversarial Attack. (99%) Jeonghwan Park; Paul Miller; Niall McLaughlin http://arxiv.org/abs/2403.05847 MirrorAttack: Backdoor Attack on 3D Point Cloud with a Distorting Mirror. (81%) Yuhao Bian; Shengjing Tian; Xiuping Liu http://arxiv.org/abs/2403.05955 IOI: Invisible One-Iteration Adversarial Attack on No-Reference Image- and Video-Quality Metrics. (78%) Ekaterina Shumitskaya; Anastasia Antsiferova; Dmitriy Vatolin http://arxiv.org/abs/2403.07942 Attacking Transformers with Feature Diversity Adversarial Perturbation. (70%) Chenxing Gao; Hang Zhou; Junqing Yu; YuTeng Ye; Jiale Cai; Junle Wang; Wei Yang http://arxiv.org/abs/2403.05247 Hide in Thicket: Generating Imperceptible and Rational Adversarial Perturbations on 3D Point Clouds. (99%) Tianrui Lou; Xiaojun Jia; Jindong Gu; Li Liu; Siyuan Liang; Bangyan He; Xiaochun Cao http://arxiv.org/abs/2403.05100 Exploring the Adversarial Frontier: Quantifying Robustness via Adversarial Hypervolume. (98%) Ping Guo; Cheng Gong; Xi Lin; Zhiyuan Yang; Qingfu Zhang http://arxiv.org/abs/2403.05666 Prepared for the Worst: A Learning-Based Adversarial Attack for Resilience Analysis of the ICP Algorithm. (93%) Ziyu Zhang; Johann Laconte; Daniil Lisus; Timothy D. Barfoot http://arxiv.org/abs/2403.05181 Adversarial Sparse Teacher: Defense Against Distillation-Based Model Stealing Attacks Using Adversarial Examples. (92%) Eda Yilmaz; Hacer Yalim Keles http://arxiv.org/abs/2403.05422 EVD4UAV: An Altitude-Sensitive Benchmark to Evade Vehicle Detection in UAV. (81%) Huiming Sun; Jiacheng Guo; Zibo Meng; Tianyun Zhang; Jianwu Fang; Yuewei Lin; Hongkai Yu http://arxiv.org/abs/2403.05530 Gemini 1.5: Unlocking multimodal understanding across millions of tokens of context. (73%) Machel Reid; Nikolay Savinov; Denis Teplyashin; Dmitry Lepikhin; Timothy Lillicrap; Jean-baptiste Alayrac; Radu Soricut; Angeliki Lazaridou; Orhan Firat; Julian Schrittwieser; Ioannis Antonoglou; Rohan Anil; Sebastian Borgeaud; Andrew Dai; Katie Millican; Ethan Dyer; Mia Glaese; Thibault Sottiaux; Benjamin Lee; Fabio Viola; Malcolm Reynolds; Yuanzhong Xu; James Molloy; Jilin Chen; Michael Isard; Paul Barham; Tom Hennigan; Ross McIlroy; Melvin Johnson; Johan Schalkwyk; Eli Collins; Eliza Rutherford; Erica Moreira; Kareem Ayoub; Megha Goel; Clemens Meyer; Gregory Thornton; Zhen Yang; Henryk Michalewski; Zaheer Abbas; Nathan Schucher; Ankesh Anand; Richard Ives; James Keeling; Karel Lenc; Salem Haykal; Siamak Shakeri; Pranav Shyam; Aakanksha Chowdhery; Roman Ring; Stephen Spencer; Eren Sezener; Luke Vilnis; Oscar Chang; Nobuyuki Morioka; George Tucker; Ce Zheng; Oliver Woodman; Nithya Attaluri; Tomas Kocisky; Evgenii Eltyshev; Xi Chen; Timothy Chung; Vittorio Selo; Siddhartha Brahma; Petko Georgiev; Ambrose Slone; Zhenkai Zhu; James Lottes; Siyuan Qiao; Ben Caine; Sebastian Riedel; Alex Tomala; Martin Chadwick; Juliette Love; Peter Choy; Sid Mittal; Neil Houlsby; Yunhao Tang; Matthew Lamm; Libin Bai; Qiao Zhang; Luheng He; Yong Cheng; Peter Humphreys; Yujia Li; Sergey Brin; Albin Cassirer; Yingjie Miao; Lukas Zilka; Taylor Tobin; Kelvin Xu; Lev Proleev; Daniel Sohn; Alberto Magni; Lisa Anne Hendricks; Isabel Gao; Santiago Ontañón; Oskar Bunyan; Nathan Byrd; Abhanshu Sharma; Biao Zhang; Mario Pinto; Rishika Sinha; Harsh Mehta; Dawei Jia; Sergi Caelles; Albert Webson; Alex Morris; Becca Roelofs; Yifan Ding; Robin Strudel; Xuehan Xiong; Marvin Ritter; Mostafa Dehghani; Rahma Chaabouni; Abhijit Karmarkar; Guangda Lai; Fabian Mentzer; Bibo Xu; YaGuang Li; Yujing Zhang; Tom Le Paine; Alex Goldin; Behnam Neyshabur; Kate Baumli; Anselm Levskaya; Michael Laskin; Wenhao Jia; Jack W. Rae; Kefan Xiao; Antoine He; Skye Giordano; Lakshman Yagati; Jean-Baptiste Lespiau; Paul Natsev; Sanjay Ganapathy; Fangyu Liu; Danilo Martins; Nanxin Chen; Yunhan Xu; Megan Barnes; Rhys May; Arpi Vezer; Junhyuk Oh; Ken Franko; Sophie Bridgers; Ruizhe Zhao; Boxi Wu; Basil Mustafa; Sean Sechrist; Emilio Parisotto; Thanumalayan Sankaranarayana Pillai; Chris Larkin; Chenjie Gu; Christina Sorokin; Maxim Krikun; Alexey Guseynov; Jessica Landon; Romina Datta; Alexander Pritzel; Phoebe Thacker; Fan Yang; Kevin Hui; Anja Hauth; Chih-Kuan Yeh; David Barker; Justin Mao-Jones; Sophia Austin; Hannah Sheahan; Parker Schuh; James Svensson; Rohan Jain; Vinay Ramasesh; Anton Briukhov; Da-Woon Chung; Glehn Tamara von; Christina Butterfield; Priya Jhakra; Matthew Wiethoff; Justin Frye; Jordan Grimstad; Beer Changpinyo; Charline Le Lan; Anna Bortsova; Yonghui Wu; Paul Voigtlaender; Tara Sainath; Charlotte Smith; Will Hawkins; Kris Cao; James Besley; Srivatsan Srinivasan; Mark Omernick; Colin Gaffney; Gabriela Surita; Ryan Burnell; Bogdan Damoc; Junwhan Ahn; Andrew Brock; Mantas Pajarskas; Anastasia Petrushkina; Seb Noury; Lorenzo Blanco; Kevin Swersky; Arun Ahuja; Thi Avrahami; Vedant Misra; Liedekerke Raoul de; Mariko Iinuma; Alex Polozov; Sarah York; George van den Driessche; Paul Michel; Justin Chiu; Rory Blevins; Zach Gleicher; Adrià Recasens; Alban Rrustemi; Elena Gribovskaya; Aurko Roy; Wiktor Gworek; Séb Arnold; Lisa Lee; James Lee-Thorp; Marcello Maggioni; Enrique Piqueras; Kartikeya Badola; Sharad Vikram; Lucas Gonzalez; Anirudh Baddepudi; Evan Senter; Jacob Devlin; James Qin; Michael Azzam; Maja Trebacz; Martin Polacek; Kashyap Krishnakumar; Shuo-yiin Chang; Matthew Tung; Ivo Penchev; Rishabh Joshi; Kate Olszewska; Carrie Muir; Mateo Wirth; Ale Jakse Hartman; Josh Newlan; Sheleem Kashem; Vijay Bolina; Elahe Dabir; Amersfoort Joost van; Zafarali Ahmed; James Cobon-Kerr; Aishwarya Kamath; Arnar Mar Hrafnkelsson; Le Hou; Ian Mackinnon; Alexandre Frechette; Eric Noland; Xiance Si; Emanuel Taropa; Dong Li; Phil Crone; Anmol Gulati; Sébastien Cevey; Jonas Adler; Ada Ma; David Silver; Simon Tokumine; Richard Powell; Stephan Lee; Michael Chang; Samer Hassan; Diana Mincu; Antoine Yang; Nir Levine; Jenny Brennan; Mingqiu Wang; Sarah Hodkinson; Jeffrey Zhao; Josh Lipschultz; Aedan Pope; Michael B. Chang; Cheng Li; Laurent El Shafey; Michela Paganini; Sholto Douglas; Bernd Bohnet; Fabio Pardo; Seth Odoom; Mihaela Rosca; Cicero Nogueira dos Santos; Kedar Soparkar; Arthur Guez; Tom Hudson; Steven Hansen; Chulayuth Asawaroengchai; Ravi Addanki; Tianhe Yu; Wojciech Stokowiec; Mina Khan; Justin Gilmer; Jaehoon Lee; Carrie Grimes Bostock; Keran Rong; Jonathan Caton; Pedram Pejman; Filip Pavetic; Geoff Brown; Vivek Sharma; Mario Lučić; Rajkumar Samuel; Josip Djolonga; Amol Mandhane; Lars Lowe Sjösund; Elena Buchatskaya; Elspeth White; Natalie Clay; Jiepu Jiang; Hyeontaek Lim; Ross Hemsley; Jane Labanowski; Cao Nicola De; David Steiner; Sayed Hadi Hashemi; Jacob Austin; Anita Gergely; Tim Blyth; Joe Stanton; Kaushik Shivakumar; Aditya Siddhant; Anders Andreassen; Carlos Araya; Nikhil Sethi; Rakesh Shivanna; Steven Hand; Ankur Bapna; Ali Khodaei; Antoine Miech; Garrett Tanzer; Andy Swing; Shantanu Thakoor; Zhufeng Pan; Zachary Nado; Stephanie Winkler; Dian Yu; Mohammad Saleh; Loren Maggiore; Iain Barr; Minh Giang; Thais Kagohara; Ivo Danihelka; Amit Marathe; Vladimir Feinberg; Mohamed Elhawaty; Nimesh Ghelani; Dan Horgan; Helen Miller; Lexi Walker; Richard Tanburn; Mukarram Tariq; Disha Shrivastava; Fei Xia; Chung-Cheng Chiu; Zoe Ashwood; Khuslen Baatarsukh; Sina Samangooei; Fred Alcober; Axel Stjerngren; Paul Komarek; Katerina Tsihlas; Anudhyan Boral; Ramona Comanescu; Jeremy Chen; Ruibo Liu; Dawn Bloxwich; Charlie Chen; Yanhua Sun; Fangxiaoyu Feng; Matthew Mauger; Xerxes Dotiwalla; Vincent Hellendoorn; Michael Sharman; Ivy Zheng; Krishna Haridasan; Gabe Barth-Maron; Craig Swanson; Dominika Rogozińska; Alek Andreev; Paul Kishan Rubenstein; Ruoxin Sang; Dan Hurt; Gamaleldin Elsayed; Renshen Wang; Dave Lacey; Anastasija Ilić; Yao Zhao; Lora Aroyo; Chimezie Iwuanyanwu; Vitaly Nikolaev; Balaji Lakshminarayanan; Sadegh Jazayeri; Raphaël Lopez Kaufman; Mani Varadarajan; Chetan Tekur; Doug Fritz; Misha Khalman; David Reitter; Kingshuk Dasgupta; Shourya Sarcar; Tina Ornduff; Javier Snaider; Fantine Huot; Johnson Jia; Rupert Kemp; Nejc Trdin; Anitha Vijayakumar; Lucy Kim; Christof Angermueller; Li Lao; Tianqi Liu; Haibin Zhang; David Engel; Somer Greene; Anaïs White; Jessica Austin; Lilly Taylor; Shereen Ashraf; Dangyi Liu; Maria Georgaki; Irene Cai; Yana Kulizhskaya; Sonam Goenka; Brennan Saeta; Kiran Vodrahalli; Christian Frank; Cesare Dario de; Brona Robenek; Harry Richardson; Mahmoud Alnahlawi; Christopher Yew; Priya Ponnapalli; Marco Tagliasacchi; Alex Korchemniy; Yelin Kim; Dinghua Li; Bill Rosgen; Zoe Ashwood; Kyle Levin; Jeremy Wiesner; Praseem Banzal; Praveen Srinivasan; Hongkun Yu; Çağlar Ünlü; David Reid; Zora Tung; Daniel Finchelstein; Ravin Kumar; Andre Elisseeff; Jin Huang; Ming Zhang; Rui Zhu; Ricardo Aguilar; Mai Giménez; Jiawei Xia; Olivier Dousse; Willi Gierke; Soheil Hassas Yeganeh; Damion Yates; Komal Jalan; Lu Li; Eri Latorre-Chimoto; Duc Dung Nguyen; Ken Durden; Praveen Kallakuri; Yaxin Liu; Matthew Johnson; Tomy Tsai; Alice Talbert; Jasmine Liu; Alexander Neitz; Chen Elkind; Marco Selvi; Mimi Jasarevic; Livio Baldini Soares; Albert Cui; Pidong Wang; Alek Wenjiao Wang; Xinyu Ye; Krystal Kallarackal; Lucia Loher; Hoi Lam; Josef Broder; Dan Holtmann-Rice; Nina Martin; Bramandia Ramadhana; Daniel Toyama; Mrinal Shukla; Sujoy Basu; Abhi Mohan; Nick Fernando; Noah Fiedel; Kim Paterson; Hui Li; Ankush Garg; Jane Park; DongHyun Choi; Diane Wu; Sankalp Singh; Zhishuai Zhang; Amir Globerson; Lily Yu; John Carpenter; Félix de Chaumont Quitry; Carey Radebaugh; Chu-Cheng Lin; Alex Tudor; Prakash Shroff; Drew Garmon; Dayou Du; Neera Vats; Han Lu; Shariq Iqbal; Alex Yakubovich; Nilesh Tripuraneni; James Manyika; Haroon Qureshi; Nan Hua; Christel Ngani; Maria Abi Raad; Hannah Forbes; Anna Bulanova; Jeff Stanway; Mukund Sundararajan; Victor Ungureanu; Colton Bishop; Yunjie Li; Balaji Venkatraman; Bo Li; Chloe Thornton; Salvatore Scellato; Nishesh Gupta; Yicheng Wang; Ian Tenney; Xihui Wu; Ashish Shenoy; Gabriel Carvajal; Diana Gage Wright; Ben Bariach; Zhuyun Xiao; Peter Hawkins; Sid Dalmia; Clement Farabet; Pedro Valenzuela; Quan Yuan; Chris Welty; Ananth Agarwal; Mia Chen; Wooyeol Kim; Brice Hulse; Nandita Dukkipati; Adam Paszke; Andrew Bolt; Elnaz Davoodi; Kiam Choo; Jennifer Beattie; Jennifer Prendki; Harsha Vashisht; Rebeca Santamaria-Fernandez; Luis C. Cobo; Jarek Wilkiewicz; David Madras; Ali Elqursh; Grant Uy; Kevin Ramirez; Matt Harvey; Tyler Liechty; Heiga Zen; Jeff Seibert; Clara Huiyi Hu; Mohamed Elhawaty; Andrey Khorlin; Maigo Le; Asaf Aharoni; Megan Li; Lily Wang; Sandeep Kumar; Alejandro Lince; Norman Casagrande; Jay Hoover; Dalia El Badawy; David Soergel; Denis Vnukov; Matt Miecnikowski; Jiri Simsa; Anna Koop; Praveen Kumar; Thibault Sellam; Daniel Vlasic; Samira Daruki; Nir Shabat; John Zhang; Guolong Su; Jiageng Zhang; Jeremiah Liu; Yi Sun; Evan Palmer; Alireza Ghaffarkhah; Xi Xiong; Victor Cotruta; Michael Fink; Lucas Dixon; Ashwin Sreevatsa; Adrian Goedeckemeyer; Alek Dimitriev; Mohsen Jafari; Remi Crocker; Nicholas FitzGerald; Aviral Kumar; Sanjay Ghemawat; Ivan Philips; Frederick Liu; Yannie Liang; Rachel Sterneck; Alena Repina; Marcus Wu; Laura Knight; Marin Georgiev; Hyo Lee; Harry Askham; Abhishek Chakladar; Annie Louis; Carl Crous; Hardie Cate; Dessie Petrova; Michael Quinn; Denese Owusu-Afriyie; Achintya Singhal; Nan Wei; Solomon Kim; Damien Vincent; Milad Nasr; Christopher A. Choquette-Choo; Reiko Tojo; Shawn Lu; Diego de Las Casas; Yuchung Cheng; Tolga Bolukbasi; Katherine Lee; Saaber Fatehi; Rajagopal Ananthanarayanan; Miteyan Patel; Charbel Kaed; Jing Li; Jakub Sygnowski; Shreyas Rammohan Belle; Zhe Chen; Jaclyn Konzelmann; Siim Põder; Roopal Garg; Vinod Koverkathu; Adam Brown; Chris Dyer; Rosanne Liu; Azade Nova; Jun Xu; Slav Petrov; Demis Hassabis; Koray Kavukcuoglu; Jeffrey Dean; Oriol Vinyals http://arxiv.org/abs/2403.05365 The Impact of Quantization on the Robustness of Transformer-based Text Classifiers. (45%) Seyed Parsa Neshaei; Yasaman Boreshban; Gholamreza Ghassem-Sani; Seyed Abolghasem Mirroshandel http://arxiv.org/abs/2404.16851 EdgeLeakage: Membership Information Leakage in Distributed Edge Intelligence Systems. (38%) Kongyang Chen; Yi Lin; Hui Luo; Bing Mi; Yatie Xiao; Chao Ma; Jorge Sá Silva http://arxiv.org/abs/2403.05030 Defending Against Unforeseen Failure Modes with Latent Adversarial Training. (83%) Stephen Casper; Lennart Schulze; Oam Patel; Dylan Hadfield-Menell http://arxiv.org/abs/2403.04954 Fooling Neural Networks for Motion Forecasting via Adversarial Attacks. (33%) Edgar Medina; Leyong Loh http://arxiv.org/abs/2403.04957 Automatic and Universal Prompt Injection Attacks against Large Language Models. (31%) Xiaogeng Liu; Zhiyuan Yu; Yizhe Zhang; Ning Zhang; Chaowei Xiao http://arxiv.org/abs/2403.04701 ObjectCompose: Evaluating Resilience of Vision-Based Models on Object-to-Background Compositional Changes. (31%) Hashmat Shadab Malik; Muhammad Huzaifa; Muzammal Naseer; Salman Khan; Fahad Shahbaz Khan http://arxiv.org/abs/2403.04837 Cell reprogramming design by transfer learning of functional transcriptional networks. (1%) Thomas P. Wytock; Adilson E. Motter http://arxiv.org/abs/2403.04257 Towards Robustness Analysis of E-Commerce Ranking System. (1%) Ningfei Wang; Yupin Huang; Han Cheng; Jiri Gesi; Xiaojie Wang; Vivek Mittal http://arxiv.org/abs/2403.03674 Adversarial Infrared Geometry: Using Geometry to Perform Adversarial Attack against Infrared Pedestrian Detectors. (99%) Kalibinuer Tiliwalidi http://arxiv.org/abs/2403.04070 Improving Adversarial Training using Vulnerability-Aware Perturbation Budget. (99%) Olukorede Fakorede; Modeste Atsague; Jin Tian http://arxiv.org/abs/2403.03967 Effect of Ambient-Intrinsic Dimension Gap on Adversarial Vulnerability. (92%) Rajdeep Haldar; Yue Xing; Qifan Song http://arxiv.org/abs/2403.04050 Belief-Enriched Pessimistic Q-Learning against Adversarial State Perturbations. (16%) Xiaolin Sun; Zizhan Zheng http://arxiv.org/abs/2403.03846 On the Effectiveness of Distillation in Mitigating Backdoors in Pre-trained Encoder. (2%) Tingxu Han; Shenghan Huang; Ziqi Ding; Weisong Sun; Yebo Feng; Chunrong Fang; Jun Li; Hanwei Qian; Cong Wu; Quanjun Zhang; Yang Liu; Zhenyu Chen http://arxiv.org/abs/2403.03773 Verified Training for Counterfactual Explanation Robustness under Data Shift. (2%) Anna P. Meyer; Yuhao Zhang; Aws Albarghouthi; Loris D'Antoni http://arxiv.org/abs/2403.02803 Towards Robust Federated Learning via Logits Calibration on Non-IID Data. (99%) Yu Qiao; Apurba Adhikary; Chaoning Zhang; Choong Seon Hong http://arxiv.org/abs/2403.02995 Mitigating Label Flipping Attacks in Malicious URL Detectors Using Ensemble Trees. (96%) Ehsan Nowroozi; Nada Jadalla; Samaneh Ghelichkhani; Alireza Jolfaei http://arxiv.org/abs/2403.02723 Minimum Topology Attacks for Graph Neural Networks. (83%) Mengmei Zhang; Xiao Wang; Chuan Shi; Lingjuan Lyu; Tianchi Yang; Junping Du http://arxiv.org/abs/2403.02983 Federated Learning Under Attack: Exposing Vulnerabilities through Data Poisoning Attacks in Computer Networks. (82%) Ehsan Nowroozi; Imran Haider; Rahim Taheri; Mauro Conti http://arxiv.org/abs/2403.02950 A general approach to enhance the survivability of backdoor attacks by decision path coupling. (68%) Yufei Zhao; Dingji Wang; Bihuan Chen; Ziqian Chen; Xin Peng http://arxiv.org/abs/2403.03149 Robust Federated Learning Mitigates Client-side Training Data Distribution Inference Attacks. (61%) Yichang Xu; Ming Yin; Minghong Fang; Neil Zhenqiang Gong http://arxiv.org/abs/2403.02692 Uplift Modeling for Target User Attacks on Recommender Systems. (12%) Wenjie Wang; Changsheng Wang; Fuli Feng; Wentao Shi; Daizong Ding; Tat-Seng Chua http://arxiv.org/abs/2403.02846 FLGuard: Byzantine-Robust Federated Learning via Ensemble of Contrastive Models. (11%) Younghan Lee; Yungi Cho; Woorim Han; Ho Bae; Yunheung Paek http://arxiv.org/abs/2403.02691 InjecAgent: Benchmarking Indirect Prompt Injections in Tool-Integrated Large Language Model Agents. (11%) Qiusi Zhan; Zhixiang Liang; Zifan Ying; Daniel Kang http://arxiv.org/abs/2403.02955 XAI-Based Detection of Adversarial Attacks on Deepfake Detectors. (8%) Ben Pinhasov; Raz Lapid; Rony Ohayon; Moshe Sipper; Yehudit Aperstein http://arxiv.org/abs/2403.01896 Robustness Bounds on the Successful Adversarial Examples: Theory and Practice. (99%) Hiroaki Maeshima; Akira Otsuka http://arxiv.org/abs/2403.01849 One Prompt Word is Enough to Boost Adversarial Robustness for Pre-trained Vision-Language Models. (99%) Lin Li; Haoyan Guan; Jianing Qiu; Michael Spratling http://arxiv.org/abs/2403.12988 Improving the Robustness of Object Detection and Classification AI models against Adversarial Patch Attacks. (99%) Roie Kazoom; Raz Birman; Ofer Hadar http://arxiv.org/abs/2403.02329 COMMIT: Certifying Robustness of Multi-Sensor Fusion Systems against Semantic Attacks. (96%) Zijian Huang; Wenda Chu; Linyi Li; Chejian Xu; Bo Li http://arxiv.org/abs/2403.02116 Inf2Guard: An Information-Theoretic Framework for Learning Privacy-Preserving Representations against Inference Attacks. (26%) Sayedeh Leila Noorbakhsh; Binghui Zhang; Yuan Hong; Binghui Wang http://arxiv.org/abs/2403.02637 BSDP: Brain-inspired Streaming Dual-level Perturbations for Online Open World Object Detection. (16%) Yu Chen; Liyan Ma; Liping Jing; Jian Yu http://arxiv.org/abs/2403.02172 Mirage: Defense against CrossPath Attacks in Software Defined Networks. (3%) Shariq Murtuza; Krishna Asawa http://arxiv.org/abs/2403.01446 GuardT2I: Defending Text-to-Image Models from Adversarial Prompts. (9%) Yijun Yang; Ruiyuan Gao; Xiao Yang; Jianyuan Zhong; Qiang Xu http://arxiv.org/abs/2403.01210 SAR-AE-SFP: SAR Imagery Adversarial Example in Real Physics domain with Target Scattering Feature Parameters. (99%) Jiahao Cui; Jiale Duan; Binyan Luo; Hang Cao; Wang Guo; Haifeng Li http://arxiv.org/abs/2403.01218 Inexact Unlearning Needs More Careful Evaluations to Avoid a False Sense of Privacy. (68%) Jamie Hayes; Ilia Shumailov; Eleni Triantafillou; Amr Khalifa; Nicolas Papernot http://arxiv.org/abs/2403.04786 Breaking Down the Defenses: A Comparative Survey of Attacks on Large Language Models. (56%) Arijit Ghosh Chowdhury; Md Mofijul Islam; Vaibhav Kumar; Faysal Hossain Shezan; Vaibhav Kumar; Vinija Jain; Aman Chadha http://arxiv.org/abs/2403.01118 Adversarial Testing for Visual Grounding via Image-Aware Property Reduction. (11%) Zhiyuan Chang; Mingyang Li; Junjie Wang; Cheng Li; Boyu Wu; Fanjiang Xu; Qing Wang http://arxiv.org/abs/2403.01155 Query Recovery from Easy to Hard: Jigsaw Attack against SSE. (2%) Hao Nie; Wei Wang; Peng Xu; Xianglong Zhang; Laurence T. Yang; Kaitai Liang http://arxiv.org/abs/2403.00420 Robust Deep Reinforcement Learning Through Adversarial Attacks and Training : A Survey. (91%) Lucas Schott; Josephine Delas; Hatem Hajri; Elies Gherbi; Reda Yaich; Nora Boulahia-Cuppens; Frederic Cuppens; Sylvain Lamprier http://arxiv.org/abs/2403.00942 Resilience of Entropy Model in Distributed Neural Networks. (67%) Milin Zhang; Mohammad Abdi; Shahriar Rifat; Francesco Restuccia http://arxiv.org/abs/2403.00464 Attacking Delay-based PUFs with Minimal Adversary Model. (45%) Hongming Fei; Owen Millwood; Prosanta Gope; Jack Miskelly; Biplab Sikdar http://arxiv.org/abs/2402.19355 Unraveling Adversarial Examples against Speaker Identification -- Techniques for Attack Detection and Victim Model Classification. (99%) Sonal Joshi; Thomas Thebaud; Jesús Villalba; Najim Dehak http://arxiv.org/abs/2402.19027 How to Train your Antivirus: RL-based Hardening through the Problem-Space. (99%) Jacopo Cortellazzi; Ilias Tsingenopoulos; Branislav Bošanský; Simone Aonzo; Davy Preuveneers; Wouter Joosen; Fabio Pierazzi; Lorenzo Cavallaro http://arxiv.org/abs/2403.00103 On Robustness and Generalization of ML-Based Congestion Predictors to Valid and Imperceptible Perturbations. (88%) Chester Holtz; Yucheng Wang; Chung-Kuan Cheng; Bill Lin http://arxiv.org/abs/2402.19076 Pointing out the Shortcomings of Relation Extraction Models with Semantically Motivated Adversarials. (76%) Gennaro Nolano; Moritz Blum; Basil Ell; Philipp Cimiano http://arxiv.org/abs/2402.19401 Assessing Visually-Continuous Corruption Robustness of Neural Networks Relative to Human Performance. (38%) Huakun Shen; Boyue Caroline Hu; Krzysztof Czarnecki; Lina Marsso; Marsha Chechik http://arxiv.org/abs/2402.19322 Verification of Neural Networks' Global Robustness. (38%) Anan Kabaha; Dana Drachsler-Cohen http://arxiv.org/abs/2402.19334 Here's a Free Lunch: Sanitizing Backdoored Models with Model Merge. (2%) Ansh Arora; Xuanli He; Maximilian Mozes; Srinibas Swain; Mark Dras; Qiongkai Xu http://arxiv.org/abs/2403.00867 Gradient Cuff: Detecting Jailbreak Attacks on Large Language Models by Exploring Refusal Loss Landscapes. (1%) Xiaomeng Hu; Pin-Yu Chen; Tsung-Yi Ho http://arxiv.org/abs/2402.18787 Enhancing the "Immunity" of Mixture-of-Experts Networks for Adversarial Defense. (99%) Qiao Han; yong huang; xinling Guo; Yiteng Zhai; Yu Qin; Yao Yang http://arxiv.org/abs/2402.18792 MPAT: Building Robust Deep Neural Networks against Textual Adversarial Attacks. (99%) Fangyuan Zhang; Huichi Zhou; Shuangjiao Li; Hongtao Wang http://arxiv.org/abs/2402.18211 Catastrophic Overfitting: A Potential Blessing in Disguise. (98%) Mengnan Zhao; Lihe Zhang; Yuqiu Kong; Baocai Yin http://arxiv.org/abs/2402.18329 Living-off-The-Land Reverse-Shell Detection by Informed Data Augmentation. (76%) Dmitrijs Trizna; Luca Demetrio; Battista Biggio; Fabio Roli http://arxiv.org/abs/2402.18649 A New Era in LLM Security: Exploring Security Concerns in Real-World LLM-based Systems. (64%) Fangzhou Wu; Ning Zhang; Somesh Jha; Patrick McDaniel; Chaowei Xiao http://arxiv.org/abs/2402.18104 Making Them Ask and Answer: Jailbreaking Large Language Models in Few Queries via Disguise and Reconstruction. (33%) Tong Liu; Yingjie Zhang; Zhe Zhao; Yinpeng Dong; Guozhu Meng; Kai Chen http://arxiv.org/abs/2402.18162 Out-of-Distribution Detection using Neural Activation Prior. (1%) Weilin Wan; Weizhong Zhang; Cheng Jin http://arxiv.org/abs/2402.17390 Robustness-Congruent Adversarial Training for Secure Machine Learning Model Updates. (99%) Daniele Angioni; Luca Demetrio; Maura Pintor; Luca Oneto; Davide Anguita; Battista Biggio; Fabio Roli http://arxiv.org/abs/2402.17509 Extreme Miscalibration and the Illusion of Adversarial Robustness. (99%) Vyas Raina; Samson Tan; Volkan Cevher; Aditya Rawal; Sheng Zha; George Karypis http://arxiv.org/abs/2402.17533 Black-box Adversarial Attacks Against Image Quality Assessment Models. (99%) Yu Ran; Ao-Xiang Zhang; Mingjie Li; Weixuan Tang; Yuan-Gen Wang http://arxiv.org/abs/2402.17976 Enhancing Tracking Robustness with Auxiliary Adversarial Defense Networks. (99%) Zhewei Wu; Ruilong Yu; Qihe Liu; Shuying Cheng; Shilin Qiu; Shijie Zhou http://arxiv.org/abs/2402.17916 LLM-Resistant Math Word Problem Generation via Adversarial Attacks. (87%) Roy Xie; Chengxuan Huang; Junlin Wang; Bhuwan Dhingra http://arxiv.org/abs/2402.18027 Breaking the Black-Box: Confidence-Guided Model Inversion Attack for Distribution Shift. (83%) Xinhao Liu; Yingzhao Jiang; Zetao Lin http://arxiv.org/abs/2402.17465 Model X-ray:Detect Backdoored Models via Decision Boundary. (67%) Yanghao Su; Jie Zhang; Ting Xu; Tianwei Zhang; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/2402.17729 Towards Fairness-Aware Adversarial Learning. (11%) Yanghao Zhang; Tianle Zhang; Ronghui Mu; Xiaowei Huang; Wenjie Ruan http://arxiv.org/abs/2402.17223 Time-Restricted Double-Spending Attack on PoW-based Blockchains. (1%) Yiming Jiang; Jiangfan Zhang http://arxiv.org/abs/2402.16586 Improving the JPEG-resistance of Adversarial Attacks on Face Recognition by Interpolation Smoothing. (99%) Kefu Guo; Fengfan Zhou; Hefei Ling; Ping Li; Hui Liu http://arxiv.org/abs/2402.16430 Improving behavior based authentication against adversarial attack using XAI. (99%) Dong Qin; George Amariucai; Daji Qiao; Yong Guan http://arxiv.org/abs/2402.18370 Adversarial example soups: averaging multiple adversarial examples improves transferability without increasing additional generation time. (99%) Bo Yang; Hengwei Zhang; Chenwei Li; Jindong Wang http://arxiv.org/abs/2402.17018 A Curious Case of Remarkable Resilience to Gradient Attacks via Fully Convolutional and Differentiable Front End with a Skip Connection. (98%) Leonid Boytsov; Ameya Joshi; Filipe Condessa http://arxiv.org/abs/2402.17104 Adversarial Perturbations of Physical Signals. (92%) Robert L. Bassett; Dellen Austin Van; Anthony P. Austin http://arxiv.org/abs/2402.16470 Unveiling Vulnerability of Self-Attention. (87%) Khai Jiet Liong; Hongqiu Wu; Hai Zhao http://arxiv.org/abs/2402.16479 Edge Detectors Can Make Deep Convolutional Neural Networks More Robust. (83%) Jin Ding; Jie-Chao Zhao; Yong-Zhi Sun; Ping Tan; Jia-Wei Wang; Ji-En Ma; You-Tong Fang http://arxiv.org/abs/2402.16397 Investigating Deep Watermark Security: An Adversarial Transferability Perspective. (64%) Biqing Qi; Junqi Gao; Yiang Luo; Jianxing Liu; Ligang Wu; Bowen Zhou http://arxiv.org/abs/2402.16459 Defending LLMs against Jailbreaking Attacks via Backtranslation. (33%) Yihan Wang; Zhouxing Shi; Andrew Bai; Cho-Jui Hsieh http://arxiv.org/abs/2402.17012 Pandora's White-Box: Increased Training Data Leakage in Open LLMs. (13%) Jeffrey G. Wang; Jason Wang; Marvin Li; Seth Neel http://arxiv.org/abs/2402.16965 WIPI: A New Web Threat for LLM-Driven Web Agents. (8%) Fangzhou Wu; Shutong Wu; Yulong Cao; Chaowei Xiao http://arxiv.org/abs/2402.16431 RoCoIns: Enhancing Robustness of Large Language Models through Code-Style Instructions. (4%) Yuansen Zhang; Xiao Wang; Zhiheng Xi; Han Xia; Tao Gui; Qi Zhang; Xuanjing Huang http://arxiv.org/abs/2402.17092 An Innovative Information Theory-based Approach to Tackle and Enhance The Transparency in Phishing Detection. (1%) Van Nguyen; Tingmin Wu; Xingliang Yuan; Marthie Grobler; Surya Nepal; Carsten Rudolph http://arxiv.org/abs/2402.16006 From Noise to Clarity: Unraveling the Adversarial Suffix of Large Language Model Attacks via Translation of Text Embeddings. (98%) Hao Wang; Hao Li; Minlie Huang; Lei Sha http://arxiv.org/abs/2402.16912 An Adversarial Robustness Benchmark for Enterprise Network Intrusion Detection. (92%) João Vitorino; Miguel Silva; Eva Maia; Isabel Praça http://arxiv.org/abs/2402.16192 Defending Large Language Models against Jailbreak Attacks via Semantic Smoothing. (76%) Jiabao Ji; Bairu Hou; Alexander Robey; George J. Pappas; Hamed Hassani; Yang Zhang; Eric Wong; Shiyu Chang http://arxiv.org/abs/2402.16005 Adversarial-Robust Transfer Learning for Medical Imaging via Domain Assimilation. (73%) Xiaohui Chen; Tie Luo http://arxiv.org/abs/2403.12077 Evaluating Robustness of Generative Search Engine on Adversarial Factual Questions. (13%) Xuming Hu; Xiaochuan Li; Junzhe Chen; Yinghui Li; Yangning Li; Xiaoguang Li; Yasheng Wang; Qun Liu; Lijie Wen; Philip S. Yu; Zhijiang Guo http://arxiv.org/abs/2402.16914 DrAttack: Prompt Decomposition and Reconstruction Makes Powerful LLM Jailbreakers. (2%) Xirui Li; Ruochen Wang; Minhao Cheng; Tianyi Zhou; Cho-Jui Hsieh http://arxiv.org/abs/2404.16847 State-of-the-Art Approaches to Enhancing Privacy Preservation of Machine Learning Datasets: A Survey. (1%) Chaoyu Zhang http://arxiv.org/abs/2402.16918 m2mKD: Module-to-Module Knowledge Distillation for Modular Transformers. (1%) Ka Man Lo; Yiming Liang; Wenyu Du; Yuantao Fan; Zili Wang; Wenhao Huang; Lei Ma; Jie Fu http://arxiv.org/abs/2402.15911 PRP: Propagating Universal Perturbations to Attack Large Language Model Guard-Rails. (87%) Neal Mangaokar; Ashish Hooda; Jihye Choi; Shreyas Chandrashekaran; Kassem Fawaz; Somesh Jha; Atul Prakash http://arxiv.org/abs/2402.15727 LLMs Can Defend Themselves Against Jailbreaking in a Practical Manner: A Vision Paper. (86%) Daoyuan Wu; Shuai Wang; Yang Liu; Ning Liu http://arxiv.org/abs/2402.15853 RAUCA: A Novel Physical Adversarial Attack on Vehicle Detectors via Robust and Accurate Camouflage Generation. (82%) Jiawei Zhou; Linye Lyu; Daojing He; Yu Li http://arxiv.org/abs/2402.15959 Towards Robust Image Stitching: An Adaptive Resistance Learning against Compatible Attacks. (76%) Zhiying Jiang; Xingyuan Li; Jinyuan Liu; Xin Fan; Risheng Liu http://arxiv.org/abs/2402.15808 Optimal Zero-Shot Detector for Multi-Armed Attacks. (50%) Federica Granese; Marco Romanelli; Pablo Piantanida http://arxiv.org/abs/2402.15751 Sparse MeZO: Less Parameters for Better Performance in Zeroth-Order LLM Fine-Tuning. (1%) Yong Liu; Zirui Zhu; Chaoyu Gong; Minhao Cheng; Cho-Jui Hsieh; Yang You http://arxiv.org/abs/2402.15586 Distilling Adversarial Robustness Using Heterogeneous Teachers. (99%) Jieren Deng; Aaron Palmer; Rigel Mahmood; Ethan Rathbun; Jinbo Bi; Kaleel Mahmood; Derek Aguiar http://arxiv.org/abs/2402.15570 Fast Adversarial Attacks on Language Models In One GPU Minute. (98%) Vinu Sankar Sadasivan; Shoumik Saha; Gaurang Sriramanan; Priyatham Kattakinda; Atoosa Chegini; Soheil Feizi http://arxiv.org/abs/2402.15267 A Robust Defense against Adversarial Attacks on Deep Learning-based Malware Detectors via (De)Randomized Smoothing. (98%) Daniel Gibert; Giulio Zizzo; Quan Le; Jordi Planes http://arxiv.org/abs/2402.15429 ProTIP: Probabilistic Robustness Verification on Text-to-Image Diffusion Models against Stochastic Perturbation. (93%) Yi Zhang; Yun Tang; Wenjie Ruan; Xiaowei Huang; Siddartha Khastgir; Paul Jennings; Xingyu Zhao http://arxiv.org/abs/2402.15152 On the Duality Between Sharpness-Aware Minimization and Adversarial Training. (92%) Yihao Zhang; Hangzhou He; Jingyu Zhu; Huanran Chen; Yifei Wang; Zeming Wei http://arxiv.org/abs/2402.15653 Low-Frequency Black-Box Backdoor Attack via Evolutionary Algorithm. (87%) Yanqi Qiao; Dazhuang Liu; Rui Wang; Kaitai Liang http://arxiv.org/abs/2402.15555 Deep Networks Always Grok and Here is Why. (76%) Ahmed Imtiaz Humayun; Randall Balestriero; Richard Baraniuk http://arxiv.org/abs/2402.15218 BSPA: Exploring Black-box Stealthy Prompt Attacks against Image Generators. (67%) Yu Tian; Xiao Yang; Yinpeng Dong; Heming Yang; Hang Su; Jun Zhu http://arxiv.org/abs/2402.15617 Reinforcement Learning-Based Approaches for Enhancing Security and Resilience in Smart Control: A Survey on Attack and Defense Methods. (61%) Zheyu Zhang http://arxiv.org/abs/2402.15180 Break the Breakout: Reinventing LM Defense Against Jailbreak Attacks with Self-Refinement. (5%) Heegyu Kim; Sehyun Yuk; Hyunsouk Cho http://arxiv.org/abs/2402.15425 Prime+Retouch: When Cache is Locked and Leaked. (2%) Jaehyuk Lee; Fan Sang; Taesoo Kim http://arxiv.org/abs/2402.14937 SoK: Analyzing Adversarial Examples: A Framework to Study Adversary Knowledge. (99%) Lucas Fenaux; Florian Kerschbaum http://arxiv.org/abs/2402.14648 Rethinking Invariance Regularization in Adversarial Training to Improve Robustness-Accuracy Trade-off. (98%) Futa Waseda; Isao Echizen http://arxiv.org/abs/2402.14494 Noise-BERT: A Unified Perturbation-Robust Framework with Noise Alignment Pre-training for Noisy Slot Filling Task. (83%) Jinxu Zhao; Guanting Dong; Yueyan Qiu; Tingfeng Hui; Xiaoshuai Song; Daichi Guo; Weiran Xu http://arxiv.org/abs/2402.14899 Stop Reasoning! When Multimodal LLMs with Chain-of-Thought Reasoning Meets Adversarial Images. (81%) Zefeng Wang; Zhen Han; Shuo Chen; Fan Xue; Zifeng Ding; Xun Xiao; Volker Tresp; Philip Torr; Jindong Gu http://arxiv.org/abs/2402.14968 Mitigating Fine-tuning Jailbreak Attack with Backdoor Enhanced Alignment. (75%) Jiongxiao Wang; Jiazhao Li; Yiquan Li; Xiangyu Qi; Junjie Hu; Yixuan Li; Patrick McDaniel; Muhao Chen; Bo Li; Chaowei Xiao http://arxiv.org/abs/2403.00794 Getting Serious about Humor: Crafting Humor Datasets with Unfunny Large Language Models. (26%) Zachary Horvitz; Jingru Chen; Rahul Aditya; Harshvardhan Srivastava; Robert West; Zhou Yu; Kathleen McKeown http://arxiv.org/abs/2402.13946 AttackGNN: Red-Teaming GNNs in Hardware Security Using Reinforcement Learning. (99%) Vasudev Gohil; Satwik Patnaik; Dileep Kalathil; Jeyavijayan Rajendran http://arxiv.org/abs/2402.13987 A Simple and Yet Fairly Effective Defense for Graph Neural Networks. (98%) Sofiane Ennadir; Yassine Abbahaddou; Johannes F. Lutzeyer; Michalis Vazirgiannis; Henrik Boström http://arxiv.org/abs/2402.13629 Adversarial Purification and Fine-tuning for Robust UDC Image Restoration. (98%) Zhenbo Song; Zhenyuan Zhang; Kaihao Zhang; Wenhan Luo; Zhaoxin Fan; Jianfeng Lu http://arxiv.org/abs/2402.13651 Robustness of Deep Neural Networks for Micro-Doppler Radar Classification. (80%) Mikolaj Czerkawski; Carmine Clemente; Craig MichieCraig Michie; Christos Tachtatzis http://arxiv.org/abs/2402.14016 Is LLM-as-a-Judge Robust? Investigating Universal Adversarial Attacks on Zero-shot LLM Assessment. (75%) Vyas Raina; Adian Liusie; Mark Gales http://arxiv.org/abs/2402.13575 Flexible Physical Camouflage Generation Based on a Differential Approach. (38%) Yang Li; Wenyi Tan; Chenxing Zhao; Shuangju Zhou; Xinkai Liang; Quan Pan http://arxiv.org/abs/2402.13851 VL-Trojan: Multimodal Instruction Backdoor Attacks against Autoregressive Visual Language Models. (10%) Jiawei Liang; Siyuan Liang; Man Luo; Aishan Liu; Dongchen Han; Ee-Chien Chang; Xiaochun Cao http://arxiv.org/abs/2402.14872 Semantic Mirror Jailbreak: Genetic Algorithm Based Jailbreak Prompts Against Open-source LLMs. (8%) Xiaoxia Li; Siyuan Liang; Jiyi Zhang; Han Fang; Aishan Liu; Ee-Chien Chang http://arxiv.org/abs/2402.14020 Coercing LLMs to do and reveal (almost) anything. (4%) Jonas Geiping; Alex Stein; Manli Shu; Khalid Saifullah; Yuxin Wen; Tom Goldstein http://arxiv.org/abs/2402.14167 T-Stitch: Accelerating Sampling in Pre-Trained Diffusion Models with Trajectory Stitching. (1%) Zizheng Pan; Bohan Zhuang; De-An Huang; Weili Nie; Zhiding Yu; Chaowei Xiao; Jianfei Cai; Anima Anandkumar http://arxiv.org/abs/2402.12950 QuanTest: Entanglement-Guided Testing of Quantum Neural Network Systems. (92%) Jinjing Shi; Zimeng Xiao; Heyuan Shi; Yu Jiang; Xuelong Li http://arxiv.org/abs/2402.13148 Defending Jailbreak Prompts via In-Context Adversarial Game. (76%) Yujun Zhou; Yufei Han; Haomin Zhuang; Taicheng Guo; Kehan Guo; Zhenwen Liang; Hongyan Bao; Xiangliang Zhang http://arxiv.org/abs/2402.13517 Round Trip Translation Defence against Large Language Model Jailbreaking Attacks. (74%) Canaan Yung; Hadi Mohaghegh Dolatabadi; Sarah Erfani; Christopher Leckie http://arxiv.org/abs/2402.13006 Investigating the Impact of Model Instability on Explanations and Uncertainty. (69%) Sara Vera Marjanović; Isabelle Augenstein; Christina Lioma http://arxiv.org/abs/2402.13457 LLM Jailbreak Attack versus Defense Techniques -- A Comprehensive Study. (54%) Zihao Xu; Yi Liu; Gelei Deng; Yuekang Li; Stjepan Picek http://arxiv.org/abs/2402.13459 Learning to Poison Large Language Models During Instruction Tuning. (13%) Yao Qiang; Xiangyu Zhou; Saleh Zare Zade; Mohammad Amin Roshani; Douglas Zytko; Dongxiao Zhu http://arxiv.org/abs/2402.13487 Stealthy Adversarial Attacks on Stochastic Multi-Armed Bandits. (3%) Zhiwei Wang; Huazheng Wang; Hongning Wang http://arxiv.org/abs/2402.13518 RITFIS: Robust input testing framework for LLMs-based intelligent software. (1%) Mingxuan Xiao; Yan Xiao; Hai Dong; Shunhui Ji; Pengcheng Zhang http://arxiv.org/abs/2402.12329 Query-Based Adversarial Prompt Generation. (99%) Jonathan Hayase; Ema Borevkovic; Nicholas Carlini; Florian Tramèr; Milad Nasr http://arxiv.org/abs/2402.12187 Adversarial Feature Alignment: Balancing Robustness and Accuracy in Deep Learning via Adversarial Training. (99%) Leo Hyun Park; Jaeuk Kim; Myung Gyo Oh; Jaewoo Park; Taekyoung Kwon http://arxiv.org/abs/2402.12338 An Adversarial Approach to Evaluating the Robustness of Event Identification Models. (98%) Obai Bahwal; Oliver Kosut; Lalitha Sankar http://arxiv.org/abs/2402.11940 AICAttack: Adversarial Image Captioning Attack with Attention-Based Optimization. (98%) Jiyao Li; Mingze Ni; Yifei Dong; Tianqing Zhu; Wei Liu http://arxiv.org/abs/2402.12673 Beyond Worst-case Attacks: Robust RL with Adaptive Defense via Non-dominated Policies. (97%) Xiangyu Liu; Chenghao Deng; Yanchao Sun; Yongyuan Liang; Furong Huang http://arxiv.org/abs/2402.11953 Stealing the Invisible: Unveiling Pre-Trained CNN Models through Adversarial Examples and Timing Side-Channels. (92%) Shubhi Shukla; Manaar Alam; Pabitra Mitra; Debdeep Mukhopadhyay http://arxiv.org/abs/2402.12426 Attacks on Node Attributes in Graph Neural Networks. (83%) Ying Xu; Michael Lanier; Anindya Sarkar; Yevgeniy Vorobeychik http://arxiv.org/abs/2402.12626 Indiscriminate Data Poisoning Attacks on Pre-trained Feature Extractors. (68%) Yiwei Lu; Matthew Y. R. Yang; Gautam Kamath; Yaoliang Yu http://arxiv.org/abs/2402.11837 Self-Guided Robust Graph Structure Refinement. (67%) Yeonjun In; Kanghoon Yoon; Kibum Kim; Kijung Shin; Chanyoung Park http://arxiv.org/abs/2402.12336 Robust CLIP: Unsupervised Adversarial Fine-Tuning of Vision Embeddings for Robust Large Vision-Language Models. (50%) Christian Schlarmann; Naman Deep Singh; Francesco Croce; Matthias Hein http://arxiv.org/abs/2402.12168 Defending Against Weight-Poisoning Backdoor Attacks for Parameter-Efficient Fine-Tuning. (15%) Shuai Zhao; Leilei Gan; Luu Anh Tuan; Jie Fu; Lingjuan Lyu; Meihuizi Jia; Jinming Wen http://arxiv.org/abs/2402.12189 Amplifying Training Data Exposure through Fine-Tuning with Pseudo-Labeled Memberships. (1%) Myung Gyo Oh; Hong Eun Ahn; Leo Hyun Park; Taekyoung Kwon http://arxiv.org/abs/2402.11557 Evaluating Adversarial Robustness of Low dose CT Recovery. (92%) Kanchana Vaishnavi Gandikota; Paramanand Chandramouli; Hannah Droege; Michael Moeller http://arxiv.org/abs/2402.11469 A Curious Case of Searching for the Correlation between Training Data and Adversarial Robustness of Transformer Textual Models. (92%) Cuong Dang; Dung D. Le; Thai Le http://arxiv.org/abs/2402.11687 Evaluating Efficacy of Model Stealing Attacks and Defenses on Quantum Neural Networks. (83%) Satwik Kundu; Debarshi Kundu; Swaroop Ghosh http://arxiv.org/abs/2402.11733 The Effectiveness of Random Forgetting for Robust Generalization. (75%) Vijaya Raghavan T Ramkumar; Bahram Zonooz; Elahe Arani http://arxiv.org/abs/2402.11473 Poisoned Forgery Face: Towards Backdoor Attacks on Face Forgery Detection. (26%) Jiawei Liang; Siyuan Liang; Aishan Liu; Xiaojun Jia; Junhao Kuang; Xiaochun Cao http://arxiv.org/abs/2402.11637 Poisoning Federated Recommender Systems with Fake Users. (5%) Ming Yin; Yichang Xu; Minghong Fang; Neil Zhenqiang Gong http://arxiv.org/abs/2402.11755 SPML: A DSL for Defending Language Models Against Prompt Attacks. (1%) Reshabh K Sharma; Vinayak Gupta; Dan Grossman http://arxiv.org/abs/2402.12406 Teacher as a Lenient Expert: Teacher-Agnostic Data-Free Knowledge Distillation. (1%) Hyunjune Shin; Dong-Wan Choi http://arxiv.org/abs/2402.11196 Maintaining Adversarial Robustness in Continuous Learning. (75%) Xiaolei Ru; Xiaowei Cao; Zijia Liu; Jack Murdoch Moore; Xin-Ya Zhang; Xia Zhu; Wenjia Wei; Gang Yan http://arxiv.org/abs/2402.11237 Be Persistent: Towards a Unified Solution for Mitigating Shortcuts in Deep Learning. (22%) Hadi M. Dolatabadi; Sarah M. Erfani; Christopher Leckie http://arxiv.org/abs/2402.11208 Watch Out for Your Agents! Investigating Backdoor Threats to LLM-Based Agents. (2%) Wenkai Yang; Xiaohan Bi; Yankai Lin; Sishuo Chen; Jie Zhou; Xu Sun http://arxiv.org/abs/2402.11423 VoltSchemer: Use Voltage Noise to Manipulate Your Wireless Charger. (2%) Zihao Zhan; Yirui Yang; Haoqi Shan; Hanqiu Wang; Yier Jin; Shuo Wang http://arxiv.org/abs/2402.11120 DART: A Principled Approach to Adversarially Robust Unsupervised Domain Adaptation. (99%) Yunjuan Wang; Hussein Hazimeh; Natalia Ponomareva; Alexey Kurakin; Ibrahim Hammoud; Raman Arora http://arxiv.org/abs/2402.10470 Theoretical Understanding of Learning from Adversarial Perturbations. (98%) Soichiro Kumano; Hiroshi Kera; Toshihiko Yamasaki http://arxiv.org/abs/2402.10527 Zero-shot sampling of adversarial entities in biomedical question answering. (92%) R. Patrick Xian; Alex J. Lee; Vincent Wang; Qiming Cui; Russell Ro; Reza Abbasi-Asl http://arxiv.org/abs/2402.11083 VQAttack: Transferable Adversarial Attacks on Visual Question Answering via Pre-trained Models. (92%) Ziyi Yin; Muchao Ye; Tianrong Zhang; Jiaqi Wang; Han Liu; Jinghui Chen; Ting Wang; Fenglong Ma http://arxiv.org/abs/2402.11082 The AI Security Pyramid of Pain. (47%) Chris M. Ward; Josh Harguess; Julia Tao; Daniel Christman; Paul Spicer; Mike Tan http://arxiv.org/abs/2402.10773 AIM: Automated Input Set Minimization for Metamorphic Security Testing. (2%) Nazanin Bayati Chaleshtari; Yoann Marquer; Fabrizio Pastore; Lionel C. Briand http://arxiv.org/abs/2402.10882 Universal Prompt Optimizer for Safe Text-to-Image Generation. (1%) Zongyu Wu; Hongcheng Gao; Yueze Wang; Xiang Zhang; Suhang Wang http://arxiv.org/abs/2402.09874 Camouflage is all you need: Evaluating and Enhancing Language Model Robustness Against Camouflage Adversarial Attacks. (62%) Álvaro Huertas-García; Alejandro Martín; Javier Huertas-Tato; David Camacho http://arxiv.org/abs/2402.10340 On the Safety Concerns of Deploying LLMs/VLMs in Robotics: Highlighting the Risks and Vulnerabilities. (31%) Xiyang Wu; Ruiqi Xian; Tianrui Guan; Jing Liang; Souradip Chakraborty; Fuxiao Liu; Brian Sadler; Dinesh Manocha; Amrit Singh Bedi http://arxiv.org/abs/2402.10283 Backdoor Attack against One-Class Sequential Anomaly Detection Models. (9%) He Cheng; Shuhan Yuan http://arxiv.org/abs/2402.10196 A Trembling House of Cards? Mapping Adversarial Attacks against Language Agents. (5%) Lingbo Mo; Zeyi Liao; Boyuan Zheng; Yu Su; Chaowei Xiao; Huan Sun http://arxiv.org/abs/2402.10082 FedRDF: A Robust and Dynamic Aggregation Function against Poisoning Attacks in Federated Learning. (3%) Enrique Mármol Campos; Aurora González Vidal; José Luis Hernández Ramos; Antonio Skarmeta http://arxiv.org/abs/2402.10983 Quantum-Inspired Analysis of Neural Network Vulnerabilities: The Role of Conjugate Variables in System Attacks. (1%) Jun-Jie Zhang; Deyu Meng http://arxiv.org/abs/2402.09132 Exploring the Adversarial Capabilities of Large Language Models. (98%) Lukas Struppek; Minh Hieu Le; Dominik Hintersdorf; Kristian Kersting http://arxiv.org/abs/2402.09674 PAL: Proxy-Guided Black-Box Attack on Large Language Models. (92%) Chawin Sitawarin; Norman Mu; David Wagner; Alexandre Araujo http://arxiv.org/abs/2402.09316 Only My Model On My Data: A Privacy Preserving Approach Protecting one Model and Deceiving Unauthorized Black-Box Models. (92%) Weiheng Chai; Brian Testa; Huantao Ren; Asif Salekin; Senem Velipasalar http://arxiv.org/abs/2402.09546 How Secure Are Large Language Models (LLMs) for Navigation in Urban Environments? (80%) Congcong Wen; Jiazhao Liang; Shuaihang Yuan; Hao Huang; Yi Fang http://arxiv.org/abs/2402.09023 Review-Incorporated Model-Agnostic Profile Injection Attacks on Recommender Systems. (76%) Shiyi Yang; Lina Yao; Chen Wang; Xiwei Xu; Liming Zhu http://arxiv.org/abs/2402.09154 Attacking Large Language Models with Projected Gradient Descent. (67%) Simon Geisler; Tom Wollschläger; M. H. I. Abdalla; Johannes Gasteiger; Stephan Günnemann http://arxiv.org/abs/2402.08986 Detecting Adversarial Spectrum Attacks via Distance to Decision Boundary Statistics. (47%) Wenwei Zhao; Xiaowen Li; Shangqing Zhao; Jie Xu; Yao Liu; Zhuo Lu http://arxiv.org/abs/2402.08983 SafeDecoding: Defending against Jailbreak Attacks via Safety-Aware Decoding. (38%) Zhangchen Xu; Fengqing Jiang; Luyao Niu; Jinyuan Jia; Bill Yuchen Lin; Radha Poovendran http://arxiv.org/abs/2402.09179 Rapid Adoption, Hidden Risks: The Dual Impact of Large Language Model Customization. (9%) Rui Zhang; Hongwei Li; Rui Wen; Wenbo Jiang; Yuan Zhang; Michael Backes; Yun Shen; Yang Zhang http://arxiv.org/abs/2402.09695 Reward Poisoning Attack Against Offline Reinforcement Learning. (5%) Yinglun Xu; Rohan Gumaste; Gagandeep Singh http://arxiv.org/abs/2403.12075 Adversarial Nibbler: An Open Red-Teaming Method for Identifying Diverse Harms in Text-to-Image Generation. (3%) Jessica Quaye; Alicia Parrish; Oana Inel; Charvi Rastogi; Hannah Rose Kirk; Minsuk Kahng; Liemt Erin van; Max Bartolo; Jess Tsang; Justin White; Nathan Clement; Rafael Mosquera; Juan Ciro; Vijay Janapa Reddi; Lora Aroyo http://arxiv.org/abs/2402.09199 Ten Words Only Still Help: Improving Black-Box AI-Generated Text Detection via Proxy-Guided Efficient Re-Sampling. (2%) Yuhui Shi; Qiang Sheng; Juan Cao; Hao Mi; Beizhe Hu; Danding Wang http://arxiv.org/abs/2402.08991 Towards Robust Model-Based Reinforcement Learning Against Adversarial Corruption. (1%) Chenlu Ye; Jiafan He; Quanquan Gu; Tong Zhang http://arxiv.org/abs/2402.09303 Immediate generalisation in humans but a generalisation lag in deep neural networks$\unicode{x2014}$evidence for representational divergence? (1%) Lukas S. Huber; Fred W. Mast; Felix A. Wichmann http://arxiv.org/abs/2402.09091 Play Guessing Game with LLM: Indirect Jailbreak Attack with Implicit Clues. (1%) Zhiyuan Chang; Mingyang Li; Yi Liu; Junjie Wang; Qing Wang; Yang Liu http://arxiv.org/abs/2402.08586 Faster Repeated Evasion Attacks in Tree Ensembles. (96%) Lorenzo Cascioli; Laurens Devos; Ondřej Kuželka; Jesse Davis http://arxiv.org/abs/2402.08648 Generating Universal Adversarial Perturbations for Quantum Classifiers. (93%) Gautham Anil; Vishnu Vinod; Apurva Narayan http://arxiv.org/abs/2402.08763 Enhancing Robustness of Indoor Robotic Navigation with Free-Space Segmentation Models Against Adversarial Attacks. (83%) Qiyuan An; Christos Sevastopoulos; Fillia Makedon http://arxiv.org/abs/2402.09478 Data Reconstruction Attacks and Defenses: A Systematic Evaluation. (76%) Sheng Liu; Zihan Wang; Qi Lei http://arxiv.org/abs/2402.08679 COLD-Attack: Jailbreaking LLMs with Stealthiness and Controllability. (62%) Xingang Guo; Fangxu Yu; Huan Zhang; Lianhui Qin; Bin Hu http://arxiv.org/abs/2402.08577 Test-Time Backdoor Attacks on Multimodal Large Language Models. (56%) Dong Lu; Tianyu Pang; Chao Du; Qian Liu; Xianjun Yang; Min Lin http://arxiv.org/abs/2402.08768 Adversarially Robust Feature Learning for Breast Cancer Diagnosis. (33%) Degan Hao; Dooman Arefan; Margarita Zuley; Wendie Berg; Shandong Wu http://arxiv.org/abs/2402.08567 Agent Smith: A Single Image Can Jailbreak One Million Multimodal LLM Agents Exponentially Fast. (31%) Xiangming Gu; Xiaosen Zheng; Tianyu Pang; Chao Du; Qian Liu; Ye Wang; Jing Jiang; Min Lin http://arxiv.org/abs/2402.08845 Feature Attribution with Necessity and Sufficiency via Dual-stage Perturbation Test for Causal Explanation. (1%) Xuexin Chen; Ruichu Cai; Zhengting Huang; Yuxuan Zhu; Julien Horwood; Zhifeng Hao; Zijian Li; Jose Miguel Hernandez-Lobato http://arxiv.org/abs/2402.07496 Understanding Deep Learning defenses Against Adversarial Examples Through Visualizations for Dynamic Risk Assessment. (99%) Xabier Echeberria-Barrio; Amaia Gil-Lerchundi; Jon Egana-Zubia; Raul Orduna-Urrutia http://arxiv.org/abs/2402.07480 Topological safeguard for evasion attack interpreting the neural networks' behavior. (89%) Xabier Echeberria-Barrio; Amaia Gil-Lerchundi; Iñigo Mendialdua; Raul Orduna-Urrutia http://arxiv.org/abs/2402.07867 PoisonedRAG: Knowledge Poisoning Attacks to Retrieval-Augmented Generation of Large Language Models. (83%) Wei Zou; Runpeng Geng; Binghui Wang; Jinyuan Jia http://arxiv.org/abs/2402.07687 Privacy-Preserving Gaze Data Streaming in Immersive Interactive Virtual Reality: Robustness and User Experience. (33%) Ethan Wilson; Azim Ibragimov; Michael J. Proulx; Sai Deep Tetali; Kevin Butler; Eakta Jain http://arxiv.org/abs/2402.07689 OrderBkd: Textual backdoor attack through repositioning. (13%) Irina Alekseevskaia; Konstantin Arkhipenko http://arxiv.org/abs/2402.07639 Tighter Bounds on the Information Bottleneck with Application to Deep Learning. (10%) Nir Weingarten; Zohar Yakhini; Moshe Butman; Ran Gilad-Bachrach http://arxiv.org/abs/2402.08125 Customizable Perturbation Synthesis for Robust SLAM Benchmarking. (9%) Xiaohao Xu; Tianyi Zhang; Sibo Wang; Xiang Li; Yongqi Chen; Ye Li; Bhiksha Raj; Matthew Johnson-Roberson; Xiaonan Huang http://arxiv.org/abs/2402.08070 Multi-Attribute Vision Transformers are Efficient and Robust Learners. (8%) Hanan Gani; Nada Saadi; Noor Hussein; Karthik Nandakumar http://arxiv.org/abs/2402.07498 Accelerated Smoothing: A Scalable Approach to Randomized Smoothing. (3%) Devansh Bhardwaj; Kshitiz Kaushik; Sarthak Gupta http://arxiv.org/abs/2402.08695 Game of Trojans: Adaptive Adversaries Against Output-based Trojaned-Model Detectors. (3%) Dinuka Sahabandu; Xiaojun Xu; Arezoo Rajabi; Luyao Niu; Bhaskar Ramasubramanian; Bo Li; Radha Poovendran http://arxiv.org/abs/2402.08191 THE COLOSSEUM: A Benchmark for Evaluating Generalization for Robotic Manipulation. (2%) Wilbert Pumacay; Ishika Singh; Jiafei Duan; Ranjay Krishna; Jesse Thomason; Dieter Fox http://arxiv.org/abs/2402.07718 Local Centrality Minimization with Quality Guarantees. (1%) Atsushi Miyauchi; Lorenzo Severini; Francesco Bonchi http://arxiv.org/abs/2402.07841 Do Membership Inference Attacks Work on Large Language Models? (1%) Michael Duan; Anshuman Suri; Niloofar Mireshghallah; Sewon Min; Weijia Shi; Luke Zettlemoyer; Yulia Tsvetkov; Yejin Choi; David Evans; Hannaneh Hajishirzi http://arxiv.org/abs/2402.07506 NeuralSentinel: Safeguarding Neural Network Reliability and Trustworthiness. (1%) Xabier Echeberria-Barrio; Mikel Gorricho; Selene Valencia; Francesco Zola http://arxiv.org/abs/2402.08183 Pixel Sentence Representation Learning. (1%) Chenghao Xiao; Zhuoxu Huang; Danlu Chen; G Thomas Hudson; Yizhi Li; Haoran Duan; Chenghua Lin; Jie Fu; Jungong Han; Noura Al Moubayed http://arxiv.org/abs/2402.07183 A Random Ensemble of Encrypted Vision Transformers for Adversarially Robust Defense. (99%) Ryota Iijima; Sayaka Shiota; Hitoshi Kiya http://arxiv.org/abs/2402.07347 Accuracy of TextFooler black box adversarial attacks on 01 loss sign activation neural network ensemble. (98%) Yunzhe Xue; Usman Roshan http://arxiv.org/abs/2402.06922 Whispers in the Machine: Confidentiality in LLM-integrated Systems. (26%) Jonathan Evertz; Merlin Chlosta; Lea Schönherr; Thorsten Eisenhofer http://arxiv.org/abs/2402.06957 Architectural Neural Backdoors from First Principles. (26%) Harry Langford; Ilia Shumailov; Yiren Zhao; Robert Mullins; Nicolas Papernot http://arxiv.org/abs/2402.06249 Anomaly Unveiled: Securing Image Classification against Adversarial Patch Attacks. (98%) Nandish Chattopadhyay; Amira Guesmi; Muhammad Shafique http://arxiv.org/abs/2402.06255 Studious Bob Fight Back Against Jailbreaking via Prompt Adversarial Tuning. (95%) Yichuan Mo; Yuji Wang; Zeming Wei; Yisen Wang http://arxiv.org/abs/2402.06827 RAMP: Boosting Adversarial Robustness Against Multiple $l_p$ Perturbations. (83%) Enyi Jiang; Gagandeep Singh http://arxiv.org/abs/2402.06846 System-level Analysis of Adversarial Attacks and Defenses on Intelligence in O-RAN based Cellular Networks. (82%) Azuka Chiejina; Brian Kim; Kaushik Chowhdury; Vijay K. Shah http://arxiv.org/abs/2402.06357 The SpongeNet Attack: Sponge Weight Poisoning of Deep Neural Networks. (69%) Jona te Lintelo; Stefanos Koffas; Stjepan Picek http://arxiv.org/abs/2402.06734 Corruption Robust Offline Reinforcement Learning with Human Feedback. (67%) Debmalya Mandal; Andi Nika; Parameswaran Kamalaruban; Adish Singla; Goran Radanović http://arxiv.org/abs/2402.06244 Quantifying and Enhancing Multi-modal Robustness with Modality Preference. (56%) Zequn Yang; Yake Wei; Ce Liang; Di Hu http://arxiv.org/abs/2402.06363 StruQ: Defending Against Prompt Injection with Structured Queries. (45%) Sizhe Chen; Julien Piet; Chawin Sitawarin; David Wagner http://arxiv.org/abs/2402.06289 Evaluating Membership Inference Attacks and Defenses in Federated Learning. (4%) Gongxi Zhu; Donghao Li; Hanlin Gu; Yuxing Han; Yuan Yao; Lixin Fan; Qiang Yang http://arxiv.org/abs/2402.06855 For Better or For Worse? Learning Minimum Variance Features With Label Augmentation. (1%) Muthu Chidambaram; Rong Ge http://arxiv.org/abs/2402.05668 Comprehensive Assessment of Jailbreak Attacks Against LLMs. (99%) Junjie Chu; Yugeng Liu; Ziqing Yang; Xinyue Shen; Michael Backes; Yang Zhang http://arxiv.org/abs/2402.05493 Investigating White-Box Attacks for On-Device Models. (93%) Mingyi Zhou; Xiang Gao; Jing Wu; Kui Liu; Hailong Sun; Li Li http://arxiv.org/abs/2402.06132 TETRIS: Towards Exploring the Robustness of Interactive Segmentation. (81%) Andrey Moskalenko; Vlad Shakhuro; Anna Vorontsova; Anton Konushin; Anton Antonov; Alexander Krapukhin; Denis Shepelev; Konstantin Soshin http://arxiv.org/abs/2402.05521 Linearizing Models for Efficient yet Robust Private Inference. (68%) Sreetama Sarkar; Souvik Kundu; Peter A. Beerel http://arxiv.org/abs/2402.05674 A High Dimensional Model for Adversarial Training: Geometry and Trade-Offs. (26%) Kasimir Tanner; Matteo Vilucchio; Bruno Loureiro; Florent Krzakala http://arxiv.org/abs/2402.05675 Is Adversarial Training with Compressed Datasets Effective? (10%) Tong Chen; Raghavendra Selvan http://arxiv.org/abs/2402.05541 Reinforcement Learning as a Catalyst for Robust and Fair Federated Learning: Deciphering the Dynamics of Client Contributions. (9%) Jialuo He; Wei Chen; Xiaojin Zhang http://arxiv.org/abs/2402.04660 Adversarial Robustness Through Artifact Design. (99%) Tsufit Shua; Mahmood Sharif http://arxiv.org/abs/2402.04699 EvoSeed: Unveiling the Threat on Deep Neural Networks with Real-World Illusions. (98%) Shashank Kotyan; PoYuan Mao; Danilo Vasconcellos Vargas http://arxiv.org/abs/2402.05284 Analyzing Adversarial Inputs in Deep Reinforcement Learning. (96%) Davide Corsi; Guy Amir; Guy Katz; Alessandro Farinelli http://arxiv.org/abs/2402.05162 Assessing the Brittleness of Safety Alignment via Pruning and Low-Rank Modifications. (1%) Boyi Wei; Kaixuan Huang; Yangsibo Huang; Tinghao Xie; Xiangyu Qi; Mengzhou Xia; Prateek Mittal; Mengdi Wang; Peter Henderson http://arxiv.org/abs/2402.03951 Boosting Adversarial Transferability across Model Genus by Deformation-Constrained Warping. (98%) Qinliang Lin; Cheng Luo; Zenghao Niu; Xilin He; Weicheng Xie; Yuanbo Hou; Linlin Shen; Siyang Song http://arxiv.org/abs/2403.08806 Adversarially Robust Deepfake Detection via Adversarial Feature Similarity Learning. (98%) Sarwar Khan http://arxiv.org/abs/2402.04038 PAC-Bayesian Adversarially Robust Generalization Bounds for Graph Neural Network. (75%) Tan Sun; Junhong Lin http://arxiv.org/abs/2402.04325 Enhance DNN Adversarial Robustness and Efficiency via Injecting Noise to Non-Essential Neurons. (74%) Zhenyu Liu; Garrett Gagnon; Swagath Venkataramani; Liu Liu http://arxiv.org/abs/2402.03741 SUB-PLAY: Adversarial Policies against Partially Observed Multi-Agent Reinforcement Learning Systems. (67%) Oubo Ma; Yuwen Pu; Linkang Du; Yang Dai; Ruo Wang; Xiaolei Liu; Yingcai Wu; Shouling Ji http://arxiv.org/abs/2402.03740 BotSSCL: Social Bot Detection with Self-Supervised Contrastive Learning. (64%) Mohammad Majid Akhtar; Navid Shadman Bhuiyan; Rahat Masood; Muhammad Ikram; Salil S. Kanhere http://arxiv.org/abs/2402.04421 Studying Vulnerable Code Entities in R. (10%) Zixiao Zhao; Millon Madhur Das; Fatemeh H. Fard http://arxiv.org/abs/2402.03760 DeMarking: A Defense for Network Flow Watermarking in Real-Time. (10%) Yali Yuan; Jian Ge; Guang Cheng http://arxiv.org/abs/2402.04249 HarmBench: A Standardized Evaluation Framework for Automated Red Teaming and Robust Refusal. (2%) Mantas Mazeika; Long Phan; Xuwang Yin; Andy Zou; Zifan Wang; Norman Mu; Elham Sakhaee; Nathaniel Li; Steven Basart; Bo Li; David Forsyth; Dan Hendrycks http://arxiv.org/abs/2402.02732 A Generative Approach to Surrogate-based Black-box Attacks. (99%) Raha Moraffah; Huan Liu http://arxiv.org/abs/2402.03095 Transcending Adversarial Perturbations: Manifold-Aided Adversarial Examples with Legitimate Semantics. (99%) Shuai Li; Xiaoyu Jiang; Xiaoguang Ma http://arxiv.org/abs/2402.03477 Arabic Synonym BERT-based Adversarial Examples for Text Classification. (99%) Norah Alshahrani; Saied Alshahrani; Esma Wali; Jeanna Matthews http://arxiv.org/abs/2402.03576 Generalization Properties of Adversarial Training for $\ell_0$-Bounded Adversarial Attacks. (92%) Payam Delgosha; Hamed Hassani; Ramtin Pedarsani http://arxiv.org/abs/2402.03705 FoolSDEdit: Deceptively Steering Your Edits Towards Targeted Attribute-aware Distribution. (89%) Qi Zhou; Dongxia Wang; Tianlin Li; Zhihong Xu; Yang Liu; Kui Ren; Wenhai Wang; Qing Guo http://arxiv.org/abs/2402.02886 Time-Distributed Backdoor Attacks on Federated Spiking Learning. (83%) Gorka Abad; Stjepan Picek; Aitor Urbieta http://arxiv.org/abs/2402.06659 Shadowcast: Stealthy Data Poisoning Attacks Against Vision-Language Models. (83%) Yuancheng Xu; Jiarui Yao; Manli Shu; Yanchao Sun; Zichu Wu; Ning Yu; Tom Goldstein; Furong Huang http://arxiv.org/abs/2402.03627 Partially Recentralization Softmax Loss for Vision-Language Models Robustness. (81%) Hao Wang; Xin Zhang; Jinzhe Jiang; Yaqian Zhao; Chen Li http://arxiv.org/abs/2402.03214 Organic or Diffused: Can We Distinguish Human Art from AI-generated Images? (31%) Anna Yoo Jeong Ha; Josephine Passananti; Ronik Bhaskar; Shawn Shan; Reid Southen; Haitao Zheng; Ben Y. Zhao http://arxiv.org/abs/2402.02739 DisDet: Exploring Detectability of Backdoor Attack on Diffusion Models. (12%) Yang Sui; Huy Phan; Jinqi Xiao; Tianfang Zhang; Zijie Tang; Cong Shi; Yan Wang; Yingying Chen; Bo Yuan http://arxiv.org/abs/2402.03481 FINEST: Stabilizing Recommendations by Rank-Preserving Fine-Tuning. (1%) Sejoon Oh; Berk Ustun; Julian McAuley; Srijan Kumar http://arxiv.org/abs/2402.02629 PROSAC: Provably Safe Certification for Machine Learning Models under Adversarial Attacks. (99%) Ziquan Liu; Zhuo Zhi; Ilija Bogunovic; Carsten Gerner-Beuerle; Miguel Rodrigues http://arxiv.org/abs/2402.02554 DeSparsify: Adversarial Attack Against Token Sparsification Mechanisms in Vision Transformers. (99%) Oryan Yehezkel; Alon Zolfi; Amit Baras; Yuval Elovici; Asaf Shabtai http://arxiv.org/abs/2402.06655 Adversarial Text Purification: A Large Language Model Approach for Defense. (99%) Raha Moraffah; Shubh Khandelwal; Amrita Bhattacharjee; Huan Liu http://arxiv.org/abs/2402.02695 Exploiting Class Probabilities for Black-box Sentence-level Attacks. (75%) Raha Moraffah; Huan Liu http://arxiv.org/abs/2402.02600 Evading Deep Learning-Based Malware Detectors via Obfuscation: A Deep Reinforcement Learning Approach. (41%) Brian Etter; James Lee Hu; Mohammedreza Ebrahimi; Weifeng Li; Xin Li; Hsinchun Chen http://arxiv.org/abs/2402.02699 Adversarial Data Augmentation for Robust Speaker Verification. (1%) Zhenyu Zhou; Junhui Chen; Namin Wang; Lantian Li; Dong Wang http://arxiv.org/abs/2402.02154 Evaluating the Robustness of Off-Road Autonomous Driving Segmentation against Adversarial Attacks: A Dataset-Centric analysis. (96%) Pankaj Deoli; Rohit Kumar; Axel Vierling; Karsten Berns http://arxiv.org/abs/2402.02316 Your Diffusion Model is Secretly a Certifiably Robust Classifier. (80%) Huanran Chen; Yinpeng Dong; Shitong Shao; Zhongkai Hao; Xiao Yang; Hang Su; Jun Zhu http://arxiv.org/abs/2402.02263 MixedNUTS: Training-Free Accuracy-Robustness Balance via Nonlinearly Mixed Classifiers. (76%) Yatong Bai; Mo Zhou; Vishal M. Patel; Somayeh Sojoudi http://arxiv.org/abs/2402.02145 Analyzing Sentiment Polarity Reduction in News Presentation through Contextual Perturbation and Large Language Models. (68%) Alapan Kuila; Somnath Jena; Sudeshna Sarkar; Partha Pratim Chakrabarti http://arxiv.org/abs/2402.02034 Universal Post-Training Reverse-Engineering Defense Against Backdoors in Deep Neural Networks. (16%) Xi Li; Hang Wang; David J. Miller; George Kesidis http://arxiv.org/abs/2402.02165 Towards Optimal Adversarial Robust Q-learning with Bellman Infinity-error. (10%) Haoran Li; Zicheng Zhang; Wang Luo; Congying Han; Yudong Hu; Tiande Guo; Shichen Liao http://arxiv.org/abs/2402.02227 Invisible Finger: Practical Electromagnetic Interference Attack on Touchscreen-based Electronic Devices. (9%) Haoqi Shan; Boyi Zhang; Zihao Zhan; Dean Sullivan; Shuo Wang; Yier Jin http://arxiv.org/abs/2402.02207 Safety Fine-Tuning at (Almost) No Cost: A Baseline for Vision Large Language Models. (5%) Yongshuo Zong; Ondrej Bohdal; Tingyang Yu; Yongxin Yang; Timothy Hospedales http://arxiv.org/abs/2402.02160 Data Poisoning for In-context Learning. (5%) Pengfei He; Han Xu; Yue Xing; Hui Liu; Makoto Yamada; Jiliang Tang http://arxiv.org/abs/2402.02095 Seeing is not always believing: The Space of Harmless Perturbations. (2%) Lu Chen; Shaofeng Li; Benhao Huang; Fan Yang; Zheng Li; Jie Li; Yuan Luo http://arxiv.org/abs/2402.01879 $\sigma$-zero: Gradient-based Optimization of $\ell_0$-norm Adversarial Examples. (99%) Antonio Emanuele Cinà; Francesco Villani; Maura Pintor; Lea Schönherr; Battista Biggio; Marcello Pelillo http://arxiv.org/abs/2402.01806 HQA-Attack: Toward High Quality Black-Box Hard-Label Adversarial Attack on Text. (99%) Han Liu; Zhi Xu; Xiaotong Zhang; Feng Zhang; Fenglong Ma; Hongyang Chen; Hong Yu; Xianchao Zhang http://arxiv.org/abs/2402.01227 STAA-Net: A Sparse and Transferable Adversarial Attack for Speech Emotion Recognition. (99%) Yi Chang; Zhao Ren; Zixing Zhang; Xin Jing; Kun Qian; Xi Shao; Bin Hu; Tanja Schultz; Björn W. Schuller http://arxiv.org/abs/2402.01220 Delving into Decision-based Black-box Attacks on Semantic Segmentation. (93%) Zhaoyu Chen; Zhengyang Shan; Jingwen Chang; Kaixun Jiang; Dingkang Yang; Yiting Cheng; Wenqiang Zhang http://arxiv.org/abs/2402.01340 SignSGD with Federated Defense: Harnessing Adversarial Attacks through Gradient Sign Decoding. (92%) Chanho Park; Namyoon Lee http://arxiv.org/abs/2402.02028 Unlearnable Examples For Time Series. (86%) Yujing Jiang; Xingjun Ma; Sarah Monazam Erfani; James Bailey http://arxiv.org/abs/2402.01920 Preference Poisoning Attacks on Reward Model Learning. (83%) Junlin Wu; Jiongxiao Wang; Chaowei Xiao; Chenguang Wang; Ning Zhang; Yevgeniy Vorobeychik http://arxiv.org/abs/2402.01894 S2malloc: Statistically Secure Allocator for Use-After-Free Protection And More. (3%) Ruizhe Wang; Meng Xu; N. Asokan http://arxiv.org/abs/2402.01546 Privacy-Preserving Distributed Learning for Residential Short-Term Load Forecasting. (3%) Yi Dong; Yingjie Wang; Mariana Gama; Mustafa A. Mustafa; Geert Deconinck; Xiaowei Huang http://arxiv.org/abs/2402.01369 Cheating Suffix: Targeted Attack to Text-To-Image Diffusion Models with Multi-Modal Priors. (2%) Dingcheng Yang; Yang Bai; Xiaojun Jia; Yang Liu; Xiaochun Cao; Wenjian Yu http://arxiv.org/abs/2402.01865 What Will My Model Forget? Forecasting Forgotten Examples in Language Model Refinement. (1%) Xisen Jin; Xiang Ren http://arxiv.org/abs/2402.00418 Benchmarking Transferable Adversarial Attacks. (98%) Zhibo Jin; Jiayu Zhang; Zhiyu Zhu; Huaming Chen http://arxiv.org/abs/2402.00412 Hidding the Ghostwriters: An Adversarial Evaluation of AI-Generated Student Essay Detection. (70%) Xinlin Peng; Ying Zhou; Ben He; Le Sun; Yingfei Sun http://arxiv.org/abs/2402.01114 Double-Dip: Thwarting Label-Only Membership Inference Attacks with Transfer Learning and Randomization. (64%) Arezoo Rajabi; Reeya Pimple; Aiswarya Janardhanan; Surudhi Asokraj; Bhaskar Ramasubramanian; Radha Poovendran http://arxiv.org/abs/2402.00626 Vision-LLMs Can Fool Themselves with Self-Generated Typographic Attacks. (45%) Maan Qraitem; Nazia Tasnim; Piotr Teterwak; Kate Saenko; Bryan A. Plummer http://arxiv.org/abs/2402.00695 Approximating Optimal Morphing Attacks using Template Inversion. (9%) Laurent Colbois; Hatef Otroshi Shahreza; Sébastien Marcel http://arxiv.org/abs/2402.01096 Trustworthy Distributed AI Systems: Robustness, Privacy, and Governance. (8%) Wenqi Wei; Ling Liu http://arxiv.org/abs/2402.01012 algoXSSF: Detection and analysis of cross-site request forgery (XSRF) and cross-site scripting (XSS) attacks via Machine learning algorithms. (1%) Naresh Kshetri; Dilip Kumar; James Hutson; Navneet Kaur; Omar Faruq Osama http://arxiv.org/abs/2402.00176 Adversarial Quantum Machine Learning: An Information-Theoretic Generalization Analysis. (95%) Petros Georgiou; Sharu Theresa Jose; Osvaldo Simeone http://arxiv.org/abs/2402.00304 Invariance-powered Trustworthy Defense via Remove Then Restore. (70%) Xiaowei Fu; Yuhang Zhou; Lina Ma; Lei Zhang http://arxiv.org/abs/2402.00906 BrainLeaks: On the Privacy-Preserving Properties of Neuromorphic Architectures against Model Inversion Attacks. (13%) Hamed Poursiami; Ihsen Alouani; Maryam Parsa http://arxiv.org/abs/2401.17723 LoRec: Large Language Model for Robust Sequential Recommendation against Poisoning Attacks. (9%) Kaike Zhang; Qi Cao; Yunfan Wu; Fei Sun; Huawei Shen; Xueqi Cheng http://arxiv.org/abs/2401.17746 Logit Poisoning Attack in Distillation-based Federated Learning and its Countermeasures. (4%) Yonghao Yu; Shunan Zhu; Jinglu Hu http://arxiv.org/abs/2401.17865 Manipulating Predictions over Discrete Inputs in Machine Teaching. (1%) Xiaodong Wu; Yufei Han; Hayssam Dahrouj; Jianbing Ni; Zhenwen Liang; Xiangliang Zhang http://arxiv.org/abs/2401.17606 Ambush from All Sides: Understanding Security Threats in Open-Source Software CI/CD Pipelines. (1%) Ziyue Pan; Wenbo Shen; Xingkai Wang; Yutian Yang; Rui Chang; Yao Liu; Chengwei Liu; Yang Liu; Kui Ren http://arxiv.org/abs/2401.17196 Single Word Change is All You Need: Designing Attacks and Defenses for Text Classifiers. (99%) Lei Xu; Sarah Alnegheimish; Laure Berti-Equille; Alfredo Cuesta-Infante; Kalyan Veeramachaneni http://arxiv.org/abs/2401.17263 Robust Prompt Optimization for Defending Language Models Against Jailbreaking Attacks. (98%) Andy Zhou; Bo Li; Haohan Wang http://arxiv.org/abs/2401.17038 Towards Assessing the Synthetic-to-Measured Adversarial Vulnerability of SAR ATR. (98%) Bowen Peng; Bo Peng; Jingyuan Xia; Tianpeng Liu; Yongxiang Liu; Li Liu http://arxiv.org/abs/2401.17499 AdvGPS: Adversarial GPS for Multi-Agent Perception Attack. (95%) Jinlong Li; Baolu Li; Xinyu Liu; Jianwu Fang; Felix Juefei-Xu; Qing Guo; Hongkai Yu http://arxiv.org/abs/2401.17523 Game-Theoretic Unlearnable Example Generator. (92%) Shuang Liu; Yihan Wang; Xiao-Shan Gao http://arxiv.org/abs/2401.17405 Camouflage Adversarial Attacks on Multiple Agent Systems. (87%) Ziqing Lu; Guanlin Liu; Lifeng Lai; Weiyu Xu http://arxiv.org/abs/2401.17256 Weak-to-Strong Jailbreaking on Large Language Models. (76%) Xuandong Zhao; Xianjun Yang; Tianyu Pang; Chao Du; Lei Li; Yu-Xiang Wang; William Yang Wang http://arxiv.org/abs/2401.17133 A Proactive and Dual Prevention Mechanism against Illegal Song Covers empowered by Singing Voice Conversion. (75%) Guangke Chen; Yedi Zhang; Fu Song; Ting Wang; Xiaoning Du; Yang Liu http://arxiv.org/abs/2401.17498 Improving QA Model Performance with Cartographic Inoculation. (26%) Allen UT Austin Chen; Okan UT Austin Tanrikulu http://arxiv.org/abs/2401.17497 Towards Visual Syntactical Understanding. (4%) Sayeed Shafayet Chowdhury; Soumyadeep Chandra; Kaushik Roy http://arxiv.org/abs/2401.16820 Provably Robust Multi-bit Watermarking for AI-generated Text via Error Correction Code. (2%) Wenjie Qu; Dong Yin; Zixin He; Wei Zou; Tianyang Tao; Jinyuan Jia; Jiaheng Zhang http://arxiv.org/abs/2401.16001 LESSON: Multi-Label Adversarial False Data Injection Attack for Deep Learning Locational Detection. (99%) Jiwei Tian; Chao Shen; Buhong Wang; Xiaofang Xia; Meng Zhang; Chenhao Lin; Qian Li http://arxiv.org/abs/2401.16352 Adversarial Training on Purification (AToP): Advancing Both Robustness and Generalization. (92%) Guang Lin; Chao Li; Jianhai Zhang; Toshihisa Tanaka; Qibin Zhao http://arxiv.org/abs/2401.16687 Revisiting Gradient Pruning: A Dual Realization for Defending against Gradient Attacks. (68%) Lulu Xue; Shengshan Hu; Ruizhi Zhao; Leo Yu Zhang; Shengqing Hu; Lichao Sun; Dezhong Yao http://arxiv.org/abs/2401.16011 GPS: Graph Contrastive Learning via Multi-scale Augmented Views from Adversarial Pooling. (5%) Wei Ju; Yiyang Gu; Zhengyang Mao; Ziyue Qiao; Yifang Qin; Xiao Luo; Hui Xiong; Ming Zhang http://arxiv.org/abs/2402.00888 Security and Privacy Challenges of Large Language Models: A Survey. (1%) Badhan Chandra Das; M. Hadi Amini; Yanzhao Wu http://arxiv.org/abs/2401.15615 Addressing Noise and Efficiency Issues in Graph-Based Machine Learning Models From the Perspective of Adversarial Attack. (81%) Yongyu Wang http://arxiv.org/abs/2401.15817 Transparency Attacks: How Imperceptible Image Layers Can Fool AI Perception. (75%) Forrest McKee; David Noever http://arxiv.org/abs/2401.15335 L-AutoDA: Leveraging Large Language Models for Automated Decision-based Adversarial Attacks. (98%) Ping Guo; Fei Liu; Xi Lin; Qingchuan Zhao; Qingfu Zhang http://arxiv.org/abs/2401.14961 Set-Based Training for Neural Network Verification. (99%) Lukas Koller; Tobias Ladner; Matthias Althoff http://arxiv.org/abs/2401.14707 Mitigating Feature Gap for Adversarial Robustness by Feature Disentanglement. (91%) Nuoyan Zhou; Dawei Zhou; Decheng Liu; Xinbo Gao; Nannan Wang http://arxiv.org/abs/2401.15295 Multi-Trigger Backdoor Attacks: More Triggers, More Threats. (82%) Yige Li; Xingjun Ma; Jiabo He; Hanxun Huang; Yu-Gang Jiang http://arxiv.org/abs/2401.14780 Adversarial Attacks and Defenses in 6G Network-Assisted IoT Systems. (81%) Bui Duc Son; Nguyen Tien Hoa; Chien Trinh Van; Waqas Khalid; Mohamed Amine Ferrag; Wan Choi; Merouane Debbah http://arxiv.org/abs/2401.14948 Conserve-Update-Revise to Cure Generalization and Robustness Trade-off in Adversarial Training. (62%) Shruthi Gowda; Bahram Zonooz; Elahe Arani http://arxiv.org/abs/2401.15262 Asymptotic Behavior of Adversarial Training Estimator under $\ell_\infty$-Perturbation. (22%) Yiling Xie; Xiaoming Huo http://arxiv.org/abs/2401.15248 Better Representations via Adversarial Training in Pre-Training: A Theoretical Perspective. (22%) Yue Xing; Xiaofeng Lin; Qifan Song; Yi Xu; Belinda Zeng; Guang Cheng http://arxiv.org/abs/2401.15239 MEA-Defender: A Robust Watermark against Model Extraction Attack. (13%) Peizhuo Lv; Hualong Ma; Kai Chen; Jiachen Zhou; Shengzhi Zhang; Ruigang Liang; Shenchen Zhu; Pan Li; Yingjun Zhang http://arxiv.org/abs/2401.15002 BackdoorBench: A Comprehensive Benchmark and Analysis of Backdoor Learning. (2%) Baoyuan Wu; Hongrui Chen; Mingda Zhang; Zihao Zhu; Shaokui Wei; Danni Yuan; Mingli Zhu; Ruotong Wang; Li Liu; Chao Shen http://arxiv.org/abs/2401.14031 Sparse and Transferable Universal Singular Vectors Attack. (99%) Kseniia Kuvshinova; Olga Tsymboi; Ivan Oseledets http://arxiv.org/abs/2401.14184 Friendly Attacks to Improve Channel Coding Reliability. (54%) Anastasiia Kurmukova; Deniz Gunduz http://arxiv.org/abs/2401.14440 Semantic Sensitivities and Inconsistent Predictions: Measuring the Fragility of NLI Models. (16%) Erik Arakelyan; Zhaoqi Liu; Isabelle Augenstein http://arxiv.org/abs/2401.14027 The Risk of Federated Learning to Skew Fine-Tuning Features and Underperform Out-of-Distribution Robustness. (2%) Mengyao Du; Miao Zhang; Yuwen Pu; Kai Xu; Shouling Ji; Quanjun Yin http://arxiv.org/abs/2401.14033 Novel Quadratic Constraints for Extending LipSDP beyond Slope-Restricted Activations. (1%) Patricia Pauli; Aaron Havens; Alexandre Araujo; Siddharth Garg; Farshad Khorrami; Frank Allgöwer; Bin Hu http://arxiv.org/abs/2401.14583 Physical Trajectory Inference Attack and Defense in Decentralized POI Recommendation. (1%) Jing Long; Tong Chen; Guanhua Ye; Kai Zheng; Nguyen Quoc Viet Hung; Hongzhi Yin http://arxiv.org/abs/2401.13624 Can overfitted deep neural networks in adversarial training generalize? -- An approximation viewpoint. (86%) Zhongjie Shi; Fanghui Liu; Yuan Cao; Johan A. K. Suykens http://arxiv.org/abs/2401.13751 A Systematic Approach to Robustness Modelling for Deep Convolutional Neural Networks. (83%) Charles Meyers; Mohammad Reza Saleh Sedghpour; Tommy Löfstedt; Erik Elmroth http://arxiv.org/abs/2401.13578 WPDA: Frequency-based Backdoor Attack with Wavelet Packet Decomposition. (76%) Zhengyao Song; Yongqiang Li; Danni Yuan; Li Liu; Shaokui Wei; Baoyuan Wu http://arxiv.org/abs/2401.13801 Exploring Adversarial Threat Models in Cyber Physical Battery Systems. (76%) Shanthan Kumar Padisala; Shashank Dhananjay Vyas; Satadru Dey http://arxiv.org/abs/2402.01702 Fluent dreaming for language models. (64%) T. Ben Confirm Labs Thompson; Zygimantas Confirm Labs Straznickas; Michael Confirm Labs Sklar http://arxiv.org/abs/2401.13205 Boosting the Transferability of Adversarial Examples via Local Mixup and Adaptive Step Size. (99%) Junlin Liu; Xinchen Lyu http://arxiv.org/abs/2401.12700 Securing Recommender System via Cooperative Training. (80%) Qingyang Wang; Chenwang Wu; Defu Lian; Enhong Chen http://arxiv.org/abs/2401.13171 Compositional Generative Inverse Design. (56%) Tailin Wu; Takashi Maruyama; Long Wei; Tao Zhang; Yilun Du; Gianluca Iaccarino; Jure Leskovec http://arxiv.org/abs/2401.13212 AdCorDA: Classifier Refinement via Adversarial Correction and Domain Adaptation. (33%) Lulan Shen; Ali Edalati; Brett Meyer; Warren Gross; James J. Clark http://arxiv.org/abs/2401.12578 ToDA: Target-oriented Diffusion Attacker against Recommendation System. (13%) Xiaohao Liu; Zhulin Tao; Ting Jiang; He Chang; Yunshan Ma; Xianglin Huang; Xiang Wang http://arxiv.org/abs/2401.12532 DAFA: Distance-Aware Fair Adversarial Training. (2%) Hyungyu Lee; Saehyung Lee; Hyemi Jang; Junsung Park; Ho Bae; Sungroh Yoon http://arxiv.org/abs/2401.12610 The twin peaks of learning neural networks. (2%) Elizaveta Demyanenko; Christoph Feinauer; Enrico M. Malatesta; Luca Saglietti http://arxiv.org/abs/2401.12461 Fast Adversarial Training against Textual Adversarial Attacks. (99%) Yichen Yang; Xin Liu; Kun He http://arxiv.org/abs/2401.11902 A Training-Free Defense Framework for Robust Learned Image Compression. (74%) Myungseo Song; Jinyoung Choi; Bohyung Han http://arxiv.org/abs/2401.11857 Adversarial speech for voice privacy protection from Personalized Speech generation. (73%) Shihao Chen; Liping Chen; Jie Zhang; KongAik Lee; Zhenhua Ling; Lirong Dai http://arxiv.org/abs/2401.12055 NEUROSEC: FPGA-Based Neuromorphic Audio Security. (13%) Murat Isik; Hiruna Vishwamith; Yusuf Sur; Kayode Inadagbo; I. Can Dikmen http://arxiv.org/abs/2401.11723 Unraveling Attacks in Machine Learning-based IoT Ecosystems: A Survey and the Open Libraries Behind Them. (13%) Chao Liu; Boxi Chen; Wei Shao; Chris Zhang; Kelvin Wong; Yi Zhang http://arxiv.org/abs/2401.12014 Robustness to distribution shifts of compressed networks for edge devices. (8%) Lulan Shen; Ali Edalati; Brett Meyer; Warren Gross; James J. Clark http://arxiv.org/abs/2401.12192 Text Embedding Inversion Security for Multilingual Language Models. (2%) Yiyi Chen; Heather Lent; Johannes Bjerva http://arxiv.org/abs/2401.12129 Out-of-Distribution Detection & Applications With Ablated Learned Temperature Energy. (1%) Will LeVine; Benjamin Pikus; Jacob Phillips; Berk Norman; Fernando Amat Gil; Sean Hendryx http://arxiv.org/abs/2401.11543 How Robust Are Energy-Based Models Trained With Equilibrium Propagation? (99%) Siddharth Mansingh; Michal Kucer; Garrett Kenyon; Juston Moore; Michael Teti http://arxiv.org/abs/2401.12261 Analyzing the Quality Attributes of AI Vision Models in Open Repositories Under Adversarial Attacks. (56%) Zerui Wang; Yan Liu http://arxiv.org/abs/2401.11406 Adversarial Augmentation Training Makes Action Recognition Models More Robust to Realistic Video Distribution Shifts. (11%) Kiyoon Kim; Shreyank N Gowda; Panagiotis Eustratiadis; Antreas Antoniou; Robert B Fisher http://arxiv.org/abs/2401.11618 Efficient local linearity regularization to overcome catastrophic overfitting. (8%) Elias Abad Rocamora; Fanghui Liu; Grigorios G. Chrysos; Pablo M. Olmos; Volkan Cevher http://arxiv.org/abs/2401.11224 Susceptibility of Adversarial Attack on Medical Image Segmentation Models. (99%) Zhongxuan Wang; Leo Xu http://arxiv.org/abs/2401.11373 Finding a Needle in the Adversarial Haystack: A Targeted Paraphrasing Approach For Uncovering Edge Cases with Minimal Distribution Distortion. (96%) Aly M. Kassem; Sherif Saad http://arxiv.org/abs/2401.11126 CARE: Ensemble Adversarial Robustness Evaluation Against Adaptive Attackers for Security Applications. (80%) Hangsheng Zhang; Jiqiang Liu; Jinsong Dong http://arxiv.org/abs/2401.11170 Inducing High Energy-Latency of Large Vision-Language Models with Verbose Images. (33%) Kuofeng Gao; Yang Bai; Jindong Gu; Shu-Tao Xia; Philip Torr; Zhifeng Li; Wei Liu http://arxiv.org/abs/2401.10586 PuriDefense: Randomized Local Implicit Adversarial Purification for Defending Black-box Query-based Attacks. (99%) Ping Guo; Zhiyuan Yang; Xi Lin; Qingchuan Zhao; Qingfu Zhang http://arxiv.org/abs/2401.10691 Explainable and Transferable Adversarial Attack for ML-Based Network Intrusion Detectors. (99%) Hangsheng Zhang; Dongqi Han; Yinlong Liu; Zhiliang Wang; Jiyan Sun; Shangyuan Zhuang; Jiqiang Liu; Jinsong Dong http://arxiv.org/abs/2401.12236 The Surprising Harmfulness of Benign Overfitting for Adversarial Robustness. (98%) Yifan Hao; Tong Zhang http://arxiv.org/abs/2401.10657 FIMBA: Evaluating the Robustness of AI in Genomics via Feature Importance Adversarial Attacks. (56%) Heorhii Skovorodnikov; Hoda Alkhzaimi http://arxiv.org/abs/2401.10590 Adversarially Robust Signed Graph Contrastive Learning from Balance Augmentation. (10%) Jialong Zhou; Xing Ai; Yuni Lai; Kai Zhou http://arxiv.org/abs/2401.12242 BadChain: Backdoor Chain-of-Thought Prompting for Large Language Models. (3%) Zhen Xiang; Fengqing Jiang; Zidi Xiong; Bhaskar Ramasubramanian; Radha Poovendran; Bo Li http://arxiv.org/abs/2401.11035 Image Safeguarding: Reasoning with Conditional Vision Language Model and Obfuscating Unsafe Content Counterfactually. (1%) Mazal Bethany; Brandon Wherry; Nishant Vishwamitra; Peyman Najafirad http://arxiv.org/abs/2401.09945 HGAttack: Transferable Heterogeneous Graph Adversarial Attack. (99%) He Zhao; Zhiwei Zeng; Yongwei Wang; Deheng Ye; Chunyan Miao http://arxiv.org/abs/2401.09740 Hijacking Attacks against Neural Networks by Analyzing Training Data. (99%) Yunjie Ge; Qian Wang; Huayang Huang; Qi Li; Cong Wang; Chao Shen; Lingchen Zhao; Peipei Jiang; Zheng Fang; Shenyi Zhang http://arxiv.org/abs/2401.10111 Marrying Adapters and Mixup to Efficiently Enhance the Adversarial Robustness of Pre-Trained Language Models for Text Classification. (98%) Tuc Nguyen; Thai Le http://arxiv.org/abs/2401.10313 Hacking Predictors Means Hacking Cars: Using Sensitivity Analysis to Identify Trajectory Prediction Vulnerabilities for Autonomous Driving Security. (92%) Marsalis Gibson; David Babazadeh; Claire Tomlin; Shankar Sastry http://arxiv.org/abs/2401.10405 Differentially Private and Adversarially Robust Machine Learning: An Empirical Evaluation. (80%) Janvi Thakkar; Giulio Zizzo; Sergio Maffeis http://arxiv.org/abs/2401.10447 Investigating Training Strategies and Model Robustness of Low-Rank Adaptation for Language Modeling in Speech Recognition. (15%) Yu Yu; Chao-Han Huck Yang; Tuan Dinh; Sungho Ryu; Jari Kolehmainen; Roger Ren; Denis Filimonov; Prashanth G. Shivakumar; Ankur Gandhe; Ariya Rastow; Jia Xu; Ivan Bulyko; Andreas Stolcke http://arxiv.org/abs/2401.10091 Power in Numbers: Robust reading comprehension by finetuning with four adversarial sentences per example. (13%) Ariel Marcus http://arxiv.org/abs/2401.10090 Cross-Modality Perturbation Synergy Attack for Person Re-identification. (2%) Yunpeng Gong; Zhun Zhong; Zhiming Luo; Yansong Qu; Rongrong Ji; Min Jiang http://arxiv.org/abs/2401.10375 Vulnerabilities of Foundation Model Integrated Federated Learning Under Adversarial Threats. (2%) Chen Wu; Xi Li; Jiaqi Wang http://arxiv.org/abs/2401.10446 Large Language Models are Efficient Learners of Noise-Robust Speech Recognition. (1%) Yuchen Hu; Chen Chen; Chao-Han Huck Yang; Ruizhe Li; Chao Zhang; Pin-Yu Chen; EnSiong Chng http://arxiv.org/abs/2401.09574 Towards Scalable and Robust Model Versioning. (93%) Wenxin Ding; Arjun Nitin Bhagoji; Ben Y. Zhao; Haitao Zheng http://arxiv.org/abs/2401.09673 Artwork Protection Against Neural Style Transfer Using Locally Adaptive Adversarial Color Attack. (93%) Zhongliang Guo; Junhao Dong; Yifei Qian; Kaixuan Wang; Weiye Li; Ziheng Guo; Yuheng Wang; Yanli Li; Ognjen Arandjelović; Lei Fang http://arxiv.org/abs/2401.08984 A GAN-based data poisoning framework against anomaly detection in vertical federated learning. (3%) Xiaolin Chen; Daoguang Zan; Wei Li; Bei Guan; Yongji Wang http://arxiv.org/abs/2401.09191 An Optimal Transport Approach for Computing Adversarial Training Lower Bounds in Multiclass Classification. (3%) Nicolas Garcia Trillos; Matt Jacobs; Jakwang Kim; Matthew Werenski http://arxiv.org/abs/2401.09624 MITS-GAN: Safeguarding Medical Imaging from Tampering with Generative Adversarial Networks. (2%) Giovanni Pasqualino; Luca Guarnera; Alessandro Ortis; Sebastiano Battiato http://arxiv.org/abs/2401.09395 Caught in the Quicksand of Reasoning, Far from AGI Summit: Evaluating LLMs' Mathematical and Coding Competency through Ontology-guided Interventions. (1%) Pengfei Hong; Deepanway Ghosal; Navonil Majumder; Somak Aditya; Rada Mihalcea; Soujanya Poria http://arxiv.org/abs/2401.08998 Attack and Reset for Unlearning: Exploiting Adversarial Noise toward Machine Unlearning through Parameter Re-initialization. (1%) Yoonhwa Jung; Ikhyun Cho; Shun-Hsiang Hsu; Julia Hockenmaier http://arxiv.org/abs/2401.08725 Revealing Vulnerabilities in Stable Diffusion via Targeted Attacks. (99%) Chenyu Zhang; Lanjun Wang; Anan Liu http://arxiv.org/abs/2401.08734 Bag of Tricks to Boost Adversarial Transferability. (99%) Zeliang Zhang; Rongyi Zhu; Wei Yao; Xiaosen Wang; Chenliang Xu http://arxiv.org/abs/2401.08255 A Generative Adversarial Attack for Multilingual Text Classifiers. (99%) Tom Roth; Inigo Jauregi Unanue; Alsharif Abuadbba; Massimo Piccardi http://arxiv.org/abs/2401.08903 PPR: Enhancing Dodging Attacks while Maintaining Impersonation Attacks on Face Recognition Systems. (99%) Fengfan Zhou; Heifei Ling http://arxiv.org/abs/2401.08863 Robust Localization of Key Fob Using Channel Impulse Response of Ultra Wide Band Sensors for Keyless Entry Systems. (92%) Abhiram Kolli; Filippo Casamassima; Horst Possegger; Horst Bischof http://arxiv.org/abs/2401.08865 The Effect of Intrinsic Dataset Properties on Generalization: Unraveling Learning Differences Between Natural and Medical Images. (87%) Nicholas Konz; Maciej A. Mazurowski http://arxiv.org/abs/2401.08925 RandOhm: Mitigating Impedance Side-channel Attacks using Randomized Circuit Configurations. (9%) Saleh Khalaj Monfared; Domenic Forte; Shahin Tajik http://arxiv.org/abs/2401.08216 Towards Efficient and Certified Recovery from Poisoning Attacks in Federated Learning. (8%) Yu Jiang; Jiyuan Shen; Ziyao Liu; Chee Wei Tan; Kwok-Yan Lam http://arxiv.org/abs/2401.09495 IPR-NeRF: Ownership Verification meets Neural Radiance Field. (3%) Win Kent Ong; Kam Woh Ng; Chee Seng Chan; Yi Zhe Song; Tao Xiang http://arxiv.org/abs/2401.08141 IoTWarden: A Deep Reinforcement Learning Based Real-time Defense System to Mitigate Trigger-action IoT Attacks. (1%) Md Morshed Department of Software and Information Systems, University of North Carolina at Charlotte, Charlotte, USA Alam; Israt Department of Computer Science, University of Memphis, Memphis, USA Jahan; Weichao Department of Software and Information Systems, University of North Carolina at Charlotte, Charlotte, USA Wang http://arxiv.org/abs/2401.07991 Robustness Against Adversarial Attacks via Learning Confined Adversarial Polytopes. (99%) Shayan Mohajer Hamidi; Linfeng Ye http://arxiv.org/abs/2401.07867 Authorship Obfuscation in Multilingual Machine-Generated Text Detection. (12%) Dominik Macko; Robert Moro; Adaku Uchendu; Ivan Srba; Jason Samuel Lucas; Michiharu Yamashita; Nafis Irtiza Tripto; Dongwon Lee; Jakub Simko; Maria Bielikova http://arxiv.org/abs/2401.07261 LookAhead: Preventing DeFi Attacks via Unveiling Adversarial Contracts. (80%) Shoupeng Ren; Tianyu Tu; Jian Liu; Di Wu; Kui Ren http://arxiv.org/abs/2401.07205 Crafter: Facial Feature Crafting against Inversion-based Identity Theft on Deep Models. (70%) Shiming Wang; Zhe Ji; Liyao Xiang; Hao Zhang; Xinbing Wang; Chenghu Zhou; Bo Li http://arxiv.org/abs/2401.07087 Exploring Adversarial Attacks against Latent Diffusion Model from the Perspective of Adversarial Transferability. (99%) Junxi Chen; Junhao Dong; Xiaohua Xie http://arxiv.org/abs/2401.07188 Left-right Discrepancy for Adversarial Attack on Stereo Networks. (98%) Pengfei Wang; Xiaofei Hui; Beijia Lu; Nimrod Lilith; Jun Liu; Sameer Alam http://arxiv.org/abs/2401.06637 Adversarial Examples are Misaligned in Diffusion Model Manifolds. (98%) Peter Lorenz; Ricard Durall; Janis Keuper http://arxiv.org/abs/2401.06373 How Johnny Can Persuade LLMs to Jailbreak Them: Rethinking Persuasion to Challenge AI Safety by Humanizing LLMs. (2%) Yi Zeng; Hongpeng Lin; Jingwen Zhang; Diyi Yang; Ruoxi Jia; Weiyan Shi http://arxiv.org/abs/2401.06548 Enhancing Consistency and Mitigating Bias: A Data Replay Approach for Incremental Learning. (1%) Chenyang Wang; Junjun Jiang; Xingyu Hu; Xianming Liu; Xiangyang Ji http://arxiv.org/abs/2401.06916 An Analytical Framework for Modeling and Synthesizing Malicious Attacks on ACC Vehicles. (1%) Shian Wang http://arxiv.org/abs/2401.06561 Intention Analysis Makes LLMs A Good Jailbreak Defender. (1%) Yuqi Zhang; Liang Ding; Lefei Zhang; Dacheng Tao http://arxiv.org/abs/2401.06031 GE-AdvGAN: Improving the transferability of adversarial samples by gradient editing-based adversarial generative model. (99%) Zhiyu Zhu; Huaming Chen; Xinyi Wang; Jiayu Zhang; Zhibo Jin; Kim-Kwang Raymond Choo; Jun Shen; Dong Yuan http://arxiv.org/abs/2401.05949 Universal Vulnerabilities in Large Language Models: In-context Learning Backdoor Attacks. (61%) Shuai Zhao; Meihuizi Jia; Luu Anh Tuan; Jinming Wen http://arxiv.org/abs/2401.06824 Open the Pandora's Box of LLMs: Jailbreaking LLMs through Representation Engineering. (22%) Tianlong Li; Shihan Dou; Wenhao Liu; Muling Wu; Changze Lv; Xiaoqing Zheng; Xuanjing Huang http://arxiv.org/abs/2401.06030 Can We Trust the Unlabeled Target Data? Towards Backdoor Attack and Defense on Model Adaptation. (8%) Lijun Sheng; Jian Liang; Ran He; Zilei Wang; Tieniu Tan http://arxiv.org/abs/2401.06122 Manipulating Feature Visualizations with Gradient Slingshots. (3%) Dilyara Bareeva; Marina M. -C. Höhne; Alexander Warnecke; Lukas Pirch; Klaus-Robert Müller; Konrad Rieck; Kirill Bykov http://arxiv.org/abs/2401.05998 Combating Adversarial Attacks with Multi-Agent Debate. (3%) Steffi Chern; Zhen Fan; Andy Liu http://arxiv.org/abs/2401.05217 Exploring Vulnerabilities of No-Reference Image Quality Assessment Models: A Query-Based Black-Box Method. (83%) Chenxi Yang; Yujia Liu; Dingquan Li; Tingting Jiang http://arxiv.org/abs/2401.05561 TrustLLM: Trustworthiness in Large Language Models. (75%) Lichao Sun; Yue Huang; Haoran Wang; Siyuan Wu; Qihui Zhang; Chujie Gao; Yixin Huang; Wenhan Lyu; Yixuan Zhang; Xiner Li; Zhengliang Liu; Yixin Liu; Yijue Wang; Zhikun Zhang; Bhavya Kailkhura; Caiming Xiong; Chaowei Xiao; Chunyuan Li; Eric Xing; Furong Huang; Hao Liu; Heng Ji; Hongyi Wang; Huan Zhang; Huaxiu Yao; Manolis Kellis; Marinka Zitnik; Meng Jiang; Mohit Bansal; James Zou; Jian Pei; Jian Liu; Jianfeng Gao; Jiawei Han; Jieyu Zhao; Jiliang Tang; Jindong Wang; John Mitchell; Kai Shu; Kaidi Xu; Kai-Wei Chang; Lifang He; Lifu Huang; Michael Backes; Neil Zhenqiang Gong; Philip S. Yu; Pin-Yu Chen; Quanquan Gu; Ran Xu; Rex Ying; Shuiwang Ji; Suman Jana; Tianlong Chen; Tianming Liu; Tianyi Zhou; Willian Wang; Xiang Li; Xiangliang Zhang; Xiao Wang; Xing Xie; Xun Chen; Xuyu Wang; Yan Liu; Yanfang Ye; Yinzhi Cao; Yong Chen; Yue Zhao http://arxiv.org/abs/2401.05569 SENet: Visual Detection of Online Social Engineering Attack Campaigns. (4%) Irfan Ozen; Karthika Subramani; Phani Vadrevu; Roberto Perdisci http://arxiv.org/abs/2401.05566 Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training. (2%) Evan Hubinger; Carson Denison; Jesse Mu; Mike Lambert; Meg Tong; Monte MacDiarmid; Tamera Lanham; Daniel M. Ziegler; Tim Maxwell; Newton Cheng; Adam Jermyn; Amanda Askell; Ansh Radhakrishnan; Cem Anil; David Duvenaud; Deep Ganguli; Fazl Barez; Jack Clark; Kamal Ndousse; Kshitij Sachan; Michael Sellitto; Mrinank Sharma; Nova DasSarma; Roger Grosse; Shauna Kravec; Yuntao Bai; Zachary Witten; Marina Favaro; Jan Brauner; Holden Karnofsky; Paul Christiano; Samuel R. Bowman; Logan Graham; Jared Kaplan; Sören Mindermann; Ryan Greenblatt; Buck Shlegeris; Nicholas Schiefer; Ethan Perez http://arxiv.org/abs/2401.05458 CoLafier: Collaborative Noisy Label Purifier With Local Intrinsic Dimensionality Guidance. (1%) Dongyu Zhang; Ruofan Hu; Elke Rundensteiner http://arxiv.org/abs/2401.05562 Brave: Byzantine-Resilient and Privacy-Preserving Peer-to-Peer Federated Learning. (1%) Zhangchen Xu; Fengqing Jiang; Luyao Niu; Jinyuan Jia; Radha Poovendran http://arxiv.org/abs/2401.04958 FBSDetector: Fake Base Station and Multi Step Attack Detection in Cellular Networks using Machine Learning. (1%) Kazi Samin Mubasshir; Imtiaz Karim; Elisa Bertino http://arxiv.org/abs/2401.04727 Revisiting Adversarial Training at Scale. (26%) Zeyu Wang; Xianhang Li; Hongru Zhu; Cihang Xie http://arxiv.org/abs/2401.04364 SoK: Facial Deepfake Detectors. (11%) Binh M. Le; Jiwon Kim; Shahroz Tariq; Kristen Moore; Alsharif Abuadbba; Simon S. Woo http://arxiv.org/abs/2401.04647 Advancing Ante-Hoc Explainable Models through Generative Adversarial Networks. (3%) Tanmay Garg; Deepika Vemuri; Vineeth N Balasubramanian http://arxiv.org/abs/2401.04350 Pre-trained Model Guided Fine-Tuning for Zero-Shot Adversarial Robustness. (99%) Sibo Wang; Jie Zhang; Zheng Yuan; Shiguang Shan http://arxiv.org/abs/2402.00035 Robustness Assessment of a Runway Object Classifier for Safe Aircraft Taxiing. (54%) Yizhak Elboher; Raya Elsaleh; Omri Isac; Mélanie Ducoffe; Audrey Galametz; Guillaume Povéda; Ryma Boumazouza; Noémie Cohen; Guy Katz http://arxiv.org/abs/2401.04331 Coupling Graph Neural Networks with Fractional Order Continuous Dynamics: A Robustness Study. (45%) Qiyu Kang; Kai Zhao; Yang Song; Yihang Xie; Yanan Zhao; Sijie Wang; Rui She; Wee Peng Tay http://arxiv.org/abs/2401.03685 Logits Poisoning Attack in Federated Distillation. (12%) Yuhan Tang; Zhiyuan Wu; Bo Gao; Tian Wen; Yuwei Wang; Sheng Sun http://arxiv.org/abs/2401.04191 Dense Hopfield Networks in the Teacher-Student Setting. (1%) Robin Thériault; Daniele Tantari http://arxiv.org/abs/2401.03582 Invisible Reflections: Leveraging Infrared Laser Reflections to Target Traffic Sign Perception. (87%) Takami Sato; Sri Hrushikesh Varma Bhupathiraju; Michael Clifford; Takeshi Sugawara; Qi Alfred Chen; Sara Rampazzi http://arxiv.org/abs/2401.03488 Data-Driven Subsampling in the Presence of an Adversarial Actor. (86%) Abu Shafin Mohammad Mahdee Jameel; Ahmed P. Mohamed; Jinho Yi; Aly El Gamal; Akshay Malhotra http://arxiv.org/abs/2401.03514 ROIC-DM: Robust Text Inference and Classification via Diffusion Model. (33%) Shilong Yuan; Wei Yuan; Hongzhi Yin; Tieke He http://arxiv.org/abs/2401.03156 Data-Dependent Stability Analysis of Adversarial Training. (98%) Yihan Wang; Shuang Liu; Xiao-Shan Gao http://arxiv.org/abs/2401.03215 End-to-End Anti-Backdoor Learning on Images and Time Series. (61%) Yujing Jiang; Xingjun Ma; Sarah Monazam Erfani; Yige Li; James Bailey http://arxiv.org/abs/2401.03115 Transferable Learned Image Compression-Resistant Adversarial Perturbations. (99%) Yang Sui; Zhuohang Li; Ding Ding; Xiang Pan; Xiaozhong Xu; Shan Liu; Zhenzhong Chen http://arxiv.org/abs/2401.02727 Enhancing targeted transferability via feature space fine-tuning. (98%) Hui Zeng; Biwei Chen; Anjie Peng http://arxiv.org/abs/2401.02718 Calibration Attack: A Framework For Adversarial Attacks Targeting Calibration. (68%) Stephen Obadinma; Xiaodan Zhu; Hongyu Guo http://arxiv.org/abs/2401.02663 A backdoor attack against link prediction tasks with graph neural networks. (38%) Jiazhu Dai; Haoyu Sun http://arxiv.org/abs/2401.05432 TEN-GUARD: Tensor Decomposition for Backdoor Attack Detection in Deep Neural Networks. (1%) Khondoker Murad Hossain; Tim Oates http://arxiv.org/abs/2401.02906 MLLM-Protector: Ensuring MLLM's Safety without Hurting Performance. (1%) Renjie Pi; Tianyang Han; Yueqi Xie; Rui Pan; Qing Lian; Hanze Dong; Jipeng Zhang; Tong Zhang http://arxiv.org/abs/2401.02565 Vulnerabilities Unveiled: Adversarially Attacking a Multimodal Vision Langauge Model for Pathology Imaging. (99%) Jai Prakash Veerla; Poojitha Thota; Partha Sai Guttikonda; Shirin Nilizadeh; Jacob M. Luber http://arxiv.org/abs/2401.02633 A Random Ensemble of Encrypted models for Enhancing Robustness against Adversarial Examples. (99%) Ryota Iijima; Sayaka Shiota; Hitoshi Kiya http://arxiv.org/abs/2401.02615 AdvSQLi: Generating Adversarial SQL Injections against Real-world WAF-as-a-service. (95%) Zhenqing Qu; Xiang Ling; Ting Wang; Xiang Chen; Shouling Ji; Chunming Wu http://arxiv.org/abs/2401.02342 Evasive Hardware Trojan through Adversarial Power Trace. (92%) Behnam Omidi; Khaled N. Khasawneh; Ihsen Alouani http://arxiv.org/abs/2401.02600 Object-oriented backdoor attack against image captioning. (76%) Meiling Li; Nan Zhong; Xinpeng Zhang; Zhenxing Qian; Sheng Li http://arxiv.org/abs/2401.02283 DEM: A Method for Certifying Deep Neural Network Classifier Outputs in Aerospace. (2%) Guy Katz; Natan Levy; Idan Refaeli; Raz Yerushalmi http://arxiv.org/abs/2401.02306 Secure Control of Connected and Automated Vehicles Using Trust-Aware Robust Event-Triggered Control Barrier Functions. (2%) H M Sabbir Ahmad; Ehsan Sabouni; Akua Dickson; Wei Xiao; Christos G. Cassandras; Wenchao Li http://arxiv.org/abs/2401.01750 Towards Robust Semantic Segmentation against Patch-based Attack via Attention Refinement. (92%) Zheng Yuan; Jie Zhang; Yude Wang; Shiguang Shan; Xilin Chen http://arxiv.org/abs/2401.02031 Spy-Watermark: Robust Invisible Watermarking for Backdoor Attack. (62%) Ruofei Wang; Renjie Wan; Zongyu Guo; Qing Guo; Rui Huang http://arxiv.org/abs/2401.01752 FullLoRA-AT: Efficiently Boosting the Robustness of Pretrained Vision Transformers. (33%) Zheng Yuan; Jie Zhang; Shiguang Shan http://arxiv.org/abs/2401.01963 Integrated Cyber-Physical Resiliency for Power Grids under IoT-Enabled Dynamic Botnet Attacks. (22%) Yuhan Zhao; Juntao Chen; Quanyan Zhu http://arxiv.org/abs/2401.01575 Enhancing Generalization of Invisible Facial Privacy Cloak via Gradient Accumulation. (1%) Xuannan Liu; Yaoyao Zhong; Weihong Deng; Hongzhi Shi; Xingchen Cui; Yunfeng Yin; Dongchao Wen http://arxiv.org/abs/2401.01199 JMA: a General Algorithm to Craft Nearly Optimal Targeted Adversarial Example. (99%) Benedetta Tondi; Wei Guo; Mauro Barni http://arxiv.org/abs/2401.01102 Dual Teacher Knowledge Distillation with Domain Alignment for Face Anti-spoofing. (92%) Zhe Kong; Wentian Zhang; Tao Wang; Kaihao Zhang; Yuexiang Li; Xiaoying Tang; Wenhan Luo http://arxiv.org/abs/2402.03317 SpecFormer: Guarding Vision Transformer Robustness via Maximum Singular Value Penalization. (64%) Xixu Hu; Runkai Zheng; Jindong Wang; Cheuk Hang Leung; Qi Wu; Xing Xie http://arxiv.org/abs/2401.01394 Unveiling the Stealthy Threat: Analyzing Slow Drift GPS Spoofing Attacks for Autonomous Vehicles in Urban Environments and Enabling the Resilience. (10%) Sagar Dasgupta; Abdullah Ahmed; Mizanur Rahman; Thejesh N. Bandi http://arxiv.org/abs/2401.01085 Imperio: Language-Guided Backdoor Attacks for Arbitrary Model Control. (4%) Ka-Ho Chow; Wenqi Wei; Lei Yu http://arxiv.org/abs/2401.01531 Will 6G be Semantic Communications? Opportunities and Challenges from Task Oriented and Secure Communications to Integrated Sensing. (2%) Yalin E. Sagduyu; Tugba Erpek; Aylin Yener; Sennur Ulukus http://arxiv.org/abs/2401.00996 Safety and Performance, Why Not Both? Bi-Objective Optimized Model Compression against Heterogeneous Attacks Toward AI Software Deployment. (12%) Jie Zhu; Leye Wang; Xiao Han; Anmin Liu; Tao Xie http://arxiv.org/abs/2401.00994 Detection and Defense Against Prominent Attacks on Preconditioned LLM-Integrated Virtual Assistants. (8%) Chun Fai Chan; Daniel Wankit Yip; Aysan Esmradi http://arxiv.org/abs/2401.00991 A Novel Evaluation Framework for Assessing Resilience Against Prompt Injection Attacks in Large Language Models. (2%) Daniel Wankit Yip; Aysan Esmradi; Chun Fai Chan http://arxiv.org/abs/2401.14232 AR-GAN: Generative Adversarial Network-Based Defense Method Against Adversarial Attacks on the Traffic Sign Classification System of Autonomous Vehicles. (99%) M Sabbir Salek; Abdullah Al Mamun; Mashrur Chowdhury http://arxiv.org/abs/2401.01377 Does Few-shot Learning Suffer from Backdoor Attacks? (98%) Xinwei Liu; Xiaojun Jia; Jindong Gu; Yuan Xun; Siyuan Liang; Xiaochun Cao http://arxiv.org/abs/2401.00414 Is It Possible to Backdoor Face Forgery Detection with Natural Triggers? (68%) Xiaoxuan Han; Songlin Yang; Wei Wang; Ziwen He; Jing Dong http://arxiv.org/abs/2401.00334 Explainability-Driven Leaf Disease Classification using Adversarial Training and Knowledge Distillation. (84%) Sebastian-Vasile Echim; Iulian-Marius Tăiatu; Dumitru-Clementin Cercel; Florin Pop http://arxiv.org/abs/2401.00151 CamPro: Camera-based Anti-Facial Recognition. (81%) Wenjun Zhu; Yuan Sun; Jiani Liu; Yushi Cheng; Xiaoyu Ji; Wenyuan Xu http://arxiv.org/abs/2401.00148 TPatch: A Triggered Physical Adversarial Patch. (76%) Wenjun Zhu; Xiaoyu Ji; Yushi Cheng; Shibo Zhang; Wenyuan Xu http://arxiv.org/abs/2401.00163 A clean-label graph backdoor attack method in node classification task. (9%) Xiaogang Xing; Ming Xu; Yujing Bai; Dongdong Yang http://arxiv.org/abs/2312.17673 Jatmo: Prompt Injection Defense by Task-Specific Finetuning. (54%) Julien Piet; Maha Alrashed; Chawin Sitawarin; Sizhe Chen; Zeming Wei; Elizabeth Sun; Basel Alomair; David Wagner http://arxiv.org/abs/2312.17591 Towards Faithful Explanations for Text Classification with Robustness Improvement and Explanation Guided Training. (9%) Dongfang Li; Baotian Hu; Qingcai Chen; Shan He http://arxiv.org/abs/2312.16880 Adversarial Attacks on Image Classification Models: Analysis and Defense. (99%) Jaydip Sen; Abhiraj Sen; Ananda Chatterjee http://arxiv.org/abs/2312.16979 BlackboxBench: A Comprehensive Benchmark of Black-box Adversarial Attacks. (99%) Meixi Zheng; Xuanchen Yan; Zihao Zhu; Hongrui Chen; Baoyuan Wu http://arxiv.org/abs/2312.16957 Attack Tree Analysis for Adversarial Evasion Attacks. (99%) Yuki Yamaguchi; Toshiaki Aoki http://arxiv.org/abs/2312.17356 Can you See me? On the Visibility of NOPs against Android Malware Detectors. (98%) Diego Soi; Davide Maiorca; Giorgio Giacinto; Harel Berger http://arxiv.org/abs/2312.17431 MVPatch: More Vivid Patch for Adversarial Camouflaged Attacks on Object Detectors in the Physical World. (98%) Zheng Zhou; Hongbo Zhao; Ju Liu; Qiaosheng Zhang; Liwei Geng; Shuchang Lyu; Wenquan Feng http://arxiv.org/abs/2312.17301 Explainability-Based Adversarial Attack on Graphs Through Edge Perturbation. (92%) Dibaloke Chanda; Saba Heidari Gheshlaghi; Nasim Yahya Soltani http://arxiv.org/abs/2312.16907 DOEPatch: Dynamically Optimized Ensemble Model for Adversarial Patches Generation. (83%) Wenyi Tan; Yang Li; Chenxing Zhao; Zhunga Liu; Quan Pan http://arxiv.org/abs/2312.17164 Securing NextG Systems against Poisoning Attacks on Federated Learning: A Game-Theoretic Solution. (64%) Yalin E. Sagduyu; Tugba Erpek; Yi Shi http://arxiv.org/abs/2312.17220 Timeliness: A New Design Metric and a New Attack Surface. (1%) Priyanka Kaswan; Sennur Ulukus http://arxiv.org/abs/2312.16715 Adversarial Attacks on LoRa Device Identification and Rogue Signal Detection with Deep Learning. (98%) Yalin E. Sagduyu; Tugba Erpek http://arxiv.org/abs/2312.16451 Domain Generalization with Vital Phase Augmentation. (3%) Ingyun Lee; Wooju Lee; Hyun Myung http://arxiv.org/abs/2312.16156 From Text to Multimodal: A Comprehensive Survey of Adversarial Example Generation in Question Answering Systems. (92%) Gulsum Yigit; Mehmet Fatih Amasyali http://arxiv.org/abs/2312.16401 Natural Adversarial Patch Generation Method Based on Latent Diffusion Model. (76%) Xianyi Chen; Fazhan Liu; Dong Jiang; Kai Yan http://arxiv.org/abs/2312.16339 Universal Pyramid Adversarial Training for Improved ViT Performance. (5%) Ping-yeh Chiang; Yipin Zhou; Omid Poursaeed; Satya Narayan Shukla; Ashish Shah; Tom Goldstein; Ser-Nam Lim http://arxiv.org/abs/2312.16019 Robust Survival Analysis with Adversarial Regularization. (4%) Michael Potter; Stefano Maxenti; Michael Everett http://arxiv.org/abs/2312.15617 GanFinger: GAN-Based Fingerprint Generation for Deep Neural Network Ownership Verification. (96%) Huali Ren; Anli Yan; Xiaojun Ren; Pei-Gen Ye; Chong-zhi Gao; Zhili Zhou; Jin Li http://arxiv.org/abs/2312.15826 Adversarial Item Promotion on Visually-Aware Recommender Systems by Guided Diffusion. (84%) Lijian Chen; Wei Yuan; Tong Chen; Guanhua Ye; Quoc Viet Hung Nguyen; Hongzhi Yin http://arxiv.org/abs/2312.15867 Punctuation Matters! Stealthy Backdoor Attack for Language Models. (11%) Xuan Sheng; Zhicheng Li; Zhaoyang Han; Xiangmao Chang; Piji Li http://arxiv.org/abs/2312.15228 Adversarial Data Poisoning for Fake News Detection: How to Make a Model Misclassify a Target News without Modifying It. (10%) Federico Siciliano; Luca Maiano; Lorenzo Papa; Federica Baccin; Irene Amerini; Fabrizio Silvestri http://arxiv.org/abs/2312.15172 Pre-trained Trojan Attacks for Visual Recognition. (1%) Aishan Liu; Xinwei Zhang; Yisong Xiao; Yuguang Zhou; Siyuan Liang; Jiakai Wang; Xianglong Liu; Xiaochun Cao; Dacheng Tao http://arxiv.org/abs/2312.14677 MEAOD: Model Extraction Attack against Object Detectors. (83%) Zeyu Li; Chenghui Shi; Yuwen Pu; Xuhong Zhang; Yu Li; Jinbao Li; Shouling Ji http://arxiv.org/abs/2312.14440 Asymmetric Bias in Text-to-Image Generation with Adversarial Attacks. (82%) Haz Sameen Shahgir; Xianghao Kong; Greg Ver Steeg; Yue Dong http://arxiv.org/abs/2312.14820 Understanding the Regularity of Self-Attention with Optimal Transport. (31%) Valérie Castin; Pierre Ablin; Gabriel Peyré http://arxiv.org/abs/2312.14461 Attacking Byzantine Robust Aggregation in High Dimensions. (22%) Sarthak Choudhary; Aashish Kolluri; Prateek Saxena http://arxiv.org/abs/2312.15036 SODA: Protecting Proprietary Information in On-Device Machine Learning Models. (4%) Akanksha Atrey; Ritwik Sinha; Saayan Mitra; Prashant Shenoy http://arxiv.org/abs/2312.15103 Energy-based learning algorithms for analog computing: a comparative study. (2%) Benjamin Scellier; Maxence Ernoult; Jack Kendall; Suhas Kumar http://arxiv.org/abs/2312.15088 Adaptive Domain Inference Attack. (1%) Yuechun Gu; Keke Chen http://arxiv.org/abs/2312.14218 AutoAugment Input Transformation for Highly Transferable Targeted Attacks. (99%) Haobo Lu; Xin Liu; Kun He http://arxiv.org/abs/2312.13628 Where and How to Attack? A Causality-Inspired Recipe for Generating Counterfactual Adversarial Examples. (98%) Ruichu Cai; Yuxuan Zhu; Jie Qiao; Zefeng Liang; Furui Liu; Zhifeng Hao http://arxiv.org/abs/2312.14260 Elevating Defenses: Bridging Adversarial Training and Watermarking for Model Resilience. (86%) Janvi Thakkar; Giulio Zizzo; Sergio Maffeis http://arxiv.org/abs/2312.14217 Adversarial Infrared Curves: An Attack on Infrared Pedestrian Detectors in the Physical World. (74%) Chengyin Hu; Weiwen Shi http://arxiv.org/abs/2312.14302 Exploiting Novel GPT-4 APIs. (8%) Kellin Pelrine; Mohammad Taufeeque; Michał Zając; Euan McLean; Adam Gleave http://arxiv.org/abs/2312.12768 Mutual-modality Adversarial Attack with Semantic Perturbation. (99%) Jingwen Ye; Ruonan Yu; Songhua Liu; Xinchao Wang http://arxiv.org/abs/2312.13118 LRS: Enhancing Adversarial Transferability through Lipschitz Regularized Surrogate. (99%) Tao Wu; Tie Luo; Donald C. Wunsch http://arxiv.org/abs/2312.13435 Adversarial Markov Games: On Adaptive Decision-Based Attacks and Defenses. (98%) Ilias Tsingenopoulos; Vera Rimmer; Davy Preuveneers; Fabio Pierazzi; Lorenzo Cavallaro; Wouter Joosen http://arxiv.org/abs/2312.14197 Benchmarking and Defending Against Indirect Prompt Injection Attacks on Large Language Models. (98%) Jingwei Yi; Yueqi Xie; Bin Zhu; Emre Kiciman; Guangzhong Sun; Xing Xie; Fangzhao Wu http://arxiv.org/abs/2312.12904 PGN: A perturbation generation network against deep reinforcement learning. (96%) Xiangjuan Li; Feifan Li; Yang Li; Quan Pan http://arxiv.org/abs/2312.13575 ARBiBench: Benchmarking Adversarial Robustness of Binarized Neural Networks. (96%) Peng Zhao; Jiehua Zhang; Bowen Peng; Longguang Wang; YingMei Wei; Yu Liu; Li Liu http://arxiv.org/abs/2312.13131 Scaling Compute Is Not All You Need for Adversarial Robustness. (93%) Edoardo Debenedetti; Zishen Wan; Maksym Andriushchenko; Vikash Sehwag; Kshitij Bhardwaj; Bhavya Kailkhura http://arxiv.org/abs/2312.13027 Doubly Perturbed Task Free Continual Learning. (9%) Byung Hyun Lee; Min-hwan Oh; Se Young Chun http://arxiv.org/abs/2312.14973 Interactive Visualization of Time-Varying Flow Fields Using Particle Tracing Neural Networks. (1%) Mengjiao Han; Jixian Li; Sudhanshu Sane; Shubham Gupta; Bei Wang; Steve Petruzza; Chris R. Johnson http://arxiv.org/abs/2312.12556 Tensor Train Decomposition for Adversarial Attacks on Computer Vision Models. (96%) Andrei Chertkov; Ivan Oseledets http://arxiv.org/abs/2312.12608 Trust, But Verify: A Survey of Randomized Smoothing Techniques. (78%) Anupriya Kumari; Devansh Bhardwaj; Sukrit Jindal; Sarthak Gupta http://arxiv.org/abs/2312.12484 SkyMask: Attack-agnostic Robust Federated Learning with Fine-grained Learnable Masks. (73%) Peishen Yan; Hao Wang; Tao Song; Yang Hua; Ruhui Ma; Ningxin Hu; Mohammad R. Haghighat; Haibing Guan http://arxiv.org/abs/2312.12724 Progressive Poisoned Data Isolation for Training-time Backdoor Defense. (61%) Yiming Chen; Haiwei Wu; Jiantao Zhou http://arxiv.org/abs/2312.11954 Adversarial AutoMixup. (11%) Huafeng Qin; Xin Jin; Yun Jiang; Mounim A. El-Yacoubi; Xinbo Gao http://arxiv.org/abs/2312.12102 I-CEE: Tailoring Explanations of Image Classifications Models to User Expertise. (1%) Yao Rong; Peizhu Qian; Vaibhav Unhelkar; Enkelejda Kasneci http://arxiv.org/abs/2312.11805 Gemini: A Family of Highly Capable Multimodal Models. (99%) Team Gemini; Rohan Anil; Sebastian Borgeaud; Yonghui Wu; Jean-Baptiste Alayrac; Jiahui Yu; Radu Soricut; Johan Schalkwyk; Andrew M. Dai; Anja Hauth; Katie Millican; David Silver; Slav Petrov; Melvin Johnson; Ioannis Antonoglou; Julian Schrittwieser; Amelia Glaese; Jilin Chen; Emily Pitler; Timothy Lillicrap; Angeliki Lazaridou; Orhan Firat; James Molloy; Michael Isard; Paul R. Barham; Tom Hennigan; Benjamin Lee; Fabio Viola; Malcolm Reynolds; Yuanzhong Xu; Ryan Doherty; Eli Collins; Clemens Meyer; Eliza Rutherford; Erica Moreira; Kareem Ayoub; Megha Goel; George Tucker; Enrique Piqueras; Maxim Krikun; Iain Barr; Nikolay Savinov; Ivo Danihelka; Becca Roelofs; Anaïs White; Anders Andreassen; Glehn Tamara von; Lakshman Yagati; Mehran Kazemi; Lucas Gonzalez; Misha Khalman; Jakub Sygnowski; Alexandre Frechette; Charlotte Smith; Laura Culp; Lev Proleev; Yi Luan; Xi Chen; James Lottes; Nathan Schucher; Federico Lebron; Alban Rrustemi; Natalie Clay; Phil Crone; Tomas Kocisky; Jeffrey Zhao; Bartek Perz; Dian Yu; Heidi Howard; Adam Bloniarz; Jack W. Rae; Han Lu; Laurent Sifre; Marcello Maggioni; Fred Alcober; Dan Garrette; Megan Barnes; Shantanu Thakoor; Jacob Austin; Gabriel Barth-Maron; William Wong; Rishabh Joshi; Rahma Chaabouni; Deeni Fatiha; Arun Ahuja; Ruibo Liu; Yunxuan Li; Sarah Cogan; Jeremy Chen; Chao Jia; Chenjie Gu; Qiao Zhang; Jordan Grimstad; Ale Jakse Hartman; Martin Chadwick; Gaurav Singh Tomar; Xavier Garcia; Evan Senter; Emanuel Taropa; Thanumalayan Sankaranarayana Pillai; Jacob Devlin; Michael Laskin; Diego de Las Casas; Dasha Valter; Connie Tao; Lorenzo Blanco; Adrià Puigdomènech Badia; David Reitter; Mianna Chen; Jenny Brennan; Clara Rivera; Sergey Brin; Shariq Iqbal; Gabriela Surita; Jane Labanowski; Abhi Rao; Stephanie Winkler; Emilio Parisotto; Yiming Gu; Kate Olszewska; Yujing Zhang; Ravi Addanki; Antoine Miech; Annie Louis; Laurent El Shafey; Denis Teplyashin; Geoff Brown; Elliot Catt; Nithya Attaluri; Jan Balaguer; Jackie Xiang; Pidong Wang; Zoe Ashwood; Anton Briukhov; Albert Webson; Sanjay Ganapathy; Smit Sanghavi; Ajay Kannan; Ming-Wei Chang; Axel Stjerngren; Josip Djolonga; Yuting Sun; Ankur Bapna; Matthew Aitchison; Pedram Pejman; Henryk Michalewski; Tianhe Yu; Cindy Wang; Juliette Love; Junwhan Ahn; Dawn Bloxwich; Kehang Han; Peter Humphreys; Thibault Sellam; James Bradbury; Varun Godbole; Sina Samangooei; Bogdan Damoc; Alex Kaskasoli; Sébastien M. R. Arnold; Vijay Vasudevan; Shubham Agrawal; Jason Riesa; Dmitry Lepikhin; Richard Tanburn; Srivatsan Srinivasan; Hyeontaek Lim; Sarah Hodkinson; Pranav Shyam; Johan Ferret; Steven Hand; Ankush Garg; Tom Le Paine; Jian Li; Yujia Li; Minh Giang; Alexander Neitz; Zaheer Abbas; Sarah York; Machel Reid; Elizabeth Cole; Aakanksha Chowdhery; Dipanjan Das; Dominika Rogozińska; Vitaly Nikolaev; Pablo Sprechmann; Zachary Nado; Lukas Zilka; Flavien Prost; Luheng He; Marianne Monteiro; Gaurav Mishra; Chris Welty; Josh Newlan; Dawei Jia; Miltiadis Allamanis; Clara Huiyi Hu; Liedekerke Raoul de; Justin Gilmer; Carl Saroufim; Shruti Rijhwani; Shaobo Hou; Disha Shrivastava; Anirudh Baddepudi; Alex Goldin; Adnan Ozturel; Albin Cassirer; Yunhan Xu; Daniel Sohn; Devendra Sachan; Reinald Kim Amplayo; Craig Swanson; Dessie Petrova; Shashi Narayan; Arthur Guez; Siddhartha Brahma; Jessica Landon; Miteyan Patel; Ruizhe Zhao; Kevin Villela; Luyu Wang; Wenhao Jia; Matthew Rahtz; Mai Giménez; Legg Yeung; Hanzhao Lin; James Keeling; Petko Georgiev; Diana Mincu; Boxi Wu; Salem Haykal; Rachel Saputro; Kiran Vodrahalli; James Qin; Zeynep Cankara; Abhanshu Sharma; Nick Fernando; Will Hawkins; Behnam Neyshabur; Solomon Kim; Adrian Hutter; Priyanka Agrawal; Alex Castro-Ros; George van den Driessche; Tao Wang; Fan Yang; Shuo-yiin Chang; Paul Komarek; Ross McIlroy; Mario Lučić; Guodong Zhang; Wael Farhan; Michael Sharman; Paul Natsev; Paul Michel; Yong Cheng; Yamini Bansal; Siyuan Qiao; Kris Cao; Siamak Shakeri; Christina Butterfield; Justin Chung; Paul Kishan Rubenstein; Shivani Agrawal; Arthur Mensch; Kedar Soparkar; Karel Lenc; Timothy Chung; Aedan Pope; Loren Maggiore; Jackie Kay; Priya Jhakra; Shibo Wang; Joshua Maynez; Mary Phuong; Taylor Tobin; Andrea Tacchetti; Maja Trebacz; Kevin Robinson; Yash Katariya; Sebastian Riedel; Paige Bailey; Kefan Xiao; Nimesh Ghelani; Lora Aroyo; Ambrose Slone; Neil Houlsby; Xuehan Xiong; Zhen Yang; Elena Gribovskaya; Jonas Adler; Mateo Wirth; Lisa Lee; Music Li; Thais Kagohara; Jay Pavagadhi; Sophie Bridgers; Anna Bortsova; Sanjay Ghemawat; Zafarali Ahmed; Tianqi Liu; Richard Powell; Vijay Bolina; Mariko Iinuma; Polina Zablotskaia; James Besley; Da-Woon Chung; Timothy Dozat; Ramona Comanescu; Xiance Si; Jeremy Greer; Guolong Su; Martin Polacek; Raphaël Lopez Kaufman; Simon Tokumine; Hexiang Hu; Elena Buchatskaya; Yingjie Miao; Mohamed Elhawaty; Aditya Siddhant; Nenad Tomasev; Jinwei Xing; Christina Greer; Helen Miller; Shereen Ashraf; Aurko Roy; Zizhao Zhang; Ada Ma; Angelos Filos; Milos Besta; Rory Blevins; Ted Klimenko; Chih-Kuan Yeh; Soravit Changpinyo; Jiaqi Mu; Oscar Chang; Mantas Pajarskas; Carrie Muir; Vered Cohen; Charline Le Lan; Krishna Haridasan; Amit Marathe; Steven Hansen; Sholto Douglas; Rajkumar Samuel; Mingqiu Wang; Sophia Austin; Chang Lan; Jiepu Jiang; Justin Chiu; Jaime Alonso Lorenzo; Lars Lowe Sjösund; Sébastien Cevey; Zach Gleicher; Thi Avrahami; Anudhyan Boral; Hansa Srinivasan; Vittorio Selo; Rhys May; Konstantinos Aisopos; Léonard Hussenot; Livio Baldini Soares; Kate Baumli; Michael B. Chang; Adrià Recasens; Ben Caine; Alexander Pritzel; Filip Pavetic; Fabio Pardo; Anita Gergely; Justin Frye; Vinay Ramasesh; Dan Horgan; Kartikeya Badola; Nora Kassner; Subhrajit Roy; Ethan Dyer; Víctor Campos; Alex Tomala; Yunhao Tang; Dalia El Badawy; Elspeth White; Basil Mustafa; Oran Lang; Abhishek Jindal; Sharad Vikram; Zhitao Gong; Sergi Caelles; Ross Hemsley; Gregory Thornton; Fangxiaoyu Feng; Wojciech Stokowiec; Ce Zheng; Phoebe Thacker; Çağlar Ünlü; Zhishuai Zhang; Mohammad Saleh; James Svensson; Max Bileschi; Piyush Patil; Ankesh Anand; Roman Ring; Katerina Tsihlas; Arpi Vezer; Marco Selvi; Toby Shevlane; Mikel Rodriguez; Tom Kwiatkowski; Samira Daruki; Keran Rong; Allan Dafoe; Nicholas FitzGerald; Keren Gu-Lemberg; Mina Khan; Lisa Anne Hendricks; Marie Pellat; Vladimir Feinberg; James Cobon-Kerr; Tara Sainath; Maribeth Rauh; Sayed Hadi Hashemi; Richard Ives; Yana Hasson; YaGuang Li; Eric Noland; Yuan Cao; Nathan Byrd; Le Hou; Qingze Wang; Thibault Sottiaux; Michela Paganini; Jean-Baptiste Lespiau; Alexandre Moufarek; Samer Hassan; Kaushik Shivakumar; Amersfoort Joost van; Amol Mandhane; Pratik Joshi; Anirudh Goyal; Matthew Tung; Andrew Brock; Hannah Sheahan; Vedant Misra; Cheng Li; Nemanja Rakićević; Mostafa Dehghani; Fangyu Liu; Sid Mittal; Junhyuk Oh; Seb Noury; Eren Sezener; Fantine Huot; Matthew Lamm; Cao Nicola De; Charlie Chen; Gamaleldin Elsayed; Ed Chi; Mahdis Mahdieh; Ian Tenney; Nan Hua; Ivan Petrychenko; Patrick Kane; Dylan Scandinaro; Rishub Jain; Jonathan Uesato; Romina Datta; Adam Sadovsky; Oskar Bunyan; Dominik Rabiej; Shimu Wu; John Zhang; Gautam Vasudevan; Edouard Leurent; Mahmoud Alnahlawi; Ionut Georgescu; Nan Wei; Ivy Zheng; Betty Chan; Pam G Rabinovitch; Piotr Stanczyk; Ye Zhang; David Steiner; Subhajit Naskar; Michael Azzam; Matthew Johnson; Adam Paszke; Chung-Cheng Chiu; Jaume Sanchez Elias; Afroz Mohiuddin; Faizan Muhammad; Jin Miao; Andrew Lee; Nino Vieillard; Sahitya Potluri; Jane Park; Elnaz Davoodi; Jiageng Zhang; Jeff Stanway; Drew Garmon; Abhijit Karmarkar; Zhe Dong; Jong Lee; Aviral Kumar; Luowei Zhou; Jonathan Evens; William Isaac; Zhe Chen; Johnson Jia; Anselm Levskaya; Zhenkai Zhu; Chris Gorgolewski; Peter Grabowski; Yu Mao; Alberto Magni; Kaisheng Yao; Javier Snaider; Norman Casagrande; Paul Suganthan; Evan Palmer; Geoffrey Irving; Edward Loper; Manaal Faruqui; Isha Arkatkar; Nanxin Chen; Izhak Shafran; Michael Fink; Alfonso Castaño; Irene Giannoumis; Wooyeol Kim; Mikołaj Rybiński; Ashwin Sreevatsa; Jennifer Prendki; David Soergel; Adrian Goedeckemeyer; Willi Gierke; Mohsen Jafari; Meenu Gaba; Jeremy Wiesner; Diana Gage Wright; Yawen Wei; Harsha Vashisht; Yana Kulizhskaya; Jay Hoover; Maigo Le; Lu Li; Chimezie Iwuanyanwu; Lu Liu; Kevin Ramirez; Andrey Khorlin; Albert Cui; Tian LIN; Marin Georgiev; Marcus Wu; Ricardo Aguilar; Keith Pallo; Abhishek Chakladar; Alena Repina; Xihui Wu; der Weide Tom van; Priya Ponnapalli; Caroline Kaplan; Jiri Simsa; Shuangfeng Li; Olivier Dousse; Fan Yang; Jeff Piper; Nathan Ie; Minnie Lui; Rama Pasumarthi; Nathan Lintz; Anitha Vijayakumar; Lam Nguyen Thiet; Daniel Andor; Pedro Valenzuela; Cosmin Paduraru; Daiyi Peng; Katherine Lee; Shuyuan Zhang; Somer Greene; Duc Dung Nguyen; Paula Kurylowicz; Sarmishta Velury; Sebastian Krause; Cassidy Hardin; Lucas Dixon; Lili Janzer; Kiam Choo; Ziqiang Feng; Biao Zhang; Achintya Singhal; Tejasi Latkar; Mingyang Zhang; Quoc Le; Elena Allica Abellan; Dayou Du; Dan McKinnon; Natasha Antropova; Tolga Bolukbasi; Orgad Keller; David Reid; Daniel Finchelstein; Maria Abi Raad; Remi Crocker; Peter Hawkins; Robert Dadashi; Colin Gaffney; Sid Lall; Ken Franko; Egor Filonov; Anna Bulanova; Rémi Leblond; Vikas Yadav; Shirley Chung; Harry Askham; Luis C. Cobo; Kelvin Xu; Felix Fischer; Jun Xu; Christina Sorokin; Chris Alberti; Chu-Cheng Lin; Colin Evans; Hao Zhou; Alek Dimitriev; Hannah Forbes; Dylan Banarse; Zora Tung; Jeremiah Liu; Mark Omernick; Colton Bishop; Chintu Kumar; Rachel Sterneck; Ryan Foley; Rohan Jain; Swaroop Mishra; Jiawei Xia; Taylor Bos; Geoffrey Cideron; Ehsan Amid; Francesco Piccinno; Xingyu Wang; Praseem Banzal; Petru Gurita; Hila Noga; Premal Shah; Daniel J. Mankowitz; Alex Polozov; Nate Kushman; Victoria Krakovna; Sasha Brown; MohammadHossein Bateni; Dennis Duan; Vlad Firoiu; Meghana Thotakuri; Tom Natan; Anhad Mohananey; Matthieu Geist; Sidharth Mudgal; Sertan Girgin; Hui Li; Jiayu Ye; Ofir Roval; Reiko Tojo; Michael Kwong; James Lee-Thorp; Christopher Yew; Quan Yuan; Sumit Bagri; Danila Sinopalnikov; Sabela Ramos; John Mellor; Abhishek Sharma; Aliaksei Severyn; Jonathan Lai; Kathy Wu; Heng-Tze Cheng; David Miller; Nicolas Sonnerat; Denis Vnukov; Rory Greig; Jennifer Beattie; Emily Caveness; Libin Bai; Julian Eisenschlos; Alex Korchemniy; Tomy Tsai; Mimi Jasarevic; Weize Kong; Phuong Dao; Zeyu Zheng; Frederick Liu; Fan Yang; Rui Zhu; Mark Geller; Tian Huey Teh; Jason Sanmiya; Evgeny Gladchenko; Nejc Trdin; Andrei Sozanschi; Daniel Toyama; Evan Rosen; Sasan Tavakkol; Linting Xue; Chen Elkind; Oliver Woodman; John Carpenter; George Papamakarios; Rupert Kemp; Sushant Kafle; Tanya Grunina; Rishika Sinha; Alice Talbert; Abhimanyu Goyal; Diane Wu; Denese Owusu-Afriyie; Cosmo Du; Chloe Thornton; Jordi Pont-Tuset; Pradyumna Narayana; Jing Li; Sabaer Fatehi; John Wieting; Omar Ajmeri; Benigno Uria; Tao Zhu; Yeongil Ko; Laura Knight; Amélie Héliou; Ning Niu; Shane Gu; Chenxi Pang; Dustin Tran; Yeqing Li; Nir Levine; Ariel Stolovich; Norbert Kalb; Rebeca Santamaria-Fernandez; Sonam Goenka; Wenny Yustalim; Robin Strudel; Ali Elqursh; Balaji Lakshminarayanan; Charlie Deck; Shyam Upadhyay; Hyo Lee; Mike Dusenberry; Zonglin Li; Xuezhi Wang; Kyle Levin; Raphael Hoffmann; Dan Holtmann-Rice; Olivier Bachem; Summer Yue; Sho Arora; Eric Malmi; Daniil Mirylenka; Qijun Tan; Christy Koh; Soheil Hassas Yeganeh; Siim Põder; Steven Zheng; Francesco Pongetti; Mukarram Tariq; Yanhua Sun; Lucian Ionita; Mojtaba Seyedhosseini; Pouya Tafti; Ragha Kotikalapudi; Zhiyu Liu; Anmol Gulati; Jasmine Liu; Xinyu Ye; Bart Chrzaszcz; Lily Wang; Nikhil Sethi; Tianrun Li; Ben Brown; Shreya Singh; Wei Fan; Aaron Parisi; Joe Stanton; Chenkai Kuang; Vinod Koverkathu; Christopher A. Choquette-Choo; Yunjie Li; TJ Lu; Abe Ittycheriah; Prakash Shroff; Pei Sun; Mani Varadarajan; Sanaz Bahargam; Rob Willoughby; David Gaddy; Ishita Dasgupta; Guillaume Desjardins; Marco Cornero; Brona Robenek; Bhavishya Mittal; Ben Albrecht; Ashish Shenoy; Fedor Moiseev; Henrik Jacobsson; Alireza Ghaffarkhah; Morgane Rivière; Alanna Walton; Clément Crepy; Alicia Parrish; Yuan Liu; Zongwei Zhou; Clement Farabet; Carey Radebaugh; Praveen Srinivasan; der Salm Claudia van; Andreas Fidjeland; Salvatore Scellato; Eri Latorre-Chimoto; Hanna Klimczak-Plucińska; David Bridson; Cesare Dario de; Tom Hudson; Piermaria Mendolicchio; Lexi Walker; Alex Morris; Ivo Penchev; Matthew Mauger; Alexey Guseynov; Alison Reid; Seth Odoom; Lucia Loher; Victor Cotruta; Madhavi Yenugula; Dominik Grewe; Anastasia Petrushkina; Tom Duerig; Antonio Sanchez; Steve Yadlowsky; Amy Shen; Amir Globerson; Adam Kurzrok; Lynette Webb; Sahil Dua; Dong Li; Preethi Lahoti; Surya Bhupatiraju; Dan Hurt; Haroon Qureshi; Ananth Agarwal; Tomer Shani; Matan Eyal; Anuj Khare; Shreyas Rammohan Belle; Lei Wang; Chetan Tekur; Mihir Sanjay Kale; Jinliang Wei; Ruoxin Sang; Brennan Saeta; Tyler Liechty; Yi Sun; Yao Zhao; Stephan Lee; Pandu Nayak; Doug Fritz; Manish Reddy Vuyyuru; John Aslanides; Nidhi Vyas; Martin Wicke; Xiao Ma; Taylan Bilal; Evgenii Eltyshev; Daniel Balle; Nina Martin; Hardie Cate; James Manyika; Keyvan Amiri; Yelin Kim; Xi Xiong; Kai Kang; Florian Luisier; Nilesh Tripuraneni; David Madras; Mandy Guo; Austin Waters; Oliver Wang; Joshua Ainslie; Jason Baldridge; Han Zhang; Garima Pruthi; Jakob Bauer; Feng Yang; Riham Mansour; Jason Gelman; Yang Xu; George Polovets; Ji Liu; Honglong Cai; Warren Chen; XiangHai Sheng; Emily Xue; Sherjil Ozair; Adams Yu; Christof Angermueller; Xiaowei Li; Weiren Wang; Julia Wiesinger; Emmanouil Koukoumidis; Yuan Tian; Anand Iyer; Madhu Gurumurthy; Mark Goldenson; Parashar Shah; MK Blake; Hongkun Yu; Anthony Urbanowicz; Jennimaria Palomaki; Chrisantha Fernando; Kevin Brooks; Ken Durden; Harsh Mehta; Nikola Momchev; Elahe Rahimtoroghi; Maria Georgaki; Amit Raul; Sebastian Ruder; Morgan Redshaw; Jinhyuk Lee; Komal Jalan; Dinghua Li; Ginger Perng; Blake Hechtman; Parker Schuh; Milad Nasr; Mia Chen; Kieran Milan; Vladimir Mikulik; Trevor Strohman; Juliana Franco; Tim Green; Demis Hassabis; Koray Kavukcuoglu; Jeffrey Dean; Oriol Vinyals http://arxiv.org/abs/2312.11285 Adv-Diffusion: Imperceptible Adversarial Face Identity Attack via Latent Diffusion Model. (99%) Decheng Liu; Xijun Wang; Chunlei Peng; Nannan Wang; Ruiming Hu; Xinbo Gao http://arxiv.org/abs/2312.11309 The Ultimate Combo: Boosting Adversarial Example Transferability by Composing Data Augmentations. (99%) Zebin Yun; Achi-Or Weingarten; Eyal Ronen; Mahmood Sharif http://arxiv.org/abs/2312.11057 DataElixir: Purifying Poisoned Dataset to Mitigate Backdoor Attacks via Diffusion Models. (16%) Jiachen Zhou; Peizhuo Lv; Yibing Lan; Guozhu Meng; Kai Chen; Hualong Ma http://arxiv.org/abs/2312.10982 A Comprehensive Survey of Attack Techniques, Implementation, and Mitigation Strategies in Large Language Models. (10%) Aysan Esmradi; Daniel Wankit Yip; Chun Fai Chan http://arxiv.org/abs/2312.11571 Model Stealing Attack against Recommender System. (10%) Zhihao Zhu; Rui Fan; Chenwang Wu; Yi Yang; Defu Lian; Enhong Chen http://arxiv.org/abs/2312.10943 Model Stealing Attack against Graph Classification with Authenticity, Uncertainty and Diversity. (4%) Zhihao Zhu; Chenwang Wu; Rui Fan; Yi Yang; Defu Lian; Enhong Chen http://arxiv.org/abs/2312.11026 MISA: Unveiling the Vulnerabilities in Split Federated Learning. (1%) Wei Wan; Yuxuan Ning; Shengshan Hu; Lulu Xue; Minghui Li; Leo Yu Zhang; Hai Jin http://arxiv.org/abs/2312.11094 A Survey of Side-Channel Attacks in Context of Cache -- Taxonomies, Analysis and Mitigation. (1%) Ankit Pulkit; Smita Naval; Vijay Laxmi http://arxiv.org/abs/2312.10657 UltraClean: A Simple Framework to Train Robust Neural Networks against Backdoor Attacks. (98%) Bingyin Zhao; Yingjie Lao http://arxiv.org/abs/2312.10911 The Pros and Cons of Adversarial Robustness. (92%) Yacine Izza; Joao Marques-Silva http://arxiv.org/abs/2312.10766 A Mutation-Based Method for Multi-Modal Jailbreaking Attack Detection. (80%) Xiaoyu Zhang; Cen Zhang; Tianlin Li; Yihao Huang; Xiaojun Jia; Xiaofei Xie; Yang Liu; Chao Shen http://arxiv.org/abs/2312.10903 Robust Node Representation Learning via Graph Variational Diffusion Networks. (11%) Jun Zhuang; Mohammad Al Hasan http://arxiv.org/abs/2312.11550 A Study on Transferability of Deep Learning Models for Network Intrusion Detection. (4%) Shreya Ghosh; Abu Shafin Mohammad Mahdee Jameel; Aly El Gamal http://arxiv.org/abs/2312.10329 Perturbation-Invariant Adversarial Training for Neural Ranking Models: Improving the Effectiveness-Robustness Trade-Off. (99%) Yu-An Liu; Ruqing Zhang; Mingkun Zhang; Wei Chen; Rijke Maarten de; Jiafeng Guo; Xueqi Cheng http://arxiv.org/abs/2312.10534 Rethinking Robustness of Model Attributions. (80%) Sandesh Kamath; Sankalp Mittal; Amit Deshpande; Vineeth N Balasubramanian http://arxiv.org/abs/2312.10578 SAME: Sample Reconstruction Against Model Extraction Attacks. (13%) Yi Xie; Jie Zhang; Shiqian Zhao; Tianwei Zhang; Xiaofeng Chen http://arxiv.org/abs/2312.10508 TrojFair: Trojan Fairness Attacks. (8%) Mengxin Zheng; Jiaqi Xue; Yi Sheng; Lei Yang; Qian Lou; Lei Jiang http://arxiv.org/abs/2312.10529 Transformers in Unsupervised Structure-from-Motion. (3%) Hemang Chawla; Arnav Varma; Elahe Arani; Bahram Zonooz http://arxiv.org/abs/2312.10467 TrojFSP: Trojan Insertion in Few-shot Prompt Tuning. (2%) Mengxin Zheng; Jiaqi Xue; Xun Chen; YanShan Wang; Qian Lou; Lei Jiang http://arxiv.org/abs/2312.09935 LogoStyleFool: Vitiating Video Recognition Systems via Logo Style Transfer. (99%) Yuxin Cao; Ziyu Zhao; Xi Xiao; Derui Wang; Minhui Xue; Jin Lu http://arxiv.org/abs/2312.09554 Embodied Adversarial Attack: A Dynamic Robust Physical Attack in Autonomous Driving. (99%) Yitong Sun; Yao Huang; Xingxing Wei http://arxiv.org/abs/2312.09558 Towards Transferable Targeted 3D Adversarial Attack in the Physical World. (99%) Yao Huang; Yinpeng Dong; Shouwei Ruan; Xiao Yang; Hang Su; Xingxing Wei http://arxiv.org/abs/2312.09636 A Malware Classification Survey on Adversarial Attacks and Defences. (98%) Mahesh Datta Sai Ponnuru; Likhitha Amasala; Tanu Sree Bhimavarapu; Guna Chaitanya Garikipati http://arxiv.org/abs/2312.09665 FlowMur: A Stealthy and Practical Audio Backdoor Attack with Limited Knowledge. (76%) Jiahe Lan; Jie Wang; Baochen Yan; Zheng Yan; Elisa Bertino http://arxiv.org/abs/2312.10132 Closing the Gap: Achieving Better Accuracy-Robustness Tradeoffs Against Query-Based Attacks. (74%) Pascal Zimmer; Sébastien Andreina; Giorgia Azzurra Marson; Ghassan Karame http://arxiv.org/abs/2312.09821 Fragility, Robustness and Antifragility in Deep Learning. (67%) Chandresh Pravin; Ivan Martino; Giuseppe Nicosia; Varun Ojha http://arxiv.org/abs/2312.09748 Verification-Friendly Deep Neural Networks. (56%) Anahita Baninajjar; Ahmed Rezine; Amir Aminifar http://arxiv.org/abs/2312.09669 Silent Guardian: Protecting Text from Malicious Exploitation by Large Language Models. (8%) Jiawei Zhao; Kejiang Chen; Xiaojian Yuan; Yuang Qi; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/2312.08675 AVA: Inconspicuous Attribute Variation-based Adversarial Attack bypassing DeepFake Detection. (99%) Xiangtao Meng; Li Wang; Shanqing Guo; Lei Ju; Qingchuan Zhao http://arxiv.org/abs/2312.09481 Continual Adversarial Defense. (95%) Qian Wang; Yaoyao Liu; Hefei Ling; Yingwei Li; Qihao Liu; Ping Li; Jiazhong Chen; Alan Yuille; Ning Yu http://arxiv.org/abs/2312.09520 SlowTrack: Increasing the Latency of Camera-based Perception in Autonomous Driving Using Adversarial Examples. (92%) Chen Ma; Ningfei Wang; Qi Alfred Chen; Chao Shen http://arxiv.org/abs/2312.09057 On the Difficulty of Defending Contrastive Learning against Backdoor Attacks. (84%) Changjiang Li; Ren Pang; Bochuan Cao; Zhaohan Xi; Jinghui Chen; Shouling Ji; Ting Wang http://arxiv.org/abs/2312.08898 Detection and Defense of Unlearnable Examples. (81%) Yifan Zhu; Lijia Yu; Xiao-Shan Gao http://arxiv.org/abs/2312.08751 Improve Robustness of Reinforcement Learning against Observation Perturbations via $l_\infty$ Lipschitz Policy Networks. (81%) Buqing Nie; Jingtian Ji; Yangqing Fu; Yue Gao http://arxiv.org/abs/2312.09533 Adversarial Robustness on Image Classification with $k$-means. (81%) Rollin Omari; Junae Kim; Paul Montague http://arxiv.org/abs/2312.08667 Data and Model Poisoning Backdoor Attacks on Wireless Federated Learning, and the Defense Mechanisms: A Comprehensive Survey. (76%) Yichen Wan; Youyang Qu; Wei Ni; Yong Xiang; Longxiang Gao; Ekram Hossain http://arxiv.org/abs/2312.09027 DRAM-Locker: A General-Purpose DRAM Protection Mechanism against Adversarial DNN Weight Attacks. (45%) Ranyang Zhou; Sabbir Ahmed; Arman Roohi; Adnan Siraj Rakin; Shaahin Angizi http://arxiv.org/abs/2312.09494 No-Skim: Towards Efficiency Robustness Evaluation on Skimming-based Language Models. (45%) Shengyao Zhang; Mi Zhang; Xudong Pan; Min Yang http://arxiv.org/abs/2312.08793 Forbidden Facts: An Investigation of Competing Objectives in Llama-2. (45%) Tony T. Wang; Miles Wang; Kaivalya Hariharan; Nir Shavit http://arxiv.org/abs/2312.09078 Coevolutionary Algorithm for Building Robust Decision Trees under Minimax Regret. (13%) Adam Żychowski; Andrew Perrault; Jacek Mańdziuk http://arxiv.org/abs/2312.09020 Exploring Transferability for Randomized Smoothing. (5%) Kai Qiu; Huishuai Zhang; Zhirong Wu; Stephen Lin http://arxiv.org/abs/2312.09148 Split-Ensemble: Efficient OOD-aware Ensemble via Task and Model Splitting. (1%) Anthony Chen; Huanrui Yang; Yulu Gan; Denis A Gudovskiy; Zhen Dong; Haofan Wang; Tomoyuki Okuno; Yohei Nakata; Shanghang Zhang; Kurt Keutzer http://arxiv.org/abs/2312.08890 Defenses in Adversarial Machine Learning: A Survey. (99%) Baoyuan Wu; Shaokui Wei; Mingli Zhu; Meixi Zheng; Zihao Zhu; Mingda Zhang; Hongrui Chen; Danni Yuan; Li Liu; Qingshan Liu http://arxiv.org/abs/2312.07961 Robust Few-Shot Named Entity Recognition with Boundary Discrimination and Correlation Purification. (99%) Xiaojun Xue; Chunxia Zhang; Tianxiang Xu; Zhendong Niu http://arxiv.org/abs/2312.08193 Universal Adversarial Framework to Improve Adversarial Robustness for Diabetic Retinopathy Detection. (98%) Samrat Mukherjee; Dibyanayan Bandyopadhyay; Baban Gain; Asif Ekbal http://arxiv.org/abs/2312.08651 Towards Inductive Robustness: Distilling and Fostering Wave-induced Resonance in Transductive GCNs Against Graph Adversarial Attacks. (83%) Ao Liu; Wenshan Li; Tao Li; Beibei Li; Hanyuan Huang; Pan Zhou http://arxiv.org/abs/2312.08622 Scalable Ensemble-based Detection Method against Adversarial Attacks for speaker verification. (64%) Haibin Wu; Heng-Cheng Kuo; Yu Tsao; Hung-yi Lee http://arxiv.org/abs/2312.07991 Accelerating the Global Aggregation of Local Explanations. (47%) Alon Mor; Yonatan Belinkov; Benny Kimelfeld http://arxiv.org/abs/2312.07955 Erasing Self-Supervised Learning Backdoor by Cluster Activation Masking. (13%) Shengsheng Qian; Yifei Wang; Dizhan Xue; Shengjie Zhang; Huaiwen Zhang; Changsheng Xu http://arxiv.org/abs/2312.08143 Efficient Representation of the Activation Space in Deep Neural Networks. (11%) Tanya Akumu; Celia Cintas; Girmaw Abebe Tadesse; Adebayo Oshingbesan; Skyler Speakman; Edward III McFowland http://arxiv.org/abs/2312.08303 Efficient Toxic Content Detection by Bootstrapping and Distilling Large Language Models. (1%) Jiang Zhang; Qiong Wu; Yiming Xu; Cheng Cao; Zheng Du; Konstantinos Psounis http://arxiv.org/abs/2312.07821 Radio Signal Classification by Adversarially Robust Quantum Machine Learning. (99%) Yanqiu Wu; Eromanga Adermann; Chandra Thapa; Seyit Camtepe; Hajime Suzuki; Muhammad Usman http://arxiv.org/abs/2312.07258 SSTA: Salient Spatially Transformed Attack. (99%) Renyang Liu; Wei Zhou; Sixin Wu; Jun Zhao; Kwok-Yan Lam http://arxiv.org/abs/2312.07245 DTA: Distribution Transform-based Attack for Query-Limited Scenario. (99%) Renyang Liu; Wei Zhou; Xin Jin; Song Gao; Yuanyu Wang; Ruxin Wang http://arxiv.org/abs/2312.08877 May the Noise be with you: Adversarial Training without Adversarial Examples. (98%) Ayoub Arous; Andres F Lopez-Lopera; Nael Abu-Ghazaleh; Ihsen Alouani http://arxiv.org/abs/2312.07364 Collapse-Oriented Adversarial Training with Triplet Decoupling for Robust Image Retrieval. (98%) Qiwei Tian; Chenhao Lin; Qian Li; Zhengyu Zhao; Chao Shen http://arxiv.org/abs/2312.07067 Focus on Hiders: Exploring Hidden Threats for Enhancing Adversarial Training. (98%) Qian Li; Yuxiao Hu; Yinpeng Dong; Dongxiao Zhang; Yuntian Chen http://arxiv.org/abs/2312.11510 QuadAttack: A Quadratic Programming Approach to Ordered Top-K Attacks. (97%) Thomas Paniagua; Ryan Grainger; Tianfu Wu http://arxiv.org/abs/2312.06991 Attacking the Loop: Adversarial Attacks on Graph-based Loop Closure Detection. (92%) Jonathan J. Y. Kim; Martin Urschler; Patricia J. Riddle; Jorg S. Wicker http://arxiv.org/abs/2312.07392 ReRoGCRL: Representation-based Robustness in Goal-Conditioned Reinforcement Learning. (86%) Xiangyu Yin; Sihao Wu; Jiaxu Liu; Meng Fang; Xingyu Zhao; Xiaowei Huang; Wenjie Ruan http://arxiv.org/abs/2312.07784 Robust MRI Reconstruction by Smoothed Unrolling (SMUG). (82%) Shijun Liang; Van Hoang Minh Nguyen; Jinghan Jia; Ismail Alkhouri; Sijia Liu; Saiprasad Ravishankar http://arxiv.org/abs/2312.07158 Cost Aware Untargeted Poisoning Attack against Graph Neural Networks,. (70%) Yuwei Han; Yuni Lai; Yulin Zhu; Kai Zhou http://arxiv.org/abs/2312.07022 EdgePruner: Poisoned Edge Pruning in Graph Contrastive Learning. (47%) Hiroya Kato; Kento Hasegawa; Seira Hidano; Kazuhide Fukushima http://arxiv.org/abs/2312.07876 Causality Analysis for Evaluating the Security of Large Language Models. (22%) Wei Zhao; Zhe Li; Jun Sun http://arxiv.org/abs/2312.07865 SimAC: A Simple Anti-Customization Method against Text-to-Image Synthesis of Diffusion Models. (13%) Feifei Wang; Zhentao Tan; Tianyi Wei; Yue Wu; Qidong Huang http://arxiv.org/abs/2312.07130 Divide-and-Conquer Attack: Harnessing the Power of LLM to Bypass Safety Filters of Text-to-Image Models. (8%) Yimo Deng; Huangxun Chen http://arxiv.org/abs/2312.07389 Eroding Trust In Aerial Imagery: Comprehensive Analysis and Evaluation Of Adversarial Attacks In Geospatial Systems. (5%) Michael Lanier; Aayush Dhakal; Zhexiao Xiong; Arthur Li; Nathan Jacobs; Yevgeniy Vorobeychik http://arxiv.org/abs/2312.07870 Securing Graph Neural Networks in MLaaS: A Comprehensive Realization of Query-based Integrity Verification. (2%) Bang Wu; Xingliang Yuan; Shuo Wang; Qi Li; Minhui Xue; Shirui Pan http://arxiv.org/abs/2312.07709 Majority is Not Required: A Rational Analysis of the Private Double-Spend Attack from a Sub-Majority Adversary. (1%) Yanni Georghiades; Rajesh Mishra; Karl Kreder; Sriram Vishwanath http://arxiv.org/abs/2312.06199 Towards Transferable Adversarial Attacks with Centralized Perturbation. (99%) Shangbo Wu; Yu-an Tan; Yajie Wang; Ruinan Ma; Wencong Ma; Yuanzhang Li http://arxiv.org/abs/2312.06423 MalPurifier: Enhancing Android Malware Detection with Adversarial Purification against Evasion Attacks. (98%) Yuyang Zhou; Guang Cheng; Zongyao Chen; Shui Yu http://arxiv.org/abs/2312.06568 Sparse but Strong: Crafting Adversarially Robust Graph Lottery Tickets. (83%) Subhajit Dutta Chowdhury; Zhiyu Ni; Qingyuan Peng; Souvik Kundu; Pierluigi Nuzzo http://arxiv.org/abs/2312.06436 Reward Certification for Policy Smoothed Reinforcement Learning. (78%) Ronghui Mu; Leandro Soriano Marcolino; Tianle Zhang; Yanghao Zhang; Xiaowei Huang; Wenjie Ruan http://arxiv.org/abs/2312.06230 Activation Gradient based Poisoned Sample Detection Against Backdoor Attacks. (31%) Danni Yuan; Shaokui Wei; Mingda Zhang; Li Liu; Baoyuan Wu http://arxiv.org/abs/2312.06227 Poisoned ChatGPT Finds Work for Idle Hands: Exploring Developers' Coding Practices with Insecure Suggestions from Poisoned AI Models. (22%) Sanghak Oh; Kiho Lee; Seonhye Park; Doowon Kim; Hyoungshick Kim http://arxiv.org/abs/2312.06564 Promoting Counterfactual Robustness through Diversity. (13%) Francesco Leofante; Nico Potyka http://arxiv.org/abs/2401.08634 Resilient Path Planning for UAVs in Data Collection under Adversarial Attacks. (10%) Xueyuan Wang; M. Cenk Gursoy http://arxiv.org/abs/2312.06163 Adversarial Camera Patch: An Effective and Robust Physical-World Attack on Object Detectors. (1%) Kalibinuer Tiliwalidi http://arxiv.org/abs/2312.06557 Robust Graph Neural Network based on Graph Denoising. (1%) Victor M. Tenorio; Samuel Rey; Antonio G. Marques http://arxiv.org/abs/2312.05924 Data-Free Hard-Label Robustness Stealing Attack. (86%) Xiaojian Yuan; Kejiang Chen; Wen Huang; Jie Zhang; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/2312.06010 A Practical Survey on Emerging Threats from AI-driven Voice Attacks: How Vulnerable are Commercial Voice Control Systems? (76%) Yuanda Wang; Qiben Yan; Nikolay Ivanov; Xun Chen http://arxiv.org/abs/2312.06077 An Ambiguity Measure for Recognizing the Unknowns in Deep Learning. (12%) Roozbeh Yousefzadeh http://arxiv.org/abs/2312.06056 METAL: Metamorphic Testing Framework for Analyzing Large-Language Model Qualities. (2%) Sangwon Hyun; Mingyu Guo; M. Ali Babar http://arxiv.org/abs/2312.05502 Poisoning $\times$ Evasion: Symbiotic Adversarial Robustness for Graph Neural Networks. (99%) Ege Erdogan; Simon Geisler; Stephan Günnemann http://arxiv.org/abs/2312.05508 Improving Adversarial Robust Fairness via Anti-Bias Soft Label Distillation. (98%) Shiji Zhao; Xizhe Wang; Xingxing Wei http://arxiv.org/abs/2312.06701 Dynamic Adversarial Attacks on Autonomous Driving Systems. (98%) Amirhosein Chahe; Chenan Wang; Abhishek Jeyapratap; Kaidi Xu; Lifeng Zhou http://arxiv.org/abs/2312.05716 Initialization Matters for Adversarial Transfer Learning. (76%) Andong Hua; Jindong Gu; Zhiyu Xue; Nicholas Carlini; Eric Wong; Yao Qin http://arxiv.org/abs/2312.04879 HC-Ref: Hierarchical Constrained Refinement for Robust Adversarial Training of GNNs. (99%) Xiaobing Pei; Haoran Yang; Gang Shen http://arxiv.org/abs/2312.04913 SA-Attack: Improving Adversarial Transferability of Vision-Language Pre-training Models via Self-Augmentation. (99%) Bangyan He; Xiaojun Jia; Siyuan Liang; Tianrui Lou; Yang Liu; Xiaochun Cao http://arxiv.org/abs/2312.04960 MIMIR: Masked Image Modeling for Mutual Information-based Adversarial Robustness. (99%) Xiaoyun Xu; Shujian Yu; Jingzheng Wu; Stjepan Picek http://arxiv.org/abs/2312.04902 BELT: Old-School Backdoor Attacks can Evade the State-of-the-Art Defense with Backdoor Exclusivity Lifting. (96%) Huming Qiu; Junjie Sun; Mi Zhang; Xudong Pan; Min Yang http://arxiv.org/abs/2312.06627 An adversarial attack approach for eXplainable AI evaluation on deepfake detection models. (38%) Balachandar Gowrisankar; Vrizlynn L. L. Thing http://arxiv.org/abs/2312.11500 A Red Teaming Framework for Securing AI in Maritime Autonomous Systems. (3%) Mathew J. Walter; Aaron Barrett; Kimberly Tam http://arxiv.org/abs/2312.04893 Annotation-Free Group Robustness via Loss-Based Resampling. (2%) Mahdi Ghaznavi; Hesam Asadollahzadeh; HamidReza Yaghoubi Araghi; Fahimeh Hosseini Noohdani; Mohammad Hossein Rohban; Mahdieh Soleymani Baghshah http://arxiv.org/abs/2312.04828 HuRef: HUman-REadable Fingerprint for Large Language Models. (1%) Boyi Zeng; Chenghu Zhou; Xinbing Wang; Zhouhan Lin http://arxiv.org/abs/2312.04802 MimicDiffusion: Purifying Adversarial Perturbation via Mimicking Clean Diffusion Model. (99%) Kaiyu Song; Hanjiang Lai http://arxiv.org/abs/2312.04403 OT-Attack: Enhancing Adversarial Transferability of Vision-Language Models via Optimal Transport Optimization. (99%) Dongchen Han; Xiaojun Jia; Yang Bai; Jindong Gu; Yang Liu; Xiaochun Cao http://arxiv.org/abs/2312.04692 Diffence: Fencing Membership Privacy With Diffusion Models. (97%) Yuefeng Peng; Ali Naseh; Amir Houmansadr http://arxiv.org/abs/2312.04432 FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning. (70%) Hossein Fereidooni; Alessandro Pegoraro; Phillip Rieger; Alexandra Dmitrienko; Ahmad-Reza Sadeghi http://arxiv.org/abs/2312.04748 Forcing Generative Models to Degenerate Ones: The Power of Data Poisoning Attacks. (64%) Shuli Jiang; Swanand Ravindra Kadhe; Yi Zhou; Ling Cai; Nathalie Baracaldo http://arxiv.org/abs/2312.04730 DeceptPrompt: Exploiting LLM-driven Code Generation via Adversarial Natural Language Instructions. (15%) Fangzhou Wu; Xiaogeng Liu; Chaowei Xiao http://arxiv.org/abs/2312.04035 Defense against ML-based Power Side-channel Attacks on DNN Accelerators with Adversarial Attacks. (98%) Xiaobei Yan; Chip Hong Chang; Tianwei Zhang http://arxiv.org/abs/2312.03520 Defense Against Adversarial Attacks using Convolutional Auto-Encoders. (97%) Shreyasi Mandal http://arxiv.org/abs/2312.03979 Node-aware Bi-smoothing: Certified Robustness against Graph Injection Attacks. (88%) Yuni Lai; Yulin Zhu; Bailin Pan; Kai Zhou http://arxiv.org/abs/2312.04032 RoAST: Robustifying Language Models via Adversarial Perturbation with Selective Training. (54%) Jaehyung Kim; Yuning Mao; Rui Hou; Hanchao Yu; Davis Liang; Pascale Fung; Qifan Wang; Fuli Feng; Lifu Huang; Madian Khabsa http://arxiv.org/abs/2312.03410 Detecting Voice Cloning Attacks via Timbre Watermarking. (13%) Chang Liu; Jie Zhang; Tianwei Zhang; Xi Yang; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/2312.03419 Synthesizing Physical Backdoor Datasets: An Automated Framework Leveraging Deep Generative Models. (11%) Sze Jue Yang; Chinh D. La; Quang H. Nguyen; Eugene Bagdasaryan; Kok-Seng Wong; Anh Tuan Tran; Chee Seng Chan; Khoa D. Doan http://arxiv.org/abs/2312.03853 Dr. Jekyll and Mr. Hyde: Two Faces of LLMs. (4%) Matteo Gioele Collu; Tom Janssen-Groesbeek; Stefanos Koffas; Mauro Conti; Stjepan Picek http://arxiv.org/abs/2312.03991 MICRO: Model-Based Offline Reinforcement Learning with a Conservative Bellman Operator. (2%) Xiao-Yin Liu; Xiao-Hu Zhou; Guo-Tao Li; Hao Li; Mei-Jiang Gui; Tian-Yu Xiang; De-Xing Huang; Zeng-Guang Hou http://arxiv.org/abs/2312.03030 Generating Visually Realistic Adversarial Patch. (99%) Xiaosen Wang; Kunyu Wang http://arxiv.org/abs/2312.03245 A Simple Framework to Enhance the Adversarial Robustness of Deep Learning-based Intrusion Detection System. (99%) Xinwei Yuan; Shu Han; Wei Huang; Hongliang Ye; Xianglong Kong; Fan Zhang http://arxiv.org/abs/2312.02912 Realistic Scatterer Based Adversarial Attacks on SAR Image Classifiers. (99%) Tian Ye; Rajgopal Kannan; Viktor Prasanna; Carl Busart; Lance Kaplan http://arxiv.org/abs/2312.03085 ScAR: Scaling Adversarial Robustness for LiDAR Object Detection. (99%) Xiaohu Lu; Hayder Radha http://arxiv.org/abs/2312.03289 Class Incremental Learning for Adversarial Robustness. (98%) Seungju Cho; Hongsin Lee; Changick Kim http://arxiv.org/abs/2312.02708 Provable Adversarial Robustness for Group Equivariant Tasks: Graphs, Point Clouds, Molecules, and More. (89%) Jan Schuchardt; Yan Scholten; Stephan Günnemann http://arxiv.org/abs/2312.03777 On the Robustness of Large Multimodal Models Against Image Adversarial Attacks. (69%) Xuanimng Cui; Alejandro Aparcedo; Young Kyun Jang; Ser-Nam Lim http://arxiv.org/abs/2312.02780 Scaling Laws for Adversarial Attacks on Language Model Activations. (50%) Stanislav Fort http://arxiv.org/abs/2312.03286 Indirect Gradient Matching for Adversarial Robust Distillation. (13%) Hongsin Lee; Seungju Cho; Changick Kim http://arxiv.org/abs/2312.02673 Robust Backdoor Detection for Deep Learning via Topological Evolution Dynamics. (3%) Xiaoxing Mo; Yechao Zhang; Leo Yu Zhang; Wei Luo; Nan Sun; Shengshan Hu; Shang Gao; Yang Xiang http://arxiv.org/abs/2312.02614 Prompt Optimization via Adversarial In-Context Learning. (3%) Xuan Long Do; Yiran Zhao; Hannah Brown; Yuxi Xie; James Xu Zhao; Nancy F. Chen; Kenji Kawaguchi; Michael Qizhe Xie; Junxian He http://arxiv.org/abs/2312.03252 Privacy-Preserving Task-Oriented Semantic Communications Against Model Inversion Attacks. (2%) Yanhu Wang; Shuaishuai Guo; Yiqin Deng; Haixia Zhang; Yuguang Fang http://arxiv.org/abs/2312.02546 Machine Vision Therapy: Multimodal Large Language Models Can Enhance Visual Robustness via Denoising In-Context Learning. (2%) Zhuo Huang; Chang Liu; Yinpeng Dong; Hang Su; Shibao Zheng; Tongliang Liu http://arxiv.org/abs/2312.01679 Adversarial Medical Image with Hierarchical Feature Hiding. (99%) Qingsong Yao; Zecheng He; Yuexiang Li; Yi Lin; Kai Ma; Yefeng Zheng; S. Kevin Zhou http://arxiv.org/abs/2312.01886 InstructTA: Instruction-Tuned Targeted Attack for Large Vision-Language Models. (99%) Xunguang Wang; Zhenlan Ji; Pingchuan Ma; Zongjie Li; Shuai Wang http://arxiv.org/abs/2312.02237 Singular Regularization with Information Bottleneck Improves Model's Adversarial Robustness. (98%) Guanlin Li; Naishan Zheng; Man Zhou; Jie Zhang; Tianwei Zhang http://arxiv.org/abs/2312.01789 Two-stage optimized unified adversarial patch for attacking visible-infrared cross-modal detectors in the physical world. (12%) Chengyin Hu; Weiwen Shi http://arxiv.org/abs/2312.02400 Auto DP-SGD: Dual Improvements of Privacy and Accuracy via Automatic Clipping Threshold and Noise Multiplier Estimation. (1%) Sai Venkatesh Chilukoti; Md Imran Hossen; Liqun Shan; Vijay Srinivas Tida; Xiai Hei http://arxiv.org/abs/2312.02147 Rejuvenating image-GPT as Strong Visual Representation Learners. (1%) Sucheng Ren; Zeyu Wang; Hongru Zhu; Junfei Xiao; Alan Yuille; Cihang Xie http://arxiv.org/abs/2312.02220 QuantAttack: Exploiting Dynamic Quantization to Attack Vision Transformers. (99%) Amit Baras; Alon Zolfi; Yuval Elovici; Asaf Shabtai http://arxiv.org/abs/2312.01585 OCGEC: One-class Graph Embedding Classification for DNN Backdoor Detection. (61%) Haoyu Jiang; Haiyang Yu; Nan Li; Ping Yi http://arxiv.org/abs/2312.01330 Evaluating the Security of Satellite Systems. (16%) Roy Peled; Eran Aizikovich; Edan Habler; Yuval Elovici; Asaf Shabtai http://arxiv.org/abs/2312.01468 Exploring Adversarial Robustness of LiDAR-Camera Fusion Model in Autonomous Driving. (13%) Bo Yang; Xiaoyu Ji; Xiaoyu Ji; Xiaoyu Ji; Xiaoyu Ji http://arxiv.org/abs/2312.04584 Towards Sample-specific Backdoor Attack with Clean Labels via Attribute Trigger. (2%) Yiming Li; Mingyan Zhu; Junfeng Guo; Tao Wei; Shu-Tao Xia; Zhan Qin http://arxiv.org/abs/2312.02207 TranSegPGD: Improving Transferability of Adversarial Examples on Semantic Segmentation. (99%) Xiaojun Jia; Jindong Gu; Yihao Huang; Simeng Qin; Qing Guo; Yang Liu; Xiaochun Cao http://arxiv.org/abs/2312.01260 Rethinking PGD Attack: Is Sign Function Necessary? (98%) Junjie Yang; Tianlong Chen; Xuxi Chen; Zhangyang Wang; Yingbin Liang http://arxiv.org/abs/2312.01045 PROFL: A Privacy-Preserving Federated Learning Method with Stringent Defense Against Poisoning Attacks. (61%) Yisheng Zhong; Li-Ping Wang http://arxiv.org/abs/2312.01281 Mendata: A Framework to Purify Manipulated Training Data. (2%) Zonghao Huang; Neil Gong; Michael K. Reiter http://arxiv.org/abs/2312.00508 PyraTrans: Learning Attention-Enriched Multi-Scale Pyramid Network from Pre-Trained Transformers for Effective Malicious URL Detection. (69%) Ruitong Liu; Yanbin Wang; Zhenhao Guo; Haitao Xu; Zhan Qin; Wenrui Ma; Fan Zhang http://arxiv.org/abs/2312.00942 Survey of Security Issues in Memristor-based Machine Learning Accelerators for RF Analysis. (22%) William Lillis; Max Cohen Hoffing; Wayne Burleson http://arxiv.org/abs/2312.00987 Deep Generative Attacks and Countermeasures for Data-Driven Offline Signature Verification. (10%) An Ngo; MinhPhuong Cao; Rajesh Kumar http://arxiv.org/abs/2312.00359 Temperature Balancing, Layer-wise Weight Analysis, and Neural Network Training. (1%) Yefan Zhou; Tianyu Pang; Keqin Liu; Charles H. Martin; Michael W. Mahoney; Yaoqing Yang http://arxiv.org/abs/2312.00741 Crystal: Enhancing Blockchain Mining Transparency with Quorum Certificate. (1%) Jianyu Niu; Fangyu Gai; Runchao Han; Ren Zhang; Yinqian Zhang; Chen Feng http://arxiv.org/abs/2312.00105 Improving the Robustness of Quantized Deep Neural Networks to White-Box Attacks using Stochastic Quantization and Information-Theoretic Ensemble Training. (98%) Saurabh Farkya; Aswin Raghavan; Avi Ziskind http://arxiv.org/abs/2311.18820 Adversarial Attacks and Defenses for Wireless Signal Classifiers using CDI-aware GANs. (98%) Sujata Sinha; Alkan Soysal http://arxiv.org/abs/2312.00157 Universal Backdoor Attacks. (97%) Benjamin Schneider; Nils Lukas; Florian Kerschbaum http://arxiv.org/abs/2312.00173 Fool the Hydra: Adversarial Attacks against Multi-view Object Detection Systems. (97%) Bilel Tarchoun; Quazi Mishkatul Alam; Nael Abu-Ghazaleh; Ihsen Alouani http://arxiv.org/abs/2311.18403 Corrupting Convolution-based Unlearnable Datasets with Pixel-based Image Transformations. (88%) Xianlong Wang; Shengshan Hu; Minghui Li; Zhifei Yu; Ziqi Zhou; Leo Yu Zhang; Hai Jin http://arxiv.org/abs/2312.00198 Optimal Attack and Defense for Reinforcement Learning. (76%) Jeremy McMahan; Young Wu; Xiaojin Zhu; Qiaomin Xie http://arxiv.org/abs/2312.00084 Can Protective Perturbation Safeguard Personal Data from Being Exploited by Stable Diffusion? (74%) Zhengyue Zhao; Jinhao Duan; Kaidi Xu; Chenan Wang; Rui Zhangp Zidong Dup Qi Guo; Xing Hu http://arxiv.org/abs/2311.18495 Improving Adversarial Transferability via Model Alignment. (68%) Avery Ma; Amir-massoud Farahmand; Yangchen Pan; Philip Torr; Jindong Gu http://arxiv.org/abs/2311.18498 Data-Agnostic Model Poisoning against Federated Learning: A Graph Autoencoder Approach. (62%) Kai Li; Jingjing Zheng; Xin Yuan; Wei Ni; Ozgur B. Akan; H. Vincent Poor http://arxiv.org/abs/2312.00273 Mark My Words: Analyzing and Evaluating Language Model Watermarks. (2%) Julien Piet; Chawin Sitawarin; Vivian Fang; Norman Mu; David Wagner http://arxiv.org/abs/2311.17400 Improving the Robustness of Transformer-based Large Language Models with Dynamic Attention. (98%) Lujia Shen; Yuwen Pu; Shouling Ji; Changjiang Li; Xuhong Zhang; Chunpeng Ge; Ting Wang http://arxiv.org/abs/2311.17434 Group-wise Sparse and Explainable Adversarial Attacks. (96%) Shpresim Sadiku; Moritz Wagner; Sebastian Pokutta http://arxiv.org/abs/2311.17458 Quantum Neural Networks under Depolarization Noise: Exploring White-Box Attacks and Defenses. (88%) David Winderl; Nicola Franco; Jeanette Miriam Lorenz http://arxiv.org/abs/2311.17853 On the Adversarial Robustness of Graph Contrastive Learning Methods. (83%) Filippo Guerranti; Zinuo Yi; Anna Starovoit; Rafiq Kamel; Simon Geisler; Stephan Günnemann http://arxiv.org/abs/2311.17608 Adversarial Robust Memory-Based Continual Learner. (81%) Xiaoyue Mi; Fan Tang; Zonghan Yang; Danding Wang; Juan Cao; Peng Li; Yang Liu http://arxiv.org/abs/2311.17983 Improving Faithfulness for Vision Transformers. (80%) Lijie Hu; Yixin Liu; Ninghao Liu; Mengdi Huai; Lichao Sun; Di Wang http://arxiv.org/abs/2311.17429 TARGET: Template-Transferable Backdoor Attack Against Prompt-based NLP Models via GPT4. (68%) Zihao Tan; Qingliang Chen; Yongjian Huang; Chen Liang http://arxiv.org/abs/2311.17607 Topology-Preserving Adversarial Training. (10%) Xiaoyue Mi; Fan Tang; Yepeng Weng; Danding Wang; Juan Cao; Sheng Tang; Peng Li; Yang Liu http://arxiv.org/abs/2311.17600 Query-Relevant Images Jailbreak Large Multi-Modal Models. (9%) Xin Liu; Yichen Zhu; Yunshi Lan; Chao Yang; Yu Qiao http://arxiv.org/abs/2311.17833 Analyzing and Explaining Image Classifiers via Diffusion Guidance. (8%) Maximilian Augustin; Yannic Neuhaus; Matthias Hein http://arxiv.org/abs/2311.18244 Poisoning Attacks Against Contrastive Recommender Systems. (2%) Zongwei Wang; Junliang Yu; Min Gao; Hongzhi Yin; Bin Cui; Shazia Sadiq http://arxiv.org/abs/2311.17722 SenTest: Evaluating Robustness of Sentence Encoders. (2%) Tanmay Chavan; Shantanu Patankar; Aditya Kane; Omkar Gokhale; Geetanjali Kale; Raviraj Joshi http://arxiv.org/abs/2311.17583 CLIPC8: Face liveness detection algorithm based on image-text pairs and contrastive learning. (1%) Xu Liu; Shu Zhou; Yurong Song; Wenzhe Luo; Xin Zhang http://arxiv.org/abs/2311.17391 Unveiling the Implicit Toxicity in Large Language Models. (1%) Jiaxin Wen; Pei Ke; Hao Sun; Zhexin Zhang; Chengfei Li; Jinfeng Bai; Minlie Huang http://arxiv.org/abs/2311.17128 Vulnerability Analysis of Transformer-based Optical Character Recognition to Adversarial Attacks. (99%) Lucas Beerens; Desmond J. Higham http://arxiv.org/abs/2311.17332 NeRFTAP: Enhancing Transferability of Adversarial Patches on Face Recognition using Neural Radiance Fields. (99%) Xiaoliang Liu; Furao Shen; Feng Han; Jian Zhao; Changhai Nie http://arxiv.org/abs/2311.16577 Efficient Key-Based Adversarial Defense for ImageNet by Using Pre-trained Model. (98%) AprilPyone MaungMaung; Isao Echizen; Hitoshi Kiya http://arxiv.org/abs/2311.17339 RADAP: A Robust and Adaptive Defense Against Diverse Adversarial Patches on Face Recognition. (92%) Xiaoliang Liu; Furao Shen; Jian Zhao; Changhai Nie http://arxiv.org/abs/2401.05338 STR-Cert: Robustness Certification for Deep Text Recognition on Deep Learning Pipelines and Vision Transformers. (26%) Daqian Shao; Lukas Fesser; Marta Kwiatkowska http://arxiv.org/abs/2311.16833 1-Lipschitz Layers Compared: Memory, Speed, and Certifiable Robustness. (13%) Bernd Prach; Fabio Brau; Giorgio Buttazzo; Christoph H. Lampert http://arxiv.org/abs/2311.17035 Scalable Extraction of Training Data from (Production) Language Models. (10%) Milad Nasr; Nicholas Carlini; Jonathan Hayase; Matthew Jagielski; A. Feder Cooper; Daphne Ippolito; Christopher A. Choquette-Choo; Eric Wallace; Florian Tramèr; Katherine Lee http://arxiv.org/abs/2311.16661 Cooperative Abnormal Node Detection with Adversary Resistance: A Probabilistic Approach. (10%) Yingying Huangfu; Tian Bai http://arxiv.org/abs/2311.16526 On robust overfitting: adversarial training induced distribution matters. (1%) Runzhi Tian; Yongyi Mao http://arxiv.org/abs/2311.16681 Understanding the (Extra-)Ordinary: Validating Deep Model Decisions with Prototypical Concept-based Explanations. (1%) Maximilian Dreyer; Reduan Achtibat; Wojciech Samek; Sebastian Lapuschkin http://arxiv.org/abs/2311.17138 Shadows Don't Lie and Lines Can't Bend! Generative Models don't know Projective Geometry...for now. (1%) Ayush Sarkar; Hanlin Mai; Amitabh Mahapatra; Svetlana Lazebnik; D. A. Forsyth; Anand Bhattad http://arxiv.org/abs/2311.16478 RetouchUAA: Unconstrained Adversarial Attack via Image Retouching. (99%) Mengda Xie; Yiling He; Meie Fang http://arxiv.org/abs/2311.15994 Adversaral Doodles: Interpretable and Human-drawable Attacks Provide Describable Insights. (99%) Ryoya Nara; Yusuke Matsui http://arxiv.org/abs/2311.17087 Rethinking Mixup for Improving the Adversarial Transferability. (98%) Xiaosen Wang; Zeyuan Yin http://arxiv.org/abs/2311.15551 Instruct2Attack: Language-Guided Semantic Adversarial Attacks. (98%) Jiang Liu; Chen Wei; Yuxiang Guo; Heng Yu; Alan Yuille; Soheil Feizi; Chun Pong Lau; Rama Chellappa http://arxiv.org/abs/2311.16445 CLAP: Contrastive Learning with Augmented Prompts for Robustness on Pretrained Vision-Language Models. (95%) Yichao Cai; Yuhang Liu; Zhen Zhang; Javen Qinfeng Shi http://arxiv.org/abs/2311.16065 A Survey on Vulnerability of Federated Learning: A Learning Algorithm Perspective. (50%) Xianghua Xie; Chen Hu; Hanchi Ren; Jingjing Deng http://arxiv.org/abs/2311.16460 Threshold Breaker: Can Counter-Based RowHammer Prevention Mechanisms Truly Safeguard DRAM? (31%) Ranyang Zhou; Jacqueline Liu; Sabbir Ahmed; Nakul Kochar; Adnan Siraj Rakin; Shaahin Angizi http://arxiv.org/abs/2312.00050 Elijah: Eliminating Backdoors Injected in Diffusion Models via Distribution Shift. (31%) Shengwei An; Sheng-Yen Chou; Kaiyuan Zhang; Qiuling Xu; Guanhong Tao; Guangyu Shen; Siyuan Cheng; Shiqing Ma; Pin-Yu Chen; Tsung-Yi Ho; Xiangyu Zhang http://arxiv.org/abs/2311.15894 Distributed Attacks over Federated Reinforcement Learning-enabled Cell Sleep Control. (22%) Han Zhang; Hao Zhou; Medhat Elsayed; Majid Bavand; Raimundas Gaigalas; Yigit Ozcan; Melike Erol-Kantarci http://arxiv.org/abs/2311.16383 "Do Users fall for Real Adversarial Phishing?" Investigating the Human response to Evasive Webpages. (15%) Ajka Draganovic; Savino Dambra; Javier Aldana Iuit; Kevin Roundy; Giovanni Apruzzese http://arxiv.org/abs/2311.16101 How Many Unicorns Are in This Image? A Safety Evaluation Benchmark for Vision LLMs. (12%) Haoqin Tu; Chenhang Cui; Zijun Wang; Yiyang Zhou; Bingchen Zhao; Junlin Han; Wangchunshu Zhou; Huaxiu Yao; Cihang Xie http://arxiv.org/abs/2311.15999 Microarchitectural Security of AWS Firecracker VMM for Serverless Cloud Platforms. (1%) Zane Worcester Polytechnic Institute Weissman; Thore University of Lübeck Tiemann; Thomas University of Lübeck Eisenbarth; Berk Worcester Polytechnic Institute Sunar http://arxiv.org/abs/2311.15339 Adversarial Purification of Information Masking. (99%) Sitong Liu; Zhichao Lian; Shuangquan Zhang; Liang Xiao http://arxiv.org/abs/2311.15356 Having Second Thoughts? Let's hear it. (56%) Jung H. Lee; Sujith Vijayan http://arxiv.org/abs/2311.16194 BadCLIP: Trigger-Aware Prompt Learning for Backdoor Attacks on CLIP. (13%) Jiawang Bai; Kuofeng Gao; Shaobo Min; Shu-Tao Xia; Zhifeng Li; Wei Liu http://arxiv.org/abs/2311.15373 Confidence Is All You Need for MI Attacks. (2%) Abhishek Sinha; Himanshi Tibrewal; Mansi Gupta; Nikhar Waghela; Shivank Garg http://arxiv.org/abs/2311.15165 Mixing Classifiers to Alleviate the Accuracy-Robustness Trade-Off. (26%) Yatong Bai; Brendon G. Anderson; Somayeh Sojoudi http://arxiv.org/abs/2311.14934 Robust Graph Neural Networks via Unbiased Aggregation. (10%) Ruiqi Feng; Zhichao Hou; Tyler Derr; Xiaorui Liu http://arxiv.org/abs/2311.14948 Effective Backdoor Mitigation Depends on the Pre-training Objective. (10%) Sahil Verma; Gantavya Bhatt; Avi Schwarzschild; Soumye Singhal; Arnav Mohanty Das; Chirag Shah; John P Dickerson; Jeff Bilmes http://arxiv.org/abs/2311.14772 Trainwreck: A damaging adversarial attack on image classifiers. (99%) Jan Zahálka http://arxiv.org/abs/2311.14450 Segment (Almost) Nothing: Prompt-Agnostic Adversarial Attacks on Segmentation Models. (96%) Francesco Croce; Matthias Hein http://arxiv.org/abs/2311.14455 Universal Jailbreak Backdoors from Poisoned Human Feedback. (1%) Javier Rando; Florian Tramèr http://arxiv.org/abs/2311.14005 When Side-Channel Attacks Break the Black-Box Property of Embedded Artificial Intelligence. (99%) Benoit Coqueret; Mathieu Carbone; Olivier Sentieys; Gabriel Zaid http://arxiv.org/abs/2311.13841 Adversarial defense based on distribution transfer. (99%) Jiahao Chen; Diqun Yan; Li Dong http://arxiv.org/abs/2311.14227 Robust and Interpretable COVID-19 Diagnosis on Chest X-ray Images using Adversarial Training. (68%) Karina Yang; Alexis Bennett; Dominique Duncan http://arxiv.org/abs/2312.00041 Presentation Attack Detection using Convolutional Neural Networks and Local Binary Patterns. (1%) Justin Spencer; Deborah Lawrence; Prosenjit Chatterjee; Kaushik Roy; Albert Esterline; Jung-Hee Kim http://arxiv.org/abs/2311.13233 A Survey of Adversarial CAPTCHAs on its History, Classification and Generation. (99%) Zisheng Xu; Qiao Yan; F. Richard Yu; Victor C. M. Leung http://arxiv.org/abs/2311.13445 Transfer Attacks and Defenses for Large Language Models on Coding Tasks. (99%) Chi Zhang; Zifan Wang; Ravi Mangal; Matt Fredrikson; Limin Jia; Corina Pasareanu http://arxiv.org/abs/2311.13656 Panda or not Panda? Understanding Adversarial Attacks with Interactive Visualization. (98%) Yuzhe You; Jarvis Tse; Jian Zhao http://arxiv.org/abs/2311.13244 Hard Label Black Box Node Injection Attack on Graph Neural Networks. (93%) Yu Zhou; Zihao Dong; Guofeng Zhang; Jingchen Tang http://arxiv.org/abs/2311.13744 Security and Privacy Challenges in Deep Learning Models. (74%) Gopichandh Golla http://arxiv.org/abs/2311.13713 A Somewhat Robust Image Watermark against Diffusion-based Editing Models. (50%) Mingtian Tan; Tianhao Wang; Somesh Jha http://arxiv.org/abs/2311.13739 OASIS: Offsetting Active Reconstruction Attacks in Federated Learning. (2%) Tre' R. Jeter; Truc Nguyen; Raed Alharbi; My T. Thai http://arxiv.org/abs/2311.12981 SD-NAE: Generating Natural Adversarial Examples with Stable Diffusion. (96%) Yueqian Lin; Jingyang Zhang; Yiran Chen; Hai Li http://arxiv.org/abs/2311.13091 Stable Unlearnable Example: Enhancing the Robustness of Unlearnable Examples via Stable Error-Minimizing Noise. (96%) Yixin Liu; Kaidi Xu; Xun Chen; Lichao Sun http://arxiv.org/abs/2311.12914 Attention Deficit is Ordered! Fooling Deformable Vision Transformers with Collaborative Adversarial Patches. (75%) Quazi Mishkatul Alam; Bilel Tarchoun; Ihsen Alouani; Nael Abu-Ghazaleh http://arxiv.org/abs/2311.12722 Attacking Motion Planners Using Adversarial Perception Errors. (69%) Jonathan Sadeghi; Nicholas A. Lord; John Redford; Romain Mueller http://arxiv.org/abs/2311.13127 Toward Robust Imperceptible Perturbation against Unauthorized Text-to-image Diffusion-based Synthesis. (62%) Yixin Liu; Chenrui Fan; Yutong Dai; Xun Chen; Pan Zhou; Lichao Sun http://arxiv.org/abs/2311.12773 Iris Presentation Attack: Assessing the Impact of Combining Vanadium Dioxide Films with Artificial Eyes. (1%) Darshika Jauhari; Renu Sharma; Cunjian Chen; Nelson Sepulveda; Arun Ross http://arxiv.org/abs/2311.12084 ODDR: Outlier Detection & Dimension Reduction Based Defense Against Adversarial Patches. (99%) Nandish Chattopadhyay; Amira Guesmi; Muhammad Abdullah Hanif; Bassem Ouni; Muhammad Shafique http://arxiv.org/abs/2311.12211 DefensiveDR: Defending against Adversarial Patches using Dimensionality Reduction. (99%) Nandish Chattopadhyay; Amira Guesmi; Muhammad Abdullah Hanif; Bassem Ouni; Muhammad Shafique http://arxiv.org/abs/2311.11861 Generating Valid and Natural Adversarial Examples with Large Language Models. (99%) Zimu Wang; Wei Wang; Qi Chen; Qiufeng Wang; Anh Nguyen http://arxiv.org/abs/2311.11753 AdvGen: Physical Adversarial Attack on Face Presentation Attack Detection Systems. (99%) Sai Amrit Patnaik; Shivali Chansoriya; Anil K. Jain; Anoop M. Namboodiri http://arxiv.org/abs/2311.11796 Beyond Boundaries: A Comprehensive Survey of Transferable Attacks on AI Systems. (50%) Guangjing Wang; Ce Zhou; Yuanda Wang; Bocheng Chen; Hanqing Guo; Qiben Yan http://arxiv.org/abs/2311.11544 Understanding Variation in Subpopulation Susceptibility to Poisoning Attacks. (15%) Evan Rose; Fnu Suya; David Evans http://arxiv.org/abs/2311.11871 Training robust and generalizable quantum models. (10%) Julian Berberich; Daniel Fink; Daniel Pranjić; Christian Tutschku; Christian Holm http://arxiv.org/abs/2311.11995 BrainWash: A Poisoning Attack to Forget in Continual Learning. (4%) Ali Abbasi; Parsa Nooralinejad; Hamed Pirsiavash; Soheil Kolouri http://arxiv.org/abs/2311.11261 Adversarial Prompt Tuning for Vision-Language Models. (98%) Jiaming Zhang; Xingjun Ma; Xin Wang; Lingyu Qiu; Jiaqi Wang; Yu-Gang Jiang; Jitao Sang http://arxiv.org/abs/2311.11509 Token-Level Adversarial Prompt Detection Based on Perplexity Measures and Contextual Information. (78%) Zhengmian Hu; Gang Wu; Saayan Mitra; Ruiyi Zhang; Tong Sun; Heng Huang; Viswanathan Swaminathan http://arxiv.org/abs/2311.12075 BadCLIP: Dual-Embedding Guided Backdoor Attack on Multimodal Contrastive Learning. (69%) Siyuan Liang; Mingli Zhu; Aishan Liu; Baoyuan Wu; Xiaochun Cao; Ee-Chien Chang http://arxiv.org/abs/2311.12066 EditShield: Protecting Unauthorized Image Editing by Instruction-guided Diffusion Models. (10%) Ruoxi Chen; Haibo Jin; Jinyin Chen; Lichao Sun http://arxiv.org/abs/2311.12051 Boost Adversarial Transferability by Uniform Scale and Mix Mask Method. (99%) Tao Wang; Zijian Ying; Qianmu Li; zhichao Lian http://arxiv.org/abs/2311.11017 Improving Adversarial Transferability by Stable Diffusion. (99%) Jiayang Liu; Siyu Zhu; Siyuan Liang; Jie Zhang; Han Fang; Weiming Zhang; Ee-Chien Chang http://arxiv.org/abs/2311.11191 Attention-Based Real-Time Defenses for Physical Adversarial Attacks in Vision Applications. (92%) Giulio Rossolini; Alessandro Biondi; Giorgio Buttazzo http://arxiv.org/abs/2311.11225 TextGuard: Provable Defense against Backdoor Attacks on Text Classification. (82%) Hengzhi Pei; Jinyuan Jia; Wenbo Guo; Bo Li; Dawn Song http://arxiv.org/abs/2311.11206 Robust Network Slicing: Multi-Agent Policies, Adversarial Attacks, and Defensive Strategies. (1%) Feng Wang; M. Cenk Gursoy; Senem Velipasalar http://arxiv.org/abs/2311.10366 Breaking Temporal Consistency: Generating Video Universal Adversarial Perturbations Using Image Models. (97%) Hee-Seon Kim; Minji Son; Minbeom Kim; Myung-Joon Kwon; Changick Kim http://arxiv.org/abs/2311.10919 PACOL: Poisoning Attacks Against Continual Learners. (93%) Huayu Li; Gregory Ditzler http://arxiv.org/abs/2311.10389 Two-Factor Authentication Approach Based on Behavior Patterns for Defeating Puppet Attacks. (1%) Wenhao Wang; Guyue Li; Zhiming Chu; Haobo Li; Daniele Faccio http://arxiv.org/abs/2311.09790 Breaking Boundaries: Balancing Performance and Robustness in Deep Wireless Traffic Forecasting. (99%) Romain Ilbert; Thai V. Hoang; Zonghua Zhang; Themis Palpanas http://arxiv.org/abs/2311.09948 Hijacking Large Language Models via Adversarial In-Context Learning. (75%) Yao Qiang; Xiangyu Zhou; Dongxiao Zhu http://arxiv.org/abs/2311.09827 Cognitive Overload: Jailbreaking Large Language Models with Overloaded Logical Thinking. (54%) Nan Xu; Fei Wang; Ben Zhou; Bang Zheng Li; Chaowei Xiao; Muhao Chen http://arxiv.org/abs/2311.09763 Test-time Backdoor Mitigation for Black-Box Large Language Models with Defensive Demonstrations. (38%) Wenjie Mo; Jiashu Xu; Qin Liu; Jiongxiao Wang; Jun Yan; Chaowei Xiao; Muhao Chen http://arxiv.org/abs/2311.09641 On the Exploitability of Reinforcement Learning with Human Feedback for Large Language Models. (13%) Jiongxiao Wang; Junlin Wu; Muhao Chen; Yevgeniy Vorobeychik; Chaowei Xiao http://arxiv.org/abs/2311.10177 Towards Improving Robustness Against Common Corruptions using Mixture of Class Specific Experts. (2%) Shashank Kotyan; Danilo Vasconcellos Vargas http://arxiv.org/abs/2311.16169 Understanding the Effectiveness of Large Language Models in Detecting Security Vulnerabilities. (2%) Avishree Khare; Saikat Dutta; Ziyang Li; Alaia Solko-Breslin; Rajeev Alur; Mayur Naik http://arxiv.org/abs/2312.00029 Bergeron: Combating Adversarial Attacks through a Conscience-Based Alignment Framework. (2%) Matthew Pisano; Peter Ly; Abraham Sanders; Bingsheng Yao; Dakuo Wang; Tomek Strzalkowski; Mei Si http://arxiv.org/abs/2311.09994 Towards more Practical Threat Models in Artificial Intelligence Security. (2%) Kathrin Grosse; Lukas Bieringer; Tarek Richard Besold; Alexandre Alahi http://arxiv.org/abs/2311.10197 You Cannot Escape Me: Detecting Evasions of SIEM Rules in Enterprise Networks. (1%) Rafael Uetz; Marco Herzog; Louis Hackländer; Simon Schwarz; Martin Henze http://arxiv.org/abs/2311.09127 Jailbreaking GPT-4V via Self-Adversarial Attacks with System Prompts. (99%) Yuanwei Wu; Xiang Li; Yixin Liu; Pan Zhou; Lichao Sun http://arxiv.org/abs/2311.09433 Backdoor Activation Attack: Attack Large Language Models using Activation Steering for Safety-Alignment. (74%) Haoran Wang; Kai Shu http://arxiv.org/abs/2311.09024 Fast Certification of Vision-Language Models Using Incremental Randomized Smoothing. (64%) A K Iowa State University Nirala; A New York University Joshi; C New York University Hegde; S Iowa State University Sarkar http://arxiv.org/abs/2311.09266 Adversarially Robust Spiking Neural Networks Through Conversion. (61%) Ozan Özdenizci; Robert Legenstein http://arxiv.org/abs/2311.09447 How Trustworthy are Open-Source LLMs? An Assessment under Malicious Demonstrations Shows their Vulnerabilities. (16%) Lingbo Mo; Boshi Wang; Muhao Chen; Huan Sun http://arxiv.org/abs/2311.09096 Defending Large Language Models Against Jailbreaking Attacks Through Goal Prioritization. (15%) Zhexin Zhang; Junxiao Yang; Pei Ke; Minlie Huang http://arxiv.org/abs/2311.09355 Privacy Threats in Stable Diffusion Models. (13%) Thomas Cilloni; Charles Fleming; Charles Walter http://arxiv.org/abs/2311.09489 MirrorNet: A TEE-Friendly Framework for Secure On-device DNN Inference. (2%) Ziyu Liu; Yukui Luo; Shijin Duan; Tong Zhou; Xiaolin Xu http://arxiv.org/abs/2311.09473 JAB: Joint Adversarial Prompting and Belief Augmentation. (1%) Ninareh Mehrabi; Palash Goyal; Anil Ramakrishna; Jwala Dhamala; Shalini Ghosh; Richard Zemel; Kai-Wei Chang; Aram Galstyan; Rahul Gupta http://arxiv.org/abs/2311.09428 Beyond Detection: Unveiling Fairness Vulnerabilities in Abusive Language Models. (1%) Yueqing Liang; Lu Cheng; Ali Payani; Kai Shu http://arxiv.org/abs/2311.07928 Towards Improving Robustness Against Common Corruptions in Object Detectors Using Adversarial Contrastive Learning. (99%) Shashank Kotyan; Danilo Vasconcellos Vargas http://arxiv.org/abs/2311.08539 Physical Adversarial Examples for Multi-Camera Systems. (99%) Ana Răduţoiu; Jan-Philipp Schulze; Philip Sperl; Konstantin Böttinger http://arxiv.org/abs/2311.08598 DALA: A Distribution-Aware LoRA-Based Adversarial Attack against Language Models. (99%) Yibo Wang; Xiangjue Dong; James Caverlee; Philip S. Yu http://arxiv.org/abs/2311.08265 On The Relationship Between Universal Adversarial Attacks And Sparse Representations. (98%) Dana Weitzner; Raja Giryes http://arxiv.org/abs/2311.08268 A Wolf in Sheep's Clothing: Generalized Nested Jailbreak Prompts can Fool Large Language Models Easily. (62%) Peng Ding; Jun Kuang; Dan Ma; Xuezhi Cao; Yunsen Xian; Jiajun Chen; Shujian Huang http://arxiv.org/abs/2311.08662 Multi-Set Inoculation: Assessing Model Robustness Across Multiple Challenge Sets. (13%) Vatsal Gupta; Pranshu Pandya; Tushar Kataria; Vivek Gupta; Dan Roth http://arxiv.org/abs/2311.09253 The Perception-Robustness Tradeoff in Deterministic Image Restoration. (1%) Guy Ohayon; Tomer Michaeli; Michael Elad http://arxiv.org/abs/2311.07110 Adversarial Purification for Data-Driven Power System Event Classifiers with Diffusion Models. (99%) Yuanbin Cheng; Koji Yamashita; Jim Follum; Nanpeng Yu http://arxiv.org/abs/2311.07780 Parrot-Trained Adversarial Examples: Pushing the Practicality of Black-Box Audio Attacks against Speaker Recognition Models. (99%) Rui Duan; Zhe Qu; Leah Ding; Yao Liu; Zhuo Lu http://arxiv.org/abs/2311.07553 An Extensive Study on Adversarial Attack against Pre-trained Models of Code. (99%) Xiaohu Du; Ming Wen; Zichao Wei; Shangwen Wang; Hai Jin http://arxiv.org/abs/2311.07127 Untargeted Black-box Attacks for Social Recommendations. (96%) Wenqi Fan; Shijie Wang; Xiao-yong Wei; Xiaowei Mei; Qing Li http://arxiv.org/abs/2311.07444 On the Robustness of Neural Collapse and the Neural Collapse of Robustness. (80%) Jingtong Su; Ya Shi Zhang; Nikolaos Tsilivis; Julia Kempe http://arxiv.org/abs/2311.07550 Tabdoor: Backdoor Vulnerabilities in Transformer-based Neural Networks for Tabular Data. (70%) Bart Pleiter; Behrad Tajalli; Stefanos Koffas; Gorka Abad; Jing Xu; Martha Larson; Stjepan Picek http://arxiv.org/abs/2311.06771 Learning Globally Optimized Language Structure via Adversarial Training. (83%) Xuwang Yin http://arxiv.org/abs/2311.06942 Contractive Systems Improve Graph Neural Networks Against Adversarial Attacks. (70%) Moshe Eliasof; Davide Murari; Ferdia Sherry; Carola-Bibiane Schönlieb http://arxiv.org/abs/2311.06973 Analytical Verification of Deep Neural Network Performance for Time-Synchronized Distribution System State Estimation. (5%) Behrouz Azimian; Shiva Moshtagh; Anamitra Pal; Shanshan Ma http://arxiv.org/abs/2311.06855 DialMAT: Dialogue-Enabled Transformer with Moment-Based Adversarial Training. (1%) Kanta Kaneda; Ryosuke Korekata; Yuiga Wada; Shunya Nagashima; Motonari Kambara; Yui Iioka; Haruka Matsuo; Yuto Imai; Takayuki Nishimura; Komei Sugiura http://arxiv.org/abs/2311.06423 Flatness-aware Adversarial Attack. (99%) Mingyuan Fan; Xiaodan Li; Cen Chen; Yinggui Wang http://arxiv.org/abs/2311.05992 Robust Adversarial Attacks Detection for Deep Learning based Relative Pose Estimation for Space Rendezvous. (99%) Ziwei Wang; Nabil Aouf; Jose Pizarro; Christophe Honvault http://arxiv.org/abs/2311.06122 Fight Fire with Fire: Combating Adversarial Patch Attacks using Pattern-randomized Defensive Patches. (98%) Jianan Feng; Jiachun Li; Changqing Miao; Jianjun Huang; Wei You; Wenchang Shi; Bin Liang http://arxiv.org/abs/2311.05935 Resilient and constrained consensus against adversarial attacks: A distributed MPC framework. (84%) Henglai Wei; Kunwu Zhang; Hui Zhang; Yang Shi http://arxiv.org/abs/2311.06361 CALLOC: Curriculum Adversarial Learning for Secure and Robust Indoor Localization. (1%) Danish Gufran; Sudeep Pasricha http://arxiv.org/abs/2311.06062 Practical Membership Inference Attacks against Fine-tuned Large Language Models via Self-prompt Calibration. (1%) Wenjie Fu; Huandong Wang; Chen Gao; Guanghua Liu; Yong Li; Tao Jiang http://arxiv.org/abs/2311.05316 ABIGX: A Unified Framework for eXplainable Fault Detection and Classification. (68%) Yue Zhuo; Jinchuan Qian; Zhihuan Song; Zhiqiang Ge http://arxiv.org/abs/2311.05826 Honest Score Client Selection Scheme: Preventing Federated Learning Label Flipping Attacks in Non-IID Scenarios. (50%) Yanli Li; Huaming Chen; Wei Bao; Zhengmeng Xu; Dong Yuan http://arxiv.org/abs/2311.05808 Scale-MIA: A Scalable Model Inversion Attack against Secure Federated Learning via Latent Space Reconstruction. (15%) Shanghao Shi; Ning Wang; Yang Xiao; Chaoyu Zhang; Yi Shi; Y. Thomas Hou; Wenjing Lou http://arxiv.org/abs/2311.05608 FigStep: Jailbreaking Large Vision-language Models via Typographic Visual Prompts. (1%) Yichen Gong; Delong Ran; Jinyuan Liu; Conglei Wang; Tianshuo Cong; Anyu Wang; Sisi Duan; Xiaoyun Wang http://arxiv.org/abs/2311.05168 FireMatch: A Semi-Supervised Video Fire Detection Network Based on Consistency and Distribution Alignment. (1%) Qinghua Lin; Zuoyong Li; Kun Zeng; Haoyi Fan; Wei Li; Xiaoguang Zhou http://arxiv.org/abs/2311.04503 Constrained Adaptive Attacks: Realistic Evaluation of Adversarial Examples and Robust Training of Deep Neural Networks for Tabular Data. (99%) Thibault Simonetto; Salah Ghamizi; Antoine Desjardins; Maxime Cordy; Yves Le Traon http://arxiv.org/abs/2311.04588 Army of Thieves: Enhancing Black-Box Model Extraction via Ensemble based sample selection. (70%) Akshit Jindal; Vikram Goyal; Saket Anand; Chetan Arora http://arxiv.org/abs/2311.07587 Frontier Language Models are not Robust to Adversarial Arithmetic, or "What do I need to say so you agree 2+2=5? (61%) C. Daniel Freeman; Laura Culp; Aaron Parisi; Maxwell L Bileschi; Gamaleldin F Elsayed; Alex Rizkowsky; Isabelle Simpson; Alex Alemi; Azade Nova; Ben Adlam; Bernd Bohnet; Gaurav Mishra; Hanie Sedghi; Igor Mordatch; Izzeddin Gur; Jaehoon Lee; JD Co-Reyes; Jeffrey Pennington; Kelvin Xu; Kevin Swersky; Kshiteej Mahajan; Lechao Xiao; Rosanne Liu; Simon Kornblith; Noah Constant; Peter J. Liu; Roman Novak; Yundi Qian; Noah Fiedel; Jascha Sohl-Dickstein http://arxiv.org/abs/2311.05143 SCAAT: Improving Neural Network Interpretability via Saliency Constrained Adaptive Adversarial Training. (10%) Rui Xu; Wenkang Qin; Peixiang Huang; Haowang; Lin Luo http://arxiv.org/abs/2311.04815 Domain Adaptive Object Detection via Balancing Between Self-Training and Adversarial Learning. (1%) Muhammad Akhtar Munir; Muhammad Haris Khan; M. Saquib Sarfraz; Mohsen Ali http://arxiv.org/abs/2311.05144 Counter-Empirical Attacking based on Adversarial Reinforcement Learning for Time-Relevant Scoring System. (1%) Xiangguo Sun; Hong Cheng; Hang Dong; Bo Qiao; Si Qin; Qingwei Lin http://arxiv.org/abs/2311.04124 Unveiling Safety Vulnerabilities of Large Language Models. (61%) George Kour; Marcel Zalmanovici; Naama Zwerdling; Esther Goldbraich; Ora Nova Fandina; Ateret Anaby-Tavor; Orna Raz; Eitan Farchi http://arxiv.org/abs/2311.03865 When Fairness Meets Privacy: Exploring Privacy Threats in Fair Binary Classifiers through Membership Inference Attacks. (10%) Huan Tian; Guangsheng Zhang; Bo Liu; Tianqing Zhu; Ming Ding; Wanlei Zhou http://arxiv.org/abs/2311.16153 Identifying and Mitigating Vulnerabilities in LLM-Integrated Applications. (2%) Fengqing Jiang; Zhangchen Xu; Luyao Niu; Boxin Wang; Jinyuan Jia; Bo Li; Radha Poovendran http://arxiv.org/abs/2311.03809 SoK: Security Below the OS -- A Security Analysis of UEFI. (1%) Priyanka Prakash Surve; Oleg Brodt; Mark Yampolskiy; Yuval Elovici; Asaf Shabtai http://arxiv.org/abs/2311.04076 Do LLMs exhibit human-like response biases? A case study in survey design. (1%) Lindia Tjuatja; Valerie Chen; Sherry Tongshuang Wu; Ameet Talwalkar; Graham Neubig http://arxiv.org/abs/2311.03566 Measuring Adversarial Datasets. (92%) Yuanchen Bai; Raoyi Huang; Vijay Viswanathan; Tzu-Sheng Kuo; Tongshuang Wu http://arxiv.org/abs/2311.04235 Can LLMs Follow Simple Rules? (68%) Norman Mu; Sarah Chen; Zifan Wang; Sizhe Chen; David Karamardian; Lulwa Aljeraisy; Basel Alomair; Dan Hendrycks; David Wagner http://arxiv.org/abs/2311.03172 Preserving Privacy in GANs Against Membership Inference Attack. (33%) Mohammadhadi Shateri; Francisco Messina; Fabrice Labeau; Pablo Piantanida http://arxiv.org/abs/2311.03570 Cal-DETR: Calibrated Detection Transformer. (4%) Muhammad Akhtar Munir; Salman Khan; Muhammad Haris Khan; Mohsen Ali; Fahad Shahbaz Khan http://arxiv.org/abs/2311.02757 ELEGANT: Certified Defense on the Fairness of Graph Neural Networks. (10%) Yushun Dong; Binchi Zhang; Hanghang Tong; Jundong Li http://arxiv.org/abs/2311.02373 From Trojan Horses to Castle Walls: Unveiling Bilateral Backdoor Effects in Diffusion Models. (22%) Zhuoshi Pan; Yuguang Yao; Gaowen Liu; Bingquan Shen; H. Vicky Zhao; Ramana Rao Kompella; Sijia Liu http://arxiv.org/abs/2311.01873 Efficient Black-Box Adversarial Attacks on Neural Text Detectors. (22%) Vitalii Fishchuk; Daniel Braun http://arxiv.org/abs/2311.02147 The Alignment Problem in Context. (2%) Raphaël Millière http://arxiv.org/abs/2311.01478 Adversary ML Resilience in Autonomous Driving Through Human Centered Perception Mechanisms. (99%) Aakriti Shah http://arxiv.org/abs/2311.01323 Towards Evaluating Transfer-based Attacks Systematically, Practically, and Fairly. (99%) Qizhang Li; Yiwen Guo; Wangmeng Zuo; Hao Chen http://arxiv.org/abs/2311.01011 Tensor Trust: Interpretable Prompt Injection Attacks from an Online Game. (93%) Sam Toyer; Olivia Watkins; Ethan Adrian Mendes; Justin Svegliato; Luke Bailey; Tiffany Wang; Isaac Ong; Karim Elmaaroufi; Pieter Abbeel; Trevor Darrell; Alan Ritter; Stuart Russell http://arxiv.org/abs/2311.01356 On the Lipschitz constant of random neural networks. (92%) Paul Geuchen; Thomas Heindl; Dominik Stöger; Felix Voigtlaender http://arxiv.org/abs/2311.01696 Universal Perturbation-based Secret Key-Controlled Data Hiding. (80%) Donghua Wang; Wen Yao; Tingsong Jiang; Xiaoqian Chen http://arxiv.org/abs/2311.01441 Distilling Out-of-Distribution Robustness from Vision-Language Foundation Models. (76%) Andy Zhou; Jindong Wang; Yu-Xiong Wang; Haohan Wang http://arxiv.org/abs/2311.01563 Assist Is Just as Important as the Goal: Image Resurfacing to Aid Model's Robust Prediction. (13%) Abhijith Sharma; Phil Munz; Apurva Narayan http://arxiv.org/abs/2311.01642 Robust Adversarial Reinforcement Learning via Bounded Rationality Curricula. (12%) Aryaman Reddi; Maximilian Tölle; Jan Peters; Georgia Chalvatzaki; Carlo D'Eramo http://arxiv.org/abs/2311.01570 Sequential Subset Matching for Dataset Distillation. (1%) Jiawei Du; Qin Shi; Joey Tianyi Zhou http://arxiv.org/abs/2311.01500 E(2) Equivariant Neural Networks for Robust Galaxy Morphology Classification. (1%) Sneh Pandya; Purvik Patel; Franc O; Jonathan Blazek http://arxiv.org/abs/2311.01357 Robust Identity Perceptual Watermark Against Deepfake Face Swapping. (1%) Tianyi Wang; Mengxiao Huang; Harry Cheng; Bin Ma; Yinglong Wang http://arxiv.org/abs/2311.00428 NEO-KD: Knowledge-Distillation-Based Adversarial Training for Robust Multi-Exit Neural Networks. (99%) Seokil Ham; Jungwuk Park; Dong-Jun Han; Jaekyun Moon http://arxiv.org/abs/2311.01473 Adversarial Examples in the Physical World: A Survey. (98%) Jiakai Wang; Donghua Wang; Jin Hu; Siyang Wu; Tingsong Jiang; Wen Yao; Aishan Liu; Xianglong Liu http://arxiv.org/abs/2311.00859 Optimal Cost Constrained Adversarial Attacks For Multiple Agent Systems. (80%) Ziqing Lu; Guanlin Liu; Lifeng Cai; Weiyu Xu http://arxiv.org/abs/2311.00441 Improving Robustness for Vision Transformer with a Simple Dynamic Scanning Augmentation. (76%) Shashank Kotyan; Danilo Vasconcellos Vargas http://arxiv.org/abs/2311.00919 MIST: Defending Against Membership Inference Attacks Through Membership-Invariant Subspace Training. (75%) Jiacheng Li; Ninghui Li; Bruno Ribeiro http://arxiv.org/abs/2311.00508 Robustness Tests for Automatic Machine Translation Metrics with Adversarial Attacks. (1%) Yichen Huang; Timothy Baldwin http://arxiv.org/abs/2311.00400 Open-Set Face Recognition with Maximal Entropy and Objectosphere Loss. (1%) Rafael Henrique Vareto; Yu Linghu; Terrance E. Boult; William Robson Schwartz; Manuel Günther http://arxiv.org/abs/2310.20469 Amoeba: Circumventing ML-supported Network Censorship via Adversarial Reinforcement Learning. (99%) Haoyu Liu; Alec F. Diallo; Paul Patras http://arxiv.org/abs/2311.00172 Robust Safety Classifier for Large Language Models: Adversarial Prompt Shield. (99%) Jinhwa Kim; Ali Derakhshan; Ian G. Harris http://arxiv.org/abs/2310.20175 LFAA: Crafting Transferable Targeted Adversarial Examples with Low-Frequency Perturbations. (99%) Kunyu Wang; Juluan Shi; Wenxuan Wang http://arxiv.org/abs/2311.00207 Magmaw: Modality-Agnostic Adversarial Attacks on Machine Learning-Based Wireless Communication Systems. (98%) Jung-Woo Chang; Ke Sun; Nasimeh Heydaribeni; Seira Hidano; Xinyu Zhang; Farinaz Koushanfar http://arxiv.org/abs/2310.20162 Is Robustness Transferable across Languages in Multilingual Neural Machine Translation? (26%) Leiyu Pan; Supryadi; Deyi Xiong http://arxiv.org/abs/2310.20649 Dynamic Batch Norm Statistics Update for Natural Robustness. (22%) Shahbaz Rezaei; Mohammad Sadegh Norouzzadeh http://arxiv.org/abs/2310.20199 In Search of Lost Online Test-time Adaptation: A Survey. (1%) Zixin Wang; Yadan Luo; Liang Zheng; Zhuoxiao Chen; Sen Wang; Zi Huang http://arxiv.org/abs/2310.19342 Label-Only Model Inversion Attacks via Knowledge Transfer. (83%) Ngoc-Bao Nguyen; Keshigeyan Chandrasegaran; Milad Abdollahzadeh; Ngai-Man Cheung http://arxiv.org/abs/2310.19889 Exploring Geometry of Blind Spots in Vision Models. (83%) Sriram Balasubramanian; Gaurang Sriramanan; Vinu Sankar Sadasivan; Soheil Feizi http://arxiv.org/abs/2310.19737 Adversarial Attacks and Defenses in Large Language Models: Old and New Threats. (74%) Leo Schwinn; David Dobre; Stephan Günnemann; Gauthier Gidel http://arxiv.org/abs/2310.19410 Generated Distributions Are All You Need for Membership Inference Attacks Against Generative Models. (61%) Minxing Zhang; Ning Yu; Rui Wen; Michael Backes; Yang Zhang http://arxiv.org/abs/2310.19391 Causal Fair Metric: Bridging Causality, Individual Fairness, and Adversarial Robustness. (33%) Ahmad-Reza Ehyaei; Golnoosh Farnadi; Samira Samadi http://arxiv.org/abs/2310.19733 Differentially Private Reward Estimation with Preference Feedback. (16%) Sayak Ray Chowdhury; Xingyu Zhou; Nagarajan Natarajan http://arxiv.org/abs/2310.19439 Asymmetric Diffusion Based Channel-Adaptive Secure Wireless Semantic Communications. (10%) Xintian Ren; Jun Wu; Hansong Xu; Qianqian Pan http://arxiv.org/abs/2310.19304 Privacy-Preserving Federated Learning over Vertically and Horizontally Partitioned Data for Financial Anomaly Detection. (1%) Swanand Ravindra Kadhe; Heiko Ludwig; Nathalie Baracaldo; Alan King; Yi Zhou; Keith Houck; Ambrish Rawat; Mark Purcell; Naoise Holohan; Mikio Takeuchi; Ryo Kawahara; Nir Drucker; Hayim Shaul; Eyal Kushnir; Omri Soceanu http://arxiv.org/abs/2310.18975 Blacksmith: Fast Adversarial Training of Vision Transformers via a Mixture of Single-step and Multi-step Methods. (99%) Mahdi Salmani; Alireza Dehghanpour Farashah; Mohammad Azizmalayeri; Mahdi Amiri; Navid Eslami; Mohammad Taghi Manzuri; Mohammad Hossein Rohban http://arxiv.org/abs/2310.19038 Boosting Decision-Based Black-Box Adversarial Attack with Gradient Priors. (98%) Han Liu; Xingshuo Huang; Xiaotong Zhang; Qimai Li; Fenglong Ma; Wei Wang; Hongyang Chen; Hong Yu; Xianchao Zhang http://arxiv.org/abs/2310.19152 BERT Lost Patience Won't Be Robust to Adversarial Slowdown. (98%) Zachary Coalson; Gabriel Ritter; Rakesh Bobba; Sanghyun Hong http://arxiv.org/abs/2310.18936 Adversarial Examples Are Not Real Features. (98%) Ang Li; Yifei Wang; Yiwen Guo; Yisen Wang http://arxiv.org/abs/2310.19248 IMPRESS: Evaluating the Resilience of Imperceptible Perturbations Against Unauthorized Data Usage in Diffusion-Based Generative AI. (82%) Bochuan Cao; Changjiang Li; Ting Wang; Jinyuan Jia; Bo Li; Jinghui Chen http://arxiv.org/abs/2310.19156 Poisoning Retrieval Corpora by Injecting Adversarial Passages. (68%) Zexuan Zhong; Ziqing Huang; Alexander Wettig; Danqi Chen http://arxiv.org/abs/2310.18933 Label Poisoning is All You Need. (54%) Rishi D. Jha; Jonathan Hayase; Sewoong Oh http://arxiv.org/abs/2310.19177 Robustifying Language Models with Test-Time Adaptation. (47%) Noah Thomas McDermott; Junfeng Yang; Chengzhi Mao http://arxiv.org/abs/2310.18987 Path Analysis for Effective Fault Localization in Deep Neural Networks. (1%) Soroush Hashemifar; Saeed Parsa; Akram Kalaee http://arxiv.org/abs/2310.19181 From Chatbots to PhishBots? -- Preventing Phishing scams created using ChatGPT, Google Bard and Claude. (1%) Sayak Saha Roy; Poojitha Thota; Krishna Vamsi Naragam; Shirin Nilizadeh http://arxiv.org/abs/2310.18587 Assessing and Improving Syntactic Adversarial Robustness of Pre-trained Models for Code Translation. (92%) Guang Yang; Yu Zhou; Xiangyu Zhang; Xiang Chen; Tingting Han; Taolue Chen http://arxiv.org/abs/2310.18626 Benchmark Generation Framework with Customizable Distortions for Image Classifier Robustness. (86%) Soumyendu Sarkar; Ashwin Ramesh Babu; Sajad Mousavi; Zachariah Carmichael; Vineet Gundecha; Sahand Ghorbanpour; Ricardo Luna; Gutierrez Antonio Guillen; Avisek Naug http://arxiv.org/abs/2310.18762 Purify++: Improving Diffusion-Purification with Advanced Diffusion Models and Control of Randomness. (61%) Boya Zhang; Weijian Luo; Zhihua Zhang http://arxiv.org/abs/2310.18603 Large Language Models Are Better Adversaries: Exploring Generative Clean-Label Backdoor Attacks Against Text Classifiers. (47%) Wencong You; Zayd Hammoudeh; Daniel Lowd http://arxiv.org/abs/2310.18606 Where have you been? A Study of Privacy Risk for Point-of-Interest Recommendation. (8%) Kunlin Cai; Jinghuai Zhang; Will Shand; Zhiqing Hong; Guang Wang; Desheng Zhang; Jianfeng Chi; Yuan Tian http://arxiv.org/abs/2311.16124 DiffAttack: Evasion Attacks Against Diffusion-Based Adversarial Purification. (99%) Mintong Kang; Dawn Song; Bo Li http://arxiv.org/abs/2310.18477 Understanding and Improving Ensemble Adversarial Defense. (99%) Yian Deng; Tingting Mu http://arxiv.org/abs/2310.18274 LipSim: A Provably Robust Perceptual Similarity Metric. (45%) Sara Ghazanfari; Alexandre Araujo; Prashanth Krishnamurthy; Farshad Khorrami; Siddharth Garg http://arxiv.org/abs/2310.18155 Elevating Code-mixed Text Handling through Auditory Information of Words. (5%) Mamta; Zishan Ahmad; Asif Ekbal http://arxiv.org/abs/2310.17951 Understanding Parameter Saliency via Extreme Value Theory. (1%) Shuo Wang; Issei Sato http://arxiv.org/abs/2311.03373 Unscrambling the Rectification of Adversarial Attacks Transferability across Computer Networks. (99%) Ehsan Nowroozi; Samaneh Ghelichkhani; Imran Haider; Ali Dehghantanha http://arxiv.org/abs/2310.17626 A Survey on Transferability of Adversarial Examples across Deep Neural Networks. (99%) Jindong Gu; Xiaojun Jia; Jorge Pau de; Wenqain Yu; Xinwei Liu; Avery Ma; Yuan Xun; Anjun Hu; Ashkan Khakzar; Zhijiang Li; Xiaochun Cao; Philip Torr http://arxiv.org/abs/2310.17645 Defending Against Transfer Attacks From Public Models. (99%) Chawin Sitawarin; Jaewon Chang; David Huang; Wesson Altoyan; David Wagner http://arxiv.org/abs/2310.17436 Uncertainty-weighted Loss Functions for Improved Adversarial Attacks on Semantic Segmentation. (93%) Kira Maag; Asja Fischer http://arxiv.org/abs/2310.17403 Detection Defenses: An Empty Promise against Adversarial Patch Attacks on Optical Flow. (93%) Erik Scheurer; Jenny Schmalfuss; Alexander Lis; Andrés Bruhn http://arxiv.org/abs/2310.17498 CBD: A Certified Backdoor Detector Based on Local Dominant Probability. (76%) Zhen Xiang; Zidi Xiong; Bo Li http://arxiv.org/abs/2310.17534 SoK: Pitfalls in Evaluating Black-Box Attacks. (76%) Fnu Suya; Anshuman Suri; Tingwei Zhang; Jingtao Hong; Yuan Tian; David Evans http://arxiv.org/abs/2310.17559 Instability of computer vision models is a necessary result of the task itself. (26%) Oliver Turnbull; George Cevora http://arxiv.org/abs/2310.17588 PAC-tuning:Fine-tuning Pretrained Language Models with PAC-driven Perturbed Gradient Descent. (1%) Guangliang Liu; Zhiyu Xue; Xitong Zhang; Kristen Marie Johnson; Rongrong Wang http://arxiv.org/abs/2310.17584 A minimax optimal control approach for robust neural ODEs. (1%) Cristina Cipriani; Alessandro Scagliotti; Tobias Wöhrer http://arxiv.org/abs/2310.16955 Break it, Imitate it, Fix it: Robustness by Generating Human-Like Attacks. (93%) Aradhana Sinha; Ananth Balashankar; Ahmad Beirami; Thi Avrahami; Jilin Chen; Alex Beutel http://arxiv.org/abs/2310.16999 Trust, but Verify: Robust Image Segmentation using Deep Learning. (54%) Fahim Ahmed Zaman; Xiaodong Wu; Weiyu Xu; Milan Sonka; Raghuraman Mudumbai http://arxiv.org/abs/2310.16540 Dual Defense: Adversarial, Traceable, and Invisible Robust Watermarking against Face Swapping. (26%) Yunming Zhang; Dengpan Ye; Caiyun Xie; Long Tang; Chuanxi Chen; Ziyi Liu; Jiacheng Deng http://arxiv.org/abs/2310.16613 On the Proactive Generation of Unsafe Images From Text-To-Image Models Using Benign Prompts. (22%) Yixin Wu; Ning Yu; Michael Backes; Yun Shen; Yang Zhang http://arxiv.org/abs/2310.16919 Wide Flat Minimum Watermarking for Robust Ownership Verification of GANs. (12%) Jianwei Fei; Zhihua Xia; Benedetta Tondi; Mauro Barni http://arxiv.org/abs/2310.16779 Multi-scale Diffusion Denoised Smoothing. (1%) Jongheon Jeong; Jinwoo Shin http://arxiv.org/abs/2310.16838 SparseDFF: Sparse-View Feature Distillation for One-Shot Dexterous Manipulation. (1%) Qianxu Wang; Haotong Zhang; Congyue Deng; Yang You; Hao Dong; Yixin Zhu; Leonidas Guibas http://arxiv.org/abs/2311.12857 Adversarial sample generation and training using geometric masks for accurate and resilient license plate character recognition. (99%) Bishal Shrestha; Griwan Khakurel; Kritika Simkhada; Badri Adhikari http://arxiv.org/abs/2311.12858 RAEDiff: Denoising Diffusion Probabilistic Models Based Reversible Adversarial Examples Self-Generation and Self-Recovery. (92%) Fan Xing; Xiaoyi Zhou; Xuefeng Fan; Zhuo Tian; Yan Zhao http://arxiv.org/abs/2310.16335 Defense Against Model Extraction Attacks on Recommender Systems. (92%) Sixiao Zhang; Hongzhi Yin; Hongxu Chen; Cheng Long http://arxiv.org/abs/2310.16061 Segue: Side-information Guided Generative Unlearnable Examples for Facial Privacy Protection in Real World. (89%) Zhiling Zhang; Jie Zhang; Kui Zhang; Wenbo Zhou; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/2310.16221 Hierarchical Randomized Smoothing. (75%) Yan Scholten; Jan Schuchardt; Aleksandar Bojchevski; Stephan Günnemann http://arxiv.org/abs/2310.15656 Momentum Gradient-based Untargeted Attack on Hypergraph Neural Networks. (73%) Yang Chen; Stjepan Picek; Zhonglin Ye; Zhaoyang Wang; Haixing Zhao http://arxiv.org/abs/2310.16332 Corrupting Neuron Explanations of Deep Visual Features. (41%) Divyansh Srivastava; Tuomas Oikarinen; Tsui-Wei Weng http://arxiv.org/abs/2310.18360 Guiding LLM to Fool Itself: Automatically Manipulating Machine Reading Comprehension Shortcut Triggers. (10%) Mosh Levy; Shauli Ravfogel; Yoav Goldberg http://arxiv.org/abs/2310.15654 A Survey on Detection of LLMs-Generated Content. (1%) Xianjun Yang; Liangming Pan; Xuandong Zhao; Haifeng Chen; Linda Petzold; William Yang Wang; Wei Cheng http://arxiv.org/abs/2310.15991 White-box Compiler Fuzzing Empowered by Large Language Models. (1%) Chenyuan Yang; Yinlin Deng; Runyu Lu; Jiayi Yao; Jiawei Liu; Reyhaneh Jabbarvand; Lingming Zhang http://arxiv.org/abs/2310.16263 Enhancing Large Language Models for Secure Code Generation: A Dataset-driven Study on Vulnerability Mitigation. (1%) Jiexin Wang; Liuwen Cao; Xitong Luo; Zhiping Zhou; Jiayuan Xie; Adam Jatowt; Yi Cai http://arxiv.org/abs/2310.14637 Semantic-Aware Adversarial Training for Reliable Deep Hashing Retrieval. (99%) Xu Yuan; Zheng Zhang; Xunguang Wang; Lin Wu http://arxiv.org/abs/2310.14561 F$^2$AT: Feature-Focusing Adversarial Training via Disentanglement of Natural and Perturbed Patterns. (99%) Yaguan Qian; Chenyu Zhao; Zhaoquan Gu; Bin Wang; Shouling Ji; Wei Wang; Boyang Zhou; Pan Zhou http://arxiv.org/abs/2310.15140 AutoDAN: Automatic and Interpretable Adversarial Attacks on Large Language Models. (98%) Sicheng Zhu; Ruiyi Zhang; Bang An; Gang Wu; Joe Barrow; Zichao Wang; Furong Huang; Ani Nenkova; Tong Sun http://arxiv.org/abs/2310.15444 Fast Propagation is Better: Accelerating Single-Step Adversarial Training via Sampling Subnetworks. (98%) Xiaojun Jia; Jianshu Li; Jindong Gu; Yang Bai; Xiaochun Cao http://arxiv.org/abs/2310.15085 On the Detection of Image-Scaling Attacks in Machine Learning. (15%) Erwin Quiring; Andreas Müller; Konrad Rieck http://arxiv.org/abs/2310.15171 RoboDepth: Robust Out-of-Distribution Depth Estimation under Corruptions. (1%) Lingdong Kong; Shaoyuan Xie; Hanjiang Hu; Lai Xing Ng; Benoit R. Cottereau; Wei Tsang Ooi http://arxiv.org/abs/2310.14270 Diffusion-Based Adversarial Purification for Speaker Verification. (99%) Yibo Bai; Xiao-Lei Zhang http://arxiv.org/abs/2310.14265 CT-GAT: Cross-Task Generative Adversarial Attack based on Transferability. (99%) Minxuan Lv; Chengwei Dai; Kun Li; Wei Zhou; Songlin Hu http://arxiv.org/abs/2311.16118 Imperceptible CMOS camera dazzle for adversarial attacks on deep neural networks. (92%) Zvi Stein; Adrian Stern http://arxiv.org/abs/2310.14504 ADoPT: LiDAR Spoofing Attack Detection Based on Point-Level Temporal Consistency. (26%) Minkyoung Cho; Yulong Cao; Zixiang Zhou; Z. Morley Mao http://arxiv.org/abs/2310.14480 Attention-Enhancing Backdoor Attacks Against BERT-based Models. (13%) Weimin Lyu; Songzhu Zheng; Lu Pang; Haibin Ling; Chao Chen http://arxiv.org/abs/2310.14369 MoPe: Model Perturbation-based Privacy Attacks on Language Models. (9%) Marvin Li; Jason Wang; Jeffrey Wang; Seth Neel http://arxiv.org/abs/2401.01896 Reputation-Based Federated Learning Defense to Mitigate Threats in EEG Signal Classification. (1%) Zhibo Zhang; Pengfei Li; Ahmed Y. Al Hammadi; Fusen Guo; Ernesto Damiani; Chan Yeob Yeun http://arxiv.org/abs/2310.13950 Adversarial Image Generation by Spatial Transformation in Perceptual Colorspaces. (99%) Ayberk Aydin; Alptekin Temizel http://arxiv.org/abs/2310.14045 Training Image Derivatives: Increased Accuracy and Universal Robustness. (5%) Vsevolod I. Avrutskiy http://arxiv.org/abs/2310.13321 Beyond Hard Samples: Robust and Effective Grammatical Error Correction with Cycle Self-Augmenting. (99%) Zecheng Tang; Kaifeng Qi; Juntao Li; Min Zhang http://arxiv.org/abs/2310.13345 An LLM can Fool Itself: A Prompt-Based Adversarial Attack. (99%) Xilie Xu; Keyi Kong; Ning Liu; Lizhen Cui; Di Wang; Jingfeng Zhang; Mohan Kankanhalli http://arxiv.org/abs/2310.13828 Prompt-Specific Poisoning Attacks on Text-to-Image Generative Models. (61%) Shawn Shan; Wenxin Ding; Josephine Passananti; Haitao Zheng; Ben Y. Zhao http://arxiv.org/abs/2310.13893 The Hidden Adversarial Vulnerabilities of Medical Federated Learning. (45%) Erfan Darzi; Florian Dubost; Nanna. M. Sijtsema; Ooijen P. M. A van http://arxiv.org/abs/2310.13822 Adversarial Attacks on Fairness of Graph Neural Networks. (26%) Binchi Zhang; Yushun Dong; Chen Chen; Yada Zhu; Minnan Luo; Jundong Li http://arxiv.org/abs/2310.13424 FLTracer: Accurate Poisoning Attack Provenance in Federated Learning. (26%) Xinyu Zhang; Qingyu Liu; Zhongjie Ba; Yuan Hong; Tianhang Zheng; Feng Lin; Li Lu; Kui Ren http://arxiv.org/abs/2311.03369 Can We Trust the Similarity Measurement in Federated Learning? (15%) Zhilin Wang; Qin Hu; Xukai Zou http://arxiv.org/abs/2310.13782 Data-Free Knowledge Distillation Using Adversarially Perturbed OpenGL Shader Images. (4%) Logan Frank; Jim Davis http://arxiv.org/abs/2310.13894 VOICE-ZEUS: Impersonating Zoom's E2EE-Protected Static Media and Textual Communications via Simple Voice Manipulations. (4%) Mashari Alatawi; Nitesh Saxena http://arxiv.org/abs/2310.12708 Generating Robust Adversarial Examples against Online Social Networks (OSNs). (98%) Jun Liu; Jiantao Zhou; Haiwei Wu; Weiwei Sun; Jinyu Tian http://arxiv.org/abs/2310.12707 Recoverable Privacy-Preserving Image Classification through Noise-like Adversarial Examples. (98%) Jun Liu; Jiantao Zhou; Jinyu Tian; Weiwei Sun http://arxiv.org/abs/2310.12713 Learn from the Past: A Proxy based Adversarial Defense Framework to Boost Robustness. (98%) Yaohua Liu; Jiaxin Gao; Zhu Liu; Xianghao Jiao; Xin Fan; Risheng Liu http://arxiv.org/abs/2310.12793 OODRobustBench: benchmarking and analyzing adversarial robustness under distribution shift. (97%) Lin Li; Yifei Wang; Chawin Sitawarin; Michael Spratling http://arxiv.org/abs/2310.12516 Automatic Hallucination Assessment for Aligned Large Language Models via Transferable Adversarial Attacks. (97%) Xiaodong Yu; Hao Cheng; Xiaodong Liu; Dan Roth; Jianfeng Gao http://arxiv.org/abs/2310.13076 PatchCURE: Improving Certifiable Robustness, Model Utility, and Computation Efficiency of Adversarial Patch Defenses. (97%) Chong Xiang; Tong Wu; Sihui Dai; Jonathan Petit; Suman Jana; Prateek Mittal http://arxiv.org/abs/2310.12815 Prompt Injection Attacks and Defenses in LLM-Integrated Applications. (47%) Yupei Liu; Yuqi Jia; Runpeng Geng; Jinyuan Jia; Neil Zhenqiang Gong http://arxiv.org/abs/2310.12505 Attack Prompt Generation for Red Teaming and Defending Large Language Models. (15%) Boyi Deng; Wenjie Wang; Fuli Feng; Yang Deng; Qifan Wang; Xiangnan He http://arxiv.org/abs/2310.12665 SecurityNet: Assessing Machine Learning Vulnerabilities on Public Models. (5%) Boyang Zhang; Zheng Li; Ziqing Yang; Xinlei He; Michael Backes; Mario Fritz; Yang Zhang http://arxiv.org/abs/2310.13061 To grok or not to grok: Disentangling generalization and memorization on corrupted algorithmic datasets. (1%) Darshil Doshi; Aritra Das; Tianyu He; Andrey Gromov http://arxiv.org/abs/2310.13252 Detecting Shared Data Manipulation in Distributed Optimization Algorithms. (1%) Mohannad Alkhraijah; Rachel Harris; Samuel Litchfield; David Huggins; Daniel K. Molzahn http://arxiv.org/abs/2310.13191 Towards Robust Pruning: An Adaptive Knowledge-Retention Pruning Strategy for Language Models. (1%) Jianwei Li; Qi Lei; Wei Cheng; Dongkuan Xu http://arxiv.org/abs/2310.12017 Exploring Decision-based Black-box Attacks on Face Forgery Detection. (99%) Zhaoyu Chen; Bo Li; Kaixun Jiang; Shuang Wu; Shouhong Ding; Wenqiang Zhang http://arxiv.org/abs/2310.12431 Segment Anything Meets Universal Adversarial Perturbation. (99%) Dongshen Han; Sheng Zheng; Chaoning Zhang http://arxiv.org/abs/2310.11890 IRAD: Implicit Representation-driven Image Resampling against Adversarial Attacks. (99%) Yue Cao; Tianlin Li; Xiaofeng Cao; Ivor Tsang; Yang Liu; Qing Guo http://arxiv.org/abs/2310.11850 Revisiting Transferable Adversarial Image Examples: Attack Categorization, Evaluation Guidelines, and New Insights. (99%) Zhengyu Zhao; Hanwei Zhang; Renjue Li; Ronan Sicre; Laurent Amsaleg; Michael Backes; Qi Li; Chao Shen http://arxiv.org/abs/2310.13019 Tailoring Adversarial Attacks on Deep Neural Networks for Targeted Class Manipulation Using DeepFool Algorithm. (99%) S. M. Fazle Rabby Labib; Joyanta Jyoti Mondal; Meem Arafat Manab http://arxiv.org/abs/2310.11901 Malicious Agent Detection for Robust Multi-Agent Collaborative Perception. (87%) Yangheng Zhao; Zhen Xiang; Sheng Yin; Xianghe Pang; Siheng Chen; Yanfeng Wang http://arxiv.org/abs/2310.12063 Black-Box Training Data Identification in GANs via Detector Networks. (82%) Lukman Olagoke; Salil Vadhan; Seth Neel http://arxiv.org/abs/2310.11789 Adversarial Training for Physics-Informed Neural Networks. (81%) Yao Li; Shengzhu Shi; Zhichang Guo; Boying Wu http://arxiv.org/abs/2310.12243 REVAMP: Automated Simulations of Adversarial Attacks on Arbitrary Objects in Realistic Scenes. (80%) Matthew Hull; Zijie J. Wang; Duen Horng Chau http://arxiv.org/abs/2310.11970 Quantifying Privacy Risks of Prompts in Visual Prompt Learning. (76%) Yixin Wu; Rui Wen; Michael Backes; Pascal Berrang; Mathias Humbert; Yun Shen; Yang Zhang http://arxiv.org/abs/2310.11868 To Generate or Not? Safety-Driven Unlearned Diffusion Models Are Still Easy To Generate Unsafe Images ... For Now. (47%) Yimeng Zhang; Jinghan Jia; Xin Chen; Aochuan Chen; Yihua Zhang; Jiancheng Liu; Ke Ding; Sijia Liu http://arxiv.org/abs/2310.12432 CAT: Closed-loop Adversarial Training for Safe End-to-End Driving. (2%) Linrui Zhang; Zhenghao Peng; Quanyi Li; Bolei Zhou http://arxiv.org/abs/2310.12214 PrivInfer: Privacy-Preserving Inference for Black-box Large Language Model. (1%) Meng Tong; Kejiang Chen; Yuang Qi; Jie Zhang; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/2310.11597 The Efficacy of Transformer-based Adversarial Attacks in Security Domains. (99%) Kunyang Li; Kyle Domico; Jean-Charles Noirot Ferrand; Patrick McDaniel http://arxiv.org/abs/2310.11594 Adversarial Robustness Unhardening via Backdoor Attacks in Federated Learning. (93%) Taejin Kim; Jiarui Li; Shubhranshu Singh; Nikhil Madaan; Carlee Joe-Wong http://arxiv.org/abs/2310.11595 WaveAttack: Asymmetric Frequency Obfuscation-based Backdoor Attacks Against Deep Neural Networks. (15%) Jun Xia; Zhihao Yue; Yingbo Zhou; Zhiwei Ling; Xian Wei; Mingsong Chen http://arxiv.org/abs/2310.11105 Generalizability of CNN Architectures for Face Morph Presentation Attack. (1%) Sherko R. HmaSalah; Aras Asaad http://arxiv.org/abs/2310.10844 Survey of Vulnerabilities in Large Language Models Revealed by Adversarial Attacks. (98%) Erfan Shayegani; Md Abdullah Al Mamun; Yu Fu; Pedram Zaree; Yue Dong; Nael Abu-Ghazaleh http://arxiv.org/abs/2310.10807 Regularization properties of adversarially-trained linear regression. (92%) Antônio H. Ribeiro; Dave Zachariah; Francis Bach; Thomas B. Schön http://arxiv.org/abs/2310.10744 Fast Adversarial Label-Flipping Attack on Tabular Data. (84%) Xinglong Chang; Gillian Dobbie; Jörg Wicker http://arxiv.org/abs/2310.10126 A Non-monotonic Smooth Activation Function. (83%) Koushik Biswas; Meghana Karri; Ulaş Bağcı http://arxiv.org/abs/2310.10610 Quantifying Assistive Robustness Via the Natural-Adversarial Frontier. (68%) Jerry Zhi-Yang He; Zackory Erickson; Daniel S. Brown; Anca D. Dragan http://arxiv.org/abs/2310.10124 A Comprehensive Study of Privacy Risks in Curriculum Learning. (67%) Joann Qiongna Chen; Xinlei He; Zheng Li; Yang Zhang; Zhou Li http://arxiv.org/abs/2310.10427 DANAA: Towards transferable attacks with double adversarial neuron attribution. (26%) Zhibo Jin; Zhiyu Zhu; Xinyi Wang; Jiayu Zhang; Jun Shen; Huaming Chen http://arxiv.org/abs/2310.10780 Demystifying Poisoning Backdoor Attacks from a Statistical Perspective. (9%) Ganghua Wang; Xun Xian; Jayanth Srinivasa; Ashish Kundu; Xuan Bi; Mingyi Hong; Jie Ding http://arxiv.org/abs/2310.10077 Prompt Packer: Deceiving LLMs through Compositional Instruction with Hidden Attacks. (4%) Shuyu Jiang; Xingshu Chen; Rui Tang http://arxiv.org/abs/2310.10810 Robust Multi-Agent Reinforcement Learning via Adversarial Regularization: Theoretical Foundation and Stable Algorithms. (3%) Alexander Bukharin; Yan Li; Yue Yu; Qingru Zhang; Zhehui Chen; Simiao Zuo; Chao Zhang; Songan Zhang; Tuo Zhao http://arxiv.org/abs/2310.10483 Passive Inference Attacks on Split Learning via Adversarial Regularization. (3%) Xiaochen Zhu; Xinjian Luo; Yuncheng Wu; Yangfan Jiang; Xiaokui Xiao; Beng Chin Ooi http://arxiv.org/abs/2310.10490 On the Transferability of Learning Models for Semantic Segmentation for Remote Sensing Data. (2%) Rongjun Qin; Guixiang Zhang; Yang Tang http://arxiv.org/abs/2310.10090 Orthogonal Uncertainty Representation of Data Manifold for Robust Long-Tailed Learning. (1%) Yanbiao Ma; Licheng Jiao; Fang Liu; Shuyuan Yang; Xu Liu; Lingling Li http://arxiv.org/abs/2310.10865 Will the Prince Get True Love's Kiss? On the Model Sensitivity to Gender Perturbation over Fairytale Texts. (1%) Christina Chance; Da Yin; Dakuo Wang; Kai-Wei Chang http://arxiv.org/abs/2310.09891 Towards Deep Learning Models Resistant to Transfer-based Adversarial Attacks via Data-centric Robust Learning. (99%) Yulong Yang; Chenhao Lin; Xiang Ji; Qiwei Tian; Qian Li; Hongshan Yang; Zhibo Wang; Chao Shen http://arxiv.org/abs/2310.09792 SCME: A Self-Contrastive Method for Data-free and Query-Limited Model Extraction Attack. (99%) Renyang Liu; Jinhong Zhang; Kwok-Yan Lam; Jun Zhao; Wei Zhou http://arxiv.org/abs/2310.09795 AFLOW: Developing Adversarial Examples under Extremely Noise-limited Settings. (99%) Renyang Liu; Jinhong Zhang; Haoran Li; Jin Zhang; Yuanyu Wang; Wei Zhou http://arxiv.org/abs/2310.10010 Black-box Targeted Adversarial Attack on Segment Anything (SAM). (99%) Sheng Zheng; Chaoning Zhang; Xinhong Hao http://arxiv.org/abs/2310.10036 Evading Detection Actively: Toward Anti-Forensics against Forgery Localization. (97%) Long Zhuo; Shenghai Luo; Shunquan Tan; Han Chen; Bin Li; Jiwu Huang http://arxiv.org/abs/2310.09744 Explore the Effect of Data Selection on Poison Efficiency in Backdoor Attacks. (61%) Ziqiang Li; Pengfei Xia; Hong Sun; Yueqi Zeng; Wei Zhang; Bin Li http://arxiv.org/abs/2310.10012 Ring-A-Bell! How Reliable are Concept Removal Methods for Diffusion Models? (9%) Yu-Lin Tsai; Chia-Yi Hsu; Chulin Xie; Chih-Hsun Lin; Jia-You Chen; Bo Li; Pin-Yu Chen; Chia-Mu Yu; Chun-Ying Huang http://arxiv.org/abs/2310.09827 VFLAIR: A Research Library and Benchmark for Vertical Federated Learning. (3%) Tianyuan Zou; Zixuan Gu; Yu He; Hideaki Takahashi; Yang Liu; Ya-Qin Zhang http://arxiv.org/abs/2310.09652 BufferSearch: Generating Black-Box Adversarial Texts With Lower Queries. (98%) Wenjie Lv; Zhen Wang; Yitao Zheng; Zhehua Zhong; Qi Xuan; Tianyi Chen http://arxiv.org/abs/2310.09361 Is Certifying $\ell_p$ Robustness Still Worthwhile? (99%) Ravi Mangal; Klas Leino; Zifan Wang; Kai Hu; Weicheng Yu; Corina Pasareanu; Anupam Datta; Matt Fredrikson http://arxiv.org/abs/2310.09266 User Inference Attacks on Large Language Models. (41%) Nikhil Kandpal; Krishna Pillutla; Alina Oprea; Peter Kairouz; Christopher A. Choquette-Choo; Zheng Xu http://arxiv.org/abs/2310.08847 On the Over-Memorization During Natural, Robust and Catastrophic Overfitting. (1%) Runqi Lin; Chaojian Yu; Bo Han; Tongliang Liu http://arxiv.org/abs/2310.08073 Samples on Thin Ice: Re-Evaluating Adversarial Pruning of Neural Networks. (99%) Giorgio Piras; Maura Pintor; Ambra Demontis; Battista Biggio http://arxiv.org/abs/2310.08292 Concealed Electronic Countermeasures of Radar Signal with Adversarial Examples. (93%) Ruinan Ma; Canjie Zhu; Mingfeng Lu; Yunjie Li; Yu-an Tan; Ruibin Zhang; Ran Tao http://arxiv.org/abs/2310.08808 Attacks Meet Interpretability (AmI) Evaluation and Findings. (92%) Qian Ma; Ziping Ye; Shagufta Mehnaz http://arxiv.org/abs/2310.08177 Improving Fast Minimum-Norm Attacks with Hyperparameter Optimization. (68%) Giuseppe Floris; Raffaele Mura; Luca Scionis; Giorgio Piras; Maura Pintor; Ambra Demontis; Battista Biggio http://arxiv.org/abs/2310.08681 Fed-Safe: Securing Federated Learning in Healthcare Against Adversarial Attacks. (64%) Erfan Darzi; Nanna M. Sijtsema; Ooijen P. M. A van http://arxiv.org/abs/2310.08732 Provably Robust Cost-Sensitive Learning via Randomized Smoothing. (45%) Yuan Xin; Michael Backes; Xiao Zhang http://arxiv.org/abs/2310.08571 Bucks for Buckets (B4B): Active Defenses Against Stealing Encoders. (31%) Jan Dubiński; Stanisław Pawlak; Franziska Boenisch; Tomasz Trzciński; Adam Dziedzic http://arxiv.org/abs/2310.08097 Sentinel: An Aggregation Function to Secure Decentralized Federated Learning. (11%) Chao Feng; Alberto Huertas Celdran; Janosch Baltensperger; Enrique Tomas Matınez Bertran; Gerome Bovet; Burkhard Stiller http://arxiv.org/abs/2310.08772 Investigating the Robustness and Properties of Detection Transformers (DETR) Toward Difficult Images. (9%) Zhao Ning Zou; Yuhang Zhang; Robert Wijaya http://arxiv.org/abs/2310.08320 Defending Our Privacy With Backdoors. (9%) Dominik Hintersdorf; Lukas Struppek; Daniel Neider; Kristian Kersting http://arxiv.org/abs/2310.08708 Polynomial Time Cryptanalytic Extraction of Neural Network Models. (3%) Adi Shamir; Isaac Canales-Martinez; Anna Hambitzer; Jorge Chavez-Saab; Francisco Rodrigez-Henriquez; Nitin Satpute http://arxiv.org/abs/2310.08040 SEE-OoD: Supervised Exploration For Enhanced Out-of-Distribution Detection. (1%) Xiaoyang Song; Wenbo Sun; Maher Nouiehed; Raed Al Kontar; Judy Jin http://arxiv.org/abs/2310.08537 XAI Benchmark for Visual Explanation. (1%) Yifei Zhang; Siyi Gu; James Song; Bo Pan; Liang Zhao http://arxiv.org/abs/2310.08419 Jailbreaking Black Box Large Language Models in Twenty Queries. (1%) Patrick Chao; Alexander Robey; Edgar Dobriban; Hamed Hassani; George J. Pappas; Eric Wong http://arxiv.org/abs/2310.08739 Voyager: MTD-Based Aggregation Protocol for Mitigating Poisoning Attacks on DFL. (1%) Chao Feng; Alberto Huertas Celdran; Michael Vuong; Gerome Bovet; Burkhard Stiller http://arxiv.org/abs/2310.07492 Boosting Black-box Attack to Deep Neural Networks with Conditional Diffusion Models. (99%) Renyang Liu; Wei Zhou; Tianwei Zhang; Kangjie Chen; Jun Zhao; Kwok-Yan Lam http://arxiv.org/abs/2310.07780 Promoting Robustness of Randomized Smoothing: Two Cost-Effective Approaches. (89%) Linbo Liu; Trong Nghia Hoang; Lam M. Nguyen; Tsui-Wei Weng http://arxiv.org/abs/2310.07325 An Adversarial Example for Direct Logit Attribution: Memory Management in gelu-4l. (13%) James Dao; Yeu-Tong Lao; Can Rager; Jett Janiak http://arxiv.org/abs/2310.07632 Prompt Backdoors in Visual Prompt Learning. (11%) Hai Huang; Zhengyu Zhao; Michael Backes; Yun Shen; Yang Zhang http://arxiv.org/abs/2310.08015 Why Train More? Effective and Efficient Membership Inference via Memorization. (10%) Jihye Choi; Shruti Tople; Varun Chandrasekaran; Somesh Jha http://arxiv.org/abs/2310.07958 Towards Causal Deep Learning for Vulnerability Detection. (4%) Md Mahbubur Rahman; Ira Ceka; Chengzhi Mao; Saikat Chakraborty; Baishakhi Ray; Wei Le http://arxiv.org/abs/2310.07745 Deep Reinforcement Learning for Autonomous Cyber Operations: A Survey. (3%) Gregory Palmer; Chris Parry; Daniel J. B. Harrold; Chris Willis http://arxiv.org/abs/2310.06468 A Geometrical Approach to Evaluate the Adversarial Robustness of Deep Neural Networks. (99%) Yang Wang; Bo Dong; Ke Xu; Haiyin Piao; Yufei Ding; Baocai Yin; Xin Yang http://arxiv.org/abs/2310.07159 My Brother Helps Me: Node Injection Based Adversarial Attack on Social Bot Detection. (98%) Lanjun Wang; Xinran Qiao; Yanwei Xie; Weizhi Nie; Yongdong Zhang; Anan Liu http://arxiv.org/abs/2310.06396 Adversarial Robustness in Graph Neural Networks: A Hamiltonian Approach. (83%) Kai Zhao; Qiyu Kang; Yang Song; Rui She; Sijie Wang; Wee Peng Tay http://arxiv.org/abs/2310.06956 Adversarial optimization leads to over-optimistic security-constrained dispatch, but sampling can help. (76%) Charles Dawson; Chuchu Fan http://arxiv.org/abs/2310.07152 No Privacy Left Outside: On the (In-)Security of TEE-Shielded DNN Partition for On-Device ML. (62%) Ziqi Zhang; Chen Gong; Yifeng Cai; Yuanyuan Yuan; Bingyan Liu; Ding Li; Yao Guo; Xiangqun Chen http://arxiv.org/abs/2310.06958 Comparing the Robustness of Modern No-Reference Image- and Video-Quality Metrics to Adversarial Attacks. (47%) Anastasia Antsiferova; Khaled Abud; Aleksandr Gushchin; Ekaterina Shumitskaya; Sergey Lavrushkin; Dmitriy Vatolin http://arxiv.org/abs/2310.07100 GraphCloak: Safeguarding Task-specific Knowledge within Graph-structured Data from Unauthorized Exploitation. (22%) Yixin Liu; Chenrui Fan; Xun Chen; Pan Zhou; Lichao Sun http://arxiv.org/abs/2310.06668 Latent Diffusion Counterfactual Explanations. (5%) Karim Farid; Simon Schrodi; Max Argus; Thomas Brox http://arxiv.org/abs/2310.06588 FTFT: efficient and robust Fine-Tuning by transFerring Training dynamics. (2%) Yupei Du; Albert Gatt; Dong Nguyen http://arxiv.org/abs/2310.07084 Investigating the Adversarial Robustness of Density Estimation Using the Probability Flow ODE. (2%) Marius Arvinte; Cory Cornelius; Jason Martin; Nageen Himayat http://arxiv.org/abs/2310.06387 Jailbreak and Guard Aligned Language Models with Only Few In-Context Demonstrations. (1%) Zeming Wei; Yifei Wang; Yisen Wang http://arxiv.org/abs/2310.06182 PAC-Bayesian Spectrally-Normalized Bounds for Adversarially Robust Generalization. (92%) Jiancong Xiao; Ruoyu Sun; Zhi- Quan Luo http://arxiv.org/abs/2310.14942 Domain Watermark: Effective and Harmless Dataset Copyright Protection is Closed at Hand. (22%) Junfeng Guo; Yiming Li; Lixu Wang; Shu-Tao Xia; Heng Huang; Cong Liu; Bo Li http://arxiv.org/abs/2310.06112 Theoretical Analysis of Robust Overfitting for Wide DNNs: An NTK Approach. (5%) Shaopeng Fu; Di Wang http://arxiv.org/abs/2310.06227 Exploring adversarial attacks in federated learning for medical imaging. (2%) Erfan Darzi; Florian Dubost; N. M. Sijtsema; Ooijen P. M. A van http://arxiv.org/abs/2310.05354 An Initial Investigation of Neural Replay Simulator for Over-the-Air Adversarial Perturbations to Automatic Speaker Verification. (99%) Jiaqi Li; Li Wang; Liumeng Xue; Lei Wang; Zhizheng Wu http://arxiv.org/abs/2310.05369 AdvSV: An Over-the-Air Adversarial Attack Dataset for Speaker Verification. (96%) Li Wang; Jiaqi Li; Yuhao Luo; Jiahao Zheng; Lei Wang; Hao Li; Ke Xu; Chengfang Fang; Jie Shi; Zhizheng Wu http://arxiv.org/abs/2310.05057 BRAINTEASER: Lateral Thinking Puzzles for Large Language Models. (26%) Yifan Jiang; Filip Ilievski; Kaixin Ma; Zhivar Sourati http://arxiv.org/abs/2310.04687 Improving Adversarial Attacks on Latent Diffusion Model. (99%) Boyang Zheng; Chumeng Liang; Xiaoyu Wu; Yan Liu http://arxiv.org/abs/2310.04780 IPMix: Label-Preserving Data Augmentation Method for Training Robust Classifiers. (76%) Zhenglin Huang; Xiaoan Bao; Na Zhang; Qingqi Zhang; Xiaomei Tu; Biao Wu; Xi Yang http://arxiv.org/abs/2310.04655 VLATTACK: Multimodal Adversarial Attacks on Vision-Language Tasks via Pre-trained Models. (98%) Ziyi Yin; Muchao Ye; Tianrong Zhang; Tianyu Du; Jinguo Zhu; Han Liu; Jinghui Chen; Ting Wang; Fenglong Ma http://arxiv.org/abs/2310.04055 Kick Bad Guys Out! Zero-Knowledge-Proof-Based Anomaly Detection in Federated Learning. (84%) Shanshan Han; Wenxuan Wu; Baturalp Buyukates; Weizhao Jin; Qifan Zhang; Yuhang Yao; Salman Avestimehr; Chaoyang He http://arxiv.org/abs/2310.03707 OMG-ATTACK: Self-Supervised On-Manifold Generation of Transferable Evasion Attacks. (99%) Ofir Bar Tal; Adi Haviv; Amit H. Bermano http://arxiv.org/abs/2310.03334 Untargeted White-box Adversarial Attack with Heuristic Defence Methods in Real-time Deep Learning based Network Intrusion Detection System. (99%) Khushnaseeb Roshan; Aasim Zafar; Sheikh Burhan Ul Haque http://arxiv.org/abs/2310.03358 Enhancing Robust Representation in Adversarial Training: Alignment and Exclusion Criteria. (99%) Nuoyan Zhou; Nannan Wang; Decheng Liu; Dawei Zhou; Xinbo Gao http://arxiv.org/abs/2310.03349 An Integrated Algorithm for Robust and Imperceptible Audio Adversarial Examples. (98%) Armin Ettenhofer; Jan-Philipp Schulze; Karla Pizzi http://arxiv.org/abs/2310.03614 Adversarial Machine Learning for Social Good: Reframing the Adversary as an Ally. (98%) Shawqi Al-Maliki; Adnan Qayyum; Hassan Ali; Mohamed Abdallah; Junaid Qadir; Dinh Thai Hoang; Dusit Niyato; Ala Al-Fuqaha http://arxiv.org/abs/2310.03684 SmoothLLM: Defending Large Language Models Against Jailbreaking Attacks. (92%) Alexander Robey; Eric Wong; Hamed Hassani; George J. Pappas http://arxiv.org/abs/2310.03578 Targeted Adversarial Attacks on Generalizable Neural Radiance Fields. (56%) Andras Horvath; Csaba M. Jozsa http://arxiv.org/abs/2310.03664 Certification of Deep Learning Models for Medical Image Segmentation. (15%) Othmane Laousy; Alexandre Araujo; Guillaume Chassagnon; Nikos Paragios; Marie-Pierre Revel; Maria Vakalopoulou http://arxiv.org/abs/2310.03312 Certifiably Robust Graph Contrastive Learning. (5%) Minhua Lin; Teng Xiao; Enyan Dai; Xiang Zhang; Suhang Wang http://arxiv.org/abs/2310.03518 Towards Robust and Generalizable Training: An Empirical Study of Noisy Slot Filling for Input Perturbations. (2%) Jiachi Liu; Liwen Wang; Guanting Dong; Xiaoshuai Song; Zechen Wang; Zhengyang Wang; Shanglin Lei; Jinzheng Zhao; Keqing He; Bo Xiao; Weiran Xu http://arxiv.org/abs/2310.02997 Optimizing Key-Selection for Face-based One-Time Biometrics via Morphing. (98%) Daile Osorio-Roig; Mahdi Ghafourian; Christian Rathgeb; Ruben Vera-Rodriguez; Christoph Busch; Julian Fierrez http://arxiv.org/abs/2310.03185 Misusing Tools in Large Language Models With Visual Adversarial Examples. (97%) Xiaohan Fu; Zihan Wang; Shuheng Li; Rajesh K. Gupta; Niloofar Mireshghallah; Taylor Berg-Kirkpatrick; Earlence Fernandes http://arxiv.org/abs/2310.03285 Burning the Adversarial Bridges: Robust Windows Malware Detection Against Binary-level Mutations. (82%) Ahmed Abusnaina; Yizhen Wang; Sunpreet Arora; Ke Wang; Mihai Christodorescu; David Mohaisen http://arxiv.org/abs/2310.03166 Raze to the Ground: Query-Efficient Adversarial HTML Attacks on Machine-Learning Phishing Webpage Detectors. (81%) Biagio Montaruli; Luca Demetrio; Maura Pintor; Luca Compagna; Davide Balzarotti; Battista Biggio http://arxiv.org/abs/2310.03125 Shielding the Unseen: Privacy Protection through Poisoning NeRF with Spatial Deformation. (10%) Yihan Wu; Brandon Y. Feng; Heng Huang http://arxiv.org/abs/2310.02480 Splitting the Difference on Adversarial Training. (99%) Matan Levi; Aryeh Kontorovich http://arxiv.org/abs/2310.02025 DeepZero: Scaling up Zeroth-Order Optimization for Deep Model Training. (97%) Aochuan Chen; Yimeng Zhang; Jinghan Jia; James Diffenderfer; Jiancheng Liu; Konstantinos Parasyris; Yihua Zhang; Zheng Zhang; Bhavya Kailkhura; Sijia Liu http://arxiv.org/abs/2310.02544 SlowFormer: Universal Adversarial Patch for Attack on Compute and Energy Efficiency of Inference Efficient Vision Transformers. (86%) KL Navaneet; Soroush Abbasi Koohpayegani; Essam Sleiman; Hamed Pirsiavash http://arxiv.org/abs/2310.01875 Towards Stable Backdoor Purification through Feature Shift Tuning. (83%) Rui Min; Zeyu Qin; Li Shen; Minhao Cheng http://arxiv.org/abs/2310.02417 Jailbreaker in Jail: Moving Target Defense for Large Language Models. (73%) Bocheng Chen; Advait Paliwal; Qiben Yan http://arxiv.org/abs/2310.04451 AutoDAN: Generating Stealthy Jailbreak Prompts on Aligned Large Language Models. (56%) Xiaogeng Liu; Nan Xu; Muhao Chen; Chaowei Xiao http://arxiv.org/abs/2310.01959 Beyond Labeling Oracles: What does it mean to steal ML models? (47%) Avital Shafran; Ilia Shumailov; Murat A. Erdogdu; Nicolas Papernot http://arxiv.org/abs/2310.02237 Exploring Model Learning Heterogeneity for Boosting Ensemble Robustness. (13%) Yanzhao Wu; Ka-Ho Chow; Wenqi Wei; Ling Liu http://arxiv.org/abs/2310.02113 FLEDGE: Ledger-based Federated Learning Resilient to Inference and Backdoor Attacks. (11%) Jorge Castillo; Phillip Rieger; Hossein Fereidooni; Qian Chen; Ahmad Sadeghi http://arxiv.org/abs/2310.01818 AutoLoRa: A Parameter-Free Automated Robust Fine-Tuning Framework. (3%) Xilie Xu; Jingfeng Zhang; Mohan Kankanhalli http://arxiv.org/abs/2310.01452 Fooling the Textual Fooler via Randomizing Latent Representations. (99%) Duy C. Hoang; Quang H. Nguyen; Saurav Manchanda; MinLong Peng; Kok-Seng Wong; Khoa D. Doan http://arxiv.org/abs/2310.01537 Adversarial Client Detection via Non-parametric Subspace Monitoring in the Internet of Federated Things. (92%) Xianjian Xie; Xiaochen Xian; Dan Li; Andi Wang http://arxiv.org/abs/2310.04445 LoFT: Local Proxy Fine-tuning For Improving Transferability Of Adversarial Attacks Against Large Language Model. (87%) Muhammad Ahmed Shah; Roshan Sharma; Hira Dhamyal; Raphael Olivier; Ankit Shah; Joseph Konan; Dareen Alharthi; Hazim T Bukhari; Massa Baali; Soham Deshmukh; Michael Kuhlmann; Bhiksha Raj; Rita Singh http://arxiv.org/abs/2310.01469 LLM Lies: Hallucinations are not Bugs, but Features as Adversarial Examples. (87%) Jia-Yu Yao; Kun-Peng Ning; Zhen-Hui Liu; Mu-Nan Ning; Li Yuan http://arxiv.org/abs/2310.01166 Gotcha! This Model Uses My Code! Evaluating Membership Leakage Risks in Code Models. (13%) Zhou Yang; Zhipeng Zhao; Chenyu Wang; Jieke Shi; Dongsum Kim; Donggyun Han; David Lo http://arxiv.org/abs/2311.12832 Toward effective protection against diffusion based mimicry through score distillation. (3%) Haotian Xue; Chumeng Liang; Xiaoyu Wu; Yongxin Chen http://arxiv.org/abs/2310.01651 Fool Your (Vision and) Language Model With Embarrassingly Simple Permutations. (1%) Yongshuo Zong; Tingyang Yu; Bingchen Zhao; Ruchika Chavhan; Timothy Hospedales http://arxiv.org/abs/2310.00633 A Survey of Robustness and Safety of 2D and 3D Deep Learning Models Against Adversarial Attacks. (99%) Yanjie Li; Bin Xie; Songtao Guo; Yuanyuan Yang; Bin Xiao http://arxiv.org/abs/2310.00761 Counterfactual Image Generation for adversarially robust and interpretable Classifiers. (96%) Rafael Bischof; Florian Scheidegger; Michael A. Kraus; A. Cristiano I. Malossi http://arxiv.org/abs/2310.00607 On the Onset of Robust Overfitting in Adversarial Training. (64%) Chaojian Yu; Xiaolong Shi; Jun Yu; Bo Han; Tongliang Liu http://arxiv.org/abs/2310.00616 Understanding Adversarial Transferability in Federated Learning. (64%) Yijiang Li; Ying Gao; Haohan Wang http://arxiv.org/abs/2310.00626 GhostEncoder: Stealthy Backdoor Attacks with Dynamic Triggers to Pre-trained Encoders in Self-supervised Learning. (61%) Qiannan Wang; Changchun Yin; Zhe Liu; Liming Fang; Run Wang; Chenhao Lin http://arxiv.org/abs/2310.00648 Fewer is More: Trojan Attacks on Parameter-Efficient Fine-Tuning. (9%) Lauren Hong; Ting Wang http://arxiv.org/abs/2310.00847 Can Pre-trained Networks Detect Familiar Out-of-Distribution Data? (1%) Atsuyuki Miyai; Qing Yu; Go Irie; Kiyoharu Aizawa http://arxiv.org/abs/2310.00710 How well does LLM generate security tests? (1%) Ying Daphne Zhang; Wenjia Daphne Song; Zhengjie Daphne Ji; Daphne Danfeng; Yao; Na Meng http://arxiv.org/abs/2310.00567 Understanding the Robustness of Randomized Feature Defense Against Query-Based Adversarial Attacks. (99%) Quang H. Nguyen; Yingjie Lao; Tung Pham; Kok-Seng Wong; Khoa D. Doan http://arxiv.org/abs/2310.00438 Human-Producible Adversarial Examples. (98%) David Khachaturov; Yue Gao; Ilia Shumailov; Robert Mullins; Ross Anderson; Kassem Fawaz http://arxiv.org/abs/2310.00503 Black-box Attacks on Image Activity Prediction and its Natural Language Explanations. (98%) Alina Elena Baia; Valentina Poggioni; Andrea Cavallaro http://arxiv.org/abs/2310.00542 Horizontal Class Backdoor to Deep Learning. (84%) Hua Ma; Shang Wang; Yansong Gao http://arxiv.org/abs/2310.00416 Refutation of Shapley Values for XAI -- Additional Evidence. (8%) Xuanxiang Huang; Joao Marques-Silva http://arxiv.org/abs/2310.00076 Robustness of AI-Image Detectors: Fundamental Limits and Practical Attacks. (99%) Mehrdad Saberi; Vinu Sankar Sadasivan; Keivan Rezaei; Aounon Kumar; Atoosa Chegini; Wenxiao Wang; Soheil Feizi http://arxiv.org/abs/2309.17348 Efficient Biologically Plausible Adversarial Training. (98%) Matilde Tristany Farinha; Thomas Ortner; Giorgia Dellaferrera; Benjamin Grewe; Angeliki Pantazi http://arxiv.org/abs/2309.17410 Can Sensitive Information Be Deleted From LLMs? Objectives for Defending Against Extraction Attacks. (96%) Vaidehi Patil; Peter Hase; Mohit Bansal http://arxiv.org/abs/2309.17048 On Continuity of Robust and Accurate Classifiers. (93%) Ramin Barati; Reza Safabakhsh; Mohammad Rahmati http://arxiv.org/abs/2309.17401 Adversarial Machine Learning in Latent Representations of Neural Networks. (93%) Milin Zhang; Mohammad Abdi; Francesco Restuccia http://arxiv.org/abs/2310.00116 Certified Robustness via Dynamic Margin Maximization and Improved Lipschitz Regularization. (92%) Mahyar Fazlyab; Taha Entesari; Aniket Roy; Rama Chellappa http://arxiv.org/abs/2309.17278 Toward Robust Recommendation via Real-time Vicinal Defense. (82%) Yichang Xu; Chenwang Wu; Defu Lian http://arxiv.org/abs/2310.00070 Adversarial Explainability: Utilizing Explainable Machine Learning in Bypassing IoT Botnet Detection Systems. (31%) Mohammed M. Alani; Atefeh Mashatan; Ali Miri http://arxiv.org/abs/2310.00108 Practical Membership Inference Attacks Against Large-Scale Multi-Modal Models: A Pilot Study. (13%) Myeongseob Ko; Ming Jin; Chenguang Wang; Ruoxi Jia http://arxiv.org/abs/2309.17301 Distributed Resilient Control of DC Microgrids Under Generally Unbounded FDI Attacks. (1%) Yichao Wang; Mohamadamin Rajabinezhad; Omar A. Beg; Shan Zuo http://arxiv.org/abs/2310.00222 Source Inference Attacks: Beyond Membership Inference Attacks in Federated Learning. (1%) Hongsheng Hu; Xuyun Zhang; Zoran Salcic; Lichao Sun; Kim-Kwang Raymond Choo; Gillian Dobbie http://arxiv.org/abs/2309.16878 Investigating Human-Identifiable Features Hidden in Adversarial Perturbations. (98%) Dennis Y. Menn; Tzu-hsun Feng; Sriram Vishwanath; Hung-yi Lee http://arxiv.org/abs/2309.16207 Parameter-Saving Adversarial Training: Reinforcing Multi-Perturbation Robustness via Hypernetworks. (98%) Huihui Gong; Minjing Dong; Siqi Ma; Seyit Camtepe; Surya Nepal; Chang Xu http://arxiv.org/abs/2309.16487 Towards Poisoning Fair Representations. (70%) Tianci Liu; Haoyu Wang; Feijie Wu; Hengtong Zhang; Pan Li; Lu Su; Jing Gao http://arxiv.org/abs/2309.16452 On the Trade-offs between Adversarial Robustness and Actionable Explanations. (68%) Satyapriya Krishna; Chirag Agarwal; Himabindu Lakkaraju http://arxiv.org/abs/2309.16883 The Lipschitz-Variance-Margin Tradeoff for Enhanced Randomized Smoothing. (56%) Blaise Delattre; Alexandre Araujo; Quentin Barthélemy; Alexandre Allauzen http://arxiv.org/abs/2309.16827 Post-Training Overfitting Mitigation in DNN Classifiers. (41%) Hang Wang; David J. Miller; George Kesidis http://arxiv.org/abs/2309.16952 Leveraging Optimization for Adaptive Attacks on Image Watermarks. (13%) Nils Lukas; Abdulrahman Diaa; Lucas Fenaux; Florian Kerschbaum http://arxiv.org/abs/2309.16172 Random and Safe Cache Architecture to Defeat Cache Timing Attacks. (9%) Guangyuan Hu; Ruby B. Lee http://arxiv.org/abs/2309.16631 Robust Offline Reinforcement Learning -- Certify the Confidence Interval. (4%) Jiarui Yao; Simon Shaolei Du http://arxiv.org/abs/2309.16314 A Primer on Bayesian Neural Networks: Review and Debates. (2%) Julyan Arbel; Konstantinos Pitas; Mariia Vladimirova; Vincent Fortuin http://arxiv.org/abs/2309.16096 Adversarial Examples Might be Avoidable: The Role of Data Concentration in Adversarial Robustness. (95%) Ambar Pal; Jeremias Sulam; René Vidal http://arxiv.org/abs/2309.15519 Defending Against Physical Adversarial Patch Attacks on Infrared Human Detection. (95%) Lukas Strack; Futa Waseda; Huy H. Nguyen; Yinqiang Zheng; Isao Echizen http://arxiv.org/abs/2309.15669 On the Computational Entanglement of Distant Features in Adversarial Machine Learning. (92%) YenLung Lai; Xingbo Dong; Zhe Jin http://arxiv.org/abs/2309.15418 Automatic Feature Fairness in Recommendation via Adversaries. (33%) Hengchang Hu; Yiming Cao; Zhankui He; Samson Tan; Min-Yen Kan http://arxiv.org/abs/2310.07726 Warfare:Breaking the Watermark Protection of AI-Generated Content. (12%) Guanlin Li; Yifei Chen; Jie Zhang; Jiwei Li; Shangwei Guo; Tianwei Zhang http://arxiv.org/abs/2309.15770 Generating Transferable Adversarial Simulation Scenarios for Self-Driving via Neural Rendering. (11%) Yasasa Abeysirigoonawardena; Kevin Xie; Chuhan Chen; Salar Hosseini; Ruiting Chen; Ruiqi Wang; Florian Shkurti http://arxiv.org/abs/2309.15687 Breaking On-Chip Communication Anonymity using Flow Correlation Attacks. (4%) Hansika Weerasena; Prabhat Mishra http://arxiv.org/abs/2310.06855 Genetic Algorithm-Based Dynamic Backdoor Attack on Federated Learning-Based Network Traffic Classification. (1%) Mahmoud Nazzal; Nura Aljaafari; Ahmed Sawalmeh; Abdallah Khreishah; Muhammad Anan; Abdulelah Algosaibi; Mohammed Alnaeem; Adel Aldalbahi; Abdulaziz Alhumam; Conrado P. Vizcarra; Shadan Alhamed http://arxiv.org/abs/2309.14700 Structure Invariant Transformation for better Adversarial Transferability. (99%) Xiaosen Wang; Zeliang Zhang; Jianping Zhang http://arxiv.org/abs/2309.15087 Privacy-preserving and Privacy-attacking Approaches for Speech and Audio -- A Survey. (16%) Yuchen Liu; Apu Kapadia; Donald Williamson http://arxiv.org/abs/2309.15386 Neural Stochastic Differential Equations for Robust and Explainable Analysis of Electromagnetic Unintended Radiated Emissions. (2%) Sumit Kumar Jha; Susmit Jha; Rickard Ewetz; Alvaro Velasquez http://arxiv.org/abs/2309.15224 Collaborative Watermarking for Adversarial Speech Synthesis. (1%) Lauri Aalto University, Finland Juvela; Xin National Institute of Informatics, Japan Wang http://arxiv.org/abs/2309.14585 DifAttack: Query-Efficient Black-Box Attack via Disentangled Feature Space. (99%) Liu Jun; Zhou Jiantao; Zeng Jiandian; Jinyu Tian http://arxiv.org/abs/2309.14615 Gray-box Adversarial Attack of Deep Reinforcement Learning-based Trading Agents. (98%) Foozhan Ataiefard; Hadi Hemmati http://arxiv.org/abs/2309.14122 SurrogatePrompt: Bypassing the Safety Filter of Text-To-Image Models via Substitution. (1%) Zhongjie Ba; Jieming Zhong; Jiachen Lei; Peng Cheng; Qinglong Wang; Zhan Qin; Zhibo Wang; Kui Ren http://arxiv.org/abs/2309.13857 Adversarial Attacks on Video Object Segmentation with Hard Region Discovery. (99%) Ping Li; Yu Zhang; Li Yuan; Jian Zhao; Xianghua Xu; Xiaoqin Zhang http://arxiv.org/abs/2309.13609 Vulnerabilities in Video Quality Assessment Models: The Challenge of Adversarial Attacks. (98%) Ao-Xiang Zhang; Yu Ran; Weixuan Tang; Yuan-Gen Wang http://arxiv.org/abs/2309.13841 On the Effectiveness of Adversarial Samples against Ensemble Learning-based Windows PE Malware Detectors. (86%) Trong-Nghia To; Danh Le Kim; Do Thi Thu Hien; Nghi Hoang Khoa; Hien Do Hoang; Phan The Duy; Van-Hau Pham http://arxiv.org/abs/2310.03033 Benchmarking Local Robustness of High-Accuracy Binary Neural Networks for Enhanced Traffic Sign Recognition. (80%) Andreea Postovan; Mădălina Eraşcu http://arxiv.org/abs/2309.13794 Projected Randomized Smoothing for Certified Adversarial Robustness. (76%) Samuel Pfrommer; Brendon G. Anderson; Somayeh Sojoudi http://arxiv.org/abs/2309.13763 Combining Two Adversarial Attacks Against Person Re-Identification Systems. (73%) Eduardo de O. Andrade; Igor Garcia Ballhausen Sampaio; Joris Guérin; José Viterbo http://arxiv.org/abs/2309.13579 Seeing Is Not Always Believing: Invisible Collision Attack and Defence on Pre-Trained Models. (2%) Minghang Deng; Zhong Zhang; Junming Shao http://arxiv.org/abs/2309.13256 Defending Pre-trained Language Models as Few-shot Learners against Backdoor Attacks. (61%) Zhaohan Xi; Tianyu Du; Changjiang Li; Ren Pang; Shouling Ji; Jinghui Chen; Fenglong Ma; Ting Wang http://arxiv.org/abs/2309.13444 Moving Target Defense based Secured Network Slicing System in the O-RAN Architecture. (1%) Mojdeh Karbalaee Motalleb; Chafika Benzaïd; Tarik Taleb; Vahid Shah-Mansouri http://arxiv.org/abs/2309.13475 Detecting and Mitigating System-Level Anomalies of Vision-Based Controllers. (1%) Aryaman Gupta; Kaustav Chakraborty; Somil Bansal http://arxiv.org/abs/2309.13245 RBFormer: Improve Adversarial Robustness of Transformer by Robust Bias. (99%) Hao Cheng; Jinhao Duan; Hui Li; Lyutianyang Zhang; Jiahang Cao; Ping Wang; Jize Zhang; Kaidi Xu; Renjing Xu http://arxiv.org/abs/2309.13190 Spatial-frequency channels, shape bias, and adversarial robustness. (69%) Ajay Subramanian; Elena Sizikova; Najib J. Majaj; Denis G. Pelli http://arxiv.org/abs/2309.12914 VIC-KD: Variance-Invariance-Covariance Knowledge Distillation to Make Keyword Spotting More Robust Against Adversarial Attacks. (69%) Heitor R. Guimarães; Arthur Pimentel; Anderson Avila; Tiago H. Falk http://arxiv.org/abs/2309.13016 Understanding Deep Gradient Leakage via Inversion Influence Functions. (15%) Haobo Zhang; Junyuan Hong; Yuyang Deng; Mehrdad Mahdavi; Jiayu Zhou http://arxiv.org/abs/2309.13150 Pixel-wise Smoothing for Certified Robustness against Camera Motion Perturbations. (10%) Hanjiang Hu; Zuxin Liu; Linyi Li; Jiacheng Zhu; Ding Zhao http://arxiv.org/abs/2309.13038 Privacy Assessment on Reconstructed Images: Are Existing Evaluation Metrics Faithful to Human Perception? (5%) Xiaoxiao Sun; Nidham Gazagnadou; Vivek Sharma; Lingjuan Lyu; Hongdong Li; Liang Zheng http://arxiv.org/abs/2309.13002 Expressive variational quantum circuits provide inherent privacy in federated learning. (1%) Niraj Kumar; Jamie Heredge; Changhao Li; Shaltiel Eloul; Shree Hari Sureshbabu; Marco Pistoia http://arxiv.org/abs/2309.12955 On Data Fabrication in Collaborative Vehicular Perception: Attacks and Countermeasures. (1%) Qingzhao Zhang; Shuowei Jin; Ruiyang Zhu; Jiachen Sun; Xumiao Zhang; Qi Alfred Chen; Z. Morley Mao http://arxiv.org/abs/2309.12593 Improving Machine Learning Robustness via Adversarial Training. (99%) Long Dang; Thushari Hapuarachchi; Kaiqi Xiong; Jing Lin http://arxiv.org/abs/2309.11830 Goal-Oriented Prompt Attack and Safety Evaluation for LLMs. (69%) Chengyuan Liu; Fubang Zhao; Lizhi Qing; Yangyang Kang; Changlong Sun; Kun Kuang; Fei Wu http://arxiv.org/abs/2309.12481 HANS, are you clever? Clever Hans Effect Analysis of Neural Systems. (45%) Leonardo Ranaldi; Fabio Massimo Zanzotto http://arxiv.org/abs/2309.12263 On the Relationship between Skill Neurons and Robustness in Prompt Tuning. (12%) Leon Ackermann; Xenia Ohmer http://arxiv.org/abs/2309.11894 DeepTheft: Stealing DNN Model Architectures through Power Side Channel. (1%) Yansong Gao; Huming Qiu; Zhi Zhang; Binghui Wang; Hua Ma; Alsharif Abuadbba; Minhui Xue; Anmin Fu; Surya Nepal http://arxiv.org/abs/2309.11751 How Robust is Google's Bard to Adversarial Image Attacks? (99%) Yinpeng Dong; Huanran Chen; Jiawei Chen; Zhengwei Fang; Xiao Yang; Yichi Zhang; Yu Tian; Hang Su; Jun Zhu http://arxiv.org/abs/2309.11111 PRAT: PRofiling Adversarial aTtacks. (99%) Rahul Ambati; Naveed Akhtar; Ajmal Mian; Yogesh Singh Rawat http://arxiv.org/abs/2309.11196 When to Trust AI: Advances and Challenges for Certification of Neural Networks. (64%) Marta Kwiatkowska; Xiyue Zhang http://arxiv.org/abs/2309.11462 AudioFool: Fast, Universal and synchronization-free Cross-Domain Attack on Speech Recognition. (54%) Mohamad Fakih; Rouwaida Kanj; Fadi Kurdahi; Mohammed E. Fouda http://arxiv.org/abs/2309.11667 Understanding Pose and Appearance Disentanglement in 3D Human Pose Estimation. (54%) Krishna Kanth Nakka; Mathieu Salzmann http://arxiv.org/abs/2309.11053 Fed-LSAE: Thwarting Poisoning Attacks against Federated Cyber Threat Detection System via Autoencoder-based Latent Space Inspection. (5%) Tran Duc Luong; Vuong Minh Tien; Nguyen Huu Quyen; Do Thi Thu Hien; Phan The Duy; Van-Hau Pham http://arxiv.org/abs/2309.16577 Compilation as a Defense: Enhancing DL Model Attack Robustness via Tensor Optimization. (2%) Stefan Trawicki; William Hackett; Lewis Birch; Neeraj Suri; Peter Garraghan http://arxiv.org/abs/2309.10348 Language Guided Adversarial Purification. (99%) Himanshu Singh; A V Subramanyam http://arxiv.org/abs/2309.10916 What Learned Representations and Influence Functions Can Tell Us About Adversarial Examples. (99%) Shakila Mahjabin Tonni; Mark Dras http://arxiv.org/abs/2309.10586 Adversarial Attacks Against Uncertainty Quantification. (99%) Emanuele Ledda; Daniele Angioni; Giorgio Piras; Giorgio Fumera; Battista Biggio; Fabio Roli http://arxiv.org/abs/2309.10544 Model Leeching: An Extraction Attack Targeting LLMs. (76%) Lewis Birch; William Hackett; Stefan Trawicki; Neeraj Suri; Peter Garraghan http://arxiv.org/abs/2309.11022 Information Leakage from Data Updates in Machine Learning Models. (16%) Tian Hui; Farhad Farokhi; Olga Ohrimenko http://arxiv.org/abs/2309.10644 Robin: A Novel Method to Produce Robust Interpreters for Deep Learning-Based Code Classifiers. (16%) Zhen Li; Ruqian Zhang; Deqing Zou; Ning Wang; Yating Li; Shouhuai Xu; Chen Chen; Hai Jin http://arxiv.org/abs/2309.10607 SPFL: A Self-purified Federated Learning Method Against Poisoning Attacks. (12%) Zizhen Liu; Weiyang He; Chip-Hong Chang; Jing Ye; Huawei Li; Xiaowei Li http://arxiv.org/abs/2309.11005 It's Simplex! Disaggregating Measures to Improve Certified Robustness. (11%) Andrew C. Cullen; Paul Montague; Shijie Liu; Sarah M. Erfani; Benjamin I. P. Rubinstein http://arxiv.org/abs/2310.10664 Nebula: Self-Attention for Dynamic Malware Analysis. (5%) Dmitrijs Trizna; Luca Demetrio; Battista Biggio; Fabio Roli http://arxiv.org/abs/2310.07725 Extreme Image Transformations Facilitate Robust Latent Object Representations. (1%) Girik Malik; Dakarai Crowder; Ennio Mingolla http://arxiv.org/abs/2309.09480 Stealthy Physical Masked Face Recognition Attack via Adversarial Style Optimization. (99%) Huihui Gong; Minjing Dong; Siqi Ma; Seyit Camtepe; Surya Nepal; Chang Xu http://arxiv.org/abs/2309.10243 Transferable Adversarial Attack on Image Tampering Localization. (99%) Yuqi Wang; Gang Cao; Zijie Lou; Haochen Zhu http://arxiv.org/abs/2309.10136 Efficient Low-Rank GNN Defense Against Structural Attacks. (96%) Abdullah Alchihabi; Qing En; Yuhong Guo http://arxiv.org/abs/2309.09928 Evaluating Adversarial Robustness with Expected Viable Performance. (45%) Ryan McCoppin; Colin Dawson; Sean M. Kennedy; Leslie M. Blaha http://arxiv.org/abs/2309.10058 Dual Student Networks for Data-Free Model Stealing. (26%) James Beetham; Navid Kardan; Ajmal Mian; Mubarak Shah http://arxiv.org/abs/2309.09700 Securing Fixed Neural Network Steganography. (5%) Zicong Luo; Sheng Li; Guobiao Li; Zhenxing Qian; Xinpeng Zhang http://arxiv.org/abs/2309.10253 GPTFUZZER: Red Teaming Large Language Models with Auto-Generated Jailbreak Prompts. (4%) Jiahao Yu; Xingwei Lin; Zheng Yu; Xinyu Xing http://arxiv.org/abs/2309.09586 Spoofing attack augmentation: can differently-trained attack models improve generalisation? (3%) Wanying Ge; Xin Wang; Junichi Yamagishi; Massimiliano Todisco; Nicholas Evans http://arxiv.org/abs/2309.09837 Frame-to-Utterance Convergence: A Spectra-Temporal Approach for Unified Spoofing Detection. (1%) Awais Khan; Khalid Mahmood Malik; Shah Nawaz http://arxiv.org/abs/2309.09464 Reducing Adversarial Training Cost with Gradient Approximation. (99%) Huihui Gong; Shuo Yang; Siqi Ma; Seyit Camtepe; Surya Nepal; Chang Xu http://arxiv.org/abs/2309.14348 Defending Against Alignment-Breaking Attacks via Robustly Aligned LLM. (61%) Bochuan Cao; Yuanpu Cao; Lu Lin; Jinghui Chen http://arxiv.org/abs/2309.08999 Context-aware Adversarial Attack on Named Entity Recognition. (99%) Shuguang Chen; Leonardo Neves; Thamar Solorio http://arxiv.org/abs/2309.08945 Inverse classification with logistic and softmax classifiers: efficient optimization. (56%) Miguel Á. Carreira-Perpiñán; Suryabhan Singh Hada http://arxiv.org/abs/2309.08953 Robust Backdoor Attacks on Object Detection in Real World. (11%) Yaguan Qian; Boyuan Ji; Shuke He; Shenhui Huang; Xiang Ling; Bin Wang; Wei Wang http://arxiv.org/abs/2309.09123 Conditional Mutual Information Constrained Deep Learning for Classification. (5%) En-Hui Yang; Shayan Mohajer Hamidi; Linfeng Ye; Renhao Tan; Beverly Yang http://arxiv.org/abs/2309.08650 Adversarial Attacks on Tables with Entity Swap. (92%) Aneta Koleva; Martin Ringsquandl; Volker Tresp http://arxiv.org/abs/2309.08549 HINT: Healthy Influential-Noise based Training to Defend against Data Poisoning Attacks. (87%) Minh-Hao Van; Alycia N. Carey; Xintao Wu http://arxiv.org/abs/2309.08825 Distributionally Robust Post-hoc Classifiers under Prior Shifts. (1%) Jiaheng Wei; Harikrishna Narasimhan; Ehsan Amid; Wen-Sheng Chu; Yang Liu; Abhishek Kumar http://arxiv.org/abs/2309.08230 A Duty to Forget, a Right to be Assured? Exposing Vulnerabilities in Machine Unlearning Services. (1%) Hongsheng Hu; Shuo Wang; Jiamin Chang; Haonan Zhong; Ruoxi Sun; Shuang Hao; Haojin Zhu; Minhui Xue http://arxiv.org/abs/2309.08058 Unleashing the Adversarial Facet of Software Debloating. (98%) Do-Men Su; Mohannad Alhanahnah http://arxiv.org/abs/2309.07983 SLMIA-SR: Speaker-Level Membership Inference Attacks against Speaker Recognition Systems. (76%) Guangke Chen; Yedi Zhang; Fu Song http://arxiv.org/abs/2309.07808 What Matters to Enhance Traffic Rule Compliance of Imitation Learning for Automated Driving. (50%) Hongkuan Zhou; Aifen Sui; Wei Cao; Zhenshan Bing http://arxiv.org/abs/2311.16113 BAGEL: Backdoor Attacks against Federated Contrastive Learning. (16%) Yao Huang; Kongyang Chen; Jiannong Cao; Jiaxing Shen; Shaowei Wang; Yun Peng; Weilong Peng; Kechao Cai http://arxiv.org/abs/2309.07428 Physical Invisible Backdoor Based on Camera Imaging. (2%) Yusheng Guo; Nan Zhong; Zhenxing Qian; Xinpeng Zhang http://arxiv.org/abs/2309.07973 M3Dsynth: A dataset of medical 3D images with AI-generated local manipulations. (1%) Giada Zingarini; Davide Cozzolino; Riccardo Corvi; Giovanni Poggi; Luisa Verdoliva http://arxiv.org/abs/2309.07398 Semantic Adversarial Attacks via Diffusion Models. (99%) Chenan Wang; Jinhao Duan; Chaowei Xiao; Edward Kim; Matthew Stamm; Kaidi Xu http://arxiv.org/abs/2309.07106 Hardening RGB-D Object Recognition Systems against Adversarial Patch Attacks. (99%) Yang Zheng; Luca Demetrio; Antonio Emanuele Cinà; Xiaoyi Feng; Zhaoqiang Xia; Xiaoyue Jiang; Ambra Demontis; Battista Biggio; Fabio Roli http://arxiv.org/abs/2309.07197 Mitigating Adversarial Attacks in Federated Learning with Trusted Execution Environments. (99%) Simon Queyrut; Valerio Schiavoni; Pascal Felber http://arxiv.org/abs/2309.06960 PhantomSound: Black-Box, Query-Efficient Audio Adversarial Attack via Split-Second Phoneme Injection. (99%) Hanqing Guo; Guangjing Wang; Yuanda Wang; Bocheng Chen; Qiben Yan; Li Xiao http://arxiv.org/abs/2309.07026 APICom: Automatic API Completion via Prompt Learning and Adversarial Training-based Data Augmentation. (92%) Yafeng Gu; Yiheng Shen; Xiang Chen; Shaoyu Yang; Yiling Huang; Zhixiang Cao http://arxiv.org/abs/2309.07124 RAIN: Your Language Models Can Align Themselves without Finetuning. (83%) Yuhui Li; Fangyun Wei; Jinjing Zhao; Chao Zhang; Hongyang Zhang http://arxiv.org/abs/2309.06978 Differentiable JPEG: The Devil is in the Details. (70%) Christoph Reich; Biplob Debnath; Deep Patel; Srimat Chakradhar http://arxiv.org/abs/2309.06724 Deep Nonparametric Convexified Filtering for Computational Photography, Image Synthesis and Adversarial Defense. (41%) Jianqiao Wangni http://arxiv.org/abs/2309.06981 MASTERKEY: Practical Backdoor Attack Against Speaker Verification Systems. (38%) Hanqing Guo; Xun Chen; Junfeng Guo; Li Xiao; Qiben Yan http://arxiv.org/abs/2309.07415 Client-side Gradient Inversion Against Federated Learning from Poisoning. (22%) Jiaheng Wei; Yanjun Zhang; Leo Yu Zhang; Chao Chen; Shirui Pan; Kok-Leong Ong; Jun Zhang; Yang Xiang http://arxiv.org/abs/2309.06835 Safe Reinforcement Learning with Dual Robustness. (1%) Zeyang Li; Chuxiong Hu; Yunan Wang; Yujie Yang; Shengbo Eben Li http://arxiv.org/abs/2309.06359 Using Reed-Muller Codes for Classification with Rejection and Recovery. (99%) Daniel University of Birmingham Fentham; David University of Oxford Parker; Mark University of Birmingham Ryan http://arxiv.org/abs/2309.06166 Certified Robust Models with Slack Control and Large Lipschitz Constants. (98%) Max Losch; David Stutz; Bernt Schiele; Mario Fritz http://arxiv.org/abs/2309.06438 Exploring Non-additive Randomness on ViT against Query-Based Black-Box Attacks. (98%) Jindong Gu; Fangyun Wei; Philip Torr; Han Hu http://arxiv.org/abs/2309.06055 Backdoor Attacks and Countermeasures in Natural Language Processing Models: A Comprehensive Security Review. (61%) Pengzhou Cheng; Zongru Wu; Wei Du; Gongshen Liu http://arxiv.org/abs/2309.05978 CToMP: A Cycle-task-oriented Memory Protection Scheme for Unmanned Systems. (8%) Chengyan Ma; Ning Xi; Di Lu; Yebo Feng; Jianfeng Ma http://arxiv.org/abs/2309.05950 Language Models as Black-Box Optimizers for Vision-Language Models. (4%) Shihong Liu; Zhiqiu Lin; Samuel Yu; Ryan Lee; Tiffany Ling; Deepak Pathak; Deva Ramanan http://arxiv.org/abs/2309.06223 Unveiling Signle-Bit-Flip Attacks on DNN Executables. (1%) Yanzuo The Hong Kong University of Science and Technology Chen; Zhibo The Hong Kong University of Science and Technology Liu; Yuanyuan The Hong Kong University of Science and Technology Yuan; Sihang Huawei Technologies Hu; Tianxiang Huawei Technologies Li; Shuai The Hong Kong University of Science and Technology Wang http://arxiv.org/abs/2309.05879 Generalized Attacks on Face Verification Systems. (88%) Ehsan Nazari; Paula Branco; Guy-Vincent Jourdan http://arxiv.org/abs/2309.05900 Adversarial Attacks Assessment of Salient Object Detection via Symbolic Learning. (76%) Gustavo Olague; Roberto Pineda; Gerardo Ibarra-Vazquez; Matthieu Olague; Axel Martinez; Sambit Bakshi; Jonathan Vargas; Isnardo Reducindo http://arxiv.org/abs/2310.10659 Exploiting Machine Unlearning for Backdoor Attacks in Deep Learning System. (68%) Peixin Zhang; Jun Sun; Mingtian Tan; Xinyu Wang http://arxiv.org/abs/2309.05610 Privacy Side Channels in Machine Learning Systems. (10%) Edoardo Debenedetti; Giorgio Severi; Nicholas Carlini; Christopher A. Choquette-Choo; Matthew Jagielski; Milad Nasr; Eric Wallace; Florian Tramèr http://arxiv.org/abs/2309.05809 Divergences in Color Perception between Deep Neural Networks and Humans. (4%) Ethan O. Nadler; Elise Darragh-Ford; Bhargav Srinivasa Desikan; Christian Conaway; Mark Chu; Tasker Hull; Douglas Guilbeault http://arxiv.org/abs/2309.05940 Catch You Everything Everywhere: Guarding Textual Inversion via Concept Watermarking. (1%) Weitao Feng; Jiyan He; Jie Zhang; Tianwei Zhang; Wenbo Zhou; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/2309.05516 Optimize Weight Rounding via Signed Gradient Descent for the Quantization of LLMs. (1%) Wenhua Cheng; Weiwei Zhang; Haihao Shen; Yiyang Cai; Xin He; Kaokao Lv http://arxiv.org/abs/2309.05145 Outlier Robust Adversarial Training. (98%) Shu Hu; Zhenhuan Yang; Xin Wang; Yiming Ying; Siwei Lyu http://arxiv.org/abs/2309.05132 DAD++: Improved Data-free Test Time Adversarial Defense. (98%) Gaurav Kumar Nayak; Inder Khatri; Shubham Randive; Ruchit Rawal; Anirban Chakraborty http://arxiv.org/abs/2309.06527 Machine Translation Models Stand Strong in the Face of Adversarial Attacks. (86%) Pavel Burnyshev; Elizaveta Kostenok; Alexey Zaytsev http://arxiv.org/abs/2309.05075 Secure Set-Based State Estimation for Linear Systems under Adversarial Attacks on Sensors. (3%) Muhammad Umar B. Niazi; Michelle S. Chong; Amr Alanwar; Karl H. Johansson http://arxiv.org/abs/2309.04777 Towards Robust Model Watermark via Reducing Parametric Vulnerability. (8%) Guanhao Gan; Yiming Li; Dongxian Wu; Shu-Tao Xia http://arxiv.org/abs/2309.04884 RecAD: Towards A Unified Library for Recommender Attack and Defense. (1%) Changsheng Wang; Jianbai Ye; Wenjie Wang; Chongming Gao; Fuli Feng; Xiangnan He http://arxiv.org/abs/2309.04650 Exploring Robust Features for Improving Adversarial Robustness. (99%) Hong Wang; Yuefan Deng; Shinjae Yoo; Yuewei Lin http://arxiv.org/abs/2309.04386 ARRTOC: Adversarially Robust Real-Time Optimization and Control. (2%) Akhil Ahmed; Rio-Chanona Ehecatl Antonio del; Mehmet Mercangoz http://arxiv.org/abs/2309.06377 Adversarial attacks on hybrid classical-quantum Deep Learning models for Histopathological Cancer Detection. (1%) Biswaraj Baral; Reek Majumdar; Bhavika Bhalgamiya; Taposh Dutta Roy http://arxiv.org/abs/2309.04211 Counterfactual Explanations via Locally-guided Sequential Algorithmic Recourse. (1%) Edward A. Small; Jeffrey N. Clark; Christopher J. McWilliams; Kacper Sokol; Jeffrey Chan; Flora D. Salim; Raul Santos-Rodriguez http://arxiv.org/abs/2309.03665 How adversarial attacks can disrupt seemingly stable accurate classifiers. (99%) Oliver J. Sutton; Qinghua Zhou; Ivan Y. Tyukin; Alexander N. Gorban; Alexander Bastounis; Desmond J. Higham http://arxiv.org/abs/2309.03844 Experimental Study of Adversarial Attacks on ML-based xApps in O-RAN. (99%) Naveen Naik Sapavath; Brian Kim; Kaushik Chowdhury; Vijay K Shah http://arxiv.org/abs/2309.03791 Adversarially Robust Deep Learning with Optimal-Transport-Regularized Divergences. (95%) Jeremiah Birrell; Mohammadreza Ebrahimi http://arxiv.org/abs/2309.03702 DiffDefense: Defending against Adversarial Attacks via Diffusion Models. (80%) Hondamunige Prasanna Silva; Lorenzo Seidenari; Bimbo Alberto Del http://arxiv.org/abs/2309.04036 One-to-Multiple Clean-Label Image Camouflage (OmClic) based Backdoor Attack on Deep Learning. (73%) Guohong Wang; Hua Ma; Yansong Gao; Alsharif Abuadbba; Zhi Zhang; Wei Kang; Said F. Al-Sarawib; Gongxuan Zhang; Derek Abbott http://arxiv.org/abs/2309.03648 Promoting Fairness in GNNs: A Characterization of Stability. (1%) Yaning Jia; Chunhui Zhang http://arxiv.org/abs/2309.02705 Certifying LLM Safety against Adversarial Prompting. (99%) Aounon Kumar; Chirag Agarwal; Suraj Srinivas; Aaron Jiaxun Li; Soheil Feizi; Himabindu Lakkaraju http://arxiv.org/abs/2309.02752 SWAP: Exploiting Second-Ranked Logits for Adversarial Attacks on Time Series. (84%) Chang George Dong; Liangwei Nathan Zheng; Weitong Chen; Wei Emma Zhang; Lin Yue http://arxiv.org/abs/2309.03437 Byzantine-Robust Federated Learning with Variance Reduction and Differential Privacy. (68%) Zikai Zhang; Rui Hu http://arxiv.org/abs/2309.03164 J-Guard: Journalism Guided Adversarially Robust Detection of AI-generated News. (38%) Tharindu Kumarage; Amrita Bhattacharjee; Djordje Padejski; Kristy Roschke; Dan Gillmor; Scott Ruston; Huan Liu; Joshua Garland http://arxiv.org/abs/2309.03466 MIRA: Cracking Black-box Watermarking on Deep Neural Networks via Model Inversion-based Removal Attacks. (22%) Yifan Lu; Wenxuan Li; Mi Zhang; Xudong Pan; Min Yang http://arxiv.org/abs/2309.03198 My Art My Choice: Adversarial Protection Against Unruly AI. (2%) Anthony Rhodes; Ram Bhagat; Umur Aybars Ciftci; Ilke Demir http://arxiv.org/abs/2310.10656 VeriDIP: Verifying Ownership of Deep Neural Networks through Privacy Leakage Fingerprints. (1%) Aoting Hu; Zhigang Lu; Renjie Xie; Minhui Xue http://arxiv.org/abs/2309.03004 A Theoretical Explanation of Activation Sparsity through Flat Minima and Adversarial Robustness. (1%) Ze Peng; Lei Qi; Yinghuan Shi; Yang Gao http://arxiv.org/abs/2309.02159 The Adversarial Implications of Variable-Time Inference. (99%) Dudi Biton; Aditi Misra; Efrat Levy; Jaidip Kotak; Ron Bitton; Roei Schuster; Nicolas Papernot; Yuval Elovici; Ben Nassi http://arxiv.org/abs/2309.02528 Adaptive Adversarial Training Does Not Increase Recourse Costs. (92%) Ian Hardy; Jayanth Yetukuri; Yang Liu http://arxiv.org/abs/2309.02396 Black-Box Attacks against Signed Graph Analysis via Balance Poisoning. (87%) Jialong Zhou; Yuni Lai; Jian Ren; Kai Zhou http://arxiv.org/abs/2310.06845 RobustEdge: Low Power Adversarial Detection for Cloud-Edge Systems. (83%) Abhishek Moitra; Abhiroop Bhattacharjee; Youngeun Kim; Priyadarshini Panda http://arxiv.org/abs/2309.02429 Building a Winning Team: Selecting Source Model Ensembles using a Submodular Transferability Estimation Approach. (4%) Vimal K B; Saketh Bachu; Tanmay Garg; Niveditha Lakshmi Narasimhan; Raghavan Konuru; Vineeth N Balasubramanian http://arxiv.org/abs/2309.02057 Robust Recommender System: A Survey and Future Directions. (2%) Kaike Zhang; Qi Cao; Fei Sun; Yunfan Wu; Shuchang Tao; Huawei Shen; Xueqi Cheng http://arxiv.org/abs/2309.02088 Dual Adversarial Alignment for Realistic Support-Query Shift Few-shot Learning. (1%) Siyang Jiang; Rui Fang; Hsi-Wen Chen; Wei Ding; Ming-Syan Chen http://arxiv.org/abs/2309.01620 Hindering Adversarial Attacks with Multiple Encrypted Patch Embeddings. (99%) AprilPyone MaungMaung; Isao Echizen; Hitoshi Kiya http://arxiv.org/abs/2309.01582 Improving Visual Quality and Transferability of Adversarial Attacks on Face Recognition Simultaneously with Adversarial Restoration. (99%) Fengfan Zhou; Hefei Ling; Yuxuan Shi; Jiazhong Chen; Ping Li http://arxiv.org/abs/2309.01351 Adv3D: Generating 3D Adversarial Examples in Driving Scenarios with NeRF. (99%) Leheng Li; Qing Lian; Ying-Cong Chen http://arxiv.org/abs/2309.01452 Toward Defensive Letter Design. (98%) Rentaro Kataoka; Akisato Kimura; Seiichi Uchida http://arxiv.org/abs/2309.01686 MathAttack: Attacking Large Language Models Towards Math Solving Ability. (97%) Zihao Zhou; Qiufeng Wang; Mingyu Jin; Jie Yao; Jianan Ye; Wei Liu; Wei Wang; Xiaowei Huang; Kaizhu Huang http://arxiv.org/abs/2309.01838 Efficient Defense Against Model Stealing Attacks on Convolutional Neural Networks. (93%) Kacem Khaled; Mouna Dhaouadi; Magalhães Felipe Gohring de; Gabriela Nicolescu http://arxiv.org/abs/2309.01866 Efficient Query-Based Attack against ML-Based Android Malware Detection under Zero Knowledge Setting. (92%) Ping He; Yifan Xia; Xuhong Zhang; Shouling Ji http://arxiv.org/abs/2309.01786 Safe and Robust Watermark Injection with a Single OoD Image. (8%) Shuyang Yu; Junyuan Hong; Haobo Zhang; Haotao Wang; Zhangyang Wang; Jiayu Zhou http://arxiv.org/abs/2309.01614 Dropout Attacks. (2%) Andrew Yuan; Alina Oprea; Cheng Tan http://arxiv.org/abs/2309.01850 Uncertainty in AI: Evaluating Deep Neural Networks on Out-of-Distribution Images. (2%) Jamiu Idowu; Ahmed Almasoud http://arxiv.org/abs/2310.05947 Robust and Efficient Interference Neural Networks for Defending Against Adversarial Attacks in ImageNet. (99%) Yunuo Xiong; Shujuan Liu; Hongwei Xiong http://arxiv.org/abs/2309.01104 Turn Fake into Real: Adversarial Head Turn Attacks Against Deepfake Detection. (98%) Weijie Wang; Zhengyu Zhao; Nicu Sebe; Bruno Lepri http://arxiv.org/abs/2309.01106 AdvMono3D: Advanced Monocular 3D Object Detection with Depth-Aware Robust Adversarial Training. (98%) Xingyuan Li; Jinyuan Liu; Long Ma; Xin Fan; Risheng Liu http://arxiv.org/abs/2309.01077 Robust Adversarial Defense by Tensor Factorization. (89%) Manish Bhattarai; Mehmet Cagri Kaymak; Ryan Barron; Ben Nebgen; Kim Rasmussen; Boian Alexandrov http://arxiv.org/abs/2309.01102 Dual Adversarial Resilience for Collaborating Robust Underwater Image Enhancement and Perception. (13%) Zengxi Zhang; Zhiying Jiang; Zeru Shi; Jinyuan Liu; Risheng Liu http://arxiv.org/abs/2309.00879 Towards Certified Probabilistic Robustness with High Accuracy. (98%) Ruihan Zhang; Peixin Zhang; Jun Sun http://arxiv.org/abs/2309.00929 Timbre-reserved Adversarial Attack in Speaker Identification. (98%) Qing Wang; Jixun Yao; Li Zhang; Pengcheng Guo; Lei Xie http://arxiv.org/abs/2309.00894 Regularly Truncated M-estimators for Learning with Noisy Labels. (1%) Xiaobo Xia; Pengqian Lu; Chen Gong; Bo Han; Jun Yu; Jun Yu; Tongliang Liu http://arxiv.org/abs/2309.00614 Baseline Defenses for Adversarial Attacks Against Aligned Language Models. (99%) Neel Jain; Avi Schwarzschild; Yuxin Wen; Gowthami Somepalli; John Kirchenbauer; Ping-yeh Chiang; Micah Goldblum; Aniruddha Saha; Jonas Geiping; Tom Goldstein http://arxiv.org/abs/2309.00543 Curating Naturally Adversarial Datasets for Trustworthy AI in Healthcare. (99%) Sydney Pugh; Ivan Ruchkin; Insup Lee; James Weimer http://arxiv.org/abs/2309.00771 Non-Asymptotic Bounds for Adversarial Excess Risk under Misspecified Models. (89%) Changyu Liu; Yuling Jiao; Junhui Wang; Jian Huang http://arxiv.org/abs/2309.00254 Why do universal adversarial attacks work on large language models?: Geometry might be the answer. (83%) Varshini Subhash; Anna Bialas; Weiwei Pan; Finale Doshi-Velez http://arxiv.org/abs/2309.00810 RenAIssance: A Survey into AI Text-to-Image Generation in the Era of Large Model. (1%) Fengxiang Bie; Yibo Yang; Zhongzhu Zhou; Adam Ghanem; Minjia Zhang; Zhewei Yao; Xiaoxia Wu; Connor Holmes; Pareesa Golnari; David A. Clifton; Yuxiong He; Dacheng Tao; Shuaiwen Leon Song http://arxiv.org/abs/2309.00733 Learned Visual Features to Textual Explanations. (1%) Saeid Asgari Taghanaki; Aliasghar Khani; Amir Khasahmadi; Aditya Sanghi; Karl D. D. Willis; Ali Mahdavi-Amiri http://arxiv.org/abs/2308.16454 Adversarial Finetuning with Latent Representation Constraint to Mitigate Accuracy-Robustness Tradeoff. (98%) Satoshi Suzuki; Shin'ya Yamaguchi; Shoichiro Takeda; Sekitoshi Kanai; Naoki Makishima; Atsushi Ando; Ryo Masumura http://arxiv.org/abs/2309.00236 Image Hijacking: Adversarial Images can Control Generative Models at Runtime. (98%) Luke Bailey; Euan Ong; Stuart Russell; Scott Emmons http://arxiv.org/abs/2308.16562 The Power of MEME: Adversarial Malware Creation with Model-Based Reinforcement Learning. (93%) Maria Rigaki; Sebastian Garcia http://arxiv.org/abs/2308.16703 Fault Injection and Safe-Error Attack for Extraction of Embedded Neural Network Models. (75%) Kevin Hector; Pierre-Alain Moellic; Mathieu Dumont; Jean-Max Dutertre http://arxiv.org/abs/2308.16684 Everyone Can Attack: Repurpose Lossy Compression as a Natural Backdoor Attack. (75%) Sze Jue Yang; Quang Nguyen; Chee Seng Chan; Khoa D. Doan http://arxiv.org/abs/2309.00127 FTA: Stealthy and Robust Backdoor Attack with Flexible Trigger on Federated Learning. (45%) Yanqi Qiao; Congwen Chen; Rui Wang; Kaitai Liang http://arxiv.org/abs/2309.03215 Explainable and Trustworthy Traffic Sign Detection for Safe Autonomous Driving: An Inductive Logic Programming Approach. (98%) Zahra University of Surrey Chaghazardi; Saber University of Surrey Fallah; Alireza University of Surrey Tamaddoni-Nezhad http://arxiv.org/abs/2308.16258 Robust Principles: Architectural Design Principles for Adversarially Robust CNNs. (11%) ShengYun Peng; Weilin Xu; Cory Cornelius; Matthew Hull; Kevin Li; Rahul Duggal; Mansi Phute; Jason Martin; Duen Horng Chau http://arxiv.org/abs/2308.15663 Adaptive Attack Detection in Text Classification: Leveraging Space Exploration Features for Text Sentiment Classification. (99%) Atefeh Mahdavi; Neda Keivandarian; Marco Carvalho http://arxiv.org/abs/2308.15072 Advancing Adversarial Robustness Through Adversarial Logit Update. (99%) Hao Xuan; Peican Zhu; Xingyu Li http://arxiv.org/abs/2308.15344 Imperceptible Adversarial Attack on Deep Neural Networks from Image Boundary. (99%) Fahad Alrasheedi; Xin Zhong http://arxiv.org/abs/2308.15246 A Classification-Guided Approach for Adversarial Attacks against Neural Machine Translation. (99%) Sahar Sadrizadeh; Ljiljana Dolamic; Pascal Frossard http://arxiv.org/abs/2308.15673 MDTD: A Multi Domain Trojan Detector for Deep Neural Networks. (97%) Arezoo Rajabi; Surudhi Asokraj; Fengqing Jiang; Luyao Niu; Bhaskar Ramasubramanian; Jim Ritcey; Radha Poovendran http://arxiv.org/abs/2308.15479 3D Adversarial Augmentations for Robust Out-of-Domain Predictions. (87%) Alexander Lehner; Stefano Gasperini; Alvaro Marcos-Ramiro; Michael Schmidt; Nassir Navab; Benjamin Busam; Federico Tombari http://arxiv.org/abs/2308.15614 Everything Perturbed All at Once: Enabling Differentiable Graph Attacks. (84%) Haoran Liu; Bokun Wang; Jianling Wang; Xiangjue Dong; Tianbao Yang; James Caverlee http://arxiv.org/abs/2308.15736 Vulnerability of Machine Learning Approaches Applied in IoT-based Smart Grid: A Review. (75%) Zhenyong Zhang; Mengxiang Liu; Mingyang Sun; Ruilong Deng; Peng Cheng; Dusit Niyato; Mo-Yuen Chow; Jiming Chen http://arxiv.org/abs/2308.15692 Intriguing Properties of Diffusion Models: A Large-Scale Dataset for Evaluating Natural Attack Capability in Text-to-Image Generative Models. (67%) Takami Sato; Justin Yue; Nanze Chen; Ningfei Wang; Qi Alfred Chen http://arxiv.org/abs/2308.15092 Can We Rely on AI? (50%) Desmond J. Higham http://arxiv.org/abs/2308.15141 Uncertainty Aware Training to Improve Deep Learning Model Calibration for Classification of Cardiac MR Images. (1%) Tareen Dawood; Chen Chen; Baldeep S. Sidhua; Bram Ruijsink; Justin Goulda; Bradley Porter; Mark K. Elliott; Vishal Mehta; Christopher A. Rinaldi; Esther Puyol-Anton; Reza Razavi; Andrew P. King http://arxiv.org/abs/2308.14597 Adversarial Attacks on Foundational Vision Models. (80%) Nathan Inkawhich; Gwendolyn McDonald; Ryan Luley http://arxiv.org/abs/2308.14333 DiffSmooth: Certifiably Robust Learning via Diffusion Models and Local Smoothing. (45%) Jiawei Zhang; Zhongzhu Chen; Huan Zhang; Chaowei Xiao; Bo Li http://arxiv.org/abs/2308.14840 Identifying and Mitigating the Security Risks of Generative AI. (45%) Clark Barrett; Brad Boyd; Elie Burzstein; Nicholas Carlini; Brad Chen; Jihye Choi; Amrita Roy Chowdhury; Mihai Christodorescu; Anupam Datta; Soheil Feizi; Kathleen Fisher; Tatsunori Hashimoto; Dan Hendrycks; Somesh Jha; Daniel Kang; Florian Kerschbaum; Eric Mitchell; John Mitchell; Zulfikar Ramzan; Khawaja Shams; Dawn Song; Ankur Taly; Diyi Yang http://arxiv.org/abs/2308.14550 ReMAV: Reward Modeling of Autonomous Vehicles for Finding Likely Failure Events. (13%) Aizaz Sharif; Dusica Marijan http://arxiv.org/abs/2308.14553 Rep2wav: Noise Robust text-to-speech Using self-supervised representations. (1%) Qiushi Zhu; Yu Gu; Rilin Chen; Chao Weng; Yuchen Hu; Lirong Dai; Jie Zhang http://arxiv.org/abs/2308.14376 Are Existing Out-Of-Distribution Techniques Suitable for Network Intrusion Detection? (1%) Andrea Corsini; Shanchieh Jay Yang http://arxiv.org/abs/2308.14256 FaceChain: A Playground for Human-centric Artificial Intelligence Generated Content. (1%) Yang Liu; Cheng Yu; Lei Shang; Yongyi He; Ziheng Wu; Xingjun Wang; Chao Xu; Haoyu Xie; Weida Wang; Yuze Zhao; Lin Zhu; Chen Cheng; Weitao Chen; Yuan Yao; Wenmeng Zhou; Jiaqi Xu; Qiang Wang; Yingda Chen; Xuansong Xie; Baigui Sun http://arxiv.org/abs/2308.14132 Detecting Language Model Attacks with Perplexity. (1%) Gabriel Alon; Michael Kamfonas http://arxiv.org/abs/2308.12636 Exploring Transferability of Multimodal Adversarial Samples for Vision-Language Pre-training Models with Contrastive Learning. (99%) Youze Wang; Wenbo Hu; Yinpeng Dong; Richang Hong http://arxiv.org/abs/2308.12661 Don't Look into the Sun: Adversarial Solarization Attacks on Image Classifiers. (92%) Paul Gavrikov; Janis Keuper http://arxiv.org/abs/2308.12918 Evaluating the Vulnerabilities in ML systems in terms of adversarial attacks. (82%) John Harshith; Mantej Singh Gill; Madhan Jothimani http://arxiv.org/abs/2308.12857 Fast Adversarial Training with Smooth Convergence. (3%) Mengnan Zhao; Lihe Zhang; Yuqiu Kong; Baocai Yin http://arxiv.org/abs/2308.12770 WavMark: Watermarking for Audio Generation. (2%) Guangyu Chen; Yu Wu; Shujie Liu; Tao Liu; Xiaoyong Du; Furu Wei http://arxiv.org/abs/2308.12279 On-Manifold Projected Gradient Descent. (99%) Aaron Mahler; Tyrus Berry; Tom Stephens; Harbir Antil; Michael Merritt; Jeanie Schreiber; Ioannis Kevrekidis http://arxiv.org/abs/2308.12054 Sample Complexity of Robust Learning against Evasion Attacks. (98%) Pascale Gourdeau http://arxiv.org/abs/2308.12882 LCANets++: Robust Audio Classification using Multi-layer Neural Networks with Lateral Competition. (92%) Sayanton V. Dibbo; Juston S. Moore; Garrett T. Kenyon; Michael A. Teti http://arxiv.org/abs/2308.12439 BaDExpert: Extracting Backdoor Functionality for Accurate Backdoor Input Detection. (74%) Tinghao Xie; Xiangyu Qi; Ping He; Yiming Li; Jiachen T. Wang; Prateek Mittal http://arxiv.org/abs/2308.12319 RemovalNet: DNN Fingerprint Removal Attacks. (69%) Hongwei Yao; Zheng Li; Kunzhe Huang; Jian Lou; Zhan Qin; Kui Ren http://arxiv.org/abs/2310.02164 Graph Unlearning: A Review. (2%) Anwar Said; Tyler Derr; Mudassir Shabbir; Waseem Abbas; Xenofon Koutsoukos http://arxiv.org/abs/2308.12065 Ensembling Uncertainty Measures to Improve Safety of Black-Box Classifiers. (1%) Tommaso Zoppi; Andrea Ceccarelli; Andrea Bondavalli http://arxiv.org/abs/2308.12141 Aparecium: Revealing Secrets from Physical Photographs. (1%) Zhe Lei; Jie Zhang; Jingtao Li; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/2308.11845 SEA: Shareable and Explainable Attribution for Query-based Black-box Attacks. (99%) Yue Gao; Ilia Shumailov; Kassem Fawaz http://arxiv.org/abs/2308.11754 Multi-Instance Adversarial Attack on GNN-Based Malicious Domain Detection. (99%) Mahmoud Nazzal; Issa Khalil; Abdallah Khreishah; NhatHai Phan; Yao Ma http://arxiv.org/abs/2308.11894 Does Physical Adversarial Example Really Matter to Autonomous Driving? Towards System-Level Effect of Adversarial Object Evasion Attack. (98%) Ningfei Wang; Yunpeng Luo; Takami Sato; Kaidi Xu; Qi Alfred Chen http://arxiv.org/abs/2308.11333 Protect Federated Learning Against Backdoor Attacks via Data-Free Trigger Generation. (86%) Yanxin Yang; Ming Hu; Yue Cao; Jun Xia; Yihao Huang; Yang Liu; Mingsong Chen http://arxiv.org/abs/2308.11443 Revisiting and Exploring Efficient Fast Adversarial Training via LAW: Lipschitz Regularization and Auto Weight Averaging. (76%) Xiaojun Jia; Yuefeng Chen; Xiaofeng Mao; Ranjie Duan; Jindong Gu; Rong Zhang; Hui Xue; Xiaochun Cao http://arxiv.org/abs/2308.11406 Designing an attack-defense game: how to increase robustness of financial transaction models via a competition. (75%) Alexey Zaytsev; Alex Natekin; Evgeni Vorsin; Valerii Smirnov; Oleg Sidorshin; Alexander Senin; Alexander Dudin; Dmitry Berestnev http://arxiv.org/abs/2308.11881 Adversarial Training Using Feedback Loops. (74%) Ali Haisam Muhammad Rafid; Adrian Sandu http://arxiv.org/abs/2308.11804 Adversarial Illusions in Multi-Modal Embeddings. (74%) Tingwei Zhang; Rishi Jha; Eugene Bagdasaryan; Vitaly Shmatikov http://arxiv.org/abs/2308.11284 LEAP: Efficient and Automated Test Method for NLP Software. (31%) Mingxuan Xiao; Yan Xiao; Hai Dong; Shunhui Ji; Pengcheng Zhang http://arxiv.org/abs/2308.11822 PatchBackdoor: Backdoor Attack against Deep Neural Networks without Model Modification. (16%) Yizhen Institute for AI Industry Research Yuan; Rui Shanghai Jiao Tong University, Shanghai, China Kong; Shenghao Wuhan University, Wuhan, China Xie; Yuanchun Institute for AI Industry Research Shanghai AI Laboratory, Shanghai, China Li; Yunxin Institute for AI Industry Research Shanghai AI Laboratory, Shanghai, China Liu http://arxiv.org/abs/2308.10601 Improving the Transferability of Adversarial Examples with Arbitrary Style Transfer. (99%) Zhijin Ge; Fanhua Shang; Hongying Liu; Yuanyuan Liu; Liang Wan; Wei Feng; Xiaosen Wang http://arxiv.org/abs/2308.10779 Spear and Shield: Adversarial Attacks and Defense Methods for Model-Based Link Prediction on Continuous-Time Dynamic Graphs. (99%) Dongjin Lee; Juho Lee; Kijung Shin http://arxiv.org/abs/2308.10743 Enhancing Adversarial Attacks: The Similar Target Method. (99%) Shuo Zhang; Ziruo Wang; Zikai Zhou; Huanran Chen http://arxiv.org/abs/2308.11161 Adversarial Attacks on Code Models with Discriminative Graph Patterns. (96%) Thanh-Dat Pick Nguyen; Yang Pick Zhou; Xuan Bach D. Pick Le; Pick Patanamon; Thongtanunam; David Lo http://arxiv.org/abs/2308.11070 Temporal-Distributed Backdoor Attack Against Video Based Action Recognition. (88%) Xi Li; Songhe Wang; Ruiquan Huang; Mahanth Gowda; George Kesidis http://arxiv.org/abs/2308.10708 Measuring the Effect of Causal Disentanglement on the Adversarial Robustness of Neural Network Models. (76%) Preben M. Ness; Dusica Marijan; Sunanda Bose http://arxiv.org/abs/2308.10467 Single-User Injection for Invisible Shilling Attack against Recommender Systems. (62%) Chengzhi Huang; Hui Li http://arxiv.org/abs/2308.10741 On the Adversarial Robustness of Multi-Modal Foundation Models. (4%) Christian Schlarmann; Matthias Hein http://arxiv.org/abs/2308.10888 Unlocking Accuracy and Fairness in Differentially Private Image Classification. (2%) Leonard Berrada; Soham De; Judy Hanwen Shen; Jamie Hayes; Robert Stanforth; David Stutz; Pushmeet Kohli; Samuel L. Smith; Borja Balle http://arxiv.org/abs/2308.10299 Boosting Adversarial Transferability by Block Shuffle and Rotation. (99%) Kunyu Wang; Xuanran He; Wenxuan Wang; Xiaosen Wang http://arxiv.org/abs/2308.10315 Improving Adversarial Robustness of Masked Autoencoders via Test-time Frequency-domain Prompting. (96%) Qidong Huang; Xiaoyi Dong; Dongdong Chen; Yinpeng Chen; Lu Yuan; Gang Hua; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/2308.10373 HoSNN: Adversarially-Robust Homeostatic Spiking Neural Networks with Adaptive Firing Thresholds. (96%) Hejia Geng; Peng Li http://arxiv.org/abs/2308.10201 Hiding Backdoors within Event Sequence Data via Poisoning Attacks. (95%) Elizaveta Kovtun; Alina Ermilova; Dmitry Berestnev; Alexey Zaytsev http://arxiv.org/abs/2308.13541 Adversarial Collaborative Filtering for Free. (61%) Huiyuan Chen; Xiaoting Li; Vivian Lai; Chin-Chia Michael Yeh; Yujie Fan; Yan Zheng; Mahashweta Das; Hao Yang http://arxiv.org/abs/2308.10438 Efficient Joint Optimization of Layer-Adaptive Weight Pruning in Deep Neural Networks. (1%) Kaixin Xu; Zhe Wang; Xue Geng; Jie Lin; Min Wu; Xiaoli Li; Weisi Lin http://arxiv.org/abs/2308.10335 A Study on Robustness and Reliability of Large Language Model Code Generation. (1%) Li Zhong; Zilong Wang http://arxiv.org/abs/2308.09958 A Comparison of Adversarial Learning Techniques for Malware Detection. (99%) Pavla Louthánová; Matouš Kozák; Martin Jureček; Mark Stamp http://arxiv.org/abs/2308.10110 Robust Mixture-of-Expert Training for Convolutional Neural Networks. (83%) Yihua Zhang; Ruisi Cai; Tianlong Chen; Guanhua Zhang; Huan Zhang; Pin-Yu Chen; Shiyu Chang; Zhangyang Wang; Sijia Liu http://arxiv.org/abs/2308.09861 Black-box Adversarial Attacks against Dense Retrieval Models: A Multi-view Contrastive Learning Method. (99%) Yu-An Liu; Ruqing Zhang; Jiafeng Guo; Rijke Maarten de; Wei Chen; Yixing Fan; Xueqi Cheng http://arxiv.org/abs/2308.09392 Attacking logo-based phishing website detectors with adversarial perturbations. (99%) Jehyun Lee; Zhe Xin; Melanie Ng Pei See; Kanav Sabharwal; Giovanni Apruzzese; Dinil Mon Divakaran http://arxiv.org/abs/2308.09546 Compensating Removed Frequency Components: Thwarting Voice Spectrum Reduction Attacks. (92%) Shu Wang; Kun Sun; Qi Li http://arxiv.org/abs/2308.09487 DFB: A Data-Free, Low-Budget, and High-Efficacy Clean-Label Backdoor Attack. (54%) Binhao Ma; Jiahui Wang; Dejun Wang; Bo Meng http://arxiv.org/abs/2308.09850 Backdoor Mitigation by Correcting the Distribution of Neural Activations. (11%) Xi Li; Zhen Xiang; David J. Miller; George Kesidis http://arxiv.org/abs/2308.09381 On Gradient-like Explanation under a Black-box Setting: When Black-box Explanations Become as Good as White-box. (9%) Yi Cai; Gerhard Wunder http://arxiv.org/abs/2308.09318 Towards Attack-tolerant Federated Learning via Critical Parameter Analysis. (9%) Sungwon Han; Sungwon Park; Fangzhao Wu; Sundong Kim; Bin Zhu; Xing Xie; Meeyoung Cha http://arxiv.org/abs/2308.09448 Defending Label Inference Attacks in Split Learning under Regression Setting. (4%) Haoze Qiu; Fei Zheng; Chaochao Chen; Xiaolin Zheng http://arxiv.org/abs/2308.09810 An Image is Worth a Thousand Toxic Words: A Metamorphic Testing Framework for Content Moderation Software. (1%) Wenxuan Wang; Jingyuan Huang; Jen-tse Huang; Chang Chen; Jiazhen Gu; Pinjia He; Michael R. Lyu http://arxiv.org/abs/2308.09520 Proceedings of the 2nd International Workshop on Adaptive Cyber Defense. (1%) Marco Carvalho; Damian Marriott; Mark Bilinski; Ahmad Ridley http://arxiv.org/abs/2309.16706 AIR: Threats of Adversarial Attacks on Deep Learning-Based Information Recovery. (99%) Jinyin Chen; Jie Ge; Shilian Zheng; Linhui Ye; Haibin Zheng; Weiguo Shen; Keqiang Yue; Xiaoniu Yang http://arxiv.org/abs/2308.08906 Towards a Practical Defense against Adversarial Attacks on Deep Learning-based Malware Detectors via Randomized Smoothing. (99%) Daniel Gibert; Giulio Zizzo; Quan Le http://arxiv.org/abs/2308.08925 A White-Box False Positive Adversarial Attack Method on Contrastive Loss Based Offline Handwritten Signature Verification Models. (98%) Zhongliang Guo; Weiye Li; Yifei Qian; Ognjen Arandjelović; Lei Fang http://arxiv.org/abs/2308.08938 Causal Adversarial Perturbations for Individual Fairness and Robustness in Heterogeneous Data Spaces. (16%) Ahmad-Reza Ehyaei; Kiarash Mohammadi; Amir-Hossein Karimi; Samira Samadi; Golnoosh Farnadi http://arxiv.org/abs/2308.09146 That Doesn't Go There: Attacks on Shared State in Multi-User Augmented Reality Applications. (10%) Carter Slocum; Yicheng Zhang; Erfan Shayegani; Pedram Zaree; Nael Abu-Ghazaleh; Jiasi Chen http://arxiv.org/abs/2308.10819 Evaluating the Instruction-Following Robustness of Large Language Models to Prompt Injection. (10%) Zekun Li; Baolin Peng; Pengcheng He; Xifeng Yan http://arxiv.org/abs/2309.16710 General Lipschitz: Certified Robustness Against Resolvable Semantic Transformations via Transformation-Dependent Randomized Smoothing. (3%) Dmitrii Korzh; Mikhail Pautov; Olga Tsymboi; Ivan Oseledets http://arxiv.org/abs/2308.08160 Benchmarking Adversarial Robustness of Compressed Deep Learning Models. (81%) Brijesh Vora; Kartik Patwari; Syed Mahbub Hafiz; Zubair Shafiq; Chen-Nee Chuah http://arxiv.org/abs/2308.08505 Test-Time Poisoning Attacks Against Test-Time Adaptation Models. (73%) Tianshuo Cong; Xinlei He; Yun Shen; Yang Zhang http://arxiv.org/abs/2308.11521 Self-Deception: Reverse Penetrating the Semantic Firewall of Large Language Models. (67%) Zhenhua Wang; Wei Xie; Kai Chen; Baosheng Wang; Zhiwen Gui; Enze Wang http://arxiv.org/abs/2308.08709 Dynamic Neural Network is All You Need: Understanding the Robustness of Dynamic Mechanisms in Neural Networks. (61%) Mirazul Haque; Wei Yang http://arxiv.org/abs/2308.08173 Expressivity of Graph Neural Networks Through the Lens of Adversarial Robustness. (33%) Francesco Campi; Lukas Gosch; Tom Wollschläger; Yan Scholten; Stephan Günnemann http://arxiv.org/abs/2308.07874 SEDA: Self-Ensembling ViT with Defensive Distillation and Adversarial Training for robust Chest X-rays Classification. (99%) Raza Imam; Ibrahim Almakky; Salma Alrashdi; Baketah Alrashdi; Mohammad Yaqub http://arxiv.org/abs/2308.07625 Backpropagation Path Search On Adversarial Transferability. (99%) Zhuoer Xu; Zhangxuan Gu; Jianping Zhang; Shiwen Cui; Changhua Meng; Weiqiang Wang http://arxiv.org/abs/2308.07673 A Review of Adversarial Attacks in Computer Vision. (99%) Yutong Zhang; Yao Li; Yin Li; Zhichang Guo http://arxiv.org/abs/2308.07847 Robustness Over Time: Understanding Adversarial Examples' Effectiveness on Longitudinal Versions of Large Language Models. (95%) Yugeng Liu; Tianshuo Cong; Zhengyu Zhao; Michael Backes; Yun Shen; Yang Zhang http://arxiv.org/abs/2308.07834 Simple and Efficient Partial Graph Adversarial Attack: A New Perspective. (93%) Guanghui Zhu; Mengyu Chen; Chunfeng Yuan; Yihua Huang http://arxiv.org/abs/2308.07546 3DHacker: Spectrum-based Decision Boundary Generation for Hard-label 3D Point Cloud Attack. (99%) Yunbo Tao; Daizong Liu; Pan Zhou; Yulai Xie; Wei Du; Wei Hu http://arxiv.org/abs/2308.07433 White-Box Adversarial Attacks on Deep Learning-Based Radio Frequency Fingerprint Identification. (99%) Jie Ma; Junqing Zhang; Guanxiong Shen; Alan Marshall; Chip-Hong Chang http://arxiv.org/abs/2308.07026 AdvCLIP: Downstream-agnostic Adversarial Examples in Multimodal Contrastive Learning. (99%) Ziqi Zhou; Shengshan Hu; Minghui Li; Hangtao Zhang; Yechao Zhang; Hai Jin http://arxiv.org/abs/2308.07553 Enhancing the Antidote: Improved Pointwise Certifications against Poisoning Attacks. (68%) Shijie Liu; Andrew C. Cullen; Paul Montague; Sarah M. Erfani; Benjamin I. P. Rubinstein http://arxiv.org/abs/2308.07308 LLM Self Defense: By Self Examination, LLMs Know They Are Being Tricked. (54%) Alec Helbling; Mansi Phute; Matthew Hull; Duen Horng Chau http://arxiv.org/abs/2308.07387 DISBELIEVE: Distance Between Client Models is Very Essential for Effective Local Model Poisoning Attacks. (13%) Indu Joshi; Priyank Upadhya; Gaurav Kumar Nayak; Peter Schüffler; Nassir Navab http://arxiv.org/abs/2308.07009 ACTIVE: Towards Highly Transferable 3D Physical Camouflage for Universal and Robust Vehicle Evasion. (10%) Naufal Suryanto; Yongsu Kim; Harashta Tatimma Larasati; Hyoeun Kang; Thi-Thu-Huong Le; Yoonyoung Hong; Hunmin Yang; Se-Yoon Oh; Howon Kim http://arxiv.org/abs/2308.07156 SAM Meets Robotic Surgery: An Empirical Study on Generalization, Robustness and Adaptation. (1%) An Wang; Mobarakol Islam; Mengya Xu; Yang Zhang; Hongliang Ren http://arxiv.org/abs/2308.06819 SoK: Realistic Adversarial Attacks and Defenses for Intelligent Network Intrusion Detection. (99%) João Vitorino; Isabel Praça; Eva Maia http://arxiv.org/abs/2308.06703 Understanding the robustness difference between stochastic gradient descent and adaptive gradient methods. (45%) Avery Ma; Yangchen Pan; Amir-massoud Farahmand http://arxiv.org/abs/2308.06767 A Survey on Deep Neural Network Pruning-Taxonomy, Comparison, Analysis, and Recommendations. (1%) Hongrong Cheng; Miao Zhang; Javen Qinfeng Shi http://arxiv.org/abs/2308.06887 Robustified ANNs Reveal Wormholes Between Human Category Percepts. (1%) Guy Gaziv; Michael J. Lee; James J. DiCarlo http://arxiv.org/abs/2308.06795 Faithful to Whom? Questioning Interpretability Measures in NLP. (1%) Evan Crothers; Herna Viktor; Nathalie Japkowicz http://arxiv.org/abs/2308.06467 Not So Robust After All: Evaluating the Robustness of Deep Neural Networks to Unseen Adversarial Attacks. (99%) Roman Garaev; Bader Rasheed; Adil Khan http://arxiv.org/abs/2308.07934 One-bit Flip is All You Need: When Bit-flip Attack Meets Model Training. (13%) Jianshuo Dong; Han Qiu; Yiming Li; Tianwei Zhang; Yuanjie Li; Zeqi Lai; Chao Zhang; Shu-Tao Xia http://arxiv.org/abs/2308.06015 Enhancing Generalization of Universal Adversarial Perturbation through Gradient Aggregation. (98%) Xuannan Liu; Yaoyao Zhong; Yuhang Zhang; Lixiong Qin; Weihong Deng http://arxiv.org/abs/2308.06173 Physical Adversarial Attacks For Camera-based Smart Systems: Current Trends, Categorization, Applications, Research Challenges, and Future Outlook. (98%) Amira Guesmi; Muhammad Abdullah Hanif; Bassem Ouni; Muhammed Shafique http://arxiv.org/abs/2308.05983 Face Encryption via Frequency-Restricted Identity-Agnostic Attacks. (96%) Xin Dong; Rui Wang; Siyuan Liang; Aishan Liu; Lihua Jing http://arxiv.org/abs/2308.06405 White-box Membership Inference Attacks against Diffusion Models. (68%) Yan Pang; Tianhao Wang; Xuhui Kang; Mengdi Huai; Yang Zhang http://arxiv.org/abs/2308.06107 Test-Time Backdoor Defense via Detecting and Repairing. (10%) Jiyang Guan; Jian Liang; Ran He http://arxiv.org/abs/2308.06217 Continual Face Forgery Detection via Historical Distribution Preserving. (2%) Ke Sun; Shen Chen; Taiping Yao; Xiaoshuai Sun; Shouhong Ding; Rongrong Ji http://arxiv.org/abs/2308.05986 Fast and Accurate Transferability Measurement by Evaluating Intra-class Feature Variance. (1%) Huiwen Xu; U Kang http://arxiv.org/abs/2308.05681 Hard No-Box Adversarial Attack on Skeleton-Based Human Action Recognition with Skeleton-Motion-Informed Gradient. (99%) Zhengzhi Lu; He Wang; Ziyi Chang; Guoan Yang; Hubert P. H. Shum http://arxiv.org/abs/2308.05575 Symmetry Defense Against XGBoost Adversarial Perturbation Attacks. (96%) Blerta Lindqvist http://arxiv.org/abs/2308.05498 Complex Network Effects on the Robustness of Graph Convolutional Networks. (92%) Benjamin A. Miller; Kevin Chan; Tina Eliassi-Rad http://arxiv.org/abs/2308.05525 Critical Points ++: An Agile Point Cloud Importance Measure for Robust Classification, Adversarial Defense and Explainable AI. (80%) Meir Yossef Levi; Guy Gilboa http://arxiv.org/abs/2310.10789 State Machine Frameworks for Website Fingerprinting Defenses: Maybe Not. (61%) Ethan Witwer http://arxiv.org/abs/2308.05832 FLShield: A Validation Based Federated Learning Framework to Defend Against Poisoning Attacks. (45%) Ehsanul Kabir; Zeyu Song; Md Rafi Ur Rashid; Shagufta Mehnaz http://arxiv.org/abs/2308.08012 Comprehensive Analysis of Network Robustness Evaluation Based on Convolutional Neural Networks with Spatial Pyramid Pooling. (1%) Wenjun Jiang; Tianlong Fan; Changhao Li; Chuanfu Zhang; Tao Zhang; Zong-fu Luo http://arxiv.org/abs/2308.05320 Adv-Inpainting: Generating Natural and Transferable Adversarial Patch via Attention-guided Feature Fusion. (98%) Yanjie Li; Mingxing Duan; Bin Xiao http://arxiv.org/abs/2308.04964 Adversarial ModSecurity: Countering Adversarial SQL Injections with Robust Machine Learning. (93%) Biagio Montaruli; Luca Demetrio; Andrea Valenza; Battista Biggio; Luca Compagna; Davide Balzarotti; Davide Ariu; Luca Piras http://arxiv.org/abs/2308.04909 Adversarial Deep Reinforcement Learning for Cyber Security in Software Defined Networks. (81%) Luke Borchjes; Clement Nyirenda; Louise Leenen http://arxiv.org/abs/2308.05127 Data-Free Model Extraction Attacks in the Context of Object Detection. (41%) Harshit Shah; Aravindhan G; Pavan Kulkarni; Yuvaraj Govidarajulu; Manojkumar Parmar http://arxiv.org/abs/2308.04373 Pelta: Shielding Transformers to Mitigate Evasion Attacks in Federated Learning. (99%) Simon Queyrut; Yérom-David Bromberg; Valerio Schiavoni http://arxiv.org/abs/2308.04077 Federated Zeroth-Order Optimization using Trajectory-Informed Surrogate Gradients. (81%) Yao Shu; Xiaoqiang Lin; Zhongxiang Dai; Bryan Kian Hsiang Low http://arxiv.org/abs/2308.04304 The Model Inversion Eavesdropping Attack in Semantic Communication Systems. (67%) Yuhao Chen; Qianqian Yang; Zhiguo Shi; Jiming Chen http://arxiv.org/abs/2308.04137 Comprehensive Assessment of the Performance of Deep Learning Classifiers Reveals a Surprising Lack of Robustness. (64%) Michael W. Spratling http://arxiv.org/abs/2308.04406 XGBD: Explanation-Guided Graph Backdoor Detection. (54%) Zihan Guan; Mengnan Du; Ninghao Liu http://arxiv.org/abs/2308.04617 Improved Activation Clipping for Universal Backdoor Mitigation and Test-Time Detection. (50%) Hang Wang; Zhen Xiang; David J. Miller; George Kesidis http://arxiv.org/abs/2308.04179 Evil Operation: Breaking Speaker Recognition with PaddingBack. (31%) Zhe Ye; Diqun Yan; Li Dong; Kailai Shen http://arxiv.org/abs/2308.04466 Backdoor Federated Learning by Poisoning Backdoor-Critical Layers. (15%) Haomin Zhuang; Mingxian Yu; Hao Wang; Yang Hua; Jian Li; Xu Yuan http://arxiv.org/abs/2308.03956 Fixed Inter-Neuron Covariability Induces Adversarial Robustness. (98%) Muhammad Ahmed Shah; Bhiksha Raj http://arxiv.org/abs/2308.03476 Exploring the Physical World Adversarial Robustness of Vehicle Detection. (98%) Wei Jiang; Tianyuan Zhang; Shuangcheng Liu; Weiyu Ji; Zichao Zhang; Gang Xiao http://arxiv.org/abs/2308.03979 PAIF: Perception-Aware Infrared-Visible Image Fusion for Attack-Tolerant Semantic Segmentation. (86%) Zhu Liu; Jinyuan Liu; Benzhuang Zhang; Long Ma; Xin Fan; Risheng Liu http://arxiv.org/abs/2308.03363 A reading survey on adversarial machine learning: Adversarial attacks and their understanding. (81%) Shashank Kotyan http://arxiv.org/abs/2308.03331 A Four-Pronged Defense Against Byzantine Attacks in Federated Learning. (54%) Wei Wan; Shengshan Hu; Minghui Li; Jianrong Lu; Longling Zhang; Leo Yu Zhang; Hai Jin http://arxiv.org/abs/2308.04018 Improving Performance of Semi-Supervised Learning by Adversarial Attacks. (11%) Dongyoon Yang; Kunwoong Kim; Yongdai Kim http://arxiv.org/abs/2308.03558 Mondrian: Prompt Abstraction Attack Against Large Language Models for Cheaper API Pricing. (10%) Wai Man Si; Michael Backes; Yang Zhang http://arxiv.org/abs/2308.03108 SAAM: Stealthy Adversarial Attack on Monoculor Depth Estimation. (99%) Amira Guesmi; Muhammad Abdullah Hanif; Bassem Ouni; Muhammad Shafique http://arxiv.org/abs/2308.03163 CGBA: Curvature-aware Geometric Black-box Attack. (99%) Md Farhamdur Reza; Ali Rahmati; Tianfu Wu; Huaiyu Dai http://arxiv.org/abs/2308.03258 APBench: A Unified Benchmark for Availability Poisoning Attacks and Defenses. (98%) Tianrui Qin; Xitong Gao; Juanjuan Zhao; Kejiang Ye; Cheng-Zhong Xu http://arxiv.org/abs/2308.03243 Unsupervised Adversarial Detection without Extra Model: Training Loss Should Change. (82%) Chien Cheng Chyou; Hung-Ting Su; Winston H. Hsu http://arxiv.org/abs/2308.03081 Using Overlapping Methods to Counter Adversaries in Community Detection. (50%) Benjamin A. Miller; Kevin Chan; Tina Eliassi-Rad http://arxiv.org/abs/2308.02897 An Adaptive Model Ensemble Adversarial Attack for Boosting Adversarial Transferability. (99%) Bin Chen; Jia-Li Yin; Shukai Chen; Bo-Hao Chen; Ximeng Liu http://arxiv.org/abs/2308.02923 An AI-Enabled Framework to Defend Ingenious MDT-based Attacks on the Emerging Zero Touch Cellular Networks. (92%) Aneeqa Ijaz; Waseem Raza; Hasan Farooq; Marvin Manalastas; Ali Imran http://arxiv.org/abs/2308.02973 A Security and Usability Analysis of Local Attacks Against FIDO2. (1%) Tarun Kumar Yadav; Kent Seamons http://arxiv.org/abs/2308.02836 Approximating Positive Homogeneous Functions with Scale Invariant Neural Networks. (1%) Stefan Bamberger; Reinhard Heckel; Felix Krahmer http://arxiv.org/abs/2308.03792 Multi-attacks: Many images $+$ the same adversarial attack $\to$ many target labels. (99%) Stanislav Fort http://arxiv.org/abs/2308.02350 RobustMQ: Benchmarking Robustness of Quantized Models. (75%) Yisong Xiao; Aishan Liu; Tianyuan Zhang; Haotong Qin; Jinyang Guo; Xianglong Liu http://arxiv.org/abs/2308.02747 SureFED: Robust Federated Learning via Uncertainty-Aware Inward and Outward Inspection. (67%) Nasimeh Heydaribeni; Ruisi Zhang; Tara Javidi; Cristina Nita-Rotaru; Farinaz Koushanfar http://arxiv.org/abs/2308.04451 Vulnerabilities in AI Code Generators: Exploring Targeted Data Poisoning Attacks. (67%) Domenico Cotroneo; Cristina Improta; Pietro Liguori; Roberto Natella http://arxiv.org/abs/2308.02369 Universal Defensive Underpainting Patch: Making Your Text Invisible to Optical Character Recognition. (31%) JiaCheng Deng; Li Dong; Jiahao Chen; Diqun Yan; Rangding Wang; Dengpan Ye; Lingchen Zhao; Jinyu Tian http://arxiv.org/abs/2308.02465 BlindSage: Label Inference Attacks against Node-level Vertical Federated Graph Neural Networks. (9%) Marco Arazzi; Mauro Conti; Stefanos Koffas; Marina Krcek; Antonino Nocera; Stjepan Picek; Jing Xu http://arxiv.org/abs/2308.01823 Hard Adversarial Example Mining for Improving Robust Fairness. (99%) Chenhao Lin; Xiang Ji; Yulong Yang; Qian Li; Chao Shen; Run Wang; Liming Fang http://arxiv.org/abs/2308.01840 URET: Universal Robustness Evaluation Toolkit (for Evasion). (99%) Kevin Eykholt; Taesung Lee; Douglas Schales; Jiyong Jang; Ian Molloy; Masha Zorin http://arxiv.org/abs/2308.02116 AdvFAS: A robust face anti-spoofing framework against adversarial examples. (98%) Jiawei Chen; Xiao Yang; Heng Yin; Mingzhi Ma; Bihui Chen; Jianteng Peng; Yandong Guo; Zhaoxia Yin; Hang Su http://arxiv.org/abs/2308.01888 FROD: Robust Object Detection for Free. (67%) Muhammad; Awais; Weiming; Zhuang; Lingjuan; Lyu; Sung-Ho; Bae http://arxiv.org/abs/2308.02122 ParaFuzz: An Interpretability-Driven Technique for Detecting Poisoned Samples in NLP. (33%) Lu Yan; Zhuo Zhang; Guanhong Tao; Kaiyuan Zhang; Xuan Chen; Guangyu Shen; Xiangyu Zhang http://arxiv.org/abs/2308.01990 From Prompt Injections to SQL Injection Attacks: How Protected is Your LLM-Integrated Web Application? (4%) Rodrigo Pedro; Daniel Castro; Paulo Carreira; Nuno Santos http://arxiv.org/abs/2308.01040 Inaudible Adversarial Perturbation: Manipulating the Recognition of User Speech in Real Time. (99%) Xinfeng Li; Chen Yan; Xuancun Lu; Zihan Zeng; Xiaoyu Ji; Wenyuan Xu http://arxiv.org/abs/2308.00958 Isolation and Induction: Training Robust Deep Neural Networks against Model Stealing Attacks. (98%) Jun Guo; Aishan Liu; Xingyu Zheng; Siyuan Liang; Yisong Xiao; Yichao Wu; Xianglong Liu http://arxiv.org/abs/2308.01193 Mercury: An Automated Remote Side-channel Attack to Nvidia Deep Learning Accelerator. (16%) Xiaobei Yan; Xiaoxuan Lou; Guowen Xu; Han Qiu; Shangwei Guo; Chip Hong Chang; Tianwei Zhang http://arxiv.org/abs/2308.01311 TEASMA: A Practical Approach for the Test Assessment of Deep Neural Networks using Mutation Analysis. (2%) Amin Abbasishahkoo; Mahboubeh Dadkhah; Lionel Briand; Dayi Lin http://arxiv.org/abs/2308.01237 LSF-IDM: Automotive Intrusion Detection Model with Lightweight Attribution and Semantic Fusion. (1%) Pengzhou Cheng; Lei Hua; Haobin Jiang; Mohammad Samie; Gongshen Liu http://arxiv.org/abs/2308.00346 Dynamic ensemble selection based on Deep Neural Network Uncertainty Estimation for Adversarial Robustness. (99%) Ruoxi Qin; Linyuan Wang; Xuehui Du; Xingyuan Chen; Bin Yan http://arxiv.org/abs/2308.02533 Improving Generalization of Adversarial Training via Robust Critical Fine-Tuning. (99%) Kaijie Zhu; Jindong Wang; Xixu Hu; Xing Xie; Ge Yang http://arxiv.org/abs/2308.00319 LimeAttack: Local Explainable Method for Textual Hard-Label Adversarial Attack. (99%) Hai Zhu; Zhaoqing Yang; Weiwei Shang; Yuren Wu http://arxiv.org/abs/2308.00311 Doubly Robust Instance-Reweighted Adversarial Training. (82%) Daouda Sow; Sen Lin; Zhangyang Wang; Yingbin Liang http://arxiv.org/abs/2308.00854 Training on Foveated Images Improves Robustness to Adversarial Attacks. (82%) Muhammad A. Shah; Bhiksha Raj http://arxiv.org/abs/2308.00344 Kidnapping Deep Learning-based Multirotors using Optimized Flying Adversarial Patches. (47%) Pia Hanfeld; Khaled Wahba; Marina M. -C. Höhne; Michael Bussmann; Wolfgang Hönig http://arxiv.org/abs/2308.00556 Robust Linear Regression: Phase-Transitions and Precise Tradeoffs for General Norms. (22%) Elvis Dohmatob; Meyer Scetbon http://arxiv.org/abs/2308.02535 Learning to Generate Training Datasets for Robust Semantic Segmentation. (9%) Marwane Hariat; Olivier Laurent; Rémi Kazmierczak; Shihao Zhang; Andrei Bursuc; Angela Yao; Gianni Franchi http://arxiv.org/abs/2308.00313 Zero-Shot Learning by Harnessing Adversarial Samples. (1%) Zhi Chen; Pengfei Zhang; Jingjing Li; Sen Wang; Zi Huang http://arxiv.org/abs/2308.00918 A Novel Cross-Perturbation for Single Domain Generalization. (1%) Dongjia Zhao; Lei Qi; Xiao Shi; Yinghuan Shi; Xin Geng http://arxiv.org/abs/2308.00077 A Novel Deep Learning based Model to Defend Network Intrusion Detection System against Adversarial Attacks. (99%) Khushnaseeb Roshan; Aasim Zafar; Shiekh Burhan Ul Haque http://arxiv.org/abs/2307.16572 Transferable Attack for Semantic Segmentation. (99%) Mengqi He; Jing Zhang; Zhaoyuan Yang; Mingyi He; Nick Barnes; Yuchao Dai http://arxiv.org/abs/2307.16865 Universal Adversarial Defense in Remote Sensing Based on Pre-trained Denoising Diffusion Models. (99%) Weikang Yu; Yonghao Xu; Pedram Ghamisi http://arxiv.org/abs/2307.16816 Defense of Adversarial Ranking Attack in Text Retrieval: Benchmark and Baseline via Detection. (97%) Xuanang Chen; Ben He; Le Sun; Yingfei Sun http://arxiv.org/abs/2307.16630 Text-CRS: A Generalized Certified Robustness Framework against Textual Adversarial Attacks. (86%) Xinyu Zhang; Hanbin Hong; Yuan Hong; Peng Huang; Binghui Wang; Zhongjie Ba; Kui Ren http://arxiv.org/abs/2307.16489 BAGM: A Backdoor Attack for Manipulating Text-to-Image Generative Models. (26%) Jordan Vice; Naveed Akhtar; Richard Hartley; Ajmal Mian http://arxiv.org/abs/2308.00165 Adversarially Robust Neural Legal Judgement Systems. (11%) Rohit Raj; V Susheela Devi http://arxiv.org/abs/2307.16888 Virtual Prompt Injection for Instruction-Tuned Large Language Models. (10%) Jun Yan; Vikas Yadav; Shiyang Li; Lichang Chen; Zheng Tang; Hai Wang; Vijay Srinivasan; Xiang Ren; Hongxia Jin http://arxiv.org/abs/2307.16609 Noisy Self-Training with Data Augmentations for Offensive and Hate Speech Detection Tasks. (1%) João A. Leite; Carolina Scarton; Diego F. Silva http://arxiv.org/abs/2307.16331 Theoretically Principled Trade-off for Stateful Defenses against Query-Based Black-Box Attacks. (99%) Ashish Hooda; Neal Mangaokar; Ryan Feng; Kassem Fawaz; Somesh Jha; Atul Prakash http://arxiv.org/abs/2307.16361 Benchmarking and Analyzing Robust Point Cloud Recognition: Bag of Tricks for Defending Adversarial Examples. (99%) Qiufan Ji; Lin Wang; Cong Shi; Shengshan Hu; Yingying Chen; Lichao Sun http://arxiv.org/abs/2307.16360 Probabilistically robust conformal prediction. (91%) Subhankar Ghosh; Yuanjie Shi; Taha Belkhouja; Yan Yan; Jana Doppa; Brian Jones http://arxiv.org/abs/2307.16178 On Updating Static Output Feedback Controllers Under State-Space Perturbation. (1%) MirSaleh Bahavarnia; Ahmad F. Taha http://arxiv.org/abs/2307.15971 You Can Backdoor Personalized Federated Learning. (92%) Tiandi Ye; Cen Chen; Yinggui Wang; Xiang Li; Ming Gao http://arxiv.org/abs/2307.16099 On Neural Network approximation of ideal adversarial attack and convergence of adversarial training. (92%) Rajdeep Haldar; Qifan Song http://arxiv.org/abs/2307.15926 Exposing Hidden Attackers in Industrial Control Systems using Micro-distortions. (41%) Suman Sourav; Binbin Chen http://arxiv.org/abs/2307.15539 Beating Backdoor Attack at Its Own Game. (97%) Min Liu; Alberto Sangiovanni-Vincentelli; Xiangyu Yue http://arxiv.org/abs/2307.15677 Adversarial training for tabular data with attack propagation. (67%) Tiago Leon Melo; João Bravo; Marco O. P. Sampaio; Paolo Romano; Hugo Ferreira; João Tiago Ascensão; Pedro Bizarro http://arxiv.org/abs/2307.15853 Improving Realistic Worst-Case Performance of NVCiM DNN Accelerators through Training with Right-Censored Gaussian Noise. (10%) Zheyu Yan; Yifan Qin; Wujie Wen; Xiaobo Sharon Hu; Yiyu Shi http://arxiv.org/abs/2307.15860 What can Discriminator do? Towards Box-free Ownership Verification of Generative Adversarial Network. (4%) Ziheng Huang; Boheng Li; Yan Cai; Run Wang; Shangwei Guo; Liming Fang; Jing Chen; Lina Wang http://arxiv.org/abs/2307.15157 R-LPIPS: An Adversarially Robust Perceptual Similarity Metric. (99%) Sara Ghazanfari; Siddharth Garg; Prashanth Krishnamurthy; Farshad Khorrami; Alexandre Araujo http://arxiv.org/abs/2307.15043 Universal and Transferable Adversarial Attacks on Aligned Language Models. (99%) Andy Zou; Zifan Wang; Nicholas Carlini; Milad Nasr; J. Zico Kolter; Matt Fredrikson http://arxiv.org/abs/2309.00007 When Measures are Unreliable: Imperceptible Adversarial Perturbations toward Top-$k$ Multi-Label Learning. (99%) Yuchen Sun; Qianqian Xu; Zitai Wang; Qingming Huang http://arxiv.org/abs/2307.14692 Backdoor Attacks for In-Context Learning with Language Models. (97%) Nikhil Kandpal; Matthew Jagielski; Florian Tramèr; Nicholas Carlini http://arxiv.org/abs/2307.14751 FLARE: Fingerprinting Deep Reinforcement Learning Agents using Universal Adversarial Masks. (93%) Buse G. A. Tekgul; N. Asokan http://arxiv.org/abs/2307.14682 Unified Adversarial Patch for Visible-Infrared Cross-modal Attacks in the Physical World. (92%) Xingxing Wei; Yao Huang; Yitong Sun; Jie Yu http://arxiv.org/abs/2307.14917 NSA: Naturalistic Support Artifact to Boost Network Confidence. (62%) Abhijith Sharma; Phil Munz; Apurva Narayan http://arxiv.org/abs/2307.14757 SEV-Step: A Single-Stepping Framework for AMD-SEV. (3%) Luca Wilke; Jan Wichelmann; Anja Rabich; Thomas Eisenbarth http://arxiv.org/abs/2307.14657 Decoding the Secrets of Machine Learning in Malware Classification: A Deep Dive into Datasets, Feature Extraction, and Model Performance. (1%) Savino Dambra; Yufei Han; Simone Aonzo; Platon Kotzias; Antonino Vitale; Juan Caballero; Davide Balzarotti; Leyla Bilge http://arxiv.org/abs/2307.15282 AC-Norm: Effective Tuning for Medical Image Analysis via Affine Collaborative Normalization. (1%) Chuyan Zhang; Yuncheng Yang; Hao Zheng; Yun Gu http://arxiv.org/abs/2307.13985 Enhanced Security against Adversarial Examples Using a Random Ensemble of Encrypted Vision Transformer Models. (99%) Ryota Iijima; Miki Tanaka; Sayaka Shiota; Hitoshi Kiya http://arxiv.org/abs/2307.14061 Set-level Guidance Attack: Boosting Adversarial Transferability of Vision-Language Pre-training Models. (99%) Dong Lu; Zhiqiang Wang; Teng Wang; Weili Guan; Hongchang Gao; Feng Zheng http://arxiv.org/abs/2307.14242 Defending Adversarial Patches via Joint Region Localizing and Inpainting. (99%) Junwen Chen; Xingxing Wei http://arxiv.org/abs/2307.14540 Lateral-Direction Localization Attack in High-Level Autonomous Driving: Domain-Specific Defense Opportunity via Lane Detection. (67%) Junjie Shen; Yunpeng Luo; Ziwen Wan; Qi Alfred Chen http://arxiv.org/abs/2307.14539 Plug and Pray: Exploiting off-the-shelf components of Multi-Modal Models. (33%) Erfan Shayegani; Yue Dong; Nael Abu-Ghazaleh http://arxiv.org/abs/2307.14387 Coupled-Space Attacks against Random-Walk-based Anomaly Detection. (11%) Yuni Lai; Marcin Waniek; Liying Li; Jingwen Wu; Yulin Zhu; Tomasz P. Michalak; Talal Rahwan; Kai Zhou http://arxiv.org/abs/2307.14593 FakeTracer: Proactively Defending Against Face-swap DeepFakes via Implanting Traces in Training. (5%) Pu Sun; Honggang Qi; Yuezun Li; Siwei Lyu http://arxiv.org/abs/2307.14057 Open Image Content Disarm And Reconstruction. (1%) Eli Belkind; Ran Dubin; Amit Dvir http://arxiv.org/abs/2307.13856 On the unreasonable vulnerability of transformers for image restoration -- and an easy fix. (99%) Shashank Agnihotri; Kanchana Vaishnavi Gandikota; Julia Grabinski; Paramanand Chandramouli; Margret Keuper http://arxiv.org/abs/2307.13294 Imperceptible Physical Attack against Face Recognition Systems via LED Illumination Modulation. (99%) Junbin Fang; Canjian Jiang; You Jiang; Puxi Lin; Zhaojie Chen; Yujing Sun; Siu-Ming Yiu; Zoe L. Jiang http://arxiv.org/abs/2307.13721 Foundational Models Defining a New Era in Vision: A Survey and Outlook. (10%) Muhammad Awais; Muzammal Naseer; Salman Khan; Rao Muhammad Anwer; Hisham Cholakkal; Mubarak Shah; Ming-Hsuan Yang; Fahad Shahbaz Khan http://arxiv.org/abs/2307.13885 Efficient Estimation of Average-Case Robustness for Multi-Class Classification. (10%) Tessa Han; Suraj Srinivas; Himabindu Lakkaraju http://arxiv.org/abs/2307.13131 Why Don't You Clean Your Glasses? Perception Attacks with Dynamic Optical Perturbations. (99%) Yi Han; Matthew Chan; Eric Wengrowski; Zhuohuan Li; Nils Ole Tippenhauer; Mani Srivastava; Saman Zonouz; Luis Garcia http://arxiv.org/abs/2307.12520 Lost In Translation: Generating Adversarial Examples Robust to Round-Trip Translation. (99%) Neel Bhandari; Pin-Yu Chen http://arxiv.org/abs/2307.12872 Data-free Black-box Attack based on Diffusion Model. (62%) Mingwen Shao; Lingzhuang Meng; Yuanjian Qiao; Lixu Zhang; Wangmeng Zuo http://arxiv.org/abs/2307.13078 Adaptive Certified Training: Towards Better Accuracy-Robustness Tradeoffs. (56%) Zhakshylyk Nurlanov; Frank R. Schmidt; Florian Bernard http://arxiv.org/abs/2307.12679 An Estimator for the Sensitivity to Perturbations of Deep Neural Networks. (31%) Naman Maheshwari; Nicholas Malaya; Scott Moe; Jaydeep P. Kulkarni; Sudhanva Gurumurthi http://arxiv.org/abs/2307.13107 Cyber Deception against Zero-day Attacks: A Game Theoretic Approach. (12%) Md Abu University of Texas at El Paso Sayed; Ahmed H. US Army Research Laboratory Anwar; Christopher University of Texas at El Paso Kiekintveld; Branislav Czech Technical University in Prague Bosansky; Charles US Army Research Laboratory Kamhoua http://arxiv.org/abs/2307.13164 Malware Resistant Data Protection in Hyper-connected Networks: A survey. (10%) Jannatul Ferdous; Rafiqul Islam; Maumita Bhattacharya; Md Zahidul Islam http://arxiv.org/abs/2307.13165 Investigating the Robustness of Sequential Recommender Systems Against Training Data Perturbations. (9%) Filippo Betello; Federico Siciliano; Pushkar Mishra; Fabrizio Silvestri http://arxiv.org/abs/2307.13152 Digital Twins for Moving Target Defense Validation in AC Microgrids. (1%) Suman Rath; Subham Sahoo; Shamik Sengupta http://arxiv.org/abs/2307.12903 Towards Bridging the FL Performance-Explainability Trade-Off: A Trustworthy 6G RAN Slicing Use-Case. (1%) Swastika Roy; Hatim Chergui; Christos Verikoukis http://arxiv.org/abs/2307.12822 Learning Provably Robust Estimators for Inverse Problems via Jittering. (1%) Anselm Krainovic; Mahdi Soltanolkotabi; Reinhard Heckel http://arxiv.org/abs/2307.12499 AdvDiff: Generating Unrestricted Adversarial Examples using Diffusion Models. (99%) Xuelong Dai; Kaisheng Liang; Bin Xiao http://arxiv.org/abs/2307.12342 Towards Generic and Controllable Attacks Against Object Detection. (99%) Guopeng Li; Yue Xu; Jian Ding; Gui-Song Xia http://arxiv.org/abs/2307.12280 Downstream-agnostic Adversarial Examples. (99%) Ziqi Zhou; Shengshan Hu; Ruizhi Zhao; Qian Wang; Leo Yu Zhang; Junhui Hou; Hai Jin http://arxiv.org/abs/2307.12507 Gradient-Based Word Substitution for Obstinate Adversarial Examples Generation in Language Models. (98%) Yimu Wang; Peng Shi; Hongyang Zhang http://arxiv.org/abs/2307.12328 A First Look at On-device Models in iOS Apps. (84%) Han Hu; Yujin Huang; Qiuyuan Chen; Terry Tue Zhuo; Chunyang Chen http://arxiv.org/abs/2307.12498 Robust Automatic Speech Recognition via WavAugment Guided Phoneme Adversarial Training. (83%) Gege Qi; Yuefeng Chen; Xiaofeng Mao; Xiaojun Jia; Ranjie Duan; Rong Zhang; Hui Xue http://arxiv.org/abs/2307.12502 Cross Contrastive Feature Perturbation for Domain Generalization. (1%) Chenming Li; Daoan Zhang; Wenjian Huang; Jianguo Zhang http://arxiv.org/abs/2307.13643 Backdoor Attacks against Voice Recognition Systems: A Survey. (13%) Baochen Yan; Jiahe Lan; Zheng Yan http://arxiv.org/abs/2307.11906 Unveiling Vulnerabilities in Interpretable Deep Learning Systems with Query-Efficient Black-box Attacks. (99%) Eldor Abdukhamidov; Mohammed Abuhamad; Simon S. Woo; Eric Chan-Tin; Tamer Abuhmed http://arxiv.org/abs/2307.11672 Fast Adaptive Test-Time Defense with Robust Features. (98%) Anurag Singh; Mahalakshmi Sabanayagam; Krikamol Muandet; Debarghya Ghoshdastidar http://arxiv.org/abs/2307.11565 FMT: Removing Backdoor Feature Maps via Feature Map Testing in Deep Neural Networks. (81%) Dong Huang; Qingwen Bu; Yahao Qing; Yichao Fu; Heming Cui http://arxiv.org/abs/2307.11528 Improving Viewpoint Robustness for Visual Recognition via Adversarial Training. (80%) Shouwei Ruan; Yinpeng Dong; Hang Su; Jianteng Peng; Ning Chen; Xingxing Wei http://arxiv.org/abs/2307.11729 OUTFOX: LLM-generated Essay Detection through In-context Learning with Adversarially Generated Examples. (62%) Ryuto Koike; Masahiro Kaneko; Naoaki Okazaki http://arxiv.org/abs/2307.11823 HybridAugment++: Unified Frequency Spectra Perturbations for Model Robustness. (26%) Mehmet Kerim Yucel; Ramazan Gokberk Cinbis; Pinar Duygulu http://arxiv.org/abs/2307.11730 Mitigating Communications Threats in Decentralized Federated Learning through Moving Target Defense. (1%) Enrique Tomás Martínez Beltrán; Pedro Miguel Sánchez Sánchez; Sergio López Bernal; Gérôme Bovet; Manuel Gil Pérez; Gregorio Martínez Pérez; Alberto Huertas Celdrán http://arxiv.org/abs/2307.15008 A LLM Assisted Exploitation of AI-Guardian. (98%) Nicholas Carlini http://arxiv.org/abs/2307.11334 Improving Transferability of Adversarial Examples via Bayesian Attacks. (98%) Qizhang Li; Yiwen Guo; Xiaochen Yang; Wangmeng Zuo; Hao Chen http://arxiv.org/abs/2307.10788 Adversarial attacks for mixtures of classifiers. (54%) Lucas Gnecco Heredia; Benjamin Negrevergne; Yann Chevaleyre http://arxiv.org/abs/2307.10981 PATROL: Privacy-Oriented Pruning for Collaborative Inference Against Model Inversion Attacks. (33%) Shiwei Ding; Lan Zhang; Miao Pan; Xiaoyong Yuan http://arxiv.org/abs/2307.10586 A Holistic Assessment of the Reliability of Machine Learning Systems. (4%) Anthony Corso; David Karamadian; Romeo Valentin; Mary Cooper; Mykel J. Kochenderfer http://arxiv.org/abs/2307.11316 Making Pre-trained Language Models both Task-solvers and Self-calibrators. (2%) Yangyi Chen; Xingyao Wang; Heng Ji http://arxiv.org/abs/2307.10590 Boundary State Generation for Testing and Improvement of Autonomous Driving Systems. (1%) Matteo Biagiola; Paolo Tonella http://arxiv.org/abs/2307.10655 A Survey of What to Share in Federated Learning: Perspectives on Model Utility, Privacy Leakage, and Communication Efficiency. (1%) Jiawei Shao; Zijian Li; Wenqiang Sun; Tailin Zhou; Yuchang Sun; Lumin Liu; Zehong Lin; Yuyi Mao; Jun Zhang http://arxiv.org/abs/2307.10487 Backdoor Attack against Object Detection with Clean Annotation. (93%) Yize Cheng; Wenbin Hu; Minhao Cheng http://arxiv.org/abs/2307.10562 Shared Adversarial Unlearning: Backdoor Mitigation by Unlearning Shared Adversarial Examples. (92%) Shaokui Wei; Mingda Zhang; Hongyuan Zha; Baoyuan Wu http://arxiv.org/abs/2307.10163 Rethinking Backdoor Attacks. (83%) Alaa Khaddaj; Guillaume Leclerc; Aleksandar Makelov; Kristian Georgiev; Hadi Salman; Andrew Ilyas; Aleksander Madry http://arxiv.org/abs/2307.09763 Towards Building More Robust Models with Frequency Bias. (81%) Qingwen Bu; Dong Huang; Heming Cui http://arxiv.org/abs/2307.09762 Reinforcing POD based model reduction techniques in reaction-diffusion complex networks using stochastic filtering and pattern recognition. (26%) Abhishek Ajayakumar; Soumyendu Raha http://arxiv.org/abs/2307.09375 CertPri: Certifiable Prioritization for Deep Neural Networks via Movement Cost in Feature Space. (67%) Haibin Zheng; Jinyin Chen; Haibo Jin http://arxiv.org/abs/2307.09048 FedDefender: Client-Side Attack-Tolerant Federated Learning. (50%) Sungwon Park; Sungwon Han; Fangzhao Wu; Sundong Kim; Bin Zhu; Xing Xie; Meeyoung Cha http://arxiv.org/abs/2307.09542 Can Neural Network Memorization Be Localized? (4%) Pratyush Maini; Michael C. Mozer; Hanie Sedghi; Zachary C. Lipton; J. Zico Kolter; Chiyuan Zhang http://arxiv.org/abs/2307.08327 Analyzing the Impact of Adversarial Examples on Explainable Machine Learning. (99%) Prathyusha Devabhakthini; Sasmita Parida; Raj Mani Shukla; Suvendu Chandan Nayak http://arxiv.org/abs/2307.08278 Adversarial Attacks on Traffic Sign Recognition: A Survey. (98%) Svetlana Pavlitska; Nico Lambing; J. Marius Zöllner http://arxiv.org/abs/2307.08955 Discretization-based ensemble model for robust learning in IoT. (87%) Anahita Namvar; Chandra Thapa; Salil S. Kanhere http://arxiv.org/abs/2307.08424 Unstoppable Attack: Label-Only Model Inversion via Conditional Diffusion Model. (83%) Rongke Liu; Dong Wang; Yizhi Ren; Zhen Wang; Kaitian Guo; Qianqian Qin; Xiaolei Liu http://arxiv.org/abs/2307.08939 Runtime Stealthy Perception Attacks against DNN-based Adaptive Cruise Control Systems. (22%) Xugui Zhou; Anqi Chen; Maxfield Kouzel; Haotian Ren; Morgan McCarty; Cristina Nita-Rotaru; Homa Alemzadeh http://arxiv.org/abs/2307.08551 On the Fly Neural Style Smoothing for Risk-Averse Domain Generalization. (2%) Akshay Mehra; Yunbei Zhang; Bhavya Kailkhura; Jihun Hamm http://arxiv.org/abs/2307.10252 A Machine Learning based Empirical Evaluation of Cyber Threat Actors High Level Attack Patterns over Low level Attack Patterns in Attributing Attacks. (1%) Umara Noor; Sawera Shahid; Rimsha Kanwal; Zahid Rashid http://arxiv.org/abs/2307.10235 Towards Viewpoint-Invariant Visual Recognition via Adversarial Training. (83%) Shouwei Ruan; Yinpeng Dong; Hang Su; Jianteng Peng; Ning Chen; Xingxing Wei http://arxiv.org/abs/2307.08208 Towards Stealthy Backdoor Attacks against Speech Recognition via Elements of Sound. (73%) Hanbo Cai; Pengcheng Zhang; Hai Dong; Yan Xiao; Stefanos Koffas; Yiming Li http://arxiv.org/abs/2307.08076 Diffusion to Confusion: Naturalistic Adversarial Patch Generation Based on Diffusion Model for Object Detector. (10%) Shuo-Yen Lin; Ernie Chu; Che-Hsien Lin; Jun-Cheng Chen; Jia-Ching Wang http://arxiv.org/abs/2307.08213 Lipschitz Continuous Algorithms for Covering Problems. (1%) Soh Kumabe; Yuichi Yoshida http://arxiv.org/abs/2307.07916 On the Robustness of Split Learning against Adversarial Attacks. (99%) Mingyuan Fan; Cen Chen; Chengyu Wang; Wenmeng Zhou; Jun Huang http://arxiv.org/abs/2307.07873 Why Does Little Robustness Help? Understanding and Improving Adversarial Transferability from Surrogate Training. (99%) Yechao Zhang; Shengshan Hu; Leo Yu Zhang; Junyu Shi; Minghui Li; Xiaogeng Liu; Wei Wan; Hai Jin http://arxiv.org/abs/2307.07859 Unified Adversarial Patch for Cross-modal Attacks in the Physical World. (92%) Xingxing Wei; Yao Huang; Yitong Sun; Jie Yu http://arxiv.org/abs/2307.08715 MasterKey: Automated Jailbreak Across Multiple Large Language Model Chatbots. (2%) Gelei Deng; Yi Liu; Yuekang Li; Kailong Wang; Ying Zhang; Zefeng Li; Haoyu Wang; Tianwei Zhang; Yang Liu http://arxiv.org/abs/2307.07167 Vulnerability-Aware Instance Reweighting For Adversarial Training. (99%) Olukorede Fakorede; Ashutosh Kumar Nirala; Modeste Atsague; Jin Tian http://arxiv.org/abs/2307.07250 Mitigating Adversarial Vulnerability through Causal Parameter Estimation by Adversarial Double Machine Learning. (99%) Byung-Kwan Lee; Junho Kim; Yong Man Ro http://arxiv.org/abs/2307.10209 On the Sensitivity of Deep Load Disaggregation to Adversarial Attacks. (99%) Hafsa Bousbiat; Yassine Himeur; Abbes Amira; Wathiq Mansoor http://arxiv.org/abs/2307.07653 RFLA: A Stealthy Reflected Light Adversarial Attack in the Physical World. (98%) Donghua Wang; Wen Yao; Tingsong Jiang; Chao Li; Xiaoqian Chen http://arxiv.org/abs/2307.07269 Frequency Domain Adversarial Training for Robust Volumetric Medical Segmentation. (98%) Asif Hanif; Muzammal Naseer; Salman Khan; Mubarak Shah; Fahad Shahbaz Khan http://arxiv.org/abs/2307.10205 Alleviating the Effect of Data Imbalance on Adversarial Training. (92%) Guanlin Li; Guowen Xu; Tianwei Zhang http://arxiv.org/abs/2307.07457 Structured Pruning of Neural Networks for Constraints Learning. (76%) Matteo Cacciola; Antonio Frangioni; Andrea Lodi http://arxiv.org/abs/2307.07328 Boosting Backdoor Attack with A Learnable Poisoning Sample Selection Strategy. (68%) Zihao Zhu; Mingda Zhang; Shaokui Wei; Li Shen; Yanbo Fan; Baoyuan Wu http://arxiv.org/abs/2307.07187 Erasing, Transforming, and Noising Defense Network for Occluded Person Re-Identification. (31%) Neng Dong; Liyan Zhang; Shuanglin Yan; Hao Tang; Jinhui Tang http://arxiv.org/abs/2307.08596 Omnipotent Adversarial Training in the Wild. (9%) Guanlin Li; Kangjie Chen; Yuan Xu; Han Qiu; Tianwei Zhang http://arxiv.org/abs/2307.07171 Certified Robustness for Large Language Models with Self-Denoising. (5%) Zhen Zhang; Guanhua Zhang; Bairu Hou; Wenqi Fan; Qing Li; Sijia Liu; Yang Zhang; Shiyu Chang http://arxiv.org/abs/2307.06548 Multi-objective Evolutionary Search of Variable-length Composite Semantic Perturbations. (99%) Jialiang Suna; Wen Yao; Tingsong Jianga; Xiaoqian Chena http://arxiv.org/abs/2307.06608 Introducing Foundation Models as Surrogate Models: Advancing Towards More Practical Adversarial Attacks. (99%) Jiaming Zhang; Jitao Sang; Qi Yi; Changsheng Xu http://arxiv.org/abs/2307.06865 Effective Prompt Extraction from Language Models. (4%) Yiming Zhang; Nicholas Carlini; Daphne Ippolito http://arxiv.org/abs/2307.06966 Layer-wise Linear Mode Connectivity. (1%) Linara Adilova; Maksym Andriushchenko; Michael Kamp; Asja Fischer; Martin Jaggi http://arxiv.org/abs/2307.06796 Defeating Proactive Jammers Using Deep Reinforcement Learning for Resource-Constrained IoT Networks. (1%) Abubakar Sani Ali; Shimaa Naser; Sami Muhaidat http://arxiv.org/abs/2307.06695 Towards Traitor Tracing in Black-and-White-Box DNN Watermarking with Tardos-based Codes. (1%) Elena Rodriguez-Lois; Fernando Perez-Gonzalez http://arxiv.org/abs/2307.06484 Single-Class Target-Specific Attack against Interpretable Deep Learning Systems. (99%) Eldor Abdukhamidov; Mohammed Abuhamad; George K. Thiruvathukal; Hyoungshick Kim; Tamer Abuhmed http://arxiv.org/abs/2307.06496 Microbial Genetic Algorithm-based Black-box Attack against Interpretable Deep Learning Systems. (99%) Eldor Abdukhamidov; Mohammed Abuhamad; Simon S. Woo; Eric Chan-Tin; Tamer Abuhmed http://arxiv.org/abs/2307.06287 Rational Neural Network Controllers. (2%) Matthew Newton; Antonis Papachristodoulou http://arxiv.org/abs/2307.05946 A Bayesian approach to quantifying uncertainties and improving generalizability in traffic prediction models. (1%) Agnimitra Sengupta; Sudeepta Mondal; Adway Das; S. Ilgin Guler http://arxiv.org/abs/2307.06483 Misclassification in Automated Content Analysis Causes Bias in Regression. Can We Fix It? Yes We Can! (1%) Nathan TeBlunthuis; Valerie Hase; Chung-Hong Chan http://arxiv.org/abs/2307.05095 ATWM: Defense against adversarial malware based on adversarial training. (99%) Kun Li; Fan Zhang; Wei Guo http://arxiv.org/abs/2307.05193 Membership Inference Attacks on DNNs using Adversarial Perturbations. (89%) Hassan Ali; Adnan Qayyum; Ala Al-Fuqaha; Junaid Qadir http://arxiv.org/abs/2307.05397 On the Vulnerability of DeepFake Detectors to Attacks Generated by Denoising Diffusion Models. (10%) Marija Ivanovska; Vitomir Štruc http://arxiv.org/abs/2307.05772 Random-Set Convolutional Neural Network (RS-CNN) for Epistemic Deep Learning. (4%) Shireen Kudukkil Manchingal; Muhammad Mubashar; Kaizheng Wang; Keivan Shariatmadar; Fabio Cuzzolin http://arxiv.org/abs/2307.05422 Differential Analysis of Triggers and Benign Features for Black-Box DNN Backdoor Detection. (2%) Hao Fu; Prashanth Krishnamurthy; Siddharth Garg; Farshad Khorrami http://arxiv.org/abs/2307.05471 Scale Alone Does not Improve Mechanistic Interpretability in Vision Models. (1%) Roland S. Zimmermann; Thomas Klein; Wieland Brendel http://arxiv.org/abs/2307.05831 Memorization Through the Lens of Curvature of Loss Function Around Samples. (1%) Isha Garg; Deepak Ravikumar; Kaushik Roy http://arxiv.org/abs/2307.05842 The Butterfly Effect in Artificial Intelligence Systems: Implications for AI Bias and Fairness. (1%) Emilio Ferrara http://arxiv.org/abs/2307.04677 Practical Trustworthiness Model for DNN in Dedicated 6G Application. (33%) Anouar Nechi; Ahmed Mahmoudi; Christoph Herold; Daniel Widmer; Thomas Kürner; Mladen Berekovic; Saleh Mulhem http://arxiv.org/abs/2307.04596 Distill-SODA: Distilling Self-Supervised Vision Transformer for Source-Free Open-Set Domain Adaptation in Computational Pathology. (1%) Guillaume Vray; Devavrat Tomar; Jean-Philippe Thiran; Behzad Bozorgtabar http://arxiv.org/abs/2307.04099 GNP Attack: Transferable Adversarial Examples via Gradient Norm Penalty. (98%) Tao Wu; Tie Luo; Donald C. Wunsch http://arxiv.org/abs/2307.04333 Enhancing Adversarial Robustness via Score-Based Optimization. (98%) Boya Zhang; Weijian Luo; Zhihua Zhang http://arxiv.org/abs/2307.03903 Adversarial Self-Attack Defense and Spatial-Temporal Relation Mining for Visible-Infrared Video Person Re-Identification. (99%) Huafeng Li; Le Xu; Yafei Zhang; Dapeng Tao; Zhengtao Yu http://arxiv.org/abs/2307.04066 Random Position Adversarial Patch for Vision Transformers. (83%) Mingzhen Shao http://arxiv.org/abs/2307.04024 Robust Ranking Explanations. (38%) Chao Chen; Chenghua Guo; Guixiang Ma; Ming Zeng; Xi Zhang; Sihong Xie http://arxiv.org/abs/2307.03803 A Theoretical Perspective on Subnetwork Contributions to Adversarial Robustness. (81%) Jovon Craig; Josh Andle; Theodore S. Nowak; Salimeh Yasaei Sekeh http://arxiv.org/abs/2307.03798 Fooling Contrastive Language-Image Pre-trained Models with CLIPMasterPrints. (68%) Matthias Freiberger; Peter Kun; Christian Igel; Anders Sundnes Løvlie; Sebastian Risi http://arxiv.org/abs/2307.03694 Scalable Membership Inference Attacks via Quantile Regression. (33%) Martin Bertran; Shuai Tang; Michael Kearns; Jamie Morgenstern; Aaron Roth; Zhiwei Steven Wu http://arxiv.org/abs/2307.03838 RADAR: Robust AI-Text Detection via Adversarial Learning. (5%) Xiaomeng Hu; Pin-Yu Chen; Tsung-Yi Ho http://arxiv.org/abs/2307.12399 Generation of Time-Varying Impedance Attacks Against Haptic Shared Control Steering Systems. (1%) Alireza Mohammadi; Hafiz Malik http://arxiv.org/abs/2307.02828 Sampling-based Fast Gradient Rescaling Method for Highly Transferable Adversarial Attacks. (99%) Xu Han; Anmin Liu; Chenxuan Yao; Yanbo Fan; Kun He http://arxiv.org/abs/2307.02849 NatLogAttack: A Framework for Attacking Natural Language Inference Models with Natural Logic. (92%) Zi'ou Zheng; Xiaodan Zhu http://arxiv.org/abs/2307.03217 Quantification of Uncertainty with Adversarial Models. (68%) Kajetan Schweighofer; Lukas Aichberger; Mykyta Ielanskyi; Günter Klambauer; Sepp Hochreiter http://arxiv.org/abs/2307.03305 A Vulnerability of Attribution Methods Using Pre-Softmax Scores. (41%) Miguel Lerma; Mirtha Lucas http://arxiv.org/abs/2307.02881 Probabilistic and Semantic Descriptions of Image Manifolds and Their Applications. (8%) Peter Tu; Zhaoyuan Yang; Richard Hartley; Zhiwei Xu; Jing Zhang; Yiwei Fu; Dylan Campbell; Jaskirat Singh; Tianyu Wang http://arxiv.org/abs/2307.03132 T-MARS: Improving Visual Representations by Circumventing Text Feature Learning. (1%) Pratyush Maini; Sachin Goyal; Zachary C. Lipton; J. Zico Kolter; Aditi Raghunathan http://arxiv.org/abs/2307.02055 Adversarial Attacks on Image Classification Models: FGSM and Patch Attacks and their Impact. (98%) Jaydip Sen; Subhasis Dasgupta http://arxiv.org/abs/2307.02094 DARE: Towards Robust Text Explanations in Biomedical and Healthcare Applications. (69%) Adam Ivankay; Mattia Rigotti; Pascal Frossard http://arxiv.org/abs/2307.02347 Detecting Images Generated by Deep Diffusion Models using their Local Intrinsic Dimensionality. (67%) Peter Lorenz; Ricard Durall; Janis Keuper http://arxiv.org/abs/2307.02672 GIT: Detecting Uncertainty, Out-Of-Distribution and Adversarial Samples using Gradients and Invariance Transformations. (62%) Julia Lust; Alexandru P. Condurache http://arxiv.org/abs/2307.02569 Securing Cloud FPGAs Against Power Side-Channel Attacks: A Case Study on Iterative AES. (5%) Nithyashankari Gummidipoondi JV Jayasankaran; Hao JV Guo; Satwik JV Patnaik; JV Jeyavijayan; Rajendran; Jiang Hu http://arxiv.org/abs/2307.02202 On the Adversarial Robustness of Generative Autoencoders in the Latent Space. (3%) Mingfei Lu; Badong Chen http://arxiv.org/abs/2307.01488 SCAT: Robust Self-supervised Contrastive Learning via Adversarial Training for Text Classification. (99%) Junjie Wu; Dit-Yan Yeung http://arxiv.org/abs/2307.01520 LEAT: Towards Robust Deepfake Disruption in Real-World Scenarios via Latent Ensemble Attack. (83%) Joonkyo Shim; Hyunsoo Yoon http://arxiv.org/abs/2307.02500 Interpretable Computer Vision Models through Adversarial Training: Unveiling the Robustness-Interpretability Connection. (68%) Delyan Boychev http://arxiv.org/abs/2307.01610 Overconfidence is a Dangerous Thing: Mitigating Membership Inference Attacks by Enforcing Less Confident Prediction. (45%) Zitao Chen; Karthik Pattabiraman http://arxiv.org/abs/2307.01778 Physically Realizable Natural-Looking Clothing Textures Evade Person Detectors via 3D Modeling. (26%) Zhanhao Hu; Wenda Chu; Xiaopei Zhu; Hui Zhang; Bo Zhang; Xiaolin Hu http://arxiv.org/abs/2307.01565 An Analysis of Untargeted Poisoning Attack and Defense Methods for Federated Online Learning to Rank Systems. (13%) Shuyi Wang; Guido Zuccon http://arxiv.org/abs/2307.01570 Machine Learning-Based Intrusion Detection: Feature Selection versus Feature Extraction. (1%) Vu-Duc Ngo; Tuan-Cuong Vuong; Luong Thien Van; Hung Tran http://arxiv.org/abs/2307.01701 Synthetic is all you need: removing the auxiliary data assumption for membership inference attacks against synthetic data. (1%) Florent Guépin; Matthieu Meeus; Ana-Maria Cretu; Montjoye Yves-Alexandre de http://arxiv.org/abs/2307.01292 Pareto-Secure Machine Learning (PSML): Fingerprinting and Securing Inference Serving Systems. (99%) Debopam Georgia Institute of Technology Sanyal; Jui-Tse Georgia Institute of Technology Hung; Manav Georgia Institute of Technology Agrawal; Prahlad Georgia Institute of Technology Jasti; Shahab University of California, Riverside Nikkhoo; Somesh University of Wisconsin-Madison Jha; Tianhao University of Virginia Wang; Sibin George Washington University Mohan; Alexey Georgia Institute of Technology Tumanov http://arxiv.org/abs/2307.10184 A Dual Stealthy Backdoor: From Both Spatial and Frequency Perspectives. (83%) Yudong Gao; Honglong Chen; Peng Sun; Junjian Li; Anqing Zhang; Zhibo Wang http://arxiv.org/abs/2307.03197 Analyzing the vulnerabilities in SplitFed Learning: Assessing the robustness against Data Poisoning Attacks. (62%) Aysha Thahsin Zahir Ismail; Raj Mani Shukla http://arxiv.org/abs/2307.01073 What Distributions are Robust to Indiscriminate Poisoning Attacks for Linear Learners? (62%) Fnu Suya; Xiao Zhang; Yuan Tian; David Evans http://arxiv.org/abs/2307.01390 Adversarial Learning in Real-World Fraud Detection: Challenges and Perspectives. (45%) Danele Lunghi; Alkis Simitsis; Olivier Caelen; Gianluca Bontempi http://arxiv.org/abs/2307.00823 Analysis of Task Transferability in Large Pre-trained Classifiers. (13%) Akshay Mehra; Yunbei Zhang; Jihun Hamm http://arxiv.org/abs/2307.00907 Enhancing the Robustness of QMIX against State-adversarial Attacks. (4%) Weiran Guo; Guanjun Liu; Ziyuan Zhou; Ling Wang; Jiacun Wang http://arxiv.org/abs/2307.00934 Towards Building Self-Aware Object Detectors via Reliable Uncertainty Quantification and Calibration. (1%) Kemal Oksuz; Tom Joy; Puneet K. Dokania http://arxiv.org/abs/2307.00477 Query-Efficient Decision-based Black-Box Patch Attack. (99%) Zhaoyu Chen; Bo Li; Shuang Wu; Shouhong Ding; Wenqiang Zhang http://arxiv.org/abs/2307.01225 Interpretability and Transparency-Driven Detection and Transformation of Textual Adversarial Examples (IT-DT). (99%) Bushra Sabir; M. Ali Babar; Sharif Abuadbba http://arxiv.org/abs/2307.00691 From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy. (10%) Maanak Gupta; CharanKumar Akiri; Kshitiz Aryal; Eli Parker; Lopamudra Praharaj http://arxiv.org/abs/2307.00680 CLIMAX: An exploration of Classifier-Based Contrastive Explanations. (2%) Praharsh Nanavati; Ranjitha Prasad http://arxiv.org/abs/2307.00274 Common Knowledge Learning for Generating Transferable Adversarial Examples. (99%) Ruijie Yang; Yuanfang Guo; Junfu Wang; Jiantao Zhou; Yunhong Wang http://arxiv.org/abs/2307.00309 Adversarial Attacks and Defenses on 3D Point Cloud Classification: A Survey. (99%) Hanieh Naderi; Ivan V. Bajić http://arxiv.org/abs/2307.00421 Brightness-Restricted Adversarial Attack Patch. (75%) Mingzhen Shao http://arxiv.org/abs/2307.00356 Fedward: Flexible Federated Backdoor Defense Framework with Non-IID Data. (54%) Zekai Chen; Fuyi Wang; Zhiwei Zheng; Ximeng Liu; Yujie Lin http://arxiv.org/abs/2307.00368 Minimizing Energy Consumption of Deep Learning Models by Energy-Aware Training. (26%) Dario Lazzaro; Antonio Emanuele Cinà; Maura Pintor; Ambra Demontis; Battista Biggio; Fabio Roli; Marcello Pelillo http://arxiv.org/abs/2307.00280 SysNoise: Exploring and Benchmarking Training-Deployment System Inconsistency. (13%) Yan Wang; Yuhang Li; Ruihao Gong; Aishan Liu; Yanfei Wang; Jian Hu; Yongqiang Yao; Yunchen Zhang; Tianzi Xiao; Fengwei Yu; Xianglong Liu http://arxiv.org/abs/2307.00310 Gradients Look Alike: Sensitivity is Often Overestimated in DP-SGD. (10%) Anvith Thudi; Hengrui Jia; Casey Meehan; Ilia Shumailov; Nicolas Papernot http://arxiv.org/abs/2307.00384 CasTGAN: Cascaded Generative Adversarial Network for Realistic Tabular Data Synthesis. (5%) Abdallah Alshantti; Damiano Varagnolo; Adil Rasheed; Aria Rahmati; Frank Westad http://arxiv.org/abs/2307.08672 FedDefender: Backdoor Attack Defense in Federated Learning. (2%) Waris Virginia Tech Gill; Ali University of Minnesota Twin Cities Anwar; Muhammad Ali Virginia Tech Gulzar http://arxiv.org/abs/2307.00268 Hiding in Plain Sight: Differential Privacy Noise Exploitation for Evasion-resilient Localized Poisoning Attacks in Multiagent Reinforcement Learning. (1%) Md Tamjid Hossain; Hung La http://arxiv.org/abs/2306.17431 Defense against Adversarial Cloud Attack on Remote Sensing Salient Object Detection. (99%) Huiming Sun; Lan Fu; Jinlong Li; Qing Guo; Zibo Meng; Tianyun Zhang; Yuewei Lin; Hongkai Yu http://arxiv.org/abs/2306.17441 Efficient Backdoor Removal Through Natural Gradient Fine-tuning. (8%) Nazmul Karim; Abdullah Al Arafat; Umar Khalid; Zhishan Guo; Naznin Rahnavard http://arxiv.org/abs/2306.17606 Minimum-norm Sparse Perturbations for Opacity in Linear Systems. (1%) Varkey M John; Vaibhav Katewa http://arxiv.org/abs/2306.16979 Defending Black-box Classifiers by Bayesian Boundary Correction. (99%) He Wang; Yunfeng Diao http://arxiv.org/abs/2306.16738 Towards Optimal Randomized Strategies in Adversarial Example Game. (96%) Jiahao Xie; Chao Zhang; Weijie Liu; Wensong Bai; Hui Qian http://arxiv.org/abs/2306.16697 Neural Polarizer: A Lightweight and Effective Backdoor Defense via Purifying Poisoned Features. (13%) Mingli Zhu; Shaokui Wei; Hongyuan Zha; Baoyuan Wu http://arxiv.org/abs/2306.16869 NeuralFuse: Learning to Recover the Accuracy of Access-Limited Neural Network Inference in Low-Voltage Regimes. (1%) Hao-Lun Sun; Lei Hsiung; Nandhini Chandramoorthy; Pin-Yu Chen; Tsung-Yi Ho http://arxiv.org/abs/2306.16170 Mitigating the Accuracy-Robustness Trade-off via Multi-Teacher Adversarial Distillation. (99%) Shiji Zhao; Xizhe Wang; Xingxing Wei http://arxiv.org/abs/2306.15931 Boosting Adversarial Transferability with Learnable Patch-wise Masks. (99%) Xingxing Wei; Shiji Zhao http://arxiv.org/abs/2306.16050 Evaluating Similitude and Robustness of Deep Image Denoising Models via Adversarial Attack. (99%) Jie Ning; Yao Li; Zhichang Guo http://arxiv.org/abs/2306.16614 Group-based Robustness: A General Framework for Customized Robustness in the Real World. (98%) Weiran Lin; Keane Lucas; Neo Eyal; Lujo Bauer; Michael K. Reiter; Mahmood Sharif http://arxiv.org/abs/2306.16131 Distributional Modeling for Location-Aware Adversarial Patches. (98%) Xingxing Wei; Shouwei Ruan; Yinpeng Dong; Hang Su http://arxiv.org/abs/2306.16022 Enrollment-stage Backdoor Attacks on Speaker Recognition Systems via Adversarial Ultrasound. (98%) Xinfeng Li; Junning Ze; Chen Yan; Yushi Cheng; Xiaoyu Ji; Wenyuan Xu http://arxiv.org/abs/2306.16581 Does Saliency-Based Training bring Robustness for Deep Neural Networks in Image Classification? (93%) Ali Karkehabadi http://arxiv.org/abs/2306.16415 On Practical Aspects of Aggregation Defenses against Data Poisoning Attacks. (50%) Wenxiao Wang; Soheil Feizi http://arxiv.org/abs/2306.17194 On the Exploitability of Instruction Tuning. (13%) Manli Shu; Jiongxiao Wang; Chen Zhu; Jonas Geiping; Chaowei Xiao; Tom Goldstein http://arxiv.org/abs/2306.15451 Advancing Adversarial Training by Injecting Booster Signal. (98%) Hong Joo Lee; Youngjoon Yu; Yong Man Ro http://arxiv.org/abs/2306.15755 IMPOSITION: Implicit Backdoor Attack through Scenario Injection. (96%) Mozhgan Pourkeshavarz; Mohammad Sabokrou; Amir Rasouli http://arxiv.org/abs/2306.15427 Adversarial Training for Graph Neural Networks: Pitfalls, Solutions, and New Directions. (92%) Lukas Gosch; Simon Geisler; Daniel Sturm; Bertrand Charpentier; Daniel Zügner; Stephan Günnemann http://arxiv.org/abs/2306.15457 Robust Proxy: Improving Adversarial Robustness by Robust Proxy Learning. (89%) Hong Joo Lee; Yong Man Ro http://arxiv.org/abs/2306.15363 Your Attack Is Too DUMB: Formalizing Attacker Scenarios for Adversarial Transferability. (87%) Marco Alecci; Mauro Conti; Francesco Marchiori; Luca Martinelli; Luca Pajola http://arxiv.org/abs/2306.15221 [Re] Double Sampling Randomized Smoothing. (69%) Aryan Gupta; Sarthak Gupta; Abhay Kumar; Harsh Dugar http://arxiv.org/abs/2306.15482 Cooperation or Competition: Avoiding Player Domination for Multi-Target Robustness via Adaptive Budgets. (68%) Yimu Wang; Dinghuai Zhang; Yihan Wu; Heng Huang; Hongyang Zhang http://arxiv.org/abs/2306.15248 Catch Me If You Can: A New Low-Rate DDoS Attack Strategy Disguised by Feint. (26%) Tianyang Cai; Yuqi Li; Tao Jia; Leo Yu Zhang; Zheng Yang http://arxiv.org/abs/2306.16526 Shilling Black-box Review-based Recommender Systems through Fake Review Generation. (1%) Hung-Yun Chiang; Yi-Syuan Chen; Yun-Zhu Song; Hong-Han Shuai; Jason S. Chang http://arxiv.org/abs/2306.15705 On the Universal Adversarial Perturbations for Efficient Data-free Adversarial Detection. (99%) Songyang Gao; Shihan Dou; Qi Zhang; Xuanjing Huang; Jin Ma; Ying Shan http://arxiv.org/abs/2306.15447 Are aligned neural networks adversarially aligned? (99%) Nicholas Carlini; Milad Nasr; Christopher A. Choquette-Choo; Matthew Jagielski; Irena Gao; Anas Awadalla; Pang Wei Koh; Daphne Ippolito; Katherine Lee; Florian Tramer; Ludwig Schmidt http://arxiv.org/abs/2306.14609 The race to robustness: exploiting fragile models for urban camouflage and the imperative for machine learning security. (92%) Harriet Farlow; Matthew Garratt; Gavin Mount; Tim Lynar http://arxiv.org/abs/2306.14640 3D-Aware Adversarial Makeup Generation for Facial Privacy Protection. (92%) Yueming Lyu; Yue Jiang; Ziwen He; Bo Peng; Yunfan Liu; Jing Dong http://arxiv.org/abs/2306.15044 Towards Sybil Resilience in Decentralized Learning. (80%) Thomas Werthenbach; Johan Pouwelse http://arxiv.org/abs/2306.14782 On the Resilience of Machine Learning-Based IDS for Automotive Networks. (78%) Ivo Zenden; Han Wang; Alfonso Iacovazzi; Arash Vahidi; Rolf Blom; Shahid Raza http://arxiv.org/abs/2306.15164 DSRM: Boost Textual Adversarial Training with Distribution Shift Risk Minimization. (75%) Songyang Gao; Shihan Dou; Yan Liu; Xiao Wang; Qi Zhang; Zhongyu Wei; Jin Ma; Ying Shan http://arxiv.org/abs/2306.14672 PWSHAP: A Path-Wise Explanation Model for Targeted Variables. (8%) Lucile Ter-Minassian; Oscar Clivio; Karla Diaz-Ordaz; Robin J. Evans; Chris Holmes http://arxiv.org/abs/2306.14262 A Spectral Perspective towards Understanding and Improving Adversarial Robustness. (99%) Binxiao Huang; Rui Lin; Chaofan Tao; Ngai Wong http://arxiv.org/abs/2306.14217 On Evaluating the Adversarial Robustness of Semantic Segmentation Models. (99%) Levente Halmosi; Mark Jelasity http://arxiv.org/abs/2306.14126 Robust Spatiotemporal Traffic Forecasting with Reinforced Dynamic Adversarial Training. (98%) Fan Liu; Weijia Zhang; Hao Liu http://arxiv.org/abs/2306.14275 Enhancing Adversarial Training via Reweighting Optimization Trajectory. (97%) Tianjin Huang; Shiwei Liu; Tianlong Chen; Meng Fang; Li Shen; Vlaod Menkovski; Lu Yin; Yulong Pei; Mykola Pechenizkiy http://arxiv.org/abs/2306.14321 RobuT: A Systematic Study of Table QA Robustness Against Human-Annotated Adversarial Perturbations. (87%) Yilun Zhao; Chen Zhao; Linyong Nan; Zhenting Qi; Wenlin Zhang; Xiangru Tang; Boyu Mi; Dragomir Radev http://arxiv.org/abs/2306.14326 Computational Asymmetries in Robust Classification. (80%) Samuele Marro; Michele Lombardi http://arxiv.org/abs/2306.13965 Boosting Model Inversion Attacks with Adversarial Examples. (98%) Shuai Zhou; Tianqing Zhu; Dayong Ye; Xin Yu; Wanlei Zhou http://arxiv.org/abs/2306.14043 Machine Learning needs Better Randomness Standards: Randomised Smoothing and PRNG-based attacks. (98%) Pranav Dahiya; Ilia Shumailov; Ross Anderson http://arxiv.org/abs/2306.13854 Similarity Preserving Adversarial Graph Contrastive Learning. (96%) Yeonjun In; Kanghoon Yoon; Chanyoung Park http://arxiv.org/abs/2306.14040 Weighted Automata Extraction and Explanation of Recurrent Neural Networks for Natural Language Tasks. (70%) Zeming Wei; Xiyue Zhang; Yihao Zhang; Meng Sun http://arxiv.org/abs/2306.13587 Creating Valid Adversarial Examples of Malware. (99%) Matouš Kozák; Martin Jureček; Mark Stamp; Troia Fabio Di http://arxiv.org/abs/2306.13614 Adversarial Robustness Certification for Bayesian Neural Networks. (92%) Matthew Wicker; Andrea Patane; Luca Laurenti; Marta Kwiatkowska http://arxiv.org/abs/2306.13800 A First Order Meta Stackelberg Method for Robust Federated Learning. (10%) Yunian Pan; Tao Li; Henger Li; Tianyi Xu; Zizhan Zheng; Quanyan Zhu http://arxiv.org/abs/2306.13213 Visual Adversarial Examples Jailbreak Large Language Models. (99%) Xiangyu Qi; Kaixuan Huang; Ashwinee Panda; Mengdi Wang; Prateek Mittal http://arxiv.org/abs/2306.12688 Towards quantum enhanced adversarial robustness in machine learning. (99%) Maxwell T. West; Shu-Lok Tsang; Jia S. Low; Charles D. Hill; Christopher Leckie; Lloyd C. L. Hollenberg; Sarah M. Erfani; Muhammad Usman http://arxiv.org/abs/2306.12685 Rethinking the Backward Propagation for Adversarial Transferability. (99%) Xiaosen Wang; Kangheng Tong; Kun He http://arxiv.org/abs/2306.13091 Evading Forensic Classifiers with Attribute-Conditioned Adversarial Faces. (96%) Fahad Shamshad; Koushik Srivatsan; Karthik Nandakumar http://arxiv.org/abs/2306.13119 Adversarial Resilience in Sequential Prediction via Abstention. (93%) Surbhi Goel; Steve Hanneke; Shay Moran; Abhishek Shetty http://arxiv.org/abs/2306.13236 Document Image Cleaning using Budget-Aware Black-Box Approximation. (92%) Ganesh Tata; Katyani Singh; Oeveren Eric Van; Nilanjan Ray http://arxiv.org/abs/2306.13157 Anticipatory Thinking Challenges in Open Worlds: Risk Management. (81%) Adam Amos-Binks; Dustin Dannenhauer; Leilani H. Gilpin http://arxiv.org/abs/2306.12941 Robust Semantic Segmentation: Strong Adversarial Attacks and Fast Training of Robust Models. (75%) Francesco Croce; Naman D Singh; Matthias Hein http://arxiv.org/abs/2306.13273 A First Order Meta Stackelberg Method for Robust Federated Learning (Technical Report). (33%) Henger Li; Tianyi Xu; Tao Li; Yunian Pan; Quanyan Zhu; Zizhan Zheng http://arxiv.org/abs/2306.13033 Impacts and Risk of Generative AI Technology on Cyber Defense. (4%) Subash Neupane; Ivan A. Fernandez; Sudip Mittal; Shahram Rahimi http://arxiv.org/abs/2306.12161 Adversarial Attacks Neutralization via Data Set Randomization. (99%) Mouna Rabhi; Pietro Roberto Di http://arxiv.org/abs/2306.12111 A Comprehensive Study on the Robustness of Image Classification and Object Detection in Remote Sensing: Surveying and Benchmarking. (92%) Shaohui Mei; Jiawei Lian; Xiaofei Wang; Yuru Su; Mingyang Ma; Lap-Pui Chau http://arxiv.org/abs/2306.12043 Sample Attackability in Natural Language Adversarial Attacks. (92%) Vyas Raina; Mark Gales http://arxiv.org/abs/2306.12610 Revisiting Image Classifier Training for Improved Certified Robust Defense against Adversarial Patches. (76%) Aniruddha Saha; Shuhua Yu; Arash Norouzzadeh; Wan-Yi Lin; Chaithanya Kumar Mummadi http://arxiv.org/abs/2306.12608 DP-BREM: Differentially-Private and Byzantine-Robust Federated Learning with Client Momentum. (47%) Xiaolan Gu; Ming Li; Li Xiong http://arxiv.org/abs/2306.12517 FFCV: Accelerating Training by Removing Data Bottlenecks. (3%) Guillaume Leclerc; Andrew Ilyas; Logan Engstrom; Sung Min Park; Hadi Salman; Aleksander Madry http://arxiv.org/abs/2306.11322 Reversible Adversarial Examples with Beam Search Attack and Grayscale Invariance. (99%) Haodong Zhang; Chi Man Pun; Xia Du http://arxiv.org/abs/2306.11974 Universal adversarial perturbations for multiple classification tasks with quantum classifiers. (99%) Yun-Zhong Qiu http://arxiv.org/abs/2306.11990 Physics-constrained Attack against Convolution-based Human Motion Prediction. (99%) Chengxu Duan; Zhicheng Zhang; Xiaoli Liu; Yonghao Dang; Jianqin Yin http://arxiv.org/abs/2306.11338 FDInet: Protecting against DNN Model Extraction via Feature Distortion Index. (50%) Hongwei Yao; Zheng Li; Haiqin Weng; Feng Xue; Kui Ren; Zhan Qin http://arxiv.org/abs/2306.11698 DecodingTrust: A Comprehensive Assessment of Trustworthiness in GPT Models. (33%) Boxin Wang; Weixin Chen; Hengzhi Pei; Chulin Xie; Mintong Kang; Chenhui Zhang; Chejian Xu; Zidi Xiong; Ritik Dutta; Rylan Schaeffer; Sang T. Truong; Simran Arora; Mantas Mazeika; Dan Hendrycks; Zinan Lin; Yu Cheng; Sanmi Koyejo; Dawn Song; Bo Li http://arxiv.org/abs/2306.11797 Towards a robust and reliable deep learning approach for detection of compact binary mergers in gravitational wave data. (3%) Shreejit Jadhav; Mihir Shrivastava; Sanjit Mitra http://arxiv.org/abs/2306.11291 Mitigating Speculation-based Attacks through Configurable Hardware/Software Co-design. (1%) Ali Hajiabadi; Archit Agarwal; Andreas Diavastos; Trevor E. Carlson http://arxiv.org/abs/2306.11925 LVM-Med: Learning Large-Scale Self-Supervised Vision Models for Medical Imaging via Second-order Graph Matching. (1%) Duy M. H. Nguyen; Hoang Nguyen; Nghiem T. Diep; Tan N. Pham; Tri Cao; Binh T. Nguyen; Paul Swoboda; Nhat Ho; Shadi Albarqouni; Pengtao Xie; Daniel Sonntag; Mathias Niepert http://arxiv.org/abs/2306.11261 Comparative Evaluation of Recent Universal Adversarial Perturbations in Image Classification. (99%) Juanjuan Weng; Zhiming Luo; Dazhen Lin; Shaozi Li http://arxiv.org/abs/2306.11066 Adversarial Robustness of Prompt-based Few-Shot Learning for Natural Language Understanding. (75%) Venkata Prabhakara Sarath Nookala; Gaurav Verma; Subhabrata Mukherjee; Srijan Kumar http://arxiv.org/abs/2306.11035 Adversarial Training Should Be Cast as a Non-Zero-Sum Game. (73%) Alexander Robey; Fabian Latorre; George J. Pappas; Hamed Hassani; Volkan Cevher http://arxiv.org/abs/2306.10963 Eigenpatches -- Adversarial Patches from Principal Components. (38%) Jens Bayer; Stefan Becker; David Münch; Michael Arens http://arxiv.org/abs/2306.10746 Practical and General Backdoor Attacks against Vertical Federated Learning. (13%) Yuexin Xuan; Xiaojun Chen; Zhendong Zhao; Bisheng Tang; Ye Dong http://arxiv.org/abs/2306.10742 BNN-DP: Robustness Certification of Bayesian Neural Networks via Dynamic Programming. (5%) Steven Adams; Andrea Patane; Morteza Lahijanian; Luca Laurenti http://arxiv.org/abs/2306.10309 Edge Learning for 6G-enabled Internet of Things: A Comprehensive Survey of Vulnerabilities, Datasets, and Defenses. (98%) Mohamed Amine Ferrag; Othmane Friha; Burak Kantarci; Norbert Tihanyi; Lucas Cordeiro; Merouane Debbah; Djallel Hamouda; Muna Al-Hawawreh; Kim-Kwang Raymond Choo http://arxiv.org/abs/2306.10426 Understanding Certified Training with Interval Bound Propagation. (38%) Yuhao Mao; Mark Niklas Müller; Marc Fischer; Martin Vechev http://arxiv.org/abs/2306.10392 GlyphNet: Homoglyph domains dataset and detection using attention-based Convolutional Neural Networks. (9%) Akshat Gupta; Laxman Singh Tomar; Ridhima Garg http://arxiv.org/abs/2306.10351 Bkd-FedGNN: A Benchmark for Classification Backdoor Attacks on Federated Graph Neural Network. (1%) Fan Liu; Siqi Lai; Yansong Ning; Hao Liu http://arxiv.org/abs/2306.09844 Wasserstein distributional robustness of neural networks. (99%) Xingjian Bai; Guangyi He; Yifan Jiang; Jan Obloj http://arxiv.org/abs/2306.09925 Query-Free Evasion Attacks Against Machine Learning-Based Malware Detectors with Generative Adversarial Networks. (99%) Daniel Gibert; Jordi Planes; Quan Le; Giulio Zizzo http://arxiv.org/abs/2306.09951 You Don't Need Robust Machine Learning to Manage Adversarial Attack Risks. (98%) Edward Raff; Michel Benaroch; Andrew L. Farris http://arxiv.org/abs/2306.09949 Towards Better Certified Segmentation via Diffusion Models. (73%) Othmane Laousy; Alexandre Araujo; Guillaume Chassagnon; Marie-Pierre Revel; Siddharth Garg; Farshad Khorrami; Maria Vakalopoulou http://arxiv.org/abs/2306.09977 Adversarially robust clustering with optimality guarantees. (4%) Soham Jana; Kun Yang; Sanjeev Kulkarni http://arxiv.org/abs/2306.10008 CLIP2Protect: Protecting Facial Privacy using Text-Guided Makeup via Adversarial Latent Search. (1%) Fahad Shamshad; Muzammal Naseer; Karthik Nandakumar http://arxiv.org/abs/2306.09124 DIFFender: Diffusion-Based Adversarial Defense against Patch Attacks in the Physical World. (99%) Caixin Kang; Yinpeng Dong; Zhengyi Wang; Shouwei Ruan; Hang Su; Xingxing Wei http://arxiv.org/abs/2306.13215 OVLA: Neural Network Ownership Verification using Latent Watermarks. (64%) Feisi Fu; Wenchao Li http://arxiv.org/abs/2306.13103 Evaluating the Robustness of Text-to-image Diffusion Models against Real-world Attacks. (62%) Hongcheng Gao; Hao Zhang; Yinpeng Dong; Zhijie Deng http://arxiv.org/abs/2306.09104 On Strengthening and Defending Graph Reconstruction Attack with Markov Chain Approximation. (33%) Zhanke Zhou; Chenyu Zhou; Xuan Li; Jiangchao Yao; Quanming Yao; Bo Han http://arxiv.org/abs/2306.09278 Robustness Analysis on Foundational Segmentation Models. (11%) Madeline Chantry Schiappa; Sachidanand VS; Yunhao Ge; Ondrej Miksik; Yogesh S. Rawat; Vibhav Vineet http://arxiv.org/abs/2306.09442 Explore, Establish, Exploit: Red Teaming Language Models from Scratch. (1%) Stephen Casper; Jason Lin; Joe Kwon; Gatlen Culp; Dylan Hadfield-Menell http://arxiv.org/abs/2306.08929 Community Detection Attack against Collaborative Learning-based Recommender Systems. (1%) Yacine Belal; Sonia Ben Mokhtar; Mohamed Maouche; Anthony Simonet-Boulogne http://arxiv.org/abs/2306.09206 Concealing CAN Message Sequences to Prevent Schedule-based Bus-off Attacks. (1%) Sunandan Adhikary; Ipsita Koley; Arkaprava Sain; Soumyadeep das; Shuvam Saha; Soumyajit Dey http://arxiv.org/abs/2306.08565 Reliable Evaluation of Adversarial Transferability. (99%) Wenqian Yu; Jindong Gu; Zhijiang Li; Philip Torr http://arxiv.org/abs/2306.08492 A Relaxed Optimization Approach for Adversarial Attacks against Neural Machine Translation Models. (99%) Sahar Sadrizadeh; Clément Barbier; Ljiljana Dolamic; Pascal Frossard http://arxiv.org/abs/2306.08422 X-Detect: Explainable Adversarial Patch Detection for Object Detectors in Retail. (98%) Omer Hofman; Amit Giloni; Yarin Hayun; Ikuya Morikawa; Toshiya Shimizu; Yuval Elovici; Asaf Shabtai http://arxiv.org/abs/2306.08656 Augment then Smooth: Reconciling Differential Privacy with Certified Robustness. (98%) Jiapeng Wu; Atiyeh Ashari Ghomi; David Glukhov; Jesse C. Cresswell; Franziska Boenisch; Nicolas Papernot http://arxiv.org/abs/2306.08386 Efficient Backdoor Attacks for Deep Neural Networks in Real-world Scenarios. (83%) Ziqiang Li; Hong Sun; Pengfei Xia; Heng Li; Beihao Xia; Yi Wu; Bin Li http://arxiv.org/abs/2306.08604 A Unified Framework of Graph Information Bottleneck for Robustness and Membership Privacy. (75%) Enyan Dai; Limeng Cui; Zhengyang Wang; Xianfeng Tang; Yinghan Wang; Monica Cheng; Bing Yin; Suhang Wang http://arxiv.org/abs/2306.08257 On the Robustness of Latent Diffusion Models. (73%) Jianping Zhang; Zhuoer Xu; Shiwen Cui; Changhua Meng; Weibin Wu; Michael R. Lyu http://arxiv.org/abs/2306.08313 A Proxy Attack-Free Strategy for Practically Improving the Poisoning Efficiency in Backdoor Attacks. (38%) Ziqiang Li; Hong Sun; Pengfei Xia; Beihao Xia; Xue Rui; Wei Zhang; Qinglang Guo; Bin Li http://arxiv.org/abs/2306.08751 Improving Selective Visual Question Answering by Learning from Your Peers. (1%) Corentin Dancette; Spencer Whitehead; Rishabh Maheshwary; Ramakrishna Vedantam; Stefan Scherer; Xinlei Chen; Matthieu Cord; Marcus Rohrbach http://arxiv.org/abs/2306.07723 Theoretical Foundations of Adversarially Robust Learning. (99%) Omar Montasser http://arxiv.org/abs/2306.07796 Finite Gaussian Neurons: Defending against adversarial attacks by making neural networks say "I don't know". (99%) Felix Grezes http://arxiv.org/abs/2306.07591 I See Dead People: Gray-Box Adversarial Attack on Image-To-Text Models. (99%) Raz Lapid; Moshe Sipper http://arxiv.org/abs/2306.07713 Robustness of SAM: Segment Anything Under Corruptions and Beyond. (98%) Yu Qiao; Chaoning Zhang; Taegoo Kang; Donghun Kim; Chenshuang Zhang; Choong Seon Hong http://arxiv.org/abs/2306.07768 Area is all you need: repeatable elements make stronger adversarial attacks. (98%) Dillon Niederhut http://arxiv.org/abs/2306.07655 Malafide: a novel adversarial convolutive noise attack against deepfake and spoofing detection systems. (96%) Michele Panariello; Wanying Ge; Hemlata Tak; Massimiliano Todisco; Nicholas Evans http://arxiv.org/abs/2306.07613 Revisiting and Advancing Adversarial Training Through A Simple Baseline. (87%) Hong Liu http://arxiv.org/abs/2306.07754 Generative Watermarking Against Unauthorized Subject-Driven Image Synthesis. (78%) Yihan Ma; Zhengyu Zhao; Xinlei He; Zheng Li; Michael Backes; Yang Zhang http://arxiv.org/abs/2306.08011 Privacy Inference-Empowered Stealthy Backdoor Attack on Federated Learning under Non-IID Scenarios. (22%) Haochen Mei; Gaolei Li; Jun Wu; Longfei Zheng http://arxiv.org/abs/2306.08009 DHBE: Data-free Holistic Backdoor Erasing in Deep Neural Networks via Restricted Adversarial Distillation. (22%) Zhicong Yan; Shenghong Li; Ruijie Zhao; Yuan Tian; Yuanyuan Zhao http://arxiv.org/abs/2306.07883 Temporal Gradient Inversion Attacks with Robust Optimization. (8%) Bowen Li; Hanlin Gu; Ruoxin Chen; Jie Li; Chentao Wu; Na Ruan; Xueming Si; Lixin Fan http://arxiv.org/abs/2306.07685 Few-shot Multi-domain Knowledge Rearming for Context-aware Defence against Advanced Persistent Threats. (2%) Gaolei Li; Yuanyuan Zhao; Wenqi Wei; Yuchen Liu http://arxiv.org/abs/2306.07033 When Vision Fails: Text Attacks Against ViT and OCR. (99%) Nicholas Boucher; Jenny Blessing; Ilia Shumailov; Ross Anderson; Nicolas Papernot http://arxiv.org/abs/2306.07197 AROID: Improving Adversarial Robustness through Online Instance-wise Data Augmentation. (99%) Lin Li; Jianing Qiu; Michael Spratling http://arxiv.org/abs/2306.06995 How robust accuracy suffers from certified training with convex relaxations. (73%) Bartolomeis Piersilvio De; Jacob Clarysse; Amartya Sanyal; Fanny Yang http://arxiv.org/abs/2306.06909 Graph Agent Network: Empowering Nodes with Decentralized Communications Capabilities for Adversarial Resilience. (54%) Ao Liu; Wenshan Li; Tao Li; Beibei Li; Hanyuan Huang; Guangquan Xu; Pan Zhou http://arxiv.org/abs/2306.07178 Frequency-Based Vulnerability Analysis of Deep Learning Models against Image Corruptions. (13%) Harshitha Machiraju; Michael H. Herzog; Pascal Frossard http://arxiv.org/abs/2306.07462 On the Robustness of Removal-Based Feature Attributions. (11%) Chris Lin; Ian Covert; Su-In Lee http://arxiv.org/abs/2306.06874 VillanDiffusion: A Unified Backdoor Attack Framework for Diffusion Models. (1%) Sheng-Yen Chou; Pin-Yu Chen; Tsung-Yi Ho http://arxiv.org/abs/2306.07992 Securing Visually-Aware Recommender Systems: An Adversarial Image Reconstruction and Detection Framework. (99%) Minglei Yin; Bin Liu; Neil Zhenqiang Gong; Xin Li http://arxiv.org/abs/2306.06712 Neural Architecture Design and Robustness: A Dataset. (76%) Steffen Jung; Jovita Lukasik; Margret Keuper http://arxiv.org/abs/2306.06815 TrojLLM: A Black-box Trojan Prompt Attack on Large Language Models. (68%) Jiaqi Xue; Mengxin Zheng; Ting Hua; Yilin Shen; Yepeng Liu; Ladislau Boloni; Qian Lou http://arxiv.org/abs/2306.06462 Boosting Adversarial Robustness using Feature Level Stochastic Smoothing. (92%) Sravanti Addepalli; Samyak Jain; Gaurang Sriramanan; R. Venkatesh Babu http://arxiv.org/abs/2306.06359 NeRFool: Uncovering the Vulnerability of Generalizable Neural Radiance Fields against Adversarial Perturbations. (83%) Yonggan Fu; Ye Yuan; Souvik Kundu; Shang Wu; Shunyao Zhang; Yingyan Lin http://arxiv.org/abs/2306.06485 The Defense of Networked Targets in General Lotto games. (13%) Adel Aghajan; Keith Paarporn; Jason R. Marden http://arxiv.org/abs/2306.05873 Detecting Adversarial Directions in Deep Reinforcement Learning to Make Robust Decisions. (84%) Ezgi Korkmaz; Jonah Brown-Cohen http://arxiv.org/abs/2306.05923 When Authentication Is Not Enough: On the Security of Behavioral-Based Driver Authentication Systems. (70%) Emad Efatinasab; Francesco Marchiori; Denis Donadel; Alessandro Brighente; Mauro Conti http://arxiv.org/abs/2306.05952 Overcoming Adversarial Attacks for Human-in-the-Loop Applications. (45%) Ryan McCoppin; Marla Kennedy; Platon Lukyanenko; Sean Kennedy http://arxiv.org/abs/2306.05494 Adversarial Evasion Attacks Practicality in Networks: Testing the Impact of Dynamic Learning. (99%) Mohamed el Shehaby; Ashraf Matrawy http://arxiv.org/abs/2306.05225 Boosting Adversarial Transferability by Achieving Flat Local Maxima. (99%) Zhijin Ge; Hongying Liu; Xiaosen Wang; Fanhua Shang; Yuanyuan Liu http://arxiv.org/abs/2306.05659 COVER: A Heuristic Greedy Adversarial Attack on Prompt-based Learning in Language Models. (93%) Zihao Tan; Qingliang Chen; Wenbin Zhu; Yongjian Huang http://arxiv.org/abs/2306.05031 Generalizable Lightweight Proxy for Robust NAS against Diverse Perturbations. (83%) Hyeonjeong Ha; Minseon Kim; Sung Ju Hwang http://arxiv.org/abs/2306.04984 G$^2$uardFL: Safeguarding Federated Learning Against Backdoor Attacks through Attributed Client Graph Clustering. (62%) Hao Yu; Chuan Ma; Meng Liu; Xinwang Liu; Zhe Liu; Ming Ding http://arxiv.org/abs/2306.04971 A Melting Pot of Evolution and Learning. (41%) Moshe Sipper; Achiya Elyasaf; Tomer Halperin; Zvika Haramaty; Raz Lapid; Eyal Segal; Itai Tzruia; Snir Vitrack Tamam http://arxiv.org/abs/2306.04959 FedMLSecurity: A Benchmark for Attacks and Defenses in Federated Learning and LLMs. (13%) Shanshan Han; Baturalp Buyukates; Zijian Hu; Han Jin; Weizhao Jin; Lichao Sun; Xiaoyang Wang; Chulin Xie; Kai Zhang; Qifan Zhang; Yuhui Zhang; Chaoyang He; Salman Avestimehr http://arxiv.org/abs/2306.05208 PriSampler: Mitigating Property Inference of Diffusion Models. (13%) Hailong Hu; Jun Pang http://arxiv.org/abs/2306.05093 Investigating the Effect of Misalignment on Membership Privacy in the White-box Setting. (12%) Ana-Maria Cretu; Daniel Jones; Montjoye Yves-Alexandre de; Shruti Tople http://arxiv.org/abs/2306.06136 Robustness Testing for Multi-Agent Reinforcement Learning: State Perturbations on Critical Agents. (10%) Ziyuan Zhou; Guanjun Liu http://arxiv.org/abs/2306.04974 Conservative Prediction via Data-Driven Confidence Minimization. (8%) Caroline Choi; Fahim Tajwar; Yoonho Lee; Huaxiu Yao; Ananya Kumar; Chelsea Finn http://arxiv.org/abs/2306.05501 Robust Framework for Explanation Evaluation in Time Series Classification. (2%) Thu Trang Nguyen; Thach Le Nguyen; Georgiana Ifrim http://arxiv.org/abs/2306.05079 Enhancing Robustness of AI Offensive Code Generators via Data Augmentation. (2%) Cristina Improta; Pietro Liguori; Roberto Natella; Bojan Cukic; Domenico Cotroneo http://arxiv.org/abs/2306.04950 Open Set Relation Extraction via Unknown-Aware Training. (1%) Jun Zhao; Xin Zhao; Wenyu Zhan; Qi Zhang; Tao Gui; Zhongyu Wei; Yunwen Chen; Xiang Gao; Xuanjing Huang http://arxiv.org/abs/2306.04192 Extracting Cloud-based Model with Prior Knowledge. (99%) Shiqian Zhao; Kangjie Chen; Meng Hao; Jian Zhang; Guowen Xu; Hongwei Li; Tianwei Zhang http://arxiv.org/abs/2306.04874 Expanding Scope: Adapting English Adversarial Attacks to Chinese. (99%) Hanyu Liu; Chengyuan Cai; Yanjun Qi http://arxiv.org/abs/2306.04535 PromptAttack: Probing Dialogue State Trackers with Adversarial Prompts. (92%) Xiangjue Dong; Yun He; Ziwei Zhu; James Caverlee http://arxiv.org/abs/2306.04178 Optimal Transport Model Distributional Robustness. (83%) Van-Anh Nguyen; Trung Le; Anh Tuan Bui; Thanh-Toan Do; Dinh Phung http://arxiv.org/abs/2306.04528 PromptBench: Towards Evaluating the Robustness of Large Language Models on Adversarial Prompts. (76%) Kaijie Zhu; Jindong Wang; Jiaheng Zhou; Zichen Wang; Hao Chen; Yidong Wang; Linyi Yang; Wei Ye; Neil Zhenqiang Gong; Yue Zhang; Xing Xie http://arxiv.org/abs/2306.04756 A Linearly Convergent GAN Inversion-based Algorithm for Reverse Engineering of Deceptions. (45%) Darshan Thaker; Paris Giampouras; René Vidal http://arxiv.org/abs/2306.04431 Faithful Knowledge Distillation. (41%) Tom A. Lamb; Rudy Brunel; Krishnamurthy DJ Dvijotham; M. Pawan Kumar; Philip H. S. Torr; Francisco Eiras http://arxiv.org/abs/2306.04581 Divide and Repair: Using Options to Improve Performance of Imitation Learning Against Adversarial Demonstrations. (16%) Prithviraj Dasgupta http://arxiv.org/abs/2306.04523 Can current NLI systems handle German word order? Investigating language model performance on a new German challenge set of minimal pairs. (15%) Ines Reinig; Katja Markert http://arxiv.org/abs/2306.04252 Adversarial Sample Detection Through Neural Network Transport Dynamics. (10%) Skander Karkar; Patrick Gallinari; Alain Rakotomamonjy http://arxiv.org/abs/2306.03430 Revisiting the Trade-off between Accuracy and Robustness via Weight Distribution of Filters. (99%) Xingxing Wei; Shiji Zhao http://arxiv.org/abs/2306.03600 Avoid Adversarial Adaption in Federated Learning by Multi-Metric Investigations. (97%) Torsten University of Würzburg Krauß; Alexandra University of Würzburg Dmitrienko http://arxiv.org/abs/2306.04064 Transferable Adversarial Robustness for Categorical Data via Universal Robust Embeddings. (93%) Klim Kireev; Maksym Andriushchenko; Carmela Troncoso; Nicolas Flammarion http://arxiv.org/abs/2306.06123 Adversarial attacks and defenses in explainable artificial intelligence: A survey. (64%) Hubert Baniecki; Przemyslaw Biecek http://arxiv.org/abs/2306.03726 Exploring Model Dynamics for Accumulative Poisoning Discovery. (62%) Jianing Zhu; Xiawei Guo; Jiangchao Yao; Chao Du; Li He; Shuo Yuan; Tongliang Liu; Liang Wang; Bo Han http://arxiv.org/abs/2306.04109 Membership inference attack with relative decision boundary distance. (33%) JiaCheng Xu; ChengXiang Tan http://arxiv.org/abs/2306.03779 Performance-optimized deep neural networks are evolving into worse models of inferotemporal visual cortex. (8%) Drew Linsley; Ivan F. Rodriguez; Thomas Fel; Michael Arcaro; Saloni Sharma; Margaret Livingstone; Thomas Serre http://arxiv.org/abs/2306.03528 Adversarial Attacks and Defenses for Semantic Communication in Vehicular Metaverses. (1%) Jiawen Kang; Jiayi He; Hongyang Du; Zehui Xiong; Zhaohui Yang; Xumin Huang; Shengli Xie http://arxiv.org/abs/2306.03229 Adversarial alignment: Breaking the trade-off between the strength of an attack and its relevance to human perception. (99%) Drew Linsley; Pinyuan Feng; Thibaut Boissin; Alekh Karkada Ashok; Thomas Fel; Stephanie Olaiya; Thomas Serre http://arxiv.org/abs/2306.02895 Evading Black-box Classifiers Without Breaking Eggs. (99%) Edoardo Debenedetti; Nicholas Carlini; Florian Tramèr http://arxiv.org/abs/2306.02639 Evaluating robustness of support vector machines with the Lagrangian dual approach. (97%) Yuting Liu; Hong Gu; Pan Qin http://arxiv.org/abs/2306.03331 A Robust Likelihood Model for Novelty Detection. (93%) Ranya Almohsen; Shivang Patel; Donald A. Adjeroh; Gianfranco Doretto http://arxiv.org/abs/2306.02918 Adversarial Ink: Componentwise Backward Error Attacks on Deep Learning. (86%) Lucas Beerens; Desmond J. Higham http://arxiv.org/abs/2306.02618 Enhance Diffusion to Improve Robust Generalization. (76%) Jianhui Sun; Sanchit Sinha; Aidong Zhang http://arxiv.org/abs/2306.02980 KNOW How to Make Up Your Mind! Adversarially Detecting and Alleviating Inconsistencies in Natural Language Explanations. (68%) Myeongjun Jang; Bodhisattwa Prasad Majumder; Julian McAuley; Thomas Lukasiewicz; Oana-Maria Camburu http://arxiv.org/abs/2306.02583 Stable Diffusion is Unstable. (45%) Chengbin Du; Yanxi Li; Zhongwei Qiu; Chang Xu http://arxiv.org/abs/2306.02879 Neuron Activation Coverage: Rethinking Out-of-distribution Detection and Generalization. (1%) Yibing Liu; Chris Xing Tian; Haoliang Li; Lei Ma; Shiqi Wang http://arxiv.org/abs/2306.03269 Security Knowledge-Guided Fuzzing of Deep Learning Libraries. (1%) Nima Shiri Harzevili; Hung Viet Pham; Song Wang http://arxiv.org/abs/2306.02775 Input-gradient space particle inference for neural network ensembles. (1%) Trung Trinh; Markus Heinonen; Luigi Acerbi; Samuel Kaski http://arxiv.org/abs/2306.02488 Adversary for Social Good: Leveraging Adversarial Attacks to Protect Personal Attribute Privacy. (98%) Xiaoting Li; Lingwei Chen; Dinghao Wu http://arxiv.org/abs/2306.02482 Aerial Swarm Defense using Interception and Herding Strategies. (1%) Vishnu S. Chipade; Dimitra Panagou http://arxiv.org/abs/2306.02021 Towards Black-box Adversarial Example Detection: A Data Reconstruction-based Method. (99%) Yifei Gao; Zhiyu Lin; Yunfan Yang; Jitao Sang http://arxiv.org/abs/2306.02165 Learning to Defend by Attacking (and Vice-Versa): Transfer of Learning in Cybersecurity Games. (67%) Tyler Malloy; Cleotilde Gonzalez http://arxiv.org/abs/2306.02002 Can Directed Graph Neural Networks be Adversarially Robust? (56%) Zhichao Hou; Xitong Zhang; Wei Wang; Charu C. Aggarwal; Xiaorui Liu http://arxiv.org/abs/2306.02064 Flew Over Learning Trap: Learn Unlearnable Samples by Progressive Staged Training. (13%) Pucheng Dang; Xing Hu; Kaidi Xu; Jinhao Duan; Di Huang; Husheng Han; Rui Zhang; Zidong Du; Qi Guo; Yunji Chen http://arxiv.org/abs/2306.02080 Benchmarking Robustness of Adaptation Methods on Pre-trained Vision-Language Models. (1%) Shuo Chen; Jindong Gu; Zhen Han; Yunpu Ma; Philip Torr; Volker Tresp http://arxiv.org/abs/2306.01271 Towards Understanding Clean Generalization and Robust Overfitting in Adversarial Training. (99%) Binghui Li; Yuanzhi Li http://arxiv.org/abs/2306.01429 A Closer Look at the Adversarial Robustness of Deep Equilibrium Models. (92%) Zonghan Yang; Tianyu Pang; Yang Liu http://arxiv.org/abs/2306.01400 Adaptive Attractors: A Defense Strategy against ML Adversarial Collusion Attacks. (83%) Jiyi Zhang; Han Fang; Ee-Chien Chang http://arxiv.org/abs/2306.01655 Poisoning Network Flow Classifiers. (61%) Giorgio Severi; Simona Boboila; Alina Oprea; John Holodnak; Kendra Kratkiewicz; Jason Matterer http://arxiv.org/abs/2306.01613 Hyperparameter Learning under Data Poisoning: Analysis of the Influence of Regularization via Multiobjective Bilevel Optimization. (54%) Javier Carnerero-Cano; Luis Muñoz-González; Phillippa Spencer; Emil C. Lupu http://arxiv.org/abs/2306.01485 Robust low-rank training via approximate orthonormal constraints. (22%) Dayana Savostianova; Emanuele Zangrando; Gianluca Ceruti; Francesco Tudisco http://arxiv.org/abs/2306.01505 Supervised Adversarial Contrastive Learning for Emotion Recognition in Conversations. (13%) Dou Hu; Yinan Bao; Lingwei Wei; Wei Zhou; Songlin Hu http://arxiv.org/abs/2306.01435 Improving Adversarial Robustness of DEQs with Explicit Regulations Along the Neural Dynamics. (11%) Zonghan Yang; Peng Li; Tianyu Pang; Yang Liu http://arxiv.org/abs/2306.01342 Covert Communication Based on the Poisoning Attack in Federated Learning. (10%) Junchuan Liang; Rong Wang http://arxiv.org/abs/2306.01953 Invisible Image Watermarks Are Provably Removable Using Generative AI. (10%) Xuandong Zhao; Kexun Zhang; Zihao Su; Saastha Vasan; Ilya Grishchenko; Christopher Kruegel; Giovanni Vigna; Yu-Xiang Wang; Lei Li http://arxiv.org/abs/2306.01273 VoteTRANS: Detecting Adversarial Text without Training by Voting on Hard Labels of Transformations. (3%) Hoang-Quoc Nguyen-Son; Seira Hidano; Kazuhide Fukushima; Shinsaku Kiyomoto; Isao Echizen http://arxiv.org/abs/2306.01902 Unlearnable Examples for Diffusion Models: Protect Data from Unauthorized Exploitation. (2%) Zhengyue Zhao; Jinhao Duan; Xing Hu; Kaidi Xu; Chenan Wang; Rui Zhang; Zidong Du; Qi Guo; Yunji Chen http://arxiv.org/abs/2306.01697 MutateNN: Mutation Testing of Image Recognition Models Deployed on Hardware Accelerators. (1%) Nikolaos Louloudakis; Perry Gibson; José Cano; Ajitha Rajan http://arxiv.org/abs/2306.01364 Towards Robust GAN-generated Image Detection: a Multi-view Completion Representation. (1%) Chi Liu; Tianqing Zhu; Sheng Shen; Wanlei Zhou http://arxiv.org/abs/2306.01925 Improving the generalizability and robustness of large-scale traffic signal control. (1%) Tianyu Shi; Francois-Xavier Devailly; Denis Larocque; Laurent Charlin http://arxiv.org/abs/2306.01809 Adversarial Attack Based on Prediction-Correction. (99%) Chen Wan; Fangjun Huang http://arxiv.org/abs/2306.00353 Constructing Semantics-Aware Adversarial Examples with Probabilistic Perspective. (98%) Andi Zhang; Damon Wischik http://arxiv.org/abs/2306.01125 Reconstruction Distortion of Learned Image Compression with Imperceptible Perturbations. (96%) Yang Sui; Zhuohang Li; Ding Ding; Xiang Pan; Xiaozhong Xu; Shan Liu; Zhenzhong Chen http://arxiv.org/abs/2306.00974 Intriguing Properties of Text-guided Diffusion Models. (92%) Qihao Liu; Adam Kortylewski; Yutong Bai; Song Bai; Alan Yuille http://arxiv.org/abs/2306.00816 Robust Backdoor Attack with Visible, Semantic, Sample-Specific, and Compatible Triggers. (82%) Ruotong Wang; Hongrui Chen; Zihao Zhu; Li Liu; Yong Zhang; Yanbo Fan; Baoyuan Wu http://arxiv.org/abs/2306.01090 Improving the Robustness of Summarization Systems with Dual Augmentation. (76%) Xiuying Chen; Guodong Long; Chongyang Tao; Mingzhe Li; Xin Gao; Chengqi Zhang; Xiangliang Zhang http://arxiv.org/abs/2306.00687 Adversarial Robustness in Unsupervised Machine Learning: A Systematic Review. (38%) Mathias Lundteigen Mohus; Jinyue Li http://arxiv.org/abs/2306.00578 Does Black-box Attribute Inference Attacks on Graph Neural Networks Constitute Privacy Risk? (13%) Iyiola E. Olatunji; Anmar Hizber; Oliver Sihlovec; Megha Khosla http://arxiv.org/abs/2306.00349 CALICO: Self-Supervised Camera-LiDAR Contrastive Pre-training for BEV Perception. (13%) Jiachen Sun; Haizhong Zheng; Qingzhao Zhang; Atul Prakash; Z. Morley Mao; Chaowei Xiao http://arxiv.org/abs/2306.06112 ModelObfuscator: Obfuscating Model Information to Protect Deployed ML-based Systems. (4%) Mingyi Zhou; Xiang Gao; Jing Wu; John Grundy; Xiao Chen; Chunyang Chen; Li Li http://arxiv.org/abs/2305.19593 Exploring the Vulnerabilities of Machine Learning and Quantum Machine Learning to Adversarial Attacks using a Malware Dataset: A Comparative Analysis. (98%) Mst Shapna Akter; Hossain Shahriar; Iysa Iqbal; MD Hossain; M. A. Karim; Victor Clincy; Razvan Voicu http://arxiv.org/abs/2306.00042 Graph-based methods coupled with specific distributional distances for adversarial attack detection. (98%) Dwight Nwaigwe; Lucrezia Carboni; Martial Mermillod; Sophie Achard; Michel Dojat http://arxiv.org/abs/2306.00314 Adversarial-Aware Deep Learning System based on a Secondary Classical Machine Learning Verification Approach. (98%) Mohammed Alkhowaiter; Hisham Kholidy; Mnassar Alyami; Abdulmajeed Alghamdi; Cliff Zou http://arxiv.org/abs/2305.19607 Adversarial Clean Label Backdoor Attacks and Defenses on Text Classification Systems. (54%) Ashim Gupta; Amrith Krishna http://arxiv.org/abs/2305.20043 Deception by Omission: Using Adversarial Missingness to Poison Causal Structure Learning. (26%) Deniz Koyuncu; Alex Gittens; Bülent Yener; Moti Yung http://arxiv.org/abs/2305.19713 Red Teaming Language Model Detectors with Language Models. (15%) Zhouxing Shi; Yihan Wang; Fan Yin; Xiangning Chen; Kai-Wei Chang; Cho-Jui Hsieh http://arxiv.org/abs/2305.19774 Ambiguity in solving imaging inverse problems with deep learning based operators. (1%) Davide Evangelista; Elena Morotti; Elena Loli Piccolomini; James Nagy http://arxiv.org/abs/2305.19020 Pseudo-Siamese Network based Timbre-reserved Black-box Adversarial Attack in Speaker Identification. (99%) Qing Wang; Jixun Yao; Ziqian Wang; Pengcheng Guo; Lei Xie http://arxiv.org/abs/2305.19330 Breeding Machine Translations: Evolutionary approach to survive and thrive in the world of automated evaluation. (64%) Josef Jon; Ondřej Bojar http://arxiv.org/abs/2305.19101 Which Models have Perceptually-Aligned Gradients? An Explanation via Off-Manifold Robustness. (56%) Suraj Srinivas; Sebastian Bordt; Hima Lakkaraju http://arxiv.org/abs/2305.19521 Incremental Randomized Smoothing Certification. (33%) Shubham Ugare; Tarun Suresh; Debangshu Banerjee; Gagandeep Singh; Sasa Misailovic http://arxiv.org/abs/2305.19083 Defense Against Shortest Path Attacks. (16%) Benjamin A. Miller; Zohair Shafi; Wheeler Ruml; Yevgeniy Vorobeychik; Tina Eliassi-Rad; Scott Alfeld http://arxiv.org/abs/2305.18933 A Multilingual Evaluation of NER Robustness to Adversarial Inputs. (15%) Akshay Srinivasan; Sowmya Vajjala http://arxiv.org/abs/2305.18779 It begins with a boundary: A geometric view on probabilistically robust learning. (8%) Leon Bungert; Nicolás García Trillos; Matt Jacobs; Daniel McKenzie; Đorđe Nikolić; Qingsong Wang http://arxiv.org/abs/2305.19218 Adversarial Attacks on Online Learning to Rank with Stochastic Click Models. (2%) Zichen Wang; Rishab Balasubramanian; Hui Yuan; Chenyu Song; Mengdi Wang; Huazheng Wang http://arxiv.org/abs/2305.18840 Learning Perturbations to Explain Time Series Predictions. (1%) Joseph Enguehard http://arxiv.org/abs/2305.18503 From Adversarial Arms Race to Model-centric Evaluation: Motivating a Unified Automatic Robustness Evaluation Framework. (99%) Yangyi Chen; Hongcheng Gao; Ganqu Cui; Lifan Yuan; Dehan Kong; Hanlu Wu; Ning Shi; Bo Yuan; Longtao Huang; Hui Xue; Zhiyuan Liu; Maosong Sun; Heng Ji http://arxiv.org/abs/2305.17939 Fourier Analysis on Robustness of Graph Convolutional Neural Networks for Skeleton-based Action Recognition. (92%) Nariki Tanaka; Hiroshi Kera; Kazuhiko Kawamoto http://arxiv.org/abs/2305.18585 Exploiting Explainability to Design Adversarial Attacks and Evaluate Attack Resilience in Hate-Speech Detection Models. (92%) Pranath Reddy Kumbam; Sohaib Uddin Syed; Prashanth Thamminedi; Suhas Harish; Ian Perera; Bonnie J. Dorr http://arxiv.org/abs/2305.18651 UMD: Unsupervised Model Detection for X2X Backdoor Attacks. (81%) Zhen Xiang; Zidi Xiong; Bo Li http://arxiv.org/abs/2305.18462 Membership Inference Attacks against Language Models via Neighbourhood Comparison. (73%) Justus Mattern; Fatemehsadat Mireshghallah; Zhijing Jin; Bernhard Schölkopf; Mrinmaya Sachan; Taylor Berg-Kirkpatrick http://arxiv.org/abs/2306.05358 Trustworthy Sensor Fusion against Inaudible Command Attacks in Advanced Driver-Assistance System. (41%) Jiwei Guan; Lei Pan; Chen Wang; Shui Yu; Longxiang Gao; Xi Zheng http://arxiv.org/abs/2306.00010 Trainable and Explainable Simplicial Map Neural Networks. (41%) Eduardo Paluzo-Hidalgo; Miguel A. Gutiérrez-Naranjo; Rocio Gonzalez-Diaz http://arxiv.org/abs/2305.18543 Robust Lipschitz Bandits to Adversarial Corruptions. (11%) Yue Kang; Cho-Jui Hsieh; Thomas C. M. Lee http://arxiv.org/abs/2305.18216 Towards minimizing efforts for Morphing Attacks -- Deep embeddings for morphing pair selection and improved Morphing Attack Detection. (8%) Roman Kessler; Kiran Raja; Juan Tapia; Christoph Busch http://arxiv.org/abs/2305.17688 Amplification trojan network: Attack deep neural networks by amplifying their inherent weakness. (99%) Zhanhao Hu; Jun Zhu; Bo Zhang; Xiaolin Hu http://arxiv.org/abs/2305.17868 NaturalFinger: Generating Natural Fingerprint with Generative Adversarial Networks. (92%) Kang Yang; Kunhao Lai http://arxiv.org/abs/2305.18384 Backdoor Attacks Against Incremental Learners: An Empirical Evaluation Study. (41%) Yiqi Zhong; Xianming Liu; Deming Zhai; Junjun Jiang; Xiangyang Ji http://arxiv.org/abs/2305.17826 NOTABLE: Transferable Backdoor Attacks Against Prompt-based NLP Models. (38%) Kai Mei; Zheng Li; Zhenting Wang; Yang Zhang; Shiqing Ma http://arxiv.org/abs/2305.17667 Choose your Data Wisely: A Framework for Semantic Counterfactuals. (13%) Edmund Dervakos; Konstantinos Thomas; Giorgos Filandrianos; Giorgos Stamou http://arxiv.org/abs/2305.18377 BadLabel: A Robust Perspective on Evaluating and Enhancing Label-noise Learning. (5%) Jingfeng Zhang; Bo Song; Haohan Wang; Bo Han; Tongliang Liu; Lei Liu; Masashi Sugiyama http://arxiv.org/abs/2305.18440 Black-Box Anomaly Attribution. (1%) Tsuyoshi Idé; Naoki Abe http://arxiv.org/abs/2306.06071 Adversarial Attack On Yolov5 For Traffic And Road Sign Detection. (99%) Sanyam Jain http://arxiv.org/abs/2306.01762 Pre-trained transformer for adversarial purification. (99%) Kai Wu; Yujian Betterest Li; Xiaoyu Zhang; Handing Wang; Jing Liu http://arxiv.org/abs/2305.17528 Two Heads are Better than One: Towards Better Adversarial Robustness by Combining Transduction and Rejection. (98%) Nils Palumbo; Yang Guo; Xi Wu; Jiefeng Chen; Yingyu Liang; Somesh Jha http://arxiv.org/abs/2305.17440 Modeling Adversarial Attack on Pre-trained Language Models as Sequential Decision Making. (92%) Xuanjie Fang; Sijie Cheng; Yang Liu; Wei Wang http://arxiv.org/abs/2305.17438 On the Importance of Backbone to the Adversarial Robustness of Object Detectors. (83%) Xiao Li; Hang Chen; Xiaolin Hu http://arxiv.org/abs/2305.17380 No-Regret Online Reinforcement Learning with Adversarial Losses and Transitions. (2%) Tiancheng Jin; Junyan Liu; Chloé Rouyer; William Chang; Chen-Yu Wei; Haipeng Luo http://arxiv.org/abs/2305.17421 FoPro-KD: Fourier Prompted Effective Knowledge Distillation for Long-Tailed Medical Image Recognition. (1%) Marawan Elbatel; Robert Martí; Xiaomeng Li http://arxiv.org/abs/2305.16934 On Evaluating Adversarial Robustness of Large Vision-Language Models. (99%) Yunqing Zhao; Tianyu Pang; Chao Du; Xiao Yang; Chongxuan Li; Ngai-Man Cheung; Min Lin http://arxiv.org/abs/2305.17000 Leveraging characteristics of the output probability distribution for identifying adversarial audio examples. (98%) Matías P. Pizarro B.; Dorothea Kolossa; Asja Fischer http://arxiv.org/abs/2305.17342 Rethinking Adversarial Policies: A Generalized Attack Formulation and Provable Defense in Multi-Agent RL. (96%) Xiangyu Liu; Souradip Chakraborty; Yanchao Sun; Furong Huang http://arxiv.org/abs/2305.16998 A Tale of Two Approximations: Tightening Over-Approximation for DNN Robustness Verification via Under-Approximation. (45%) Zhiyi Xue; Si Liu; Zhaodi Zhang; Yiting Wu; Min Zhang http://arxiv.org/abs/2305.17071 Adversarial Attacks on Online Learning to Rank with Click Feedback. (38%) Jinhang Zuo; Zhiyao Zhang; Zhiyong Wang; Shuai Li; Mohammad Hajiesmaili; Adam Wierman http://arxiv.org/abs/2306.06075 DeepSeaNet: Improving Underwater Object Detection using EfficientDet. (2%) Sanyam Jain http://arxiv.org/abs/2305.16818 Trust-Aware Resilient Control and Coordination of Connected and Automated Vehicles. (1%) H M Sabbir Ahmad; Ehsan Sabouni; Wei Xiao; Christos G. Cassandras; Wenchao Li http://arxiv.org/abs/2305.16617 Efficient Detection of LLM-generated Texts with a Bayesian Surrogate Model. (1%) Zhijie Deng; Hongcheng Gao; Yibo Miao; Hao Zhang http://arxiv.org/abs/2305.15792 IDEA: Invariant Defense for Graph Adversarial Robustness. (99%) Shuchang Tao; Qi Cao; Huawei Shen; Yunfan Wu; Bingbing Xu; Xueqi Cheng http://arxiv.org/abs/2305.16444 Don't Retrain, Just Rewrite: Countering Adversarial Perturbations by Rewriting Text. (98%) Ashim Gupta; Carter Wood Blum; Temma Choji; Yingjie Fei; Shalin Shah; Alakananda Vempala; Vivek Srikumar http://arxiv.org/abs/2305.16494 Diffusion-Based Adversarial Sample Generation for Improved Stealthiness and Controllability. (98%) Haotian Xue; Alexandre Araujo; Bin Hu; Yongxin Chen http://arxiv.org/abs/2305.15709 PEARL: Preprocessing Enhanced Adversarial Robust Learning of Image Deraining for Semantic Segmentation. (96%) Xianghao Jiao; Yaohua Liu; Jiaxin Gao; Xinyuan Chu; Risheng Liu; Xin Fan http://arxiv.org/abs/2306.06107 Adversarial Attacks on Leakage Detectors in Water Distribution Networks. (86%) Paul Stahlhofen; André Artelt; Luca Hermes; Barbara Hammer http://arxiv.org/abs/2306.06081 CARSO: Counter-Adversarial Recall of Synthetic Observations. (86%) Emanuele Ballarin; Alessio Ansuini; Luca Bortolussi http://arxiv.org/abs/2305.16220 On the Robustness of Segment Anything. (73%) Yihao Huang; Yue Cao; Tianlin Li; Felix Juefei-Xu; Di Lin; Ivor W. Tsang; Yang Liu; Qing Guo http://arxiv.org/abs/2305.16035 Detecting Adversarial Data by Probing Multiple Perturbations Using Expected Perturbation Score. (67%) Shuhai Zhang; Feng Liu; Jiahao Yang; Yifan Yang; Changsheng Li; Bo Han; Mingkui Tan http://arxiv.org/abs/2305.15698 Rethinking Diversity in Deep Neural Network Testing. (50%) Zi Wang; Jihye Choi; Ke Wang; Somesh Jha http://arxiv.org/abs/2305.16503 IMBERT: Making BERT Immune to Insertion-based Backdoor Attacks. (13%) Xuanli He; Jun Wang; Benjamin Rubinstein; Trevor Cohn http://arxiv.org/abs/2305.16310 Securing Deep Generative Models with Universal Adversarial Signature. (2%) Yu Zeng; Mo Zhou; Yuan Xue; Vishal M. Patel http://arxiv.org/abs/2305.15775 Concept-Centric Transformers: Enhancing Model Interpretability through Object-Centric Concept Learning within a Shared Global Workspace. (1%) Jinyung Hong; Keun Hee Park; Theodore P. Pavlic http://arxiv.org/abs/2305.15587 How do humans perceive adversarial text? A reality check on the validity and naturalness of word-based adversarial attacks. (99%) Salijona Dyrmishi; Salah Ghamizi; Maxime Cordy http://arxiv.org/abs/2305.15241 Robust Classification via a Single Diffusion Model. (99%) Huanran Chen; Yinpeng Dong; Zhengyi Wang; Xiao Yang; Chengqi Duan; Hang Su; Jun Zhu http://arxiv.org/abs/2305.14846 Introducing Competition to Boost the Transferability of Targeted Adversarial Examples through Clean Feature Mixup. (99%) Junyoung Byun; Myung-Joon Kwon; Seungju Cho; Yoonji Kim; Changick Kim http://arxiv.org/abs/2305.15563 Fantastic DNN Classifiers and How to Identify them without Data. (91%) Nathaniel Dean; Dilip Sarkar http://arxiv.org/abs/2305.14950 Adversarial Demonstration Attacks on Large Language Models. (88%) Jiongxiao Wang; Zichen Liu; Keun Hee Park; Muhao Chen; Chaowei Xiao http://arxiv.org/abs/2305.15203 Relating Implicit Bias and Adversarial Attacks through Intrinsic Dimension. (86%) Lorenzo Basile; Nikos Karantzas; Alberto D'Onofrio; Luca Bortolussi; Alex Rodriguez; Fabio Anselmi http://arxiv.org/abs/2305.14700 AdvFunMatch: When Consistent Teaching Meets Adversarial Robustness. (76%) Ziuhi Wu; Haichang Gao; Bingqian Zhou; Ping Wang http://arxiv.org/abs/2305.14876 Reconstructive Neuron Pruning for Backdoor Defense. (75%) Yige Li; Xixiang Lyu; Xingjun Ma; Nodens Koren; Lingjuan Lyu; Bo Li; Yu-Gang Jiang http://arxiv.org/abs/2305.15119 Another Dead End for Morphological Tags? Perturbed Inputs and Parsing. (74%) Alberto Muñoz-Ortiz; David Vilares http://arxiv.org/abs/2305.14710 Instructions as Backdoors: Backdoor Vulnerabilities of Instruction Tuning for Large Language Models. (50%) Jiashu Xu; Mingyu Derek Ma; Fei Wang; Chaowei Xiao; Muhao Chen http://arxiv.org/abs/2305.14910 From Shortcuts to Triggers: Backdoor Defense with Denoised PoE. (47%) Qin Liu; Fei Wang; Chaowei Xiao; Muhao Chen http://arxiv.org/abs/2305.14763 Clever Hans or Neural Theory of Mind? Stress Testing Social Reasoning in Large Language Models. (22%) Natalie Shapira; Mosh Levy; Seyed Hossein Alavi; Xuhui Zhou; Yejin Choi; Yoav Goldberg; Maarten Sap; Vered Shwartz http://arxiv.org/abs/2305.14984 Adversarial robustness of amortized Bayesian inference. (11%) Manuel Glöckler; Michael Deistler; Jakob H. Macke http://arxiv.org/abs/2305.14851 Sharpness-Aware Data Poisoning Attack. (10%) Pengfei He; Han Xu; Jie Ren; Yingqian Cui; Hui Liu; Charu C. Aggarwal; Jiliang Tang http://arxiv.org/abs/2305.15508 How to fix a broken confidence estimator: Evaluating post-hoc methods for selective classification with deep neural networks. (3%) Luís Felipe P. Cattelan; Danilo Silva http://arxiv.org/abs/2305.14902 M4: Multi-generator, Multi-domain, and Multi-lingual Black-Box Machine-Generated Text Detection. (1%) Yuxia Wang; Jonibek Mansurov; Petar Ivanov; Jinyan Su; Artem Shelmanov; Akim Tsvigun; Chenxi Whitehouse; Osama Mohammed Afzal; Tarek Mahmoud; Toru Sasaki; Thomas Arnold; Alham Fikri Aji; Nizar Habash; Iryna Gurevych; Preslav Nakov http://arxiv.org/abs/2305.15047 Ghostbuster: Detecting Text Ghostwritten by Large Language Models. (1%) Vivek Verma; Eve Fleisig; Nicholas Tomlin; Dan Klein http://arxiv.org/abs/2305.14188 The Best Defense is a Good Offense: Adversarial Augmentation against Adversarial Attacks. (99%) Iuri Frosio; Jan Kautz http://arxiv.org/abs/2305.13678 Enhancing Accuracy and Robustness through Adversarial Training in Class Incremental Continual Learning. (99%) Minchan Kwon; Kangil Kim http://arxiv.org/abs/2305.14097 QFA2SR: Query-Free Adversarial Transfer Attacks to Speaker Recognition Systems. (98%) Guangke Chen; Yedi Zhang; Zhe Zhao; Fu Song http://arxiv.org/abs/2305.13991 Expressive Losses for Verified Robustness via Convex Combinations. (95%) Palma Alessandro De; Rudy Bunel; Krishnamurthy Dvijotham; M. Pawan Kumar; Robert Stanforth; Alessio Lomuscio http://arxiv.org/abs/2305.14165 Impact of Light and Shadow on Robustness of Deep Neural Networks. (87%) Chengyin Hu; Weiwen Shi; Chao Li; Jialiang Sun; Donghua Wang; Junqi Wu; Guijian Tang http://arxiv.org/abs/2305.14695 A Causal View of Entity Bias in (Large) Language Models. (10%) Fei Wang; Wenjie Mo; Yiwei Wang; Wenxuan Zhou; Muhao Chen http://arxiv.org/abs/2305.12906 Latent Magic: An Investigation into Adversarial Examples Crafted in the Semantic Latent Space. (99%) BoYang Zheng http://arxiv.org/abs/2305.12825 Uncertainty-based Detection of Adversarial Attacks in Semantic Segmentation. (99%) Kira Maag; Asja Fischer http://arxiv.org/abs/2305.12770 FGAM:Fast Adversarial Malware Generation Method Based on Gradient Sign. (98%) Kun Li; Fan Zhang; Wei Guo http://arxiv.org/abs/2305.13548 Attribute-Guided Encryption with Facial Texture Masking. (98%) Chun Pong Lau; Jiang Liu; Rama Chellappa http://arxiv.org/abs/2305.13625 DiffProtect: Generate Adversarial Examples with Diffusion Models for Facial Privacy Protection. (98%) Jiang Liu; Chun Pong Lau; Rama Chellappa http://arxiv.org/abs/2305.12872 Byzantine Robust Cooperative Multi-Agent Reinforcement Learning as a Bayesian Game. (93%) Simin Li; Jun Guo; Jingqiao Xiu; Xini Yu; Jiakai Wang; Aishan Liu; Yaodong Yang; Xianglong Liu http://arxiv.org/abs/2305.12863 Towards Benchmarking and Assessing Visual Naturalness of Physical World Adversarial Attacks. (88%) Simin Li; Shuing Zhang; Gujun Chen; Dong Wang; Pu Feng; Jiakai Wang; Aishan Liu; Xin Yi; Xianglong Liu http://arxiv.org/abs/2305.12859 Flying Adversarial Patches: Manipulating the Behavior of Deep Learning-based Autonomous Multirotors. (54%) Pia Hanfeld; Marina M. -C. Höhne; Michael Bussmann; Wolfgang Hönig http://arxiv.org/abs/2305.13508 DeepBern-Nets: Taming the Complexity of Certifying Neural Networks using Bernstein Polynomial Activations and Precise Bound Propagation. (50%) Haitham Khedr; Yasser Shoukry http://arxiv.org/abs/2305.12804 The defender's perspective on automatic speaker verification: An overview. (22%) Haibin Wu; Jiawen Kang; Lingwei Meng; Helen Meng; Hung-yi Lee http://arxiv.org/abs/2305.13584 Model Stealing Attack against Multi-Exit Networks. (10%) Li Pan; Lv Peizhuo; Chen Kai; Cai Yuling; Xiang Fan; Zhang Shengzhi http://arxiv.org/abs/2305.13651 Adversarial Defenses via Vector Quantization. (8%) Zhiyi Dong; Yongyi Mao http://arxiv.org/abs/2305.14384 Adversarial Nibbler: A Data-Centric Challenge for Improving the Safety of Text-to-Image Models. (2%) Alicia Parrish; Hannah Rose Kirk; Jessica Quaye; Charvi Rastogi; Max Bartolo; Oana Inel; Juan Ciro; Rafael Mosquera; Addison Howard; Will Cukierski; D. Sculley; Vijay Janapa Reddi; Lora Aroyo http://arxiv.org/abs/2305.13257 Watermarking Classification Dataset for Copyright Protection. (1%) Yixin Liu; Hongsheng Hu; Xun Chen; Xuyun Zhang; Lichao Sun http://arxiv.org/abs/2305.13535 Improving Classifier Robustness through Active Generation of Pairwise Counterfactuals. (1%) Ananth Balashankar; Xuezhi Wang; Yao Qin; Ben Packer; Nithum Thain; Jilin Chen; Ed H. Chi; Alex Beutel http://arxiv.org/abs/2305.13520 Tied-Augment: Controlling Representation Similarity Improves Data Augmentation. (1%) Emirhan Kurtulus; Zichao Li; Yann Dauphin; Ekin Dogus Cubuk http://arxiv.org/abs/2305.13605 Adaptive Face Recognition Using Adversarial Information Network. (1%) Mei Wang; Weihong Deng http://arxiv.org/abs/2305.12683 Mist: Towards Improved Adversarial Examples for Diffusion Models. (99%) Chumeng Liang; Xiaoyu Wu http://arxiv.org/abs/2305.12351 Are Your Explanations Reliable? Investigating the Stability of LIME in Explaining Text Classifiers by Marrying XAI and Adversarial Attack. (81%) Christopher Burger; Lingwei Chen; Thai Le http://arxiv.org/abs/2305.12590 FAQ: Mitigating the Impact of Faults in the Weight Memory of DNN Accelerators through Fault-Aware Quantization. (1%) Muhammad Abdullah Hanif; Muhammad Shafique http://arxiv.org/abs/2305.12228 Dynamic Transformers Provide a False Sense of Efficiency. (92%) Yiming Chen; Simin Chen; Zexin Li; Wei Yang; Cong Liu; Robby T. Tan; Haizhou Li http://arxiv.org/abs/2305.12118 Annealing Self-Distillation Rectification Improves Adversarial Training. (76%) Yu-Yu Wu; Hung-Jui Wang; Shang-Tse Chen http://arxiv.org/abs/2305.12100 Stability, Generalization and Privacy: Precise Analysis for Random and NTK Features. (8%) Simone Bombari; Marco Mondelli http://arxiv.org/abs/2305.12066 Multi-Task Models Adversarial Attacks. (98%) Lijun Zhang; Xiao Liu; Kaleel Mahmood; Caiwen Ding; Hui Guan http://arxiv.org/abs/2305.11618 DAP: A Dynamic Adversarial Patch for Evading Person Detectors. (92%) Amira Guesmi; Ruitian Ding; Muhammad Abdullah Hanif; Ihsen Alouani; Muhammad Shafique http://arxiv.org/abs/2305.11624 Efficient ConvBN Blocks for Transfer Learning and Beyond. (67%) Kaichao You; Guo Qin; Anchang Bao; Meng Cao; Ping Huang; Jiulong Shan; Mingsheng Long http://arxiv.org/abs/2305.11596 Mitigating Backdoor Poisoning Attacks through the Lens of Spurious Correlation. (8%) Xuanli He; Qiongkai Xu; Jun Wang; Benjamin Rubinstein; Trevor Cohn http://arxiv.org/abs/2305.11733 Long-tailed Visual Recognition via Gaussian Clouded Logit Adjustment. (5%) Mengke Li; Yiu-ming Cheung; Yang Lu http://arxiv.org/abs/2305.12082 SneakyPrompt: Evaluating Robustness of Text-to-image Generative Models' Safety Filters. (4%) Yuchen Yang; Bo Hui; Haolin Yuan; Neil Gong; Yinzhi Cao http://arxiv.org/abs/2305.11602 Latent Imitator: Generating Natural Individual Discriminatory Instances for Black-Box Fairness Testing. (2%) Yisong Xiao; Aishan Liu; Tianlin Li; Xianglong Liu http://arxiv.org/abs/2305.11759 Controlling the Extraction of Memorized Data from Large Language Models via Prompt-Tuning. (1%) Mustafa Safa Ozdayi; Charith Peris; Jack FitzGerald; Christophe Dupuy; Jimit Majmudar; Haidar Khan; Rahil Parikh; Rahul Gupta http://arxiv.org/abs/2305.11039 Deep PackGen: A Deep Reinforcement Learning Framework for Adversarial Network Packet Generation. (99%) Soumyadeep Hore; Jalal Ghadermazi; Diwas Paudel; Ankit Shah; Tapas K. Das; Nathaniel D. Bastian http://arxiv.org/abs/2305.10766 Adversarial Amendment is the Only Force Capable of Transforming an Enemy into a Friend. (99%) Chong Yu; Tao Chen; Zhongxue Gan http://arxiv.org/abs/2305.10929 Architecture-agnostic Iterative Black-box Certified Defense against Adversarial Patches. (99%) Di Yang; Yihao Huang; Qing Guo; Felix Juefei-Xu; Ming Hu; Yang Liu; Geguang Pu http://arxiv.org/abs/2305.10856 Towards an Accurate and Secure Detector against Adversarial Perturbations. (99%) Chao Wang; Shuren Qi; Zhiqiu Huang; Yushu Zhang; Xiaochun Cao http://arxiv.org/abs/2305.11347 Quantifying the robustness of deep multispectral segmentation models against natural perturbations and data poisoning. (99%) Elise Bishoff; Charles Godfrey; Myles McKay; Eleanor Byler http://arxiv.org/abs/2305.10862 How Deep Learning Sees the World: A Survey on Adversarial Attacks & Defenses. (98%) Joana C. Costa; Tiago Roxo; Hugo Proença; Pedro R. M. Inácio http://arxiv.org/abs/2305.10906 RobustFair: Adversarial Evaluation through Fairness Confusion Directed Gradient Search. (93%) Xuran Li; Peng Wu; Kaixiang Dong; Zhen Zhang http://arxiv.org/abs/2305.11132 Attacks on Online Learners: a Teacher-Student Analysis. (54%) Riccardo Giuseppe Margiotta; Sebastian Goldt; Guido Sanguinetti http://arxiv.org/abs/2305.11275 Explaining V1 Properties with a Biologically Constrained Deep Learning Architecture. (47%) Galen Pogoncheff; Jacob Granley; Michael Beyeler http://arxiv.org/abs/2305.10701 Zero-Day Backdoor Attack against Text-to-Image Diffusion Models via Personalization. (2%) Yihao Huang; Qing Guo; Felix Juefei-Xu http://arxiv.org/abs/2305.10847 Large Language Models can be Guided to Evade AI-Generated Text Detection. (1%) Ning Lu; Shengcai Liu; Rui He; Ke Tang http://arxiv.org/abs/2305.10691 Re-thinking Data Availablity Attacks Against Deep Neural Networks. (1%) Bin Fang; Bo Li; Shuang Wu; Ran Yi; Shouhong Ding; Lizhuang Ma http://arxiv.org/abs/2305.11229 TrustSER: On the Trustworthiness of Fine-tuning Pre-trained Speech Embeddings For Speech Emotion Recognition. (1%) Tiantian Feng; Rajat Hebbar; Shrikanth Narayanan http://arxiv.org/abs/2305.10665 Content-based Unrestricted Adversarial Attack. (99%) Zhaoyu Chen; Bo Li; Shuang Wu; Kaixun Jiang; Shouhong Ding; Wenqiang Zhang http://arxiv.org/abs/2305.10388 Raising the Bar for Certified Adversarial Robustness with Diffusion Models. (95%) Thomas Altstidl; David Dobre; Björn Eskofier; Gauthier Gidel; Leo Schwinn http://arxiv.org/abs/2305.09956 The Adversarial Consistency of Surrogate Risks for Binary Classification. (10%) Natalie Frank; Jonathan Niles-Weed http://arxiv.org/abs/2305.10406 Variational Classification. (1%) Shehzaad Dhuliawala; Mrinmaya Sachan; Carl Allen http://arxiv.org/abs/2305.11186 Compress, Then Prompt: Improving Accuracy-Efficiency Trade-off of LLM Inference with Transferable Prompt. (1%) Zhaozhuo Xu; Zirui Liu; Beidi Chen; Yuxin Tang; Jue Wang; Kaixiong Zhou; Xia Hu; Anshumali Shrivastava http://arxiv.org/abs/2305.10403 PaLM 2 Technical Report. (1%) Rohan Anil; Andrew M. Dai; Orhan Firat; Melvin Johnson; Dmitry Lepikhin; Alexandre Passos; Siamak Shakeri; Emanuel Taropa; Paige Bailey; Zhifeng Chen; Eric Chu; Jonathan H. Clark; Laurent El Shafey; Yanping Huang; Kathy Meier-Hellstern; Gaurav Mishra; Erica Moreira; Mark Omernick; Kevin Robinson; Sebastian Ruder; Yi Tay; Kefan Xiao; Yuanzhong Xu; Yujing Zhang; Gustavo Hernandez Abrego; Junwhan Ahn; Jacob Austin; Paul Barham; Jan Botha; James Bradbury; Siddhartha Brahma; Kevin Brooks; Michele Catasta; Yong Cheng; Colin Cherry; Christopher A. Choquette-Choo; Aakanksha Chowdhery; Clément Crepy; Shachi Dave; Mostafa Dehghani; Sunipa Dev; Jacob Devlin; Mark Díaz; Nan Du; Ethan Dyer; Vlad Feinberg; Fangxiaoyu Feng; Vlad Fienber; Markus Freitag; Xavier Garcia; Sebastian Gehrmann; Lucas Gonzalez; Guy Gur-Ari; Steven Hand; Hadi Hashemi; Le Hou; Joshua Howland; Andrea Hu; Jeffrey Hui; Jeremy Hurwitz; Michael Isard; Abe Ittycheriah; Matthew Jagielski; Wenhao Jia; Kathleen Kenealy; Maxim Krikun; Sneha Kudugunta; Chang Lan; Katherine Lee; Benjamin Lee; Eric Li; Music Li; Wei Li; YaGuang Li; Jian Li; Hyeontaek Lim; Hanzhao Lin; Zhongtao Liu; Frederick Liu; Marcello Maggioni; Aroma Mahendru; Joshua Maynez; Vedant Misra; Maysam Moussalem; Zachary Nado; John Nham; Eric Ni; Andrew Nystrom; Alicia Parrish; Marie Pellat; Martin Polacek; Alex Polozov; Reiner Pope; Siyuan Qiao; Emily Reif; Bryan Richter; Parker Riley; Alex Castro Ros; Aurko Roy; Brennan Saeta; Rajkumar Samuel; Renee Shelby; Ambrose Slone; Daniel Smilkov; David R. So; Daniel Sohn; Simon Tokumine; Dasha Valter; Vijay Vasudevan; Kiran Vodrahalli; Xuezhi Wang; Pidong Wang; Zirui Wang; Tao Wang; John Wieting; Yuhuai Wu; Kelvin Xu; Yunhan Xu; Linting Xue; Pengcheng Yin; Jiahui Yu; Qiao Zhang; Steven Zheng; Ce Zheng; Weikang Zhou; Denny Zhou; Slav Petrov; Yonghui Wu http://arxiv.org/abs/2305.13208 Iterative Adversarial Attack on Image-guided Story Ending Generation. (99%) Youze Wang; Wenbo Hu; Richang Hong http://arxiv.org/abs/2305.09305 Releasing Inequality Phenomena in $L_{\infty}$-Adversarial Training via Input Gradient Distillation. (98%) Junxi Chen; Junhao Dong; Xiaohua Xie http://arxiv.org/abs/2305.09179 Ortho-ODE: Enhancing Robustness and of Neural ODEs against Adversarial Attacks. (54%) Vishal Purohit http://arxiv.org/abs/2305.09241 Unlearnable Examples Give a False Sense of Security: Piercing through Unexploitable Data with Learnable Examples. (50%) Wan Jiang; Yunfeng Diao; He Wang; Jianxin Sun; Meng Wang; Richang Hong http://arxiv.org/abs/2305.08840 Attacking Perceptual Similarity Metrics. (99%) Abhijay Ghildyal; Feng Liu http://arxiv.org/abs/2305.08439 Exploiting Frequency Spectrum of Adversarial Images for General Robustness. (96%) Chun Yang Tan; Kazuhiko Kawamoto; Hiroshi Kera http://arxiv.org/abs/2305.08960 Training Neural Networks without Backpropagation: A Deeper Dive into the Likelihood Ratio Method. (4%) Jinyang Jiang; Zeliang Zhang; Chenliang Xu; Zhaofei Yu; Yijie Peng http://arxiv.org/abs/2305.10235 Assessing Hidden Risks of LLMs: An Empirical Study on Robustness, Consistency, and Credibility. (1%) Wentao Ye; Mingfeng Ou; Tianyi Li; Yipeng chen; Xuetao Ma; Yifan Yanggong; Sai Wu; Jie Fu; Gang Chen; Haobo Wang; Junbo Zhao http://arxiv.org/abs/2305.08192 Diffusion Models for Imperceptible and Transferable Adversarial Attack. (99%) Jianqi Chen; Hao Chen; Keyan Chen; Yilan Zhang; Zhengxia Zou; Zhenwei Shi http://arxiv.org/abs/2305.08076 Improving Defensive Distillation using Teacher Assistant. (96%) Maniratnam Mandal; Suna Gao http://arxiv.org/abs/2305.08183 Manipulating Visually-aware Federated Recommender Systems and Its Countermeasures. (82%) Wei Yuan; Shilong Yuan; Chaoqun Yang; Quoc Viet Hung Nguyen; Hongzhi Yin http://arxiv.org/abs/2305.08883 Watermarking Text Generated by Black-Box Language Models. (9%) Xi Yang; Kejiang Chen; Weiming Zhang; Chang Liu; Yuang Qi; Jie Zhang; Han Fang; Nenghai Yu http://arxiv.org/abs/2305.08034 DNN-Defender: An in-DRAM Deep Neural Network Defense Mechanism for Adversarial Weight Attack. (86%) Ranyang Zhou; Sabbir Ahmed; Adnan Siraj Rakin; Shaahin Angizi http://arxiv.org/abs/2305.08031 On enhancing the robustness of Vision Transformers: Defensive Diffusion. (76%) Raza Imam; Muhammad Huzaifa; Mohammed El-Amine Azz http://arxiv.org/abs/2305.09684 Decision-based iterative fragile watermarking for model integrity verification. (50%) Zhaoxia Yin; Heng Yin; Hang Su; Xinpeng Zhang; Zhenzhe Gao http://arxiv.org/abs/2305.07308 Efficient Search of Comprehensively Robust Neural Architectures via Multi-fidelity Evaluation. (73%) Jialiang Sun; Wen Yao; Tingsong Jiang; Xiaoqian Chen http://arxiv.org/abs/2305.09679 Adversarial Security and Differential Privacy in mmWave Beam Prediction in 6G networks. (68%) Ghanta Sai Krishna; Kundrapu Supriya; Sanskar Singh; Sabur Baidya http://arxiv.org/abs/2305.07687 Mastering Percolation-like Games with Deep Learning. (1%) Michael M. Danziger; Omkar R. Gojala; Sean P. Cornelius http://arxiv.org/abs/2305.06716 Distracting Downpour: Adversarial Weather Attacks for Motion Estimation. (74%) Jenny Schmalfuss; Lukas Mehl; Andrés Bruhn http://arxiv.org/abs/2306.06209 Backdoor Attack with Sparse and Invisible Trigger. (68%) Yinghua Gao; Yiming Li; Xueluan Gong; Shu-Tao Xia; Qian Wang http://arxiv.org/abs/2305.06947 Watch This Space: Securing Satellite Communication through Resilient Transmitter Fingerprinting. (1%) Joshua Smailes; Sebastian Kohler; Simon Birnbach; Martin Strohmeier; Ivan Martinovic http://arxiv.org/abs/2305.05896 A Black-Box Attack on Code Models via Representation Nearest Neighbor Search. (99%) Jie Zhang; Wei Ma; Qiang Hu; Shangqing Liu; Xiaofei Xie; Yves Le Traon; Yang Liu http://arxiv.org/abs/2305.06540 Inter-frame Accelerate Attack against Video Interpolation Models. (99%) Junpei Liao; Zhikai Chen; Liang Yi; Wenyuan Yang; Baoyuan Wu; Xiaochun Cao http://arxiv.org/abs/2305.06522 Randomized Smoothing with Masked Inference for Adversarially Robust Text Classifications. (98%) Han Cheol Moon; Shafiq Joty; Ruochen Zhao; Megh Thakkar; Xu Chi http://arxiv.org/abs/2305.09677 Stealthy Low-frequency Backdoor Attack against Deep Neural Networks. (80%) Xinrui Liu; Yu-an Tan; Yajie Wang; Kefan Qiu; Yuanzhang Li http://arxiv.org/abs/2305.10596 Towards Invisible Backdoor Attacks in the Frequency Domain against Deep Neural Networks. (75%) Xinrui Liu; Yajie Wang; Yu-an Tan; Kefan Qiu; Yuanzhang Li http://arxiv.org/abs/2305.06024 The Robustness of Computer Vision Models against Common Corruptions: a Survey. (50%) Shunxin Wang; Raymond Veldhuis; Nicola Strisciuglio http://arxiv.org/abs/2305.06422 An Empirical Study on the Robustness of the Segment Anything Model (SAM). (22%) Yuqing Wang; Yun Zhao; Linda Petzold http://arxiv.org/abs/2305.05909 Robust multi-agent coordination via evolutionary generation of auxiliary adversarial attackers. (12%) Lei Yuan; Zi-Qian Zhang; Ke Xue; Hao Yin; Feng Chen; Cong Guan; Li-He Li; Chao Qian; Yang Yu http://arxiv.org/abs/2305.05875 Quantization Aware Attack: Enhancing the Transferability of Adversarial Attacks across Target Models with Different Quantization Bitwidths. (99%) Yulong Yang; Chenhao Lin; Qian Li; Chao Shen; Dawei Zhou; Nannan Wang; Tongliang Liu http://arxiv.org/abs/2305.05253 Attack Named Entity Recognition by Entity Boundary Interference. (98%) Yifei Yang; Hongqiu Wu; Hai Zhao http://arxiv.org/abs/2305.05736 VSMask: Defending Against Voice Synthesis Attack via Real-Time Predictive Perturbation. (96%) Yuanda Wang; Hanqing Guo; Guangjing Wang; Bocheng Chen; Qiben Yan http://arxiv.org/abs/2305.05400 Investigating the Corruption Robustness of Image Classifiers with Random Lp-norm Corruptions. (75%) Georg Siedel; Weijia Shao; Silvia Vock; Andrey Morozov http://arxiv.org/abs/2305.05392 On the Relation between Sharpness-Aware Minimization and Adversarial Robustness. (56%) Zeming Wei; Jingyu Zhu; Yihao Zhang http://arxiv.org/abs/2305.05499 Effects of Real-Life Traffic Sign Alteration on YOLOv7- an Object Recognition Model. (13%) Farhin Farhad Riya; Shahinul Hoque; Md Saif Hassan Onim; Edward Michaud; Edmon Begoli; Jinyuan Stella Sun http://arxiv.org/abs/2305.05355 Turning Privacy-preserving Mechanisms against Federated Learning. (9%) Marco Arazzi; Mauro Conti; Antonino Nocera; Stjepan Picek http://arxiv.org/abs/2305.05503 BadCS: A Backdoor Attack Framework for Code search. (8%) Shiyi Qi; Yuanhang Yang; Shuzhzeng Gao; Cuiyun Gao; Zenglin Xu http://arxiv.org/abs/2305.09674 Quantum Machine Learning for Malware Classification. (1%) Grégoire Barrué; Tony Quertier http://arxiv.org/abs/2305.04557 Toward Adversarial Training on Contextualized Language Representation. (93%) Hongqiu Wu; Yongxiang Liu; Hanwen Shi; Hai Zhao; Min Zhang http://arxiv.org/abs/2305.04746 Understanding Noise-Augmented Training for Randomized Smoothing. (64%) Ambar Pal; Jeremias Sulam http://arxiv.org/abs/2305.04574 TAPS: Connecting Certified and Adversarial Training. (41%) Yuhao Mao; Mark Niklas Müller; Marc Fischer; Martin Vechev http://arxiv.org/abs/2305.05391 Privacy-preserving Adversarial Facial Features. (22%) Zhibo Wang; He Wang; Shuaifan Jin; Wenwen Zhang; Jiahui Hu; Yan Wang; Peng Sun; Wei Yuan; Kaixin Liu; Kui Ren http://arxiv.org/abs/2305.05116 Communication-Robust Multi-Agent Learning by Adaptable Auxiliary Multi-Agent Adversary Generation. (1%) Lei Yuan; Feng Chen; Zhongzhang Zhang; Yang Yu http://arxiv.org/abs/2305.04436 Adversarial Examples Detection with Enhanced Image Difference Features based on Local Histogram Equalization. (99%) Zhaoxia Yin; Shaowei Zhu; Hang Su; Jianteng Peng; Wanli Lyu; Bin Luo http://arxiv.org/abs/2305.09671 Pick your Poison: Undetectability versus Robustness in Data Poisoning Attacks against Deep Image Classification. (93%) Nils Lukas; Florian Kerschbaum http://arxiv.org/abs/2305.04067 The Best Defense is Attack: Repairing Semantics in Textual Adversarial Examples. (99%) Heng Yang; Ke Li http://arxiv.org/abs/2305.03963 Beyond the Model: Data Pre-processing Attack to Deep Learning Models in Android Apps. (92%) Ye Sang; Yujin Huang; Shuo Huang; Helei Cui http://arxiv.org/abs/2305.03980 Towards Prompt-robust Face Privacy Protection via Adversarial Decoupling Augmentation Framework. (38%) Ruijia Wu; Yuhang Wang; Huafeng Shi; Zhipeng Yu; Yichao Wu; Ding Liang http://arxiv.org/abs/2305.04175 Text-to-Image Diffusion Models can be Easily Backdoored through Multimodal Data Poisoning. (2%) Shengfang Zhai; Yinpeng Dong; Qingni Shen; Shi Pu; Yuejian Fang; Hang Su http://arxiv.org/abs/2305.03655 White-Box Multi-Objective Adversarial Attack on Dialogue Generation. (99%) Yufei Li; Zexin Li; Yingfan Gao; Cong Liu http://arxiv.org/abs/2305.03807 Evading Watermark based Detection of AI-Generated Content. (87%) Zhengyuan Jiang; Jinghuai Zhang; Neil Zhenqiang Gong http://arxiv.org/abs/2305.03626 Verifiable Learning for Robust Tree Ensembles. (15%) Stefano Calzavara; Lorenzo Cazzaro; Giulio Ermanno Pibiri; Nicola Prezza http://arxiv.org/abs/2305.03365 Repairing Deep Neural Networks Based on Behavior Imitation. (4%) Zhen Liang; Taoran Wu; Changyuan Zhao; Wanwei Liu; Bai Xue; Wenjing Yang; Ji Wang http://arxiv.org/abs/2305.02559 Madvex: Instrumentation-based Adversarial Attacks on Machine Learning Malware Detection. (99%) Nils Loose; Felix Mächtle; Claudius Pott; Volodymyr Bezsmertnyi; Thomas Eisenbarth http://arxiv.org/abs/2305.02605 IMAP: Intrinsically Motivated Adversarial Policy. (99%) Xiang Zheng; Xingjun Ma; Shengjie Wang; Xinyu Wang; Chao Shen; Cong Wang http://arxiv.org/abs/2305.02901 Single Node Injection Label Specificity Attack on Graph Neural Networks via Reinforcement Learning. (78%) Dayuan Chen; Jian Zhang; Yuqian Lv; Jinhuan Wang; Hongjie Ni; Shanqing Yu; Zhen Wang; Qi Xuan http://arxiv.org/abs/2305.02855 Faulting original McEliece's implementations is possible: How to mitigate this risk? (2%) Vincent Giraud; Guillaume Bouffard http://arxiv.org/abs/2305.03173 New Adversarial Image Detection Based on Sentiment Analysis. (99%) Yulong Wang; Tianxiang Li; Shenghong Li; Xin Yuan; Wei Ni http://arxiv.org/abs/2305.02022 LearnDefend: Learning to Defend against Targeted Model-Poisoning Attacks on Federated Learning. (84%) Kiran Purohit; Soumi Das; Sourangshu Bhattacharya; Santu Rana http://arxiv.org/abs/2305.02394 Defending against Insertion-based Textual Backdoor Attacks via Attribution. (61%) Jiazhao Li; Zhuofeng Wu; Wei Ping; Chaowei Xiao; V. G. Vinod Vydiswaran http://arxiv.org/abs/2305.02383 On the Security Risks of Knowledge Graph Reasoning. (26%) Zhaohan Xi; Tianyu Du; Changjiang Li; Ren Pang; Shouling Ji; Xiapu Luo; Xusheng Xiao; Fenglong Ma; Ting Wang http://arxiv.org/abs/2305.02424 Backdoor Learning on Sequence to Sequence Models. (5%) Lichang Chen; Minhao Cheng; Heng Huang http://arxiv.org/abs/2305.02190 Rethinking Graph Lottery Tickets: Graph Sparsity Matters. (2%) Bo Hui; Da Yan; Xiaolong Ma; Wei-Shinn Ku http://arxiv.org/abs/2305.02423 PTP: Boosting Stability and Performance of Prompt Tuning with Perturbation-Based Regularizer. (1%) Lichang Chen; Heng Huang; Minhao Cheng http://arxiv.org/abs/2305.01361 Boosting Adversarial Transferability via Fusing Logits of Top-1 Decomposed Feature. (99%) Juanjuan Weng; Zhiming Luo; Dazhen Lin; Shaozi Li; Zhun Zhong http://arxiv.org/abs/2305.01267 DABS: Data-Agnostic Backdoor attack at the Server in Federated Learning. (73%) Wenqiang Sun; Sen Li; Yuchang Sun; Jun Zhang http://arxiv.org/abs/2305.01860 Towards Imperceptible Document Manipulations against Neural Ranking Models. (67%) Xuanang Chen; Ben He; Zheng Ye; Le Sun; Yingfei Sun http://arxiv.org/abs/2305.01437 Sentiment Perception Adversarial Attacks on Neural Machine Translation Systems. (50%) Vyas Raina; Mark Gales http://arxiv.org/abs/2305.01219 Prompt as Triggers for Backdoor Attack: Examining the Vulnerability in Language Models. (8%) Shuai Zhao; Jinming Wen; Luu Anh Tuan; Junbo Zhao; Jie Fu http://arxiv.org/abs/2305.00866 Attack-SAM: Towards Evaluating Adversarial Robustness of Segment Anything Model. (99%) Chenshuang Zhang; Chaoning Zhang; Taegoo Kang; Donghun Kim; Sung-Ho Bae; In So Kweon http://arxiv.org/abs/2305.01074 Physical Adversarial Attacks for Surveillance: A Survey. (98%) Kien Nguyen; Tharindu Fernando; Clinton Fookes; Sridha Sridharan http://arxiv.org/abs/2305.00851 Revisiting Robustness in Graph Machine Learning. (98%) Lukas Gosch; Daniel Sturm; Simon Geisler; Stephan Günnemann http://arxiv.org/abs/2305.01139 Stratified Adversarial Robustness with Rejection. (96%) Jiefeng Chen; Jayaram Raghuram; Jihye Choi; Xi Wu; Yingyu Liang; Somesh Jha http://arxiv.org/abs/2305.00944 Poisoning Language Models During Instruction Tuning. (2%) Alexander Wan; Eric Wallace; Sheng Shen; Dan Klein http://arxiv.org/abs/2305.00399 Assessing Vulnerabilities of Adversarial Learning Algorithm through Poisoning Attacks. (98%) Jingfeng Zhang; Bo Song; Bo Han; Lei Liu; Gang Niu; Masashi Sugiyama http://arxiv.org/abs/2305.00328 FedGrad: Mitigating Backdoor Attacks in Federated Learning Through Local Ultimate Gradients Inspection. (81%) Thuy Dung Nguyen; Anh Duy Nguyen; Kok-Seng Wong; Huy Hieu Pham; Thanh Hung Nguyen; Phi Le Nguyen; Truong Thao Nguyen http://arxiv.org/abs/2305.00374 Enhancing Adversarial Contrastive Learning via Adversarial Invariant Regularization. (33%) Xilie Xu; Jingfeng Zhang; Feng Liu; Masashi Sugiyama; Mohan Kankanhalli http://arxiv.org/abs/2305.00011 Adversarial Representation Learning for Robust Privacy Preservation in Audio. (1%) Shayan Gharib; Minh Tran; Diep Luong; Konstantinos Drossos; Tuomas Virtanen http://arxiv.org/abs/2304.14867 Topic-oriented Adversarial Attacks against Black-box Neural Ranking Models. (99%) Yu-An Liu; Ruqing Zhang; Jiafeng Guo; Rijke Maarten de; Wei Chen; Yixing Fan; Xueqi Cheng http://arxiv.org/abs/2305.00075 On the existence of solutions to adversarial training in multiclass classification. (75%) Nicolas Garcia Trillos; Matt Jacobs; Jakwang Kim http://arxiv.org/abs/2304.14888 The Power of Typed Affine Decision Structures: A Case Study. (3%) Gerrit Nolte; Maximilian Schlüter; Alnis Murtovi; Bernhard Steffen http://arxiv.org/abs/2304.14717 faulTPM: Exposing AMD fTPMs' Deepest Secrets. (3%) Hans Niklas Jacob; Christian Werling; Robert Buhren; Jean-Pierre Seifert http://arxiv.org/abs/2304.14674 SAM Meets Robotic Surgery: An Empirical Study in Robustness Perspective. (1%) An Wang; Mobarakol Islam; Mengya Xu; Yang Zhang; Hongliang Ren http://arxiv.org/abs/2304.14483 Adversary Aware Continual Learning. (80%) Muhammad Umer; Robi Polikar http://arxiv.org/abs/2304.14614 Fusion is Not Enough: Single-Modal Attacks to Compromise Fusion Models in Autonomous Driving. (75%) Zhiyuan Cheng; Hongjun Choi; James Liang; Shiwei Feng; Guanhong Tao; Dongfang Liu; Michael Zuzak; Xiangyu Zhang http://arxiv.org/abs/2304.14031 Boosting Big Brother: Attacking Search Engines with Encodings. (68%) Nicholas Boucher; Luca Pajola; Ilia Shumailov; Ross Anderson; Mauro Conti http://arxiv.org/abs/2304.14475 ChatGPT as an Attack Tool: Stealthy Textual Backdoor Attack via Blackbox Generative Model Trigger. (62%) Jiazhao Li; Yijin Yang; Zhuofeng Wu; V. G. Vinod Vydiswaran; Chaowei Xiao http://arxiv.org/abs/2304.14601 Improve Video Representation with Temporal Adversarial Augmentation. (26%) Jinhao Duan; Quanfu Fan; Hao Cheng; Xiaoshuang Shi; Kaidi Xu http://arxiv.org/abs/2304.14072 Origin Tracing and Detecting of LLMs. (1%) Linyang Li; Pengyu Wang; Ke Ren; Tianxiang Sun; Xipeng Qiu http://arxiv.org/abs/2304.14613 Deep Intellectual Property Protection: A Survey. (1%) Yuchen Sun; Tianpeng Liu; Panhe Hu; Qing Liao; Shaojing Fu; Nenghai Yu; Deke Guo; Yongxiang Liu; Li Liu http://arxiv.org/abs/2304.14540 Interactive Greybox Penetration Testing for Cloud Access Control using IAM Modeling and Deep Reinforcement Learning. (1%) Yang Hu; Wenxi Wang; Sarfraz Khurshid; Mohit Tiwari http://arxiv.org/abs/2304.13410 Improving Adversarial Transferability via Intermediate-level Perturbation Decay. (98%) Qizhang Li; Yiwen Guo; Wangmeng Zuo; Hao Chen http://arxiv.org/abs/2304.13919 Detection of Adversarial Physical Attacks in Time-Series Image Data. (92%) Ramneet Kaur; Yiannis Kantaros; Wenwen Si; James Weimer; Insup Lee http://arxiv.org/abs/2304.13360 Blockchain-based Federated Learning with SMPC Model Verification Against Poisoning Attack for Healthcare Systems. (13%) Aditya Pribadi Kalapaaking; Ibrahim Khalil; Xun Yi http://arxiv.org/abs/2304.12829 Improving Robustness Against Adversarial Attacks with Deeply Quantized Neural Networks. (99%) Ferheen Ayaz; Idris Zakariyya; José Cano; Sye Loong Keoh; Jeremy Singer; Danilo Pau; Mounia Kharbouche-Harrari http://arxiv.org/abs/2304.13229 Generating Adversarial Examples with Task Oriented Multi-Objective Optimization. (99%) Anh Bui; Trung Le; He Zhao; Quan Tran; Paul Montague; Dinh Phung http://arxiv.org/abs/2304.13255 SHIELD: Thwarting Code Authorship Attribution. (98%) Mohammed Abuhamad; Changhun Jung; David Mohaisen; DaeHun Nyang http://arxiv.org/abs/2304.12707 Lyapunov-Stable Deep Equilibrium Models. (82%) Haoyu Chu; Shikui Wei; Ting Liu; Yao Zhao; Yuto Miyatake http://arxiv.org/abs/2304.13104 LSTM-based Load Forecasting Robustness Against Noise Injection Attack in Microgrid. (1%) Amirhossein Nazeri; Pierluigi Pisu http://arxiv.org/abs/2304.12486 Evaluating Adversarial Robustness on Document Image Classification. (99%) Timothée Fronteau; Arnaud Paran; Aymen Shabou http://arxiv.org/abs/2304.12550 Combining Adversaries with Anti-adversaries in Training. (64%) Xiaoling Zhou; Nan Yang; Ou Wu http://arxiv.org/abs/2304.11823 Enhancing Fine-Tuning Based Backdoor Defense with Sharpness-Aware Minimization. (41%) Mingli Zhu; Shaokui Wei; Li Shen; Yanbo Fan; Baoyuan Wu http://arxiv.org/abs/2304.12540 Opinion Control under Adversarial Network Perturbation: A Stackelberg Game Approach. (10%) Yuejiang Li; Zhanjiang Chen; H. Vicky Zhao http://arxiv.org/abs/2304.11834 Robust Tickets Can Transfer Better: Drawing More Transferable Subnetworks in Transfer Learning. (1%) Yonggan Fu; Ye Yuan; Shang Wu; Jiayi Yuan; Yingyan Lin http://arxiv.org/abs/2304.11579 StyLess: Boosting the Transferability of Adversarial Examples. (99%) Kaisheng Liang; Bin Xiao http://arxiv.org/abs/2304.11670 Evading DeepFake Detectors via Adversarial Statistical Consistency. (98%) Yang Hou; Qing Guo; Yihao Huang; Xiaofei Xie; Lei Ma; Jianjun Zhao http://arxiv.org/abs/2304.11359 Detecting Adversarial Faces Using Only Real Face Self-Perturbations. (98%) Qian Wang; Yongqin Xian; Hefei Ling; Jinyuan Zhang; Xiaorui Lin; Ping Li; Jiazhong Chen; Ning Yu http://arxiv.org/abs/2304.11432 Universal Adversarial Backdoor Attacks to Fool Vertical Federated Learning in Cloud-Edge Collaboration. (70%) Peng Chen; Xin Du; Zhihui Lu; Hongfeng Chai http://arxiv.org/abs/2304.10985 Launching a Robust Backdoor Attack under Capability Constrained Scenarios. (92%) Ming Yi; Yixiao Xu; Kangyi Ding; Mingyong Yin; Xiaolei Liu http://arxiv.org/abs/2304.10828 Individual Fairness in Bayesian Neural Networks. (69%) Alice Doherty; Matthew Wicker; Luca Laurenti; Andrea Patane http://arxiv.org/abs/2304.10783 Denial-of-Service or Fine-Grained Control: Towards Flexible Model Poisoning Attacks on Federated Learning. (64%) Hangtao Zhang; Zeming Yao; Leo Yu Zhang; Shengshan Hu; Chao Chen; Alan Liew; Zhetao Li http://arxiv.org/abs/2304.10755 Interpretable and Robust AI in EEG Systems: A Survey. (12%) Xinliang Zhou; Chenyu Liu; Liming Zhai; Ziyu Jia; Cuntai Guan; Yang Liu http://arxiv.org/abs/2304.11300 MAWSEO: Adversarial Wiki Search Poisoning for Illicit Online Promotion. (2%) Zilong Lin; Zhengyi Li; Xiaojing Liao; XiaoFeng Wang; Xiaozhong Liu http://arxiv.org/abs/2304.10088 Towards the Universal Defense for Query-Based Audio Adversarial Attacks. (99%) Feng Guo; Zheng Sun; Yuxuan Chen; Lei Ju http://arxiv.org/abs/2304.10136 Diversifying the High-level Features for better Adversarial Transferability. (99%) Zhiyuan Wang; Zeliang Zhang; Siyuan Liang; Xiaosen Wang http://arxiv.org/abs/2304.10558 Using Z3 for Formal Modeling and Verification of FNN Global Robustness. (98%) Yihao Zhang; Zeming Wei; Xiyue Zhang; Meng Sun http://arxiv.org/abs/2304.10446 Certified Adversarial Robustness Within Multiple Perturbation Bounds. (96%) Soumalya Nandi; Sravanti Addepalli; Harsh Rangwani; R. Venkatesh Babu http://arxiv.org/abs/2304.11043 Can Perturbations Help Reduce Investment Risks? Risk-Aware Stock Recommendation via Split Variational Adversarial Training. (93%) Jiezhu Cheng; Kaizhu Huang; Zibin Zheng http://arxiv.org/abs/2304.10712 Adversarial Infrared Blocks: A Black-box Attack to Thermal Infrared Detectors at Multiple Angles in Physical World. (89%) Chengyin Hu; Weiwen Shi; Tingsong Jiang; Wen Yao; Ling Tian; Xiaoqian Chen http://arxiv.org/abs/2304.10218 An Analysis of the Completion Time of the BB84 Protocol. (22%) Sounak Kar; Jean-Yves Le Boudec http://arxiv.org/abs/2304.10679 A Plug-and-Play Defensive Perturbation for Copyright Protection of DNN-based Applications. (13%) Donghua Wang; Wen Yao; Tingsong Jiang; Weien Zhou; Lang Lin; Xiaoqian Chen http://arxiv.org/abs/2304.10622 Enhancing object detection robustness: A synthetic and natural perturbation approach. (12%) Nilantha Premakumara; Brian Jalaian; Niranjan Suri; Hooman Samani http://arxiv.org/abs/2304.10727 RoCOCO: Robustness Benchmark of MS-COCO to Stress-test Image-Text Matching Models. (8%) Seulki Park; Daeho Um; Hajung Yoon; Sanghyuk Chun; Sangdoo Yun; Jin Young Choi http://arxiv.org/abs/2304.10638 Get Rid Of Your Trail: Remotely Erasing Backdoors in Federated Learning. (2%) Manaar Alam; Hithem Lamri; Michail Maniatakos http://arxiv.org/abs/2304.10127 Learning Sample Difficulty from Pre-trained Models for Reliable Prediction. (1%) Peng Cui; Dan Zhang; Zhijie Deng; Yinpeng Dong; Jun Zhu http://arxiv.org/abs/2304.10029 Jedi: Entropy-based Localization and Removal of Adversarial Patches. (84%) Bilel Tarchoun; Anouar Ben Khalifa; Mohamed Ali Mahjoub; Nael Abu-Ghazaleh; Ihsen Alouani http://arxiv.org/abs/2304.09875 GREAT Score: Global Robustness Evaluation of Adversarial Perturbation using Generative Models. (81%) Zaitang Li; Pin-Yu Chen; Tsung-Yi Ho http://arxiv.org/abs/2304.09515 Secure Split Learning against Property Inference, Data Reconstruction, and Feature Space Hijacking Attacks. (5%) Yunlong Mao; Zexi Xin; Zhenyu Li; Jue Hong; Qingyou Yang; Sheng Zhong http://arxiv.org/abs/2304.09446 Density-Insensitive Unsupervised Domain Adaption on 3D Object Detection. (1%) Qianjiang Hu; Daizong Liu; Wei Hu http://arxiv.org/abs/2304.09563 On the Robustness of Aspect-based Sentiment Analysis: Rethinking Model, Data, and Training. (1%) Hao Fei; Tat-Seng Chua; Chenliang Li; Donghong Ji; Meishan Zhang; Yafeng Ren http://arxiv.org/abs/2304.11082 Fundamental Limitations of Alignment in Large Language Models. (1%) Yotam Wolf; Noam Wies; Oshri Avnery; Yoav Levine; Amnon Shashua http://arxiv.org/abs/2304.09403 Wavelets Beat Monkeys at Adversarial Robustness. (99%) Jingtong Su; Julia Kempe http://arxiv.org/abs/2304.08811 Towards the Transferable Audio Adversarial Attack via Ensemble Methods. (99%) Feng Guo; Zheng Sun; Yuxuan Chen; Lei Ju http://arxiv.org/abs/2304.08767 Masked Language Model Based Textual Adversarial Example Detection. (99%) Xiaomei Zhang; Zhaoxi Zhang; Qi Zhong; Xufei Zheng; Yanjun Zhang; Shengshan Hu; Leo Yu Zhang http://arxiv.org/abs/2304.08979 In ChatGPT We Trust? Measuring and Characterizing the Reliability of ChatGPT. (80%) Xinyue Shen; Zeyuan Chen; Michael Backes; Yang Zhang http://arxiv.org/abs/2304.09218 Generative models improve fairness of medical classifiers under distribution shifts. (13%) Ira Ktena; Olivia Wiles; Isabela Albuquerque; Sylvestre-Alvise Rebuffi; Ryutaro Tanno; Abhijit Guha Roy; Shekoofeh Azizi; Danielle Belgrave; Pushmeet Kohli; Alan Karthikesalingam; Taylan Cemgil; Sven Gowal http://arxiv.org/abs/2304.08411 Evil from Within: Machine Learning Backdoors through Hardware Trojans. (15%) Alexander Warnecke; Julian Speith; Jan-Niklas Möller; Konrad Rieck; Christof Paar http://arxiv.org/abs/2304.08566 GrOVe: Ownership Verification of Graph Neural Networks using Embeddings. (13%) Asim Waheed; Vasisht Duddu; N. Asokan http://arxiv.org/abs/2304.10266 OOD-CV-v2: An extended Benchmark for Robustness to Out-of-Distribution Shifts of Individual Nuisances in Natural Images. (1%) Bingchen Zhao; Jiahao Wang; Wufei Ma; Artur Jesslen; Siwei Yang; Shaozuo Yu; Oliver Zendel; Christian Theobalt; Alan Yuille; Adam Kortylewski http://arxiv.org/abs/2304.07822 A Random-patch based Defense Strategy Against Physical Attacks for Face Recognition Systems. (98%) JiaHao Xie; Ye Luo; Jianwei Lu http://arxiv.org/abs/2304.07980 RNN-Guard: Certified Robustness Against Multi-frame Attacks for Recurrent Neural Networks. (96%) Yunruo Zhang; Tianyu Du; Shouling Ji; Peng Tang; Shanqing Guo http://arxiv.org/abs/2304.07744 JoB-VS: Joint Brain-Vessel Segmentation in TOF-MRA Images. (15%) Natalia Valderrama; Ioannis Pitsiorlas; Luisa Vargas; Pablo Arbeláez; Maria A. Zuluaga http://arxiv.org/abs/2304.06919 Interpretability is a Kind of Safety: An Interpreter-based Ensemble for Adversary Defense. (99%) Jingyuan Wang; Yufan Wu; Mingxuan Li; Xin Lin; Junjie Wu; Chao Li http://arxiv.org/abs/2304.07360 Combining Generators of Adversarial Malware Examples to Increase Evasion Rate. (99%) Matouš Kozák; Martin Jureček http://arxiv.org/abs/2304.07288 Cross-Entropy Loss Functions: Theoretical Analysis and Applications. (3%) Anqi Mao; Mehryar Mohri; Yutao Zhong http://arxiv.org/abs/2304.07134 Pool Inference Attacks on Local Differential Privacy: Quantifying the Privacy Guarantees of Apple's Count Mean Sketch in Practice. (2%) Andrea Gadotti; Florimond Houssiau; Meenatchi Sundaram Muthu Selva Annamalai; Montjoye Yves-Alexandre de http://arxiv.org/abs/2304.06908 Generating Adversarial Examples with Better Transferability via Masking Unimportant Parameters of Surrogate Model. (99%) Dingcheng Yang; Wenjian Yu; Zihao Xiao; Jiaqi Luo http://arxiv.org/abs/2304.06430 Certified Zeroth-order Black-Box Defense with Robust UNet Denoiser. (96%) Astha Verma; Siddhesh Bangar; A V Subramanyam; Naman Lal; Rajiv Ratn Shah; Shin'ichi Satoh http://arxiv.org/abs/2304.06607 False Claims against Model Ownership Resolution. (93%) Jian Liu; Rui Zhang; Sebastian Szyller; Kui Ren; N. Asokan http://arxiv.org/abs/2304.06575 Adversarial Examples from Dimensional Invariance. (45%) Benjamin L. Badger http://arxiv.org/abs/2304.06326 Understanding Overfitting in Adversarial Training in Kernel Regression. (1%) Teng Zhang; Kang Li http://arxiv.org/abs/2304.06672 LSFSL: Leveraging Shape Information in Few-shot Learning. (1%) Deepan Chakravarthi Padmanabhan; Shruthi Gowda; Elahe Arani; Bahram Zonooz http://arxiv.org/abs/2304.05644 Generative Adversarial Networks-Driven Cyber Threat Intelligence Detection Framework for Securing Internet of Things. (92%) Mohamed Amine Ferrag; Djallel Hamouda; Merouane Debbah; Leandros Maglaras; Abderrahmane Lakas http://arxiv.org/abs/2304.06017 Exploiting Logic Locking for a Neural Trojan Attack on Machine Learning Accelerators. (1%) Hongye Xu; Dongfang Liu; Cory Merkel; Michael Zuzak http://arxiv.org/abs/2304.05135 RecUP-FL: Reconciling Utility and Privacy in Federated Learning via User-configurable Privacy Defense. (99%) Yue Cui; Syed Irfan Ali Meerza; Zhuohang Li; Luyang Liu; Jiaxin Zhang; Jian Liu http://arxiv.org/abs/2304.05048 Simultaneous Adversarial Attacks On Multiple Face Recognition System Components. (98%) Inderjeet Singh; Kazuya Kakizaki; Toshinori Araki http://arxiv.org/abs/2304.05402 Boosting Cross-task Transferability of Adversarial Patches with Visual Relations. (98%) Tony Ma; Songze Li; Yisong Xiao; Shunchang Liu http://arxiv.org/abs/2304.05098 Benchmarking the Physical-world Adversarial Robustness of Vehicle Detection. (92%) Tianyuan Zhang; Yisong Xiao; Xiaoya Zhang; Hao Li; Lu Wang http://arxiv.org/abs/2304.05561 On the Adversarial Inversion of Deep Biometric Representations. (67%) Gioacchino Tangari; Shreesh Keskar; Hassan Jameel Asghar; Dali Kaafar http://arxiv.org/abs/2304.05370 Overload: Latency Attacks on Object Detection for Edge Devices. (33%) Erh-Chung Chen; Pin-Yu Chen; I-Hsin Chung; Che-rung Lee http://arxiv.org/abs/2304.05492 Towards More Robust and Accurate Sequential Recommendation with Cascade-guided Adversarial Training. (9%) Juntao Tan; Shelby Heinecke; Zhiwei Liu; Yongjun Chen; Yongfeng Zhang; Huan Wang http://arxiv.org/abs/2304.04386 Generating Adversarial Attacks in the Latent Space. (98%) Nitish Shukla; Sudipta Banerjee http://arxiv.org/abs/2304.04625 Reinforcement Learning-Based Black-Box Model Inversion Attacks. (67%) Gyojin Han; Jaehyun Choi; Haeil Lee; Junmo Kim http://arxiv.org/abs/2304.04512 Defense-Prefix for Preventing Typographic Attacks on CLIP. (16%) Hiroki Azuma; Yusuke Matsui http://arxiv.org/abs/2304.04846 Helix++: A platform for efficiently securing software. (1%) Jack W. Davidson; Jason D. Hiser; Anh Nguyen-Tuong http://arxiv.org/abs/2304.04343 Certifiable Black-Box Attack: Ensuring Provably Successful Attack for Adversarial Examples. (99%) Hanbin Hong; Yuan Hong http://arxiv.org/abs/2304.04168 Adversarially Robust Neural Architecture Search for Graph Neural Networks. (80%) Beini Xie; Heng Chang; Ziwei Zhang; Xin Wang; Daixin Wang; Zhiqiang Zhang; Rex Ying; Wenwu Zhu http://arxiv.org/abs/2304.04228 Unsupervised Multi-Criteria Adversarial Detection in Deep Image Retrieval. (68%) Yanru Xiao; Cong Wang; Xing Gao http://arxiv.org/abs/2304.03955 Robust Deep Learning Models Against Semantic-Preserving Adversarial Attack. (99%) Dashan Gao; Yunce Zhao; Yinghua Yao; Zeqi Zhang; Bifei Mao; Xin Yao http://arxiv.org/abs/2304.03973 RobCaps: Evaluating the Robustness of Capsule Networks against Affine Transformations and Adversarial Attacks. (98%) Alberto Marchisio; Marco Antonio De; Alessio Colucci; Maurizio Martina; Muhammad Shafique http://arxiv.org/abs/2304.04033 Exploring the Connection between Robust and Generative Models. (67%) Senad Beadini; Iacopo Masi http://arxiv.org/abs/2304.03968 Benchmarking the Robustness of Quantized Models. (47%) Yisong Xiao; Tianyuan Zhang; Shunchang Liu; Haotong Qin http://arxiv.org/abs/2304.04023 Attack is Good Augmentation: Towards Skeleton-Contrastive Representation Learning. (13%) Binqian Xu; Xiangbo Shu; Rui Yan; Guo-Sen Xie; Yixiao Ge; Mike Zheng Shou http://arxiv.org/abs/2304.04077 Deep Prototypical-Parts Ease Morphological Kidney Stone Identification and are Competitively Robust to Photometric Perturbations. (4%) Daniel Flores-Araiza; Francisco Lopez-Tiro; Jonathan El-Beze; Jacques Hubert; Miguel Gonzalez-Mendoza; Gilberto Ochoa-Ruiz; Christian Daul http://arxiv.org/abs/2304.03977 EMP-SSL: Towards Self-Supervised Learning in One Training Epoch. (1%) Shengbang Tong; Yubei Chen; Yi Ma; Yann Lecun http://arxiv.org/abs/2304.03496 Architecture-Preserving Provable Repair of Deep Neural Networks. (1%) Zhe Tao; Stephanie Nawas; Jacqueline Mitchell; Aditya V. Thakur http://arxiv.org/abs/2304.03870 ASPEST: Bridging the Gap Between Active Learning and Selective Prediction. (1%) Jiefeng Chen; Jinsung Yoon; Sayna Ebrahimi; Sercan Arik; Somesh Jha; Tomas Pfister http://arxiv.org/abs/2304.02932 Quantifying and Defending against Privacy Threats on Federated Knowledge Graph Embedding. (45%) Yuke Hu; Wei Liang; Ruofan Wu; Kai Xiao; Weiqiang Wang; Xiaochen Li; Jinfei Liu; Zhan Qin http://arxiv.org/abs/2304.03054 Manipulating Federated Recommender Systems: Poisoning with Synthetic Users and Its Countermeasures. (45%) Wei Yuan; Quoc Viet Hung Nguyen; Tieke He; Liang Chen; Hongzhi Yin http://arxiv.org/abs/2304.03147 Improving Visual Question Answering Models through Robustness Analysis and In-Context Learning with a Chain of Basic Questions. (10%) Jia-Hong Huang; Modar Alfadly; Bernard Ghanem; Marcel Worring http://arxiv.org/abs/2304.03388 EZClone: Improving DNN Model Extraction Attack via Shape Distillation from GPU Execution Profiles. (4%) Jonah O'Brien Weiss; Tiago Alves; Sandip Kundu http://arxiv.org/abs/2304.03145 Evaluating the Robustness of Machine Reading Comprehension Models to Low Resource Entity Renaming. (2%) Clemencia Siro; Tunde Oluwaseyi Ajayi http://arxiv.org/abs/2304.03456 Rethinking Evaluation Protocols of Visual Representations Learned via Self-supervised Learning. (1%) Jae-Hun Lee; Doyoung Yoon; ByeongMoon Ji; Kyungyul Kim; Sangheum Hwang http://arxiv.org/abs/2304.03370 Reliable Learning for Test-time Attacks and Distribution Shift. (1%) Maria-Florina Balcan; Steve Hanneke; Rattana Pukdee; Dravyansh Sharma http://arxiv.org/abs/2304.02963 Benchmarking Robustness to Text-Guided Corruptions. (1%) Mohammadreza Mofayezi; Yasamin Medghalchi http://arxiv.org/abs/2304.02693 A Certified Radius-Guided Attack Framework to Image Segmentation Models. (99%) Wenjie Qu; Youqi Li; Binghui Wang http://arxiv.org/abs/2304.02312 How to choose your best allies for a transferable attack? (99%) Thibault Maho; Seyed-Mohsen Moosavi-Dezfooli; Teddy Furon http://arxiv.org/abs/2304.02688 Going Further: Flatness at the Rescue of Early Stopping for Adversarial Example Transferability. (99%) Martin Gubri; Maxime Cordy; Yves Le Traon http://arxiv.org/abs/2304.02845 Robust Neural Architecture Search. (92%) Xunyu Zhu; Jian Li; Yong Liu; Weiping Wang http://arxiv.org/abs/2304.02497 Hyper-parameter Tuning for Adversarially Robust Models. (62%) Pedro Mendes; Paolo Romano; David Garlan http://arxiv.org/abs/2304.02234 JPEG Compressed Images Can Bypass Protections Against AI Editing. (15%) Pedro Sandoval-Segura; Jonas Geiping; Tom Goldstein http://arxiv.org/abs/2304.02782 FACE-AUDITOR: Data Auditing in Facial Recognition Systems. (1%) Min Chen; Zhikun Zhang; Tianhao Wang; Michael Backes; Yang Zhang http://arxiv.org/abs/2304.01826 CGDTest: A Constrained Gradient Descent Algorithm for Testing Neural Networks. (31%) Vineel Nagisetty; Laura Graves; Guanting Pan; Piyush Jha; Vijay Ganesh http://arxiv.org/abs/2304.01731 Selective Knowledge Sharing for Privacy-Preserving Federated Distillation without A Good Teacher. (1%) Jiawei Shao; Fangzhao Wu; Jun Zhang http://arxiv.org/abs/2304.02012 EGC: Image Generation and Classification via a Single Energy-Based Model. (1%) Qiushan Guo; Chuofan Ma; Yi Jiang; Zehuan Yuan; Yizhou Yu; Ping Luo http://arxiv.org/abs/2304.01482 Defending Against Patch-based Backdoor Attacks on Self-Supervised Learning. (76%) Ajinkya Tejankar; Maziar Sanjabi; Qifan Wang; Sinong Wang; Hamed Firooz; Hamed Pirsiavash; Liang Tan http://arxiv.org/abs/2304.00813 Model-Agnostic Reachability Analysis on Deep Neural Networks. (75%) Chi Zhang; Wenjie Ruan; Fu Wang; Peipei Xu; Geyong Min; Xiaowei Huang http://arxiv.org/abs/2304.01441 NetFlick: Adversarial Flickering Attacks on Deep Learning Based Video Compression. (69%) Jung-Woo Chang; Nojan Sheybani; Shehzeen Samarah Hussain; Mojan Javaheripi; Seira Hidano; Farinaz Koushanfar http://arxiv.org/abs/2304.01142 Learning About Simulated Adversaries from Human Defenders using Interactive Cyber-Defense Games. (1%) Baptiste Prebot; Yinuo Du; Cleotilde Gonzalez http://arxiv.org/abs/2304.06724 GradMDM: Adversarial Attack on Dynamic Networks. (84%) Jianhong Pan; Lin Geng Foo; Qichen Zheng; Zhipeng Fan; Hossein Rahmani; Qiuhong Ke; Jun Liu http://arxiv.org/abs/2304.00436 Instance-level Trojan Attacks on Visual Question Answering via Adversarial Learning in Neuron Activation Space. (67%) Yuwei Sun; Hideya Ochiai; Jun Sakuma http://arxiv.org/abs/2304.00202 Improving Fast Adversarial Training with Prior-Guided Knowledge. (99%) Xiaojun Jia; Yong Zhang; Xingxing Wei; Baoyuan Wu; Ke Ma; Jue Wang; Xiaochun Sr Cao http://arxiv.org/abs/2304.00061 To be Robust and to be Fair: Aligning Fairness with Robustness. (93%) Junyi Chai; Xiaoqian Wang http://arxiv.org/abs/2303.17890 Fooling Polarization-based Vision using Locally Controllable Polarizing Projection. (91%) Zhuoxiao Li; Zhihang Zhong; Shohei Nobuhara; Ko Nishino; Yinqiang Zheng http://arxiv.org/abs/2303.17940 Per-Example Gradient Regularization Improves Learning Signals from Noisy Data. (3%) Xuran Meng; Yuan Cao; Difan Zou http://arxiv.org/abs/2304.00160 Secure Federated Learning against Model Poisoning Attacks via Client Filtering. (2%) Duygu Nur Yaldiz; Tuo Zhang; Salman Avestimehr http://arxiv.org/abs/2303.18232 DIME-FM: DIstilling Multimodal and Efficient Foundation Models. (1%) Ximeng Sun; Pengchuan Zhang; Peizhao Zhang; Hardik Shah; Kate Saenko; Xide Xia http://arxiv.org/abs/2304.00083 A Generative Framework for Low-Cost Result Validation of Outsourced Machine Learning Tasks. (1%) Abhinav Kumar; Miguel A. Guirao Aguilera; Reza Tourani; Satyajayant Misra http://arxiv.org/abs/2303.17255 Adversarial Attack and Defense for Dehazing Networks. (97%) Jie Gui; Xiaofeng Cong; Chengwei Peng; Yuan Yan Tang; James Tin-Yau Kwok http://arxiv.org/abs/2303.17720 Generating Adversarial Samples in Mini-Batches May Be Detrimental To Adversarial Robustness. (96%) Timothy Redgrave; Colton Crum http://arxiv.org/abs/2303.17764 Towards Adversarially Robust Continual Learning. (95%) Tao Bai; Chen Chen; Lingjuan Lyu; Jun Zhao; Bihan Wen http://arxiv.org/abs/2303.17297 Understanding the Robustness of 3D Object Detection with Bird's-Eye-View Representations in Autonomous Driving. (81%) Zijian Zhu; Yichi Zhang; Hai Chen; Yinpeng Dong; Shu Zhao; Wenbo Ding; Jiachen Zhong; Shibao Zheng http://arxiv.org/abs/2303.17597 Robo3D: Towards Robust and Reliable 3D Perception against Corruptions. (2%) Lingdong Kong; Youquan Liu; Xin Li; Runnan Chen; Wenwei Zhang; Jiawei Ren; Liang Pan; Kai Chen; Ziwei Liu http://arxiv.org/abs/2303.17658 Establishing baselines and introducing TernaryMixOE for fine-grained out-of-distribution detection. (1%) Noah Fleischmann; Walter Bennette; Nathan Inkawhich http://arxiv.org/abs/2303.17387 Explainable Intrusion Detection Systems Using Competitive Learning Techniques. (1%) Jesse Ables; Thomas Kirby; Sudip Mittal; Ioana Banicescu; Shahram Rahimi; William Anderson; Maria Seale http://arxiv.org/abs/2303.17351 Differential Area Analysis for Ransomware: Attacks, Countermeasures, and Limitations. (1%) Marco Venturini; Francesco Freda; Emanuele Miotto; Alberto Giaretta; Mauro Conti http://arxiv.org/abs/2303.16697 Latent Feature Relation Consistency for Adversarial Robustness. (99%) Xingbin Liu; Huafeng Kuang; Hong Liu; Xianming Lin; Yongjian Wu; Rongrong Ji http://arxiv.org/abs/2303.16861 Beyond Empirical Risk Minimization: Local Structure Preserving Regularization for Improving Adversarial Robustness. (99%) Wei Wei; Jiahuan Zhou; Ying Wu http://arxiv.org/abs/2303.16633 Targeted Adversarial Attacks on Wind Power Forecasts. (88%) René Heinrich; Christoph Scholz; Stephan Vogt; Malte Lehna http://arxiv.org/abs/2304.00010 Towards Reasonable Budget Allocation in Untargeted Graph Structure Attacks via Gradient Debias. (67%) Zihan Liu; Yun Luo; Lirong Wu; Zicheng Liu; Stan Z. Li http://arxiv.org/abs/2303.17096 ImageNet-E: Benchmarking Neural Network Robustness via Attribute Editing. (56%) Xiaodan Li; Yuefeng Chen; Yao Zhu; Shuhui Wang; Rong Zhang; Hui Xue http://arxiv.org/abs/2303.16690 Graph Neural Networks for Hardware Vulnerability Analysis -- Can you Trust your GNN? (16%) Lilas Alrahis; Ozgur Sinanoglu http://arxiv.org/abs/2303.17080 Mole Recruitment: Poisoning of Image Classifiers via Selective Batch Sampling. (10%) Ethan Wisdom; Tejas Gokhale; Chaowei Xiao; Yezhou Yang http://arxiv.org/abs/2303.17061 A Tensor-based Convolutional Neural Network for Small Dataset Classification. (2%) Zhenhua Chen; David Crandall http://arxiv.org/abs/2303.16866 ALUM: Adversarial Data Uncertainty Modeling from Latent Model Uncertainty Compensation. (1%) Wei Wei; Jiahuan Zhou; Hongze Li; Ying Wu http://arxiv.org/abs/2303.16378 A Pilot Study of Query-Free Adversarial Attack against Stable Diffusion. (99%) Haomin Zhuang; Yihua Zhang; Sijia Liu http://arxiv.org/abs/2303.15735 Improving the Transferability of Adversarial Samples by Path-Augmented Method. (99%) Jianping Zhang; Jen-tse Huang; Wenxuan Wang; Yichen Li; Weibin Wu; Xiaosen Wang; Yuxin Su; Michael R. Lyu http://arxiv.org/abs/2303.15818 Towards Effective Adversarial Textured 3D Meshes on Physical Face Recognition. (99%) Xiao Yang; Chang Liu; Longlong Xu; Yikai Wang; Yinpeng Dong; Ning Chen; Hang Su; Jun Zhu http://arxiv.org/abs/2303.15754 Transferable Adversarial Attacks on Vision Transformers with Token Gradient Regularization. (98%) Jianping Zhang; Yizhan Huang; Weibin Wu; Michael R. Lyu http://arxiv.org/abs/2303.15901 Denoising Autoencoder-based Defensive Distillation as an Adversarial Robustness Algorithm. (98%) Bakary Badjie; José Cecílio; António Casimiro http://arxiv.org/abs/2303.15940 TransAudio: Towards the Transferable Adversarial Audio Attack via Learning Contextualized Perturbations. (98%) Qi Gege; Yuefeng Chen; Xiaofeng Mao; Yao Zhu; Binyuan Hui; Xiaodan Li; Rong Zhang; Hui Xue http://arxiv.org/abs/2303.16004 A Survey on Malware Detection with Graph Representation Learning. (41%) Tristan Bilot; Nour El Madhoun; Khaldoun Al Agha; Anis Zouaoui http://arxiv.org/abs/2303.16308 Provable Robustness for Streaming Models with a Sliding Window. (15%) Aounon Kumar; Vinu Sankar Sadasivan; Soheil Feizi http://arxiv.org/abs/2303.18136 Machine-learned Adversarial Attacks against Fault Prediction Systems in Smart Electrical Grids. (9%) Carmelo Ardito; Yashar Deldjoo; Noia Tommaso Di; Sciascio Eugenio Di; Fatemeh Nazary; Giovanni Servedio http://arxiv.org/abs/2303.15736 On the Use of Reinforcement Learning for Attacking and Defending Load Frequency Control. (3%) Amr S. Mohamed; Deepa Kundur http://arxiv.org/abs/2303.16031 A Universal Identity Backdoor Attack against Speaker Verification based on Siamese Network. (1%) Haodong Zhao; Wei Du; Junjie Guo; Gongshen Liu http://arxiv.org/abs/2303.15409 Classifier Robustness Enhancement Via Test-Time Transformation. (99%) Tsachi Blau; Roy Ganz; Chaim Baskin; Michael Elad; Alex Bronstein http://arxiv.org/abs/2303.15109 Improving the Transferability of Adversarial Examples via Direction Tuning. (99%) Xiangyuan Yang; Jie Lin; Hanlin Zhang; Xinyu Yang; Peng Zhao http://arxiv.org/abs/2303.15571 EMShepherd: Detecting Adversarial Samples via Side-channel Leakage. (99%) Ruyi Ding; Cheng Gongye; Siyue Wang; Aidong Ding; Yunsi Fei http://arxiv.org/abs/2303.15127 Learning the Unlearnable: Adversarial Augmentations Suppress Unlearnable Example Attacks. (97%) Tianrui Qin; Xitong Gao; Juanjuan Zhao; Kejiang Ye; Cheng-Zhong Xu http://arxiv.org/abs/2303.18191 Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency. (76%) Xiaogeng Liu; Minghui Li; Haoyu Wang; Shengshan Hu; Dengpan Ye; Hai Jin; Libing Wu; Chaowei Xiao http://arxiv.org/abs/2303.14922 CAT:Collaborative Adversarial Training. (69%) Xingbin Liu; Huafeng Kuang; Xianming Lin; Yongjian Wu; Rongrong Ji http://arxiv.org/abs/2303.14961 Diffusion Denoised Smoothing for Certified and Adversarial Robust Out-Of-Distribution Detection. (67%) Nicola Franco; Daniel Korth; Jeanette Miriam Lorenz; Karsten Roscher; Stephan Guennemann http://arxiv.org/abs/2303.15168 Personalized Federated Learning on Long-Tailed Data via Adversarial Feature Augmentation. (41%) Yang Lu; Pinxin Qian; Gang Huang; Hanzi Wang http://arxiv.org/abs/2303.15564 Mask and Restore: Blind Backdoor Defense at Test Time with Masked Autoencoder. (41%) Tao Sun; Lu Pang; Chao Chen; Haibin Ling http://arxiv.org/abs/2303.15533 Sequential training of GANs against GAN-classifiers reveals correlated "knowledge gaps" present among independently trained GAN instances. (41%) Arkanath Pathak; Nicholas Dufour http://arxiv.org/abs/2303.15433 Anti-DreamBooth: Protecting users from personalized text-to-image synthesis. (5%) Le Thanh Van; Hao Phung; Thuan Hoang Nguyen; Quan Dao; Ngoc Tran; Anh Tran http://arxiv.org/abs/2303.14822 MGTBench: Benchmarking Machine-Generated Text Detection. (61%) Xinlei He; Xinyue Shen; Zeyuan Chen; Michael Backes; Yang Zhang http://arxiv.org/abs/2303.18131 AdvCheck: Characterizing Adversarial Examples via Local Gradient Checking. (99%) Ruoxi Chen; Haibo Jin; Jinyin Chen; Haibin Zheng http://arxiv.org/abs/2303.14460 CFA: Class-wise Calibrated Fair Adversarial Training. (98%) Zeming Wei; Yifei Wang; Yiwen Guo; Yisen Wang http://arxiv.org/abs/2303.14601 PORE: Provably Robust Recommender Systems against Data Poisoning Attacks. (68%) Jinyuan Jia; Yupei Liu; Yuepeng Hu; Neil Zhenqiang Gong http://arxiv.org/abs/2303.14511 Improving robustness of jet tagging algorithms with adversarial training: exploring the loss surface. (12%) Annika Stein http://arxiv.org/abs/2303.13955 PIAT: Parameter Interpolation based Adversarial Training for Image Classification. (99%) Kun He; Xin Liu; Yichen Yang; Zhou Qin; Weigao Wen; Hui Xue; John E. Hopcroft http://arxiv.org/abs/2303.14173 How many dimensions are required to find an adversarial example? (99%) Charles Godfrey; Henry Kvinge; Elise Bishoff; Myles Mckay; Davis Brown; Tim Doster; Eleanor Byler http://arxiv.org/abs/2303.13887 Effective black box adversarial attack with handcrafted kernels. (99%) Petr Dvořáček; Petr Hurtik; Petra Števuliáková http://arxiv.org/abs/2303.14133 Adversarial Attack and Defense for Medical Image Analysis: Methods and Applications. (99%) Junhao Dong; Junxi Chen; Xiaohua Xie; Jianhuang Lai; Hao Chen http://arxiv.org/abs/2303.14077 Improved Adversarial Training Through Adaptive Instance-wise Loss Smoothing. (99%) Lin Li; Michael Spratling http://arxiv.org/abs/2303.13846 Feature Separation and Recalibration for Adversarial Robustness. (98%) Woo Jae Kim; Yoonki Cho; Junsik Jung; Sung-Eui Yoon http://arxiv.org/abs/2303.13868 Physically Adversarial Infrared Patches with Learnable Shapes and Locations. (97%) Wei Xingxing; Yu Jie; Huang Yao http://arxiv.org/abs/2303.13813 Generalist: Decoupling Natural and Robust Generalization. (96%) Hongjun Wang; Yisen Wang http://arxiv.org/abs/2303.14304 Ensemble-based Blackbox Attacks on Dense Prediction. (86%) Zikui Cai; Yaoteng Tan; M. Salman Asif http://arxiv.org/abs/2303.14325 Backdoor Attacks with Input-unique Triggers in NLP. (54%) Xukun Zhou; Jiwei Li; Tianwei Zhang; Lingjuan Lyu; Muqiao Yang; Jun He http://arxiv.org/abs/2303.14009 PoisonedGNN: Backdoor Attack on Graph Neural Networks-based Hardware Security Systems. (22%) Lilas Alrahis; Satwik Patnaik; Muhammad Abdullah Hanif; Muhammad Shafique; Ozgur Sinanoglu http://arxiv.org/abs/2303.14096 Enhancing Multiple Reliability Measures via Nuisance-extended Information Bottleneck. (5%) Jongheon Jeong; Sihyun Yu; Hankook Lee; Jinwoo Shin http://arxiv.org/abs/2303.14197 Optimal Smoothing Distribution Exploration for Backdoor Neutralization in Deep Learning-based Traffic Systems. (2%) Yue Wang; Wending Li; Michail Maniatakos; Saif Eddin Jabari http://arxiv.org/abs/2303.14186 TRAK: Attributing Model Behavior at Scale. (1%) Sung Min Park; Kristian Georgiev; Andrew Ilyas; Guillaume Leclerc; Aleksander Madry http://arxiv.org/abs/2303.13131 Watch Out for the Confusing Faces: Detecting Face Swapping with the Probability Distribution of Face Identification Models. (68%) Yuxuan Duan; Xuhong Zhang; Chuer Yu; Zonghui Wang; Shouling Ji; Wenzhi Chen http://arxiv.org/abs/2303.14193 Quadratic Graph Attention Network (Q-GAT) for Robust Construction of Gene Regulatory Networks. (50%) Hui Zhang; Xuexin An; Qiang He; Yudong Yao; Feng-Lei Fan; Yueyang Teng http://arxiv.org/abs/2303.13401 Optimization and Optimizers for Adversarial Robustness. (41%) Hengyue Liang; Buyun Liang; Le Peng; Ying Cui; Tim Mitchell; Ju Sun http://arxiv.org/abs/2303.13649 Adversarial Robustness and Feature Impact Analysis for Driver Drowsiness Detection. (41%) João Vitorino; Lourenço Rodrigues; Eva Maia; Isabel Praça; André Lourenço http://arxiv.org/abs/2303.13408 Paraphrasing evades detectors of AI-generated text, but retrieval is an effective defense. (15%) Kalpesh Krishna; Yixiao Song; Marzena Karpinska; John Wieting; Mohit Iyyer http://arxiv.org/abs/2303.13326 Decentralized Adversarial Training over Graphs. (13%) Ying Cao; Elsa Rizk; Stefan Vlaski; Ali H. Sayed http://arxiv.org/abs/2303.13211 Don't FREAK Out: A Frequency-Inspired Approach to Detecting Backdoor Poisoned Samples in DNNs. (8%) Hasan Abed Al Kader Hammoud; Adel Bibi; Philip H. S. Torr; Bernard Ghanem http://arxiv.org/abs/2303.13713 Low-frequency Image Deep Steganography: Manipulate the Frequency Distribution to Hide Secrets with Tenacious Robustness. (1%) Huajie Chen; Tianqing Zhu; Yuan Zhao; Bo Liu; Xin Yu; Wanlei Zhou http://arxiv.org/abs/2303.13588 Efficient Symbolic Reasoning for Neural-Network Verification. (1%) Zi Dj Wang; Somesh Dj Jha; Dj Krishnamurthy; Dvijotham http://arxiv.org/abs/2303.12658 Reliable and Efficient Evaluation of Adversarial Robustness for Deep Hashing-Based Retrieval. (99%) Xunguang Wang; Jiawang Bai; Xinyue Xu; Xiaomeng Li http://arxiv.org/abs/2303.13010 Semantic Image Attack for Visual Model Diagnosis. (99%) Jinqi Luo; Zhaoning Wang; Chen Henry Wu; Dong Huang; la Torre Fernando De http://arxiv.org/abs/2303.12481 Revisiting DeepFool: generalization and improvement. (99%) Alireza Abdollahpourrostam; Mahed Abroshan; Seyed-Mohsen Moosavi-Dezfooli http://arxiv.org/abs/2303.12357 Wasserstein Adversarial Examples on Univariant Time Series Data. (99%) Wenjie Wang; Li Xiong; Jian Lou http://arxiv.org/abs/2303.12848 Test-time Defense against Adversarial Attacks: Detection and Reconstruction of Adversarial Examples via Masked Autoencoder. (99%) Yun-Yun Tsai; Ju-Chin Chao; Albert Wen; Zhaoyuan Yang; Chengzhi Mao; Tapan Shah; Junfeng Yang http://arxiv.org/abs/2303.12512 Sibling-Attack: Rethinking Transferable Adversarial Attacks against Face Recognition. (78%) Zexin Li; Bangjie Yin; Taiping Yao; Juefeng Guo; Shouhong Ding; Simin Chen; Cong Liu http://arxiv.org/abs/2303.12669 An Extended Study of Human-like Behavior under Adversarial Training. (76%) Paul Gavrikov; Janis Keuper; Margret Keuper http://arxiv.org/abs/2303.12363 Distribution-restrained Softmax Loss for the Model Robustness. (38%) Hao Wang; Chen Li; Jinzhe Jiang; Xin Zhang; Yaqian Zhao; Weifeng Gong http://arxiv.org/abs/2303.12993 Backdoor Defense via Adaptively Splitting Poisoned Dataset. (16%) Kuofeng Gao; Yang Bai; Jindong Gu; Yong Yang; Shu-Tao Xia http://arxiv.org/abs/2303.12397 Edge Deep Learning Model Protection via Neuron Authorization. (11%) Jinyin Chen; Haibin Zheng; Tao Liu; Rongchang Li; Yao Cheng; Xuhong Zhang; Shouling Ji http://arxiv.org/abs/2303.12249 State-of-the-art optical-based physical adversarial attacks for deep learning computer vision systems. (99%) Junbin Fang; You Jiang; Canjian Jiang; Zoe L. Jiang; Siu-Ming Yiu; Chuanyi Liu http://arxiv.org/abs/2303.11625 Information-containing Adversarial Perturbation for Combating Facial Manipulation Systems. (99%) Yao Zhu; Yuefeng Chen; Xiaodan Li; Rong Zhang; Xiang Tian; Bolun Zheng; Yaowu Chen http://arxiv.org/abs/2303.11793 Bridging Optimal Transport and Jacobian Regularization by Optimal Trajectory for Enhanced Adversarial Defense. (99%) Binh M. Le; Shahroz Tariq; Simon S. Woo http://arxiv.org/abs/2303.11917 Efficient Decision-based Black-box Patch Attacks on Video Recognition. (98%) Kaixun Jiang; Zhaoyu Chen; Hao Huang; Jiafeng Wang; Dingkang Yang; Bo Li; Yan Wang; Wenqiang Zhang http://arxiv.org/abs/2303.12175 Black-box Backdoor Defense via Zero-shot Image Purification. (86%) Yucheng Shi; Mengnan Du; Xuansheng Wu; Zihan Guan; Jin Sun; Ninghao Liu http://arxiv.org/abs/2303.11611 Out of Thin Air: Exploring Data-Free Adversarial Robustness Distillation. (10%) Yuzheng Wang; Zhaoyu Chen; Dingkang Yang; Pinxue Guo; Kaixun Jiang; Wenqiang Zhang; Lizhe Qi http://arxiv.org/abs/2303.12054 Influencer Backdoor Attack on Semantic Segmentation. (10%) Haoheng Lan; Jindong Gu; Philip Torr; Hengshuang Zhao http://arxiv.org/abs/2303.12233 LOKI: Large-scale Data Reconstruction Attack against Federated Learning through Model Manipulation. (9%) Joshua C. Zhao; Atul Sharma; Ahmed Roushdy Elkordy; Yahya H. Ezzeldin; Salman Avestimehr; Saurabh Bagchi http://arxiv.org/abs/2303.11745 Poisoning Attacks in Federated Edge Learning for Digital Twin 6G-enabled IoTs: An Anticipatory Study. (1%) Mohamed Amine Ferrag; Burak Kantarci; Lucas C. Cordeiro; Merouane Debbah; Kim-Kwang Raymond Choo http://arxiv.org/abs/2303.11135 TWINS: A Fine-Tuning Framework for Improved Transferability of Adversarial Robustness and Generalization. (99%) Ziquan Liu; Yi Xu; Xiangyang Ji; Antoni B. Chan http://arxiv.org/abs/2303.11143 Adversarial Attacks against Binary Similarity Systems. (99%) Gianluca Capozzi; Daniele Cono D'Elia; Luna Giuseppe Antonio Di; Leonardo Querzoni http://arxiv.org/abs/2303.13372 DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness. (99%) Shoumik Saha; Wenxiao Wang; Yigitcan Kaya; Soheil Feizi; Tudor Dumitras http://arxiv.org/abs/2303.10974 Translate your gibberish: black-box adversarial attack on machine translation systems. (83%) Andrei Chertkov; Olga Tsymboi; Mikhail Pautov; Ivan Oseledets http://arxiv.org/abs/2303.11376 GNN-Ensemble: Towards Random Decision Graph Neural Networks. (56%) Wenqi Wei; Mu Qiao; Divyesh Jadav http://arxiv.org/abs/2303.11040 Benchmarking Robustness of 3D Object Detection to Common Corruptions in Autonomous Driving. (41%) Yinpeng Dong; Caixin Kang; Jinlai Zhang; Zijian Zhu; Yikai Wang; Xiao Yang; Hang Su; Xingxing Wei; Jun Zhu http://arxiv.org/abs/2303.11470 Did You Train on My Dataset? Towards Public Dataset Protection with Clean-Label Backdoor Watermarking. (9%) Ruixiang Tang; Qizhang Feng; Ninghao Liu; Fan Yang; Xia Hu http://arxiv.org/abs/2303.11066 Boosting Semi-Supervised Learning by Exploiting All Unlabeled Data. (2%) Yuhao Chen; Xin Tan; Borui Zhao; Zhaowei Chen; Renjie Song; Jiajun Liang; Xuequan Lu http://arxiv.org/abs/2303.11242 Make Landscape Flatter in Differentially Private Federated Learning. (1%) Yifan Shi; Yingqi Liu; Kang Wei; Li Shen; Xueqian Wang; Dacheng Tao http://arxiv.org/abs/2303.11126 Robustifying Token Attention for Vision Transformers. (1%) Yong Guo; David Stutz; Bernt Schiele http://arxiv.org/abs/2303.10653 Randomized Adversarial Training via Taylor Expansion. (99%) Gaojie Jin; Xinping Yi; Dengyu Wu; Ronghui Mu; Xiaowei Huang http://arxiv.org/abs/2303.10594 AdaptGuard: Defending Against Universal Attacks for Model Adaptation. (82%) Lijun Sheng; Jian Liang; Ran He; Zilei Wang; Tieniu Tan http://arxiv.org/abs/2303.10430 NoisyHate: Benchmarking Content Moderation Machine Learning Models with Human-Written Perturbations Online. (98%) Yiran Ye; Thai Le; Dongwon Lee http://arxiv.org/abs/2303.10399 FedRight: An Effective Model Copyright Protection for Federated Learning. (96%) Jinyin Chen; Mingjun Li; Mingjun Li; Haibin Zheng http://arxiv.org/abs/2303.10078 Fuzziness-tuned: Improving the Transferability of Adversarial Examples. (99%) Xiangyuan Yang; Jie Lin; Hanlin Zhang; Xinyu Yang; Peng Zhao http://arxiv.org/abs/2303.09767 It Is All About Data: A Survey on the Effects of Data on Adversarial Robustness. (99%) Peiyu Xiong; Michael Tegegn; Jaskeerat Singh Sarin; Shubhraneel Pal; Julia Rubin http://arxiv.org/abs/2303.10225 Robust Mode Connectivity-Oriented Adversarial Defense: Enhancing Neural Network Robustness Against Diversified $\ell_p$ Attacks. (99%) Ren Wang; Yuxuan Li; Sijia Liu http://arxiv.org/abs/2303.10291 Detection of Uncertainty in Exceedance of Threshold (DUET): An Adversarial Patch Localizer. (83%) Terence Jie Chua; Wenhan Yu; Jun Zhao http://arxiv.org/abs/2303.11156 Can AI-Generated Text be Reliably Detected? (45%) Vinu Sankar Sadasivan; Aounon Kumar; Sriram Balasubramanian; Wenxiao Wang; Soheil Feizi http://arxiv.org/abs/2303.09962 Adversarial Counterfactual Visual Explanations. (31%) Guillaume Jeanneret; Loïc Simon; Frédéric Jurie http://arxiv.org/abs/2303.09858 MedLocker: A Transferable Adversarial Watermarking for Preventing Unauthorized Analysis of Medical Image Dataset. (16%) Bangzheng Pu; Xingxing Wei; Shiji Zhao; Huazhu Fu http://arxiv.org/abs/2303.10288 Mobile Edge Adversarial Detection for Digital Twinning to the Metaverse with Deep Reinforcement Learning. (9%) Terence Jie Chua; Wenhan Yu; Jun Zhao http://arxiv.org/abs/2303.09893 Moving Target Defense for Service-oriented Mission-critical Networks. (1%) Doğanalp Ergenç; Florian Schneider; Peter Kling; Mathias Fischer http://arxiv.org/abs/2303.09105 Rethinking Model Ensemble in Transfer-based Adversarial Attacks. (99%) Huanran Chen; Yichi Zhang; Yinpeng Dong; Jun Zhu http://arxiv.org/abs/2303.09289 Class Attribute Inference Attacks: Inferring Sensitive Class Information by Diffusion-Based Attribute Manipulations. (68%) Lukas Struppek; Dominik Hintersdorf; Felix Friedrich; Manuel Brack; Patrick Schramowski; Kristian Kersting http://arxiv.org/abs/2303.09495 Among Us: Adversarially Robust Collaborative Perception by Consensus. (67%) Yiming Li; Qi Fang; Jiamu Bai; Siheng Chen; Felix Juefei-Xu; Chen Feng http://arxiv.org/abs/2303.09731 Exorcising ''Wraith'': Protecting LiDAR-based Object Detector in Automated Driving System from Appearing Attacks. (50%) Qifan Xiao; Xudong Pan; Yifan Lu; Mi Zhang; Jiarun Dai; Min Yang http://arxiv.org/abs/2303.09732 Rethinking White-Box Watermarks on Deep Learning Models under Neural Structural Obfuscation. (11%) Yifan Yan; Xudong Pan; Mi Zhang; Min Yang http://arxiv.org/abs/2303.08509 Black-box Adversarial Example Attack towards FCG Based Android Malware Detection under Incomplete Feature Information. (99%) Heng Li; Zhang Cheng; Bang Wu; Liheng Yuan; Cuiying Gao; Wei Yuan; Xiapu Luo http://arxiv.org/abs/2303.09051 Robust Evaluation of Diffusion-Based Adversarial Purification. (83%) Minjong Lee; Dongwoo Kim http://arxiv.org/abs/2303.09024 DeeBBAA: A benchmark Deep Black Box Adversarial Attack against Cyber-Physical Power Systems. (81%) Arnab Bhattacharjee; Tapan K. Saha; Ashu Verma; Sukumar Mishra http://arxiv.org/abs/2303.08500 The Devil's Advocate: Shattering the Illusion of Unexploitable Data using Diffusion Models. (67%) Hadi M. Dolatabadi; Sarah Erfani; Christopher Leckie http://arxiv.org/abs/2303.08866 EvalAttAI: A Holistic Approach to Evaluating Attribution Maps in Robust and Non-Robust Models. (45%) Ian E. Nielsen; Ravi P. Ramachandran; Nidhal Bouaynaya; Hassan M. Fathallah-Shaykh; Ghulam Rasool http://arxiv.org/abs/2303.08944 Agnostic Multi-Robust Learning Using ERM. (12%) Saba Ahmadi; Avrim Blum; Omar Montasser; Kevin Stangl http://arxiv.org/abs/2303.08983 Reinforce Data, Multiply Impact: Improved Model Accuracy and Robustness with Dataset Reinforcement. (1%) Fartash Faghri; Hadi Pouransari; Sachin Mehta; Mehrdad Farajtabar; Ali Farhadi; Mohammad Rastegari; Oncel Tuzel http://arxiv.org/abs/2303.08774 GPT-4 Technical Report. (1%) Rai OpenAI; Josh Rai Achiam; Steven Rai Adler; Sandhini Rai Agarwal; Lama Rai Ahmad; Ilge Rai Akkaya; Florencia Leoni Rai Aleman; Diogo Rai Almeida; Janko Rai Altenschmidt; Sam Rai Altman; Shyamal Rai Anadkat; Red Rai Avila; Igor Rai Babuschkin; Suchir Rai Balaji; Valerie Rai Balcom; Paul Rai Baltescu; Haiming Rai Bao; Mohammad Rai Bavarian; Jeff Rai Belgum; Irwan Rai Bello; Jake Rai Berdine; Gabriel Rai Bernadett-Shapiro; Christopher Rai Berner; Lenny Rai Bogdonoff; Oleg Rai Boiko; Madelaine Rai Boyd; Anna-Luisa Rai Brakman; Greg Rai Brockman; Tim Rai Brooks; Miles Rai Brundage; Kevin Rai Button; Trevor Rai Cai; Rosie Rai Campbell; Andrew Rai Cann; Brittany Rai Carey; Chelsea Rai Carlson; Rory Rai Carmichael; Brooke Rai Chan; Che Rai Chang; Fotis Rai Chantzis; Derek Rai Chen; Sully Rai Chen; Ruby Rai Chen; Jason Rai Chen; Mark Rai Chen; Ben Rai Chess; Chester Rai Cho; Casey Rai Chu; Hyung Won Rai Chung; Dave Rai Cummings; Jeremiah Rai Currier; Yunxing Rai Dai; Cory Rai Decareaux; Thomas Rai Degry; Noah Rai Deutsch; Damien Rai Deville; Arka Rai Dhar; David Rai Dohan; Steve Rai Dowling; Sheila Rai Dunning; Adrien Rai Ecoffet; Atty Rai Eleti; Tyna Rai Eloundou; David Rai Farhi; Liam Rai Fedus; Niko Rai Felix; Simón Posada Rai Fishman; Juston Rai Forte; Isabella Rai Fulford; Leo Rai Gao; Elie Rai Georges; Christian Rai Gibson; Vik Rai Goel; Tarun Rai Gogineni; Gabriel Rai Goh; Rapha Rai Gontijo-Lopes; Jonathan Rai Gordon; Morgan Rai Grafstein; Scott Rai Gray; Ryan Rai Greene; Joshua Rai Gross; Shixiang Shane Rai Gu; Yufei Rai Guo; Chris Rai Hallacy; Jesse Rai Han; Jeff Rai Harris; Yuchen Rai He; Mike Rai Heaton; Johannes Rai Heidecke; Chris Rai Hesse; Alan Rai Hickey; Wade Rai Hickey; Peter Rai Hoeschele; Brandon Rai Houghton; Kenny Rai Hsu; Shengli Rai Hu; Xin Rai Hu; Joost Rai Huizinga; Shantanu Rai Jain; Shawn Rai Jain; Joanne Rai Jang; Angela Rai Jiang; Roger Rai Jiang; Haozhun Rai Jin; Denny Rai Jin; Shino Rai Jomoto; Billie Rai Jonn; Heewoo Rai Jun; Tomer Rai Kaftan; Łukasz Rai Kaiser; Ali Rai Kamali; Ingmar Rai Kanitscheider; Nitish Shirish Rai Keskar; Tabarak Rai Khan; Logan Rai Kilpatrick; Jong Wook Rai Kim; Christina Rai Kim; Yongjik Rai Kim; Jan Hendrik Rai Kirchner; Jamie Rai Kiros; Matt Rai Knight; Daniel Rai Kokotajlo; Łukasz Rai Kondraciuk; Andrew Rai Kondrich; Aris Rai Konstantinidis; Kyle Rai Kosic; Gretchen Rai Krueger; Vishal Rai Kuo; Michael Rai Lampe; Ikai Rai Lan; Teddy Rai Lee; Jan Rai Leike; Jade Rai Leung; Daniel Rai Levy; Chak Ming Rai Li; Rachel Rai Lim; Molly Rai Lin; Stephanie Rai Lin; Mateusz Rai Litwin; Theresa Rai Lopez; Ryan Rai Lowe; Patricia Rai Lue; Anna Rai Makanju; Kim Rai Malfacini; Sam Rai Manning; Todor Rai Markov; Yaniv Rai Markovski; Bianca Rai Martin; Katie Rai Mayer; Andrew Rai Mayne; Bob Rai McGrew; Scott Mayer Rai McKinney; Christine Rai McLeavey; Paul Rai McMillan; Jake Rai McNeil; David Rai Medina; Aalok Rai Mehta; Jacob Rai Menick; Luke Rai Metz; Andrey Rai Mishchenko; Pamela Rai Mishkin; Vinnie Rai Monaco; Evan Rai Morikawa; Daniel Rai Mossing; Tong Rai Mu; Mira Rai Murati; Oleg Rai Murk; David Rai Mély; Ashvin Rai Nair; Reiichiro Rai Nakano; Rajeev Rai Nayak; Arvind Rai Neelakantan; Richard Rai Ngo; Hyeonwoo Rai Noh; Long Rai Ouyang; Cullen Rai O'Keefe; Jakub Rai Pachocki; Alex Rai Paino; Joe Rai Palermo; Ashley Rai Pantuliano; Giambattista Rai Parascandolo; Joel Rai Parish; Emy Rai Parparita; Alex Rai Passos; Mikhail Rai Pavlov; Andrew Rai Peng; Adam Rai Perelman; Filipe de Avila Belbute Rai Peres; Michael Rai Petrov; Henrique Ponde de Oliveira Rai Pinto; Rai Michael; Pokorny; Michelle Pokrass; Vitchyr H. Pong; Tolly Powell; Alethea Power; Boris Power; Elizabeth Proehl; Raul Puri; Alec Radford; Jack Rae; Aditya Ramesh; Cameron Raymond; Francis Real; Kendra Rimbach; Carl Ross; Bob Rotsted; Henri Roussez; Nick Ryder; Mario Saltarelli; Ted Sanders; Shibani Santurkar; Girish Sastry; Heather Schmidt; David Schnurr; John Schulman; Daniel Selsam; Kyla Sheppard; Toki Sherbakov; Jessica Shieh; Sarah Shoker; Pranav Shyam; Szymon Sidor; Eric Sigler; Maddie Simens; Jordan Sitkin; Katarina Slama; Ian Sohl; Benjamin Sokolowsky; Yang Song; Natalie Staudacher; Felipe Petroski Such; Natalie Summers; Ilya Sutskever; Jie Tang; Nikolas Tezak; Madeleine B. Thompson; Phil Tillet; Amin Tootoonchian; Elizabeth Tseng; Preston Tuggle; Nick Turley; Jerry Tworek; Juan Felipe Cerón Uribe; Andrea Vallone; Arun Vijayvergiya; Chelsea Voss; Carroll Wainwright; Justin Jay Wang; Alvin Wang; Ben Wang; Jonathan Ward; Jason Wei; CJ Weinmann; Akila Welihinda; Peter Welinder; Jiayi Weng; Lilian Weng; Matt Wiethoff; Dave Willner; Clemens Winter; Samuel Wolrich; Hannah Wong; Lauren Workman; Sherwin Wu; Jeff Wu; Michael Wu; Kai Xiao; Tao Xu; Sarah Yoo; Kevin Yu; Qiming Yuan; Wojciech Zaremba; Rowan Zellers; Chong Zhang; Marvin Zhang; Shengjia Zhao; Tianhao Zheng; Juntang Zhuang; William Zhuk; Barret Zoph http://arxiv.org/abs/2303.08032 Verifying the Robustness of Automatic Credibility Assessment. (99%) Piotr Przybyła; Alexander Shvets; Horacio Saggion http://arxiv.org/abs/2303.08171 Resilient Dynamic Average Consensus based on Trusted agents. (69%) Shamik Bhattacharyya; Rachel Kalpana Kalaimani http://arxiv.org/abs/2303.08289 Improving Adversarial Robustness with Hypersphere Embedding and Angular-based Regularizations. (31%) Olukorede Fakorede; Ashutosh Nirala; Modeste Atsague; Jin Tian http://arxiv.org/abs/2303.07546 Constrained Adversarial Learning and its applicability to Automated Software Testing: a systematic review. (99%) João Vitorino; Tiago Dias; Tiago Fonseca; Eva Maia; Isabel Praça http://arxiv.org/abs/2303.07474 Can Adversarial Examples Be Parsed to Reveal Victim Model Information? (99%) Yuguang Yao; Jiancheng Liu; Yifan Gong; Xiaoming Liu; Yanzhi Wang; Xue Lin; Sijia Liu http://arxiv.org/abs/2303.07003 Review on the Feasibility of Adversarial Evasion Attacks and Defenses for Network Intrusion Detection Systems. (99%) Islam Debicha; Benjamin Cochez; Tayeb Kenaza; Thibault Debatty; Jean-Michel Dricot; Wim Mees http://arxiv.org/abs/2303.12735 SMUG: Towards robust MRI reconstruction by smoothed unrolling. (98%) Hui Li; Jinghan Jia; Shijun Liang; Yuguang Yao; Saiprasad Ravishankar; Sijia Liu http://arxiv.org/abs/2303.07320 Model-tuning Via Prompts Makes NLP Models Adversarially Robust. (96%) Mrigank Raman; Pratyush Maini; J. Zico Kolter; Zachary C. Lipton; Danish Pruthi http://arxiv.org/abs/2303.06854 Robust Contrastive Language-Image Pretraining against Adversarial Attacks. (83%) Wenhan Yang; Baharan Mirzasoleiman http://arxiv.org/abs/2303.08581 Model Extraction Attacks on Split Federated Learning. (47%) Jingtao Li; Adnan Siraj Rakin; Xing Chen; Li Yang; Zhezhi He; Deliang Fan; Chaitali Chakrabarti http://arxiv.org/abs/2303.07543 WDiscOOD: Out-of-Distribution Detection via Whitened Linear Discriminative Analysis. (1%) Yiye Chen; Yunzhi Lin; Ruinian Xu; Patricio A. Vela http://arxiv.org/abs/2303.06920 Pixel-wise Gradient Uncertainty for Convolutional Neural Networks applied to Out-of-Distribution Segmentation. (1%) Kira Maag; Tobias Riedlinger http://arxiv.org/abs/2303.06664 Adv-Bot: Realistic Adversarial Botnet Attacks against Network Intrusion Detection Systems. (99%) Islam Debicha; Benjamin Cochez; Tayeb Kenaza; Thibault Debatty; Jean-Michel Dricot; Wim Mees http://arxiv.org/abs/2303.06641 Adaptive Local Adversarial Attacks on 3D Point Clouds for Augmented Reality. (99%) Weiquan Liu; Shijun Zheng; Cheng Wang http://arxiv.org/abs/2303.06746 DNN-Alias: Deep Neural Network Protection Against Side-Channel Attacks via Layer Balancing. (96%) Mahya Morid Ahmadi; Lilas Alrahis; Ozgur Sinanoglu; Muhammad Shafique http://arxiv.org/abs/2303.06601 Multi-metrics adaptively identifies backdoors in Federated learning. (92%) Siquan Huang; Yijiang Li; Chong Chen; Leyu Shi; Ying Gao http://arxiv.org/abs/2303.06837 Adversarial Attacks to Direct Data-driven Control for Destabilization. (91%) Hampei Sasahara http://arxiv.org/abs/2303.06818 Backdoor Defense via Deconfounded Representation Learning. (83%) Zaixi Zhang; Qi Liu; Zhicai Wang; Zepu Lu; Qingyong Hu http://arxiv.org/abs/2303.06652 Interpreting Hidden Semantics in the Intermediate Layers of 3D Point Cloud Classification Neural Network. (76%) Weiquan Liu; Minghao Liu; Shijun Zheng; Cheng Wang http://arxiv.org/abs/2303.06808 Boosting Source Code Learning with Data Augmentation: An Empirical Study. (11%) Zeming Dong; Qiang Hu; Yuejun Guo; Zhenya Zhang; Maxime Cordy; Mike Papadakis; Yves Le Traon; Jianjun Zhao http://arxiv.org/abs/2303.06425 Improving the Robustness of Deep Convolutional Neural Networks Through Feature Learning. (99%) Jin Ding; Jie-Chao Zhao; Yong-Zhi Sun; Ping Tan; Ji-En Ma; You-Tong Fang http://arxiv.org/abs/2303.06486 SHIELD: An Adaptive and Lightweight Defense against the Remote Power Side-Channel Attacks on Multi-tenant FPGAs. (8%) Mahya Morid Ahmadi; Faiq Khalid; Radha Vaidya; Florian Kriebel; Andreas Steininger; Muhammad Shafique http://arxiv.org/abs/2303.06199 Turning Strengths into Weaknesses: A Certified Robustness Inspired Attack Framework against Graph Neural Networks. (99%) Binghui Wang; Meng Pang; Yun Dong http://arxiv.org/abs/2303.05719 Boosting Adversarial Attacks by Leveraging Decision Boundary Information. (99%) Boheng Zeng; LianLi Gao; QiLong Zhang; ChaoQun Li; JingKuan Song; ShuaiQi Jing http://arxiv.org/abs/2303.06302 Adversarial Attacks and Defenses in Machine Learning-Powered Networks: A Contemporary Survey. (99%) Yulong Wang; Tong Sun; Shenghong Li; Xin Yuan; Wei Ni; Ekram Hossain; H. Vincent Poor http://arxiv.org/abs/2303.06280 Investigating Stateful Defenses Against Black-Box Adversarial Examples. (99%) Ryan Feng; Ashish Hooda; Neal Mangaokar; Kassem Fawaz; Somesh Jha; Atul Prakash http://arxiv.org/abs/2303.05758 MIXPGD: Hybrid Adversarial Training for Speech Recognition Systems. (99%) Aminul Huq; Weiyi Zhang; Xiaolin Hu http://arxiv.org/abs/2303.06241 Do we need entire training data for adversarial training? (99%) Vipul Gupta; Apurva Narayan http://arxiv.org/abs/2303.05762 TrojDiff: Trojan Attacks on Diffusion Models with Diverse Targets. (61%) Weixin Chen; Dawn Song; Bo Li http://arxiv.org/abs/2303.05828 Adapting Contrastive Language-Image Pretrained (CLIP) Models for Out-of-Distribution Detection. (13%) Nikolas Adaloglou; Felix Michels; Tim Kaiser; Markus Kollmann http://arxiv.org/abs/2303.06151 NoiseCAM: Explainable AI for the Boundary Between Noise and Adversarial Attacks. (99%) Wenkai Tan; Justus Renkhoff; Alvaro Velasquez; Ziyu Wang; Lusi Li; Jian Wang; Shuteng Niu; Fan Yang; Yongxin Liu; Houbing Song http://arxiv.org/abs/2303.05575 Evaluating the Robustness of Conversational Recommender Systems by Adversarial Examples. (92%) Ali Montazeralghaem; James Allan http://arxiv.org/abs/2303.05072 Identification of Systematic Errors of Image Classifiers on Rare Subgroups. (83%) Jan Hendrik Metzen; Robin Hutmacher; N. Grace Hua; Valentyn Boreiko; Dan Zhang http://arxiv.org/abs/2303.05077 Learning the Legibility of Visual Text Perturbations. (78%) Dev Seth; Rickard Stureborg; Danish Pruthi; Bhuwan Dhingra http://arxiv.org/abs/2303.05246 Efficient Certified Training and Robustness Verification of Neural ODEs. (75%) Mustafa Zeqiri; Mark Niklas Müller; Marc Fischer; Martin Vechev http://arxiv.org/abs/2303.05699 Feature Unlearning for Pre-trained GANs and VAEs. (68%) Saemi Moon; Seunghyuk Cho; Dongwoo Kim http://arxiv.org/abs/2303.04502 Immune Defense: A Novel Adversarial Defense Mechanism for Preventing the Generation of Adversarial Examples. (99%) Jinwei Wang; Hao Wu; Haihua Wang; Jiawei Zhang; Xiangyang Luo; Bin Ma http://arxiv.org/abs/2303.04980 Decision-BADGE: Decision-based Adversarial Batch Attack with Directional Gradient Estimation. (99%) Geunhyeok Yu; Minwoo Jeon; Hyoseok Hwang http://arxiv.org/abs/2303.06032 Exploring Adversarial Attacks on Neural Networks: An Explainable Approach. (99%) Justus Renkhoff; Wenkai Tan; Alvaro Velasquez; illiam Yichen Wang; Yongxin Liu; Jian Wang; Shuteng Niu; Lejla Begic Fazlic; Guido Dartmann; Houbing Song http://arxiv.org/abs/2303.07199 BeamAttack: Generating High-quality Textual Adversarial Examples through Beam Search and Mixed Semantic Spaces. (99%) Hai Zhu; Qingyang Zhao; Yuren Wu http://arxiv.org/abs/2303.04878 DeepGD: A Multi-Objective Black-Box Test Selection Approach for Deep Neural Networks. (3%) Zohreh Aghababaeyan; Manel Abdellatif; Mahboubeh Dadkhah; Lionel Briand http://arxiv.org/abs/2303.03680 Logit Margin Matters: Improving Transferable Targeted Adversarial Attack by Logit Calibration. (99%) Juanjuan Weng; Zhiming Luo; Zhun Zhong; Shaozi Li; Nicu Sebe http://arxiv.org/abs/2303.04238 Patch of Invisibility: Naturalistic Black-Box Adversarial Attacks on Object Detectors. (98%) Raz Lapid; Moshe Sipper http://arxiv.org/abs/2303.04183 Robustness-preserving Lifelong Learning via Dataset Condensation. (96%) Jinghan Jia; Yihua Zhang; Dogyoon Song; Sijia Liu; Alfred Hero http://arxiv.org/abs/2303.04278 CUDA: Convolution-based Unlearnable Datasets. (82%) Vinu Sankar Sadasivan; Mahdi Soltanolkotabi; Soheil Feizi http://arxiv.org/abs/2303.03700 EavesDroid: Eavesdropping User Behaviors via OS Side-Channels on Smartphones. (11%) Quancheng Wang; Ming Tang; Jianming Fu http://arxiv.org/abs/2303.04187 Stabilized training of joint energy-based models and their practical applications. (2%) Martin Sustek; Samik Sadhu; Lukas Burget; Hynek Hermansky; Jesus Villalba; Laureano Moro-Velazquez; Najim Dehak http://arxiv.org/abs/2303.03323 CleanCLIP: Mitigating Data Poisoning Attacks in Multimodal Contrastive Learning. (41%) Hritik Bansal; Nishad Singhi; Yu Yang; Fan Yin; Aditya Grover; Kai-Wei Chang http://arxiv.org/abs/2303.03446 Students Parrot Their Teachers: Membership Inference on Model Distillation. (31%) Matthew Jagielski; Milad Nasr; Christopher Choquette-Choo; Katherine Lee; Nicholas Carlini http://arxiv.org/abs/2303.03012 On the Feasibility of Specialized Ability Extracting for Large Language Code Models. (22%) Zongjie Li; Chaozheng Wang; Pingchuan Ma; Chaowei Liu; Shuai Wang; Daoyuan Wu; Cuiyun Gao http://arxiv.org/abs/2303.03169 A Unified Algebraic Perspective on Lipschitz Neural Networks. (15%) Alexandre Araujo; Aaron Havens; Blaise Delattre; Alexandre Allauzen; Bin Hu http://arxiv.org/abs/2303.03320 Learning to Backdoor Federated Learning. (15%) Henger Li; Chen Wu; Sencun Zhu; Zizhan Zheng http://arxiv.org/abs/2303.03470 Partial-Information, Longitudinal Cyber Attacks on LiDAR in Autonomous Vehicles. (10%) R. Spencer Hallyburton; Qingzhao Zhang; Z. Morley Mao; Miroslav Pajic http://arxiv.org/abs/2303.03372 ALMOST: Adversarial Learning to Mitigate Oracle-less ML Attacks via Synthesis Tuning. (1%) Animesh Basak Chowdhury; Lilas Alrahis; Luca Collini; Johann Knechtel; Ramesh Karri; Siddharth Garg; Ozgur Sinanoglu; Benjamin Tan http://arxiv.org/abs/2303.02970 Rethinking Confidence Calibration for Failure Prediction. (1%) Fei Zhu; Zhen Cheng; Xu-Yao Zhang; Cheng-Lin Liu http://arxiv.org/abs/2303.02814 Visual Analytics of Neuron Vulnerability to Adversarial Attacks on Convolutional Neural Networks. (99%) Yiran Li; Junpeng Wang; Takanori Fujiwara; Kwan-Liu Ma http://arxiv.org/abs/2303.02669 Consistent Valid Physically-Realizable Adversarial Attack against Crowd-flow Prediction Models. (99%) Hassan Ali; Muhammad Atif Butt; Fethi Filali; Ala Al-Fuqaha; Junaid Qadir http://arxiv.org/abs/2303.02874 Adversarial Sampling for Fairness Testing in Deep Neural Network. (98%) Tosin Ige; William Marfo; Justin Tonkinson; Sikiru Adewale; Bolanle Hafiz Matti http://arxiv.org/abs/2303.02725 Local Environment Poisoning Attacks on Federated Reinforcement Learning. (12%) Evelyn Ma; Rasoul Etesami http://arxiv.org/abs/2303.02781 Robustness, Evaluation and Adaptation of Machine Learning Models in the Wild. (10%) Vihari Piratla http://arxiv.org/abs/2303.02601 Knowledge-Based Counterfactual Queries for Visual Question Answering. (3%) Theodoti Stoikou; Maria Lymperaiou; Giorgos Stamou http://arxiv.org/abs/2303.02322 Improved Robustness Against Adaptive Attacks With Ensembles and Error-Correcting Output Codes. (68%) Thomas Philippon; Christian Gagné http://arxiv.org/abs/2303.01959 PointCert: Point Cloud Classification with Deterministic Certified Robustness Guarantees. (91%) Jinghuai Zhang; Jinyuan Jia; Hongbin Liu; Neil Zhenqiang Gong http://arxiv.org/abs/2303.02251 Certified Robust Neural Networks: Generalization and Corruption Resistance. (82%) Amine Bennouna; Ryan Lucas; Parys Bart Van http://arxiv.org/abs/2303.01734 AdvART: Adversarial Art for Camouflaged Object Detection Attacks. (75%) Amira Guesmi; Ioan Marius Bilasco; Muhammad Shafique; Ihsen Alouani http://arxiv.org/abs/2303.02213 Backdoor Attacks and Defenses in Federated Learning: Survey, Challenges and Future Research Directions. (47%) Thuy Dung Nguyen; Tuan Nguyen; Phi Le Nguyen; Hieu H. Pham; Khoa Doan; Kok-Seng Wong http://arxiv.org/abs/2303.02214 Adversarial Attacks on Machine Learning in Embedded and IoT Platforms. (38%) Christian Westbrook; Sudeep Pasricha http://arxiv.org/abs/2303.01870 Revisiting Adversarial Training for ImageNet: Architectures, Training and Generalization across Threat Models. (33%) Naman D Singh; Francesco Croce; Matthias Hein http://arxiv.org/abs/2303.02112 Stealthy Perception-based Attacks on Unmanned Aerial Vehicles. (16%) Amir Khazraei; Haocheng Meng; Miroslav Pajic http://arxiv.org/abs/2303.02242 TrojText: Test-time Invisible Textual Trojan Insertion. (2%) Qian Lou; Yepeng Liu; Bo Feng http://arxiv.org/abs/2303.01507 Defending against Adversarial Audio via Diffusion Model. (99%) Shutong Wu; Jiongxiao Wang; Wei Ping; Weili Nie; Chaowei Xiao http://arxiv.org/abs/2303.01052 Demystifying Causal Features on Adversarial Examples and Causal Inoculation for Robust Network by Adversarial Instrumental Variable Regression. (99%) Junho Kim. Byung-Kwan Lee; Yong Man Ro http://arxiv.org/abs/2303.01338 AdvRain: Adversarial Raindrops to Attack Camera-based Smart Vision Systems. (99%) Amira Guesmi; Muhammad Abdullah Hanif; Muhammad Shafique http://arxiv.org/abs/2303.01351 APARATE: Adaptive Adversarial Patch for CNN-based Monocular Depth Estimation for Autonomous Navigation. (99%) Amira Guesmi; Muhammad Abdullah Hanif; Ihsen Alouani; Muhammad Shafique http://arxiv.org/abs/2303.01068 Targeted Adversarial Attacks against Neural Machine Translation. (98%) Sahar Sadrizadeh; AmirHossein Dabiri Aghdam; Ljiljana Dolamic; Pascal Frossard http://arxiv.org/abs/2303.01456 The Double-Edged Sword of Implicit Bias: Generalization vs. Robustness in ReLU Networks. (93%) Spencer Frei; Gal Vardi; Peter L. Bartlett; Nathan Srebro http://arxiv.org/abs/2303.01538 Feature Perturbation Augmentation for Reliable Evaluation of Importance Estimators in Neural Networks. (10%) Lennart Brocki; Neo Christopher Chung http://arxiv.org/abs/2303.01041 D-Score: An Expert-Based Method for Assessing the Detectability of IoT-Related Cyber-Attacks. (3%) Yair Meidan; Daniel Benatar; Ron Bitton; Dan Avraham; Asaf Shabtai http://arxiv.org/abs/2303.01193 Interpretable System Identification and Long-term Prediction on Time-Series Data. (1%) Xiaoyi Liu; Duxin Chen; Wenjia Wei; Xia Zhu; Wenwu Yu http://arxiv.org/abs/2303.01469 Consistency Models. (1%) Yang Song; Prafulla Dhariwal; Mark Chen; Ilya Sutskever http://arxiv.org/abs/2303.01021 CADeSH: Collaborative Anomaly Detection for Smart Homes. (1%) Yair Meidan; Dan Avraham; Hanan Libhaber; Asaf Shabtai http://arxiv.org/abs/2303.01276 Conflict-Based Cross-View Consistency for Semi-Supervised Semantic Segmentation. (1%) Zicheng Wang; Zhen Zhao; Xiaoxia Xing; Dong Xu; Xiangyu Kong; Luping Zhou http://arxiv.org/abs/2303.00284 To Make Yourself Invisible with Adversarial Semantic Contours. (99%) Yichi Zhang; Zijian Zhu; Hang Su; Jun Zhu; Shibao Zheng; Yuan He; Hui Xue http://arxiv.org/abs/2303.00783 Adversarial Examples Exist in Two-Layer ReLU Networks for Low Dimensional Data Manifolds. (98%) Odelia Melamed; Gilad Yehudai; Gal Vardi http://arxiv.org/abs/2303.01234 Frauds Bargain Attack: Generating Adversarial Text Samples via Word Manipulation Process. (97%) Mingze Ni; Zhensu Sun; Wei Liu http://arxiv.org/abs/2303.00340 A Practical Upper Bound for the Worst-Case Attribution Deviations. (70%) Fan Wang; Adams Wai-Kin Kong http://arxiv.org/abs/2303.00250 Combating Exacerbated Heterogeneity for Robust Models in Federated Learning. (54%) Jianing Zhu; Jiangchao Yao; Tongliang Liu; Quanming Yao; Jianliang Xu; Bo Han http://arxiv.org/abs/2303.01243 Poster: Sponge ML Model Attacks of Mobile Apps. (8%) Souvik Paul; Nicolas Kourtellis http://arxiv.org/abs/2303.00387 DOLOS: A Novel Architecture for Moving Target Defense. (8%) Giulio Pagnotta; Gaspari Fabio De; Dorjan Hitaj; Mauro Andreolini; Michele Colajanni; Luigi V. Mancini http://arxiv.org/abs/2303.00302 Mitigating Backdoors in Federated Learning with FLD. (2%) Yihang Lin; Pengyuan Zhou; Zhiqian Wu; Yong Liao http://arxiv.org/abs/2303.00333 Competence-Based Analysis of Language Models. (1%) Adam Davies; Jize Jiang; ChengXiang Zhai http://arxiv.org/abs/2302.14353 A semantic backdoor attack against Graph Convolutional Networks. (98%) Jiazhu Dai; Zhipeng Xiong http://arxiv.org/abs/2303.00215 Single Image Backdoor Inversion via Robust Smoothed Classifiers. (88%) Mingjie Sun; J. Zico Kolter http://arxiv.org/abs/2303.00200 Feature Extraction Matters More: Universal Deepfake Disruption through Attacking Ensemble Feature Extractors. (67%) Long Tang; Dengpan Ye; Zhenhao Lu; Yunming Zhang; Shengshan Hu; Yue Xu; Chuanxi Chen http://arxiv.org/abs/2302.14677 Backdoor Attacks Against Deep Image Compression via Adaptive Frequency Trigger. (11%) Yi Yu; Yufei Wang; Wenhan Yang; Shijian Lu; Yap-peng Tan; Alex C. Kot http://arxiv.org/abs/2302.14500 FreeEagle: Detecting Complex Neural Trojans in Data-Free Cases. (1%) Chong Fu; Xuhong Zhang; Shouling Ji; Ting Wang; Peng Lin; Yanghe Feng; Jianwei Yin http://arxiv.org/abs/2302.14301 A Comprehensive Study on Robustness of Image Classification Models: Benchmarking and Rethinking. (99%) Chang Liu; Yinpeng Dong; Wenzhao Xiang; Xiao Yang; Hang Su; Jun Zhu; Yuefeng Chen; Yuan He; Hui Xue; Shibao Zheng http://arxiv.org/abs/2302.14267 Adversarial Attack with Raindrops. (99%) Jiyuan Liu; Bingyi Lu; Mingkang Xiong; Tao Zhang; Huilin Xiong http://arxiv.org/abs/2302.13570 Physical Adversarial Attacks on Deep Neural Networks for Traffic Sign Recognition: A Feasibility Study. (99%) Fabian Woitschek; Georg Schneider http://arxiv.org/abs/2302.13520 Aegis: Mitigating Targeted Bit-flip Attacks against Deep Neural Networks. (98%) Jialai Wang; Ziyuan Zhang; Meiqi Wang; Han Qiu; Tianwei Zhang; Qi Li; Zongpeng Li; Tao Wei; Chao Zhang http://arxiv.org/abs/2302.13519 CBA: Contextual Background Attack against Optical Aerial Detection in the Physical World. (98%) Jiawei Lian; Xiaofei Wang; Yuru Su; Mingyang Ma; Shaohui Mei http://arxiv.org/abs/2302.14302 Improving Model Generalization by On-manifold Adversarial Augmentation in the Frequency Domain. (96%) Chang Liu; Wenzhao Xiang; Yuan He; Hui Xue; Shibao Zheng; Hang Su http://arxiv.org/abs/2302.13763 Efficient and Low Overhead Website Fingerprinting Attacks and Defenses based on TCP/IP Traffic. (83%) Guodong Huang; Chuan Ma; Ming Ding; Yuwen Qian; Chunpeng Ge; Liming Fang; Zhe Liu http://arxiv.org/abs/2302.14166 GLOW: Global Layout Aware Attacks on Object Detection. (81%) Buyu Liu; BaoJun; Jianping Fan; Xi Peng; Kui Ren; Jun Yu http://arxiv.org/abs/2302.13578 Online Black-Box Confidence Estimation of Deep Neural Networks. (16%) Fabian Woitschek; Georg Schneider http://arxiv.org/abs/2302.13851 Implicit Poisoning Attacks in Two-Agent Reinforcement Learning: Adversarial Policies for Training-Time Attacks. (15%) Mohammad Mohammadi; Jonathan Nöther; Debmalya Mandal; Adish Singla; Goran Radanovic http://arxiv.org/abs/2302.13861 Differentially Private Diffusion Models Generate Useful Synthetic Images. (10%) Sahra Ghalebikesabi; Leonard Berrada; Sven Gowal; Ira Ktena; Robert Stanforth; Jamie Hayes; Soham De; Samuel L. Smith; Olivia Wiles; Borja Balle http://arxiv.org/abs/2302.14290 Learning to Retain while Acquiring: Combating Distribution-Shift in Adversarial Data-Free Knowledge Distillation. (5%) Gaurav Patel; Konda Reddy Mopuri; Qiang Qiu http://arxiv.org/abs/2302.13487 Contextual adversarial attack against aerial detection in the physical world. (99%) Jiawei Lian; Xiaofei Wang; Yuru Su; Mingyang Ma; Shaohui Mei http://arxiv.org/abs/2302.13464 Randomness in ML Defenses Helps Persistent Attackers and Hinders Evaluators. (96%) Keane Lucas; Matthew Jagielski; Florian Tramèr; Lujo Bauer; Nicholas Carlini http://arxiv.org/abs/2302.13172 Deep Learning-based Multi-Organ CT Segmentation with Adversarial Data Augmentation. (99%) Shaoyan Pan; Shao-Yuan Lo; Min Huang; Chaoqiong Ma; Jacob Wynne; Tonghe Wang; Tian Liu; Xiaofeng Yang http://arxiv.org/abs/2302.14059 Scalable Attribution of Adversarial Attacks via Multi-Task Learning. (99%) Zhongyi Guo; Keji Han; Yao Ge; Wei Ji; Yun Li http://arxiv.org/abs/2302.13056 SATBA: An Invisible Backdoor Attack Based On Spatial Attention. (74%) Huasong Zhou; Xiaowei Xu; Xiaodong Wang; Leon Bevan Bullock http://arxiv.org/abs/2302.13095 Bayesian Neural Networks Avoid Encoding Complex and Perturbation-Sensitive Concepts. (1%) Qihan Ren; Huiqi Deng; Yunuo Chen; Siyu Lou; Quanshi Zhang http://arxiv.org/abs/2302.12758 Defending Against Backdoor Attacks by Layer-wise Feature Analysis. (68%) Najeeb Moharram Jebreel; Josep Domingo-Ferrer; Yiming Li http://arxiv.org/abs/2302.12959 Chaotic Variational Auto encoder-based Adversarial Machine Learning. (54%) Pavan Venkata Sainadh Reddy; Yelleti Vivek; Gopi Pranay; Vadlamani Ravi http://arxiv.org/abs/2302.12480 Robust Weight Signatures: Gaining Robustness as Easy as Patching Weights? (12%) Ruisi Cai; Zhenyu Zhang; Zhangyang Wang http://arxiv.org/abs/2302.12366 Less is More: Data Pruning for Faster Adversarial Training. (99%) Yize Li; Pu Zhao; Xue Lin; Bhavya Kailkhura; Ryan Goldhahn http://arxiv.org/abs/2302.11982 A Plot is Worth a Thousand Words: Model Information Stealing Attacks via Scientific Plots. (99%) Boyang Zhang; Xinlei He; Yun Shen; Tianhao Wang; Yang Zhang http://arxiv.org/abs/2302.12252 Boosting Adversarial Transferability using Dynamic Cues. (99%) Muzammal Naseer; Ahmad Mahmood; Salman Khan; Fahad Khan http://arxiv.org/abs/2302.12407 HyperAttack: Multi-Gradient-Guided White-box Adversarial Structure Attack of Hypergraph Neural Networks. (98%) Chao Hu; Ruishi Yu; Binqi Zeng; Yu Zhan; Ying Fu; Quan Zhang; Rongkai Liu; Heyuan Shi http://arxiv.org/abs/2302.11963 Investigating Catastrophic Overfitting in Fast Adversarial Training: A Self-fitting Perspective. (84%) Zhengbao He; Tao Li; Sizhe Chen; Xiaolin Huang http://arxiv.org/abs/2302.12173 More than you've asked for: A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models. (70%) Kai Greshake; Sahar Abdelnabi; Shailesh Mishra; Christoph Endres; Thorsten Holz; Mario Fritz http://arxiv.org/abs/2302.12351 On the Hardness of Robustness Transfer: A Perspective from Rademacher Complexity over Symmetric Difference Hypothesis Space. (68%) Yuyang Deng; Nidham Gazagnadou; Junyuan Hong; Mehrdad Mahdavi; Lingjuan Lyu http://arxiv.org/abs/2302.12415 Harnessing the Speed and Accuracy of Machine Learning to Advance Cybersecurity. (2%) Khatoon Mohammed http://arxiv.org/abs/2302.11704 Mitigating Adversarial Attacks in Deepfake Detection: An Exploration of Perturbation and AI Techniques. (99%) Saminder Dhesi; Laura Fontes; Pedro Machado; Isibor Kennedy Ihianle; Farhad Fassihi Tash; David Ada Adama http://arxiv.org/abs/2302.11328 PAD: Towards Principled Adversarial Malware Detection Against Evasion Attacks. (98%) Deqiang Li; Shicheng Cui; Yun Li; Jia Xu; Fu Xiao; Shouhuai Xu http://arxiv.org/abs/2302.11628 Provable Robustness Against a Union of $\ell_0$ Adversarial Attacks. (97%) Zayd Hammoudeh; Daniel Lowd http://arxiv.org/abs/2302.11408 ASSET: Robust Backdoor Data Detection Across a Multiplicity of Deep Learning Paradigms. (33%) Minzhou Pan; Yi Zeng; Lingjuan Lyu; Xue Lin; Ruoxi Jia http://arxiv.org/abs/2302.12095 On the Robustness of ChatGPT: An Adversarial and Out-of-distribution Perspective. (12%) Jindong Wang; Xixu Hu; Wenxin Hou; Hao Chen; Runkai Zheng; Yidong Wang; Linyi Yang; Haojun Huang; Wei Ye; Xiubo Geng; Binxin Jiao; Yue Zhang; Xing Xie http://arxiv.org/abs/2302.10980 MultiRobustBench: Benchmarking Robustness Against Multiple Attacks. (99%) Sihui Dai; Saeed Mahloujifar; Chong Xiang; Vikash Sehwag; Pin-Yu Chen; Prateek Mittal http://arxiv.org/abs/2302.10739 MalProtect: Stateful Defense Against Adversarial Query Attacks in ML-based Malware Detection. (99%) Aqib Rashid; Jose Such http://arxiv.org/abs/2302.10686 Interpretable Spectrum Transformation Attacks to Speaker Recognition. (98%) Jiadi Yao; Hong Luo; Xiao-Lei Zhang http://arxiv.org/abs/2302.10722 Characterizing the Optimal 0-1 Loss for Multi-class Classification with a Test-time Attacker. (97%) Sihui Dai; Wenxin Ding; Arjun Nitin Bhagoji; Daniel Cullina; Ben Y. Zhao; Haitao Zheng; Prateek Mittal http://arxiv.org/abs/2302.10633 Generalization Bounds for Adversarial Contrastive Learning. (31%) Xin Zou; Weiwei Liu http://arxiv.org/abs/2303.01245 An Incremental Gray-box Physical Adversarial Attack on Neural Network Training. (98%) Rabiah Al-qudah; Moayad Aloqaily; Bassem Ouni; Mohsen Guizani; Thierry Lestable http://arxiv.org/abs/2302.09902 Variation Enhanced Attacks Against RRAM-based Neuromorphic Computing System. (97%) Hao Lv; Bing Li; Lei Zhang; Cheng Liu; Ying Wang http://arxiv.org/abs/2302.10164 Seasoning Model Soups for Robustness to Adversarial and Natural Distribution Shifts. (88%) Francesco Croce; Sylvestre-Alvise Rebuffi; Evan Shelhamer; Sven Gowal http://arxiv.org/abs/2302.10149 Poisoning Web-Scale Training Datasets is Practical. (83%) Nicholas Carlini; Matthew Jagielski; Christopher A. Choquette-Choo; Daniel Paleka; Will Pearce; Hyrum Anderson; Andreas Terzis; Kurt Thomas; Florian Tramèr http://arxiv.org/abs/2302.09814 Pseudo Label-Guided Model Inversion Attack via Conditional Generative Adversarial Network. (47%) Xiaojian Yuan; Kejiang Chen; Jie Zhang; Weiming Zhang; Nenghai Yu; Yang Zhang http://arxiv.org/abs/2302.10344 Model-based feature selection for neural networks: A mixed-integer programming approach. (22%) Shudian Zhao; Calvin Tsay; Jan Kronqvist http://arxiv.org/abs/2302.10341 Take Me Home: Reversing Distribution Shifts using Reinforcement Learning. (8%) Vivian Lin; Kuk Jin Jang; Souradeep Dutta; Michele Caprio; Oleg Sokolsky; Insup Lee http://arxiv.org/abs/2302.09923 Prompt Stealing Attacks Against Text-to-Image Generation Models. (1%) Xinyue Shen; Yiting Qu; Michael Backes; Yang Zhang http://arxiv.org/abs/2302.09491 X-Adv: Physical Adversarial Object Attacks against X-ray Prohibited Item Detection. (99%) Aishan Liu; Jun Guo; Jiakai Wang; Siyuan Liang; Renshuai Tao; Wenbo Zhou; Cong Liu; Xianglong Liu; Dacheng Tao http://arxiv.org/abs/2302.09575 Stationary Point Losses for Robust Model. (93%) Weiwei Gao; Dazhi Zhang; Yao Li; Zhichang Guo; Ovanes Petrosian http://arxiv.org/abs/2302.09578 On Feasibility of Server-side Backdoor Attacks on Split Learning. (76%) Behrad Tajalli; Oguzhan Ersoy; Stjepan Picek http://arxiv.org/abs/2302.09457 Adversarial Machine Learning: A Systematic Survey of Backdoor Attack, Weight Attack and Adversarial Example. (99%) Baoyuan Wu; Li Liu; Zihao Zhu; Qingshan Liu; Zhaofeng He; Siwei Lyu http://arxiv.org/abs/2302.09479 Delving into the Adversarial Robustness of Federated Learning. (98%) Jie Zhang; Bo Li; Chen Chen; Lingjuan Lyu; Shuang Wu; Shouhong Ding; Chao Wu http://arxiv.org/abs/2302.09309 Meta Style Adversarial Training for Cross-Domain Few-Shot Learning. (83%) Yuqian Fu; Yu Xie; Yanwei Fu; Yu-Gang Jiang http://arxiv.org/abs/2302.09270 Towards Safer Generative Language Models: A Survey on Safety Risks, Evaluations, and Improvements. (67%) Jiawen Deng; Jiale Cheng; Hao Sun; Zhexin Zhang; Minlie Huang http://arxiv.org/abs/2302.09462 MedViT: A Robust Vision Transformer for Generalized Medical Image Classification. (12%) Omid Nejati Manzari; Hamid Ahmadabadi; Hossein Kashiani; Shahriar B. Shokouhi; Ahmad Ayatollahi http://arxiv.org/abs/2302.09420 RobustNLP: A Technique to Defend NLP Models Against Backdoor Attacks. (11%) Marwan Omar http://arxiv.org/abs/2302.09344 Beyond Distribution Shift: Spurious Features Through the Lens of Training Dynamics. (2%) Nihal Murali; Aahlad Puli; Ke Yu; Rajesh Ranganath; Kayhan Batmanghelich http://arxiv.org/abs/2302.08973 Measuring Equality in Machine Learning Security Defenses. (96%) Luke E. Richards; Edward Raff; Cynthia Matuszek http://arxiv.org/abs/2302.09190 Function Composition in Trustworthy Machine Learning: Implementation Choices, Insights, and Questions. (5%) Manish Nagireddy; Moninder Singh; Samuel C. Hoffman; Evaline Ju; Karthikeyan Natesan Ramamurthy; Kush R. Varshney http://arxiv.org/abs/2302.09207 RetVec: Resilient and Efficient Text Vectorizer. (4%) Elie Bursztein; Marina Zhang; Owen Vallis; Xinyu Jia; Alexey Kurakin http://arxiv.org/abs/2302.08257 On the Effect of Adversarial Training Against Invariance-based Adversarial Examples. (99%) Roland Rauter; Martin Nocker; Florian Merkle; Pascal Schöttle http://arxiv.org/abs/2302.08637 High-frequency Matters: An Overwriting Attack and defense for Image-processing Neural Network Watermarking. (67%) Huajie Chen; Tianqing Zhu; Chi Liu; Shui Yu; Wanlei Zhou http://arxiv.org/abs/2302.08466 Marich: A Query-efficient Distributionally Equivalent Model Extraction Attack using Public Data. (3%) Pratik Karmakar; Debabrota Basu http://arxiv.org/abs/2302.10802 A Novel Noise Injection-based Training Scheme for Better Model Robustness. (2%) Zeliang Zhang; Jinyang Jiang; Minjie Chen; Zhiyuan Wang; Yijie Peng; Zhaofei Yu http://arxiv.org/abs/2302.08066 Masking and Mixing Adversarial Training. (99%) Hiroki Adachi; Tsubasa Hirakawa; Takayoshi Yamashita; Hironobu Fujiyoshi; Yasunori Ishii; Kazuki Kozuka http://arxiv.org/abs/2302.08048 Robust Mid-Pass Filtering Graph Convolutional Networks. (98%) Jincheng Huang; Lun Du; Xu Chen; Qiang Fu; Shi Han; Dongmei Zhang http://arxiv.org/abs/2302.08051 Graph Adversarial Immunization for Certifiable Robustness. (98%) Shuchang Tao; Huawei Shen; Qi Cao; Yunfan Wu; Liang Hou; Xueqi Cheng http://arxiv.org/abs/2302.07769 XploreNAS: Explore Adversarially Robust & Hardware-efficient Neural Architectures for Non-ideal Xbars. (87%) Abhiroop Bhattacharjee; Abhishek Moitra; Priyadarshini Panda http://arxiv.org/abs/2302.07956 Tight Auditing of Differentially Private Machine Learning. (41%) Milad Nasr; Jamie Hayes; Thomas Steinke; Borja Balle; Florian Tramèr; Matthew Jagielski; Nicholas Carlini; Andreas Terzis http://arxiv.org/abs/2302.07717 Field-sensitive Data Flow Integrity. (1%) So Shizukuishi; Yoshitaka Arahori; Katsuhiko Gondow http://arxiv.org/abs/2302.07608 Uncertainty-Estimation with Normalized Logits for Out-of-Distribution Detection. (1%) Mouxiao Huang; Yu Qiao http://arxiv.org/abs/2302.06912 Regret-Based Defense in Adversarial Reinforcement Learning. (99%) Roman Belaire; Pradeep Varakantham; Thanh Nguyen; David Lo http://arxiv.org/abs/2302.07221 On the Role of Randomization in Adversarially Robust Classification. (99%) Lucas Gnecco-Heredia; Yann Chevaleyre; Benjamin Negrevergne; Laurent Meunier; Muni Sreenivas Pydi http://arxiv.org/abs/2302.07363 Attacking Fake News Detectors via Manipulating News Social Engagement. (83%) Haoran Wang; Yingtong Dou; Canyu Chen; Lichao Sun; Philip S. Yu; Kai Shu http://arxiv.org/abs/2302.07173 An Experimental Study of Byzantine-Robust Aggregation Schemes in Federated Learning. (31%) Shenghui Li; Edith C. -H. Ngai; Thiemo Voigt http://arxiv.org/abs/2302.07011 A Modern Look at the Relationship between Sharpness and Generalization. (10%) Maksym Andriushchenko; Francesco Croce; Maximilian Müller; Matthias Hein; Nicolas Flammarion http://arxiv.org/abs/2302.07225 Bounding Training Data Reconstruction in DP-SGD. (8%) Jamie Hayes; Saeed Mahloujifar; Borja Balle http://arxiv.org/abs/2302.07347 Security Defense For Smart Contracts: A Comprehensive Survey. (1%) Nikolay Ivanov; Chenning Li; Qiben Yan; Zhiyuan Sun; Zhichao Cao; Xiapu Luo http://arxiv.org/abs/2302.07324 READIN: A Chinese Multi-Task Benchmark with Realistic and Diverse Input Noises. (1%) Chenglei Si; Zhengyan Zhang; Yingfa Chen; Xiaozhi Wang; Zhiyuan Liu; Maosong Sun http://arxiv.org/abs/2302.06279 Sneaky Spikes: Uncovering Stealthy Backdoor Attacks in Spiking Neural Networks with Neuromorphic Data. (98%) Gorka Abad; Oguzhan Ersoy; Stjepan Picek; Aitor Urbieta http://arxiv.org/abs/2302.06588 Raising the Cost of Malicious AI-Powered Image Editing. (82%) Hadi Salman; Alaa Khaddaj; Guillaume Leclerc; Andrew Ilyas; Aleksander Madry http://arxiv.org/abs/2302.07735 Targeted Attack on GPT-Neo for the SATML Language Model Data Extraction Challenge. (8%) Ali Al-Kaswan; Maliheh Izadi; Deursen Arie van http://arxiv.org/abs/2302.06801 Backdoor Learning for NLP: Recent Advances, Challenges, and Future Research Directions. (1%) Marwan Omar http://arxiv.org/abs/2302.05892 TextDefense: Adversarial Text Detection based on Word Importance Entropy. (99%) Lujia Shen; Xuhong Zhang; Shouling Ji; Yuwen Pu; Chunpeng Ge; Xing Yang; Yanghe Feng http://arxiv.org/abs/2302.05794 Mutation-Based Adversarial Attacks on Neural Text Detectors. (69%) Gongbo Liang; Jesus Guerrero; Izzat Alsmadi http://arxiv.org/abs/2302.05703 HateProof: Are Hateful Meme Detection Systems really Robust? (13%) Piush Aggarwal; Pranit Chawla; Mithun Das; Punyajoy Saha; Binny Mathew; Torsten Zesch; Animesh Mukherjee http://arxiv.org/abs/2302.05706 MTTM: Metamorphic Testing for Textual Content Moderation Software. (2%) Wenxuan Wang; Jen-tse Huang; Weibin Wu; Jianping Zhang; Yizhan Huang; Shuqing Li; Pinjia He; Michael Lyu http://arxiv.org/abs/2302.05807 Pushing the Accuracy-Group Robustness Frontier with Introspective Self-play. (1%) Jeremiah Zhe Liu; Krishnamurthy Dj Dvijotham; Jihyeon Lee; Quan Yuan; Martin Strobel; Balaji Lakshminarayanan; Deepak Ramachandran http://arxiv.org/abs/2302.05628 High Recovery with Fewer Injections: Practical Binary Volumetric Injection Attacks against Dynamic Searchable Encryption. (1%) Xianglong Zhang; Wei Wang; Peng Xu; Laurence T. Yang; Kaitai Liang http://arxiv.org/abs/2302.05086 Making Substitute Models More Bayesian Can Enhance Transferability of Adversarial Examples. (98%) Qizhang Li; Yiwen Guo; Wangmeng Zuo; Hao Chen http://arxiv.org/abs/2303.01263 Unnoticeable Backdoor Attacks on Graph Neural Networks. (80%) Enyan Dai; Minhua Lin; Xiang Zhang; Suhang Wang http://arxiv.org/abs/2302.05120 Step by Step Loss Goes Very Far: Multi-Step Quantization for Adversarial Text Attacks. (73%) Piotr Gaiński; Klaudia Bałazy http://arxiv.org/abs/2302.10896 IB-RAR: Information Bottleneck as Regularizer for Adversarial Robustness. (98%) Xiaoyun Xu; Guilherme Perin; Stjepan Picek http://arxiv.org/abs/2302.04578 Adversarial Example Does Good: Preventing Painting Imitation from Diffusion Models via Adversarial Examples. (98%) Chumeng Liang; Xiaoyu Wu; Yang Hua; Jiaru Zhang; Yiming Xue; Tao Song; Zhengui Xue; Ruhui Ma; Haibing Guan http://arxiv.org/abs/2302.04977 Mithridates: Auditing and Boosting Backdoor Resistance of Machine Learning Pipelines. (81%) Eugene Bagdasaryan; Vitaly Shmatikov http://arxiv.org/abs/2302.04457 Imperceptible Sample-Specific Backdoor to DNN with Denoising Autoencoder. (62%) Jiliang Zhang; Jing Xu; Zhi Zhang; Yansong Gao http://arxiv.org/abs/2302.04638 Better Diffusion Models Further Improve Adversarial Training. (22%) Zekai Wang; Tianyu Pang; Chao Du; Min Lin; Weiwei Liu; Shuicheng Yan http://arxiv.org/abs/2302.04700 Augmenting NLP data to counter Annotation Artifacts for NLI Tasks. (16%) Armaan Singh Bhullar http://arxiv.org/abs/2302.06455 Incremental Satisfiability Modulo Theory for Verification of Deep Neural Networks. (1%) Pengfei Yang; Zhiming Chi; Zongxin Liu; Mengyu Zhao; Cheng-Chao Huang; Shaowei Cai; Lijun Zhang http://arxiv.org/abs/2302.04025 WAT: Improve the Worst-class Robustness in Adversarial Training. (99%) Boqi Li; Weiwei Liu http://arxiv.org/abs/2302.04379 Exploiting Certified Defences to Attack Randomised Smoothing. (99%) Andrew C. Cullen; Paul Montague; Shijie Liu; Sarah M. Erfani; Benjamin I. P. Rubinstein http://arxiv.org/abs/2302.04246 Shortcut Detection with Variational Autoencoders. (13%) Nicolas M. Müller; Simon Roschmann; Shahbaz Khan; Philip Sperl; Konstantin Böttinger http://arxiv.org/abs/2302.04332 Continuous Learning for Android Malware Detection. (13%) Yizheng Chen; Zhoujie Ding; David Wagner http://arxiv.org/abs/2302.04116 Training-free Lexical Backdoor Attacks on Language Models. (8%) Yujin Huang; Terry Yue Zhuo; Qiongkai Xu; Han Hu; Xingliang Yuan; Chunyang Chen http://arxiv.org/abs/2302.10296 On Function-Coupled Watermarks for Deep Neural Networks. (2%) Xiangyu Wen; Yu Li; Wei Jiang; Qiang Xu http://arxiv.org/abs/2302.04369 Unsupervised Learning of Initialization in Deep Neural Networks via Maximum Mean Discrepancy. (1%) Cheolhyoung Lee; Kyunghyun Cho http://arxiv.org/abs/2302.03657 Toward Face Biometric De-identification using Adversarial Examples. (98%) Mahdi Ghafourian; Julian Fierrez; Luis Felipe Gomez; Ruben Vera-Rodriguez; Aythami Morales; Zohra Rezgui; Raymond Veldhuis http://arxiv.org/abs/2302.03322 Attacking Cooperative Multi-Agent Reinforcement Learning by Adversarial Minority Influence. (83%) Simin Li; Jun Guo; Jingqiao Xiu; Pu Feng; Xin Yu; Jiakai Wang; Aishan Liu; Wenjun Wu; Xianglong Liu http://arxiv.org/abs/2302.03262 Membership Inference Attacks against Diffusion Models. (64%) Tomoya Matsumoto; Takayuki Miura; Naoto Yanai http://arxiv.org/abs/2302.03684 Temporal Robustness against Data Poisoning. (12%) Wenxiao Wang; Soheil Feizi http://arxiv.org/abs/2302.03465 Robustness Implies Fairness in Casual Algorithmic Recourse. (2%) Ahmad-Reza Ehyaei; Amir-Hossein Karimi; Bernhard Schölkopf; Setareh Maghsudi http://arxiv.org/abs/2302.03335 Low-Latency Communication using Delay-Aware Relays Against Reactive Adversaries. (1%) Vivek Chaudhary; J. Harshan http://arxiv.org/abs/2302.02568 Less is More: Understanding Word-level Textual Adversarial Attack via n-gram Frequency Descend. (99%) Ning Lu; Shengcai Liu; Zhirui Zhang; Qi Wang; Haifeng Liu; Ke Tang http://arxiv.org/abs/2302.03251 SCALE-UP: An Efficient Black-box Input-level Backdoor Detection via Analyzing Scaled Prediction Consistency. (92%) Junfeng Guo; Yiming Li; Xun Chen; Hanqing Guo; Lichao Sun; Cong Liu http://arxiv.org/abs/2302.03015 Exploring and Exploiting Decision Boundary Dynamics for Adversarial Robustness. (87%) Yuancheng Xu; Yanchao Sun; Micah Goldblum; Tom Goldstein; Furong Huang http://arxiv.org/abs/2302.02829 Collective Robustness Certificates: Exploiting Interdependence in Graph Neural Networks. (75%) Jan Schuchardt; Aleksandar Bojchevski; Johannes Gasteiger; Stephan Günnemann http://arxiv.org/abs/2302.02907 GAT: Guided Adversarial Training with Pareto-optimal Auxiliary Tasks. (67%) Salah Ghamizi; Jingfeng Zhang; Maxime Cordy; Mike Papadakis; Masashi Sugiyama; Yves Le Traon http://arxiv.org/abs/2302.02607 Target-based Surrogates for Stochastic Optimization. (1%) Jonathan Wilder Lavington; Sharan Vaswani; Reza Babanezhad; Mark Schmidt; Nicolas Le Roux http://arxiv.org/abs/2302.02924 Dropout Injection at Test Time for Post Hoc Uncertainty Quantification in Neural Networks. (1%) Emanuele Ledda; Giorgio Fumera; Fabio Roli http://arxiv.org/abs/2302.03098 One-shot Empirical Privacy Estimation for Federated Learning. (1%) Galen Andrew; Peter Kairouz; Sewoong Oh; Alina Oprea; H. Brendan McMahan; Vinith Suriyakumar http://arxiv.org/abs/2302.02502 On the Role of Contrastive Representation Learning in Adversarial Robustness: An Empirical Study. (54%) Fatemeh Ghofrani; Mehdi Yaghouti; Pooyan Jamshidi http://arxiv.org/abs/2302.02503 Leaving Reality to Imagination: Robust Classification via Generated Datasets. (2%) Hritik Bansal; Aditya Grover http://arxiv.org/abs/2302.02213 CosPGD: a unified white-box adversarial attack for pixel-wise prediction tasks. (99%) Shashank Agnihotri; Steffen Jung; Margret Keuper http://arxiv.org/abs/2302.02216 A Minimax Approach Against Multi-Armed Adversarial Attacks Detection. (86%) Federica Granese; Marco Romanelli; Siddharth Garg; Pablo Piantanida http://arxiv.org/abs/2302.02300 Run-Off Election: Improved Provable Defense against Data Poisoning Attacks. (83%) Keivan Rezaei; Kiarash Banihashem; Atoosa Chegini; Soheil Feizi http://arxiv.org/abs/2302.02162 AUTOLYCUS: Exploiting Explainable AI (XAI) for Model Extraction Attacks against Decision Tree Models. (80%) Abdullah Caglar Oksuz; Anisa Halimi; Erman Ayday http://arxiv.org/abs/2302.02208 Certified Robust Control under Adversarial Perturbations. (78%) Jinghan Yang; Hunmin Kim; Wenbin Wan; Naira Hovakimyan; Yevgeniy Vorobeychik http://arxiv.org/abs/2302.02023 TextShield: Beyond Successfully Detecting Adversarial Sentences in Text Classification. (96%) Lingfeng Shen; Ze Zhang; Haiyun Jiang; Ying Chen http://arxiv.org/abs/2302.02012 DeTorrent: An Adversarial Padding-only Traffic Analysis Defense. (73%) James K Holland; Jason Carpenter; Se Eun Oh; Nicholas Hopper http://arxiv.org/abs/2302.01740 SoK: A Systematic Evaluation of Backdoor Trigger Characteristics in Image Classification. (61%) Gorka Abad; Jing Xu; Stefanos Koffas; Behrad Tajalli; Stjepan Picek; Mauro Conti http://arxiv.org/abs/2302.01629 Beyond the Universal Law of Robustness: Sharper Laws for Random Features and Neural Tangent Kernels. (15%) Simone Bombari; Shayan Kiyani; Marco Mondelli http://arxiv.org/abs/2302.01961 Asymmetric Certified Robustness via Feature-Convex Neural Networks. (8%) Samuel Pfrommer; Brendon G. Anderson; Julien Piet; Somayeh Sojoudi http://arxiv.org/abs/2302.01677 Revisiting Personalized Federated Learning: Robustness Against Backdoor Attacks. (2%) Zeyu Qin; Liuyi Yao; Daoyuan Chen; Yaliang Li; Bolin Ding; Minhao Cheng http://arxiv.org/abs/2302.02042 BarrierBypass: Out-of-Sight Clean Voice Command Injection Attacks through Physical Barriers. (2%) Payton Walker; Tianfang Zhang; Cong Shi; Nitesh Saxena; Yingying Chen http://arxiv.org/abs/2302.01855 From Robustness to Privacy and Back. (2%) Hilal Asi; Jonathan Ullman; Lydia Zakynthinou http://arxiv.org/abs/2302.01972 DCA: Delayed Charging Attack on the Electric Shared Mobility System. (1%) Shuocheng Guo; Hanlin Chen; Mizanur Rahman; Xinwu Qian http://arxiv.org/abs/2302.02031 Augmenting Rule-based DNS Censorship Detection at Scale with Machine Learning. (1%) Jacob Alexander Markson Brown; Xi Jiang; Van Tran; Arjun Nitin Bhagoji; Nguyen Phong Hoang; Nick Feamster; Prateek Mittal; Vinod Yegneswaran http://arxiv.org/abs/2302.00944 TransFool: An Adversarial Attack against Neural Machine Translation Models. (99%) Sahar Sadrizadeh; Ljiljana Dolamic; Pascal Frossard http://arxiv.org/abs/2302.01056 Beyond Pretrained Features: Noisy Image Modeling Provides Adversarial Defense. (99%) Zunzhi You; Daochang Liu; Bohyung Han; Chang Xu http://arxiv.org/abs/2302.01375 On the Robustness of Randomized Ensembles to Adversarial Perturbations. (75%) Hassan Dbouk; Naresh R. Shanbhag http://arxiv.org/abs/2302.01404 Provably Bounding Neural Network Preimages. (64%) Suhas Kotha; Christopher Brix; Zico Kolter; Krishnamurthy Dvijotham; Huan Zhang http://arxiv.org/abs/2302.01459 A sliced-Wasserstein distance-based approach for out-of-class-distribution detection. (62%) Mohammad Shifat E Rabbi; Abu Hasnat Mohammad Rubaiyat; Yan Zhuang; Gustavo K Rohde http://arxiv.org/abs/2302.01381 Effective Robustness against Natural Distribution Shifts for Models with Different Training Data. (13%) Zhouxing Shi; Nicholas Carlini; Ananth Balashankar; Ludwig Schmidt; Cho-Jui Hsieh; Alex Beutel; Yao Qin http://arxiv.org/abs/2302.00947 SPECWANDS: An Efficient Priority-based Scheduler Against Speculation Contention Attacks. (10%) Bowen Tang; Chenggang Wu; Pen-Chung Yew; Yinqian Zhang; Mengyao Xie; Yuanming Lai; Yan Kang; Wei Wang; Qiang Wei; Zhe Wang http://arxiv.org/abs/2302.01474 Defensive ML: Defending Architectural Side-channels with Adversarial Obfuscation. (2%) Hyoungwook Nam; Raghavendra Pradyumna Pothukuchi; Bo Li; Nam Sung Kim; Josep Torrellas http://arxiv.org/abs/2302.01440 Generalized Uncertainty of Deep Neural Networks: Taxonomy and Applications. (1%) Chengyu Dong http://arxiv.org/abs/2302.01428 Dataset Distillation Fixes Dataset Reconstruction Attacks. (1%) Noel Loo; Ramin Hasani; Mathias Lechner; Daniela Rus http://arxiv.org/abs/2302.00747 Universal Soldier: Using Universal Adversarial Perturbations for Detecting Backdoor Attacks. (99%) Xiaoyun Xu; Oguzhan Ersoy; Stjepan Picek http://arxiv.org/abs/2302.00537 Effectiveness of Moving Target Defenses for Adversarial Attacks in ML-based Malware Detection. (92%) Aqib Rashid; Jose Such http://arxiv.org/abs/2302.00509 Exploring Semantic Perturbations on Grover. (56%) Pranav Kulkarni; Ziqing Ji; Yan Xu; Marko Neskovic; Kevin Nolan http://arxiv.org/abs/2302.01762 BackdoorBox: A Python Toolbox for Backdoor Learning. (10%) Yiming Li; Mengxi Ya; Yang Bai; Yong Jiang; Shu-Tao Xia http://arxiv.org/abs/2301.13869 Reverse engineering adversarial attacks with fingerprints from adversarial examples. (99%) David Aaron Embedded Intelligence Nicholson; Vincent Embedded Intelligence Emanuele http://arxiv.org/abs/2302.00094 The Impacts of Unanswerable Questions on the Robustness of Machine Reading Comprehension Models. (97%) Son Quoc Tran; Phong Nguyen-Thuan Do; Uyen Le; Matt Kretchmar http://arxiv.org/abs/2301.13694 Are Defenses for Graph Neural Networks Robust? (80%) Felix Mujkanovic; Simon Geisler; Stephan Günnemann; Aleksandar Bojchevski http://arxiv.org/abs/2301.13487 Adversarial Training of Self-supervised Monocular Depth Estimation against Physical-World Attacks. (75%) Zhiyuan Cheng; James Liang; Guanhong Tao; Dongfang Liu; Xiangyu Zhang http://arxiv.org/abs/2301.13486 Robust Linear Regression: Gradient-descent, Early-stopping, and Beyond. (47%) Meyer Scetbon; Elvis Dohmatob http://arxiv.org/abs/2301.13803 Fairness-aware Vision Transformer via Debiased Self-Attention. (47%) Yao Qiang; Chengyin Li; Prashant Khanduri; Dongxiao Zhu http://arxiv.org/abs/2301.13838 Image Shortcut Squeezing: Countering Perturbative Availability Poisons with Compression. (12%) Zhuoran Liu; Zhengyu Zhao; Martha Larson http://arxiv.org/abs/2301.13577 DRAINCLoG: Detecting Rogue Accounts with Illegally-obtained NFTs using Classifiers Learned on Graphs. (1%) Hanna Kim; Jian Cui; Eugene Jang; Chanhee Lee; Yongjae Lee; Jin-Woo Chung; Seungwon Shin http://arxiv.org/abs/2301.13807 Identifying the Hazard Boundary of ML-enabled Autonomous Systems Using Cooperative Co-Evolutionary Search. (1%) Sepehr Sharifi; Donghwan Shin; Lionel C. Briand; Nathan Aschbacher http://arxiv.org/abs/2301.12680 Feature-Space Bayesian Adversarial Learning Improved Malware Detector Robustness. (99%) Bao Gia Doan; Shuiqiao Yang; Paul Montague; Vel Olivier De; Tamas Abraham; Seyit Camtepe; Salil S. Kanhere; Ehsan Abbasnejad; Damith C. Ranasinghe http://arxiv.org/abs/2301.12968 Improving Adversarial Transferability with Scheduled Step Size and Dual Example. (99%) Zeliang Zhang; Peihan Liu; Xiaosen Wang; Chenliang Xu http://arxiv.org/abs/2301.13122 Towards Adversarial Realism and Robust Learning for IoT Intrusion Detection and Classification. (99%) João Vitorino; Isabel Praça; Eva Maia http://arxiv.org/abs/2302.01757 RS-Del: Edit Distance Robustness Certificates for Sequence Classifiers via Randomized Deletion. (99%) Zhuoqun Huang; Neil G. Marchant; Keane Lucas; Lujo Bauer; Olga Ohrimenko; Benjamin I. P. Rubinstein http://arxiv.org/abs/2301.12896 Identifying Adversarially Attackable and Robust Samples. (99%) Vyas Raina; Mark Gales http://arxiv.org/abs/2301.12868 On Robustness of Prompt-based Semantic Parsing with Large Pre-trained Language Model: An Empirical Study on Codex. (98%) Terry Yue Zhuo; Zhuang Li; Yujin Huang; Fatemeh Shiri; Weiqing Wang; Gholamreza Haffari; Yuan-Fang Li http://arxiv.org/abs/2301.13096 Anchor-Based Adversarially Robust Zero-Shot Learning Driven by Language. (96%) Xiao Li; Wei Zhang; Yining Liu; Zhanhao Hu; Bo Zhang; Xiaolin Hu http://arxiv.org/abs/2301.13356 Inference Time Evidences of Adversarial Attacks for Forensic on Transformers. (87%) Hugo Lemarchant; Liangzi Li; Yiming Qian; Yuta Nakashima; Hajime Nagahara http://arxiv.org/abs/2301.13028 On the Efficacy of Metrics to Describe Adversarial Attacks. (82%) Tommaso Puccetti; Tommaso Zoppi; Andrea Ceccarelli http://arxiv.org/abs/2301.12993 Benchmarking Robustness to Adversarial Image Obfuscations. (74%) Florian Stimberg; Ayan Chakrabarti; Chun-Ta Lu; Hussein Hazimeh; Otilia Stretcu; Wei Qiao; Yintao Liu; Merve Kaya; Cyrus Rashtchian; Ariel Fuxman; Mehmet Tek; Sven Gowal http://arxiv.org/abs/2301.13188 Extracting Training Data from Diffusion Models. (5%) Nicholas Carlini; Jamie Hayes; Milad Nasr; Matthew Jagielski; Vikash Sehwag; Florian Tramèr; Borja Balle; Daphne Ippolito; Eric Wallace http://arxiv.org/abs/2301.13340 Affinity Uncertainty-based Hard Negative Mining in Graph Contrastive Learning. (2%) Chaoxi Niu; Guansong Pang; Ling Chen http://arxiv.org/abs/2301.12831 M3FAS: An Accurate and Robust MultiModal Mobile Face Anti-Spoofing System. (1%) Chenqi Kong; Kexin Zheng; Yibing Liu; Shiqi Wang; Anderson Rocha; Haoliang Li http://arxiv.org/abs/2301.12549 Unlocking Deterministic Robustness Certification on ImageNet. (98%) Kai Hu; Andy Zou; Zifan Wang; Klas Leino; Matt Fredrikson http://arxiv.org/abs/2301.12487 Mitigating Adversarial Effects of False Data Injection Attacks in Power Grid. (93%) Farhin Farhad Riya; Shahinul Hoque; Jinyuan Stella Sun; Jiangnan Li; Hairong Qi http://arxiv.org/abs/2301.12554 Improving the Accuracy-Robustness Trade-Off of Classifiers via Adaptive Smoothing. (83%) Yatong Bai; Brendon G. Anderson; Aerin Kim; Somayeh Sojoudi http://arxiv.org/abs/2301.12576 Uncovering Adversarial Risks of Test-Time Adaptation. (82%) Tong Wu; Feiran Jia; Xiangyu Qi; Jiachen T. Wang; Vikash Sehwag; Saeed Mahloujifar; Prateek Mittal http://arxiv.org/abs/2301.12595 Adversarial Attacks on Adversarial Bandits. (69%) Yuzhe Ma; Zhijin Zhou http://arxiv.org/abs/2301.12456 Towards Verifying the Geometric Robustness of Large-scale Neural Networks. (54%) Fu Wang; Peipei Xu; Wenjie Ruan; Xiaowei Huang http://arxiv.org/abs/2301.12637 Lateralized Learning for Multi-Class Visual Classification Tasks. (13%) Abubakar Siddique; Will N. Browne; Gina M. Grimshaw http://arxiv.org/abs/2301.12527 Diverse, Difficult, and Odd Instances (D2O): A New Test Set for Object Classification. (3%) Ali Borji http://arxiv.org/abs/2301.12643 Adversarial Style Augmentation for Domain Generalization. (2%) Yabin Zhang; Bin Deng; Ruihuang Li; Kui Jia; Lei Zhang http://arxiv.org/abs/2301.12589 Confidence-Aware Calibration and Scoring Functions for Curriculum Learning. (1%) Shuang Ao; Stefan Rueger; Advaith Siddharthan http://arxiv.org/abs/2301.12277 Node Injection for Class-specific Network Poisoning. (82%) Ansh Kumar Sharma; Rahul Kukreja; Mayank Kharbanda; Tanmoy Chakraborty http://arxiv.org/abs/2302.12002 Out-of-distribution Detection with Energy-based Models. (82%) Sven Elflein http://arxiv.org/abs/2301.12318 Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering. (13%) Rui Zhu; Di Tang; Siyuan Tang; Guanhong Tao; Shiqing Ma; Xiaofeng Wang; Haixu Tang http://arxiv.org/abs/2301.12151 Selecting Models based on the Risk of Damage Caused by Adversarial Attacks. (1%) Jona Klemenc; Holger Trittenbach http://arxiv.org/abs/2301.12046 Semantic Adversarial Attacks on Face Recognition through Significant Attributes. (99%) Yasmeen M. Khedr; Yifeng Xiong; Kun He http://arxiv.org/abs/2301.11544 Targeted Attacks on Timeseries Forecasting. (99%) Yuvaraj Govindarajulu; Avinash Amballa; Pavan Kulkarni; Manojkumar Parmar http://arxiv.org/abs/2301.11546 Adapting Step-size: A Unified Perspective to Analyze and Improve Gradient-based Methods for Adversarial Attacks. (98%) Wei Tao; Lei Bao; Long Sheng; Gaowei Wu; Qing Tao http://arxiv.org/abs/2301.11824 PECAN: A Deterministic Certified Defense Against Backdoor Attacks. (97%) Yuhao Zhang; Aws Albarghouthi; Loris D'Antoni http://arxiv.org/abs/2301.12001 Vertex-based reachability analysis for verifying ReLU deep neural networks. (93%) João Zago; Eduardo Camponogara; Eric Antonelo http://arxiv.org/abs/2301.11912 OccRob: Efficient SMT-Based Occlusion Robustness Verification of Deep Neural Networks. (92%) Xingwu Guo; Ziwei Zhou; Yueling Zhang; Guy Katz; Min Zhang http://arxiv.org/abs/2301.11806 PCV: A Point Cloud-Based Network Verifier. (88%) Arup Kumar Sarker; Farzana Yasmin Ahmad; Matthew B. Dwyer http://arxiv.org/abs/2301.11553 Robust Transformer with Locality Inductive Bias and Feature Normalization. (88%) Omid Nejati Manzari; Hossein Kashiani; Hojat Asgarian Dehkordi; Shahriar Baradaran Shokouhi http://arxiv.org/abs/2301.12036 Analyzing Robustness of the Deep Reinforcement Learning Algorithm in Ramp Metering Applications Considering False Data Injection Attack and Defense. (87%) Diyi Liu; Lanmin Liu; Lee D Han http://arxiv.org/abs/2301.11578 Learning to Unlearn: Instance-wise Unlearning for Pre-trained Classifiers. (80%) Sungmin Cha; Sungjun Cho; Dasol Hwang; Honglak Lee; Taesup Moon; Moontae Lee http://arxiv.org/abs/2301.11783 Certified Invertibility in Neural Networks via Mixed-Integer Programming. (76%) Tianqi Cui; Thomas Bertalan; George J. Pappas; Manfred Morari; Ioannis G. Kevrekidis; Mahyar Fazlyab http://arxiv.org/abs/2301.11457 Attacking Important Pixels for Anchor-free Detectors. (99%) Yunxu Xie; Shu Hu; Xin Wang; Quanyu Liao; Bin Zhu; Xi Wu; Siwei Lyu http://arxiv.org/abs/2301.11324 Certified Interpretability Robustness for Class Activation Mapping. (92%) Alex Gu; Tsui-Wei Weng; Pin-Yu Chen; Sijia Liu; Luca Daniel http://arxiv.org/abs/2301.11050 Minerva: A File-Based Ransomware Detector. (68%) Dorjan Hitaj; Giulio Pagnotta; Gaspari Fabio De; Carli Lorenzo De; Luigi V. Mancini http://arxiv.org/abs/2301.10964 Interaction-level Membership Inference Attack Against Federated Recommender Systems. (31%) Wei Yuan; Chaoqun Yang; Quoc Viet Hung Nguyen; Lizhen Cui; Tieke He; Hongzhi Yin http://arxiv.org/abs/2301.10766 On the Adversarial Robustness of Camera-based 3D Object Detection. (99%) Shaoyuan Xie; Zichao Li; Zeyu Wang; Cihang Xie http://arxiv.org/abs/2301.10822 RobustPdM: Designing Robust Predictive Maintenance against Adversarial Attacks. (99%) Ayesha Siddique; Ripan Kumar Kundu; Gautam Raj Mode; Khaza Anuarul Hoque http://arxiv.org/abs/2301.10412 BDMMT: Backdoor Sample Detection for Language Models through Model Mutation Testing. (98%) Jiali Wei; Ming Fan; Wenjing Jiao; Wuxia Jin; Ting Liu http://arxiv.org/abs/2301.10454 A Data-Centric Approach for Improving Adversarial Training Through the Lens of Out-of-Distribution Detection. (96%) Mohammad Azizmalayeri; Arman Zarei; Alireza Isavand; Mohammad Taghi Manzuri; Mohammad Hossein Rohban http://arxiv.org/abs/2301.10576 A Study on FGSM Adversarial Training for Neural Retrieval. (75%) Simon Lupart; Stéphane Clinchant http://arxiv.org/abs/2301.10908 Distilling Cognitive Backdoor Patterns within an Image. (5%) Hanxun Huang; Xingjun Ma; Sarah Erfani; James Bailey http://arxiv.org/abs/2301.10608 Connecting metrics for shape-texture knowledge in computer vision. (1%) Tiago Oliveira; Tiago Marques; Arlindo L. Oliveira http://arxiv.org/abs/2301.11289 Blockchain-aided Secure Semantic Communication for AI-Generated Content in Metaverse. (13%) Yijing Lin; Hongyang Du; Dusit Niyato; Jiangtian Nie; Jiayi Zhang; Yanyu Cheng; Zhaohui Yang http://arxiv.org/abs/2301.09892 Learning Effective Strategies for Moving Target Defense with Switching Costs. (1%) Vignesh Viswanathan; Megha Bose; Praveen Paruchuri http://arxiv.org/abs/2301.09879 Data Augmentation Alone Can Improve Adversarial Training. (1%) Lin Li; Michael Spratling http://arxiv.org/abs/2301.09740 DODEM: DOuble DEfense Mechanism Against Adversarial Attacks Towards Secure Industrial Internet of Things Analytics. (99%) Onat Gungor; Tajana Rosing; Baris Aksanli http://arxiv.org/abs/2301.09305 Practical Adversarial Attacks Against AI-Driven Power Allocation in a Distributed MIMO Network. (92%) Ömer Faruk Tuna; Fehmi Emre Kadan; Leyli Karaçay http://arxiv.org/abs/2301.09508 BayBFed: Bayesian Backdoor Defense for Federated Learning. (78%) Kavita Kumari; Phillip Rieger; Hossein Fereidooni; Murtuza Jadliwala; Ahmad-Reza Sadeghi http://arxiv.org/abs/2301.09732 Backdoor Attacks in Peer-to-Peer Federated Learning. (68%) Gokberk Yar; Cristina Nita-Rotaru; Alina Oprea http://arxiv.org/abs/2301.09069 Provable Unrestricted Adversarial Training without Compromise with Generalizability. (99%) Lilin Zhang; Ning Yang; Yanchao Sun; Philip S. Yu http://arxiv.org/abs/2301.09072 ContraBERT: Enhancing Code Pre-trained Models via Contrastive Learning. (8%) Shangqing Liu; Bozhi Wu; Xiaofei Xie; Guozhu Meng; Yang Liu http://arxiv.org/abs/2301.08842 Limitations of Piecewise Linearity for Efficient Robustness Certification. (95%) Klas Leino http://arxiv.org/abs/2301.08751 Towards Understanding How Self-training Tolerates Data Backdoor Poisoning. (16%) Soumyadeep Pal; Ren Wang; Yuguang Yao; Sijia Liu http://arxiv.org/abs/2301.08881 Dr.Spider: A Diagnostic Evaluation Benchmark towards Text-to-SQL Robustness. (8%) Shuaichen Chang; Jun Wang; Mingwen Dong; Lin Pan; Henghui Zhu; Alexander Hanbo Li; Wuwei Lan; Sheng Zhang; Jiarong Jiang; Joseph Lilien; Steve Ash; William Yang Wang; Zhiguo Wang; Vittorio Castelli; Patrick Ng; Bing Xiang http://arxiv.org/abs/2301.08428 Defending SDN against packet injection attacks using deep learning. (2%) Anh Tuan Phu; Bo Li; Faheem Ullah; Tanvir Ul Huque; Ranesh Naha; Ali Babar; Hung Nguyen http://arxiv.org/abs/2301.08170 On the Vulnerability of Backdoor Defenses for Federated Learning. (62%) Pei Fang; Jinghui Chen http://arxiv.org/abs/2301.08401 On the Relationship Between Information-Theoretic Privacy Metrics And Probabilistic Information Privacy. (31%) Chong Xiao Wang; Wee Peng Tay http://arxiv.org/abs/2301.08092 RNAS-CL: Robust Neural Architecture Search by Cross-Layer Knowledge Distillation. (16%) Utkarsh Nath; Yancheng Wang; Yingzhen Yang http://arxiv.org/abs/2301.08114 Enhancing Deep Learning with Scenario-Based Override Rules: a Case Study. (1%) Adiel Ashrov; Guy Katz http://arxiv.org/abs/2301.06871 Denoising Diffusion Probabilistic Models as a Defense against Adversarial Attacks. (98%) Lars Lien Ankile; Anna Midgley; Sebastian Weisshaar http://arxiv.org/abs/2301.07487 Adversarial Robust Deep Reinforcement Learning Requires Redefining Robustness. (68%) Ezgi Korkmaz http://arxiv.org/abs/2301.07284 Label Inference Attack against Split Learning under Regression Setting. (8%) Shangyu Xie; Xin Yang; Yuanshun Yao; Tianyi Liu; Taiqing Wang; Jiankai Sun http://arxiv.org/abs/2301.06393 $\beta$-DARTS++: Bi-level Regularization for Proxy-robust Differentiable Architecture Search. (1%) Peng Ye; Tong He; Baopu Li; Tao Chen; Lei Bai; Wanli Ouyang http://arxiv.org/abs/2301.06442 Modeling Uncertain Feature Representation for Domain Generalization. (1%) Xiaotong Li; Zixuan Hu; Jun Liu; Yixiao Ge; Yongxing Dai; Ling-Yu Duan http://arxiv.org/abs/2301.06241 BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense. (4%) Siyuan Cheng; Guanhong Tao; Yingqi Liu; Shengwei An; Xiangzhe Xu; Shiwei Feng; Guangyu Shen; Kaiyuan Zhang; Qiuling Xu; Shiqing Ma; Xiangyu Zhang http://arxiv.org/abs/2301.07099 Adaptive Deep Neural Network Inference Optimization with EENet. (1%) Fatih Ilhan; Ka-Ho Chow; Sihao Hu; Tiansheng Huang; Selim Tekin; Wenqi Wei; Yanzhao Wu; Myungjin Lee; Ramana Kompella; Hugo Latapie; Gaowen Liu; Ling Liu http://arxiv.org/abs/2301.05506 On the feasibility of attacking Thai LPR systems with adversarial examples. (99%) Chissanupong Jiamsuchon; Jakapan Suaboot; Norrathep Rattanavipanon http://arxiv.org/abs/2301.05264 Security-Aware Approximate Spiking Neural Networks. (87%) Syed Tihaam Ahmad; Ayesha Siddique; Khaza Anuarul Hoque http://arxiv.org/abs/2301.05250 Jamming Attacks on Decentralized Federated Learning in General Multi-Hop Wireless Networks. (3%) Yi Shi; Yalin E. Sagduyu; Tugba Erpek http://arxiv.org/abs/2301.04785 Phase-shifted Adversarial Training. (82%) Yeachan Kim; Seongyeon Kim; Ihyeok Seo; Bonggun Shin http://arxiv.org/abs/2301.04554 Universal Detection of Backdoor Attacks via Density-based Clustering and Centroids Analysis. (78%) Wei Guo; Benedetta Tondi; Mauro Barni http://arxiv.org/abs/2301.04093 On the Robustness of AlphaFold: A COVID-19 Case Study. (73%) Ismail Alkhouri; Sumit Jha; Andre Beckus; George Atia; Alvaro Velasquez; Rickard Ewetz; Arvind Ramanathan; Susmit Jha http://arxiv.org/abs/2301.03826 CDA: Contrastive-adversarial Domain Adaptation. (38%) Nishant Yadav; Mahbubul Alam; Ahmed Farahat; Dipanjan Ghosh; Chetan Gupta; Auroop R. Ganguly http://arxiv.org/abs/2301.04230 User-Centered Security in Natural Language Processing. (12%) Chris Emmery http://arxiv.org/abs/2301.04218 Leveraging Diffusion For Strong and High Quality Face Morphing Attacks. (3%) Zander W. Blasingame; Chen Liu http://arxiv.org/abs/2301.03760 Over-The-Air Adversarial Attacks on Deep Learning Wi-Fi Fingerprinting. (99%) Fei Xiao; Yong Huang; Yingying Zuo; Wei Kuang; Wei Wang http://arxiv.org/abs/2301.03703 On the Susceptibility and Robustness of Time Series Models through Adversarial Attack and Defense. (98%) Asadullah Hill Galib; Bidhan Bashyal http://arxiv.org/abs/2301.04017 Is Federated Learning a Practical PET Yet? (13%) Franziska Boenisch; Adam Dziedzic; Roei Schuster; Ali Shahin Shamsabadi; Ilia Shumailov; Nicolas Papernot http://arxiv.org/abs/2301.03724 SoK: Hardware Defenses Against Speculative Execution Attacks. (1%) Guangyuan Hu; Zecheng He; Ruby Lee http://arxiv.org/abs/2301.03110 RobArch: Designing Robust Architectures against Adversarial Attacks. (76%) ShengYun Peng; Weilin Xu; Cory Cornelius; Kevin Li; Rahul Duggal; Duen Horng Chau; Jason Martin http://arxiv.org/abs/2302.05294 MoreauGrad: Sparse and Robust Interpretation of Neural Networks via Moreau Envelope. (1%) Jingwei Zhang; Farzan Farnia http://arxiv.org/abs/2301.02905 REaaS: Enabling Adversarially Robust Downstream Classifiers via Robust Encoder as a Service. (99%) Wenjie Qu; Jinyuan Jia; Neil Zhenqiang Gong http://arxiv.org/abs/2301.04472 Adversarial training with informed data selection. (99%) Marcele O. K. Mendonça; Javier Maroto; Pascal Frossard; Paulo S. R. Diniz http://arxiv.org/abs/2301.02412 Code Difference Guided Adversarial Example Generation for Deep Code Models. (99%) Zhao Tian; Junjie Chen; Zhi Jin http://arxiv.org/abs/2301.02496 Stealthy Backdoor Attack for Code Models. (98%) Zhou Yang; Bowen Xu; Jie M. Zhang; Hong Jin Kang; Jieke Shi; Junda He; David Lo http://arxiv.org/abs/2301.02615 Silent Killer: A Stealthy, Clean-Label, Black-Box Backdoor Attack. (98%) Tzvi Lederer; Gallil Maimon; Lior Rokach http://arxiv.org/abs/2301.02288 gRoMA: a Tool for Measuring the Global Robustness of Deep Neural Networks. (96%) Natan Levy; Raz Yerushalmi; Guy Katz http://arxiv.org/abs/2301.02039 Randomized Message-Interception Smoothing: Gray-box Certificates for Graph Neural Networks. (61%) Yan Scholten; Jan Schuchardt; Simon Geisler; Aleksandar Bojchevski; Stephan Günnemann http://arxiv.org/abs/2301.02344 TrojanPuzzle: Covertly Poisoning Code-Suggestion Models. (4%) Hojjat Aghakhani; Wei Dai; Andre Manoel; Xavier Fernandes; Anant Kharkar; Christopher Kruegel; Giovanni Vigna; David Evans; Ben Zorn; Robert Sim http://arxiv.org/abs/2302.10291 Can Large Language Models Change User Preference Adversarially? (1%) Varshini Subhash http://arxiv.org/abs/2301.01832 Availability Adversarial Attack and Countermeasures for Deep Learning-based Load Forecasting. (98%) Wangkun Xu; Fei Teng http://arxiv.org/abs/2301.01495 Beckman Defense. (84%) A. V. Subramanyam http://arxiv.org/abs/2301.01731 GUAP: Graph Universal Attack Through Adversarial Patching. (81%) Xiao Zang; Jie Chen; Bo Yuan http://arxiv.org/abs/2301.01885 Enhancement attacks in biomedical machine learning. (1%) Matthew Rosenblatt; Javid Dadashkarimi; Dustin Scheinost http://arxiv.org/abs/2301.01343 Explainability and Robustness of Deep Visual Classification Models. (92%) Jindong Gu http://arxiv.org/abs/2301.00986 Look, Listen, and Attack: Backdoor Attacks Against Video Action Recognition. (83%) Hasan Abed Al Kader Hammoud; Shuming Liu; Mohammed Alkhrashi; Fahad AlBalawi; Bernard Ghanem http://arxiv.org/abs/2301.01197 Backdoor Attacks Against Dataset Distillation. (50%) Yugeng Liu; Zheng Li; Michael Backes; Yun Shen; Yang Zhang http://arxiv.org/abs/2301.01044 Analysis of Label-Flip Poisoning Attack on Machine Learning Based Malware Detector. (33%) Kshitiz Aryal; Maanak Gupta; Mahmoud Abdelsalam http://arxiv.org/abs/2301.00896 Efficient Robustness Assessment via Adversarial Spatial-Temporal Focus on Videos. (92%) Wei Xingxing; Wang Songping; Yan Huanqian http://arxiv.org/abs/2301.00364 Generalizable Black-Box Adversarial Attack with Meta Learning. (99%) Fei Yin; Yong Zhang; Baoyuan Wu; Yan Feng; Jingyi Zhang; Yanbo Fan; Yujiu Yang http://arxiv.org/abs/2301.01223 ExploreADV: Towards exploratory attack for Neural Networks. (99%) Tianzuo Luo; Yuyi Zhong; Siaucheng Khoo http://arxiv.org/abs/2301.00435 Trojaning semi-supervised learning model via poisoning wild images on the web. (47%) Le Feng; Zhenxing Qian; Sheng Li; Xinpeng Zhang http://arxiv.org/abs/2301.01218 Tracing the Origin of Adversarial Attack for Forensic Investigation and Deterrence. (99%) Han Fang; Jiyi Zhang; Yupeng Qiu; Ke Xu; Chengfang Fang; Ee-Chien Chang http://arxiv.org/abs/2212.14875 Guidance Through Surrogate: Towards a Generic Diagnostic Attack. (99%) Muzammal Naseer; Salman Khan; Fatih Porikli; Fahad Shahbaz Khan http://arxiv.org/abs/2212.14597 Defense Against Adversarial Attacks on Audio DeepFake Detection. (91%) Piotr Kawa; Marcin Plata; Piotr Syga http://arxiv.org/abs/2212.14677 Adversarial attacks and defenses on ML- and hardware-based IoT device fingerprinting and identification. (82%) Pedro Miguel Sánchez Sánchez; Alberto Huertas Celdrán; Gérôme Bovet; Gregorio Martínez Pérez http://arxiv.org/abs/2301.01217 Unlearnable Clusters: Towards Label-agnostic Unlearnable Examples. (22%) Jiaming Zhang; Xingjun Ma; Qi Yi; Jitao Sang; Yugang Jiang; Yaowei Wang; Changsheng Xu http://arxiv.org/abs/2301.00108 Targeted k-node Collapse Problem: Towards Understanding the Robustness of Local k-core Structure. (1%) Yuqian Lv; Bo Zhou; Jinhuan Wang; Qi Xuan http://arxiv.org/abs/2212.14315 "Real Attackers Don't Compute Gradients": Bridging the Gap Between Adversarial ML Research and Practice. (68%) Giovanni Apruzzese; Hyrum S. Anderson; Savino Dambra; David Freeman; Fabio Pierazzi; Kevin A. Roundy http://arxiv.org/abs/2212.14268 Detection of out-of-distribution samples using binary neuron activation patterns. (11%) Bartlomiej Olber; Krystian Radlak; Adam Popowicz; Michal Szczepankiewicz; Krystian Chachula http://arxiv.org/abs/2212.13707 Thermal Heating in ReRAM Crossbar Arrays: Challenges and Solutions. (99%) Kamilya Smagulova; Mohammed E. Fouda; Ahmed Eltawil http://arxiv.org/abs/2212.14115 Certifying Safety in Reinforcement Learning under Adversarial Perturbation Attacks. (98%) Junlin Wu; Hussein Sibai; Yevgeniy Vorobeychik http://arxiv.org/abs/2212.13700 Publishing Efficient On-device Models Increases Adversarial Vulnerability. (95%) Sanghyun Hong; Nicholas Carlini; Alexey Kurakin http://arxiv.org/abs/2212.14049 Differentiable Search of Accurate and Robust Architectures. (92%) Yuwei Ou; Xiangning Xie; Shangce Gao; Yanan Sun; Kay Chen Tan; Jiancheng Lv http://arxiv.org/abs/2212.14106 Robust Ranking Explanations. (76%) Chao Chen; Chenghua Guo; Guixiang Ma; Xi Zhang; Sihong Xie http://arxiv.org/abs/2212.13929 Evaluating Generalizability of Deep Learning Models Using Indian-COVID-19 CT Dataset. (1%) Suba S; Nita Parekh; Ramesh Loganathan; Vikram Pudi; Chinnababu Sunkavalli http://arxiv.org/abs/2212.13607 EDoG: Adversarial Edge Detection For Graph Neural Networks. (98%) Xiaojun Xu; Yue Yu; Hanzhang Wang; Alok Lal; Carl A. Gunter; Bo Li http://arxiv.org/abs/2212.13667 Learning When to Use Adaptive Adversarial Image Perturbations against Autonomous Vehicles. (86%) Hyung-Jin Yoon; Hamidreza Jafarnejadsani; Petros Voulgaris http://arxiv.org/abs/2302.03523 Sparse Mixture Once-for-all Adversarial Training for Efficient In-Situ Trade-Off Between Accuracy and Robustness of DNNs. (62%) Souvik Kundu; Sairam Sundaresan; Sharath Nittur Sridhar; Shunlin Lu; Han Tang; Peter A. Beerel http://arxiv.org/abs/2212.13675 XMAM:X-raying Models with A Matrix to Reveal Backdoor Attacks for Federated Learning. (56%) Jianyi Zhang; Fangjiao Zhang; Qichao Jin; Zhiqiang Wang; Xiaodong Lin; Xiali Hei http://arxiv.org/abs/2212.12995 Simultaneously Optimizing Perturbations and Positions for Black-box Adversarial Patch Attacks. (99%) Xingxing Wei; Ying Guo; Jie Yu; Bo Zhang http://arxiv.org/abs/2212.12732 Frequency Regularization for Improving Adversarial Robustness. (99%) Binxiao Huang; Chaofan Tao; Rui Lin; Ngai Wong http://arxiv.org/abs/2212.12641 Out-of-Distribution Detection with Reconstruction Error and Typicality-based Penalty. (61%) Genki Osada; Takahashi Tsubasa; Budrul Ahsan; Takashi Nishide http://arxiv.org/abs/2212.12380 Towards Scalable Physically Consistent Neural Networks: an Application to Data-driven Multi-zone Thermal Building Models. (1%) Natale Loris Di; Bratislav Svetozarevic; Philipp Heer; Colin Neil Jones http://arxiv.org/abs/2212.11778 Adversarial Machine Learning and Defense Game for NextG Signal Classification with Deep Learning. (98%) Yalin E. Sagduyu http://arxiv.org/abs/2212.11760 Aliasing is a Driver of Adversarial Attacks. (80%) Adrián Rodríguez-Muñoz; Antonio Torralba http://arxiv.org/abs/2212.11810 GAN-based Domain Inference Attack. (2%) Yuechun Gu; Keke Chen http://arxiv.org/abs/2212.11614 Hybrid Quantum-Classical Generative Adversarial Network for High Resolution Image Generation. (1%) Shu Lok Tsang; Maxwell T. West; Sarah M. Erfani; Muhammad Usman http://arxiv.org/abs/2212.11005 Revisiting Residual Networks for Adversarial Robustness: An Architectural Perspective. (80%) Shihua Huang; Zhichao Lu; Kalyanmoy Deb; Vishnu Naresh Boddeti http://arxiv.org/abs/2212.11205 Vulnerabilities of Deep Learning-Driven Semantic Communications to Backdoor (Trojan) Attacks. (67%) Yalin E. Sagduyu; Tugba Erpek; Sennur Ulukus; Aylin Yener http://arxiv.org/abs/2212.11209 A Theoretical Study of The Effects of Adversarial Attacks on Sparse Regression. (13%) Deepak Maurya; Jean Honorio http://arxiv.org/abs/2212.10230 A Comprehensive Study and Comparison of the Robustness of 3D Object Detectors Against Adversarial Attacks. (98%) Yifan Zhang; Junhui Hou; Yixuan Yuan http://arxiv.org/abs/2212.10006 Multi-head Uncertainty Inference for Adversarial Attack Detection. (98%) Yuqi Yang; Songyun Yang; Jiyang Xie. Zhongwei Si; Kai Guo; Ke Zhang; Kongming Liang http://arxiv.org/abs/2212.10258 In and Out-of-Domain Text Adversarial Robustness via Label Smoothing. (98%) Yahan Yang; Soham Dan; Dan Roth; Insup Lee http://arxiv.org/abs/2212.10438 Is Semantic Communications Secure? A Tale of Multi-Domain Adversarial Attacks. (96%) Yalin E. Sagduyu; Tugba Erpek; Sennur Ulukus; Aylin Yener http://arxiv.org/abs/2212.10556 Unleashing the Power of Visual Prompting At the Pixel Level. (92%) Junyang Wu; Xianhang Li; Chen Wei; Huiyu Wang; Alan Yuille; Yuyin Zhou; Cihang Xie http://arxiv.org/abs/2212.10318 Learned Systems Security. (78%) Roei Schuster; Jin Peng Zhou; Paul Grubbs; Thorsten Eisenhofer; Nicolas Papernot http://arxiv.org/abs/2212.10717 Hidden Poison: Machine Unlearning Enables Camouflaged Poisoning Attacks. (22%) Jimmy Z. Di; Jack Douglas; Jayadev Acharya; Gautam Kamath; Ayush Sekhari http://arxiv.org/abs/2212.10264 ReCode: Robustness Evaluation of Code Generation Models. (10%) Shiqi Wang; Zheng Li; Haifeng Qian; Chenghao Yang; Zijian Wang; Mingyue Shang; Varun Kumar; Samson Tan; Baishakhi Ray; Parminder Bhatia; Ramesh Nallapati; Murali Krishna Ramanathan; Dan Roth; Bing Xiang http://arxiv.org/abs/2212.10002 Defending Against Poisoning Attacks in Open-Domain Question Answering. (8%) Orion Weller; Aleem Khan; Nathaniel Weir; Dawn Lawrie; Durme Benjamin Van http://arxiv.org/abs/2212.10221 SoK: Analysis of Root Causes and Defense Strategies for Attacks on Microarchitectural Optimizations. (5%) Nadja Ramhöj Holtryd; Madhavan Manivannan; Per Stenström http://arxiv.org/abs/2212.10534 DISCO: Distilling Phrasal Counterfactuals with Large Language Models. (1%) Zeming Chen; Qiyue Gao; Kyle Richardson; Antoine Bosselut; Ashish Sabharwal http://arxiv.org/abs/2212.09254 TextGrad: Advancing Robustness Evaluation in NLP by Gradient-Driven Optimization. (99%) Bairu Hou; Jinghan Jia; Yihua Zhang; Guanhua Zhang; Yang Zhang; Sijia Liu; Shiyu Chang http://arxiv.org/abs/2212.09994 Towards Robustness of Text-to-SQL Models Against Natural and Realistic Adversarial Table Perturbation. (75%) Xinyu Pi; Bing Wang; Yan Gao; Jiaqi Guo; Zhoujun Li; Jian-Guang Lou http://arxiv.org/abs/2212.09360 AI Security for Geoscience and Remote Sensing: Challenges and Future Trends. (50%) Yonghao Xu; Tao Bai; Weikang Yu; Shizhen Chang; Peter M. Atkinson; Pedram Ghamisi http://arxiv.org/abs/2212.09668 Task-Oriented Communications for NextG: End-to-End Deep Learning and AI Security Aspects. (26%) Yalin E. Sagduyu; Sennur Ulukus; Aylin Yener http://arxiv.org/abs/2212.09979 Flareon: Stealthy any2any Backdoor Injection via Poisoned Augmentation. (2%) Tianrui Qin; Xianghuan He; Xitong Gao; Yiren Zhao; Kejiang Ye; Cheng-Zhong Xu http://arxiv.org/abs/2212.09458 Exploring Optimal Substructure for Out-of-distribution Generalization via Feature-targeted Model Pruning. (1%) Yingchun Wang; Jingcai Guo; Song Guo; Weizhan Zhang; Jie Zhang http://arxiv.org/abs/2212.09155 Estimating the Adversarial Robustness of Attributions in Text with Transformers. (99%) Adam Ivankay; Mattia Rigotti; Ivan Girardi; Chiara Marchiori; Pascal Frossard http://arxiv.org/abs/2212.09035 Minimizing Maximum Model Discrepancy for Transferable Black-box Targeted Attacks. (99%) Anqi Zhao; Tong Chu; Yahao Liu; Wen Li; Jingjing Li; Lixin Duan http://arxiv.org/abs/2301.06083 Discrete Point-wise Attack Is Not Enough: Generalized Manifold Adversarial Attack for Face Recognition. (99%) Qian Li; Yuxiao Hu; Ye Liu; Dongxiao Zhang; Xin Jin; Yuntian Chen http://arxiv.org/abs/2212.09067 Fine-Tuning Is All You Need to Mitigate Backdoor Attacks. (4%) Zeyang Sha; Xinlei He; Pascal Berrang; Mathias Humbert; Yang Zhang http://arxiv.org/abs/2212.09000 Confidence-aware Training of Smoothed Classifiers for Certified Robustness. (86%) Jongheon Jeong; Seojin Kim; Jinwoo Shin http://arxiv.org/abs/2212.09006 A Review of Speech-centric Trustworthy Machine Learning: Privacy, Safety, and Fairness. (2%) Tiantian Feng; Rajat Hebbar; Nicholas Mehlman; Xuan Shi; Aditya Kommineni; and Shrikanth Narayanan http://arxiv.org/abs/2212.08853 HyPe: Better Pre-trained Language Model Fine-tuning with Hidden Representation Perturbation. (1%) Hongyi Yuan; Zheng Yuan; Chuanqi Tan; Fei Huang; Songfang Huang http://arxiv.org/abs/2212.08341 Adversarial Example Defense via Perturbation Grading Strategy. (99%) Shaowei Zhu; Wanli Lyu; Bin Li; Zhaoxia Yin; Bin Luo http://arxiv.org/abs/2212.08427 WebAssembly Diversification for Malware Evasion. (5%) Javier Cabrera-Arteaga; Martin Monperrus; Tim Toady; Benoit Baudry http://arxiv.org/abs/2212.08568 Biomedical image analysis competitions: The state of current participation practice. (4%) Matthias Eisenmann; Annika Reinke; Vivienn Weru; Minu Dietlinde Tizabi; Fabian Isensee; Tim J. Adler; Patrick Godau; Veronika Cheplygina; Michal Kozubek; Sharib Ali; Anubha Gupta; Jan Kybic; Alison Noble; Solórzano Carlos Ortiz de; Samiksha Pachade; Caroline Petitjean; Daniel Sage; Donglai Wei; Elizabeth Wilden; Deepak Alapatt; Vincent Andrearczyk; Ujjwal Baid; Spyridon Bakas; Niranjan Balu; Sophia Bano; Vivek Singh Bawa; Jorge Bernal; Sebastian Bodenstedt; Alessandro Casella; Jinwook Choi; Olivier Commowick; Marie Daum; Adrien Depeursinge; Reuben Dorent; Jan Egger; Hannah Eichhorn; Sandy Engelhardt; Melanie Ganz; Gabriel Girard; Lasse Hansen; Mattias Heinrich; Nicholas Heller; Alessa Hering; Arnaud Huaulmé; Hyunjeong Kim; Bennett Landman; Hongwei Bran Li; Jianning Li; Jun Ma; Anne Martel; Carlos Martín-Isla; Bjoern Menze; Chinedu Innocent Nwoye; Valentin Oreiller; Nicolas Padoy; Sarthak Pati; Kelly Payette; Carole Sudre; Wijnen Kimberlin van; Armine Vardazaryan; Tom Vercauteren; Martin Wagner; Chuanbo Wang; Moi Hoon Yap; Zeyun Yu; Chun Yuan; Maximilian Zenk; Aneeq Zia; David Zimmerer; Rina Bao; Chanyeol Choi; Andrew Cohen; Oleh Dzyubachyk; Adrian Galdran; Tianyuan Gan; Tianqi Guo; Pradyumna Gupta; Mahmood Haithami; Edward Ho; Ikbeom Jang; Zhili Li; Zhengbo Luo; Filip Lux; Sokratis Makrogiannis; Dominik Müller; Young-tack Oh; Subeen Pang; Constantin Pape; Gorkem Polat; Charlotte Rosalie Reed; Kanghyun Ryu; Tim Scherr; Vajira Thambawita; Haoyu Wang; Xinliang Wang; Kele Xu; Hung Yeh; Doyeob Yeo; Yixuan Yuan; Yan Zeng; Xin Zhao; Julian Abbing; Jannes Adam; Nagesh Adluru; Niklas Agethen; Salman Ahmed; Yasmina Al Khalil; Mireia Alenyà; Esa Alhoniemi; Chengyang An; Talha Anwar; Tewodros Weldebirhan Arega; Netanell Avisdris; Dogu Baran Aydogan; Yingbin Bai; Maria Baldeon Calisto; Berke Doga Basaran; Marcel Beetz; Cheng Bian; Hao Bian; Kevin Blansit; Louise Bloch; Robert Bohnsack; Sara Bosticardo; Jack Breen; Mikael Brudfors; Raphael Brüngel; Mariano Cabezas; Alberto Cacciola; Zhiwei Chen; Yucong Chen; Daniel Tianming Chen; Minjeong Cho; Min-Kook Choi; Chuantao Xie Chuantao Xie; Dana Cobzas; Julien Cohen-Adad; Jorge Corral Acero; Sujit Kumar Das; Oliveira Marcela de; Hanqiu Deng; Guiming Dong; Lars Doorenbos; Cory Efird; Di Fan; Mehdi Fatan Serj; Alexandre Fenneteau; Lucas Fidon; Patryk Filipiak; René Finzel; Nuno R. Freitas; Christoph M. Friedrich; Mitchell Fulton; Finn Gaida; Francesco Galati; Christoforos Galazis; Chang Hee Gan; Zheyao Gao; Shengbo Gao; Matej Gazda; Beerend Gerats; Neil Getty; Adam Gibicar; Ryan Gifford; Sajan Gohil; Maria Grammatikopoulou; Daniel Grzech; Orhun Güley; Timo Günnemann; Chunxu Guo; Sylvain Guy; Heonjin Ha; Luyi Han; Il Song Han; Ali Hatamizadeh; Tian He; Jimin Heo; Sebastian Hitziger; SeulGi Hong; SeungBum Hong; Rian Huang; Ziyan Huang; Markus Huellebrand; Stephan Huschauer; Mustaffa Hussain; Tomoo Inubushi; Ece Isik Polat; Mojtaba Jafaritadi; SeongHun Jeong; Bailiang Jian; Yuanhong Jiang; Zhifan Jiang; Yueming Jin; Smriti Joshi; Abdolrahim Kadkhodamohammadi; Reda Abdellah Kamraoui; Inha Kang; Junghwa Kang; Davood Karimi; April Khademi; Muhammad Irfan Khan; Suleiman A. Khan; Rishab Khantwal; Kwang-Ju Kim; Timothy Kline; Satoshi Kondo; Elina Kontio; Adrian Krenzer; Artem Kroviakov; Hugo Kuijf; Satyadwyoom Kumar; Rosa Francesco La; Abhi Lad; Doohee Lee; Minho Lee; Chiara Lena; Hao Li; Ling Li; Xingyu Li; Fuyuan Liao; KuanLun Liao; Arlindo Limede Oliveira; Chaonan Lin; Shan Lin; Akis Linardos; Marius George Linguraru; Han Liu; Tao Liu; Di Liu; Yanling Liu; João Lourenço-Silva; Jingpei Lu; Jiangshan Lu; Imanol Luengo; Christina B. Lund; Huan Minh Luu; Yi Lv; Yi Lv; Uzay Macar; Leon Maechler; Sina Mansour L.; Kenji Marshall; Moona Mazher; Richard McKinley; Alfonso Medela; Felix Meissen; Mingyuan Meng; Dylan Miller; Seyed Hossein Mirjahanmardi; Arnab Mishra; Samir Mitha; Hassan Mohy-ud-Din; Tony Chi Wing Mok; Gowtham Krishnan Murugesan; Enamundram Naga Karthik; Sahil Nalawade; Jakub Nalepa; Mohamed Naser; Ramin Nateghi; Hammad Naveed; Quang-Minh Nguyen; Cuong Nguyen Quoc; Brennan Nichyporuk; Bruno Oliveira; David Owen; Jimut Bahan Pal; Junwen Pan; Wentao Pan; Winnie Pang; Bogyu Park; Vivek Pawar; Kamlesh Pawar; Michael Peven; Lena Philipp; Tomasz Pieciak; Szymon Plotka; Marcel Plutat; Fattaneh Pourakpour; Domen Preložnik; Kumaradevan Punithakumar; Abdul Qayyum; Sandro Queirós; Arman Rahmim; Salar Razavi; Jintao Ren; Mina Rezaei; Jonathan Adam Rico; ZunHyan Rieu; Markus Rink; Johannes Roth; Yusely Ruiz-Gonzalez; Numan Saeed; Anindo Saha; Mostafa Salem; Ricardo Sanchez-Matilla; Kurt Schilling; Wei Shao; Zhiqiang Shen; Ruize Shi; Pengcheng Shi; Daniel Sobotka; Théodore Soulier; Bella Specktor Fadida; Danail Stoyanov; Timothy Sum Hon Mun; Xiaowu Sun; Rong Tao; Franz Thaler; Antoine Théberge; Felix Thielke; Helena Torres; Kareem A. Wahid; Jiacheng Wang; YiFei Wang; Wei Wang; Xiong Wang; Jianhui Wen; Ning Wen; Marek Wodzinski; Ye Wu; Fangfang Xia; Tianqi Xiang; Chen Xiaofei; Lizhan Xu; Tingting Xue; Yuxuan Yang; Lin Yang; Kai Yao; Huifeng Yao; Amirsaeed Yazdani; Michael Yip; Hwanseung Yoo; Fereshteh Yousefirizi; Shunkai Yu; Lei Yu; Jonathan Zamora; Ramy Ashraf Zeineldin; Dewen Zeng; Jianpeng Zhang; Bokai Zhang; Jiapeng Zhang; Fan Zhang; Huahong Zhang; Zhongchen Zhao; Zixuan Zhao; Jiachen Zhao; Can Zhao; Qingshuo Zheng; Yuheng Zhi; Ziqi Zhou; Baosheng Zou; Klaus Maier-Hein; Paul F. Jäger; Annette Kopp-Schneider; Lena Maier-Hein http://arxiv.org/abs/2212.08649 Better May Not Be Fairer: Can Data Augmentation Mitigate Subgroup Degradation? (1%) Ming-Chang Chiu; Pin-Yu Chen; Xuezhe Ma http://arxiv.org/abs/2212.08650 On Human Visual Contrast Sensitivity and Machine Vision Robustness: A Comparative Study. (1%) Ming-Chang Chiu; Yingfei Wang; Derrick Eui Gyu Kim; Pin-Yu Chen; Xuezhe Ma http://arxiv.org/abs/2212.07992 Alternating Objectives Generates Stronger PGD-Based Adversarial Attacks. (98%) Nikolaos Antoniou; Efthymios Georgiou; Alexandros Potamianos http://arxiv.org/abs/2212.08130 On Evaluating Adversarial Robustness of Chest X-ray Classification: Pitfalls and Best Practices. (84%) Salah Ghamizi; Maxime Cordy; Michail Papadakis; Yves Le Traon http://arxiv.org/abs/2212.08044 Are Multimodal Models Robust to Image and Text Perturbations? (5%) Jielin Qiu; Yi Zhu; Xingjian Shi; Florian Wenzel; Zhiqiang Tang; Ding Zhao; Bo Li; Mu Li http://arxiv.org/abs/2212.10628 Holistic risk assessment of inference attacks in machine learning. (4%) Yang Yang http://arxiv.org/abs/2212.12307 Defending against cybersecurity threats to the payments and banking system. (2%) Williams Haruna; Toyin Ajiboro Aremu; Yetunde Ajao Modupe http://arxiv.org/abs/2301.03595 White-box Inference Attacks against Centralized Machine Learning and Federated Learning. (1%) Jingyi Ge http://arxiv.org/abs/2212.07495 SAIF: Sparse Adversarial and Interpretable Attack Framework. (99%) Tooba Imtiaz; Morgan Kohler; Jared Miller; Zifeng Wang; Mario Sznaier; Octavia Camps; Jennifer Dy http://arxiv.org/abs/2212.07591 Dissecting Distribution Inference. (88%) Anshuman Suri; Yifu Lu; Yanjin Chen; David Evans http://arxiv.org/abs/2212.07283 Generative Robust Classification. (11%) Xuwang Yin http://arxiv.org/abs/2212.14109 Synthesis of Adversarial DDOS Attacks Using Tabular Generative Adversarial Networks. (8%) Abdelmageed Ahmed Hassan; Mohamed Sayed Hussein; Ahmed Shehata AboMoustafa; Sarah Hossam Elmowafy http://arxiv.org/abs/2212.07558 DOC-NAD: A Hybrid Deep One-class Classifier for Network Anomaly Detection. (1%) Mohanad Sarhan; Gayan Kulatilleke; Wai Weng Lo; Siamak Layeghy; Marius Portmann http://arxiv.org/abs/2212.06431 Object-fabrication Targeted Attack for Object Detection. (99%) Xuchong Zhang; Changfeng Sun; Haoliang Han; Hang Wang; Hongbin Sun; Nanning Zheng http://arxiv.org/abs/2212.06822 Adversarial Attacks and Defences for Skin Cancer Classification. (99%) Vinay Jogani; Joy Purohit; Ishaan Shivhare; Samina Attari; Shraddha Surtkar http://arxiv.org/abs/2212.06776 Unfolding Local Growth Rate Estimates for (Almost) Perfect Adversarial Detection. (99%) Peter Lorenz; Margret Keuper; Janis Keuper http://arxiv.org/abs/2212.06836 Towards Efficient and Domain-Agnostic Evasion Attack with High-dimensional Categorical Inputs. (80%) Hongyan Bao; Yufei Han; Yujun Zhou; Xin Gao; Xiangliang Zhang http://arxiv.org/abs/2212.07016 Understanding Zero-Shot Adversarial Robustness for Large-Scale Models. (73%) Chengzhi Mao; Scott Geng; Junfeng Yang; Xin Wang; Carl Vondrick http://arxiv.org/abs/2212.06493 Pixel is All You Need: Adversarial Trajectory-Ensemble Active Learning for Salient Object Detection. (56%) Zhenyu Wu; Lin Wang; Wei Wang; Qing Xia; Chenglizhao Chen; Aimin Hao; Shuo Li http://arxiv.org/abs/2212.13989 AdvCat: Domain-Agnostic Robustness Assessment for Cybersecurity-Critical Applications with Categorical Inputs. (56%) Helene Orsini; Hongyan Bao; Yujun Zhou; Xiangrui Xu; Yufei Han; Longyang Yi; Wei Wang; Xin Gao; Xiangliang Zhang http://arxiv.org/abs/2212.06428 Privacy-preserving Security Inference Towards Cloud-Edge Collaborative Using Differential Privacy. (1%) Yulong Wang; Xingshu Chen; Qixu Wang http://arxiv.org/abs/2212.06643 Boosting Semi-Supervised Learning with Contrastive Complementary Labeling. (1%) Qinyi Deng; Yong Guo; Zhibang Yang; Haolin Pan; Jian Chen http://arxiv.org/abs/2212.05917 SRoUDA: Meta Self-training for Robust Unsupervised Domain Adaptation. (98%) Wanqing Zhu; Jia-Li Yin; Bo-Hao Chen; Ximeng Liu http://arxiv.org/abs/2212.07815 Adversarially Robust Video Perception by Seeing Motion. (98%) Lingyu Zhang; Chengzhi Mao; Junfeng Yang; Carl Vondrick http://arxiv.org/abs/2212.06123 A Survey on Reinforcement Learning Security with Application to Autonomous Driving. (96%) Ambra Demontis; Maura Pintor; Luca Demetrio; Kathrin Grosse; Hsiao-Ying Lin; Chengfang Fang; Battista Biggio; Fabio Roli http://arxiv.org/abs/2212.05709 HOTCOLD Block: Fooling Thermal Infrared Detectors with a Novel Wearable Design. (96%) Hui Wei; Zhixiang Wang; Xuemei Jia; Yinqiang Zheng; Hao Tang; Shin'ichi Satoh; Zheng Wang http://arxiv.org/abs/2212.06079 Robust Perception through Equivariance. (96%) Chengzhi Mao; Lingyu Zhang; Abhishek Joshi; Junfeng Yang; Hao Wang; Carl Vondrick http://arxiv.org/abs/2212.06295 Despite "super-human" performance, current LLMs are unsuited for decisions about ethics and safety. (75%) Joshua Albrecht; Ellie Kitanidis; Abraham J. Fetterman http://arxiv.org/abs/2212.06325 AFLGuard: Byzantine-robust Asynchronous Federated Learning. (15%) Minghong Fang; Jia Liu; Neil Zhenqiang Gong; Elizabeth S. Bentley http://arxiv.org/abs/2212.05827 Carpet-bombing patch: attacking a deep network without usual requirements. (2%) Pol Labarbarie; Adrien Chan-Hon-Tong; Stéphane Herbin; Milad Leyli-Abadi http://arxiv.org/abs/2212.06361 Numerical Stability of DeepGOPlus Inference. (1%) Inés Gonzalez Pepe; Yohan Chatelain; Gregory Kiar; Tristan Glatard http://arxiv.org/abs/2212.05630 DISCO: Adversarial Defense with Local Implicit Functions. (99%) Chih-Hui Ho; Nuno Vasconcelos http://arxiv.org/abs/2212.05680 REAP: A Large-Scale Realistic Adversarial Patch Benchmark. (98%) Nabeel Hingun; Chawin Sitawarin; Jerry Li; David Wagner http://arxiv.org/abs/2212.05387 General Adversarial Defense Against Black-box Attacks via Pixel Level and Feature Level Distribution Alignments. (99%) Xiaogang Xu; Hengshuang Zhao; Philip Torr; Jiaya Jia http://arxiv.org/abs/2212.05399 Untargeted Attack against Federated Recommendation Systems via Poisonous Item Embeddings and the Defense. (93%) Yang Yu; Qi Liu; Likang Wu; Runlong Yu; Sanshi Lei Yu; Zaixi Zhang http://arxiv.org/abs/2212.05337 Targeted Adversarial Attacks on Deep Reinforcement Learning Policies via Model Checking. (93%) Dennis Gross; Thiago D. Simao; Nils Jansen; Guillermo A. Perez http://arxiv.org/abs/2212.05380 Mitigating Adversarial Gray-Box Attacks Against Phishing Detectors. (54%) Giovanni Apruzzese; V. S. Subrahmanian http://arxiv.org/abs/2212.05400 How to Backdoor Diffusion Models? (12%) Sheng-Yen Chou; Pin-Yu Chen; Tsung-Yi Ho http://arxiv.org/abs/2212.05327 Identifying the Source of Vulnerability in Explanation Discrepancy: A Case Study in Neural Text Classification. (1%) Ruixuan Tang; Hanjie Chen; Yangfeng Ji http://arxiv.org/abs/2212.04985 Understanding and Combating Robust Overfitting via Input Loss Landscape Analysis and Regularization. (98%) Lin Li; Michael Spratling http://arxiv.org/abs/2212.04875 Expeditious Saliency-guided Mix-up through Random Gradient Thresholding. (2%) Minh-Long Luu; Zeyi Huang; Eric P. Xing; Yong Jae Lee; Haohan Wang http://arxiv.org/abs/2212.04871 Spurious Features Everywhere -- Large-Scale Detection of Harmful Spurious Features in ImageNet. (1%) Yannic Neuhaus; Maximilian Augustin; Valentyn Boreiko; Matthias Hein http://arxiv.org/abs/2212.05015 Robustness Implies Privacy in Statistical Estimation. (1%) Samuel B. Hopkins; Gautam Kamath; Mahbod Majid; Shyam Narayanan http://arxiv.org/abs/2212.04687 Selective Amnesia: On Efficient, High-Fidelity and Blind Suppression of Backdoor Effects in Trojaned Machine Learning Models. (1%) Rui Zhu; Di Tang; Siyuan Tang; XiaoFeng Wang; Haixu Tang http://arxiv.org/abs/2212.11138 QVIP: An ILP-based Formal Verification Approach for Quantized Neural Networks. (1%) Yedi Zhang; Zhe Zhao; Fu Song; Min Zhang; Taolue Chen; Jun Sun http://arxiv.org/abs/2212.04138 Targeted Adversarial Attacks against Neural Network Trajectory Predictors. (99%) Kaiyuan Tan; Jun Wang; Yiannis Kantaros http://arxiv.org/abs/2212.04454 XRand: Differentially Private Defense against Explanation-Guided Attacks. (68%) Truc Nguyen; Phung Lai; NhatHai Phan; My T. Thai http://arxiv.org/abs/2212.04656 Robust Graph Representation Learning via Predictive Coding. (22%) Billy Byiringiro; Tommaso Salvatori; Thomas Lukasiewicz http://arxiv.org/abs/2212.04008 Use of Cryptography in Malware Obfuscation. (1%) Hassan Jameel Asghar; Benjamin Zi Hao Zhao; Muhammad Ikram; Giang Nguyen; Dali Kaafar; Sean Lamont; Daniel Coscia http://arxiv.org/abs/2212.03334 Pre-trained Encoders in Self-Supervised Learning Improve Secure and Privacy-preserving Supervised Learning. (96%) Hongbin Liu; Wenjie Qu; Jinyuan Jia; Neil Zhenqiang Gong http://arxiv.org/abs/2212.02531 Enhancing Quantum Adversarial Robustness by Randomized Encodings. (99%) Weiyuan Gong; Dong Yuan; Weikang Li; Dong-Ling Deng http://arxiv.org/abs/2212.03069 Multiple Perturbation Attack: Attack Pixelwise Under Different $\ell_p$-norms For Better Adversarial Performance. (99%) Ngoc N. Tran; Anh Tuan Bui; Dinh Phung; Trung Le http://arxiv.org/abs/2212.02127 FaceQAN: Face Image Quality Assessment Through Adversarial Noise Exploration. (92%) Žiga Babnik; Peter Peer; Vitomir Štruc http://arxiv.org/abs/2212.02042 Refiner: Data Refining against Gradient Leakage Attacks in Federated Learning. (76%) Mingyuan Fan; Cen Chen; Chengyu Wang; Wenmeng Zhou; Jun Huang; Ximeng Liu; Wenzhong Guo http://arxiv.org/abs/2212.02457 Blessings and Curses of Covariate Shifts: Adversarial Learning Dynamics, Directional Convergence, and Equilibria. (8%) Tengyuan Liang http://arxiv.org/abs/2212.02705 What is the Solution for State-Adversarial Multi-Agent Reinforcement Learning? (3%) Songyang Han; Sanbao Su; Sihong He; Shuo Han; Haizhao Yang; Fei Miao http://arxiv.org/abs/2212.02648 Spuriosity Rankings: Sorting Data for Spurious Correlation Robustness. (1%) Mazda Moayeri; Wenxiao Wang; Sahil Singla; Soheil Feizi http://arxiv.org/abs/2212.02663 Efficient Malware Analysis Using Metric Embeddings. (1%) Ethan M. Rudd; David Krisiloff; Scott Coull; Daniel Olszewski; Edward Raff; James Holt http://arxiv.org/abs/2212.02003 Bayesian Learning with Information Gain Provably Bounds Risk for a Robust Adversarial Defense. (98%) Bao Gia Doan; Ehsan Abbasnejad; Javen Qinfeng Shi; Damith C. Ranasinghe http://arxiv.org/abs/2212.01806 Recognizing Object by Components with Human Prior Knowledge Enhances Adversarial Robustness of Deep Neural Networks. (88%) Xiao Li; Ziqi Wang; Bo Zhang; Fuchun Sun; Xiaolin Hu http://arxiv.org/abs/2212.01957 CSTAR: Towards Compact and STructured Deep Neural Networks with Adversarial Robustness. (82%) Huy Phan; Miao Yin; Yang Sui; Bo Yuan; Saman Zonouz http://arxiv.org/abs/2212.01976 FedCC: Robust Federated Learning against Model Poisoning Attacks. (45%) Hyejun Jeong; Hamin Son; Seohu Lee; Jayun Hyun; Tai-Myoung Chung http://arxiv.org/abs/2212.01767 ConfounderGAN: Protecting Image Data Privacy with Causal Confounder. (8%) Qi Tian; Kun Kuang; Kelu Jiang; Furui Liu; Zhihua Wang; Fei Wu http://arxiv.org/abs/2212.01688 LDL: A Defense for Label-Based Membership Inference Attacks. (83%) Arezoo Rajabi; Dinuka Sahabandu; Luyao Niu; Bhaskar Ramasubramanian; Radha Poovendran http://arxiv.org/abs/2212.01716 Security Analysis of SplitFed Learning. (8%) Momin Ahmad Khan; Virat Shejwalkar; Amir Houmansadr; Fatima Muhammad Anwar http://arxiv.org/abs/2212.01082 Membership Inference Attacks Against Semantic Segmentation Models. (45%) Tomas Chobola; Dmitrii Usynin; Georgios Kaissis http://arxiv.org/abs/2212.01346 Guaranteed Conformance of Neurosymbolic Models to Natural Constraints. (1%) Kaustubh Sridhar; Souradeep Dutta; James Weimer; Insup Lee http://arxiv.org/abs/2212.00612 Purifier: Defending Data Inference Attacks via Transforming Confidence Scores. (89%) Ziqi Yang; Lijin Wang; Da Yang; Jie Wan; Ziming Zhao; Ee-Chien Chang; Fan Zhang; Kui Ren http://arxiv.org/abs/2212.00884 Pareto Regret Analyses in Multi-objective Multi-armed Bandit. (41%) Mengfan Xu; Diego Klabjan http://arxiv.org/abs/2212.00325 All You Need Is Hashing: Defending Against Data Reconstruction Attack in Vertical Federated Learning. (3%) Pengyu Qiu; Xuhong Zhang; Shouling Ji; Yuwen Pu; Ting Wang http://arxiv.org/abs/2212.00311 Generalizing and Improving Jacobian and Hessian Regularization. (1%) Chenwei Cui; Zehao Yan; Guangshen Liu; Liangfu Lu http://arxiv.org/abs/2212.00952 On the Limit of Explaining Black-box Temporal Graph Neural Networks. (1%) Minh N. Vu; My T. Thai http://arxiv.org/abs/2212.00951 SimpleMind adds thinking to deep neural networks. (1%) Youngwon Choi; M. Wasil Wahi-Anwar; Matthew S. Brown http://arxiv.org/abs/2211.17071 Towards Interpreting Vulnerability of Multi-Instance Learning via Customized and Universal Adversarial Perturbations. (97%) Yu-Xuan Zhang; Hua Meng; Xue-Mei Cao; Zhengchun Zhou; Mei Yang; Avik Ranjan Adhikary http://arxiv.org/abs/2212.03095 Interpretation of Neural Networks is Susceptible to Universal Adversarial Perturbations. (84%) Haniyeh Ehsani Oskouie; Farzan Farnia http://arxiv.org/abs/2211.16808 Efficient Adversarial Input Generation via Neural Net Patching. (75%) Tooba Khan; Kumar Madhukar; Subodh Vishnu Sharma http://arxiv.org/abs/2211.16806 Toward Robust Diagnosis: A Contour Attention Preserving Adversarial Defense for COVID-19 Detection. (69%) Kun Xiang; Xing Zhang; Jinwen She; Jinpeng Liu; Haohan Wang; Shiqi Deng; Shancheng Jiang http://arxiv.org/abs/2211.17244 Tight Certification of Adversarially Trained Neural Networks via Nonconvex Low-Rank Semidefinite Relaxations. (38%) Hong-Ming Chiu; Richard Y. Zhang http://arxiv.org/abs/2211.16908 Improved Smoothed Analysis of 2-Opt for the Euclidean TSP. (8%) Bodo Manthey; Rhijn Jesse van http://arxiv.org/abs/2211.16080 Understanding and Enhancing Robustness of Concept-based Models. (99%) Sanchit Sinha; Mengdi Huai; Jianhui Sun; Aidong Zhang http://arxiv.org/abs/2211.16247 Ada3Diff: Defending against 3D Adversarial Point Clouds via Adaptive Diffusion. (99%) Kui Zhang; Hang Zhou; Jie Zhang; Qidong Huang; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/2211.16253 Advancing Deep Metric Learning Through Multiple Batch Norms And Multi-Targeted Adversarial Examples. (88%) Inderjeet Singh; Kazuya Kakizaki; Toshinori Araki http://arxiv.org/abs/2211.16093 Penalizing Confident Predictions on Largely Perturbed Inputs Does Not Improve Out-of-Distribution Generalization in Question Answering. (83%) Kazutoshi Shinoda; Saku Sugawara; Akiko Aizawa http://arxiv.org/abs/2211.16187 Quantization-aware Interval Bound Propagation for Training Certifiably Robust Quantized Neural Networks. (73%) Mathias Lechner; Đorđe Žikelić; Krishnendu Chatterjee; Thomas A. Henzinger; Daniela Rus http://arxiv.org/abs/2211.16040 AdvMask: A Sparse Adversarial Attack Based Data Augmentation Method for Image Classification. (54%) Suorong Yang; Jinqiao Li; Jian Zhao; Furao Shen http://arxiv.org/abs/2211.16316 A3T: Accuracy Aware Adversarial Training. (10%) Enes Altinisik; Safa Messaoud; Husrev Taha Sencar; Sanjay Chawla http://arxiv.org/abs/2211.16228 Building Resilience to Out-of-Distribution Visual Data via Input Optimization and Model Finetuning. (1%) Christopher J. Holder; Majid Khonji; Jorge Dias; Muhammad Shafique http://arxiv.org/abs/2212.00727 Adversarial Artifact Detection in EEG-Based Brain-Computer Interfaces. (99%) Xiaoqing Chen; Dongrui Wu http://arxiv.org/abs/2211.15926 Interpretations Cannot Be Trusted: Stealthy and Effective Adversarial Perturbations against Interpretable Deep Learning. (95%) Eldor Abdukhamidov; Mohammed Abuhamad; Simon S. Woo; Eric Chan-Tin; Tamer Abuhmed http://arxiv.org/abs/2211.15875 Training Time Adversarial Attack Aiming the Vulnerability of Continual Learning. (83%) Gyojin Han; Jaehyun Choi; Hyeong Gwon Hong; Junmo Kim http://arxiv.org/abs/2211.15900 Towards More Robust Interpretation via Local Gradient Alignment. (76%) Sunghwan Joo; Seokhyeon Jeong; Juyeon Heo; Adrian Weller; Taesup Moon http://arxiv.org/abs/2211.15762 Understanding the Impact of Adversarial Robustness on Accuracy Disparity. (31%) Yuzheng Hu; Fan Wu; Hongyang Zhang; Han Zhao http://arxiv.org/abs/2211.15844 How Important are Good Method Names in Neural Code Generation? A Model Robustness Perspective. (13%) Guang Yang; Yu Zhou; Wenhua Yang; Tao Yue; Xiang Chen; Taolue Chen http://arxiv.org/abs/2211.15180 Rethinking the Number of Shots in Robust Model-Agnostic Meta-Learning. (8%) Xiaoyue Duan; Guoliang Kang; Runqi Wang; Shumin Han; Song Xue; Tian Wang; Baochang Zhang http://arxiv.org/abs/2211.15556 Attack on Unfair ToS Clause Detection: A Case Study using Universal Adversarial Triggers. (8%) Shanshan Xu; Irina Broda; Rashid Haddad; Marco Negrini; Matthias Grabmair http://arxiv.org/abs/2211.15223 Gamma-convergence of a nonlocal perimeter arising in adversarial machine learning. (3%) Leon Bungert; Kerrek Stinson http://arxiv.org/abs/2211.15718 CoNAL: Anticipating Outliers with Large Language Models. (1%) Albert Xu; Xiang Ren; Robin Jia http://arxiv.org/abs/2211.15897 Learning Antidote Data to Individual Unfairness. (1%) Peizhao Li; Ethan Xia; Hongfu Liu http://arxiv.org/abs/2211.15030 Imperceptible Adversarial Attack via Invertible Neural Networks. (99%) Zihan Chen; Ziyue Wang; Junjie Huang; Wentao Zhao; Xiao Liu; Dejian Guan http://arxiv.org/abs/2211.14860 Foiling Explanations in Deep Neural Networks. (98%) Snir Vitrack Tamam; Raz Lapid; Moshe Sipper http://arxiv.org/abs/2211.14769 Navigation as the Attacker Wishes? Towards Building Byzantine-Robust Embodied Agents under Federated Learning. (84%) Yunchao Zhang; Zonglin Di; Kaiwen Zhou; Cihang Xie; Xin Wang http://arxiv.org/abs/2211.14794 Traditional Classification Neural Networks are Good Generators: They are Competitive with DDPMs and GANs. (50%) Guangrun Wang; Philip H. S. Torr http://arxiv.org/abs/2211.14952 Federated Learning Attacks and Defenses: A Survey. (47%) Yao Chen; Yijie Gui; Hong Lin; Wensheng Gan; Yongdong Wu http://arxiv.org/abs/2211.14966 Adversarial Rademacher Complexity of Deep Neural Networks. (47%) Jiancong Xiao; Yanbo Fan; Ruoyu Sun; Zhi-Quan Luo http://arxiv.org/abs/2211.14669 Game Theoretic Mixed Experts for Combinational Adversarial Machine Learning. (99%) Ethan Rathbun; Kaleel Mahmood; Sohaib Ahmad; Caiwen Ding; Dijk Marten van http://arxiv.org/abs/2211.14088 Boundary Adversarial Examples Against Adversarial Overfitting. (99%) Muhammad Zaid Hameed; Beat Buesser http://arxiv.org/abs/2211.14424 Supervised Contrastive Prototype Learning: Augmentation Free Robust Neural Network. (98%) Iordanis Fostiropoulos; Laurent Itti http://arxiv.org/abs/2211.14065 Beyond Smoothing: Unsupervised Graph Representation Learning with Edge Heterophily Discriminating. (3%) Yixin Liu; Yizhen Zheng; Daokun Zhang; Vincent CS Lee; Shirui Pan http://arxiv.org/abs/2211.13991 TrustGAN: Training safe and trustworthy deep learning models through generative adversarial networks. (1%) Hélion du Mas des Bourboux http://arxiv.org/abs/2211.13775 SAGA: Spectral Adversarial Geometric Attack on 3D Meshes. (98%) Tomer Stolik; Itai Lang; Shai Avidan http://arxiv.org/abs/2211.13535 Tracking Dataset IP Use in Deep Neural Networks. (96%) Seonhye Park; Alsharif Abuadbba; Shuo Wang; Kristen Moore; Yansong Gao; Hyoungshick Kim; Surya Nepal http://arxiv.org/abs/2211.13474 Explainable and Safe Reinforcement Learning for Autonomous Air Mobility. (92%) Lei Wang; Hongyu Yang; Yi Lin; Suwan Yin; Yuankai Wu http://arxiv.org/abs/2211.15382 Neural Network Complexity of Chaos and Turbulence. (41%) Tim Whittaker; Romuald A. Janik; Yaron Oz http://arxiv.org/abs/2211.13644 Seeds Don't Lie: An Adaptive Watermarking Framework for Computer Vision Models. (8%) Jacob Shams; Ben Nassi; Ikuya Morikawa; Toshiya Shimizu; Asaf Shabtai; Yuval Elovici http://arxiv.org/abs/2211.13772 Generative Joint Source-Channel Coding for Semantic Image Transmission. (1%) Ecenaz Erdemir; Tze-Yang Tung; Pier Luigi Dragotti; Deniz Gunduz http://arxiv.org/abs/2211.13737 CycleGANWM: A CycleGAN watermarking method for ownership verification. (1%) Dongdong Lin; Benedetta Tondi; Bin Li; Mauro Barni http://arxiv.org/abs/2211.13171 Query Efficient Cross-Dataset Transferable Black-Box Attack on Action Recognition. (99%) Rohit Gupta; Naveed Akhtar; Gaurav Kumar Nayak; Ajmal Mian; Mubarak Shah http://arxiv.org/abs/2211.12990 Adversarial Attacks are a Surprisingly Strong Baseline for Poisoning Few-Shot Meta-Learners. (99%) Elre T. Oldewage; John Bronskill; Richard E. Turner http://arxiv.org/abs/2211.12713 Reliable Robustness Evaluation via Automatically Constructed Attack Ensembles. (76%) Shengcai Liu; Fu Peng; Ke Tang http://arxiv.org/abs/2211.13305 Dual Graphs of Polyhedral Decompositions for the Detection of Adversarial Attacks. (62%) Huma Jamil; Yajing Liu; Christina Cole; Nathaniel Blanchard; Emily J. King; Michael Kirby; Christopher Peterson http://arxiv.org/abs/2211.12864 Privacy-Enhancing Optical Embeddings for Lensless Classification. (11%) Eric Bezzam; Martin Vetterli; Matthieu Simeoni http://arxiv.org/abs/2211.13345 Principled Data-Driven Decision Support for Cyber-Forensic Investigations. (1%) Soodeh Atefi; Sakshyam Panda; Manos Panaousis; Aron Laszka http://arxiv.org/abs/2211.13416 Data Provenance Inference in Machine Learning. (1%) Mingxue Xu; Xiang-Yang Li http://arxiv.org/abs/2211.12681 Benchmarking Adversarially Robust Quantum Machine Learning at Scale. (99%) Maxwell T. West; Sarah M. Erfani; Christopher Leckie; Martin Sevior; Lloyd C. L. Hollenberg; Muhammad Usman http://arxiv.org/abs/2211.12294 PointCA: Evaluating the Robustness of 3D Point Cloud Completion Models Against Adversarial Examples. (99%) Shengshan Hu; Junwei Zhang; Wei Liu; Junhui Hou; Minghui Li; Leo Yu Zhang; Hai Jin; Lichao Sun http://arxiv.org/abs/2211.12314 Attacking Image Splicing Detection and Localization Algorithms Using Synthetic Traces. (98%) Shengbang Fang; Matthew C Stamm http://arxiv.org/abs/2211.12044 Backdoor Cleansing with Unlabeled Data. (75%) Lu Pang; Tao Sun; Haibin Ling; Chao Chen http://arxiv.org/abs/2211.12624 Improving Robust Generalization by Direct PAC-Bayesian Bound Minimization. (70%) Zifan Wang; Nan Ding; Tomer Levinboim; Xi Chen; Radu Soricut http://arxiv.org/abs/2211.12087 SoK: Inference Attacks and Defenses in Human-Centered Wireless Sensing. (69%) Wei Sun; Tingjun Chen; Neil Gong http://arxiv.org/abs/2211.11236 Boosting the Transferability of Adversarial Attacks with Global Momentum Initialization. (99%) Jiafeng Wang; Zhaoyu Chen; Kaixun Jiang; Dingkang Yang; Lingyi Hong; Yan Wang; Wenqiang Zhang http://arxiv.org/abs/2211.11312 Understanding the Vulnerability of Skeleton-based Human Activity Recognition via Black-box Attack. (99%) Yunfeng Diao; He Wang; Tianjia Shao; Yong-Liang Yang; Kun Zhou; David Hogg http://arxiv.org/abs/2211.12005 Self-Ensemble Protection: Training Checkpoints Are Good Data Protectors. (99%) Sizhe Chen; Geng Yuan; Xinwen Cheng; Yifan Gong; Minghai Qin; Yanzhi Wang; Xiaolin Huang http://arxiv.org/abs/2211.11880 Addressing Mistake Severity in Neural Networks with Semantic Knowledge. (92%) Natalie Abreu; Nathan Vaska; Victoria Helus http://arxiv.org/abs/2211.11489 Efficient Generalization Improvement Guided by Random Weight Perturbation. (68%) Tao Li; Weihao Yan; Zehao Lei; Yingwen Wu; Kun Fang; Ming Yang; Xiaolin Huang http://arxiv.org/abs/2211.11711 CLAWSAT: Towards Both Robust and Accurate Code Models. (56%) Jinghan Jia; Shashank Srikant; Tamara Mitrovska; Chuang Gan; Shiyu Chang; Sijia Liu; Una-May O'Reilly http://arxiv.org/abs/2211.11835 Fairness Increases Adversarial Vulnerability. (54%) Cuong Tran; Keyu Zhu; Ferdinando Fioretto; Henternyck Pascal Van http://arxiv.org/abs/2211.14440 Don't Watch Me: A Spatio-Temporal Trojan Attack on Deep-Reinforcement-Learning-Augment Autonomous Driving. (10%) Yinbo Yu; Jiajia Liu http://arxiv.org/abs/2211.11321 SPIN: Simulated Poisoning and Inversion Network for Federated Learning-Based 6G Vehicular Networks. (8%) Sunder Ali Khowaja; Parus Khuwaja; Kapal Dev; Angelos Antonopoulos http://arxiv.org/abs/2211.11958 A Survey on Backdoor Attack and Defense in Natural Language Processing. (2%) Xuan Sheng; Zhaoyang Han; Piji Li; Xiangmao Chang http://arxiv.org/abs/2211.11635 Understanding and Improving Visual Prompting: A Label-Mapping Perspective. (2%) Aochuan Chen; Yuguang Yao; Pin-Yu Chen; Yihua Zhang; Sijia Liu http://arxiv.org/abs/2211.11300 Multi-Level Knowledge Distillation for Out-of-Distribution Detection in Text. (1%) Qianhui Wu; Huiqiang Jiang; Haonan Yin; Börje F. Karlsson; Chin-Yew Lin http://arxiv.org/abs/2211.11434 Privacy in Practice: Private COVID-19 Detection in X-Ray Images. (1%) Lucas Lange; Maja Schneider; Erhard Rahm http://arxiv.org/abs/2211.11357 A Tale of Frozen Clouds: Quantifying the Impact of Algorithmic Complexity Vulnerabilities in Popular Web Servers. (1%) Masudul Hasan Masud Bhuiyan; Cristian-Alexandru Staicu http://arxiv.org/abs/2211.10896 Spectral Adversarial Training for Robust Graph Neural Network. (99%) Jintang Li; Jiaying Peng; Liang Chen; Zibin Zheng; Tingting Liang; Qing Ling http://arxiv.org/abs/2211.10933 Invisible Backdoor Attack with Dynamic Triggers against Person Re-identification. (81%) Wenli Sun; Xinyang Jiang; Shuguang Dou; Dongsheng Li; Duoqian Miao; Cheng Deng; Cairong Zhao http://arxiv.org/abs/2211.11127 Taming Reachability Analysis of DNN-Controlled Systems via Abstraction-Based Training. (47%) Jiaxu Tian; Dapeng Zhi; Si Liu; Peixin Wang; Guy Katz; Min Zhang http://arxiv.org/abs/2211.11030 Adversarial Cheap Talk. (8%) Chris Lu; Timon Willi; Alistair Letcher; Jakob Foerster http://arxiv.org/abs/2211.11039 Deep Composite Face Image Attacks: Generation, Vulnerability and Detection. (2%) Jag Mohan Singh; Raghavendra Ramachandra http://arxiv.org/abs/2211.10938 AI-KD: Adversarial learning and Implicit regularization for self-Knowledge Distillation. (2%) Hyungmin Kim; Sungho Suh; Sunghyun Baek; Daehwan Kim; Daun Jeong; Hansang Cho; Junmo Kim http://arxiv.org/abs/2211.10670 Towards Adversarial Robustness of Deep Vision Algorithms. (92%) Hanshu Yan http://arxiv.org/abs/2211.10661 Phonemic Adversarial Attack against Audio Recognition in Real World. (87%) Jiakai Wang; Zhendong Chen; Zixin Yin; Qinghong Yang; Xianglong Liu http://arxiv.org/abs/2211.10752 Towards Robust Dataset Learning. (82%) Yihan Wu; Xinda Li; Florian Kerschbaum; Heng Huang; Hongyang Zhang http://arxiv.org/abs/2211.10782 Let Graph be the Go Board: Gradient-free Node Injection Attack for Graph Neural Networks via Reinforcement Learning. (80%) Mingxuan Ju; Yujie Fan; Chuxu Zhang; Yanfang Ye http://arxiv.org/abs/2211.10747 Exploring validation metrics for offline model-based optimisation with diffusion models. (75%) Christopher Beckham; Alexandre Piche; David Vazquez; Christopher Pal http://arxiv.org/abs/2211.10843 Mask Off: Analytic-based Malware Detection By Transfer Learning and Model Personalization. (9%) Amirmohammad Pasdar; Young Choon Lee; Seok-Hee Hong http://arxiv.org/abs/2211.10603 Investigating the Security of EV Charging Mobile Applications As an Attack Surface. (1%) K. Sarieddine; M. A. Sayed; S. Torabi; R. Atallah; C. Assi http://arxiv.org/abs/2211.10033 Adversarial Stimuli: Attacking Brain-Computer Interfaces via Perturbed Sensory Events. (98%) Bibek Upadhayay; Vahid Behzadan http://arxiv.org/abs/2211.10227 Adversarial Detection by Approximation of Ensemble Boundary. (91%) T. Windeatt http://arxiv.org/abs/2211.10209 Leveraging Algorithmic Fairness to Mitigate Blackbox Attribute Inference Attacks. (68%) Jan Aalmoes; Vasisht Duddu; Antoine Boutet http://arxiv.org/abs/2211.10370 Invariant Learning via Diffusion Dreamed Distribution Shifts. (10%) Priyatham Kattakinda; Alexander Levine; Soheil Feizi http://arxiv.org/abs/2211.10062 Intrusion Detection in Internet of Things using Convolutional Neural Networks. (1%) Martin Kodys; Zhi Lu; Kar Wai Fok; Vrizlynn L. L. Thing http://arxiv.org/abs/2211.10095 Improving Robustness of TCM-based Robust Steganography with Variable Robustness. (1%) Jimin Zhang; Xianfeng Zhao; Xiaolei He http://arxiv.org/abs/2211.10530 Provable Defense against Backdoor Policies in Reinforcement Learning. (1%) Shubham Kumar Bharti; Xuezhou Zhang; Adish Singla; Xiaojin Zhu http://arxiv.org/abs/2211.10586 Scaling Up Dataset Distillation to ImageNet-1K with Constant Memory. (1%) Justin Cui; Ruochen Wang; Si Si; Cho-Jui Hsieh http://arxiv.org/abs/2211.10024 Diagnostics for Deep Neural Networks with Automated Copy/Paste Attacks. (99%) Stephen Casper; Kaivalya Hariharan; Dylan Hadfield-Menell http://arxiv.org/abs/2211.09565 Towards Good Practices in Evaluating Transfer Adversarial Attacks. (93%) Zhengyu Zhao; Hanwei Zhang; Renjue Li; Ronan Sicre; Laurent Amsaleg; Michael Backes http://arxiv.org/abs/2211.09782 Assessing Neural Network Robustness via Adversarial Pivotal Tuning. (92%) Peter Ebert Christensen; Vésteinn Snæbjarnarson; Andrea Dittadi; Serge Belongie; Sagie Benaim http://arxiv.org/abs/2211.09717 UPTON: Unattributable Authorship Text via Data Poisoning. (86%) Ziyao Wang; Thai Le; Dongwon Lee http://arxiv.org/abs/2211.09363 Generalizable Deepfake Detection with Phase-Based Motion Analysis. (50%) Ekta Prashnani; Michael Goebel; B. S. Manjunath http://arxiv.org/abs/2211.09345 More Effective Centrality-Based Attacks on Weighted Networks. (15%) Balume Mburano; Weisheng Si; Qing Cao; Wei Xing Zheng http://arxiv.org/abs/2211.09959 Potential Auto-driving Threat: Universal Rain-removal Attack. (2%) Jinchegn Hu; Jihao Li; Zhuoran Hou; Jingjing Jiang; Cunjia Liu; Yuanjian Zhang http://arxiv.org/abs/2211.09859 Data-Centric Debugging: mitigating model failures via targeted data collection. (1%) Sahil Singla; Atoosa Malemir Chegini; Mazda Moayeri; Soheil Feiz http://arxiv.org/abs/2211.10012 A Tale of Two Cities: Data and Configuration Variances in Robust Deep Learning. (1%) Guanqin Zhang; Jiankun Sun; Feng Xu; H. M. N. Dilum Bandara; Shiping Chen; Yulei Sui; Tim Menzies http://arxiv.org/abs/2211.09945 VeriSparse: Training Verified Locally Robust Sparse Neural Networks from Scratch. (1%) Sawinder Kaur; Yi Xiao; Asif Salekin http://arxiv.org/abs/2211.09773 T-SEA: Transfer-based Self-Ensemble Attack on Object Detection. (99%) Hao Huang; Ziyan Chen; Huanran Chen; Yongtao Wang; Kevin Zhang http://arxiv.org/abs/2211.08706 Efficiently Finding Adversarial Examples with DNN Preprocessing. (99%) Avriti Chauhan; Mohammad Afzal; Hrishikesh Karmarkar; Yizhak Elboher; Kumar Madhukar; Guy Katz http://arxiv.org/abs/2211.08686 Improving Interpretability via Regularization of Neural Activation Sensitivity. (92%) Ofir Moshe; Gil Fidel; Ron Bitton; Asaf Shabtai http://arxiv.org/abs/2211.08859 Attacking Object Detector Using A Universal Targeted Label-Switch Patch. (86%) Avishag Shapira; Ron Bitton; Dan Avraham; Alon Zolfi; Yuval Elovici; Asaf Shabtai http://arxiv.org/abs/2211.08942 Differentially Private Optimizers Can Learn Adversarially Robust Models. (83%) Yuan Zhang; Zhiqi Bu http://arxiv.org/abs/2211.09321 Interpretable Dimensionality Reduction by Feature Preserving Manifold Approximation and Projection. (56%) Yang Yang; Hongjian Sun; Jialei Gong; Di Yu http://arxiv.org/abs/2211.09273 Privacy against Real-Time Speech Emotion Detection via Acoustic Adversarial Evasion of Machine Learning. (38%) Brian Testa; Yi Xiao; Harshit Sharma; Avery Gump; Asif Salekin http://arxiv.org/abs/2211.09110 Holistic Evaluation of Language Models. (2%) Percy Liang; Rishi Bommasani; Tony Lee; Dimitris Tsipras; Dilara Soylu; Michihiro Yasunaga; Yian Zhang; Deepak Narayanan; Yuhuai Wu; Ananya Kumar; Benjamin Newman; Binhang Yuan; Bobby Yan; Ce Zhang; Christian Cosgrove; Christopher D. Manning; Christopher Ré; Diana Acosta-Navas; Drew A. Hudson; Eric Zelikman; Esin Durmus; Faisal Ladhak; Frieda Rong; Hongyu Ren; Huaxiu Yao; Jue Wang; Keshav Santhanam; Laurel Orr; Lucia Zheng; Mert Yuksekgonul; Mirac Suzgun; Nathan Kim; Neel Guha; Niladri Chatterji; Omar Khattab; Peter Henderson; Qian Huang; Ryan Chi; Sang Michael Xie; Shibani Santurkar; Surya Ganguli; Tatsunori Hashimoto; Thomas Icard; Tianyi Zhang; Vishrav Chaudhary; William Wang; Xuechen Li; Yifan Mai; Yuhui Zhang; Yuta Koreeda http://arxiv.org/abs/2211.08804 Analysis and Detectability of Offline Data Poisoning Attacks on Linear Systems. (1%) Alessio Russo; Alexandre Proutiere http://arxiv.org/abs/2211.08068 Resisting Graph Adversarial Attack via Cooperative Homophilous Augmentation. (99%) Zhihao Zhu; Chenwang Wu; Min Zhou; Hao Liao; Defu Lian; Enhong Chen http://arxiv.org/abs/2211.08384 Universal Distributional Decision-based Black-box Adversarial Attack with Reinforcement Learning. (99%) Yiran Huang; Yexu Zhou; Michael Hefenbrock; Till Riedel; Likun Fang; Michael Beigl http://arxiv.org/abs/2211.08008 MORA: Improving Ensemble Robustness Evaluation with Model-Reweighing Attack. (99%) Yunrui Yu; Xitong Gao; Cheng-Zhong Xu http://arxiv.org/abs/2211.08657 Person Text-Image Matching via Text-Featur Interpretability Embedding and External Attack Node Implantation. (92%) Fan Li; Hang Zhou; Huafeng Li; Yafei Zhang; Zhengtao Yu http://arxiv.org/abs/2211.07915 Backdoor Attacks on Time Series: A Generative Approach. (70%) Yujing Jiang; Xingjun Ma; Sarah Monazam Erfani; James Bailey http://arxiv.org/abs/2211.08229 CorruptEncoder: Data Poisoning based Backdoor Attacks to Contrastive Learning. (61%) Jinghuai Zhang; Hongbin Liu; Jinyuan Jia; Neil Zhenqiang Gong http://arxiv.org/abs/2211.08453 Improved techniques for deterministic l2 robustness. (22%) Sahil Singla; Soheil Feizi http://arxiv.org/abs/2211.08044 Backdoor Attacks for Remote Sensing Data with Wavelet Transform. (12%) Nikolaus Dräger; Yonghao Xu; Pedram Ghamisi http://arxiv.org/abs/2211.07263 Efficient Adversarial Training with Robust Early-Bird Tickets. (92%) Zhiheng Xi; Rui Zheng; Tao Gui; Qi Zhang; Xuanjing Huang http://arxiv.org/abs/2211.07383 Attacking Face Recognition with T-shirts: Database, Vulnerability Assessment and Detection. (13%) M. Ibsen; C. Rathgeb; F. Brechtel; R. Klepp; K. Pöppelmann; A. George; S. Marcel; C. Busch http://arxiv.org/abs/2211.07455 Towards Robust Numerical Question Answering: Diagnosing Numerical Capabilities of NLP Systems. (5%) Jialiang Xu; Mengyu Zhou; Xinyi He; Shi Han; Dongmei Zhang http://arxiv.org/abs/2211.07650 Explainer Divergence Scores (EDS): Some Post-Hoc Explanations May be Effective for Detecting Unknown Spurious Correlations. (5%) Shea Cardozo; Gabriel Islas Montero; Dmitry Kazhdan; Botty Dimanov; Maleakhi Wijaya; Mateja Jamnik; Pietro Lio http://arxiv.org/abs/2211.07277 Robustifying Deep Vision Models Through Shape Sensitization. (2%) Aditay Tripathi; Rishubh Singh; Anirban Chakraborty; Pradeep Shenoy http://arxiv.org/abs/2211.09810 Certifying Robustness of Convolutional Neural Networks with Tight Linear Approximation. (26%) Yuan Xiao; Tongtong Bai; Mingzheng Gu; Chunrong Fang; Zhenyu Chen http://arxiv.org/abs/2211.06788 Adversarial and Random Transformations for Robust Domain Adaptation and Generalization. (75%) Liang Xiao; Jiaolong Xu; Dawei Zhao; Erke Shang; Qi Zhu; Bin Dai http://arxiv.org/abs/2211.06757 DriftRec: Adapting diffusion models to blind JPEG restoration. (1%) Simon Welker; Henry N. Chapman; Timo Gerkmann http://arxiv.org/abs/2211.06571 Generating Textual Adversaries with Minimal Perturbation. (98%) Xingyi Zhao; Lu Zhang; Depeng Xu; Shuhan Yuan http://arxiv.org/abs/2211.06508 On the robustness of non-intrusive speech quality model by adversarial examples. (98%) Hsin-Yi Lin; Huan-Hsin Tseng; Yu Tsao http://arxiv.org/abs/2211.06500 An investigation of security controls and MITRE ATT\&CK techniques. (47%) Md Rayhanur Rahman; Laurie Williams http://arxiv.org/abs/2211.06495 Investigating co-occurrences of MITRE ATT\&CK Techniques. (12%) Md Rayhanur Rahman; Laurie Williams http://arxiv.org/abs/2211.06056 Remapped Cache Layout: Thwarting Cache-Based Side-Channel Attacks with a Hardware Defense. (9%) Wei Song; Rui Hou; Peng Liu; Xiaoxin Li; Peinan Li; Lutan Zhao; Xiaofei Fu; Yifei Sun; Dan Meng http://arxiv.org/abs/2211.05854 Test-time adversarial detection and robustness for localizing humans using ultra wide band channel impulse responses. (99%) Abhiram Kolli; Muhammad Jehanzeb Mirza; Horst Possegger; Horst Bischof http://arxiv.org/abs/2211.05523 Impact of Adversarial Training on Robustness and Generalizability of Language Models. (99%) Enes Altinisik; Hassan Sajjad; Husrev Taha Sencar; Safa Messaoud; Sanjay Chawla http://arxiv.org/abs/2211.05446 Privacy-Utility Balanced Voice De-Identification Using Adversarial Examples. (98%) Meng Chen; Li Lu; Jiadi Yu; Yingying Chen; Zhongjie Ba; Feng Lin; Kui Ren http://arxiv.org/abs/2211.05410 Stay Home Safe with Starving Federated Data. (80%) Jaechul Roh; Yajun Fang http://arxiv.org/abs/2211.05371 MSDT: Masked Language Model Scoring Defense in Text Domain. (38%) Jaechul Roh; Minhao Cheng; Yajun Fang http://arxiv.org/abs/2211.09954 Robust DNN Surrogate Models with Uncertainty Quantification via Adversarial Training. (3%) Lixiang Zhang; Jia Li http://arxiv.org/abs/2211.05347 Mitigating Forgetting in Online Continual Learning via Contrasting Semantically Distinct Augmentations. (1%) Sheng-Feng Yu; Wei-Chen Chiu http://arxiv.org/abs/2211.04780 On the Robustness of Explanations of Deep Neural Network Models: A Survey. (50%) Amlan Jyoti; Karthik Balaji Ganesh; Manoj Gayala; Nandita Lakshmi Tunuguntla; Sandesh Kamath; Vineeth N Balasubramanian http://arxiv.org/abs/2211.05184 Are All Edges Necessary? A Unified Framework for Graph Purification. (5%) Zishan Gu; Jintang Li; Liang Chen http://arxiv.org/abs/2211.05249 QuerySnout: Automating the Discovery of Attribute Inference Attacks against Query-Based Systems. (3%) Ana-Maria Cretu; Florimond Houssiau; Antoine Cully; Montjoye Yves-Alexandre de http://arxiv.org/abs/2211.04946 Accountable and Explainable Methods for Complex Reasoning over Text. (2%) Pepa Atanasova http://arxiv.org/abs/2211.04686 Directional Privacy for Deep Learning. (1%) Pedro Faustini; Natasha Fernandes; Shakila Tonni; Annabelle McIver; Mark Dras http://arxiv.org/abs/2211.04205 Preserving Semantics in Textual Adversarial Attacks. (99%) David Herel; Hugo Cisneros; Tomas Mikolov http://arxiv.org/abs/2211.04364 NaturalAdversaries: Can Naturalistic Adversaries Be as Effective as Artificial Adversaries? (98%) Saadia Gabriel; Hamid Palangi; Yejin Choi http://arxiv.org/abs/2211.11534 How Fraudster Detection Contributes to Robust Recommendation. (67%) Yuni Lai; Kai Zhou http://arxiv.org/abs/2211.04674 Lipschitz Continuous Algorithms for Graph Problems. (16%) Soh Kumabe; Yuichi Yoshida http://arxiv.org/abs/2211.04177 Learning advisor networks for noisy image classification. (1%) Simone Ricci; Tiberio Uricchio; Bimbo Alberto Del http://arxiv.org/abs/2211.03769 Are AlphaZero-like Agents Robust to Adversarial Perturbations? (99%) Li-Cheng Lan; Huan Zhang; Ti-Rong Wu; Meng-Yu Tsai; I-Chen Wu; Cho-Jui Hsieh http://arxiv.org/abs/2211.03509 Black-Box Attack against GAN-Generated Image Detector with Contrastive Perturbation. (82%) Zijie Lou; Gang Cao; Man Lin http://arxiv.org/abs/2211.03714 Deviations in Representations Induced by Adversarial Attacks. (70%) Daniel Steinberg; Paul Munro http://arxiv.org/abs/2211.03933 A Hypergraph-Based Machine Learning Ensemble Network Intrusion Detection System. (1%) Zong-Zhi Lin; Thomas D. Pike; Mark M. Bailey; Nathaniel D. Bastian http://arxiv.org/abs/2211.03637 Interpreting deep learning output for out-of-distribution detection. (1%) Damian Matuszewski; Ida-Maria Sintorn http://arxiv.org/abs/2211.03489 Resilience of Wireless Ad Hoc Federated Learning against Model Poisoning Attacks. (1%) Naoya Tezuka; Hideya Ochiai; Yuwei Sun; Hiroshi Esaki http://arxiv.org/abs/2211.03073 Contrastive Weighted Learning for Near-Infrared Gaze Estimation. (31%) Adam Lee http://arxiv.org/abs/2211.02878 Textual Manifold-based Defense Against Natural Language Adversarial Examples. (99%) Dang Minh Nguyen; Luu Anh Tuan http://arxiv.org/abs/2211.02885 Stateful Detection of Adversarial Reprogramming. (96%) Yang Zheng; Xiaoyi Feng; Zhaoqiang Xia; Xiaoyue Jiang; Maura Pintor; Ambra Demontis; Battista Biggio; Fabio Roli http://arxiv.org/abs/2211.03013 Robust Lottery Tickets for Pre-trained Language Models. (83%) Rui Zheng; Rong Bao; Yuhao Zhou; Di Liang; Sirui Wang; Wei Wu; Tao Gui; Qi Zhang; Xuanjing Huang http://arxiv.org/abs/2211.02468 Improving Adversarial Robustness to Sensitivity and Invariance Attacks with Deep Metric Learning. (99%) Anaelia Ovalle; Evan Czyzycki; Cho-Jui Hsieh http://arxiv.org/abs/2211.02272 Logits are predictive of network type. (68%) Ali Borji http://arxiv.org/abs/2211.02675 An Adversarial Robustness Perspective on the Topology of Neural Networks. (64%) Morgane Goibert; Thomas Ricatte; Elvis Dohmatob http://arxiv.org/abs/2211.04449 Fairness-aware Regression Robust to Adversarial Attacks. (38%) Yulu Jin; Lifeng Lai http://arxiv.org/abs/2211.02755 Extension of Simple Algorithms to the Matroid Secretary Problem. (9%) Simon Park http://arxiv.org/abs/2211.02646 Robustness of Fusion-based Multimodal Classifiers to Cross-Modal Content Dilutions. (3%) Gaurav Verma; Vishwa Vinay; Ryan A. Rossi; Srijan Kumar http://arxiv.org/abs/2211.02578 Data Models for Dataset Drift Controls in Machine Learning With Images. (1%) Luis Oala; Marco Aversa; Gabriel Nobis; Kurt Willis; Yoan Neuenschwander; Michèle Buck; Christian Matek; Jerome Extermann; Enrico Pomarico; Wojciech Samek; Roderick Murray-Smith; Christoph Clausen; Bruno Sanguinetti http://arxiv.org/abs/2211.01671 Physically Adversarial Attacks and Defenses in Computer Vision: A Survey. (99%) Xingxing Wei; Bangzheng Pu; Jiefan Lu; Baoyuan Wu http://arxiv.org/abs/2211.02223 Adversarial Defense via Neural Oscillation inspired Gradient Masking. (98%) Chunming Jiang; Yilei Zhang http://arxiv.org/abs/2211.01875 M-to-N Backdoor Paradigm: A Stealthy and Fuzzy Attack to Deep Learning Models. (98%) Linshan Hou; Zhongyun Hua; Yuhong Li; Leo Yu Zhang http://arxiv.org/abs/2211.01598 Robust Few-shot Learning Without Using any Adversarial Samples. (89%) Gaurav Kumar Nayak; Ruchit Rawal; Inder Khatri; Anirban Chakraborty http://arxiv.org/abs/2211.01579 Data-free Defense of Black Box Models Against Adversarial Attacks. (84%) Gaurav Kumar Nayak; Inder Khatri; Shubham Randive; Ruchit Rawal; Anirban Chakraborty http://arxiv.org/abs/2211.01621 Leveraging Domain Features for Detecting Adversarial Attacks Against Deep Speech Recognition in Noise. (38%) Christian Heider Nielsen; Zheng-Hua Tan http://arxiv.org/abs/2211.01592 Try to Avoid Attacks: A Federated Data Sanitization Defense for Healthcare IoMT Systems. (33%) Chong Chen; Ying Gao; Leyu Shi; Siquan Huang http://arxiv.org/abs/2211.02245 Unintended Memorization and Timing Attacks in Named Entity Recognition Models. (12%) Rana Salal Ali; Benjamin Zi Hao Zhao; Hassan Jameel Asghar; Tham Nguyen; Ian David Wood; Dali Kaafar http://arxiv.org/abs/2211.01182 Defending with Errors: Approximate Computing for Robustness of Deep Neural Networks. (99%) Amira Guesmi; Ihsen Alouani; Khaled N. Khasawneh; Mouna Baklouti; Tarek Frikha; Mohamed Abid; Nael Abu-Ghazaleh http://arxiv.org/abs/2211.01093 Improving transferability of 3D adversarial attacks with scale and shear transformations. (99%) Jinali Zhang; Yinpeng Dong; Jun Zhu; Jihong Zhu; Minchi Kuang; Xiaming Yuan http://arxiv.org/abs/2211.00887 Certified Robustness of Quantum Classifiers against Adversarial Examples through Quantum Noise. (99%) Jhih-Cing Huang; Yu-Lin Tsai; Chao-Han Huck Yang; Cheng-Fang Su; Chia-Mu Yu; Pin-Yu Chen; Sy-Yen Kuo http://arxiv.org/abs/2211.01112 Adversarial Attack on Radar-based Environment Perception Systems. (99%) Amira Guesmi; Ihsen Alouani http://arxiv.org/abs/2211.01236 Isometric Representations in Neural Networks Improve Robustness. (62%) Kosio Beshkov; Jonas Verhellen; Mikkel Elle Lepperød http://arxiv.org/abs/2211.01806 BATT: Backdoor Attack with Transformation-based Triggers. (56%) Tong Xu; Yiming Li; Yong Jiang; Shu-Tao Xia http://arxiv.org/abs/2211.05638 Untargeted Backdoor Attack against Object Detection. (50%) Chengxiao Luo; Yiming Li; Yong Jiang; Shu-Tao Xia http://arxiv.org/abs/2211.09728 Generative Adversarial Training Can Improve Neural Language Models. (33%) Sajad Movahedi; Azadeh Shakery http://arxiv.org/abs/2211.05631 Backdoor Defense via Suppressing Model Shortcuts. (3%) Sheng Yang; Yiming Li; Yong Jiang; Shu-Tao Xia http://arxiv.org/abs/2211.01202 Human-in-the-Loop Mixup. (1%) Katherine M. Collins; Umang Bhatt; Weiyang Liu; Vihari Piratla; Ilia Sucholutsky; Bradley Love; Adrian Weller http://arxiv.org/abs/2211.00525 The Enemy of My Enemy is My Friend: Exploring Inverse Adversaries for Improving Adversarial Training. (99%) Junhao Dong; Seyed-Mohsen Moosavi-Dezfooli; Jianhuang Lai; Xiaohua Xie http://arxiv.org/abs/2211.00825 LMD: A Learnable Mask Network to Detect Adversarial Examples for Speaker Verification. (99%) Xing Chen; Jie Wang; Xiao-Lei Zhang; Wei-Qiang Zhang; Kunde Yang http://arxiv.org/abs/2211.00322 DensePure: Understanding Diffusion Models towards Adversarial Robustness. (98%) Chaowei Xiao; Zhongzhu Chen; Kun Jin; Jiongxiao Wang; Weili Nie; Mingyan Liu; Anima Anandkumar; Bo Li; Dawn Song http://arxiv.org/abs/2211.00269 Adversarial Training with Complementary Labels: On the Benefit of Gradually Informative Attacks. (87%) Jianan Zhou; Jianing Zhu; Jingfeng Zhang; Tongliang Liu; Gang Niu; Bo Han; Masashi Sugiyama http://arxiv.org/abs/2211.00366 Universal Perturbation Attack on Differentiable No-Reference Image- and Video-Quality Metrics. (82%) Ekaterina Shumitskaya; Anastasia Antsiferova; Dmitriy Vatolin http://arxiv.org/abs/2211.00453 The Perils of Learning From Unlabeled Data: Backdoor Attacks on Semi-supervised Learning. (80%) Virat Shejwalkar; Lingjuan Lyu; Amir Houmansadr http://arxiv.org/abs/2211.00748 Maximum Likelihood Distillation for Robust Modulation Classification. (69%) Javier Maroto; Gérôme Bovet; Pascal Frossard http://arxiv.org/abs/2211.00294 FRSUM: Towards Faithful Abstractive Summarization via Enhancing Factual Robustness. (45%) Wenhao Wu; Wei Li; Jiachen Liu; Xinyan Xiao; Ziqiang Cao; Sujian Li; Hua Wu http://arxiv.org/abs/2211.00463 Amplifying Membership Exposure via Data Poisoning. (22%) Yufei Chen; Chao Shen; Yun Shen; Cong Wang; Yang Zhang http://arxiv.org/abs/2211.00273 ActGraph: Prioritization of Test Cases Based on Deep Neural Network Activation Graph. (13%) Jinyin Chen; Jie Ge; Haibin Zheng http://arxiv.org/abs/2210.17140 Scoring Black-Box Models for Adversarial Robustness. (98%) Jian Vora; Pranay Reddy Samala http://arxiv.org/abs/2211.00239 ARDIR: Improving Robustness using Knowledge Distillation of Internal Representation. (88%) Tomokatsu Takahashi; Masanori Yamada; Yuuki Yamanaka; Tomoya Yamashita http://arxiv.org/abs/2210.17376 SoK: Modeling Explainability in Security Analytics for Interpretability, Trustworthiness, and Usability. (33%) Dipkamal Bhusal; Rosalyn Shin; Ajay Ashok Shewale; Monish Kumar Manikya Veerabhadran; Michael Clifford; Sara Rampazzi; Nidhi Rastogi http://arxiv.org/abs/2210.17546 Preventing Verbatim Memorization in Language Models Gives a False Sense of Privacy. (16%) Daphne Ippolito; Florian Tramèr; Milad Nasr; Chiyuan Zhang; Matthew Jagielski; Katherine Lee; Christopher A. Choquette-Choo; Nicholas Carlini http://arxiv.org/abs/2210.17029 Poison Attack and Defense on Deep Source Code Processing Models. (99%) Jia Li; Zhuo Li; Huangzhao Zhang; Ge Li; Zhi Jin; Xing Hu; Xin Xia http://arxiv.org/abs/2210.17004 Character-level White-Box Adversarial Attacks against Transformers via Attachable Subwords Substitution. (99%) Aiwei Liu; Honghai Yu; Xuming Hu; Shu'ang Li; Li Lin; Fukun Ma; Yawen Yang; Lijie Wen http://arxiv.org/abs/2210.16765 Benchmarking Adversarial Patch Against Aerial Detection. (99%) Jiawei Lian; Shaohui Mei; Shun Zhang; Mingyang Ma http://arxiv.org/abs/2210.16777 Symmetric Saliency-based Adversarial Attack To Speaker Identification. (92%) Jiadi Yao; Xing Chen; Xiao-Lei Zhang; Wei-Qiang Zhang; Kunde Yang http://arxiv.org/abs/2210.16940 FI-ODE: Certified and Robust Forward Invariance in Neural ODEs. (61%) Yujia Huang; Ivan Dario Jimenez Rodriguez; Huan Zhang; Yuanyuan Shi; Yisong Yue http://arxiv.org/abs/2210.16915 Imitating Opponent to Win: Adversarial Policy Imitation Learning in Two-player Competitive Games. (9%) The Viet Bui; Tien Mai; Thanh H. Nguyen http://arxiv.org/abs/2210.16690 On the Need of Neuromorphic Twins to Detect Denial-of-Service Attacks on Communication Networks. (10%) Holger Boche; Rafael F. Schaefer; H. Vincent Poor; Frank H. P. Fitzek http://arxiv.org/abs/2210.15997 Universal Adversarial Directions. (99%) Ching Lam Choi; Farzan Farnia http://arxiv.org/abs/2210.16117 Improving the Transferability of Adversarial Attacks on Face Recognition with Beneficial Perturbation Feature Augmentation. (99%) Fengfan Zhou; Hefei Ling; Yuxuan Shi; Jiazhong Chen; Zongyi Li; Ping Li http://arxiv.org/abs/2210.16346 Improving Hyperspectral Adversarial Robustness Under Multiple Attacks. (98%) Nicholas Soucy; Salimeh Yasaei Sekeh http://arxiv.org/abs/2210.16371 Distributed Black-box Attack against Image Classification Cloud Services. (95%) Han Wu; Sareh Rowlands; Johan Wahlstrom http://arxiv.org/abs/2210.15944 RoChBert: Towards Robust BERT Fine-tuning for Chinese. (75%) Zihan Zhang; Jinfeng Li; Ning Shi; Bo Yuan; Xiangyu Liu; Rong Zhang; Hui Xue; Donghong Sun; Chao Zhang http://arxiv.org/abs/2210.16451 Robust Boosting Forests with Richer Deep Feature Hierarchy. (56%) Jianqiao Wangni http://arxiv.org/abs/2210.16140 Localized Randomized Smoothing for Collective Robustness Certification. (26%) Jan Schuchardt; Tom Wollschläger; Aleksandar Bojchevski; Stephan Günnemann http://arxiv.org/abs/2210.16114 Towards Reliable Neural Specifications. (11%) Chuqin Geng; Nham Le; Xiaojie Xu; Zhaoyue Wang; Arie Gurfinkel; Xujie Si http://arxiv.org/abs/2210.16258 On the Vulnerability of Data Points under Multiple Membership Inference Attacks and Target Models. (1%) Mauro Conti; Jiaxin Li; Stjepan Picek http://arxiv.org/abs/2210.15700 TAD: Transfer Learning-based Multi-Adversarial Detection of Evasion Attacks against Network Intrusion Detection Systems. (99%) Islam Debicha; Richard Bauwens; Thibault Debatty; Jean-Michel Dricot; Tayeb Kenaza; Wim Mees http://arxiv.org/abs/2210.15291 Isometric 3D Adversarial Examples in the Physical World. (99%) Yibo Miao; Yinpeng Dong; Jun Zhu; Xiao-Shan Gao http://arxiv.org/abs/2210.15392 LeNo: Adversarial Robust Salient Object Detection Networks with Learnable Noise. (92%) He Tang; He Wang http://arxiv.org/abs/2210.15221 TASA: Deceiving Question Answering Models by Twin Answer Sentences Attack. (92%) Yu Cao; Dianqi Li; Meng Fang; Tianyi Zhou; Jun Gao; Yibing Zhan; Dacheng Tao http://arxiv.org/abs/2210.15318 Efficient and Effective Augmentation Strategy for Adversarial Training. (56%) Sravanti Addepalli; Samyak Jain; R. Venkatesh Babu http://arxiv.org/abs/2210.15764 Noise Injection Node Regularization for Robust Learning. (2%) Noam Levi; Itay M. Bloch; Marat Freytsis; Tomer Volansky http://arxiv.org/abs/2210.15176 Domain Adaptive Object Detection for Autonomous Driving under Foggy Weather. (1%) Jinlong Li; Runsheng Xu; Jin Ma; Qin Zou; Jiaqi Ma; Hongkai Yu http://arxiv.org/abs/2210.15068 Improving Adversarial Robustness with Self-Paced Hard-Class Pair Reweighting. (99%) Pengyue Hou; Jie Han; Xingyu Li http://arxiv.org/abs/2210.17316 There is more than one kind of robustness: Fooling Whisper with adversarial examples. (98%) Raphael Olivier; Bhiksha Raj http://arxiv.org/abs/2210.14957 Disentangled Text Representation Learning with Information-Theoretic Perspective for Adversarial Robustness. (86%) Jiahao Zhao; Wenji Mao http://arxiv.org/abs/2210.14814 BioNLI: Generating a Biomedical NLI Dataset Using Lexico-semantic Constraints for Adversarial Examples. (75%) Mohaddeseh Bastan; Mihai Surdeanu; Niranjan Balasubramanian http://arxiv.org/abs/2210.14999 EIPSIM: Modeling Secure IP Address Allocation at Cloud Scale. (11%) Eric University of Wisconsin-Madison Pauley; Kyle Pennsylvania State University Domico; Blaine University of Wisconsin-Madison Hoak; Ryan University of Wisconsin-Madison Sheatsley; Quinn University of Wisconsin-Madison Burke; Yohan University of Wisconsin-Madison Beugin; Patrick University of Wisconsin-Madison McDaniel http://arxiv.org/abs/2210.15140 V-Cloak: Intelligibility-, Naturalness- & Timbre-Preserving Real-Time Voice Anonymization. (10%) Jiangyi Zhejiang University Deng; Fei Zhejiang University Teng; Yanjiao Zhejiang University Chen; Xiaofu Wuhan University Chen; Zhaohui Wuhan University Wang; Wenyuan Zhejiang University Xu http://arxiv.org/abs/2210.15127 Rethinking the Reverse-engineering of Trojan Triggers. (5%) Zhenting Wang; Kai Mei; Hailun Ding; Juan Zhai; Shiqing Ma http://arxiv.org/abs/2210.14632 Cover Reproducible Steganography via Deep Generative Models. (1%) Kejiang Chen; Hang Zhou; Yaofei Wang; Menghan Li; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/2210.14622 DEMIS: A Threat Model for Selectively Encrypted Visual Surveillance Data. (1%) Ifeoluwapo Aribilola; Mamoona Naveed Asghar; Brian Lee http://arxiv.org/abs/2210.15042 Privately Fine-Tuning Large Language Models with Differential Privacy. (1%) Rouzbeh Behnia; Mohamamdreza Ebrahimi; Jason Pacheco; Balaji Padmanabhan http://arxiv.org/abs/2210.15446 LP-BFGS attack: An adversarial attack based on the Hessian with limited pixels. (99%) Jiebao Zhang; Wenhua Qian; Rencan Nie; Jinde Cao; Dan Xu http://arxiv.org/abs/2210.14405 Adversarially Robust Medical Classification via Attentive Convolutional Neural Networks. (99%) Isaac Wasserman http://arxiv.org/abs/2210.14018 A White-Box Adversarial Attack Against a Digital Twin. (99%) Wilson Patterson; Ivan Fernandez; Subash Neupane; Milan Parmar; Sudip Mittal; Shahram Rahimi http://arxiv.org/abs/2210.15429 Multi-view Representation Learning from Malware to Defend Against Adversarial Variants. (98%) James Lee Hu; Mohammadreza Ebrahimi; Weifeng Li; Xin Li; Hsinchun Chen http://arxiv.org/abs/2210.14404 Adversarial Purification with the Manifold Hypothesis. (98%) Zhaoyuan Yang; Zhiwei Xu; Jing Zhang; Richard Hartley; Peter Tu http://arxiv.org/abs/2210.14410 Improving Adversarial Robustness via Joint Classification and Multiple Explicit Detection Classes. (98%) Sina Baharlouei; Fatemeh Sheikholeslami; Meisam Razaviyayn; Zico Kolter http://arxiv.org/abs/2210.14283 Accelerating Certified Robustness Training via Knowledge Transfer. (73%) Pratik Vaishnavi; Kevin Eykholt; Amir Rahmati http://arxiv.org/abs/2210.14229 Causal Information Bottleneck Boosts Adversarial Robustness of Deep Neural Network. (64%) Huan Hua; Jun Yan; Xi Fang; Weiquan Huang; Huilin Yin; Wancheng Ge http://arxiv.org/abs/2210.13762 Towards Robust Recommender Systems via Triple Cooperative Defense. (61%) Qingyang Wang; Defu Lian; Chenwang Wu; Enhong Chen http://arxiv.org/abs/2210.13915 Towards Formal Approximated Minimal Explanations of Neural Networks. (13%) Shahaf Bassan; Guy Katz http://arxiv.org/abs/2210.13815 FocusedCleaner: Sanitizing Poisoned Graphs for Robust GNN-based Node Classification. (13%) Yulin Zhu; Liang Tong; Kai Zhou http://arxiv.org/abs/2211.12851 A Streamlit-based Artificial Intelligence Trust Platform for Next-Generation Wireless Networks. (3%) M. Kuzlu; F. O. Catak; S. Sarp; U. Cali; O Gueler http://arxiv.org/abs/2210.14376 Robustness of Locally Differentially Private Graph Analysis Against Poisoning. (1%) Jacob Imola; Amrita Roy Chowdhury; Kamalika Chaudhuri http://arxiv.org/abs/2210.12952 Ares: A System-Oriented Wargame Framework for Adversarial ML. (99%) Farhan Ahmed; Pratik Vaishnavi; Kevin Eykholt; Amir Rahmati http://arxiv.org/abs/2210.13660 SpacePhish: The Evasion-space of Adversarial Attacks against Phishing Website Detectors using Machine Learning. (99%) Giovanni Apruzzese; Mauro Conti; Ying Yuan http://arxiv.org/abs/2210.13710 Motif-Backdoor: Rethinking the Backdoor Attack on Graph Neural Networks via Motifs. (96%) Haibin Zheng; Haiyang Xiong; Jinyin Chen; Haonan Ma; Guohan Huang http://arxiv.org/abs/2210.13631 On the Robustness of Dataset Inference. (88%) Sebastian Szyller; Rui Zhang; Jian Liu; N. Asokan http://arxiv.org/abs/2210.14225 Flexible Android Malware Detection Model based on Generative Adversarial Networks with Code Tensor. (16%) Zhao Yang; Fengyang Deng; Linxi Han http://arxiv.org/abs/2210.12945 Revisiting Sparse Convolutional Model for Visual Recognition. (11%) Xili Dai; Mingyang Li; Pengyuan Zhai; Shengbang Tong; Xingjian Gao; Shao-Lun Huang; Zhihui Zhu; Chong You; Yi Ma http://arxiv.org/abs/2210.12873 FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning. (68%) Kaiyuan Zhang; Guanhong Tao; Qiuling Xu; Siyuan Cheng; Shengwei An; Yingqi Liu; Shiwei Feng; Guangyu Shen; Pin-Yu Chen; Shiqing Ma; Xiangyu Zhang http://arxiv.org/abs/2210.13463 Adversarial Pretraining of Self-Supervised Deep Networks: Past, Present and Future. (45%) Guo-Jun Qi; Mubarak Shah http://arxiv.org/abs/2210.12396 ADDMU: Detection of Far-Boundary Adversarial Examples with Data and Model Uncertainty Estimation. (99%) Fan Yin; Yao Li; Cho-Jui Hsieh; Kai-Wei Chang http://arxiv.org/abs/2210.13982 Hindering Adversarial Attacks with Implicit Neural Representations. (92%) Andrei A. Rusu; Dan A. Calian; Sven Gowal; Raia Hadsell http://arxiv.org/abs/2210.12598 GANI: Global Attacks on Graph Neural Networks via Imperceptible Node Injections. (81%) Junyuan Fang; Haixian Wen; Jiajing Wu; Qi Xuan; Zibin Zheng; Chi K. Tse http://arxiv.org/abs/2210.12606 Nash Equilibria and Pitfalls of Adversarial Training in Adversarial Robustness Games. (26%) Maria-Florina Balcan; Rattana Pukdee; Pradeep Ravikumar; Hongyang Zhang http://arxiv.org/abs/2210.12367 Precisely the Point: Adversarial Augmentations for Faithful and Informative Text Generation. (4%) Wenhao Wu; Wei Li; Jiachen Liu; Xinyan Xiao; Sujian Li; Yajuan Lyu http://arxiv.org/abs/2210.12030 Evolution of Neural Tangent Kernels under Benign and Adversarial Training. (99%) Noel Loo; Ramin Hasani; Alexander Amini; Daniela Rus http://arxiv.org/abs/2210.12179 The Dark Side of AutoML: Towards Architectural Backdoor Search. (68%) Ren Pang; Changjiang Li; Zhaohan Xi; Shouling Ji; Ting Wang http://arxiv.org/abs/2210.11841 Diffusion Visual Counterfactual Explanations. (10%) Maximilian Augustin; Valentyn Boreiko; Francesco Croce; Matthias Hein http://arxiv.org/abs/2210.12233 TCAB: A Large-Scale Text Classification Attack Benchmark. (10%) Kalyani Asthana; Zhouhang Xie; Wencong You; Adam Noack; Jonathan Brophy; Sameer Singh; Daniel Lowd http://arxiv.org/abs/2210.11726 A critical review of cyber-physical security for building automation systems. (2%) Guowen Li; Lingyu Ren; Yangyang Fu; Zhiyao Yang; Veronica Adetola; Jin Wen; Qi Zhu; Teresa Wu; K. Selcuk Candanf; Zheng O'Neill http://arxiv.org/abs/2210.11735 Extracted BERT Model Leaks More Information than You Think! (1%) Xuanli He; Chen Chen; Lingjuan Lyu; Qiongkai Xu http://arxiv.org/abs/2210.11598 Identifying Human Strategies for Generating Word-Level Adversarial Examples. (98%) Maximilian Mozes; Bennett Kleinberg; Lewis D. Griffin http://arxiv.org/abs/2210.15427 Are You Stealing My Model? Sample Correlation for Fingerprinting Deep Neural Networks. (98%) Jiyang Guan; Jian Liang; Ran He http://arxiv.org/abs/2210.11498 Balanced Adversarial Training: Balancing Tradeoffs between Fickleness and Obstinacy in NLP Models. (98%) Hannah Chen; Yangfeng Ji; David Evans http://arxiv.org/abs/2210.11513 Learning Sample Reweighting for Accuracy and Adversarial Robustness. (93%) Chester Holtz; Tsui-Wei Weng; Gal Mishne http://arxiv.org/abs/2210.11407 Similarity of Neural Architectures using Adversarial Attack Transferability. (86%) Jaehui Hwang; Dongyoon Han; Byeongho Heo; Song Park; Sanghyuk Chun; Jong-Seok Lee http://arxiv.org/abs/2210.11592 New data poison attacks on machine learning classifiers for mobile exfiltration. (80%) Miguel A. Ramirez; Sangyoung Yoon; Ernesto Damiani; Hussam Al Hamadi; Claudio Agostino Ardagna; Nicola Bena; Young-Ji Byon; Tae-Yeon Kim; Chung-Suk Cho; Chan Yeob Yeun http://arxiv.org/abs/2210.11242 Attacking Motion Estimation with Adversarial Snow. (16%) Jenny Schmalfuss; Lukas Mehl; Andrés Bruhn http://arxiv.org/abs/2210.11049 How Does a Deep Learning Model Architecture Impact Its Privacy? A Comprehensive Study of Privacy Attacks on CNNs and Transformers. (13%) Guangsheng Zhang; Bo Liu; Huan Tian; Tianqing Zhu; Ming Ding; Wanlei Zhou http://arxiv.org/abs/2210.11061 Analyzing the Robustness of Decentralized Horizontal and Vertical Federated Learning Architectures in a Non-IID Scenario. (4%) Pedro Miguel Sánchez Sánchez; Alberto Huertas Celdrán; Enrique Tomás Martínez Beltrán; Daniel Demeter; Gérôme Bovet; Gregorio Martínez Pérez; Burkhard Stiller http://arxiv.org/abs/2210.11082 Apple of Sodom: Hidden Backdoors in Superior Sentence Embeddings via Contrastive Learning. (3%) Xiaoyi Chen; Baisong Xin; Shengfang Zhai; Shiqing Ma; Qingni Shen; Zhonghai Wu http://arxiv.org/abs/2210.11620 LOT: Layer-wise Orthogonal Training on Improving $\ell_2$ Certified Robustness. (3%) Xiaojun Xu; Linyi Li; Bo Li http://arxiv.org/abs/2210.10485 Learning Transferable Adversarial Robust Representations via Multi-view Consistency. (99%) Minseon Kim; Hyeonjeong Ha; Dong Bok Lee; Sung Ju Hwang http://arxiv.org/abs/2210.10482 Effective Targeted Attacks for Adversarial Self-Supervised Learning. (99%) Minseon Kim; Hyeonjeong Ha; Sooel Son; Sung Ju Hwang http://arxiv.org/abs/2210.14164 No-Box Attacks on 3D Point Cloud Classification. (93%) Hanieh Naderi; Chinthaka Dinesh; Ivan V. Bajic; Shohreh Kasaei http://arxiv.org/abs/2210.10886 Backdoor Attack and Defense in Federated Generative Adversarial Network-based Medical Image Synthesis. (83%) Ruinan Jin; Xiaoxiao Li http://arxiv.org/abs/2210.13235 Chaos Theory and Adversarial Robustness. (73%) Jonathan S. Kent http://arxiv.org/abs/2210.11237 Emerging Threats in Deep Learning-Based Autonomous Driving: A Comprehensive Survey. (69%) Hui Cao; Wenlong Zou; Yinkun Wang; Ting Song; Mengjun Liu http://arxiv.org/abs/2210.10683 Why Should Adversarial Perturbations be Imperceptible? Rethink the Research Paradigm in Adversarial NLP. (64%) Yangyi Chen; Hongcheng Gao; Ganqu Cui; Fanchao Qi; Longtao Huang; Zhiyuan Liu; Maosong Sun http://arxiv.org/abs/2210.10936 FedRecover: Recovering from Poisoning Attacks in Federated Learning using Historical Information. (41%) Xiaoyu Cao; Jinyuan Jia; Zaixi Zhang; Neil Zhenqiang Gong http://arxiv.org/abs/2210.10880 Learning to Invert: Simple Adaptive Attacks for Gradient Inversion in Federated Learning. (16%) Ruihan Wu; Xiangyu Chen; Chuan Guo; Kilian Q. Weinberger http://arxiv.org/abs/2210.10378 Variational Model Perturbation for Source-Free Domain Adaptation. (1%) Mengmeng Jing; Xiantong Zhen; Jingjing Li; Cees G. M. Snoek http://arxiv.org/abs/2210.09852 Scaling Adversarial Training to Large Perturbation Bounds. (98%) Sravanti Addepalli; Samyak Jain; Gaurang Sriramanan; R. Venkatesh Babu http://arxiv.org/abs/2210.09671 Not All Poisons are Created Equal: Robust Training against Data Poisoning. (97%) Yu Yang; Tian Yu Liu; Baharan Mirzasoleiman http://arxiv.org/abs/2210.09658 ROSE: Robust Selective Fine-tuning for Pre-trained Language Models. (73%) Lan Jiang; Hao Zhou; Yankai Lin; Peng Li; Jie Zhou; Rui Jiang http://arxiv.org/abs/2210.10667 Analysis of Master Vein Attacks on Finger Vein Recognition Systems. (56%) Huy H. Nguyen; Trung-Nghia Le; Junichi Yamagishi; Isao Echizen http://arxiv.org/abs/2210.10272 Training set cleansing of backdoor poisoning by self-supervised representation learning. (56%) H. Wang; S. Karami; O. Dia; H. Ritter; E. Emamjomeh-Zadeh; J. Chen; Z. Xiang; D. J. Miller; G. Kesidis http://arxiv.org/abs/2210.10253 On the Adversarial Robustness of Mixture of Experts. (13%) Joan Puigcerver; Rodolphe Jenatton; Carlos Riquelme; Pranjal Awasthi; Srinadh Bhojanapalli http://arxiv.org/abs/2210.10114 Transferable Unlearnable Examples. (8%) Jie Ren; Han Xu; Yuxuan Wan; Xingjun Ma; Lichao Sun; Jiliang Tang http://arxiv.org/abs/2210.09940 Automatic Detection of Fake Key Attacks in Secure Messaging. (8%) Tarun Kumar Yadav; Devashish Gosain; Amir Herzberg; Daniel Zappala; Kent Seamons http://arxiv.org/abs/2210.09643 Improving Adversarial Robustness by Contrastive Guided Diffusion Process. (2%) Yidong Ouyang; Liyan Xie; Guang Cheng http://arxiv.org/abs/2210.09405 Towards Generating Adversarial Examples on Mixed-type Data. (99%) Han Xu; Menghai Pan; Zhimeng Jiang; Huiyuan Chen; Xiaoting Li; Mahashweta Das; Hao Yang http://arxiv.org/abs/2210.08870 Differential Evolution based Dual Adversarial Camouflage: Fooling Human Eyes and Object Detectors. (99%) Jialiang Sun; Tingsong Jiang; Wen Yao; Donghua Wang; Xiaoqian Chen http://arxiv.org/abs/2210.09364 Probabilistic Categorical Adversarial Attack & Adversarial Training. (99%) Pengfei He; Han Xu; Jie Ren; Yuxuan Wan; Zitao Liu; Jiliang Tang http://arxiv.org/abs/2210.09194 Marksman Backdoor: Backdoor Attacks with Arbitrary Target Class. (96%) Khoa D. Doan; Yingjie Lao; Ping Li http://arxiv.org/abs/2210.08929 DE-CROP: Data-efficient Certified Robustness for Pretrained Classifiers. (87%) Gaurav Kumar Nayak; Ruchit Rawal; Anirban Chakraborty http://arxiv.org/abs/2210.08902 Beyond Model Interpretability: On the Faithfulness and Adversarial Robustness of Contrastive Textual Explanations. (78%) Julia El Zini; Mariette Awad http://arxiv.org/abs/2210.09503 Towards Fair Classification against Poisoning Attacks. (76%) Han Xu; Xiaorui Liu; Yuxuan Wan; Jiliang Tang http://arxiv.org/abs/2210.09421 Deepfake Text Detection: Limitations and Opportunities. (41%) Jiameng Pu; Zain Sarwar; Sifat Muhammad Abdullah; Abdullah Rehman; Yoonjin Kim; Parantapa Bhattacharya; Mobin Javed; Bimal Viswanath http://arxiv.org/abs/2210.09482 You Can't See Me: Physical Removal Attacks on LiDAR-based Autonomous Vehicles Driving Frameworks. (15%) Yulong Cao; S. Hrushikesh Bhupathiraju; Pirouz Naghavi; Takeshi Sugawara; Z. Morley Mao; Sara Rampazzi http://arxiv.org/abs/2210.09545 Fine-mixing: Mitigating Backdoors in Fine-tuned Language Models. (9%) Zhiyuan Zhang; Lingjuan Lyu; Xingjun Ma; Chenguang Wang; Xu Sun http://arxiv.org/abs/2210.09465 Understanding CNN Fragility When Learning With Imbalanced Data. (1%) Damien Dablain; Kristen N. Jacobson; Colin Bellinger; Mark Roberts; Nitesh Chawla http://arxiv.org/abs/2210.08472 Object-Attentional Untargeted Adversarial Attack. (99%) Chao Zhou; Yuan-Gen Wang; Guopu Zhu http://arxiv.org/abs/2210.08579 Nowhere to Hide: A Lightweight Unsupervised Detector against Adversarial Examples. (99%) Hui Liu; Bo Zhao; Kehuan Zhang; Peng Liu http://arxiv.org/abs/2210.08701 ODG-Q: Robust Quantization via Online Domain Generalization. (83%) Chaofan Tao; Ngai Wong http://arxiv.org/abs/2210.11235 Interpretable Machine Learning for Detection and Classification of Ransomware Families Based on API Calls. (1%) Rawshan Ara Mowri; Madhuri Siddula; Kaushik Roy http://arxiv.org/abs/2210.08388 RoS-KD: A Robust Stochastic Knowledge Distillation Approach for Noisy Medical Imaging. (2%) Ajay Jaiswal; Kumar Ashutosh; Justin F Rousseau; Yifan Peng; Zhangyang Wang; Ying Ding http://arxiv.org/abs/2210.08159 Dynamics-aware Adversarial Attack of Adaptive Neural Networks. (89%) An Tao; Yueqi Duan; Yingqi Wang; Jiwen Lu; Jie Zhou http://arxiv.org/abs/2210.07540 When Adversarial Training Meets Vision Transformers: Recipes from Training to Architecture. (87%) Yichuan Mo; Dongxian Wu; Yifei Wang; Yiwen Guo; Yisen Wang http://arxiv.org/abs/2210.08178 Is Face Recognition Safe from Realizable Attacks? (84%) Sanjay Saha; Terence Sim http://arxiv.org/abs/2210.07907 Expose Backdoors on the Way: A Feature-Based Efficient Defense against Textual Backdoor Attacks. (76%) Sishuo Chen; Wenkai Yang; Zhiyuan Zhang; Xiaohan Bi; Xu Sun http://arxiv.org/abs/2210.07714 Close the Gate: Detecting Backdoored Models in Federated Learning based on Client-Side Deep Layer Output Analysis. (67%) Phillip Technical University Darmstadt Rieger; Torsten University of Würzburg Krauß; Markus Technical University Darmstadt Miettinen; Alexandra University of Würzburg Dmitrienko; Ahmad-Reza Technical University Darmstadt Sadeghi http://arxiv.org/abs/2210.06871 Adv-Attribute: Inconspicuous and Transferable Adversarial Attack on Face Recognition. (99%) Shuai Jia; Bangjie Yin; Taiping Yao; Shouhong Ding; Chunhua Shen; Xiaokang Yang; Chao Ma http://arxiv.org/abs/2210.06888 AccelAT: A Framework for Accelerating the Adversarial Training of Deep Neural Networks through Accuracy Gradient. (99%) Farzad Nikfam; Alberto Marchisio; Maurizio Martina; Muhammad Shafique http://arxiv.org/abs/2210.07346 Demystifying Self-supervised Trojan Attacks. (95%) Changjiang Li; Ren Pang; Zhaohan Xi; Tianyu Du; Shouling Ji; Yuan Yao; Ting Wang http://arxiv.org/abs/2210.06807 Improving Out-of-Distribution Generalization by Adversarial Training with Structured Priors. (81%) Qixun Wang; Yifei Wang; Hong Zhu; Yisen Wang http://arxiv.org/abs/2210.07394 Efficiently Computing Local Lipschitz Constants of Neural Networks via Bound Propagation. (13%) Zhouxing Shi; Yihan Wang; Huan Zhang; Zico Kolter; Cho-Jui Hsieh http://arxiv.org/abs/2210.06789 Large-Scale Open-Set Classification Protocols for ImageNet. (2%) Jesus Andres Palechor Anacona; Annesha Bhoumik; Manuel Günther http://arxiv.org/abs/2210.06792 SoK: How Not to Architect Your Next-Generation TEE Malware? (1%) Kubilay Ahmet Küçük; Steve Moyle; Andrew Martin; Alexandru Mereacre; Nicholas Allott http://arxiv.org/abs/2210.06771 Feature Reconstruction Attacks and Countermeasures of DNN training in Vertical Federated Learning. (1%) Peng Ye; Zhifeng Jiang; Wei Wang; Bo Li; Baochun Li http://arxiv.org/abs/2210.07441 Characterizing the Influence of Graph Elements. (1%) Zizhang Chen; Peizhao Li; Hongfu Liu; Pengyu Hong http://arxiv.org/abs/2210.06670 A Game Theoretical vulnerability analysis of Adversarial Attack. (99%) Khondker Fariha Hossain; Alireza Tavakkoli; Shamik Sengupta http://arxiv.org/abs/2210.05968 Boosting the Transferability of Adversarial Attacks with Reverse Adversarial Perturbation. (99%) Zeyu Qin; Yanbo Fan; Yi Liu; Li Shen; Yong Zhang; Jue Wang; Baoyuan Wu http://arxiv.org/abs/2210.06284 Visual Prompting for Adversarial Robustness. (99%) Aochuan Chen; Peter Lorenz; Yuguang Yao; Pin-Yu Chen; Sijia Liu http://arxiv.org/abs/2210.05938 Robust Models are less Over-Confident. (96%) Julia Grabinski; Paul Gavrikov; Janis Keuper; Margret Keuper http://arxiv.org/abs/2210.06077 Double Bubble, Toil and Trouble: Enhancing Certified Robustness through Transitivity. (86%) Andrew C. Cullen; Paul Montague; Shijie Liu; Sarah M. Erfani; Benjamin I. P. Rubinstein http://arxiv.org/abs/2210.05927 Efficient Adversarial Training without Attacking: Worst-Case-Aware Robust Reinforcement Learning. (82%) Yongyuan Liang; Yanchao Sun; Ruijie Zheng; Furong Huang http://arxiv.org/abs/2210.06704 COLLIDER: A Robust Training Framework for Backdoor Data. (81%) Hadi M. Dolatabadi; Sarah Erfani; Christopher Leckie http://arxiv.org/abs/2210.06428 Trap and Replace: Defending Backdoor Attacks by Trapping Them into an Easy-to-Replace Subnetwork. (76%) Haotao Wang; Junyuan Hong; Aston Zhang; Jiayu Zhou; Zhangyang Wang http://arxiv.org/abs/2210.05929 Few-shot Backdoor Attacks via Neural Tangent Kernels. (62%) Jonathan Hayase; Sewoong Oh http://arxiv.org/abs/2210.06516 How to Sift Out a Clean Data Subset in the Presence of Data Poisoning? (9%) Yi Zeng; Minzhou Pan; Himanshu Jahagirdar; Ming Jin; Lingjuan Lyu; Ruoxi Jia http://arxiv.org/abs/2210.06509 Understanding Impacts of Task Similarity on Backdoor Attack and Detection. (2%) Di Tang; Rui Zhu; XiaoFeng Wang; Haixu Tang; Yi Chen http://arxiv.org/abs/2210.06089 When are Local Queries Useful for Robust Learning? (1%) Pascale Gourdeau; Varun Kanade; Marta Kwiatkowska; James Worrell http://arxiv.org/abs/2210.05577 What Can the Neural Tangent Kernel Tell Us About Adversarial Robustness? (99%) Nikolaos Tsilivis; Julia Kempe http://arxiv.org/abs/2210.05373 Stable and Efficient Adversarial Training through Local Linearization. (91%) Zhuorong Li; Daiwei Yu http://arxiv.org/abs/2210.05276 RoHNAS: A Neural Architecture Search Framework with Conjoint Optimization for Adversarial Robustness and Hardware Efficiency of Convolutional and Capsule Networks. (86%) Alberto Marchisio; Vojtech Mrazek; Andrea Massa; Beatrice Bussolino; Maurizio Martina; Muhammad Shafique http://arxiv.org/abs/2210.06589 Adversarial Attack Against Image-Based Localization Neural Networks. (78%) Meir Brand; Itay Naeh; Daniel Teitelman http://arxiv.org/abs/2210.11264 Detecting Backdoors in Deep Text Classifiers. (76%) You Guo; Jun Wang; Trevor Cohn http://arxiv.org/abs/2210.05667 Human Body Measurement Estimation with Adversarial Augmentation. (33%) Nataniel Ruiz; Miriam Bellver; Timo Bolkart; Ambuj Arora; Ming C. Lin; Javier Romero; Raja Bala http://arxiv.org/abs/2210.05742 Curved Representation Space of Vision Transformers. (10%) Juyeop Kim; Junha Park; Songkuk Kim; Jong-Seok Lee http://arxiv.org/abs/2210.05279 Zeroth-Order Hard-Thresholding: Gradient Error vs. Expansivity. (1%) Vazelhes William de; Hualin Zhang; Huimin Wu; Xiao-Tong Yuan; Bin Gu http://arxiv.org/abs/2210.05177 Make Sharpness-Aware Minimization Stronger: A Sparsified Perturbation Approach. (1%) Peng Mi; Li Shen; Tianhe Ren; Yiyi Zhou; Xiaoshuai Sun; Rongrong Ji; Dacheng Tao http://arxiv.org/abs/2210.05118 Boosting Adversarial Robustness From The Perspective of Effective Margin Regularization. (92%) Ziquan Liu; Antoni B. Chan http://arxiv.org/abs/2210.04886 Revisiting adapters with adversarial training. (88%) Sylvestre-Alvise Rebuffi; Francesco Croce; Sven Gowal http://arxiv.org/abs/2210.04591 Universal Adversarial Perturbations: Efficiency on a small image dataset. (81%) Waris ENSEIRB-MATMECA, UB Radji http://arxiv.org/abs/2210.04871 Certified Training: Small Boxes are All You Need. (22%) Mark Niklas Müller; Franziska Eckert; Marc Fischer; Martin Vechev http://arxiv.org/abs/2210.06983 Denoising Masked AutoEncoders Help Robust Classification. (1%) Quanlin Wu; Hang Ye; Yuntian Gu; Huishuai Zhang; Liwei Wang; Di He http://arxiv.org/abs/2210.04311 Pruning Adversarially Robust Neural Networks without Adversarial Examples. (99%) Tong Jian; Zifeng Wang; Yanzhi Wang; Jennifer Dy; Stratis Ioannidis http://arxiv.org/abs/2210.04213 Towards Understanding and Boosting Adversarial Transferability from a Distribution Perspective. (99%) Yao Zhu; Yuefeng Chen; Xiaodan Li; Kejiang Chen; Yuan He; Xiang Tian; Bolun Zheng; Yaowu Chen; Qingming Huang http://arxiv.org/abs/2210.04195 Online Training Through Time for Spiking Neural Networks. (1%) Mingqing Xiao; Qingyan Meng; Zongpeng Zhang; Di He; Zhouchen Lin http://arxiv.org/abs/2210.04052 FedDef: Defense Against Gradient Leakage in Federated Learning-based Network Intrusion Detection Systems. (99%) Jiahui Chen; Yi Zhao; Qi Li; Xuewei Feng; Ke Xu http://arxiv.org/abs/2210.04087 Symmetry Defense Against CNN Adversarial Perturbation Attacks. (99%) Blerta Lindqvist http://arxiv.org/abs/2210.04076 Robustness of Unsupervised Representation Learning without Labels. (54%) Aleksandar Petrov; Marta Kwiatkowska http://arxiv.org/abs/2210.03429 Adversarially Robust Prototypical Few-shot Segmentation with Neural-ODEs. (99%) Prashant Pandey; Aleti Vardhan; Mustafa Chasmai; Tanuj Sur; Brejesh Lall http://arxiv.org/abs/2210.03372 Pre-trained Adversarial Perturbations. (99%) Yuanhao Ban; Yinpeng Dong http://arxiv.org/abs/2210.03895 ViewFool: Evaluating the Robustness of Visual Recognition to Adversarial Viewpoints. (93%) Yinpeng Dong; Shouwei Ruan; Hang Su; Caixin Kang; Xingxing Wei; Jun Zhu http://arxiv.org/abs/2210.03349 Game-Theoretic Understanding of Misclassification. (47%) Kosuke Sumiyasu; Kazuhiko Kawamoto; Hiroshi Kera http://arxiv.org/abs/2210.03543 A2: Efficient Automated Attacker for Boosting Adversarial Training. (41%) Zhuoer Xu; Guanghui Zhu; Changhua Meng; Shiwen Cui; Zhenzhe Ying; Weiqiang Wang; Ming GU; Yihua Huang http://arxiv.org/abs/2210.03696 NMTSloth: Understanding and Testing Efficiency Degradation of Neural Machine Translation Systems. (13%) Simin Chen; Cong Liu; Mirazul Haque; Zihe Song; Wei Yang http://arxiv.org/abs/2210.04688 BAFFLE: Hiding Backdoors in Offline Reinforcement Learning Datasets. (9%) Chen Gong; Zhou Yang; Yunpeng Bai; Junda He; Jieke Shi; Kecen Li; Arunesh Sinha; Bowen Xu; Xinwen Hou; David Lo; Tianhao Wang http://arxiv.org/abs/2210.03688 A Wolf in Sheep's Clothing: Spreading Deadly Pathogens Under the Disguise of Popular Music. (2%) Anomadarshi Barua; Yonatan Gizachew Achamyeleh; Mohammad Abdullah Al Faruque http://arxiv.org/abs/2210.03879 Improving Fine-Grain Segmentation via Interpretable Modifications: A Case Study in Fossil Segmentation. (1%) Indu Panigrahi; Ryan Manzuk; Adam Maloof; Ruth Fong http://arxiv.org/abs/2210.03297 Preprocessors Matter! Realistic Decision-Based Attacks on Machine Learning Systems. (99%) Chawin Sitawarin; Florian Tramèr; Nicholas Carlini http://arxiv.org/abs/2210.03003 Enhancing Code Classification by Mixup-Based Data Augmentation. (96%) Zeming Dong; Qiang Hu; Yuejun Guo; Maxime Cordy; Mike Papadakis; Yves Le Traon; Jianjun Zhao http://arxiv.org/abs/2210.02840 Deep Reinforcement Learning based Evasion Generative Adversarial Network for Botnet Detection. (92%) Rizwan Hamid Randhawa; Nauman Aslam; Mohammad Alauthman; Muhammad Khalid; Husnain Rafiq http://arxiv.org/abs/2210.02713 On Optimal Learning Under Targeted Data Poisoning. (82%) Steve Hanneke; Amin Karbasi; Mohammad Mahmoody; Idan Mehalel; Shay Moran http://arxiv.org/abs/2210.03150 Towards Out-of-Distribution Adversarial Robustness. (73%) Adam Ibrahim; Charles Guille-Escuret; Ioannis Mitliagkas; Irina Rish; David Krueger; Pouya Bashivan http://arxiv.org/abs/2210.03068 InferES : A Natural Language Inference Corpus for Spanish Featuring Negation-Based Contrastive and Adversarial Examples. (61%) Venelin Kovatchev; Mariona Taulé http://arxiv.org/abs/2210.03250 Unsupervised Domain Adaptation for COVID-19 Information Service with Contrastive Adversarial Domain Mixup. (41%) Huimin Zeng; Zhenrui Yue; Ziyi Kou; Lanyu Shang; Yang Zhang; Dong Wang http://arxiv.org/abs/2210.03205 Synthetic Dataset Generation for Privacy-Preserving Machine Learning. (2%) Efstathia Soufleri; Gobinda Saha; Kaushik Roy http://arxiv.org/abs/2210.03123 Enhancing Mixup-Based Graph Learning for Language Processing via Hybrid Pooling. (1%) Zeming Dong; Qiang Hu; Yuejun Guo; Maxime Cordy; Mike Papadakis; Yves Le Traon; Jianjun Zhao http://arxiv.org/abs/2210.03239 Bad Citrus: Reducing Adversarial Costs with Model Distances. (1%) Giorgio Severi; Will Pearce; Alina Oprea http://arxiv.org/abs/2210.02041 Natural Color Fool: Towards Boosting Black-box Unrestricted Attacks. (99%) Shengming Yuan; Qilong Zhang; Lianli Gao; Yaya Cheng; Jingkuan Song http://arxiv.org/abs/2210.02618 Dynamic Stochastic Ensemble with Adversarial Robust Lottery Ticket Subnetworks. (98%) Qi Peng; Wenlin Liu; Ruoxi Qin; Libin Hou; Bin Yan; Linyuan Wang http://arxiv.org/abs/2210.02502 On Adversarial Robustness of Deep Image Deblurring. (83%) Kanchana Vaishnavi Gandikota; Paramanand Chandramouli; Michael Moeller http://arxiv.org/abs/2210.02577 A Closer Look at Robustness to L-infinity and Spatial Perturbations and their Composition. (81%) Luke Rowe; Benjamin Thérien; Krzysztof Czarnecki; Hongyang Zhang http://arxiv.org/abs/2210.02082 Jitter Does Matter: Adapting Gaze Estimation to New Domains. (78%) Ruicong Liu; Yiwei Bao; Mingjie Xu; Haofei Wang; Yunfei Liu; Feng Lu http://arxiv.org/abs/2210.02357 Image Masking for Robust Self-Supervised Monocular Depth Estimation. (38%) Hemang Chawla; Kishaan Jeeveswaran; Elahe Arani; Bahram Zonooz http://arxiv.org/abs/2210.02235 Over-the-Air Federated Learning with Privacy Protection via Correlated Additive Perturbations. (38%) Jialing Liao; Zheng Chen; Erik G. Larsson http://arxiv.org/abs/2210.01787 Rethinking Lipschitz Neural Networks and Certified Robustness: A Boolean Function Perspective. (97%) Bohang Zhang; Du Jiang; Di He; Liwei Wang http://arxiv.org/abs/2210.01953 Robust Fair Clustering: A Novel Fairness Attack and Defense Framework. (93%) Anshuman Chhabra; Peizhao Li; Prasant Mohapatra; Hongfu Liu http://arxiv.org/abs/2210.01371 A Study on the Efficiency and Generalization of Light Hybrid Retrievers. (86%) Man Luo; Shashank Jain; Anchit Gupta; Arash Einolghozati; Barlas Oguz; Debojeet Chatterjee; Xilun Chen; Chitta Baral; Peyman Heidari http://arxiv.org/abs/2210.02447 Practical Adversarial Attacks on Spatiotemporal Traffic Forecasting Models. (81%) Fan Liu; Hao Liu; Wenzhao Jiang http://arxiv.org/abs/2210.01834 Invariant Aggregator for Defending against Federated Backdoor Attacks. (80%) Xiaoyang Wang; Dimitrios Dimitriadis; Sanmi Koyejo; Shruti Tople http://arxiv.org/abs/2210.01940 On the Robustness of Deep Clustering Models: Adversarial Attacks and Defenses. (75%) Anshuman Chhabra; Ashwin Sekhari; Prasant Mohapatra http://arxiv.org/abs/2210.04625 Robustness Certification of Visual Perception Models via Camera Motion Smoothing. (70%) Hanjiang Hu; Zuxin Liu; Linyi Li; Jiacheng Zhu; Ding Zhao http://arxiv.org/abs/2210.01632 Backdoor Attacks in the Supply Chain of Masked Image Modeling. (68%) Xinyue Shen; Xinlei He; Zheng Li; Yun Shen; Michael Backes; Yang Zhang http://arxiv.org/abs/2210.01742 CADet: Fully Self-Supervised Anomaly Detection With Contrastive Learning. (67%) Charles Guille-Escuret; Pau Rodriguez; David Vazquez; Ioannis Mitliagkas; Joao Monteiro http://arxiv.org/abs/2210.01111 MultiGuard: Provably Robust Multi-label Classification against Adversarial Examples. (99%) Jinyuan Jia; Wenjie Qu; Neil Zhenqiang Gong http://arxiv.org/abs/2210.00753 Push-Pull: Characterizing the Adversarial Robustness for Audio-Visual Active Speaker Detection. (97%) Xuanjun Chen; Haibin Wu; Helen Meng; Hung-yi Lee; Jyh-Shing Roger Jang http://arxiv.org/abs/2210.00960 Stability Analysis and Generalization Bounds of Adversarial Training. (96%) Jiancong Xiao; Yanbo Fan; Ruoyu Sun; Jue Wang; Zhi-Quan Luo http://arxiv.org/abs/2210.02191 On Attacking Out-Domain Uncertainty Estimation in Deep Neural Networks. (92%) Huimin Zeng; Zhenrui Yue; Yang Zhang; Ziyi Kou; Lanyu Shang; Dong Wang http://arxiv.org/abs/2210.01075 Decompiling x86 Deep Neural Network Executables. (83%) Zhibo Liu; Yuanyuan Yuan; Shuai Wang; Xiaofei Xie; Lei Ma http://arxiv.org/abs/2210.01288 Strength-Adaptive Adversarial Training. (80%) Chaojian Yu; Dawei Zhou; Li Shen; Jun Yu; Bo Han; Mingming Gong; Nannan Wang; Tongliang Liu http://arxiv.org/abs/2210.01002 ASGNN: Graph Neural Networks with Adaptive Structure. (68%) Zepeng Zhang; Songtao Lu; Zengfeng Huang; Ziping Zhao http://arxiv.org/abs/2210.00957 UnGANable: Defending Against GAN-based Face Manipulation. (2%) Zheng Li; Ning Yu; Ahmed Salem; Michael Backes; Mario Fritz; Yang Zhang http://arxiv.org/abs/2210.00557 Adaptive Smoothness-weighted Adversarial Training for Multiple Perturbations with Its Stability Analysis. (99%) Jiancong Xiao; Zeyu Qin; Yanbo Fan; Baoyuan Wu; Jue Wang; Zhi-Quan Luo http://arxiv.org/abs/2210.00430 Understanding Adversarial Robustness Against On-manifold Adversarial Examples. (99%) Jiancong Xiao; Liusha Yang; Yanbo Fan; Jue Wang; Zhi-Quan Luo http://arxiv.org/abs/2210.00584 FLCert: Provably Secure Federated Learning against Poisoning Attacks. (74%) Xiaoyu Cao; Zaixi Zhang; Jinyuan Jia; Neil Zhenqiang Gong http://arxiv.org/abs/2210.00621 Optimization for Robustness Evaluation beyond $\ell_p$ Metrics. (16%) Hengyue Liang; Buyun Liang; Ying Cui; Tim Mitchell; Ju Sun http://arxiv.org/abs/2210.00649 Automated Security Analysis of Exposure Notification Systems. (1%) Kevin Morio; Ilkan Esiyok; Dennis Jackson; Robert Künnemann http://arxiv.org/abs/2210.00292 DeltaBound Attack: Efficient decision-based attack in low queries regime. (96%) Lorenzo Rossi http://arxiv.org/abs/2210.00008 Adversarial Attacks on Transformers-Based Malware Detectors. (91%) Yash Jakhotiya; Heramb Patil; Jugal Rawlani; Dr. Sunil B. Mane http://arxiv.org/abs/2210.00417 Voice Spoofing Countermeasures: Taxonomy, State-of-the-art, experimental analysis of generalizability, open challenges, and the way forward. (5%) Awais Khan; Khalid Mahmood Malik; James Ryan; Mikul Saravanan http://arxiv.org/abs/2209.15246 Your Out-of-Distribution Detection Method is Not Robust! (99%) Mohammad Azizmalayeri; Arshia Soltani Moakhar; Arman Zarei; Reihaneh Zohrabi; Mohammad Taghi Manzuri; Mohammad Hossein Rohban http://arxiv.org/abs/2210.00062 Learning Robust Kernel Ensembles with Kernel Average Pooling. (99%) Pouya Bashivan; Adam Ibrahim; Amirozhan Dehghani; Yifei Ren http://arxiv.org/abs/2210.00122 Adversarial Robustness of Representation Learning for Knowledge Graphs. (95%) Peru Bhardwaj http://arxiv.org/abs/2209.15304 Hiding Visual Information via Obfuscating Adversarial Perturbations. (92%) Zhigang Su; Dawei Zhou; Nannan Wangu; Decheng Li; Zhen Wang; Xinbo Gao http://arxiv.org/abs/2210.00178 On the tightness of linear relaxation based robustness certification methods. (78%) Cheng Tang http://arxiv.org/abs/2209.15266 Data Poisoning Attacks Against Multimodal Encoders. (73%) Ziqing Yang; Xinlei He; Zheng Li; Michael Backes; Mathias Humbert; Pascal Berrang; Yang Zhang http://arxiv.org/abs/2210.00108 ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks. (73%) Tim Clifford; Ilia Shumailov; Yiren Zhao; Ross Anderson; Robert Mullins http://arxiv.org/abs/2209.15179 Physical Adversarial Attack meets Computer Vision: A Decade Survey. (99%) Hui Wei; Hao Tang; Xuemei Jia; Zhixiang Wang; Hanxun Yu; Zhubo Li; Shin'ichi Satoh; Gool Luc Van; Zheng Wang http://arxiv.org/abs/2209.14826 Towards Lightweight Black-Box Attacks against Deep Neural Networks. (99%) Chenghao Sun; Yonggang Zhang; Wan Chaoqun; Qizhou Wang; Ya Li; Tongliang Liu; Bo Han; Xinmei Tian http://arxiv.org/abs/2209.15042 Generalizability of Adversarial Robustness Under Distribution Shifts. (83%) Kumail Alhamoud; Hasan Abed Al Kader Hammoud; Motasem Alfarra; Bernard Ghanem http://arxiv.org/abs/2209.14692 Digital and Physical Face Attacks: Reviewing and One Step Further. (2%) Chenqi Kong; Shiqi Wang; Haoliang Li http://arxiv.org/abs/2209.14673 Chameleon Cache: Approximating Fully Associative Caches with Random Replacement to Prevent Contention-Based Cache Attacks. (1%) Thomas Unterluggauer; Austin Harris; Scott Constable; Fangfei Liu; Carlos Rozas http://arxiv.org/abs/2209.14262 A Survey on Physical Adversarial Attack in Computer Vision. (99%) Donghua Wang; Wen Yao; Tingsong Jiang; Guijian Tang; Xiaoqian Chen http://arxiv.org/abs/2209.14105 Exploring the Relationship between Architecture and Adversarially Robust Generalization. (99%) Aishan Liu; Shiyu Tang; Siyuan Liang; Ruihao Gong; Boxi Wu; Xianglong Liu; Dacheng Tao http://arxiv.org/abs/2209.14243 A Closer Look at Evaluating the Bit-Flip Attack Against Deep Neural Networks. (67%) Kevin Hector; Mathieu Dumont; Pierre-Alain Moellic; Jean-Max Dutertre http://arxiv.org/abs/2209.14161 Supervised Contrastive Learning as Multi-Objective Optimization for Fine-Tuning Large Pre-trained Language Models. (47%) Youness Moukafih; Mounir Ghogho; Kamel Smaili http://arxiv.org/abs/2209.14013 On the Robustness of Random Forest Against Untargeted Data Poisoning: An Ensemble-Based Approach. (31%) Marco Anisetti; Claudio A. Ardagna; Alessandro Balestrucci; Nicola Bena; Ernesto Damiani; Chan Yeob Yeun http://arxiv.org/abs/2209.14169 CALIP: Zero-Shot Enhancement of CLIP with Parameter-free Attention. (1%) Ziyu Guo; Renrui Zhang; Longtian Qiu; Xianzheng Ma; Xupeng Miao; Xuming He; Bin Cui http://arxiv.org/abs/2209.14375 Improving alignment of dialogue agents via targeted human judgements. (1%) Amelia Glaese; Nat McAleese; Maja Trębacz; John Aslanides; Vlad Firoiu; Timo Ewalds; Maribeth Rauh; Laura Weidinger; Martin Chadwick; Phoebe Thacker; Lucy Campbell-Gillingham; Jonathan Uesato; Po-Sen Huang; Ramona Comanescu; Fan Yang; Abigail See; Sumanth Dathathri; Rory Greig; Charlie Chen; Doug Fritz; Jaume Sanchez Elias; Richard Green; Soňa Mokrá; Nicholas Fernando; Boxi Wu; Rachel Foley; Susannah Young; Iason Gabriel; William Isaac; John Mellor; Demis Hassabis; Koray Kavukcuoglu; Lisa Anne Hendricks; Geoffrey Irving http://arxiv.org/abs/2209.13353 Suppress with a Patch: Revisiting Universal Adversarial Patch Attacks against Object Detection. (74%) Svetlana Pavlitskaya; Jonas Hendl; Sebastian Kleim; Leopold Müller; Fabian Wylczoch; J. Marius Zöllner http://arxiv.org/abs/2209.14053 Inducing Data Amplification Using Auxiliary Datasets in Adversarial Training. (33%) Saehyung Lee; Hyungyu Lee http://arxiv.org/abs/2209.13785 Attacking Compressed Vision Transformers. (33%) Swapnil Parekh; Devansh Shah; Pratyush Shukla http://arxiv.org/abs/2209.13007 Mitigating Attacks on Artificial Intelligence-based Spectrum Sensing for Cellular Network Signals. (8%) Ferhat Ozgur Catak; Murat Kuzlu; Salih Sarp; Evren Catak; Umit Cali http://arxiv.org/abs/2210.00875 Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection. (5%) Yiming Li; Yang Bai; Yong Jiang; Yong Yang; Shu-Tao Xia; Bo Li http://arxiv.org/abs/2209.13620 Reconstruction-guided attention improves the robustness and shape processing of neural networks. (2%) Seoyoung Ahn; Hossein Adeli; Gregory J. Zelinsky http://arxiv.org/abs/2209.13815 A Learning-based Honeypot Game for Collaborative Defense in UAV Networks. (1%) Yuntao Wang; Zhou Su; Abderrahim Benslimane; Qichao Xu; Minghui Dai; Ruidong Li http://arxiv.org/abs/2210.00874 Stability Via Adversarial Training of Neural Network Stochastic Control of Mean-Field Type. (1%) Julian Barreiro-Gomez; Salah Eddine Choutri; Boualem Djehiche http://arxiv.org/abs/2209.13382 Measuring Overfitting in Convolutional Neural Networks using Adversarial Perturbations and Label Noise. (1%) Svetlana Pavlitskaya; Joël Oswald; J. Marius Zöllner http://arxiv.org/abs/2209.13113 FG-UAP: Feature-Gathering Universal Adversarial Perturbation. (99%) Zhixing Ye; Xinwen Cheng; Xiaolin Huang http://arxiv.org/abs/2209.13400 Activation Learning by Local Competitions. (64%) Hongchao Zhou http://arxiv.org/abs/2209.12549 Multi-Task Adversarial Training Algorithm for Multi-Speaker Neural Text-to-Speech. (1%) Yusuke Nakai; Yuki Saito; Kenta Udagawa; Hiroshi Saruwatari http://arxiv.org/abs/2209.14974 Greybox XAI: a Neural-Symbolic learning framework to produce interpretable predictions for image classification. (1%) Adrien Bennetot; Gianni Franchi; Ser Javier Del; Raja Chatila; Natalia Diaz-Rodriguez http://arxiv.org/abs/2209.12195 SPRITZ-1.5C: Employing Deep Ensemble Learning for Improving the Security of Computer Networks against Adversarial Attacks. (81%) Ehsan Nowroozi; Mohammadreza Mohammadi; Erkay Savas; Mauro Conti; Yassine Mekdad http://arxiv.org/abs/2209.11964 Strong Transferable Adversarial Attacks via Ensembled Asymptotically Normal Distribution Learning. (99%) Zhengwei Fang; Rui Wang; Tao Huang; Liping Jing http://arxiv.org/abs/2209.11715 The "Beatrix'' Resurrections: Robust Backdoor Detection via Gram Matrices. (13%) Wanlun Ma; Derui Wang; Ruoxi Sun; Minhui Xue; Sheng Wen; Yang Xiang http://arxiv.org/abs/2209.11020 Privacy Attacks Against Biometric Models with Fewer Samples: Incorporating the Output of Multiple Models. (50%) Sohaib Ahmad; Benjamin Fuller; Kaleel Mahmood http://arxiv.org/abs/2209.10729 Fair Robust Active Learning by Joint Inconsistency. (99%) Tsung-Han Wu; Shang-Tse Chen; Winston H. Hsu http://arxiv.org/abs/2209.10652 Toy Models of Superposition. (45%) Nelson Elhage; Tristan Hume; Catherine Olsson; Nicholas Schiefer; Tom Henighan; Shauna Kravec; Zac Hatfield-Dodds; Robert Lasenby; Dawn Drain; Carol Chen; Roger Grosse; Sam McCandlish; Jared Kaplan; Dario Amodei; Martin Wattenberg; Christopher Olah http://arxiv.org/abs/2209.10381 DARTSRepair: Core-failure-set Guided DARTS for Network Robustness to Common Corruptions. (13%) Xuhong Ren; Jianlang Chen; Felix Juefei-Xu; Wanli Xue; Qing Guo; Lei Ma; Jianjun Zhao; Shengyong Chen http://arxiv.org/abs/2209.10222 Fairness Reprogramming. (1%) Guanhua Zhang; Yihua Zhang; Yang Zhang; Wenqi Fan; Qing Li; Sijia Liu; Shiyu Chang http://arxiv.org/abs/2209.09577 Understanding Real-world Threats to Deep Learning Models in Android Apps. (99%) Zizhuang Deng; Kai Chen; Guozhu Meng; Xiaodong Zhang; Ke Xu; Yao Cheng http://arxiv.org/abs/2209.09996 Audit and Improve Robustness of Private Neural Networks on Encrypted Data. (99%) Jiaqi Xue; Lei Xu; Lin Chen; Weidong Shi; Kaidi Xu; Qian Lou http://arxiv.org/abs/2209.09502 GAMA: Generative Adversarial Multi-Object Scene Attacks. (99%) Abhishek Aich; Calvin-Khang Ta; Akash Gupta; Chengyu Song; Srikanth V. Krishnamurthy; M. Salman Asif; Amit K. Roy-Chowdhury http://arxiv.org/abs/2209.09688 Sparse Vicious Attacks on Graph Neural Networks. (98%) Giovanni Trappolini; Valentino Maiorca; Silvio Severino; Emanuele Rodolà; Fabrizio Silvestri; Gabriele Tolomei http://arxiv.org/abs/2209.09883 Leveraging Local Patch Differences in Multi-Object Scenes for Generative Adversarial Attacks. (98%) Abhishek Aich; Shasha Li; Chengyu Song; M. Salman Asif; Srikanth V. Krishnamurthy; Amit K. Roy-Chowdhury http://arxiv.org/abs/2209.09841 Rethinking Data Augmentation in Knowledge Distillation for Object Detection. (68%) Jiawei Liang; Siyuan Liang; Aishan Liu; Mingli Zhu; Danni Yuan; Chenye Xu; Xiaochun Cao http://arxiv.org/abs/2209.09557 CANflict: Exploiting Peripheral Conflicts for Data-Link Layer Attacks on Automotive Networks. (1%) Alvise de Faveri Tron; Stefano Longari; Michele Carminati; Mario Polino; Stefano Zanero http://arxiv.org/abs/2209.09835 EM-Fault It Yourself: Building a Replicable EMFI Setup for Desktop and Server Hardware. (1%) Niclas Kühnapfel; Robert Buhren; Hans Niklas Jacob; Thilo Krachenfels; Christian Werling; Jean-Pierre Seifert http://arxiv.org/abs/2209.11739 Adversarial Catoptric Light: An Effective, Stealthy and Robust Physical-World Attack to DNNs. (99%) Chengyin Hu; Weiwen Shi http://arxiv.org/abs/2209.09652 Adversarial Color Projection: A Projector-Based Physical Attack to DNNs. (99%) Chengyin Hu; Weiwen Shi http://arxiv.org/abs/2209.08724 On the Adversarial Transferability of ConvMixer Models. (99%) Ryota Iijima; Miki Tanaka; Isao Echizen; Hitoshi Kiya http://arxiv.org/abs/2209.08744 AdvDO: Realistic Adversarial Attacks for Trajectory Prediction. (96%) Yulong Cao; Chaowei Xiao; Anima Anandkumar; Danfei Xu; Marco Pavone http://arxiv.org/abs/2209.08541 Distribution inference risks: Identifying and mitigating sources of leakage. (1%) Valentin Hartmann; Léo Meynent; Maxime Peyrard; Dimitrios Dimitriadis; Shruti Tople; Robert West http://arxiv.org/abs/2209.13523 Watch What You Pretrain For: Targeted, Transferable Adversarial Examples on Self-Supervised Speech Recognition models. (99%) Raphael Olivier; Hadi Abdullah; Bhiksha Raj http://arxiv.org/abs/2209.08412 Characterizing Internal Evasion Attacks in Federated Learning. (98%) Taejin Kim; Shubhranshu Singh; Nikhil Madaan; Carlee Joe-Wong http://arxiv.org/abs/2209.08262 A study on the deviations in performance of FNNs and CNNs in the realm of grayscale adversarial images. (4%) Durga Shree Nagabushanam; Steve Mathew; Chiranji Lal Chowdhary http://arxiv.org/abs/2209.08130 Robust Ensemble Morph Detection with Domain Generalization. (99%) Hossein Kashiani; Shoaib Meraj Sami; Sobhan Soleymani; Nasser M. Nasrabadi http://arxiv.org/abs/2209.07790 A Large-scale Multiple-objective Method for Black-box Attack against Object Detection. (99%) Siyuan Liang; Longkang Li; Yanbo Fan; Xiaojun Jia; Jingzhi Li; Baoyuan Wu; Xiaochun Cao http://arxiv.org/abs/2209.07735 Enhance the Visual Representation via Discrete Adversarial Training. (97%) Xiaofeng Mao; Yuefeng Chen; Ranjie Duan; Yao Zhu; Gege Qi; Shaokai Ye; Xiaodan Li; Rong Zhang; Hui Xue http://arxiv.org/abs/2209.07807 Model Inversion Attacks against Graph Neural Networks. (92%) Zaixi Zhang; Qi Liu; Zhenya Huang; Hao Wang; Chee-Kong Lee; Enhong Chen http://arxiv.org/abs/2209.07788 PointCAT: Contrastive Adversarial Training for Robust Point Cloud Recognition. (62%) Qidong Huang; Xiaoyi Dong; Dongdong Chen; Hang Zhou; Weiming Zhang; Kui Zhang; Gang Hua; Nenghai Yu http://arxiv.org/abs/2209.08116 Cascading Failures in Power Grids. (33%) Rounak Meyur http://arxiv.org/abs/2209.09024 Dataset Inference for Self-Supervised Models. (16%) Adam Dziedzic; Haonan Duan; Muhammad Ahmad Kaleem; Nikita Dhawan; Jonas Guan; Yannis Cattan; Franziska Boenisch; Nicolas Papernot http://arxiv.org/abs/2209.07754 On the Robustness of Graph Neural Diffusion to Topology Perturbations. (15%) Yang Song; Qiyu Kang; Sijie Wang; Zhao Kai; Wee Peng Tay http://arxiv.org/abs/2209.08064 A Systematic Evaluation of Node Embedding Robustness. (11%) Alexandru Mara; Jefrey Lijffijt; Stephan Günnemann; Bie Tijl De http://arxiv.org/abs/2209.07936 PA-Boot: A Formally Verified Authentication Protocol for Multiprocessor Secure Boot. (1%) Zhuoruo Zhang; Chenyang Yu; Rui Chang; Mingshuai Chen; Bo Feng; He Huang; Qinming Dai; Wenbo Shen; Yongwang Zhao http://arxiv.org/abs/2209.07534 Improving Robust Fairness via Balance Adversarial Training. (99%) Chunyu Sun; Chenye Xu; Chengyuan Yao; Siyuan Liang; Yichao Wu; Ding Liang; XiangLong Liu; Aishan Liu http://arxiv.org/abs/2209.07399 A Light Recipe to Train Robust Vision Transformers. (98%) Edoardo Debenedetti; Vikash Sehwag; Prateek Mittal http://arxiv.org/abs/2209.09117 Part-Based Models Improve Adversarial Robustness. (92%) Chawin Sitawarin; Kornrapat Pongmala; Yizheng Chen; Nicholas Carlini; David Wagner http://arxiv.org/abs/2209.07592 Explicit Tradeoffs between Adversarial and Natural Distributional Robustness. (80%) Mazda Moayeri; Kiarash Banihashem; Soheil Feizi http://arxiv.org/abs/2209.07369 Adversarially Robust Learning: A Generic Minimax Optimal Learner and Characterization. (80%) Omar Montasser; Steve Hanneke; Nathan Srebro http://arxiv.org/abs/2209.07491 Defending Root DNS Servers Against DDoS Using Layered Defenses. (15%) A S M Rizvi; Jelena Mirkovic; John Heidemann; Wesley Hardaker; Robert Story http://arxiv.org/abs/2209.07125 BadRes: Reveal the Backdoors through Residual Connection. (2%) Mingrui He; Tianyu Chen; Haoyi Zhou; Shanghang Zhang; Jianxin Li http://arxiv.org/abs/2209.07699 Adversarial Cross-View Disentangled Graph Contrastive Learning. (1%) Qianlong Wen; Zhongyu Ouyang; Chunhui Zhang; Yiyue Qian; Yanfang Ye; Chuxu Zhang http://arxiv.org/abs/2209.07601 Towards Improving Calibration in Object Detection Under Domain Shift. (1%) Muhammad Akhtar Munir; Muhammad Haris Khan; M. Saquib Sarfraz; Mohsen Ali http://arxiv.org/abs/2209.06931 Robust Transferable Feature Extractors: Learning to Defend Pre-Trained Networks Against White Box Adversaries. (99%) Alexander Cann; Ian Colbert; Ihab Amer http://arxiv.org/abs/2209.06971 PointACL:Adversarial Contrastive Learning for Robust Point Clouds Representation under Adversarial Attack. (99%) Junxuan Huang; Yatong An; Lu cheng; Bai Chen; Junsong Yuan; Chunming Qiao http://arxiv.org/abs/2209.06691 Certified Robustness to Word Substitution Ranking Attack for Neural Ranking Models. (99%) Chen Wu; Ruqing Zhang; Jiafeng Guo; Wei Chen; Yixing Fan; Rijke Maarten de; Xueqi Cheng http://arxiv.org/abs/2209.06506 Order-Disorder: Imitation Adversarial Attacks for Black-box Neural Ranking Models. (97%) Jiawei Liu; Yangyang Kang; Di Tang; Kaisong Song; Changlong Sun; Xiaofeng Wang; Wei Lu; Xiaozhong Liu http://arxiv.org/abs/2209.06953 On the interplay of adversarial robustness and architecture components: patches, convolution and attention. (67%) Francesco Croce; Matthias Hein http://arxiv.org/abs/2209.06997 M^4I: Multi-modal Models Membership Inference. (54%) Pingyi Hu; Zihan Wang; Ruoxi Sun; Hu Wang; Minhui Xue http://arxiv.org/abs/2209.06954 Finetuning Pretrained Vision-Language Models with Correlation Information Bottleneck for Robust Visual Question Answering. (12%) Jingjing Jiang; Ziyi Liu; Nanning Zheng http://arxiv.org/abs/2209.06866 Robust Constrained Reinforcement Learning. (9%) Yue Wang; Fei Miao; Shaofeng Zou http://arxiv.org/abs/2209.05785 Adversarial Coreset Selection for Efficient Robust Training. (99%) Hadi M. Dolatabadi; Sarah Erfani; Christopher Leckie http://arxiv.org/abs/2209.06388 TSFool: Crafting Highly-Imperceptible Adversarial Time Series through Multi-Objective Attack. (99%) Yanyun Wang; Dehui Du; Haibo Hu; Zi Liang; Yuanhao Liu http://arxiv.org/abs/2209.06300 PINCH: An Adversarial Extraction Attack Framework for Deep Learning Models. (92%) William Hackett; Stefan Trawicki; Zhengxin Yu; Neeraj Suri; Peter Garraghan http://arxiv.org/abs/2209.05980 Certified Defences Against Adversarial Patch Attacks on Semantic Segmentation. (78%) Maksym Yatsura; Kaspar Sakmann; N. Grace Hua; Matthias Hein; Jan Hendrik Metzen http://arxiv.org/abs/2209.05957 Adversarial Inter-Group Link Injection Degrades the Fairness of Graph Neural Networks. (68%) Hussain Hussain; Meng Cao; Sandipan Sikdar; Denis Helic; Elisabeth Lex; Markus Strohmaier; Roman Kern http://arxiv.org/abs/2209.06292 ADMM based Distributed State Observer Design under Sparse Sensor Attacks. (22%) Vinaya Mary Prinse; Rachel Kalpana Kalaimani http://arxiv.org/abs/2209.05742 A Tale of HodgeRank and Spectral Method: Target Attack Against Rank Aggregation Is the Fixed Point of Adversarial Game. (15%) Ke Ma; Qianqian Xu; Jinshan Zeng; Guorong Li; Xiaochun Cao; Qingming Huang http://arxiv.org/abs/2209.05724 Defense against Privacy Leakage in Federated Learning. (12%) Jing Wu; Munawar Hayat; Mingyi Zhou; Mehrtash Harandi http://arxiv.org/abs/2209.06397 Federated Learning based on Defending Against Data Poisoning Attacks in IoT. (1%) Jiayin Li; Wenzhong Guo; Xingshuo Han; Jianping Cai; Ximeng Liu http://arxiv.org/abs/2209.05244 Adaptive Perturbation Generation for Multiple Backdoors Detection. (95%) Yuhang Wang; Huafeng Shi; Rui Min; Ruijia Wu; Siyuan Liang; Yichao Wu; Ding Liang; Aishan Liu http://arxiv.org/abs/2209.05055 CARE: Certifiably Robust Learning with Reasoning via Variational Inference. (75%) Jiawei Zhang; Linyi Li; Ce Zhang; Bo Li http://arxiv.org/abs/2209.05692 Sample Complexity of an Adversarial Attack on UCB-based Best-arm Identification Policy. (69%) Varsha Pendyala http://arxiv.org/abs/2209.05446 Boosting Robustness Verification of Semantic Feature Neighborhoods. (54%) Anan Kabaha; Dana Drachsler-Cohen http://arxiv.org/abs/2209.05130 Semantic-Preserving Adversarial Code Comprehension. (1%) Yiyang Li; Hongqiu Wu; Hai Zhao http://arxiv.org/abs/2209.05407 Holistic Segmentation. (1%) Stefano Gasperini; Alvaro Marcos-Ramiro; Michael Schmidt; Nassir Navab; Benjamin Busam; Federico Tombari http://arxiv.org/abs/2209.05668 Class-Level Logit Perturbation. (1%) Mengyang Li; Fengguang Su; Ou Wu; Ji Zhang http://arxiv.org/abs/2209.04930 Resisting Deep Learning Models Against Adversarial Attack Transferability via Feature Randomization. (99%) Ehsan Nowroozi; Mohammadreza Mohammadi; Pargol Golmohammadi; Yassine Mekdad; Mauro Conti; Selcuk Uluagac http://arxiv.org/abs/2209.06113 Generate novel and robust samples from data: accessible sharing without privacy concerns. (5%) David Banh; Alan Huang http://arxiv.org/abs/2209.04779 Scattering Model Guided Adversarial Examples for SAR Target Recognition: Attack and Defense. (99%) Bowen Peng; Bo Peng; Jie Zhou; Jianyue Xie; Li Liu http://arxiv.org/abs/2209.04521 The Space of Adversarial Strategies. (99%) Ryan Sheatsley; Blaine Hoak; Eric Pauley; Patrick McDaniel http://arxiv.org/abs/2209.04547 Defend Data Poisoning Attacks on Voice Authentication. (54%) Ke Li; Cameron Baird; Dan Lin http://arxiv.org/abs/2209.04293 Robust-by-Design Classification via Unitary-Gradient Neural Networks. (41%) Fabio Brau; Giulio Rossolini; Alessandro Biondi; Giorgio Buttazzo http://arxiv.org/abs/2209.04113 Robust and Lossless Fingerprinting of Deep Neural Networks via Pooled Membership Inference. (10%) Hanzhou Wu http://arxiv.org/abs/2209.04326 Saliency Guided Adversarial Training for Learning Generalizable Features with Applications to Medical Imaging Classification System. (1%) Xin Li; Yao Qiang; Chengyin Li; Sijia Liu; Dongxiao Zhu http://arxiv.org/abs/2209.03716 Incorporating Locality of Images to Generate Targeted Transferable Adversarial Examples. (99%) Zhipeng Wei; Jingjing Chen; Zuxuan Wu; Yu-Gang Jiang http://arxiv.org/abs/2209.04028 Evaluating the Security of Aircraft Systems. (92%) Edan Habler; Ron Bitton; Asaf Shabtai http://arxiv.org/abs/2209.04030 Unraveling the Connections between Privacy and Certified Robustness in Federated Learning Against Poisoning Attacks. (64%) Chulin Xie; Yunhui Long; Pin-Yu Chen; Qinbin Li; Arash Nourian; Sanmi Koyejo; Bo Li http://arxiv.org/abs/2209.03622 A Survey of Recent Advances in Deep Learning Models for Detecting Malware in Desktop and Mobile Platforms. (1%) Pascal Maniriho; Abdun Naser Mahmood; Mohammad Jabed Morshed Chowdhury http://arxiv.org/abs/2209.03839 FADE: Enabling Large-Scale Federated Adversarial Training on Resource-Constrained Edge Devices. (1%) Minxue Tang; Jianyi Zhang; Mingyuan Ma; Louis DiValentin; Aolin Ding; Amin Hassanzadeh; Hai Li; Yiran Chen http://arxiv.org/abs/2209.02997 On the Transferability of Adversarial Examples between Encrypted Models. (99%) Miki Tanaka; Isao Echizen; Hitoshi Kiya http://arxiv.org/abs/2209.03358 Securing the Spike: On the Transferabilty and Security of Spiking Neural Networks to Adversarial Examples. (99%) Nuo Xu; Kaleel Mahmood; Haowen Fang; Ethan Rathbun; Caiwen Ding; Wujie Wen http://arxiv.org/abs/2209.03540 Reward Delay Attacks on Deep Reinforcement Learning. (70%) Anindya Sarkar; Jiarui Feng; Yevgeniy Vorobeychik; Christopher Gill; Ning Zhang http://arxiv.org/abs/2209.03755 Fact-Saboteurs: A Taxonomy of Evidence Manipulation Attacks against Fact-Verification Systems. (47%) Sahar Abdelnabi; Mario Fritz http://arxiv.org/abs/2209.03463 Why So Toxic? Measuring and Triggering Toxic Behavior in Open-Domain Chatbots. (15%) Wai Man Si; Michael Backes; Jeremy Blackburn; Cristofaro Emiliano De; Gianluca Stringhini; Savvas Zannettou; Yand Zhang http://arxiv.org/abs/2209.03431 Physics-Guided Adversarial Machine Learning for Aircraft Systems Simulation. (1%) Houssem Ben Braiek; Thomas Reid; Foutse Khomh http://arxiv.org/abs/2209.03225 Hardware faults that matter: Understanding and Estimating the safety impact of hardware faults on object detection DNNs. (1%) Syed Qutub; Florian Geissler; Yang Peng; Ralf Grafe; Michael Paulitsch; Gereon Hinz; Alois Knoll http://arxiv.org/abs/2209.03547 MalDetConv: Automated Behaviour-based Malware Detection Framework Based on Natural Language Processing and Deep Learning Techniques. (1%) Pascal Maniriho; Abdun Naser Mahmood; Mohammad Jabed Morshed Chowdhury http://arxiv.org/abs/2209.02453 Instance Attack:An Explanation-based Vulnerability Analysis Framework Against DNNs for Malware Detection. (99%) Sun RuiJin; Guo ShiZe; Guo JinHong; Xing ChangYou; Yang LuMing; Guo Xi; Pan ZhiSong http://arxiv.org/abs/2209.02684 Bag of Tricks for FGSM Adversarial Training. (96%) Zichao Li; Li Liu; Zeyu Wang; Yuyin Zhou; Cihang Xie http://arxiv.org/abs/2209.02369 Improving Robustness to Out-of-Distribution Data by Frequency-based Augmentation. (82%) Koki Mukai; Soichiro Kumano; Toshihiko Yamasaki http://arxiv.org/abs/2209.02902 Defending Against Backdoor Attack on Graph Nerual Network by Explainability. (80%) Bingchen Jiang; Zhao Li http://arxiv.org/abs/2209.02339 MACAB: Model-Agnostic Clean-Annotation Backdoor to Object Detection with Natural Trigger in Real-World. (56%) Hua Ma; Yinshan Li; Yansong Gao; Zhi Zhang; Alsharif Abuadbba; Anmin Fu; Said F. Al-Sarawi; Nepal Surya; Derek Abbott http://arxiv.org/abs/2209.02329 Multimodal contrastive learning for remote sensing tasks. (1%) Umangi Jain; Alex Wilson; Varun Gulshan http://arxiv.org/abs/2209.02826 Annealing Optimization for Progressive Learning with Stochastic Approximation. (1%) Christos Mavridis; John Baras http://arxiv.org/abs/2209.02869 Interpretations Steered Network Pruning via Amortized Inferred Saliency Maps. (1%) Alireza Ganjdanesh; Shangqian Gao; Heng Huang http://arxiv.org/abs/2209.02299 A Survey of Machine Unlearning. (1%) Thanh Tam Nguyen; Thanh Trung Huynh; Phi Le Nguyen; Alan Wee-Chung Liew; Hongzhi Yin; Quoc Viet Hung Nguyen http://arxiv.org/abs/2209.02128 Evaluating the Susceptibility of Pre-Trained Language Models via Handcrafted Adversarial Examples. (98%) Hezekiah J. Branch; Jonathan Rodriguez Cefalu; Jeremy McHugh; Leyla Hujer; Aditya Bahl; Daniel del Castillo Iglesias; Ron Heichman; Ramesh Darwishi http://arxiv.org/abs/2209.02167 White-Box Adversarial Policies in Deep Reinforcement Learning. (98%) Stephen Casper; Taylor Killian; Gabriel Kreiman; Dylan Hadfield-Menell http://arxiv.org/abs/2209.01782 "Is your explanation stable?": A Robustness Evaluation Framework for Feature Attribution. (69%) Yuyou Gan; Yuhao Mao; Xuhong Zhang; Shouling Ji; Yuwen Pu; Meng Han; Jianwei Yin; Ting Wang http://arxiv.org/abs/2209.01962 Adversarial Detection: Attacking Object Detection in Real Time. (64%) Han Wu; Syed Yunas; Sareh Rowlands; Wenjie Ruan; Johan Wahlstrom http://arxiv.org/abs/2209.01882 PromptAttack: Prompt-based Attack for Language Models via Gradient Search. (16%) Yundi Shi; Piji Li; Changchun Yin; Zhaoyang Han; Lu Zhou; Zhe Liu http://arxiv.org/abs/2209.01994 Federated Zero-Shot Learning for Visual Recognition. (2%) Zhi Chen; Yadan Luo; Sen Wang; Jingjing Li; Zi Huang http://arxiv.org/abs/2209.03148 Improving Out-of-Distribution Detection via Epistemic Uncertainty Adversarial Training. (2%) Derek Everett; Andre T. Nguyen; Luke E. Richards; Edward Raff http://arxiv.org/abs/2209.01721 An Adaptive Black-box Defense against Trojan Attacks (TrojDef). (98%) Guanxiong Liu; Abdallah Khreishah; Fatima Sharadgah; Issa Khalil http://arxiv.org/abs/2209.01711 Hide & Seek: Seeking the (Un)-Hidden key in Provably-Secure Logic Locking Techniques. (11%) Satwik Patnaik; Nimisha Limaye; Ozgur Sinanoglu http://arxiv.org/abs/2209.01710 Synergistic Redundancy: Towards Verifiable Safety for Autonomous Vehicles. (1%) Ayoosh Bansal; Simon Yu; Hunmin Kim; Bo Li; Naira Hovakimyan; Marco Caccamo; Lui Sha http://arxiv.org/abs/2209.02430 Adversarial Color Film: Effective Physical-World Attack to DNNs. (98%) Chengyin Hu; Weiwen Shi http://arxiv.org/abs/2209.02132 Impact of Scaled Image on Robustness of Deep Neural Networks. (98%) Chengyin Hu; Weiwen Shi http://arxiv.org/abs/2209.01100 Property inference attack; Graph neural networks; Privacy attacks and defense; Trustworthy machine learning. (95%) Xiuling Wang; Wendy Hui Wang http://arxiv.org/abs/2209.02832 Impact of Colour Variation on Robustness of Deep Neural Networks. (92%) Chengyin Hu; Weiwen Shi http://arxiv.org/abs/2209.00892 Scalable Adversarial Attack Algorithms on Influence Maximization. (68%) Lichao Sun; Xiaobin Rui; Wei Chen http://arxiv.org/abs/2209.01292 Are Attribute Inference Attacks Just Imputation? (31%) Bargav Jayaraman; David Evans http://arxiv.org/abs/2209.00812 Explainable AI for Android Malware Detection: Towards Understanding Why the Models Perform So Well? (9%) Yue Liu; Chakkrit Tantithamthavorn; Li Li; Yepang Liu http://arxiv.org/abs/2209.01199 Revisiting Outer Optimization in Adversarial Training. (5%) Ali Dabouei; Fariborz Taherkhani; Sobhan Soleymani; Nasser M. Nasrabadi http://arxiv.org/abs/2209.00269 Adversarial for Social Privacy: A Poisoning Strategy to Degrade User Identity Linkage. (98%) Jiangli Shao; Yongqing Wang; Boshen Shi; Hao Gao; Huawei Shen; Xueqi Cheng http://arxiv.org/abs/2209.00757 Universal Fourier Attack for Time Series. (12%) Elizabeth Coda; Brad Clymer; Chance DeSmet; Yijing Watkins; Michael Girard http://arxiv.org/abs/2209.00005 Be Your Own Neighborhood: Detecting Adversarial Example by the Neighborhood Relations Built on Self-Supervised Learning. (99%) Zhiyuan He; Yijun Yang; Pin-Yu Chen; Qiang Xu; Tsung-Yi Ho http://arxiv.org/abs/2209.02406 Unrestricted Adversarial Samples Based on Non-semantic Feature Clusters Substitution. (99%) MingWei Zhou; Xiaobing Pei http://arxiv.org/abs/2208.14933 Membership Inference Attacks by Exploiting Loss Trajectory. (70%) Yiyong Liu; Zhengyu Zhao; Michael Backes; Yang Zhang http://arxiv.org/abs/2208.14937 Explainable Artificial Intelligence Applications in Cyber Security: State-of-the-Art in Research. (13%) Zhibo Zhang; Hussam Al Hamadi; Ernesto Damiani; Chan Yeob Yeun; Fatma Taher http://arxiv.org/abs/2208.14888 Feature Alignment by Uncertainty and Self-Training for Source-Free Unsupervised Domain Adaptation. (1%) JoonHo Lee; Gyemin Lee http://arxiv.org/abs/2208.14672 Vulnerability of Distributed Inverter VAR Control in PV Distributed Energy System. (1%) Bo Tu; Wen-Tai Li; Chau Yuen http://arxiv.org/abs/2209.00462 MA-RECON: Mask-aware deep-neural-network for robust fast MRI k-space interpolation. (1%) Nitzan Avidan; Moti Freiman http://arxiv.org/abs/2208.14302 A Black-Box Attack on Optical Character Recognition Systems. (99%) Samet Bayram; Kenneth Barner http://arxiv.org/abs/2209.02408 Robustness and invariance properties of image classifiers. (99%) Apostolos Modas http://arxiv.org/abs/2208.14127 Solving the Capsulation Attack against Backdoor-based Deep Neural Network Watermarks by Reversing Triggers. (1%) Fangqi Li; Shilin Wang; Yun Zhu http://arxiv.org/abs/2208.14488 Constraining Representations Yields Models That Know What They Don't Know. (1%) Joao Monteiro; Pau Rodriguez; Pierre-Andre Noel; Issam Laradji; David Vazquez http://arxiv.org/abs/2208.13838 Towards Adversarial Purification using Denoising AutoEncoders. (99%) Dvij Kalaria; Aritra Hazra; Partha Pratim Chakrabarti http://arxiv.org/abs/2208.13904 Reducing Certified Regression to Certified Classification for General Poisoning Attacks. (54%) Zayd Hammoudeh; Daniel Lowd http://arxiv.org/abs/2208.13405 Interpreting Black-box Machine Learning Models for High Dimensional Datasets. (1%) Md. Rezaul Karim; Md. Shajalal; Alex Graß; Till Döhmen; Sisay Adugna Chala; Christian Beecks; Stefan Decker http://arxiv.org/abs/2208.13182 Cross-domain Cross-architecture Black-box Attacks on Fine-tuned Models with Transferred Evolutionary Strategies. (99%) Yinghua Zhang; Yangqiu Song; Kun Bai; Qiang Yang http://arxiv.org/abs/2208.13058 Adversarial Robustness for Tabular Data through Cost and Utility Awareness. (99%) Klim Kireev; Bogdan Kulynych; Carmela Troncoso http://arxiv.org/abs/2208.13066 SA: Sliding attack for synthetic speech detection with resistance to clipping and self-splicing. (99%) Deng JiaCheng; Dong Li; Yan Diqun; Wang Rangding; Zeng Jiaming http://arxiv.org/abs/2208.13049 TrojViT: Trojan Insertion in Vision Transformers. (15%) Mengxin Zheng; Qian Lou; Lei Jiang http://arxiv.org/abs/2208.12926 Overparameterized (robust) models from computational constraints. (13%) Sanjam Garg; Somesh Jha; Saeed Mahloujifar; Mohammad Mahmoody; Mingyuan Wang http://arxiv.org/abs/2208.13032 RL-DistPrivacy: Privacy-Aware Distributed Deep Inference for low latency IoT systems. (1%) Emna Baccour; Aiman Erbad; Amr Mohamed; Mounir Hamdi; Mohsen Guizani http://arxiv.org/abs/2208.12815 What Does the Gradient Tell When Attacking the Graph Structure. (69%) Zihan Liu; Ge Wang; Yun Luo; Stan Z. Li http://arxiv.org/abs/2208.12911 Network-Level Adversaries in Federated Learning. (54%) Giorgio Severi; Matthew Jagielski; Gökberk Yar; Yuxuan Wang; Alina Oprea; Cristina Nita-Rotaru http://arxiv.org/abs/2208.12897 ATTRITION: Attacking Static Hardware Trojan Detection Techniques Using Reinforcement Learning. (45%) Vasudev JV Gohil; Hao JV Guo; Satwik JV Patnaik; JV Jeyavijayan; Rajendran http://arxiv.org/abs/2208.12511 Lower Difficulty and Better Robustness: A Bregman Divergence Perspective for Adversarial Training. (4%) Zihui Wu; Haichang Gao; Bingqian Zhou; Xiaoyan Guo; Shudong Zhang http://arxiv.org/abs/2208.12230 Semantic Preserving Adversarial Attack Generation with Autoencoder and Genetic Algorithm. (99%) Xinyi Wang; Simon Yusuf Enoch; Dong Seong Kim http://arxiv.org/abs/2208.12348 SNAP: Efficient Extraction of Private Properties with Poisoning. (89%) Harsh Chaudhari; John Abascal; Alina Oprea; Matthew Jagielski; Florian Tramèr; Jonathan Ullman http://arxiv.org/abs/2208.14191 FuncFooler: A Practical Black-box Attack Against Learning-based Binary Code Similarity Detection Methods. (78%) Lichen Jia; Bowen Tang; Chenggang Wu; Zhe Wang; Zihan Jiang; Yuanming Lai; Yan Kang; Ning Liu; Jingfeng Zhang http://arxiv.org/abs/2208.12428 Robust Prototypical Few-Shot Organ Segmentation with Regularized Neural-ODEs. (31%) Prashant Pandey; Mustafa Chasmai; Tanuj Sur; Brejesh Lall http://arxiv.org/abs/2208.12084 Calibrated Selective Classification. (15%) Adam Fisch; Tommi Jaakkola; Regina Barzilay http://arxiv.org/abs/2208.12003 XDRI Attacks - and - How to Enhance Resilience of Residential Routers. (4%) Philipp Jeitner; Haya Shulman; Lucas Teichmann; Michael Waidner http://arxiv.org/abs/2208.12268 FedPrompt: Communication-Efficient and Privacy Preserving Prompt Tuning in Federated Learning. (1%) Haodong Zhao; Wei Du; Fangqi Li; Peixuan Li; Gongshen Liu http://arxiv.org/abs/2208.11667 Attacking Neural Binary Function Detection. (99%) Joshua Bundt; Michael Davinroy; Ioannis Agadakos; Alina Oprea; William Robertson http://arxiv.org/abs/2208.11613 Unrestricted Black-box Adversarial Attack Using GAN with Limited Queries. (99%) Dongbin Na; Sangwoo Ji; Jong Kim http://arxiv.org/abs/2208.11436 Trace and Detect Adversarial Attacks on CNNs using Feature Response Maps. (98%) Mohammadreza Amirian; Friedhelm Schwenker; Thilo Stadelmann http://arxiv.org/abs/2208.11839 A Perturbation Resistant Transformation and Classification System for Deep Neural Networks. (98%) Nathaniel Dean; Dilip Sarkar http://arxiv.org/abs/2208.11739 Rethinking Cost-sensitive Classification in Deep Learning via Adversarial Data Augmentation. (92%) Qiyuan Chen; Raed Al Kontar; Maher Nouiehed; Jessie Yang; Corey Lester http://arxiv.org/abs/2208.11435 Bidirectional Contrastive Split Learning for Visual Question Answering. (38%) Yuwei Sun; Hideya Ochiai http://arxiv.org/abs/2208.11264 Towards an Awareness of Time Series Anomaly Detection Models' Adversarial Vulnerability. (99%) Shahroz Tariq; Binh M. Le; Simon S. Woo http://arxiv.org/abs/2208.10773 Adversarial Vulnerability of Temporal Feature Networks for Object Detection. (99%) Svetlana Pavlitskaya; Nikolai Polley; Michael Weber; J. Marius Zöllner http://arxiv.org/abs/2208.10878 Transferability Ranking of Adversarial Examples. (99%) Mosh Levy; Yuval Elovici; Yisroel Mirsky http://arxiv.org/abs/2208.11180 Auditing Membership Leakages of Multi-Exit Networks. (76%) Zheng Li; Yiyong Liu; Xinlei He; Ning Yu; Michael Backes; Yang Zhang http://arxiv.org/abs/2208.10895 A Comprehensive Study of Real-Time Object Detection Networks Across Multiple Domains: A Survey. (13%) Elahe Arani; Shruthi Gowda; Ratnajit Mukherjee; Omar Magdy; Senthilkumar Kathiresan; Bahram Zonooz http://arxiv.org/abs/2208.10973 Robust DNN Watermarking via Fixed Embedding Weights with Optimized Distribution. (10%) Benedetta Tondi; Andrea Costanzo; Mauro Barni http://arxiv.org/abs/2208.10373 Fight Fire With Fire: Reversing Skin Adversarial Examples by Multiscale Diffusive and Denoising Aggregation Mechanism. (99%) Yongwei Wang; Yuan Li; Zhiqi Shen http://arxiv.org/abs/2208.10688 Hierarchical Perceptual Noise Injection for Social Media Fingerprint Privacy Protection. (98%) Simin Li; Huangxinxin Xu; Jiakai Wang; Aishan Liu; Fazhi He; Xianglong Liu; Dacheng Tao http://arxiv.org/abs/2208.10576 Different Spectral Representations in Optimized Artificial Neural Networks and Brains. (93%) Richard C. Gerum; Cassidy Pirlot; Alona Fyshe; Joel Zylberberg http://arxiv.org/abs/2208.10445 Membership-Doctor: Comprehensive Assessment of Membership Inference Against Machine Learning Models. (87%) Xinlei He; Zheng Li; Weilin Xu; Cory Cornelius; Yang Zhang http://arxiv.org/abs/2208.10481 BARReL: Bottleneck Attention for Adversarial Robustness in Vision-Based Reinforcement Learning. (86%) Eugene Bykovets; Yannick Metz; Mennatallah El-Assady; Daniel A. Keim; Joachim M. Buhmann http://arxiv.org/abs/2208.10608 RIBAC: Towards Robust and Imperceptible Backdoor Attack against Compact DNN. (62%) Huy Phan; Cong Shi; Yi Xie; Tianfang Zhang; Zhuohang Li; Tianming Zhao; Jian Liu; Yan Wang; Yingying Chen; Bo Yuan http://arxiv.org/abs/2208.10531 Toward Better Target Representation for Source-Free and Black-Box Domain Adaptation. (31%) Qucheng Peng; Zhengming Ding; Lingjuan Lyu; Lichao Sun; Chen Chen http://arxiv.org/abs/2208.10618 Optimal Bootstrapping of PoW Blockchains. (1%) Ranvir Rana; Dimitris Karakostas; Sreeram Kannan; Aggelos Kiayias; Pramod Viswanath http://arxiv.org/abs/2208.09801 PointDP: Diffusion-driven Purification against Adversarial Attacks on 3D Point Cloud Recognition. (99%) Jiachen Sun; Weili Nie; Zhiding Yu; Z. Morley Mao; Chaowei Xiao http://arxiv.org/abs/2208.09967 Inferring Sensitive Attributes from Model Explanations. (56%) Vasisht Duddu; Antoine Boutet http://arxiv.org/abs/2208.09894 Byzantines can also Learn from History: Fall of Centered Clipping in Federated Learning. (10%) Kerem Ozfatura; Emre Ozfatura; Alptekin Kupcu; Deniz Gunduz http://arxiv.org/abs/2208.09915 MockingBERT: A Method for Retroactively Adding Resilience to NLP Models. (4%) Jan Jezabek; Akash Singh http://arxiv.org/abs/2208.10010 NOSMOG: Learning Noise-robust and Structure-aware MLPs on Graphs. (1%) Yijun Tian; Chuxu Zhang; Zhichun Guo; Xiangliang Zhang; Nitesh V. Chawla http://arxiv.org/abs/2208.09913 A Unified Analysis of Mixed Sample Data Augmentation: A Loss Function Perspective. (1%) Chanwoo Park; Sangdoo Yun; Sanghyuk Chun http://arxiv.org/abs/2208.09602 Analyzing Adversarial Robustness of Vision Transformers against Spatial and Spectral Attacks. (86%) Gihyun Kim; Jong-Seok Lee http://arxiv.org/abs/2208.09764 GAIROSCOPE: Injecting Data from Air-Gapped Computers to Nearby Gyroscopes. (33%) Mordechai Guri http://arxiv.org/abs/2208.09741 Sensor Security: Current Progress, Research Challenges, and Future Roadmap. (10%) Anomadarshi Barua; Mohammad Abdullah Al Faruque http://arxiv.org/abs/2208.10940 Evaluating Out-of-Distribution Detectors Through Adversarial Generation of Outliers. (5%) Sangwoong Yoon; Jinwon Choi; Yonghyeon Lee; Yung-Kyun Noh; Frank Chongwoo Park http://arxiv.org/abs/2208.09710 Adversarial contamination of networks in the setting of vertex nomination: a new trimming method. (1%) Sheyda Peyman; Minh Tang; Vince Lyzinski http://arxiv.org/abs/2208.09195 Real-Time Robust Video Object Detection System Against Physical-World Adversarial Attacks. (99%) Husheng Han; Xing Hu; Kaidi Xu; Pucheng Dang; Ying Wang; Yongwei Zhao; Zidong Du; Qi Guo; Yanzhi Yang; Tianshi Chen http://arxiv.org/abs/2208.09466 Gender Bias and Universal Substitution Adversarial Attacks on Grammatical Error Correction Systems for Automated Assessment. (92%) Vyas Raina; Mark Gales http://arxiv.org/abs/2208.09336 Dispersed Pixel Perturbation-based Imperceptible Backdoor Trigger for Image Classifier Models. (76%) Yulong Wang; Minghui Zhao; Shenghong Li; Xin Yuan; Wei Ni http://arxiv.org/abs/2208.09449 A Novel Plug-and-Play Approach for Adversarially Robust Generalization. (54%) Deepak Maurya; Adarsh Barik; Jean Honorio http://arxiv.org/abs/2208.09418 SAFARI: Versatile and Efficient Evaluations for Robustness of Interpretability. (8%) Wei Huang; Xingyu Zhao; Gaojie Jin; Xiaowei Huang http://arxiv.org/abs/2208.09316 UKP-SQuARE v2 Explainability and Adversarial Attacks for Trustworthy QA. (1%) Rachneet Sachdeva; Haritz Puerto; Tim Baumgärtner; Sewin Tariverdian; Hao Zhang; Kexin Wang; Hossain Shaikh Saadi; Leonardo F. R. Ribeiro; Iryna Gurevych http://arxiv.org/abs/2208.08697 Resisting Adversarial Attacks in Deep Neural Networks using Diverse Decision Boundaries. (99%) Manaar Alam; Shubhajit Datta; Debdeep Mukhopadhyay; Arijit Mondal; Partha Pratim Chakrabarti http://arxiv.org/abs/2208.08677 Enhancing Targeted Attack Transferability via Diversified Weight Pruning. (99%) Hung-Jui Wang; Yu-Yu Wu; Shang-Tse Chen http://arxiv.org/abs/2208.08664 Enhancing Diffusion-Based Image Synthesis with Robust Classifier Guidance. (45%) Bahjat Kawar; Roy Ganz; Michael Elad http://arxiv.org/abs/2208.08689 Reverse Engineering of Integrated Circuits: Tools and Techniques. (33%) Abhijitt Dhavlle http://arxiv.org/abs/2208.09139 DAFT: Distilling Adversarially Fine-tuned Models for Better OOD Generalization. (10%) Anshul Nasery; Sravanti Addepalli; Praneeth Netrapalli; Prateek Jain http://arxiv.org/abs/2208.08831 Discovering Bugs in Vision Models using Off-the-shelf Image Generation and Captioning. (3%) Olivia Wiles; Isabela Albuquerque; Sven Gowal http://arxiv.org/abs/2208.08662 Private, Efficient, and Accurate: Protecting Models Trained by Multi-party Learning with Differential Privacy. (2%) Wenqiang Ruan; Mingxin Xu; Wenjing Fang; Li Wang; Lei Wang; Weili Han http://arxiv.org/abs/2208.08745 Profiler: Profile-Based Model to Detect Phishing Emails. (1%) Mariya Shmalko; Alsharif Abuadbba; Raj Gaire; Tingmin Wu; Hye-Young Paik; Surya Nepal http://arxiv.org/abs/2208.08083 Two Heads are Better than One: Robust Learning Meets Multi-branch Models. (99%) Dong Huang; Qingwen Bu; Yuhao Qing; Haowen Pi; Sen Wang; Heming Cui http://arxiv.org/abs/2208.08297 An Evolutionary, Gradient-Free, Query-Efficient, Black-Box Algorithm for Generating Adversarial Instances in Deep Networks. (99%) Raz Lapid; Zvika Haramaty; Moshe Sipper http://arxiv.org/abs/2208.09285 Shadows Aren't So Dangerous After All: A Fast and Robust Defense Against Shadow-Based Adversarial Attacks. (98%) Andrew Wang; Wyatt Mayor; Ryan Smith; Gopal Nookula; Gregory Ditzler http://arxiv.org/abs/2208.08433 Label Flipping Data Poisoning Attack Against Wearable Human Activity Recognition System. (70%) Abdur R. Shahid; Ahmed Imteaj; Peter Y. Wu; Diane A. Igoche; Tauhidul Alam http://arxiv.org/abs/2208.08071 An Efficient Multi-Step Framework for Malware Packing Identification. (41%) Jong-Wouk Kim; Yang-Sae Moon; Mi-Jung Choi http://arxiv.org/abs/2208.08270 On the Privacy Effect of Data Enhancement via the Lens of Memorization. (31%) Xiao Li; Qiongxiu Li; Zhanhao Hu; Xiaolin Hu http://arxiv.org/abs/2208.08114 An Empirical Study on the Membership Inference Attack against Tabular Data Synthesis Models. (26%) Jihyeon Hyeong; Jayoung Kim; Noseong Park; Sushil Jajodia http://arxiv.org/abs/2208.08085 Efficient Detection and Filtering Systems for Distributed Training. (26%) Konstantinos Konstantinidis; Aditya Ramamoorthy http://arxiv.org/abs/2208.08569 ObfuNAS: A Neural Architecture Search-based DNN Obfuscation Approach. (2%) Tong Zhou; Shaolei Ren; Xiaolin Xu http://arxiv.org/abs/2208.08524 DF-Captcha: A Deepfake Captcha for Preventing Fake Calls. (1%) Yisroel Mirsky http://arxiv.org/abs/2208.08509 Analyzing Robustness of End-to-End Neural Models for Automatic Speech Recognition. (1%) Goutham Rajendran; Wei Zou http://arxiv.org/abs/2208.08029 A Context-Aware Approach for Textual Adversarial Attack through Probability Difference Guided Beam Search. (82%) Huijun Liu; Jie Yu; Shasha Li; Jun Ma; Bin Ji http://arxiv.org/abs/2208.08052 Imperceptible and Robust Backdoor Attack in 3D Point Cloud. (68%) Kuofeng Gao; Jiawang Bai; Baoyuan Wu; Mengxi Ya; Shu-Tao Xia http://arxiv.org/abs/2208.08025 AutoCAT: Reinforcement Learning for Automated Exploration of Cache-Timing Attacks. (13%) Mulong Luo; Wenjie Xiong; Geunbae Lee; Yueying Li; Xiaomeng Yang; Amy Zhang; Yuandong Tian; Hsien-Hsin S. Lee; G. Edward Suh http://arxiv.org/abs/2208.08003 Investigating the Impact of Model Width and Density on Generalization in Presence of Label Noise. (1%) Yihao Xue; Kyle Whitecross; Baharan Mirzasoleiman http://arxiv.org/abs/2208.07174 Man-in-the-Middle Attack against Object Detection Systems. (96%) Han Wu; Sareh Rowlands; Johan Wahlstrom http://arxiv.org/abs/2208.07316 MENLI: Robust Evaluation Metrics from Natural Language Inference. (92%) Yanran Chen; Steffen Eger http://arxiv.org/abs/2208.07272 Training-Time Attacks against k-Nearest Neighbors. (2%) Ara Vartanian; Will Rosenbaum; Scott Alfeld http://arxiv.org/abs/2208.07476 CTI4AI: Threat Intelligence Generation and Sharing after Red Teaming AI Models. (1%) Chuyen Nguyen; Caleb Morgan; Sudip Mittal http://arxiv.org/abs/2208.06984 A Multi-objective Memetic Algorithm for Auto Adversarial Attack Optimization Design. (99%) Jialiang Sun; Wen Yao; Tingsong Jiang; Xiaoqian Chen http://arxiv.org/abs/2208.06776 Link-Backdoor: Backdoor Attack on Link Prediction via Node Injection. (92%) Haibin Zheng; Haiyang Xiong; Haonan Ma; Guohan Huang; Jinyin Chen http://arxiv.org/abs/2208.06962 InvisibiliTee: Angle-agnostic Cloaking from Person-Tracking Systems with a Tee. (92%) Yaxian Li; Bingqing Zhang; Guoping Zhao; Mingyu Zhang; Jiajun Liu; Ziwei Wang; Jirong Wen http://arxiv.org/abs/2208.10273 Long-Short History of Gradients is All You Need: Detecting Malicious and Unreliable Clients in Federated Learning. (67%) Ashish Gupta; Tie Luo; Mao V. Ngo; Sajal K. Das http://arxiv.org/abs/2208.06651 Revisiting Adversarial Attacks on Graph Neural Networks for Graph Classification. (99%) Beini Xie; Heng Chang; Xin Wang; Tian Bian; Shiji Zhou; Daixin Wang; Zhiqiang Zhang; Wenwu Zhu http://arxiv.org/abs/2208.10224 Friendly Noise against Adversarial Noise: A Powerful Defense against Data Poisoning Attacks. (99%) Tian Yu Liu; Yu Yang; Baharan Mirzasoleiman http://arxiv.org/abs/2208.06592 Confidence Matters: Inspecting Backdoors in Deep Neural Networks via Distribution Transfer. (62%) Tong Wang; Yuan Yao; Feng Xu; Miao Xu; Shengwei An; Ting Wang http://arxiv.org/abs/2208.06222 Scale-free and Task-agnostic Attack: Generating Photo-realistic Adversarial Patterns with Patch Quilting Generator. (99%) Xiangbo Gao; Cheng Luo; Qinliang Lin; Weicheng Xie; Minmin Liu; Linlin Shen; Keerthy Kusumam; Siyang Song http://arxiv.org/abs/2208.06538 MaskBlock: Transferable Adversarial Examples with Bayes Approach. (99%) Mingyuan Fan; Cen Chen; Ximeng Liu; Wenzhong Guo http://arxiv.org/abs/2208.10279 Defensive Distillation based Adversarial Attacks Mitigation Method for Channel Estimation using Deep Learning Models in Next-Generation Wireless Networks. (98%) Ferhat Ozgur Catak; Murat Kuzlu; Evren Catak; Umit Cali; Ozgur Guler http://arxiv.org/abs/2208.06228 Unifying Gradients to Improve Real-world Robustness for Deep Networks. (96%) Yingwen Wu; Sizhe Chen; Kun Fang; Xiaolin Huang http://arxiv.org/abs/2208.06176 A Knowledge Distillation-Based Backdoor Attack in Federated Learning. (93%) Yifan Wang; Wei Fan; Keke Yang; Naji Alhusaini; Jing Li http://arxiv.org/abs/2208.06163 Dropout is NOT All You Need to Prevent Gradient Leakage. (62%) Daniel Scheliga; Patrick Mäder; Marco Seeland http://arxiv.org/abs/2208.06537 Defense against Backdoor Attacks via Identifying and Purifying Bad Neurons. (2%) Mingyuan Fan; Yang Liu; Cen Chen; Ximeng Liu; Wenzhong Guo http://arxiv.org/abs/2208.06481 PRIVEE: A Visual Analytic Workflow for Proactive Privacy Risk Inspection of Open Data. (2%) Kaustav Bhattacharjee; Akm Islam; Jaideep Vaidya; Aritra Dasgupta http://arxiv.org/abs/2208.05650 Diverse Generative Perturbations on Attention Space for Transferable Adversarial Attacks. (99%) Woo Jae Kim; Seunghoon Hong; Sung-Eui Yoon http://arxiv.org/abs/2208.05740 General Cutting Planes for Bound-Propagation-Based Neural Network Verification. (68%) Huan Zhang; Shiqi Wang; Kaidi Xu; Linyi Li; Bo Li; Suman Jana; Cho-Jui Hsieh; J. Zico Kolter http://arxiv.org/abs/2208.06092 On deceiving malware classification with section injection. (5%) Silva Adeilson Antonio da; Mauricio Pamplona Segundo http://arxiv.org/abs/2208.06018 A Probabilistic Framework for Mutation Testing in Deep Neural Networks. (1%) Florian Tambon; Foutse Khomh; Giuliano Antoniol http://arxiv.org/abs/2208.05969 Safety and Performance, Why not Both? Bi-Objective Optimized Model Compression toward AI Software Deployment. (1%) Jie Zhu; Leye Wang; Xiao Han http://arxiv.org/abs/2208.05895 Shielding Federated Learning Systems against Inference Attacks with ARM TrustZone. (1%) Aghiles Ait Messaoud; Sonia Ben Mokhtar; Vlad Nitu; Valerio Schiavoni http://arxiv.org/abs/2208.05285 Explaining Machine Learning DGA Detectors from DNS Traffic Data. (13%) Giorgio Piras; Maura Pintor; Luca Demetrio; Battista Biggio http://arxiv.org/abs/2208.05395 A Sublinear Adversarial Training Algorithm. (3%) Yeqi Gao; Lianke Qin; Zhao Song; Yitan Wang http://arxiv.org/abs/2208.05190 DVR: Micro-Video Recommendation Optimizing Watch-Time-Gain under Duration Bias. (1%) Yu Zheng; Chen Gao; Jingtao Ding; Lingling Yi; Depeng Jin; Yong Li; Meng Wang http://arxiv.org/abs/2208.05073 Adversarial Machine Learning-Based Anticipation of Threats Against Vehicle-to-Microgrid Services. (98%) Ahmed Omara; Burak Kantarci http://arxiv.org/abs/2208.05083 Reducing Exploitability with Population Based Training. (67%) Pavel Czempin; Adam Gleave http://arxiv.org/abs/2208.04838 Robust Machine Learning for Malware Detection over Time. (9%) Daniele Angioni; Luca Demetrio; Maura Pintor; Battista Biggio http://arxiv.org/abs/2208.03944 Robust and Imperceptible Black-box DNN Watermarking Based on Fourier Perturbation Analysis and Frequency Sensitivity Clustering. (75%) Yong Liu; Hanzhou Wu; Xinpeng Zhang http://arxiv.org/abs/2208.04943 PerD: Perturbation Sensitivity-based Neural Trojan Detection Framework on NLP Applications. (67%) Diego Garcia-soto; Huili Chen; Farinaz Koushanfar http://arxiv.org/abs/2208.03923 Adversarial robustness of VAEs through the lens of local geometry. (47%) Asif Khan; Amos Storkey http://arxiv.org/abs/2208.03948 AWEncoder: Adversarial Watermarking Pre-trained Encoders in Contrastive Learning. (26%) Tianxing Zhang; Hanzhou Wu; Xiaofeng Lu; Guangling Sun http://arxiv.org/abs/2208.03958 Abutting Grating Illusion: Cognitive Challenge to Neural Network Models. (1%) Jinyu Fan; Yi Zeng http://arxiv.org/abs/2208.04062 Testing of Machine Learning Models with Limited Samples: An Industrial Vacuum Pumping Application. (1%) Ayan Chatterjee; Bestoun S. Ahmed; Erik Hallin; Anton Engman http://arxiv.org/abs/2208.03635 Federated Adversarial Learning: A Framework with Convergence Analysis. (80%) Xiaoxiao Li; Zhao Song; Jiaming Yang http://arxiv.org/abs/2208.05514 Are Gradients on Graph Structure Reliable in Gray-box Attacks? (13%) Zihan Liu; Yun Luo; Lirong Wu; Siyuan Li; Zicheng Liu; Stan Z. Li http://arxiv.org/abs/2208.03610 Blackbox Attacks via Surrogate Ensemble Search. (99%) Zikui Cai; Chengyu Song; Srikanth Krishnamurthy; Amit Roy-Chowdhury; M. Salman Asif http://arxiv.org/abs/2208.03567 On the Fundamental Limits of Formally (Dis)Proving Robustness in Proof-of-Learning. (22%) Congyu Fang; Hengrui Jia; Anvith Thudi; Mohammad Yaghini; Christopher A. Choquette-Choo; Natalie Dullerud; Varun Chandrasekaran; Nicolas Papernot http://arxiv.org/abs/2208.03466 Preventing or Mitigating Adversarial Supply Chain Attacks; a legal analysis. (3%) Kaspar Rosager Ludvigsen; Shishir Nagaraja; Angela Daly http://arxiv.org/abs/2208.03161 Adversarial Robustness of MR Image Reconstruction under Realistic Perturbations. (73%) Jan Nikolas Morshuis; Sergios Gatidis; Matthias Hein; Christian F. Baumgartner http://arxiv.org/abs/2208.03111 Data-free Backdoor Removal based on Channel Lipschitzness. (64%) Runkai Zheng; Rongjun Tang; Jianze Li; Li Liu http://arxiv.org/abs/2208.03309 Lethal Dose Conjecture on Data Poisoning. (2%) Wenxiao Wang; Alexander Levine; Soheil Feizi http://arxiv.org/abs/2208.03399 LCCDE: A Decision-Based Ensemble Framework for Intrusion Detection in The Internet of Vehicles. (1%) Li Yang; Abdallah Shami; Gary Stevens; Rusett Stephen De http://arxiv.org/abs/2208.03160 Almost-Orthogonal Layers for Efficient General-Purpose Lipschitz Networks. (1%) Bernd Prach; Christoph H. Lampert http://arxiv.org/abs/2208.02851 Self-Ensembling Vision Transformer (SEViT) for Robust Medical Image Classification. (99%) Faris Almalik; Mohammad Yaqub; Karthik Nandakumar http://arxiv.org/abs/2208.01919 Spectrum Focused Frequency Adversarial Attacks for Automatic Modulation Classification. (99%) Sicheng College of Information and Communication Engineering, Harbin Engineering University, Harbin Zhang; Jiarun College of Information and Communication Engineering, Harbin Engineering University, Harbin Yu; Zhida College of Information and Communication Engineering, Harbin Engineering University, Harbin Bao; Shiwen Department of Electrical & Computer Engineering, Auburn University, Auburn Mao; Yun College of Information and Communication Engineering, Harbin Engineering University, Harbin Lin http://arxiv.org/abs/2208.02310 Design of secure and robust cognitive system for malware detection. (99%) Sanket Shukla http://arxiv.org/abs/2208.02430 A New Kind of Adversarial Example. (99%) Ali Borji http://arxiv.org/abs/2208.02250 Adversarial Attacks on ASR Systems: An Overview. (98%) Xiao Zhang; Hao Tan; Xuan Huang; Denghui Zhang; Keke Tang; Zhaoquan Gu http://arxiv.org/abs/2208.01844 Multiclass ASMA vs Targeted PGD Attack in Image Segmentation. (96%) Johnson University of Toronto Vo; Jiabao University of Toronto Xie; Sahil University of Toronto Patel http://arxiv.org/abs/2208.02820 MOVE: Effective and Harmless Ownership Verification via Embedded External Features. (84%) Yiming Li; Linghui Zhu; Xiaojun Jia; Yang Bai; Yong Jiang; Shu-Tao Xia; Xiaochun Cao http://arxiv.org/abs/2208.01853 Robust Graph Neural Networks using Weighted Graph Laplacian. (13%) Bharat Runwal; Vivek; Sandeep Kumar http://arxiv.org/abs/2208.01819 Adversarial Camouflage for Node Injection Attack on Graphs. (81%) Shuchang Tao; Qi Cao; Huawei Shen; Yunfan Wu; Liang Hou; Xueqi Cheng http://arxiv.org/abs/2208.01705 Success of Uncertainty-Aware Deep Models Depends on Data Manifold Geometry. (2%) Mark Penrod; Harrison Termotto; Varshini Reddy; Jiayu Yao; Finale Doshi-Velez; Weiwei Pan http://arxiv.org/abs/2208.01356 SCFI: State Machine Control-Flow Hardening Against Fault Attacks. (1%) Pascal Nasahl; Martin Unterguggenberger; Rishub Nagpal; Robert Schilling; David Schrammel; Stefan Mangard http://arxiv.org/abs/2208.01220 GeoECG: Data Augmentation via Wasserstein Geodesic Perturbation for Robust Electrocardiogram Prediction. (98%) Jiacheng Zhu; Jielin Qiu; Zhuolin Yang; Douglas Weber; Michael A. Rosenberg; Emerson Liu; Bo Li; Ding Zhao http://arxiv.org/abs/2208.00906 Understanding Adversarial Robustness of Vision Transformers via Cauchy Problem. (81%) Zheng Wang; Wenjie Ruan http://arxiv.org/abs/2208.01113 On the Evaluation of User Privacy in Deep Neural Networks using Timing Side Channel. (75%) Shubhi Shukla; Manaar Alam; Sarani Bhattacharya; Debdeep Mukhopadhyay; Pabitra Mitra http://arxiv.org/abs/2208.00862 Attacking Adversarial Defences by Smoothing the Loss Landscape. (26%) Panagiotis Eustratiadis; Henry Gouk; Da Li; Timothy Hospedales http://arxiv.org/abs/2208.00498 DNNShield: Dynamic Randomized Model Sparsification, A Defense Against Adversarial Machine Learning. (99%) Mohammad Hossein Samavatian; Saikat Majumdar; Kristin Barber; Radu Teodorescu http://arxiv.org/abs/2208.00428 Robust Real-World Image Super-Resolution against Adversarial Attacks. (99%) Jiutao Yue; Haofeng Li; Pengxu Wei; Guanbin Li; Liang Lin http://arxiv.org/abs/2208.00539 Is current research on adversarial robustness addressing the right problem? (97%) Ali Borji http://arxiv.org/abs/2208.00328 enpheeph: A Fault Injection Framework for Spiking and Compressed Deep Neural Networks. (5%) Alessio Colucci; Andreas Steininger; Muhammad Shafique http://arxiv.org/abs/2208.00331 CoNLoCNN: Exploiting Correlation and Non-Uniform Quantization for Energy-Efficient Low-precision Deep Convolutional Neural Networks. (2%) Muhammad Abdullah Hanif; Giuseppe Maria Sarda; Alberto Marchisio; Guido Masera; Maurizio Martina; Muhammad Shafique http://arxiv.org/abs/2208.00094 Robust Trajectory Prediction against Adversarial Attacks. (99%) Yulong Cao; Danfei Xu; Xinshuo Weng; Zhuoqing Mao; Anima Anandkumar; Chaowei Xiao; Marco Pavone http://arxiv.org/abs/2208.00081 Sampling Attacks on Meta Reinforcement Learning: A Minimax Formulation and Complexity Analysis. (56%) Tao Li; Haozhe Lei; Quanyan Zhu http://arxiv.org/abs/2207.14381 Pro-tuning: Unified Prompt Tuning for Vision Tasks. (1%) Xing Nie; Bolin Ni; Jianlong Chang; Gaomeng Meng; Chunlei Huo; Zhaoxiang Zhang; Shiming Xiang; Qi Tian; Chunhong Pan http://arxiv.org/abs/2207.13381 Look Closer to Your Enemy: Learning to Attack via Teacher-student Mimicking. (99%) Mingejie Wang; Zhiqing Tang; Sirui Li; Dingwen Xiao http://arxiv.org/abs/2207.13326 Point Cloud Attacks in Graph Spectral Domain: When 3D Geometry Meets Graph Signal Processing. (96%) Daizong Liu; Wei Hu; Xin Li http://arxiv.org/abs/2207.13572 Membership Inference Attacks via Adversarial Examples. (73%) Hamid Jalalzai; Elie Kadoche; Rémi Leluc; Vincent Plassier http://arxiv.org/abs/2207.13417 Hardly Perceptible Trojan Attack against Neural Networks with Bit Flips. (69%) Jiawang Bai; Kuofeng Gao; Dihong Gong; Shu-Tao Xia; Zhifeng Li; Wei Liu http://arxiv.org/abs/2207.13321 DynaMarks: Defending Against Deep Learning Model Extraction Using Dynamic Watermarking. (47%) Abhishek Chakraborty; Daniel Xing; Yuntao Liu; Ankur Srivastava http://arxiv.org/abs/2207.13766 Label-Only Membership Inference Attack against Node-Level Graph Neural Networks. (22%) Mauro Conti; Jiaxin Li; Stjepan Picek; Jing Xu http://arxiv.org/abs/2207.13867 Generative Steganography Network. (1%) Ping Wei; Sheng Li; Xinpeng Zhang; Ge Luo; Zhenxing Qian; Qing Zhou http://arxiv.org/abs/2207.13129 LGV: Boosting Adversarial Example Transferability from Large Geometric Vicinity. (99%) Martin Gubri; Maxime Cordy; Mike Papadakis; Yves Le Traon; Koushik Sen http://arxiv.org/abs/2207.13192 Perception-Aware Attack: Creating Adversarial Music via Reverse-Engineering Human Perception. (99%) Rui Duan; Zhe Qu; Shangqing Zhao; Leah Ding; Yao Liu; Zhuo Lu http://arxiv.org/abs/2207.12816 Generative Extraction of Audio Classifiers for Speaker Identification. (73%) Tejumade Afonja; Lucas Bourtoule; Varun Chandrasekaran; Sageev Oore; Nicolas Papernot http://arxiv.org/abs/2207.13243 Toward Transparent AI: A Survey on Interpreting the Inner Structures of Deep Neural Networks. (8%) Tilman Räuker; Anson Ho; Stephen Casper; Dylan Hadfield-Menell http://arxiv.org/abs/2207.12545 $p$-DkNN: Out-of-Distribution Detection Through Statistical Testing of Deep Representations. (99%) Adam Dziedzic; Stephan Rabanser; Mohammad Yaghini; Armin Ale; Murat A. Erdogdu; Nicolas Papernot http://arxiv.org/abs/2207.12203 Improving Adversarial Robustness via Mutual Information Estimation. (99%) Dawei Zhou; Nannan Wang; Xinbo Gao; Bo Han; Xiaoyu Wang; Yibing Zhan; Tongliang Liu http://arxiv.org/abs/2207.12391 SegPGD: An Effective and Efficient Adversarial Attack for Evaluating and Boosting Segmentation Robustness. (99%) Jindong Gu; Hengshuang Zhao; Volker Tresp; Philip Torr http://arxiv.org/abs/2207.11971 Jigsaw-ViT: Learning Jigsaw Puzzles in Vision Transformer. (75%) Yingyi Chen; Xi Shen; Yahui Liu; Qinghua Tao; Johan A. K. Suykens http://arxiv.org/abs/2207.12327 Technical Report: Assisting Backdoor Federated Learning with Whole Population Knowledge Alignment. (9%) Tian Liu; Xueyang Hu; Tao Shu http://arxiv.org/abs/2207.12535 Semi-Leak: Membership Inference Attacks Against Semi-supervised Learning. (2%) Xinlei He; Hongbin Liu; Neil Zhenqiang Gong; Yang Zhang http://arxiv.org/abs/2207.12405 Versatile Weight Attack via Flipping Limited Bits. (86%) Jiawang Bai; Baoyuan Wu; Zhifeng Li; Shu-tao Xia http://arxiv.org/abs/2207.11727 Can we achieve robustness from data alone? (82%) Nikolaos Tsilivis; Jingtong Su; Julia Kempe http://arxiv.org/abs/2207.11694 Proving Common Mechanisms Shared by Twelve Methods of Boosting Adversarial Transferability. (69%) Quanshi Zhang; Xin Wang; Jie Ren; Xu Cheng; Shuyun Lin; Yisen Wang; Xiangming Zhu http://arxiv.org/abs/2207.11788 Privacy Against Inference Attacks in Vertical Federated Learning. (2%) Borzoo Rassouli; Morteza Varasteh; Deniz Gunduz http://arxiv.org/abs/2207.11722 Semantic-guided Multi-Mask Image Harmonization. (1%) Xuqian Ren; Yifan Liu http://arxiv.org/abs/2207.11378 Do Perceptually Aligned Gradients Imply Adversarial Robustness? (99%) Roy Ganz; Bahjat Kawar; Michael Elad http://arxiv.org/abs/2207.11177 Provable Defense Against Geometric Transformations. (47%) Rem Yang; Jacob Laurel; Sasa Misailovic; Gagandeep Singh http://arxiv.org/abs/2207.10942 Aries: Efficient Testing of Deep Neural Networks via Labeling-Free Accuracy Estimation. (41%) Qiang Hu; Yuejun Guo; Xiaofei Xie; Maxime Cordy; Lei Ma; Mike Papadakis; Yves Le Traon http://arxiv.org/abs/2207.11327 Learning from Multiple Annotator Noisy Labels via Sample-wise Label Fusion. (1%) Zhengqi Gao; Fan-Keng Sun; Mingran Yang; Sucheng Ren; Zikai Xiong; Marc Engeler; Antonio Burazer; Linda Wildling; Luca Daniel; Duane S. Boning http://arxiv.org/abs/2207.10719 Synthetic Dataset Generation for Adversarial Machine Learning Research. (99%) Xiruo Liu; Shibani Singh; Cory Cornelius; Colin Busho; Mike Tan; Anindya Paul; Jason Martin http://arxiv.org/abs/2207.10561 Careful What You Wish For: on the Extraction of Adversarially Trained Models. (99%) Kacem Khaled; Gabriela Nicolescu; Magalhães Felipe Gohring de http://arxiv.org/abs/2208.10251 Rethinking Textual Adversarial Defense for Pre-trained Language Models. (99%) Jiayi Wang; Rongzhou Bao; Zhuosheng Zhang; Hai Zhao http://arxiv.org/abs/2207.10290 AugRmixAT: A Data Processing and Training Method for Improving Multiple Robustness and Generalization Performance. (98%) Xiaoliang Liu; Furao Shen; Jian Zhao; Changhai Nie http://arxiv.org/abs/2207.10307 Knowledge-enhanced Black-box Attacks for Recommendations. (92%) Jingfan Chen; Wenqi Fan; Guanghui Zhu; Xiangyu Zhao; Chunfeng Yuan; Qing Li; Yihua Huang http://arxiv.org/abs/2207.10498 Towards Efficient Adversarial Training on Vision Transformers. (92%) Boxi Wu; Jindong Gu; Zhifeng Li; Deng Cai; Xiaofei He; Wei Liu http://arxiv.org/abs/2207.10825 Just Rotate it: Deploying Backdoor Attacks via Rotation Transformation. (87%) Tong Wu; Tianhao Wang; Vikash Sehwag; Saeed Mahloujifar; Prateek Mittal http://arxiv.org/abs/2207.10862 Contrastive Self-Supervised Learning Leads to Higher Adversarial Susceptibility. (83%) Rohit Gupta; Naveed Akhtar; Ajmal Mian; Mubarak Shah http://arxiv.org/abs/2207.10495 Generating and Detecting True Ambiguity: A Forgotten Danger in DNN Supervision Testing. (22%) Michael Weiss; André García Gómez; Paolo Tonella http://arxiv.org/abs/2207.10283 Switching One-Versus-the-Rest Loss to Increase the Margin of Logits for Adversarial Robustness. (99%) Sekitoshi Kanai; Shin'ya Yamaguchi; Masanori Yamada; Hiroshi Takahashi; Kentaro Ohno; Yasutoshi Ida http://arxiv.org/abs/2207.10170 Illusory Attacks: Detectability Matters in Adversarial Attacks on Sequential Decision-Makers. (98%) Tim Franzmeyer; Stephen McAleer; João F. Henriques; Jakob N. Foerster; Philip H. S. Torr; Adel Bibi; Witt Christian Schroeder de http://arxiv.org/abs/2207.09640 Test-Time Adaptation via Conjugate Pseudo-labels. (10%) Sachin Goyal; Mingjie Sun; Aditi Raghunathan; Zico Kolter http://arxiv.org/abs/2207.10242 Malware Triage Approach using a Task Memory based on Meta-Transfer Learning Framework. (9%) Jinting Zhu; Julian Jang-Jaccard; Ian Welch; Harith Al-Sahaf; Seyit Camtepe http://arxiv.org/abs/2207.09755 A temporally and spatially local spike-based backpropagation algorithm to enable training in hardware. (1%) Anmol Biswas; Vivek Saraswat; Udayan Ganguly http://arxiv.org/abs/2207.09572 Robust Multivariate Time-Series Forecasting: Adversarial Attacks and Defense Mechanisms. (99%) Linbo Liu; Youngsuk Park; Trong Nghia Hoang; Hilaf Hasson; Jun Huan http://arxiv.org/abs/2207.09209 FLDetector: Defending Federated Learning Against Model Poisoning Attacks via Detecting Malicious Clients. (41%) Zaixi Zhang; Xiaoyu Cao; Jinyuan Jia; Neil Zhenqiang Gong http://arxiv.org/abs/2207.09087 Is Vertical Logistic Regression Privacy-Preserving? A Comprehensive Privacy Analysis and Beyond. (26%) Yuzheng Hu; Tianle Cai; Jinyong Shan; Shange Tang; Chaochao Cai; Ethan Song; Bo Li; Dawn Song http://arxiv.org/abs/2207.09239 Assaying Out-Of-Distribution Generalization in Transfer Learning. (1%) Florian Wenzel; Andrea Dittadi; Peter Vincent Gehler; Carl-Johann Simon-Gabriel; Max Horn; Dominik Zietlow; David Kernert; Chris Russell; Thomas Brox; Bernt Schiele; Bernhard Schölkopf; Francesco Locatello http://arxiv.org/abs/2207.11237 Defending Substitution-Based Profile Pollution Attacks on Sequential Recommenders. (99%) Zhenrui Yue; Huimin Zeng; Ziyi Kou; Lanyu Shang; Dong Wang http://arxiv.org/abs/2207.08859 Prior-Guided Adversarial Initialization for Fast Adversarial Training. (99%) Xiaojun Jia; Yong Zhang; Xingxing Wei; Baoyuan Wu; Ke Ma; Jue Wang; Xiaochun Cao http://arxiv.org/abs/2207.09031 Decorrelative Network Architecture for Robust Electrocardiogram Classification. (99%) Christopher Wiedeman; Ge Wang http://arxiv.org/abs/2207.08948 Multi-step domain adaptation by adversarial attack to $\mathcal{H} \Delta \mathcal{H}$-divergence. (96%) Arip Asadulaev; Alexander Panfilov; Andrey Filchenkov http://arxiv.org/abs/2207.08803 Adversarial Pixel Restoration as a Pretext Task for Transferable Perturbations. (91%) Hashmat Shadab Malik; Shahina K Kunhimon; Muzammal Naseer; Salman Khan; Fahad Shahbaz Khan http://arxiv.org/abs/2207.08940 Easy Batch Normalization. (69%) Arip Asadulaev; Alexander Panfilov; Andrey Filchenkov http://arxiv.org/abs/2207.08374 Adversarial Contrastive Learning via Asymmetric InfoNCE. (61%) Qiying Yu; Jieming Lou; Xianyuan Zhan; Qizhang Li; Wangmeng Zuo; Yang Liu; Jingjing Liu http://arxiv.org/abs/2207.08486 Using Anomaly Detection to Detect Poisoning Attacks in Federated Learning Applications. (22%) Ali Raza; Shujun Li; Kim-Phuc Tran; Ludovic Koehl http://arxiv.org/abs/2207.08556 A Certifiable Security Patch for Object Tracking in Self-Driving Systems via Historical Deviation Modeling. (10%) Xudong Pan; Qifan Xiao; Mi Zhang; Min Yang http://arxiv.org/abs/2207.08898 Benchmarking Machine Learning Robustness in Covid-19 Genome Sequence Classification. (2%) Sarwan Ali; Bikram Sahoo; Alexander Zelikovskiy; Pin-Yu Chen; Murray Patterson http://arxiv.org/abs/2207.08178 Watermark Vaccine: Adversarial Attacks to Prevent Watermark Removal. (99%) Xinwei Liu; Jian Liu; Yang Bai; Jindong Gu; Tao Chen; Xiaojun Jia; Xiaochun Cao http://arxiv.org/abs/2207.08089 Threat Model-Agnostic Adversarial Defense using Diffusion Models. (99%) Tsachi Blau; Roy Ganz; Bahjat Kawar; Alex Bronstein; Michael Elad http://arxiv.org/abs/2207.08137 Achieve Optimal Adversarial Accuracy for Adversarial Deep Learning using Stackelberg Game. (96%) Xiao-Shan Gao; Shuang Liu; Lijia Yu http://arxiv.org/abs/2207.08157 Automated Repair of Neural Networks. (16%) Dor Cohen; Ofer Strichman http://arxiv.org/abs/2207.08044 DIMBA: Discretely Masked Black-Box Attack in Single Object Tracking. (99%) Xiangyu Yin; Wenjie Ruan; Jonathan Fieldsend http://arxiv.org/abs/2207.07972 Certified Neural Network Watermarks with Randomized Smoothing. (1%) Arpit Bansal; Ping-yeh Chiang; Michael Curry; Rajiv Jain; Curtis Wigington; Varun Manjunatha; John P Dickerson; Tom Goldstein http://arxiv.org/abs/2207.08034 Progress and limitations of deep networks to recognize objects in unusual poses. (1%) Amro Abbas; Stéphane Deny http://arxiv.org/abs/2207.07941 MixTailor: Mixed Gradient Aggregation for Robust Learning Against Tailored Attacks. (1%) Ali Ramezani-Kebrya; Iman Tabrizian; Fartash Faghri; Petar Popovski http://arxiv.org/abs/2207.08005 Exploring The Resilience of Control Execution Skips against False Data Injection Attacks. (1%) Ipsita Koley; Sunandan Adhikary; Soumyajit Dey http://arxiv.org/abs/2207.07793 Towards the Desirable Decision Boundary by Moderate-Margin Adversarial Training. (99%) Xiaoyu Liang; Yaguan Qian; Jianchang Huang; Xiang Ling; Bin Wang; Chunming Wu; Wassim Swaileh http://arxiv.org/abs/2207.07797 CARBEN: Composite Adversarial Robustness Benchmark. (98%) Lei Hsiung; Yun-Yun Tsai; Pin-Yu Chen; Tsung-Yi Ho http://arxiv.org/abs/2207.07803 Masked Spatial-Spectral Autoencoders Are Excellent Hyperspectral Defenders. (68%) Jiahao Qi; Zhiqiang Gong; Xingyue Liu; Kangcheng Bin; Chen Chen; Yongqian Li; Wei Xue; Yu Zhang; Ping Zhong http://arxiv.org/abs/2207.07347 Feasibility of Inconspicuous GAN-generated Adversarial Patches against Object Detection. (10%) Svetlana Pavlitskaya; Bianca-Marina Codău; J. Marius Zöllner http://arxiv.org/abs/2207.07292 PASS: Parameters Audit-based Secure and Fair Federated Learning Scheme against Free Rider. (5%) Jianhua Wang http://arxiv.org/abs/2207.07539 3DVerifier: Efficient Robustness Verification for 3D Point Cloud Models. (1%) Ronghui Mu; Wenjie Ruan; Leandro S. Marcolino; Qiang Ni http://arxiv.org/abs/2207.06982 Adversarial Examples for Model-Based Control: A Sensitivity Analysis. (98%) Po-han Department of Electrical and Computer Engineering, The University of Texas at Austin Li; Ufuk Oden Institute for Computational Engineering and Sciences, The University of Texas at Austin Topcu; Sandeep P. Department of Electrical and Computer Engineering, The University of Texas at Austin Chinchali http://arxiv.org/abs/2207.07032 Adversarial Attacks on Monocular Pose Estimation. (98%) Hemang Chawla; Arnav Varma; Elahe Arani; Bahram Zonooz http://arxiv.org/abs/2207.07208 Provably Adversarially Robust Nearest Prototype Classifiers. (83%) Václav Voráček; Matthias Hein http://arxiv.org/abs/2207.07256 Improving Task-free Continual Learning by Distributionally Robust Memory Evolution. (70%) Zhenyi Wang; Li Shen; Le Fang; Qiuling Suo; Tiehang Duan; Mingchen Gao http://arxiv.org/abs/2207.06858 RSD-GAN: Regularized Sobolev Defense GAN Against Speech-to-Text Adversarial Attacks. (67%) Mohammad Esmaeilpour; Nourhene Chaalia; Patrick Cardinal http://arxiv.org/abs/2207.07209 Sound Randomized Smoothing in Floating-Point Arithmetics. (50%) Václav Voráček; Matthias Hein http://arxiv.org/abs/2207.07162 Audio-guided Album Cover Art Generation with Genetic Algorithms. (38%) James Marien; Sam Leroux; Bart Dhoedt; Boom Cedric De http://arxiv.org/abs/2207.06888 Distance Learner: Incorporating Manifold Prior to Model Training. (16%) Aditya Chetan; Nipun Kwatra http://arxiv.org/abs/2207.10802 Active Data Pattern Extraction Attacks on Generative Language Models. (11%) Bargav Jayaraman; Esha Ghosh; Huseyin Inan; Melissa Chase; Sambuddha Roy; Wei Dai http://arxiv.org/abs/2207.07180 Contrastive Adapters for Foundation Model Group Robustness. (1%) Michael Zhang; Christopher Ré http://arxiv.org/abs/2207.07232 Lipschitz Bound Analysis of Neural Networks. (1%) Sarosij Bose http://arxiv.org/abs/2207.06035 Perturbation Inactivation Based Adversarial Defense for Face Recognition. (99%) Min Ren; Yuhao Zhu; Yunlong Wang; Zhenan Sun http://arxiv.org/abs/2207.06154 On the Robustness of Bayesian Neural Networks to Adversarial Attacks. (93%) Luca Bortolussi; Ginevra Carbone; Luca Laurenti; Andrea Patane; Guido Sanguinetti; Matthew Wicker http://arxiv.org/abs/2207.06202 Adversarially-Aware Robust Object Detector. (91%) Ziyi Dong; Pengxu Wei; Liang Lin http://arxiv.org/abs/2207.06647 PIAT: Physics Informed Adversarial Training for Solving Partial Differential Equations. (15%) Simin Shekarpaz; Mohammad Azizmalayeri; Mohammad Hossein Rohban http://arxiv.org/abs/2207.06236 Explainable Intrusion Detection Systems (X-IDS): A Survey of Current Methods, Challenges, and Opportunities. (10%) Subash Neupane; Jesse Ables; William Anderson; Sudip Mittal; Shahram Rahimi; Ioana Banicescu; Maria Seale http://arxiv.org/abs/2207.06196 Interactive Machine Learning: A State of the Art Review. (4%) Natnael A. Wondimu; Cédric Buche; Ubbo Visser http://arxiv.org/abs/2207.06211 Sample-dependent Adaptive Temperature Scaling for Improved Calibration. (2%) Tom Joy; Francesco Pinto; Ser-Nam Lim; Philip H. S. Torr; Puneet K. Dokania http://arxiv.org/abs/2207.06282 DiverGet: A Search-Based Software Testing Approach for Deep Neural Network Quantization Assessment. (1%) Ahmed Haj Yahmed; Houssem Ben Braiek; Foutse Khomh; Sonia Bouzidi; Rania Zaatour http://arxiv.org/abs/2207.05756 Exploring Adversarial Examples and Adversarial Robustness of Convolutional Neural Networks by Mutual Information. (99%) Jiebao Zhang; Wenhua Qian; Rencan Nie; Jinde Cao; Dan Xu http://arxiv.org/abs/2207.05451 Adversarial Robustness Assessment of NeuroEvolution Approaches. (99%) Inês Valentim; Nuno Lourenço; Nuno Antunes http://arxiv.org/abs/2207.05382 Frequency Domain Model Augmentation for Adversarial Attack. (99%) Yuyang Long; Qilong Zhang; Boheng Zeng; Lianli Gao; Xianglong Liu; Jian Zhang; Jingkuan Song http://arxiv.org/abs/2207.05548 Practical Attacks on Machine Learning: A Case Study on Adversarial Windows Malware. (92%) Luca Demetrio; Battista Biggio; Fabio Roli http://arxiv.org/abs/2207.05937 Game of Trojans: A Submodular Byzantine Approach. (87%) Dinuka Sahabandu; Arezoo Rajabi; Luyao Niu; Bo Li; Bhaskar Ramasubramanian; Radha Poovendran http://arxiv.org/abs/2207.05321 Bi-fidelity Evolutionary Multiobjective Search for Adversarially Robust Deep Neural Architectures. (84%) Jia Liu; Ran Cheng; Yaochu Jin http://arxiv.org/abs/2207.05327 Certified Adversarial Robustness via Anisotropic Randomized Smoothing. (76%) Hanbin Hong; Yuan Hong http://arxiv.org/abs/2207.05801 RelaxLoss: Defending Membership Inference Attacks without Losing Utility. (26%) Dingfan Chen; Ning Yu; Mario Fritz http://arxiv.org/abs/2207.05902 Verifying Attention Robustness of Deep Neural Networks against Semantic Perturbations. (5%) Satoshi Munakata; Caterina Urban; Haruki Yokoyama; Koji Yamamoto; Kazuki Munakata http://arxiv.org/abs/2207.05436 Markov Decision Process For Automatic Cyber Defense. (4%) Simon Yusuf Enoch; Simon Yusuf Enoch; Dong Seong Kim http://arxiv.org/abs/2207.05796 Estimating Test Performance for AI Medical Devices under Distribution Shift with Conformal Prediction. (1%) Charles Lu; Syed Rakin Ahmed; Praveer Singh; Jayashree Kalpathy-Cramer http://arxiv.org/abs/2207.05641 Backdoor Attacks on Crowd Counting. (1%) Yuhua Sun; Tailai Zhang; Xingjun Ma; Pan Zhou; Jian Lou; Zichuan Xu; Xing Di; Yu Cheng; Lichao http://arxiv.org/abs/2207.04843 Statistical Detection of Adversarial examples in Blockchain-based Federated Forest In-vehicle Network Intrusion Detection Systems. (99%) Ibrahim Aliyu; Engelenburg Selinde van; Muhammed Bashir Muazu; Jinsul Kim; Chang Gyoon Lim http://arxiv.org/abs/2207.05127 RUSH: Robust Contrastive Learning via Randomized Smoothing. (98%) Yijiang Pang; Boyang Liu; Jiayu Zhou http://arxiv.org/abs/2207.05729 Physical Passive Patch Adversarial Attacks on Visual Odometry Systems. (98%) Yaniv Nemcovsky; Matan Yaakoby; Alex M. Bronstein; Chaim Baskin http://arxiv.org/abs/2207.05137 Towards Effective Multi-Label Recognition Attacks via Knowledge Graph Consistency. (83%) Hassan Mahmood; Ehsan Elhamifar http://arxiv.org/abs/2207.05225 Susceptibility of Continual Learning Against Adversarial Attacks. (75%) Hikmat Khan; Pir Masoom Shah; Syed Farhan Alam Zaidi; Saif ul Islam http://arxiv.org/abs/2207.05164 "Why do so?" -- A Practical Perspective on Machine Learning Security. (64%) Kathrin Grosse; Lukas Bieringer; Tarek Richard Besold; Battista Biggio; Katharina Krombholz http://arxiv.org/abs/2207.04718 Physical Attack on Monocular Depth Estimation with Optimal Adversarial Patches. (22%) Zhiyuan Cheng; James Liang; Hongjun Choi; Guanhong Tao; Zhiwen Cao; Dongfang Liu; Xiangyu Zhang http://arxiv.org/abs/2207.04892 Adversarial Style Augmentation for Domain Generalized Urban-Scene Segmentation. (1%) Zhun Zhong; Yuyang Zhao; Gim Hee Lee; Nicu Sebe http://arxiv.org/abs/2207.04497 One-shot Neural Backdoor Erasing via Adversarial Weight Masking. (33%) Shuwen Chai; Jinghui Chen http://arxiv.org/abs/2207.04434 Hiding Your Signals: A Security Analysis of PPG-based Biometric Authentication. (4%) Lin Li; Chao Chen; Lei Pan; Yonghang Tai; Jun Zhang; Yang Xiang http://arxiv.org/abs/2207.04307 Adversarial Framework with Certified Robustness for Time-Series Domain via Statistical Features. (98%) Taha Belkhouja; Janardhan Rao Doppa http://arxiv.org/abs/2207.04209 Invisible Backdoor Attacks Using Data Poisoning in the Frequency Domain. (98%) Chang Yue; Peizhuo Lv; Ruigang Liang; Kai Chen http://arxiv.org/abs/2207.04308 Dynamic Time Warping based Adversarial Framework for Time-Series Domain. (97%) Taha Belkhouja; Yan Yan; Janardhan Rao Doppa http://arxiv.org/abs/2207.04305 Training Robust Deep Models for Time-Series Domain: Novel Algorithms and Theoretical Analysis. (67%) Taha Belkhouja; Yan Yan; Janardhan Rao Doppa http://arxiv.org/abs/2207.04129 Not all broken defenses are equal: The dead angles of adversarial accuracy. (99%) Raphael Olivier; Bhiksha Raj http://arxiv.org/abs/2207.13036 Improved and Interpretable Defense to Transferred Adversarial Examples by Jacobian Norm with Selective Input Gradient Regularization. (99%) Deyin Liu; Lin Wu; Lingqiao Liu; Haifeng Zhao; Farid Boussaid; Mohammed Bennamoun http://arxiv.org/abs/2207.03895 Defense Against Multi-target Trojan Attacks. (80%) Haripriya Harikumar; Santu Rana; Kien Do; Sunil Gupta; Wei Zong; Willy Susilo; Svetha Venkastesh http://arxiv.org/abs/2207.03689 Guiding the retraining of convolutional neural networks against adversarial inputs. (80%) Francisco Durán López; Silverio Martínez-Fernández; Michael Felderer; Xavier Franch http://arxiv.org/abs/2207.09912 Online Evasion Attacks on Recurrent Models:The Power of Hallucinating the Future. (68%) Byunggill Joe; Insik Shin; Jihun Hamm http://arxiv.org/abs/2207.04075 Models Out of Line: A Fourier Lens on Distribution Shift Robustness. (10%) Sara Fridovich-Keil; Brian R. Bartoldson; James Diffenderfer; Bhavya Kailkhura; Peer-Timo Bremer http://arxiv.org/abs/2207.03933 A law of adversarial risk, interpolation, and label noise. (1%) Daniel Paleka; Amartya Sanyal http://arxiv.org/abs/2207.03400 On the Relationship Between Adversarial Robustness and Decision Region in Deep Neural Network. (99%) Seongjin Park; Haedong Jeong; Giyoung Jeon; Jaesik Choi http://arxiv.org/abs/2207.03162 Harnessing Out-Of-Distribution Examples via Augmenting Content and Style. (11%) Zhuo Huang; Xiaobo Xia; Li Shen; Bo Han; Mingming Gong; Chen Gong; Tongliang Liu http://arxiv.org/abs/2207.03586 CausalAgents: A Robustness Benchmark for Motion Forecasting using Causal Relationships. (5%) Rebecca Roelofs; Liting Sun; Ben Caine; Khaled S. Refaat; Ben Sapp; Scott Ettinger; Wei Chai http://arxiv.org/abs/2207.02963 The Weaknesses of Adversarial Camouflage in Overhead Imagery. (83%) Etten Adam Van http://arxiv.org/abs/2207.02639 Adversarial Robustness of Visual Dialog. (64%) Lu Yu; Verena Rieser http://arxiv.org/abs/2207.02764 Enhancing Adversarial Attacks on Single-Layer NVM Crossbar-Based Neural Networks with Power Consumption Information. (54%) Cory Merkel http://arxiv.org/abs/2207.02842 When does Bias Transfer in Transfer Learning? (10%) Hadi Salman; Saachi Jain; Andrew Ilyas; Logan Engstrom; Eric Wong; Aleksander Madry http://arxiv.org/abs/2207.03056 Privacy-preserving Reflection Rendering for Augmented Reality. (2%) Yiqin Zhao; Sheng Wei; Tian Guo http://arxiv.org/abs/2207.03036 Not All Models Are Equal: Predicting Model Transferability in a Self-challenging Fisher Space. (1%) Wenqi Shao; Xun Zhao; Yixiao Ge; Zhaoyang Zhang; Lei Yang; Xiaogang Wang; Ying Shan; Ping Luo http://arxiv.org/abs/2207.02391 Query-Efficient Adversarial Attack Based on Latin Hypercube Sampling. (99%) Dan Wang; Jiayu Lin; Yuan-Gen Wang http://arxiv.org/abs/2207.01982 Defending against the Label-flipping Attack in Federated Learning. (98%) Najeeb Moharram Jebreel; Josep Domingo-Ferrer; David Sánchez; Alberto Blanco-Justicia http://arxiv.org/abs/2207.02152 UniCR: Universally Approximated Certified Robustness via Randomized Smoothing. (93%) Hanbin Hong; Binghui Wang; Yuan Hong http://arxiv.org/abs/2207.02036 PRoA: A Probabilistic Robustness Assessment against Functional Perturbations. (92%) Tianle Zhang; Wenjie Ruan; Jonathan E. Fieldsend http://arxiv.org/abs/2207.02087 Learning to Accelerate Approximate Methods for Solving Integer Programming via Early Fixing. (38%) Longkang Li; Baoyuan Wu http://arxiv.org/abs/2207.02159 Robustness Analysis of Video-Language Models Against Visual and Language Perturbations. (1%) Madeline C. Schiappa; Shruti Vyas; Hamid Palangi; Yogesh S. Rawat; Vibhav Vineet http://arxiv.org/abs/2207.01991 Conflicting Interactions Among Protection Mechanisms for Machine Learning Models. (1%) Sebastian Szyller; N. Asokan http://arxiv.org/abs/2207.01847 PoF: Post-Training of Feature Extractor for Improving Generalization. (1%) Ikuro Sato; Ryota Yamada; Masayuki Tanaka; Nakamasa Inoue; Rei Kawakami http://arxiv.org/abs/2207.02158 Class-Specific Semantic Reconstruction for Open Set Recognition. (1%) Hongzhi Huang; Yu Wang; Qinghua Hu; Ming-Ming Cheng http://arxiv.org/abs/2207.01396 Hessian-Free Second-Order Adversarial Examples for Adversarial Learning. (99%) Yaguan Qian; Yuqi Wang; Bin Wang; Zhaoquan Gu; Yuhan Guo; Wassim Swaileh http://arxiv.org/abs/2207.01531 Wild Networks: Exposure of 5G Network Infrastructures to Adversarial Examples. (98%) Giovanni Apruzzese; Rodion Vladimirov; Aliya Tastemirova; Pavel Laskov http://arxiv.org/abs/2207.01795 Task-agnostic Defense against Adversarial Patch Attacks. (98%) Ke Xu; Yao Xiao; Zhaoheng Zheng; Kaijie Cai; Ram Nevatia http://arxiv.org/abs/2207.01398 Large-scale Robustness Analysis of Video Action Recognition Models. (70%) Madeline C. Schiappa; Naman Biyani; Shruti Vyas; Hamid Palangi; Vibhav Vineet; Yogesh Rawat http://arxiv.org/abs/2207.01548 Counterbalancing Teacher: Regularizing Batch Normalized Models for Robustness. (1%) Saeid Asgari Taghanaki; Ali Gholami; Fereshte Khani; Kristy Choi; Linh Tran; Ran Zhang; Aliasghar Khani http://arxiv.org/abs/2207.01149 RAF: Recursive Adversarial Attacks on Face Recognition Using Extremely Limited Queries. (99%) Keshav Kasichainula; Hadi Mansourifar; Weidong Shi http://arxiv.org/abs/2207.01156 Removing Batch Normalization Boosts Adversarial Training. (98%) Haotao Wang; Aston Zhang; Shuai Zheng; Xingjian Shi; Mu Li; Zhangyang Wang http://arxiv.org/abs/2207.01106 Anomaly Detection with Adversarially Learned Perturbations of Latent Space. (13%) Vahid Reza Khazaie; Anthony Wong; John Taylor Jewell; Yalda Mohsenzadeh http://arxiv.org/abs/2207.01059 Identifying the Context Shift between Test Benchmarks and Production Data. (1%) Matthew Groh http://arxiv.org/abs/2207.00872 FL-Defender: Combating Targeted Attacks in Federated Learning. (80%) Najeeb Jebreel; Josep Domingo-Ferrer http://arxiv.org/abs/2207.00762 Backdoor Attack is a Devil in Federated GAN-based Medical Image Synthesis. (11%) Ruinan Jin; Xiaoxiao Li http://arxiv.org/abs/2207.00740 PhilaeX: Explaining the Failure and Success of AI Models in Malware Detection. (1%) Zhi Lu; Vrizlynn L. L. Thing http://arxiv.org/abs/2207.00694 Efficient Adversarial Training With Data Pruning. (99%) Maximilian Kaufmann; Yiren Zhao; Ilia Shumailov; Robert Mullins; Nicolas Papernot http://arxiv.org/abs/2207.00278 BadHash: Invisible Backdoor Attacks against Deep Hashing with Clean Label. (99%) Shengshan Hu; Ziqi Zhou; Yechao Zhang; Leo Yu Zhang; Yifeng Zheng; Yuanyuan HE; Hai Jin http://arxiv.org/abs/2206.15128 Detecting and Recovering Adversarial Examples from Extracting Non-robust and Highly Predictive Adversarial Perturbations. (99%) Mingyu Dong; Jiahao Chen; Diqun Yan; Jingxing Gao; Li Dong; Rangding Wang http://arxiv.org/abs/2207.00099 Measuring Forgetting of Memorized Training Examples. (83%) Matthew Jagielski; Om Thakkar; Florian Tramèr; Daphne Ippolito; Katherine Lee; Nicholas Carlini; Eric Wallace; Shuang Song; Abhradeep Thakurta; Nicolas Papernot; Chiyuan Zhang http://arxiv.org/abs/2206.15415 MEAD: A Multi-Armed Approach for Evaluation of Adversarial Examples Detectors. (80%) Federica Granese; Marine Picot; Marco Romanelli; Francisco Messina; Pablo Piantanida http://arxiv.org/abs/2207.00012 Reliable Representations Make A Stronger Defender: Unsupervised Structure Refinement for Robust GNN. (16%) Kuan Li; Yang Liu; Xiang Ao; Jianfeng Chi; Jinghua Feng; Hao Yang; Qing He http://arxiv.org/abs/2207.00091 Threat Assessment in Machine Learning based Systems. (13%) Lionel Nganyewou Tidjon; Foutse Khomh http://arxiv.org/abs/2207.00137 Robustness of Epinets against Distributional Shifts. (1%) Xiuyuan Lu; Ian Osband; Seyed Mohammad Asghari; Sven Gowal; Vikranth Dwaracherla; Zheng Wen; Roy Benjamin Van http://arxiv.org/abs/2207.00118 ProSelfLC: Progressive Self Label Correction Towards A Low-Temperature Entropy State. (1%) Xinshao Wang; Yang Hua; Elyor Kodirov; Sankha Subhra Mukherjee; David A. Clifton; Neil M. Robertson http://arxiv.org/abs/2206.15369 No Reason for No Supervision: Improved Generalization in Supervised Models. (1%) Mert Bulent Sariyildiz; Yannis Kalantidis; Karteek Alahari; Diane Larlus http://arxiv.org/abs/2206.15274 Augment like there's no tomorrow: Consistently performing neural networks for medical imaging. (1%) Joona Pohjonen; Carolin Stürenberg; Atte Föhr; Reija Randen-Brady; Lassi Luomala; Jouni Lohi; Esa Pitkänen; Antti Rannikko; Tuomas Mirtti http://arxiv.org/abs/2206.14772 IBP Regularization for Verified Adversarial Robustness via Branch-and-Bound. (92%) Palma Alessandro De; Rudy Bunel; Krishnamurthy Dvijotham; M. Pawan Kumar; Robert Stanforth http://arxiv.org/abs/2206.14477 Adversarial Ensemble Training by Jointly Learning Label Dependencies and Member Models. (33%) Lele Wang; Bin Liu http://arxiv.org/abs/2206.14729 longhorns at DADC 2022: How many linguists does it take to fool a Question Answering model? A systematic approach to adversarial attacks. (10%) Venelin Kovatchev; Trina Chatterjee; Venkata S Govindarajan; Jifan Chen; Eunsol Choi; Gabriella Chronis; Anubrata Das; Katrin Erk; Matthew Lease; Junyi Jessy Li; Yating Wu; Kyle Mahowald http://arxiv.org/abs/2206.14724 Private Graph Extraction via Feature Explanations. (10%) Iyiola E. Olatunji; Mandeep Rathee; Thorben Funke; Megha Khosla http://arxiv.org/abs/2206.14502 RegMixup: Mixup as a Regularizer Can Surprisingly Improve Accuracy and Out Distribution Robustness. (2%) Francesco Pinto; Harry Yang; Ser-Nam Lim; Philip H. S. Torr; Puneet K. Dokania http://arxiv.org/abs/2206.13991 Increasing Confidence in Adversarial Robustness Evaluations. (99%) Roland S. Zimmermann; Wieland Brendel; Florian Tramer; Nicholas Carlini http://arxiv.org/abs/2206.14020 Rethinking Adversarial Examples for Location Privacy Protection. (93%) Trung-Nghia Le; Ta Gu; Huy H. Nguyen; Isao Echizen http://arxiv.org/abs/2206.14346 A Deep Learning Approach to Create DNS Amplification Attacks. (92%) Jared Mathews; Prosenjit Chatterjee; Shankar Banik; Cory Nance http://arxiv.org/abs/2206.14004 On the amplification of security and privacy risks by post-hoc explanations in machine learning models. (31%) Pengrui Quan; Supriyo Chakraborty; Jeya Vikranth Jeyakumar; Mani Srivastava http://arxiv.org/abs/2206.14157 How to Steer Your Adversary: Targeted and Efficient Model Stealing Defenses with Gradient Redirection. (12%) Mantas Mazeika; Bo Li; David Forsyth http://arxiv.org/abs/2206.14322 An Empirical Study of Challenges in Converting Deep Learning Models. (5%) Moses Jack Openja; Amin Jack Nikanjam; Ahmed Haj Jack Yahmed; Foutse Jack Khomh; Zhen Jack Ming; Jiang http://arxiv.org/abs/2206.14076 Reasoning about Moving Target Defense in Attack Modeling Formalisms. (2%) Gabriel Ballot; Vadim Malvone; Jean Leneutre; Etienne Borde http://arxiv.org/abs/2206.13903 AS-IntroVAE: Adversarial Similarity Distance Makes Robust IntroVAE. (1%) Changjie Lu; Shen Zheng; Zirui Wang; Omar Dib; Gaurav Gupta http://arxiv.org/abs/2206.13083 Adversarial Example Detection in Deployed Tree Ensembles. (99%) Laurens Devos; Wannes Meert; Jesse Davis http://arxiv.org/abs/2206.13104 Towards Secrecy-Aware Attacks Against Trust Prediction in Signed Graphs. (38%) Yulin Zhu; Tomasz Michalak; Xiapu Luo; Kai Zhou http://arxiv.org/abs/2206.13405 Utilizing Class Separation Distance for the Evaluation of Corruption Robustness of Machine Learning Classifiers. (15%) Georg Siedel; Silvia Vock; Andrey Morozov; Stefan Voß http://arxiv.org/abs/2206.13594 Cyber Network Resilience against Self-Propagating Malware Attacks. (13%) Alesia Chernikova; Nicolò Gozzi; Simona Boboila; Priyanka Angadi; John Loughner; Matthew Wilden; Nicola Perra; Tina Eliassi-Rad; Alina Oprea http://arxiv.org/abs/2206.14615 Quantification of Deep Neural Network Prediction Uncertainties for VVUQ of Machine Learning Models. (4%) Mahmoud Yaseen; Xu Wu http://arxiv.org/abs/2206.12963 Self-Healing Robust Neural Networks via Closed-Loop Control. (45%) Zhuotong Chen; Qianxiao Li; Zheng Zhang http://arxiv.org/abs/2206.13032 De-END: Decoder-driven Watermarking Network. (1%) Han Fang; Zhaoyang Jia; Yupeng Qiu; Jiyi Zhang; Weiming Zhang; Ee-Chien Chang http://arxiv.org/abs/2206.12725 Empirical Evaluation of Physical Adversarial Patch Attacks Against Overhead Object Detection Models. (99%) Gavin S. Hartnett; Li Ang Zhang; Caolionn O'Connell; Andrew J. Lohn; Jair Aguirre http://arxiv.org/abs/2206.12685 Defense against adversarial attacks on deep convolutional neural networks through nonlocal denoising. (99%) Sandhya Aneja; Nagender Aneja; Pg Emeroylariffion Abas; Abdul Ghani Naim http://arxiv.org/abs/2206.12590 RSTAM: An Effective Black-Box Impersonation Attack on Face Recognition using a Mobile and Compact Printer. (99%) Xiaoliang Liu; Furao Shen; Jian Zhao; Changhai Nie http://arxiv.org/abs/2206.12714 Defending Multimodal Fusion Models against Single-Source Adversaries. (81%) Karren Yang; Wan-Yi Lin; Manash Barman; Filipe Condessa; Zico Kolter http://arxiv.org/abs/2206.12654 BackdoorBench: A Comprehensive Benchmark of Backdoor Learning. (12%) Baoyuan Wu; Hongrui Chen; Mingda Zhang; Zihao Zhu; Shaokui Wei; Danni Yuan; Chao Shen; Hongyuan Zha http://arxiv.org/abs/2206.12735 Cascading Failures in Smart Grids under Random, Targeted and Adaptive Attacks. (1%) Sushmita Ruj; Arindam Pal http://arxiv.org/abs/2206.12381 Defending Backdoor Attacks on Vision Transformer via Patch Processing. (99%) Khoa D. Doan; Yingjie Lao; Peng Yang; Ping Li http://arxiv.org/abs/2206.12169 AdAUC: End-to-end Adversarial AUC Optimization Against Long-tail Problems. (96%) Wenzheng Hou; Qianqian Xu; Zhiyong Yang; Shilong Bao; Yuan He; Qingming Huang http://arxiv.org/abs/2206.12227 Adversarial Robustness of Deep Neural Networks: A Survey from a Formal Verification Perspective. (92%) Mark Huasong Meng; Guangdong Bai; Sin Gee Teo; Zhe Hou; Yan Xiao; Yun Lin; Jin Song Dong http://arxiv.org/abs/2206.12284 Robustness of Explanation Methods for NLP Models. (82%) Shriya Atmakuri; Tejas Chheda; Dinesh Kandula; Nishant Yadav; Taesung Lee; Hessel Tuinhof http://arxiv.org/abs/2206.12100 zPROBE: Zero Peek Robustness Checks for Federated Learning. (4%) Zahra Ghodsi; Mojan Javaheripi; Nojan Sheybani; Xinqiao Zhang; Ke Huang; Farinaz Koushanfar http://arxiv.org/abs/2207.03576 Robustness Evaluation of Deep Unsupervised Learning Algorithms for Intrusion Detection Systems. (2%) D'Jeff Kanda Nkashama; Arian Soltani; Jean-Charles Verdier; Marc Frappier; Pierre-Martin Tardif; Froduald Kabanza http://arxiv.org/abs/2206.12251 Adversarial Zoom Lens: A Novel Physical-World Attack to DNNs. (99%) Chengyin Hu; Weiwen Shi http://arxiv.org/abs/2206.11480 A Framework for Understanding Model Extraction Attack and Defense. (98%) Xun Xian; Mingyi Hong; Jie Ding http://arxiv.org/abs/2206.11750 Towards End-to-End Private Automatic Speaker Recognition. (76%) Francisco Teixeira; Alberto Abad; Bhiksha Raj; Isabel Trancoso http://arxiv.org/abs/2206.11724 BERT Rankers are Brittle: a Study using Adversarial Document Perturbations. (75%) Yumeng Wang; Lijun Lyu; Avishek Anand http://arxiv.org/abs/2206.11981 Never trust, always verify : a roadmap for Trustworthy AI? (1%) Lionel Nganyewou Tidjon; Foutse Khomh http://arxiv.org/abs/2206.11939 Measuring Representational Robustness of Neural Networks Through Shared Invariances. (1%) Vedant Nanda; Till Speicher; Camila Kolling; John P. Dickerson; Krishna P. Gummadi; Adrian Weller http://arxiv.org/abs/2206.10988 AdvSmo: Black-box Adversarial Attack by Smoothing Linear Structure of Texture. (99%) Hui Xia; Rui Zhang; Shuliang Jiang; Zi Kang http://arxiv.org/abs/2206.12292 InfoAT: Improving Adversarial Training Using the Information Bottleneck Principle. (98%) Mengting Xu; Tao Zhang; Zhongnian Li; Daoqiang Zhang http://arxiv.org/abs/2206.10858 Robust Universal Adversarial Perturbations. (97%) Changming Xu; Gagandeep Singh http://arxiv.org/abs/2206.10875 Guided Diffusion Model for Adversarial Purification from Random Noise. (68%) Quanlin Wu; Hang Ye; Yuntian Gu http://arxiv.org/abs/2206.10915 Understanding the effect of sparsity on neural networks robustness. (61%) Lukas Timpl; Rahim Entezari; Hanie Sedghi; Behnam Neyshabur; Olga Saukh http://arxiv.org/abs/2206.11433 Shilling Black-box Recommender Systems by Learning to Generate Fake User Profiles. (41%) Chen Lin; Si Chen; Meifang Zeng; Sheng Zhang; Min Gao; Hui Li http://arxiv.org/abs/2206.10809 SSMI: How to Make Objects of Interest Disappear without Accessing Object Detectors? (99%) Hui Xia; Rui Zhang; Zi Kang; Shuliang Jiang http://arxiv.org/abs/2207.00425 Transferable Graph Backdoor Attack. (99%) Shuiqiao Yang; Bao Gia Doan; Paul Montague; Vel Olivier De; Tamas Abraham; Seyit Camtepe; Damith C. Ranasinghe; Salil S. Kanhere http://arxiv.org/abs/2206.10550 (Certified!!) Adversarial Robustness for Free! (84%) Nicholas Dj Carlini; Florian Dj Tramer; Dj Krishnamurthy; Dvijotham; J. Zico Kolter http://arxiv.org/abs/2206.10158 Certifiably Robust Policy Learning against Adversarial Communication in Multi-agent Systems. (81%) Yanchao Sun; Ruijie Zheng; Parisa Hassanzadeh; Yongyuan Liang; Soheil Feizi; Sumitra Ganesh; Furong Huang http://arxiv.org/abs/2206.10708 FlashSyn: Flash Loan Attack Synthesis via Counter Example Driven Approximation. (68%) Zhiyang Chen; Sidi Mohamed Beillahi; Fan Long http://arxiv.org/abs/2206.10673 Natural Backdoor Datasets. (33%) Emily Wenger; Roma Bhattacharjee; Arjun Nitin Bhagoji; Josephine Passananti; Emilio Andere; Haitao Zheng; Ben Y. Zhao http://arxiv.org/abs/2206.10469 The Privacy Onion Effect: Memorization is Relative. (22%) Nicholas Carlini; Matthew Jagielski; Nicolas Papernot; Andreas Terzis; Florian Tramer; Chiyuan Zhang http://arxiv.org/abs/2206.10110 ProML: A Decentralised Platform for Provenance Management of Machine Learning Software Systems. (1%) Nguyen Khoi Tran; Bushra Sabir; M. Ali Babar; Nini Cui; Mehran Abolhasan; Justin Lipman http://arxiv.org/abs/2206.09868 Understanding Robust Learning through the Lens of Representation Similarities. (99%) Christian Cianfarani; Arjun Nitin Bhagoji; Vikash Sehwag; Ben Zhao; Prateek Mittal http://arxiv.org/abs/2206.09628 Diversified Adversarial Attacks based on Conjugate Gradient Method. (98%) Keiichiro Yamamura; Haruki Sato; Nariaki Tateiwa; Nozomi Hata; Toru Mitsutake; Issa Oe; Hiroki Ishikura; Katsuki Fujisawa http://arxiv.org/abs/2206.10057 Robust Deep Reinforcement Learning through Bootstrapped Opportunistic Curriculum. (76%) Junlin Wu; Yevgeniy Vorobeychik http://arxiv.org/abs/2206.09682 SafeBench: A Benchmarking Platform for Safety Evaluation of Autonomous Vehicles. (5%) Chejian Xu; Wenhao Ding; Weijie Lyu; Zuxin Liu; Shuai Wang; Yihan He; Hanjiang Hu; Ding Zhao; Bo Li http://arxiv.org/abs/2206.09880 Breaking Down Out-of-Distribution Detection: Many Methods Based on OOD Training Data Estimate a Combination of the Same Core Quantities. (1%) Julian Bitterwolf; Alexander Meinke; Maximilian Augustin; Matthias Hein http://arxiv.org/abs/2206.09491 On the Limitations of Stochastic Pre-processing Defenses. (99%) Yue Gao; Ilia Shumailov; Kassem Fawaz; Nicolas Papernot http://arxiv.org/abs/2206.09391 Towards Adversarial Attack on Vision-Language Pre-training Models. (98%) Jiaming Zhang; Qi Yi; Jitao Sang http://arxiv.org/abs/2206.09458 A Universal Adversarial Policy for Text Classifiers. (98%) Gallil Maimon; Lior Rokach http://arxiv.org/abs/2206.09410 JPEG Compression-Resistant Low-Mid Adversarial Perturbation against Unauthorized Face Recognition System. (68%) Jiaming Zhang; Qi Yi; Jitao Sang http://arxiv.org/abs/2206.11228 Adversarially trained neural representations may already be as robust as corresponding biological neural representations. (31%) Chong Guo; Michael J. Lee; Guillaume Leclerc; Joel Dapello; Yug Rao; Aleksander Madry; James J. DiCarlo http://arxiv.org/abs/2207.03574 Demystifying the Adversarial Robustness of Random Transformation Defenses. (99%) Chawin Sitawarin; Zachary Golan-Strieb; David Wagner http://arxiv.org/abs/2206.09238 On the Role of Generalization in Transferability of Adversarial Examples. (99%) Yilin Wang; Farzan Farnia http://arxiv.org/abs/2206.09272 DECK: Model Hardening for Defending Pervasive Backdoors. (98%) Guanhong Tao; Yingqi Liu; Siyuan Cheng; Shengwei An; Zhuo Zhang; Qiuling Xu; Guangyu Shen; Xiangyu Zhang http://arxiv.org/abs/2206.09122 Measuring Lower Bounds of Local Differential Privacy via Adversary Instantiations in Federated Learning. (10%) Marin Matsumoto; Tsubasa Takahashi; Seng Pei Liew; Masato Oguchi http://arxiv.org/abs/2206.09305 Adversarial Scrutiny of Evidentiary Statistical Software. (2%) Rediet Abebe; Moritz Hardt; Angela Jin; John Miller; Ludwig Schmidt; Rebecca Wexler http://arxiv.org/abs/2206.08738 Detecting Adversarial Examples in Batches -- a geometrical approach. (99%) Danush Kumar Venkatesh; Peter Steinbach http://arxiv.org/abs/2206.08638 Minimum Noticeable Difference based Adversarial Privacy Preserving Image Generation. (99%) Wen Sun; Jian Jin; Weisi Lin http://arxiv.org/abs/2206.08575 Query-Efficient and Scalable Black-Box Adversarial Attacks on Discrete Sequential Data via Bayesian Optimization. (99%) Deokjae Lee; Seungyong Moon; Junhyeok Lee; Hyun Oh Song http://arxiv.org/abs/2206.09075 Comment on Transferability and Input Transformation with Additive Noise. (99%) Hoki Kim; Jinseong Park; Jaewook Lee http://arxiv.org/abs/2207.00411 Adversarial Robustness is at Odds with Lazy Training. (98%) Yunjuan Wang; Enayat Ullah; Poorya Mianjy; Raman Arora http://arxiv.org/abs/2206.08788 Is Multi-Modal Necessarily Better? Robustness Evaluation of Multi-modal Fake News Detection. (83%) Jinyin Chen; Chengyu Jia; Haibin Zheng; Ruoxi Chen; Chenbo Fu http://arxiv.org/abs/2206.11225 RetrievalGuard: Provably Robust 1-Nearest Neighbor Image Retrieval. (81%) Yihan Wu; Hongyang Zhang; Heng Huang http://arxiv.org/abs/2206.09099 The Consistency of Adversarial Training for Binary Classification. (26%) Natalie S. Frank; Jonathan Niles-Weed http://arxiv.org/abs/2206.09098 Existence and Minimax Theorems for Adversarial Surrogate Risks in Binary Classification. (15%) Natalie S. Frank http://arxiv.org/abs/2206.08675 Understanding Robust Overfitting of Adversarial Training and Beyond. (8%) Chaojian Yu; Bo Han; Li Shen; Jun Yu; Chen Gong; Mingming Gong; Tongliang Liu http://arxiv.org/abs/2206.08170 Adversarial Privacy Protection on Speech Enhancement. (99%) Mingyu Dong; Diqun Yan; Rangding Wang http://arxiv.org/abs/2206.08316 Boosting the Adversarial Transferability of Surrogate Model with Dark Knowledge. (99%) Dingcheng Yang; Zihao Xiao; Wenjian Yu http://arxiv.org/abs/2206.07953 Analysis and Extensions of Adversarial Training for Video Classification. (93%) Kaleab A. Kinfu; René Vidal http://arxiv.org/abs/2206.07912 Double Sampling Randomized Smoothing. (89%) Linyi Li; Jiawei Zhang; Tao Xie; Bo Li http://arxiv.org/abs/2206.08260 Adversarial Robustness of Graph-based Anomaly Detection. (76%) Yulin Zhu; Yuni Lai; Kaifa Zhao; Xiapu Luo; Mingquan Yuan; Jian Ren; Kai Zhou http://arxiv.org/abs/2206.08514 A Unified Evaluation of Textual Backdoor Learning: Frameworks and Benchmarks. (68%) Ganqu Cui; Lifan Yuan; Bingxiang He; Yangyi Chen; Zhiyuan Liu; Maosong Sun http://arxiv.org/abs/2206.08477 Backdoor Attacks on Vision Transformers. (31%) Akshayvarun Subramanya; Aniruddha Saha; Soroush Abbasi Koohpayegani; Ajinkya Tejankar; Hamed Pirsiavash http://arxiv.org/abs/2206.08304 Adversarial Patch Attacks and Defences in Vision-Based Tasks: A Survey. (22%) Abhijith Sharma; Yijun Bian; Phil Munz; Apurva Narayan http://arxiv.org/abs/2206.08242 Catastrophic overfitting is a bug but also a feature. (16%) Guillermo Ortiz-Jiménez; Jorge Pau de; Amartya Sanyal; Adel Bibi; Puneet K. Dokania; Pascal Frossard; Gregory Rogéz; Philip H. S. Torr http://arxiv.org/abs/2206.08451 I Know What You Trained Last Summer: A Survey on Stealing Machine Learning Models and Defences. (5%) Daryna Oliynyk; Rudolf Mayer; Andreas Rauber http://arxiv.org/abs/2206.08255 Gradient-Based Adversarial and Out-of-Distribution Detection. (2%) Jinsol Lee; Mohit Prabhushankar; Ghassan AlRegib http://arxiv.org/abs/2206.07918 "Understanding Robustness Lottery": A Comparative Visual Analysis of Neural Network Pruning Approaches. (1%) Zhimin Li; Shusen Liu; Xin Yu; Kailkhura Bhavya; Jie Cao; Diffenderfer James Daniel; Peer-Timo Bremer; Valerio Pascucci http://arxiv.org/abs/2206.07314 Fast and Reliable Evaluation of Adversarial Robustness with Minimum-Margin Attack. (99%) Ruize Gao; Jiongxiao Wang; Kaiwen Zhou; Feng Liu; Binghui Xie; Gang Niu; Bo Han; James Cheng http://arxiv.org/abs/2206.07321 Morphence-2.0: Evasion-Resilient Moving Target Defense Powered by Out-of-Distribution Detection. (99%) Abderrahmen Amich; Ata Kaboudi; Birhanu Eshete http://arxiv.org/abs/2206.07840 Architectural Backdoors in Neural Networks. (83%) Mikel Bober-Irizar; Ilia Shumailov; Yiren Zhao; Robert Mullins; Nicolas Papernot http://arxiv.org/abs/2206.07406 Hardening DNNs against Transfer Attacks during Network Compression using Greedy Adversarial Pruning. (75%) Jonah O'Brien Weiss; Tiago Alves; Sandip Kundu http://arxiv.org/abs/2206.07839 Linearity Grafting: Relaxed Neuron Pruning Helps Certifiable Robustness. (74%) Tianlong Chen; Huan Zhang; Zhenyu Zhang; Shiyu Chang; Sijia Liu; Pin-Yu Chen; Zhangyang Wang http://arxiv.org/abs/2206.07813 A Search-Based Testing Approach for Deep Reinforcement Learning Agents. (62%) Amirhossein Zolfagharian; Manel Abdellatif; Lionel Briand; Mojtaba Bagherzadeh; Ramesh S http://arxiv.org/abs/2206.07311 Can pruning improve certified robustness of neural networks? (56%) Zhangheng Li; Tianlong Chen; Linyi Li; Bo Li; Zhangyang Wang http://arxiv.org/abs/2206.07736 Improving Diversity with Adversarially Learned Transformations for Domain Generalization. (33%) Tejas Gokhale; Rushil Anirudh; Jayaraman J. Thiagarajan; Bhavya Kailkhura; Chitta Baral; Yezhou Yang http://arxiv.org/abs/2206.07842 Queried Unlabeled Data Improves and Robustifies Class-Incremental Learning. (11%) Tianlong Chen; Sijia Liu; Shiyu Chang; Lisa Amini; Zhangyang Wang http://arxiv.org/abs/2206.07387 The Manifold Hypothesis for Gradient-Based Explanations. (2%) Sebastian Bordt; Uddeshya Upadhyay; Zeynep Akata; Luxburg Ulrike von http://arxiv.org/abs/2206.07459 READ: Aggregating Reconstruction Error into Out-of-distribution Detection. (1%) Wenyu Jiang; Hao Cheng; Mingcai Chen; Shuai Feng; Yuxin Ge; Chongjun Wang http://arxiv.org/abs/2206.06737 Adversarial Vulnerability of Randomized Ensembles. (99%) Hassan Dbouk; Naresh R. Shanbhag http://arxiv.org/abs/2206.06592 Downlink Power Allocation in Massive MIMO via Deep Learning: Adversarial Attacks and Training. (99%) B. R. Manoj; Meysam Sadeghi; Erik G. Larsson http://arxiv.org/abs/2206.07144 Efficiently Training Low-Curvature Neural Networks. (92%) Suraj Srinivas; Kyle Matoba; Himabindu Lakkaraju; Francois Fleuret http://arxiv.org/abs/2206.07179 Proximal Splitting Adversarial Attacks for Semantic Segmentation. (92%) Jérôme Rony; Jean-Christophe Pesquet; Ismail Ben Ayed http://arxiv.org/abs/2206.06854 On the explainable properties of 1-Lipschitz Neural Networks: An Optimal Transport Perspective. (89%) Mathieu IRIT, UT Serrurier; Franck UT Mamalet; Thomas UT Fel; Louis UT3, UT, IRIT Béthune; Thibaut UT Boissin http://arxiv.org/abs/2206.07188 Defending Observation Attacks in Deep Reinforcement Learning via Detection and Denoising. (88%) Zikang Xiong; Joe Eappen; He Zhu; Suresh Jagannathan http://arxiv.org/abs/2206.06761 Exploring Adversarial Attacks and Defenses in Vision Transformers trained with DINO. (86%) Javier Rando; Nasib Naimi; Thomas Baumann; Max Mathys http://arxiv.org/abs/2206.07018 Turning a Curse Into a Blessing: Enabling Clean-Data-Free Defenses by Model Inversion. (68%) Si Chen; Yi Zeng; Won Park; Ruoxi Jia http://arxiv.org/abs/2206.07282 Human Eyes Inspired Recurrent Neural Networks are More Robust Against Adversarial Noises. (62%) Minkyu Choi; Yizhen Zhang; Kuan Han; Xiaokai Wang; Zhongming Liu http://arxiv.org/abs/2206.07150 Attacks on Perception-Based Control Systems: Modeling and Fundamental Limits. (2%) Amir Khazraei; Henry Pfister; Miroslav Pajic http://arxiv.org/abs/2206.07277 A Gift from Label Smoothing: Robust Training with Adaptive Label Smoothing via Auxiliary Classifier under Label Noise. (1%) Jongwoo Ko; Bongsoo Yi; Se-Young Yun http://arxiv.org/abs/2206.07284 A Survey on Gradient Inversion: Attacks, Defenses and Future Directions. (1%) Rui Zhang; Song Guo; Junxiao Wang; Xin Xie; Dacheng Tao http://arxiv.org/abs/2206.06496 Towards Alternative Techniques for Improving Adversarial Robustness: Analysis of Adversarial Training at a Spectrum of Perturbations. (99%) Kaustubh Sridhar; Souradeep Dutta; Ramneet Kaur; James Weimer; Oleg Sokolsky; Insup Lee http://arxiv.org/abs/2206.06257 Distributed Adversarial Training to Robustify Deep Neural Networks at Scale. (99%) Gaoyuan Zhang; Songtao Lu; Yihua Zhang; Xiangyi Chen; Pin-Yu Chen; Quanfu Fan; Lee Martie; Lior Horesh; Mingyi Hong; Sijia Liu http://arxiv.org/abs/2206.05898 Pixel to Binary Embedding Towards Robustness for CNNs. (47%) Ikki Kishida; Hideki Nakayama http://arxiv.org/abs/2206.06232 Towards Understanding Sharpness-Aware Minimization. (1%) Maksym Andriushchenko; Nicolas Flammarion http://arxiv.org/abs/2206.06299 An adversarially robust data-market for spatial, crowd-sourced data. (1%) Aida Manzano Kharman; Christian Jursitzky; Quan Zhou; Pietro Ferraro; Jakub Marecek; Pierre Pinson; Robert Shorten http://arxiv.org/abs/2206.05981 Efficient Human-in-the-loop System for Guiding DNNs Attention. (1%) Yi He; Xi Yang; Chia-Ming Chang; Haoran Xie; Takeo Igarashi http://arxiv.org/abs/2206.05751 Consistent Attack: Universal Adversarial Perturbation on Embodied Vision Navigation. (98%) Chengyang Ying; You Qiaoben; Xinning Zhou; Hang Su; Wenbo Ding; Jianyong Ai http://arxiv.org/abs/2206.05678 Security of Machine Learning-Based Anomaly Detection in Cyber Physical Systems. (92%) Zahra Jadidi; Shantanu Pal; Nithesh Nayak K; Arawinkumaar Selvakkumar; Chih-Chia Chang; Maedeh Beheshti; Alireza Jolfaei http://arxiv.org/abs/2206.06371 Darknet Traffic Classification and Adversarial Attacks. (81%) Nhien Rust-Nguyen; Mark Stamp http://arxiv.org/abs/2206.05846 InBiaseD: Inductive Bias Distillation to Improve Generalization and Robustness through Shape-awareness. (26%) Shruthi Gowda; Bahram Zonooz; Elahe Arani http://arxiv.org/abs/2206.05821 RSSD: Defend against Ransomware with Hardware-Isolated Network-Storage Codesign and Post-Attack Analysis. (9%) Benjamin Reidys; Peng Liu; Jian Huang http://arxiv.org/abs/2206.10341 Neurotoxin: Durable Backdoors in Federated Learning. (5%) Zhengming Zhang; Ashwinee Panda; Linyue Song; Yaoqing Yang; Michael W. Mahoney; Joseph E. Gonzalez; Kannan Ramchandran; Prateek Mittal http://arxiv.org/abs/2206.05664 An Efficient Method for Sample Adversarial Perturbations against Nonlinear Support Vector Machines. (4%) Wen Su; Qingna Li http://arxiv.org/abs/2206.05511 Improving the Adversarial Robustness of NLP Models by Information Bottleneck. (99%) Cenyuan Zhang; Xiang Zhou; Yixin Wan; Xiaoqing Zheng; Kai-Wei Chang; Cho-Jui Hsieh http://arxiv.org/abs/2206.10334 Defending Adversarial Examples by Negative Correlation Ensemble. (99%) Wenjian Luo; Hongwei Zhang; Linghao Kong; Zhijian Chen; Ke Tang http://arxiv.org/abs/2206.05565 NeuGuard: Lightweight Neuron-Guided Defense against Membership Inference Attacks. (81%) Nuo Xu; Binghui Wang; Ran Ran; Wujie Wen; Parv Venkitasubramaniam http://arxiv.org/abs/2206.05483 Bilateral Dependency Optimization: Defending Against Model-inversion Attacks. (69%) Xiong Peng; Feng Liu; Jingfen Zhang; Long Lan; Junjie Ye; Tongliang Liu; Bo Han http://arxiv.org/abs/2206.05289 Localized adversarial artifacts for compressed sensing MRI. (76%) Rima Alaifari; Giovanni S. Alberti; Tandri Gauksson http://arxiv.org/abs/2206.05406 Rethinking the Defense Against Free-rider Attack From the Perspective of Model Weight Evolving Frequency. (70%) Jinyin Chen; Mingjun Li; Tao Liu; Haibin Zheng; Yao Cheng; Changting Lin http://arxiv.org/abs/2206.05359 Blades: A Unified Benchmark Suite for Byzantine Attacks and Defenses in Federated Learning. (33%) Shenghui Li; Edith Ngai; Fanghua Ye; Li Ju; Tianru Zhang; Thiemo Voigt http://arxiv.org/abs/2206.04881 Enhancing Clean Label Backdoor Attack with Two-phase Specific Triggers. (9%) Nan Luo; Yuanzhang Li; Yajie Wang; Shangbo Wu; Yu-an Tan; Quanxin Zhang http://arxiv.org/abs/2206.04887 Deep Leakage from Model in Federated Learning. (3%) Zihao Zhao; Mengen Luo; Wenbo Ding http://arxiv.org/abs/2206.04890 Adversarial Counterfactual Environment Model Learning. (1%) Xiong-Hui Chen; Yang Yu; Zheng-Mao Zhu; Zhihua Yu; Zhenjun Chen; Chenghe Wang; Yinan Wu; Hongqiu Wu; Rong-Jun Qin; Ruijin Ding; Fangsheng Huang http://arxiv.org/abs/2206.04365 CARLA-GeAR: a Dataset Generator for a Systematic Evaluation of Adversarial Robustness of Vision Models. (99%) Federico Nesti; Giulio Rossolini; Gianluca D'Amico; Alessandro Biondi; Giorgio Buttazzo http://arxiv.org/abs/2206.04783 ReFace: Real-time Adversarial Attacks on Face Recognition Systems. (99%) Shehzeen Hussain; Todd Huster; Chris Mesterharm; Paarth Neekhara; Kevin An; Malhar Jere; Harshvardhan Sikka; Farinaz Koushanfar http://arxiv.org/abs/2206.04316 Adversarial Noises Are Linearly Separable for (Nearly) Random Neural Networks. (98%) Huishuai Zhang; Da Yu; Yiping Lu; Di He http://arxiv.org/abs/2206.04463 Meet You Halfway: Explaining Deep Learning Mysteries. (92%) Oriel BenShmuel http://arxiv.org/abs/2206.04472 Early Transferability of Adversarial Examples in Deep Neural Networks. (86%) Oriel BenShmuel http://arxiv.org/abs/2206.04310 GSmooth: Certified Robustness against Semantic Transformations via Generalized Randomized Smoothing. (86%) Zhongkai Hao; Chengyang Ying; Yinpeng Dong; Hang Su; Jun Zhu; Jian Song http://arxiv.org/abs/2206.04615 Beyond the Imitation Game: Quantifying and extrapolating the capabilities of language models. (84%) Aarohi Shammie Srivastava; Abhinav Shammie Rastogi; Abhishek Shammie Rao; Abu Awal Md Shammie Shoeb; Abubakar Shammie Abid; Adam Shammie Fisch; Adam R. Shammie Brown; Adam Shammie Santoro; Aditya Shammie Gupta; Adrià Shammie Garriga-Alonso; Agnieszka Shammie Kluska; Aitor Shammie Lewkowycz; Akshat Shammie Agarwal; Alethea Shammie Power; Alex Shammie Ray; Alex Shammie Warstadt; Alexander W. Shammie Kocurek; Ali Shammie Safaya; Ali Shammie Tazarv; Alice Shammie Xiang; Alicia Shammie Parrish; Allen Shammie Nie; Aman Shammie Hussain; Amanda Shammie Askell; Amanda Shammie Dsouza; Ambrose Shammie Slone; Ameet Shammie Rahane; Anantharaman S. Shammie Iyer; Anders Shammie Andreassen; Andrea Shammie Madotto; Andrea Shammie Santilli; Andreas Shammie Stuhlmüller; Andrew Shammie Dai; Andrew Shammie La; Andrew Shammie Lampinen; Andy Shammie Zou; Angela Shammie Jiang; Angelica Shammie Chen; Anh Shammie Vuong; Animesh Shammie Gupta; Anna Shammie Gottardi; Antonio Shammie Norelli; Anu Shammie Venkatesh; Arash Shammie Gholamidavoodi; Arfa Shammie Tabassum; Arul Shammie Menezes; Arun Shammie Kirubarajan; Asher Shammie Mullokandov; Ashish Shammie Sabharwal; Austin Shammie Herrick; Avia Shammie Efrat; Aykut Shammie Erdem; Ayla Shammie Karakaş; B. Ryan Shammie Roberts; Bao Sheng Shammie Loe; Barret Shammie Zoph; Bartłomiej Shammie Bojanowski; Batuhan Shammie Özyurt; Behnam Shammie Hedayatnia; Behnam Shammie Neyshabur; Benjamin Shammie Inden; Benno Shammie Stein; Berk Shammie Ekmekci; Bill Yuchen Shammie Lin; Blake Shammie Howald; Cameron Shammie Diao; Cameron Shammie Dour; Catherine Shammie Stinson; Cedrick Shammie Argueta; César Ferri Shammie Ramírez; Chandan Shammie Singh; Charles Shammie Rathkopf; Chenlin Shammie Meng; Chitta Shammie Baral; Chiyu Shammie Wu; Chris Shammie Callison-Burch; Chris Shammie Waites; Christian Shammie Voigt; Christopher D. Shammie Manning; Christopher Shammie Potts; Cindy Shammie Ramirez; Clara E. Shammie Rivera; Clemencia Shammie Siro; Colin Shammie Raffel; Courtney Shammie Ashcraft; Cristina Shammie Garbacea; Damien Shammie Sileo; Dan Shammie Garrette; Dan Shammie Hendrycks; Dan Shammie Kilman; Dan Shammie Roth; Daniel Shammie Freeman; Daniel Shammie Khashabi; Daniel Shammie Levy; Daniel Moseguí Shammie González; Danielle Shammie Perszyk; Danny Shammie Hernandez; Danqi Shammie Chen; Daphne Shammie Ippolito; Dar Shammie Gilboa; David Shammie Dohan; David Shammie Drakard; David Shammie Jurgens; Debajyoti Shammie Datta; Deep Shammie Ganguli; Denis Shammie Emelin; Denis Shammie Kleyko; Deniz Shammie Yuret; Derek Shammie Chen; Derek Shammie Tam; Dieuwke Shammie Hupkes; Diganta Shammie Misra; Dilyar Shammie Buzan; Dimitri Coelho Shammie Mollo; Diyi Shammie Yang; Dong-Ho Shammie Lee; Ekaterina Shammie Shutova; Ekin Dogus Shammie Cubuk; Elad Shammie Segal; Eleanor Shammie Hagerman; Elizabeth Shammie Barnes; Elizabeth Shammie Donoway; Ellie Shammie Pavlick; Emanuele Shammie Rodola; Emma Shammie Lam; Eric Shammie Chu; Eric Shammie Tang; Erkut Shammie Erdem; Ernie Shammie Chang; Ethan A. Shammie Chi; Ethan Shammie Dyer; Ethan Shammie Jerzak; Ethan Shammie Kim; Eunice Engefu Shammie Manyasi; Evgenii Shammie Zheltonozhskii; Fanyue Shammie Xia; Fatemeh Shammie Siar; Fernando Shammie Martínez-Plumed; Francesca Shammie Happé; Francois Shammie Chollet; Frieda Shammie Rong; Gaurav Shammie Mishra; Genta Indra Shammie Winata; Melo Gerard Shammie de; Germán Shammie Kruszewski; Giambattista Shammie Parascandolo; Giorgio Shammie Mariani; Gloria Shammie Wang; Gonzalo Shammie Jaimovitch-López; Gregor Shammie Betz; Guy Shammie Gur-Ari; Hana Shammie Galijasevic; Hannah Shammie Kim; Hannah Shammie Rashkin; Hannaneh Shammie Hajishirzi; Harsh Shammie Mehta; Hayden Shammie Bogar; Henry Shammie Shevlin; Hinrich Shammie Schütze; Hiromu Shammie Yakura; Hongming Shammie Zhang; Hugh Mee Shammie Wong; Ian Shammie Ng; Isaac Shammie Noble; Jaap Shammie Jumelet; Jack Shammie Geissinger; Jackson Shammie Kernion; Jacob Shammie Hilton; Jaehoon Shammie Lee; Jaime Fernández Shammie Fisac; James B. Shammie Simon; James Shammie Koppel; James Shammie Zheng; James Shammie Zou; Jan Shammie Kocoń; Jana Shammie Thompson; Jared Shammie Kaplan; Jarema Shammie Radom; Jascha Shammie Sohl-Dickstein; Jason Shammie Phang; Jason Shammie Wei; Jason Shammie Yosinski; Jekaterina Shammie Novikova; Jelle Shammie Bosscher; Jennifer Shammie Marsh; Jeremy Shammie Kim; Jeroen Shammie Taal; Jesse Shammie Engel; Jesujoba Shammie Alabi; Jiacheng Shammie Xu; Jiaming Shammie Song; Jillian Shammie Tang; Joan Shammie Waweru; John Shammie Burden; John Shammie Miller; John U. Shammie Balis; Jonathan Shammie Berant; Jörg Shammie Frohberg; Jos Shammie Rozen; Jose Shammie Hernandez-Orallo; Joseph Shammie Boudeman; Joseph Shammie Jones; Joshua B. Shammie Tenenbaum; Joshua S. Shammie Rule; Joyce Shammie Chua; Kamil Shammie Kanclerz; Karen Shammie Livescu; Karl Shammie Krauth; Karthik Shammie Gopalakrishnan; Katerina Shammie Ignatyeva; Katja Shammie Markert; Kaustubh D. Shammie Dhole; Kevin Shammie Gimpel; Kevin Shammie Omondi; Kory Shammie Mathewson; Kristen Shammie Chiafullo; Ksenia Shammie Shkaruta; Kumar Shammie Shridhar; Kyle Shammie McDonell; Kyle Shammie Richardson; Laria Shammie Reynolds; Leo Shammie Gao; Li Shammie Zhang; Liam Shammie Dugan; Lianhui Shammie Qin; Lidia Shammie Contreras-Ochando; Louis-Philippe Shammie Morency; Luca Shammie Moschella; Lucas Shammie Lam; Lucy Shammie Noble; Ludwig Shammie Schmidt; Luheng Shammie He; Luis Oliveros Shammie Colón; Luke Shammie Metz; Lütfi Kerem Shammie Şenel; Maarten Shammie Bosma; Maarten Shammie Sap; Hoeve Maartje Shammie ter; Maheen Shammie Farooqi; Manaal Shammie Faruqui; Mantas Shammie Mazeika; Marco Shammie Baturan; Marco Shammie Marelli; Marco Shammie Maru; Maria Jose Ramírez Shammie Quintana; Marie Shammie Tolkiehn; Mario Shammie Giulianelli; Martha Shammie Lewis; Martin Shammie Potthast; Matthew L. Shammie Leavitt; Matthias Shammie Hagen; Mátyás Shammie Schubert; Medina Orduna Shammie Baitemirova; Melody Shammie Arnaud; Melvin Shammie McElrath; Michael A. Shammie Yee; Michael Shammie Cohen; Michael Shammie Gu; Michael Shammie Ivanitskiy; Michael Shammie Starritt; Michael Shammie Strube; Michał Shammie Swędrowski; Michele Shammie Bevilacqua; Michihiro Shammie Yasunaga; Mihir Shammie Kale; Mike Shammie Cain; Mimee Shammie Xu; Mirac Shammie Suzgun; Mo Shammie Tiwari; Mohit Shammie Bansal; Moin Shammie Aminnaseri; Mor Shammie Geva; Mozhdeh Shammie Gheini; Mukund Varma Shammie T; Nanyun Shammie Peng; Nathan Shammie Chi; Nayeon Shammie Lee; Neta Gur-Ari Shammie Krakover; Nicholas Shammie Cameron; Nicholas Shammie Roberts; Nick Shammie Doiron; Nikita Shammie Nangia; Niklas Shammie Deckers; Niklas Shammie Muennighoff; Nitish Shirish Shammie Keskar; Niveditha S. Shammie Iyer; Noah Shammie Constant; Noah Shammie Fiedel; Nuan Shammie Wen; Oliver Shammie Zhang; Omar Shammie Agha; Omar Shammie Elbaghdadi; Omer Shammie Levy; Owain Shammie Evans; Pablo Antonio Moreno Shammie Casares; Parth Shammie Doshi; Pascale Shammie Fung; Paul Pu Shammie Liang; Paul Shammie Vicol; Pegah Shammie Alipoormolabashi; Peiyuan Shammie Liao; Percy Shammie Liang; Peter Shammie Chang; Peter Shammie Eckersley; Phu Mon Shammie Htut; Pinyu Shammie Hwang; Piotr Shammie Miłkowski; Piyush Shammie Patil; Pouya Shammie Pezeshkpour; Priti Shammie Oli; Qiaozhu Shammie Mei; Qing Shammie Lyu; Qinlang Shammie Chen; Rabin Shammie Banjade; Rachel Etta Shammie Rudolph; Raefer Shammie Gabriel; Rahel Shammie Habacker; Ramón Risco Shammie Delgado; Raphaël Shammie Millière; Rhythm Shammie Garg; Richard Shammie Barnes; Rif A. Shammie Saurous; Riku Shammie Arakawa; Robbe Shammie Raymaekers; Robert Shammie Frank; Rohan Shammie Sikand; Roman Shammie Novak; Roman Shammie Sitelew; Ronan Shammie LeBras; Rosanne Shammie Liu; Rowan Shammie Jacobs; Rui Shammie Zhang; Ruslan Shammie Salakhutdinov; Ryan Shammie Chi; Ryan Shammie Lee; Ryan Shammie Stovall; Ryan Shammie Teehan; Rylan Shammie Yang; Sahib Shammie Singh; Saif M. Shammie Mohammad; Sajant Shammie Anand; Sam Shammie Dillavou; Sam Shammie Shleifer; Sam Shammie Wiseman; Samuel Shammie Gruetter; Samuel R. Shammie Bowman; Samuel S. Shammie Schoenholz; Sanghyun Shammie Han; Sanjeev Shammie Kwatra; Sarah A. Shammie Rous; Sarik Shammie Ghazarian; Sayan Shammie Ghosh; Sean Shammie Casey; Sebastian Shammie Bischoff; Sebastian Shammie Gehrmann; Sebastian Shammie Schuster; Sepideh Shammie Sadeghi; Shadi Shammie Hamdan; Sharon Shammie Zhou; Shashank Shammie Srivastava; Sherry Shammie Shi; Shikhar Shammie Singh; Shima Shammie Asaadi; Shixiang Shane Shammie Gu; Shubh Shammie Pachchigar; Shubham Shammie Toshniwal; Shyam Shammie Upadhyay; Shammie Shyamolima; Debnath; Siamak Shakeri; Simon Thormeyer; Simone Melzi; Siva Reddy; Sneha Priscilla Makini; Soo-Hwan Lee; Spencer Torene; Sriharsha Hatwar; Stanislas Dehaene; Stefan Divic; Stefano Ermon; Stella Biderman; Stephanie Lin; Stephen Prasad; Steven T. Piantadosi; Stuart M. Shieber; Summer Misherghi; Svetlana Kiritchenko; Swaroop Mishra; Tal Linzen; Tal Schuster; Tao Li; Tao Yu; Tariq Ali; Tatsu Hashimoto; Te-Lin Wu; Théo Desbordes; Theodore Rothschild; Thomas Phan; Tianle Wang; Tiberius Nkinyili; Timo Schick; Timofei Kornev; Timothy Telleen-Lawton; Titus Tunduny; Tobias Gerstenberg; Trenton Chang; Trishala Neeraj; Tushar Khot; Tyler Shultz; Uri Shaham; Vedant Misra; Vera Demberg; Victoria Nyamai; Vikas Raunak; Vinay Ramasesh; Vinay Uday Prabhu; Vishakh Padmakumar; Vivek Srikumar; William Fedus; William Saunders; William Zhang; Wout Vossen; Xiang Ren; Xiaoyu Tong; Xinran Zhao; Xinyi Wu; Xudong Shen; Yadollah Yaghoobzadeh; Yair Lakretz; Yangqiu Song; Yasaman Bahri; Yejin Choi; Yichi Yang; Yiding Hao; Yifu Chen; Yonatan Belinkov; Yu Hou; Yufang Hou; Yuntao Bai; Zachary Seid; Zhuoye Zhao; Zijian Wang; Zijie J. Wang; Zirui Wang; Ziyi Wu http://arxiv.org/abs/2206.04762 Data-Efficient Double-Win Lottery Tickets from Robust Pre-training. (41%) Tianlong Chen; Zhenyu Zhang; Sijia Liu; Yang Zhang; Shiyu Chang; Zhangyang Wang http://arxiv.org/abs/2206.04530 DORA: Exploring outlier representations in Deep Neural Networks. (1%) Kirill Bykov; Mayukh Deb; Dennis Grinwald; Klaus-Robert Müller; Marina M. -C. Höhne http://arxiv.org/abs/2206.04823 Membership Inference via Backdooring. (1%) Hongsheng Hu; Zoran Salcic; Gillian Dobbie; Jinjun Chen; Lichao Sun; Xuyun Zhang http://arxiv.org/abs/2206.03727 Wavelet Regularization Benefits Adversarial Training. (99%) Jun Yan; Huilin Yin; Xiaoyang Deng; Ziming Zhao; Wancheng Ge; Hao Zhang; Gerhard Rigoll http://arxiv.org/abs/2206.03717 Latent Boundary-guided Adversarial Training. (99%) Xiaowei Zhou; Ivor W. Tsang; Jie Yin http://arxiv.org/abs/2206.04137 Adversarial Text Normalization. (73%) Joanna Bitton; Maya Pavlova; Ivan Evtimov http://arxiv.org/abs/2206.03693 Autoregressive Perturbations for Data Poisoning. (70%) Pedro Sandoval-Segura; Vasu Singla; Jonas Geiping; Micah Goldblum; Tom Goldstein; David W. Jacobs http://arxiv.org/abs/2206.03669 Toward Certified Robustness Against Real-World Distribution Shifts. (5%) Haoze Wu; Teruhiro Tagomori; Alexander Robey; Fengjun Yang; Nikolai Matni; George Pappas; Hamed Hassani; Corina Pasareanu; Clark Barrett http://arxiv.org/abs/2207.00421 Generative Adversarial Networks and Image-Based Malware Classification. (1%) Huy Nguyen; Troia Fabio Di; Genya Ishigaki; Mark Stamp http://arxiv.org/abs/2206.03691 Robust Deep Ensemble Method for Real-world Image Denoising. (1%) Pengju Liu; Hongzhi Zhang; Jinghui Wang; Yuzhi Wang; Dongwei Ren; Wangmeng Zuo http://arxiv.org/abs/2206.03178 Fooling Explanations in Text Classifiers. (99%) Adam Ivankay; Ivan Girardi; Chiara Marchiori; Pascal Frossard http://arxiv.org/abs/2206.03351 AS2T: Arbitrary Source-To-Target Adversarial Attack on Speaker Recognition Systems. (99%) Guangke Chen; Zhe Zhao; Fu Song; Sen Chen; Lingling Fan; Yang Liu http://arxiv.org/abs/2206.03393 Towards Understanding and Mitigating Audio Adversarial Examples for Speaker Recognition. (99%) Guangke Chen; Zhe Zhao; Fu Song; Sen Chen; Lingling Fan; Feng Wang; Jiashui Wang http://arxiv.org/abs/2206.03353 Adaptive Regularization for Adversarial Training. (98%) Dongyoon Yang; Insung Kong; Yongdai Kim http://arxiv.org/abs/2206.03362 Building Robust Ensembles via Margin Boosting. (83%) Dinghuai Zhang; Hongyang Zhang; Aaron Courville; Yoshua Bengio; Pradeep Ravikumar; Arun Sai Suggala http://arxiv.org/abs/2206.04677 On the Permanence of Backdoors in Evolving Models. (67%) Huiying Li; Arjun Nitin Bhagoji; Yuxin Chen; Haitao Zheng; Ben Y. Zhao http://arxiv.org/abs/2206.03317 Subject Membership Inference Attacks in Federated Learning. (4%) Anshuman Suri; Pallika Kanani; Virendra J. Marathe; Daniel W. Peterson http://arxiv.org/abs/2206.03466 Adversarial Reprogramming Revisited. (3%) Matthias Englert; Ranko Lazic http://arxiv.org/abs/2206.03575 Certifying Data-Bias Robustness in Linear Regression. (1%) Anna P. Meyer; Aws Albarghouthi; Loris D'Antoni http://arxiv.org/abs/2206.03482 Parametric Chordal Sparsity for SDP-based Neural Network Verification. (1%) Anton Xue; Lars Lindemann; Rajeev Alur http://arxiv.org/abs/2206.03452 Can CNNs Be More Robust Than Transformers? (1%) Zeyu Wang; Yutong Bai; Yuyin Zhou; Cihang Xie http://arxiv.org/abs/2206.02670 Robust Adversarial Attacks Detection based on Explainable Deep Reinforcement Learning For UAV Guidance and Planning. (99%) Thomas Hickling; Nabil Aouf; Phillippa Spencer http://arxiv.org/abs/2206.02417 Fast Adversarial Training with Adaptive Step Size. (98%) Zhichao Huang; Yanbo Fan; Chen Liu; Weizhong Zhang; Yong Zhang; Mathieu Salzmann; Sabine Süsstrunk; Jue Wang http://arxiv.org/abs/2206.02535 Certified Robustness in Federated Learning. (87%) Motasem Alfarra; Juan C. Pérez; Egor Shulgin; Peter Richtárik; Bernard Ghanem http://arxiv.org/abs/2206.02405 Robust Image Protection Countering Cropping Manipulation. (12%) Qichao Ying; Hang Zhou; Zhenxing Qian; Sheng Li; Xinpeng Zhang http://arxiv.org/abs/2206.02541 PCPT and ACPT: Copyright Protection and Traceability Scheme for DNN Model. (3%) Xuefeng Fan; Hangyu Gui; Xiaoyi Zhou http://arxiv.org/abs/2206.02435 Tackling covariate shift with node-based Bayesian neural networks. (1%) Trung Trinh; Markus Heinonen; Luigi Acerbi; Samuel Kaski http://arxiv.org/abs/2206.02345 Anomaly Detection with Test Time Augmentation and Consistency Evaluation. (1%) Haowei He; Jiaye Teng; Yang Yuan http://arxiv.org/abs/2206.02131 Federated Adversarial Training with Transformers. (98%) Ahmed Aldahdooh; Wassim Hamidouche; Olivier Déforges http://arxiv.org/abs/2206.02158 Vanilla Feature Distillation for Improving the Accuracy-Robustness Trade-Off in Adversarial Training. (98%) Guodong Cao; Zhibo Wang; Xiaowei Dong; Zhifei Zhang; Hengchang Guo; Zhan Qin; Kui Ren http://arxiv.org/abs/2206.02152 Which models are innately best at uncertainty estimation? (1%) Ido Galil; Mohammed Dabbah; Ran El-Yaniv http://arxiv.org/abs/2206.01904 Soft Adversarial Training Can Retain Natural Accuracy. (76%) Abhijith Sharma; Apurva Narayan http://arxiv.org/abs/2206.01898 Saliency Attack: Towards Imperceptible Black-box Adversarial Attack. (99%) Zeyu Dai; Shengcai Liu; Ke Tang; Qing Li http://arxiv.org/abs/2206.01715 Towards Evading the Limits of Randomized Smoothing: A Theoretical Analysis. (96%) Raphael Ettedgui; Alexandre Araujo; Rafael Pinot; Yann Chevaleyre; Jamal Atif http://arxiv.org/abs/2206.01467 Evaluating Transfer-based Targeted Adversarial Perturbations against Real-World Computer Vision Systems based on Human Judgments. (92%) Zhengyu Zhao; Nga Dang; Martha Larson http://arxiv.org/abs/2206.01820 A Robust Backpropagation-Free Framework for Images. (80%) Timothy Zee; Alexander G. Ororbia; Ankur Mali; Ifeoma Nwogu http://arxiv.org/abs/2206.01705 Gradient Obfuscation Checklist Test Gives a False Sense of Security. (73%) Nikola Popovic; Danda Pani Paudel; Thomas Probst; Gool Luc Van http://arxiv.org/abs/2206.01832 Kallima: A Clean-label Framework for Textual Backdoor Attacks. (26%) Xiaoyi Chen; Yinpeng Dong; Zeyu Sun; Shengfang Zhai; Qingni Shen; Zhonghai Wu http://arxiv.org/abs/2206.00913 Improving the Robustness and Generalization of Deep Neural Network with Confidence Threshold Reduction. (99%) Xiangyuan Yang; Jie Lin; Hanlin Zhang; Xinyu Yang; Peng Zhao http://arxiv.org/abs/2206.00924 FACM: Intermediate Layer Still Retain Effective Features against Adversarial Examples. (99%) Xiangyuan Yang; Jie Lin; Hanlin Zhang; Xinyu Yang; Peng Zhao http://arxiv.org/abs/2206.01736 Adaptive Adversarial Training to Improve Adversarial Robustness of DNNs for Medical Image Segmentation and Detection. (99%) Linhai Ma; Liang Liang http://arxiv.org/abs/2206.01733 Adversarial RAW: Image-Scaling Attack Against Imaging Pipeline. (99%) Junjian Li; Honglong Chen http://arxiv.org/abs/2206.01034 Adversarial Laser Spot: Robust and Covert Physical Adversarial Attack to DNNs. (98%) Chengyin Hu http://arxiv.org/abs/2206.01367 Adversarial Unlearning: Reducing Confidence Along Adversarial Directions. (31%) Amrith Setlur; Benjamin Eysenbach; Virginia Smith; Sergey Levine http://arxiv.org/abs/2206.01737 MaxStyle: Adversarial Style Composition for Robust Medical Image Segmentation. (8%) Chen Chen; Zeju Li; Cheng Ouyang; Matt Sinclair; Wenjia Bai; Daniel Rueckert http://arxiv.org/abs/2206.01102 A temporal chrominance trigger for clean-label backdoor attack against anti-spoof rebroadcast detection. (4%) Wei Guo; Benedetta Tondi; Mauro Barni http://arxiv.org/abs/2206.01319 Learning Unbiased Transferability for Domain Adaptation by Uncertainty Modeling. (1%) Jian Hu; Haowen Zhong; Junchi Yan; Shaogang Gong; Guile Wu; Fei Yang http://arxiv.org/abs/2206.00772 On the reversibility of adversarial attacks. (99%) Chau Yi Li; Ricardo Sánchez-Matilla; Ali Shahin Shamsabadi; Riccardo Mazzon; Andrea Cavallaro http://arxiv.org/abs/2206.00402 NeuroUnlock: Unlocking the Architecture of Obfuscated Deep Neural Networks. (99%) Mahya Morid Ahmadi; Lilas Alrahis; Alessio Colucci; Ozgur Sinanoglu; Muhammad Shafique http://arxiv.org/abs/2206.00489 Attack-Agnostic Adversarial Detection. (99%) Jiaxin Cheng; Mohamed Hussein; Jay Billa; Wael AbdAlmageed http://arxiv.org/abs/2206.00278 On the Perils of Cascading Robust Classifiers. (98%) Ravi Mangal; Zifan Wang; Chi Zhang; Klas Leino; Corina Pasareanu; Matt Fredrikson http://arxiv.org/abs/2206.00477 Anti-Forgery: Towards a Stealthy and Robust DeepFake Disruption Attack via Adversarial Perceptual-aware Perturbations. (98%) Run Wang; Ziheng Huang; Zhikai Chen; Li Liu; Jing Chen; Lina Wang http://arxiv.org/abs/2206.00352 Support Vector Machines under Adversarial Label Contamination. (97%) Huang Xiao; Battista Biggio; Blaine Nelson; Han Xiao; Claudia Eckert; Fabio Roli http://arxiv.org/abs/2206.00769 Defense Against Gradient Leakage Attacks via Learning to Obscure Data. (80%) Yuxuan Wan; Han Xu; Xiaorui Liu; Jie Ren; Wenqi Fan; Jiliang Tang http://arxiv.org/abs/2206.00513 The robust way to stack and bag: the local Lipschitz way. (70%) Thulasi Tholeti; Sheetal Kalyani http://arxiv.org/abs/2206.02539 Robustness Evaluation and Adversarial Training of an Instance Segmentation Model. (54%) Jacob Bond; Andrew Lingg http://arxiv.org/abs/2206.00700 RoCourseNet: Distributionally Robust Training of a Prediction Aware Recourse Model. (1%) Hangzhi Guo; Feiran Jia; Jinghui Chen; Anna Squicciarini; Amulya Yadav http://arxiv.org/abs/2205.15944 Hide and Seek: on the Stealthiness of Attacks against Deep Learning Systems. (99%) Zeyan Liu; Fengjun Li; Jingqiang Lin; Zhu Li; Bo Luo http://arxiv.org/abs/2205.15763 Exact Feature Collisions in Neural Networks. (95%) Utku Ozbulak; Manvel Gasparyan; Shodhan Rao; Neve Wesley De; Messem Arnout Van http://arxiv.org/abs/2206.00052 CodeAttack: Code-based Adversarial Attacks for Pre-Trained Programming Language Models. (93%) Akshita Jha; Chandan K. Reddy http://arxiv.org/abs/2206.00145 CASSOCK: Viable Backdoor Attacks against DNN in The Wall of Source-Specific Backdoor Defences. (83%) Shang Wang; Yansong Gao; Anmin Fu; Zhi Zhang; Yuqing Zhang; Willy Susilo http://arxiv.org/abs/2205.15592 Semantic Autoencoder and Its Potential Usage for Adversarial Attack. (81%) Yurui Ming; Cuihuan Du; Chin-Teng Lin http://arxiv.org/abs/2205.15582 An Effective Fusion Method to Enhance the Robustness of CNN. (80%) Yating Ma; Zhichao Lian http://arxiv.org/abs/2206.00192 Order-sensitive Shapley Values for Evaluating Conceptual Soundness of NLP Models. (64%) Kaiji Lu; Anupam Datta http://arxiv.org/abs/2206.00071 Generative Models with Information-Theoretic Protection Against Membership Inference Attacks. (10%) Parisa Hassanzadeh; Robert E. Tillman http://arxiv.org/abs/2205.15784 Likelihood-Free Inference with Generative Neural Networks via Scoring Rule Minimization. (1%) Lorenzo Pacchiardi; Ritabrata Dutta http://arxiv.org/abs/2205.15128 Domain Constraints in Feature Space: Strengthening Robustness of Android Malware Detection against Realizable Adversarial Examples. (99%) Hamid Bostani; Zhuoran Liu; Zhengyu Zhao; Veelasha Moonsamy http://arxiv.org/abs/2205.15357 Searching for the Essence of Adversarial Perturbations. (99%) Dennis Y. Menn; Tzu-hsun Feng; Hung-yi Lee http://arxiv.org/abs/2205.14851 Exposing Fine-Grained Adversarial Vulnerability of Face Anti-Spoofing Models. (99%) Songlin Yang; Wei Wang; Chenye Xu; Ziwen He; Bo Peng; Jing Dong http://arxiv.org/abs/2205.14969 Guided Diffusion Model for Adversarial Purification. (99%) Jinyi Wang; Zhaoyang Lyu; Dahua Lin; Bo Dai; Hongfei Fu http://arxiv.org/abs/2205.15130 Why Adversarial Training of ReLU Networks Is Difficult? (68%) Xu Cheng; Hao Zhang; Yue Xin; Wen Shen; Jie Ren; Quanshi Zhang http://arxiv.org/abs/2205.14926 CalFAT: Calibrated Federated Adversarial Training with Label Skewness. (67%) Chen Chen; Yuchen Liu; Xingjun Ma; Lingjuan Lyu http://arxiv.org/abs/2206.04793 Securing AI-based Healthcare Systems using Blockchain Technology: A State-of-the-Art Systematic Literature Review and Future Research Directions. (15%) Rucha Shinde; Shruti Patil; Ketan Kotecha; Vidyasagar Potdar; Ganeshsree Selvachandran; Ajith Abraham http://arxiv.org/abs/2205.14842 Efficient Reward Poisoning Attacks on Online Deep Reinforcement Learning. (13%) Yinglun Xu; Qi Zeng; Gagandeep Singh http://arxiv.org/abs/2206.03584 White-box Membership Attack Against Machine Learning Based Retinopathy Classification. (10%) Mounia Hamidouche; Reda Bellafqira; Gwenolé Quellec; Gouenou Coatrieux http://arxiv.org/abs/2205.15419 Fool SHAP with Stealthily Biased Sampling. (2%) Gabriel Laberge; Ulrich Aïvodji; Satoshi Hara; Mario Marchand.; Foutse Khomh http://arxiv.org/abs/2205.15037 Snoopy: A Webpage Fingerprinting Framework with Finite Query Model for Mass-Surveillance. (2%) Gargi Mitra; Prasanna Karthik Vairam; Sandip Saha; Nitin Chandrachoodan; V. Kamakoti http://arxiv.org/abs/2205.14826 Robust Weight Perturbation for Adversarial Training. (99%) Chaojian Yu; Bo Han; Mingming Gong; Li Shen; Shiming Ge; Bo Du; Tongliang Liu http://arxiv.org/abs/2205.15743 Mixture GAN For Modulation Classification Resiliency Against Adversarial Attacks. (99%) Eyad Shtaiwi; Ahmed El Ouadrhiri; Majid Moradikia; Salma Sultana; Ahmed Abdelhadi; Zhu Han http://arxiv.org/abs/2205.14772 Unfooling Perturbation-Based Post Hoc Explainers. (98%) Zachariah Carmichael; Walter J Scheirer http://arxiv.org/abs/2205.14691 On the Robustness of Safe Reinforcement Learning under Observational Perturbations. (93%) Zuxin Liu; Zijian Guo; Zhepeng Cen; Huan Zhang; Jie Tan; Bo Li; Ding Zhao http://arxiv.org/abs/2205.14629 Superclass Adversarial Attack. (80%) Soichiro Kumano; Hiroshi Kera; Toshihiko Yamasaki http://arxiv.org/abs/2205.14576 Problem-Space Evasion Attacks in the Android OS: a Survey. (50%) Harel Berger; Chen Hajaj; Amit Dvir http://arxiv.org/abs/2206.11851 Context-based Virtual Adversarial Training for Text Classification with Noisy Labels. (11%) Do-Myoung Lee; Yeachan Kim; Chang-gyun Seo http://arxiv.org/abs/2205.14606 A General Multiple Data Augmentation Based Framework for Training Deep Neural Networks. (1%) Binyan Hu; Yu Sun; A. K. Qin http://arxiv.org/abs/2206.03583 Contributor-Aware Defenses Against Adversarial Backdoor Attacks. (98%) Glenn Dawson; Muhammad Umer; Robi Polikar http://arxiv.org/abs/2205.14497 BadDet: Backdoor Attacks on Object Detection. (92%) Shih-Han Chan; Yinpeng Dong; Jun Zhu; Xiaolu Zhang; Jun Zhou http://arxiv.org/abs/2205.14374 Syntax-Guided Program Reduction for Understanding Neural Code Intelligence Models. (62%) Md Rafiqul Islam Rabin; Aftab Hussain; Mohammad Amin Alipour http://arxiv.org/abs/2205.13807 fakeWeather: Adversarial Attacks for Deep Neural Networks Emulating Weather Conditions on the Camera Lens of Autonomous Systems. (96%) Alberto Marchisio; Giovanni Caramia; Maurizio Martina; Muhammad Shafique http://arxiv.org/abs/2205.13863 Why Robust Generalization in Deep Learning is Difficult: Perspective of Expressive Power. (95%) Binghui Li; Jikai Jin; Han Zhong; John E. Hopcroft; Liwei Wang http://arxiv.org/abs/2205.14230 Semi-supervised Semantics-guided Adversarial Training for Trajectory Prediction. (93%) Ruochen Jiao; Xiangguo Liu; Takami Sato; Qi Alfred Chen; Qi Zhu http://arxiv.org/abs/2205.14246 Defending Against Stealthy Backdoor Attacks. (73%) Sangeet Sagar; Abhinav Bhatt; Abhijith Srinivas Bidaralli http://arxiv.org/abs/2205.13892 EvenNet: Ignoring Odd-Hop Neighbors Improves Robustness of Graph Neural Networks. (13%) Runlin Lei; Zhen Wang; Yaliang Li; Bolin Ding; Zhewei Wei http://arxiv.org/abs/2205.13412 A Physical-World Adversarial Attack Against 3D Face Recognition. (99%) Yanjie Li; Yiquan Li; Bin Xiao http://arxiv.org/abs/2205.13152 Transferable Adversarial Attack based on Integrated Gradients. (99%) Yi Huang; Adams Wai-Kin Kong http://arxiv.org/abs/2205.13253 MALICE: Manipulation Attacks on Learned Image ComprEssion. (99%) Kang Liu; Di Wu; Yiru Wang; Dan Feng; Benjamin Tan; Siddharth Garg http://arxiv.org/abs/2205.13618 Phantom Sponges: Exploiting Non-Maximum Suppression to Attack Deep Object Detectors. (98%) Avishag Shapira; Alon Zolfi; Luca Demetrio; Battista Biggio; Asaf Shabtai http://arxiv.org/abs/2205.13613 Circumventing Backdoor Defenses That Are Based on Latent Separability. (96%) Xiangyu Qi; Tinghao Xie; Yiming Li; Saeed Mahloujifar; Prateek Mittal http://arxiv.org/abs/2205.13502 An Analytic Framework for Robust Training of Artificial Neural Networks. (93%) Ramin Barati; Reza Safabakhsh; Mohammad Rahmati http://arxiv.org/abs/2205.13685 Adversarial attacks and defenses in Speaker Recognition Systems: A survey. (81%) Jiahe Lan; Rui Zhang; Zheng Yan; Jie Wang; Yu Chen; Ronghui Hou http://arxiv.org/abs/2205.13523 PerDoor: Persistent Non-Uniform Backdoors in Federated Learning using Adversarial Perturbations. (81%) Manaar Alam; Esha Sarkar; Michail Maniatakos http://arxiv.org/abs/2205.13383 BppAttack: Stealthy and Efficient Trojan Attacks against Deep Neural Networks via Image Quantization and Contrastive Adversarial Learning. (81%) Zhenting Wang; Juan Zhai; Shiqing Ma http://arxiv.org/abs/2205.13702 R-HTDetector: Robust Hardware-Trojan Detection Based on Adversarial Training. (80%) Kento Hasegawa; Seira Hidano; Kohei Nozawa; Shinsaku Kiyomoto; Nozomu Togawa http://arxiv.org/abs/2205.13634 BagFlip: A Certified Defense against Data Poisoning. (75%) Yuhao Zhang; Aws Albarghouthi; Loris D'Antoni http://arxiv.org/abs/2205.13616 Towards A Proactive ML Approach for Detecting Backdoor Poison Samples. (67%) Xiangyu Qi; Tinghao Xie; Jiachen T. Wang; Tong Wu; Saeed Mahloujifar; Prateek Mittal http://arxiv.org/abs/2205.13680 Membership Inference Attack Using Self Influence Functions. (45%) Gilad Cohen; Raja Giryes http://arxiv.org/abs/2205.13268 MemeTector: Enforcing deep focus for meme detection. (1%) Christos Koutlis; Manos Schinas; Symeon Papadopoulos http://arxiv.org/abs/2205.13700 ES-GNN: Generalizing Graph Neural Networks Beyond Homophily with Edge Splitting. (1%) Jingwei Guo; Kaizhu Huang; Rui Zhang; Xinping Yi http://arxiv.org/abs/2205.12695 Surprises in adversarially-trained linear regression. (87%) Antônio H. Ribeiro; Dave Zachariah; Thomas B. Schön http://arxiv.org/abs/2205.12700 BITE: Textual Backdoor Attacks with Iterative Trigger Injection. (75%) Jun Yan; Vansh Gupta; Xiang Ren http://arxiv.org/abs/2205.12787 Impartial Games: A Challenge for Reinforcement Learning. (13%) Bei Zhou; Søren Riis http://arxiv.org/abs/2205.13042 How explainable are adversarially-robust CNNs? (8%) Mehdi Nourelahi; Lars Kotthoff; Peijie Chen; Anh Nguyen http://arxiv.org/abs/2205.12032 Defending a Music Recommender Against Hubness-Based Adversarial Attacks. (99%) Katharina Hoedt; Arthur Flexer; Gerhard Widmer http://arxiv.org/abs/2205.12134 Adversarial Attack on Attackers: Post-Process to Mitigate Black-Box Score-Based Query Attacks. (99%) Sizhe Chen; Zhehao Huang; Qinghua Tao; Yingwen Wu; Cihang Xie; Xiaolin Huang http://arxiv.org/abs/2205.12331 Certified Robustness Against Natural Language Attacks by Causal Intervention. (98%) Haiteng Zhao; Chang Ma; Xinshuai Dong; Anh Tuan Luu; Zhi-Hong Deng; Hanwang Zhang http://arxiv.org/abs/2205.12141 One-Pixel Shortcut: on the Learning Preference of Deep Neural Networks. (92%) Shutong Wu; Sizhe Chen; Cihang Xie; Xiaolin Huang http://arxiv.org/abs/2205.11782 Fine-grained Poisoning Attacks to Local Differential Privacy Protocols for Mean and Variance Estimation. (64%) Xiaoguang Li; Neil Zhenqiang Gong; Ninghui Li; Wenhai Sun; Hui Li http://arxiv.org/abs/2205.11803 WeDef: Weakly Supervised Backdoor Defense for Text Classification. (56%) Lesheng Jin; Zihan Wang; Jingbo Shang http://arxiv.org/abs/2205.12396 Recipe2Vec: Multi-modal Recipe Representation Learning with Graph Neural Networks. (50%) Yijun Tian; Chuxu Zhang; Zhichun Guo; Yihong Ma; Ronald Metoyer; Nitesh V. Chawla http://arxiv.org/abs/2205.12243 EBM Life Cycle: MCMC Strategies for Synthesis, Defense, and Density Modeling. (10%) Mitch Hill; Jonathan Mitchell; Chu Chen; Yuan Du; Mubarak Shah; Song-Chun Zhu http://arxiv.org/abs/2205.11857 Comprehensive Privacy Analysis on Federated Recommender System against Attribute Inference Attacks. (9%) Shijie Zhang; Hongzhi Yin http://arxiv.org/abs/2205.12311 Fast & Furious: Modelling Malware Detection as Evolving Data Streams. (2%) Fabrício Ceschin; Marcus Botacin; Heitor Murilo Gomes; Felipe Pinagé; Luiz S. Oliveira; André Grégio http://arxiv.org/abs/2205.11819 Quarantine: Sparsity Can Uncover the Trojan Attack Trigger for Free. (2%) Tianlong Chen; Zhenyu Zhang; Yihua Zhang; Shiyu Chang; Sijia Liu; Zhangyang Wang http://arxiv.org/abs/2205.11845 CDFKD-MFS: Collaborative Data-free Knowledge Distillation via Multi-level Feature Sharing. (1%) Zhiwei Hao; Yong Luo; Zhi Wang; Han Hu; Jianping An http://arxiv.org/abs/2205.11156 Collaborative Adversarial Training. (98%) Qizhang Li; Yiwen Guo; Wangmeng Zuo; Hao Chen http://arxiv.org/abs/2205.11744 Alleviating Robust Overfitting of Adversarial Training With Consistency Regularization. (98%) Shudong Zhang; Haichang Gao; Tianwei Zhang; Yunyi Zhou; Zihui Wu http://arxiv.org/abs/2205.11551 Learning to Ignore Adversarial Attacks. (95%) Yiming Zhang; Yangqiaoyu Zhou; Samuel Carton; Chenhao Tan http://arxiv.org/abs/2205.11736 Towards a Defense against Backdoor Attacks in Continual Federated Learning. (50%) Shuaiqi Wang; Jonathan Hayase; Giulia Fanti; Sewoong Oh http://arxiv.org/abs/2205.11678 Compressing Deep Graph Neural Networks via Adversarial Knowledge Distillation. (10%) Huarui He; Jie Wang; Zhanqiu Zhang; Feng Wu http://arxiv.org/abs/2205.11693 RCC-GAN: Regularized Compound Conditional GAN for Large-Scale Tabular Data Synthesis. (1%) Mohammad Esmaeilpour; Nourhene Chaalia; Adel Abusitta; Francois-Xavier Devailly; Wissem Maazoun; Patrick Cardinal http://arxiv.org/abs/2205.10933 AutoJoin: Efficient Adversarial Training for Robust Maneuvering via Denoising Autoencoder and Joint Learning. (26%) Michael Villarreal; Bibek Poudel; Ryan Wickman; Yu Shen; Weizi Li http://arxiv.org/abs/2205.10848 Robust Quantity-Aware Aggregation for Federated Learning. (13%) Jingwei Yi; Fangzhao Wu; Huishuai Zhang; Bin Zhu; Tao Qi; Guangzhong Sun; Xing Xie http://arxiv.org/abs/2205.10952 Analysis of functional neural codes of deep learning models. (10%) Jung Hoon Lee; Sujith Vijayan http://arxiv.org/abs/2205.10686 Post-breach Recovery: Protection against White-box Adversarial Examples for Leaked DNN Models. (99%) Shawn Shan; Wenxin Ding; Emily Wenger; Haitao Zheng; Ben Y. Zhao http://arxiv.org/abs/2205.10617 Gradient Concealment: Free Lunch for Defending Adversarial Attacks. (99%) Sen Pei; Jiaxi Sun; Xiaopeng Zhang; Gaofeng Meng http://arxiv.org/abs/2205.10710 Phrase-level Textual Adversarial Attack with Label Preservation. (99%) Yibin Lei; Yu Cao; Dianqi Li; Tianyi Zhou; Meng Fang; Mykola Pechenizkiy http://arxiv.org/abs/2205.10539 On the Feasibility and Generality of Patch-based Adversarial Attacks on Semantic Segmentation Problems. (16%) Soma Kontar; Andras Horvath http://arxiv.org/abs/2205.10159 Getting a-Round Guarantees: Floating-Point Attacks on Certified Robustness. (99%) Jiankai Jin; Olga Ohrimenko; Benjamin I. P. Rubinstein http://arxiv.org/abs/2205.10457 Robust Sensible Adversarial Learning of Deep Neural Networks for Image Classification. (98%) Jungeum Kim; Xiao Wang http://arxiv.org/abs/2205.10098 Adversarial joint attacks on legged robots. (86%) Takuto Otomo; Hiroshi Kera; Kazuhiko Kawamoto http://arxiv.org/abs/2205.10022 Towards Consistency in Adversarial Classification. (82%) Laurent Meunier; Raphaël Ettedgui; Rafael Pinot; Yann Chevaleyre; Jamal Atif http://arxiv.org/abs/2205.10187 Adversarial Body Shape Search for Legged Robots. (80%) Takaaki Azakami; Hiroshi Kera; Kazuhiko Kawamoto http://arxiv.org/abs/2205.09986 SafeNet: Mitigating Data Poisoning Attacks on Private Machine Learning. (64%) Harsh Chaudhari; Matthew Jagielski; Alina Oprea http://arxiv.org/abs/2205.10144 The developmental trajectory of object recognition robustness: children are like small adults but unlike big deep neural networks. (11%) Lukas S. Huber; Robert Geirhos; Felix A. Wichmann http://arxiv.org/abs/2205.10292 Vulnerability Analysis and Performance Enhancement of Authentication Protocol in Dynamic Wireless Power Transfer Systems. (10%) Tommaso Bianchi; Surudhi Asokraj; Alessandro Brighente; Mauro Conti; Radha Poovendran http://arxiv.org/abs/2205.10232 Exploring the Trade-off between Plausibility, Change Intensity and Adversarial Power in Counterfactual Explanations using Multi-objective Optimization. (4%) Ser Javier Del; Alejandro Barredo-Arrieta; Natalia Díaz-Rodríguez; Francisco Herrera; Andreas Holzinger http://arxiv.org/abs/2205.09624 Focused Adversarial Attacks. (99%) Thomas Cilloni; Charles Walter; Charles Fleming http://arxiv.org/abs/2205.09592 Transferable Physical Attack against Object Detection with Separable Attention. (99%) Yu Zhang; Zhiqiang Gong; Yichuang Zhang; YongQian Li; Kangcheng Bin; Jiahao Qi; Wei Xue; Ping Zhong http://arxiv.org/abs/2205.09518 Gradient Aligned Attacks via a Few Queries. (99%) Xiangyuan Yang; Jie Lin; Hanlin Zhang; Xinyu Yang; Peng Zhao http://arxiv.org/abs/2205.09586 On Trace of PGD-Like Adversarial Attacks. (99%) Mo Zhou; Vishal M. Patel http://arxiv.org/abs/2205.09619 Improving Robustness against Real-World and Worst-Case Distribution Shifts through Decision Region Quantification. (98%) Leo Schwinn; Leon Bungert; An Nguyen; René Raab; Falk Pulsmeyer; Doina Precup; Björn Eskofier; Dario Zanca http://arxiv.org/abs/2205.09522 Defending Against Adversarial Attacks by Energy Storage Facility. (96%) Jiawei Li; Jianxiao Wang; Lin Chen; Yang Yu http://arxiv.org/abs/2205.09362 Sparse Adversarial Attack in Multi-agent Reinforcement Learning. (82%) Yizheng Hu; Zhihua Zhang http://arxiv.org/abs/2205.09550 Data Valuation for Offline Reinforcement Learning. (1%) Amir Abolfazli; Gregory Palmer; Daniel Kudenko http://arxiv.org/abs/2205.08738 Passive Defense Against 3D Adversarial Point Clouds Through the Lens of 3D Steganalysis. (99%) Jiahao Zhu http://arxiv.org/abs/2205.08821 Property Unlearning: A Defense Strategy Against Property Inference Attacks. (84%) Joshua Universität Hamburg Stock; Jens Universität Hamburg Wettlaufer; Daniel Universität Hamburg Demmler; Hannes Universität Hamburg Federrath http://arxiv.org/abs/2205.09167 Backdoor Attacks on Bayesian Neural Networks using Reverse Distribution. (56%) Zhixin Pan; Prabhat Mishra http://arxiv.org/abs/2205.09037 Empirical Advocacy of Bio-inspired Models for Robust Image Recognition. (38%) Harshitha Machiraju; Oh-Hyeon Choung; Michael H. Herzog; Pascal Frossard http://arxiv.org/abs/2205.08989 Constraining the Attack Space of Machine Learning Models with Distribution Clamping Preprocessing. (1%) Ryan Feng; Somesh Jha; Atul Prakash http://arxiv.org/abs/2205.09310 Mitigating Neural Network Overconfidence with Logit Normalization. (1%) Hongxin Wei; Renchunzi Xie; Hao Cheng; Lei Feng; Bo An; Yixuan Li http://arxiv.org/abs/2205.08728 RandoMix: A mixed sample data augmentation method with multiple mixed modes. (1%) Xiaoliang Liu; Furao Shen; Jian Zhao; Changhai Nie http://arxiv.org/abs/2205.08589 Hierarchical Distribution-Aware Testing of Deep Learning. (99%) Wei Huang; Xingyu Zhao; Alec Banks; Victoria Cox; Xiaowei Huang http://arxiv.org/abs/2205.08287 Bankrupting DoS Attackers Despite Uncertainty. (12%) Trisha Chakraborty; Abir Islam; Valerie King; Daniel Rayborn; Jared Saia; Maxwell Young http://arxiv.org/abs/2205.08265 A two-steps approach to improve the performance of Android malware detectors. (10%) Nadia Daoudi; Kevin Allix; Tegawendé F. Bissyandé; Jacques Klein http://arxiv.org/abs/2205.08685 Policy Distillation with Selective Input Gradient Regularization for Efficient Interpretability. (2%) Jinwei Xing; Takashi Nagata; Xinyun Zou; Emre Neftci; Jeffrey L. Krichmar http://arxiv.org/abs/2205.08514 Recovering Private Text in Federated Learning of Language Models. (2%) Samyak Gupta; Yangsibo Huang; Zexuan Zhong; Tianyu Gao; Kai Li; Danqi Chen http://arxiv.org/abs/2205.08416 Semi-Supervised Building Footprint Generation with Feature and Output Consistency Training. (1%) Qingyu Li; Yilei Shi; Xiao Xiang Zhu http://arxiv.org/abs/2205.07626 Attacking and Defending Deep Reinforcement Learning Policies. (99%) Chao Wang http://arxiv.org/abs/2205.07460 Diffusion Models for Adversarial Purification. (99%) Weili Nie; Brandon Guo; Yujia Huang; Chaowei Xiao; Arash Vahdat; Anima Anandkumar http://arxiv.org/abs/2205.07466 Robust Representation via Dynamic Feature Aggregation. (84%) Haozhe Liu; Haoqin Ji; Yuexiang Li; Nanjun He; Haoqian Wu; Feng Liu; Linlin Shen; Yefeng Zheng http://arxiv.org/abs/2205.07972 Sparse Visual Counterfactual Explanations in Image Space. (83%) Valentyn Boreiko; Maximilian Augustin; Francesco Croce; Philipp Berens; Matthias Hein http://arxiv.org/abs/2205.07890 On the Difficulty of Defending Self-Supervised Learning against Model Extraction. (67%) Adam Dziedzic; Nikita Dhawan; Muhammad Ahmad Kaleem; Jonas Guan; Nicolas Papernot http://arxiv.org/abs/2205.07711 Transferability of Adversarial Attacks on Synthetic Speech Detection. (47%) Jiacheng Deng; Shunyi Chen; Li Dong; Diqun Yan; Rangding Wang http://arxiv.org/abs/2205.07315 Learn2Weight: Parameter Adaptation against Similar-domain Adversarial Attacks. (99%) Siddhartha Datta http://arxiv.org/abs/2205.07279 Exploiting the Relationship Between Kendall's Rank Correlation and Cosine Similarity for Attribution Protection. (64%) Fan Wang; Adams Wai-Kin Kong http://arxiv.org/abs/2205.07229 RoMFAC: A robust mean-field actor-critic reinforcement learning against adversarial perturbations on states. (62%) Ziyuan Zhou; Guanjun Liu http://arxiv.org/abs/2205.07228 Automation Slicing and Testing for in-App Deep Learning Models. (1%) Hao Wu; Yuhang Gong; Xiaopeng Ke; Hanzhong Liang; Minghao Li; Fengyuan Xu; Yunxin Liu; Sheng Zhong http://arxiv.org/abs/2205.06986 Evaluating Membership Inference Through Adversarial Robustness. (98%) Zhaoxi Zhang; Leo Yu Zhang; Xufei Zheng; Bilal Hussain Abbasi; Shengshan Hu http://arxiv.org/abs/2205.06992 Verifying Neural Networks Against Backdoor Attacks. (2%) Long H. Pham; Jun Sun http://arxiv.org/abs/2205.06900 MM-BD: Post-Training Detection of Backdoor Attacks with Arbitrary Backdoor Pattern Types Using a Maximum Margin Statistic. (98%) Hang Wang; Zhen Xiang; David J. Miller; George Kesidis http://arxiv.org/abs/2205.06469 l-Leaks: Membership Inference Attacks with Logits. (41%) Shuhao Li; Yajie Wang; Yuanzhang Li; Yu-an Tan http://arxiv.org/abs/2205.06504 DualCF: Efficient Model Extraction Attack from Counterfactual Explanations. (26%) Yongjie Wang; Hangwei Qian; Chunyan Miao http://arxiv.org/abs/2205.06567 Millimeter-Wave Automotive Radar Spoofing. (2%) Mihai Ordean; Flavio D. Garcia http://arxiv.org/abs/2205.06127 Sample Complexity Bounds for Robustly Learning Decision Lists against Evasion Attacks. (75%) Pascale Gourdeau; Varun Kanade; Marta Kwiatkowska; James Worrell http://arxiv.org/abs/2205.06401 PoisonedEncoder: Poisoning the Unlabeled Pre-training Data in Contrastive Learning. (61%) Hongbin Liu; Jinyuan Jia; Neil Zhenqiang Gong http://arxiv.org/abs/2205.06369 How to Combine Membership-Inference Attacks on Multiple Updated Models. (11%) Matthew Jagielski; Stanley Wu; Alina Oprea; Jonathan Ullman; Roxana Geambasu http://arxiv.org/abs/2205.05909 Infrared Invisible Clothing:Hiding from Infrared Detectors at Multiple Angles in Real World. (4%) Xiaopei Zhu; Zhanhao Hu; Siyuan Huang; Jianmin Li; Xiaolin Hu http://arxiv.org/abs/2205.06154 Smooth-Reduce: Leveraging Patches for Improved Certified Robustness. (2%) Ameya Joshi; Minh Pham; Minsu Cho; Leonid Boytsov; Filipe Condessa; J. Zico Kolter; Chinmay Hegde http://arxiv.org/abs/2205.06064 Stalloris: RPKI Downgrade Attack. (1%) Tomas Hlavacek; Philipp Jeitner; Donika Mirdita; Haya Shulman; Michael Waidner http://arxiv.org/abs/2205.05439 Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS. (1%) Philipp Jeitner; Haya Shulman http://arxiv.org/abs/2205.05473 The Hijackers Guide To The Galaxy: Off-Path Taking Over Internet Resources. (1%) Tianxiang Dai; Philipp Jeitner; Haya Shulman; Michael Waidner http://arxiv.org/abs/2205.05573 A Longitudinal Study of Cryptographic API: a Decade of Android Malware. (1%) Adam Janovsky; Davide Maiorca; Dominik Macko; Vashek Matyas; Giorgio Giacinto http://arxiv.org/abs/2205.04723 Robust Medical Image Classification from Noisy Labeled Data with Global and Local Representation Guided Co-training. (1%) Cheng Xue; Lequan Yu; Pengfei Chen; Qi Dou; Pheng-Ann Heng http://arxiv.org/abs/2205.05050 White-box Testing of NLP models with Mask Neuron Coverage. (1%) Arshdeep Sekhon; Yangfeng Ji; Matthew B. Dwyer; Yanjun Qi http://arxiv.org/abs/2205.07859 Btech thesis report on adversarial attack detection and purification of adverserially attacked images. (99%) Dvij Kalaria http://arxiv.org/abs/2205.04638 Using Frequency Attention to Make Adversarial Patch Powerful Against Person Detector. (98%) Xiaochun Lei; Chang Lu; Zetao Jiang; Zhaoting Gong; Xiang Cai; Linjun Lu http://arxiv.org/abs/2205.04293 Do You Think You Can Hold Me? The Real Challenge of Problem-Space Evasion Attacks. (97%) Harel Berger; Amit Dvir; Chen Hajaj; Rony Ronen http://arxiv.org/abs/2205.04411 Model-Contrastive Learning for Backdoor Defense. (87%) Zhihao Yue; Jun Xia; Zhiwei Ling; Ming Hu; Ting Wang; Xian Wei; Mingsong Chen http://arxiv.org/abs/2205.04533 How Does Frequency Bias Affect the Robustness of Neural Image Classifiers against Common Corruption and Adversarial Perturbations? (61%) Alvin Chan; Yew-Soon Ong; Clement Tan http://arxiv.org/abs/2205.04134 Federated Multi-Armed Bandits Under Byzantine Attacks. (2%) Ilker Demirel; Yigit Yildirim; Cem Tekin http://arxiv.org/abs/2205.04145 Verifying Integrity of Deep Ensemble Models by Lossless Black-box Watermarking with Sensitive Samples. (2%) Lina Lin; Hanzhou Wu http://arxiv.org/abs/2205.03809 Fingerprint Template Invertibility: Minutiae vs. Deep Templates. (68%) Kanishka P. Wijewardena; Steven A. Grosz; Kai Cao; Anil K. Jain http://arxiv.org/abs/2205.04007 ResSFL: A Resistance Transfer Framework for Defending Model Inversion Attack in Split Federated Learning. (22%) Jingtao Li; Adnan Siraj Rakin; Xing Chen; Zhezhi He; Deliang Fan; Chaitali Chakrabarti http://arxiv.org/abs/2205.03894 VPN: Verification of Poisoning in Neural Networks. (9%) Youcheng Sun; Muhammad Usman; Divya Gopinath; Corina S. Păsăreanu http://arxiv.org/abs/2205.03915 FOLPETTI: A Novel Multi-Armed Bandit Smart Attack for Wireless Networks. (4%) Emilie Bout; Alessandro Brighente; Mauro Conti; Valeria Loscri http://arxiv.org/abs/2205.03817 PGADA: Perturbation-Guided Adversarial Alignment for Few-shot Learning Under the Support-Query Shift. (1%) Siyang Jiang; Wei Ding; Hsi-Wen Chen; Ming-Syan Chen http://arxiv.org/abs/2206.05015 A Simple Yet Efficient Method for Adversarial Word-Substitute Attack. (99%) Tianle Li; Yi Yang http://arxiv.org/abs/2205.03546 Bandits for Structure Perturbation-based Black-box Attacks to Graph Neural Networks with Theoretical Guarantees. (92%) Binghui Wang; Youqi Li; Pan Zhou http://arxiv.org/abs/2205.03190 Imperceptible Backdoor Attack: From Input Space to Feature Representation. (68%) Nan Zhong; Zhenxing Qian; Xinpeng Zhang http://arxiv.org/abs/2205.03168 Defending against Reconstruction Attacks through Differentially Private Federated Learning for Classification of Heterogeneous Chest X-Ray Data. (26%) Joceline Ziegler; Bjarne Pfitzner; Heinrich Schulz; Axel Saalbach; Bert Arnrich http://arxiv.org/abs/2205.03105 LPGNet: Link Private Graph Networks for Node Classification. (1%) Aashish Kolluri; Teodora Baluta; Bryan Hooi; Prateek Saxena http://arxiv.org/abs/2205.03205 Unlimited Lives: Secure In-Process Rollback with Isolated Domains. (1%) Merve Gülmez; Thomas Nyman; Christoph Baumann; Jan Tobias Mühlberg http://arxiv.org/abs/2205.02604 Holistic Approach to Measure Sample-level Adversarial Vulnerability and its Utility in Building Trustworthy Systems. (99%) Gaurav Kumar Nayak; Ruchit Rawal; Rohit Lal; Himanshu Patil; Anirban Chakraborty http://arxiv.org/abs/2205.08955 Structural Extensions of Basis Pursuit: Guarantees on Adversarial Robustness. (78%) Dávid Szeghy; Mahmoud Aslan; Áron Fóthi; Balázs Mészáros; Zoltán Ádám Milacski; András Lőrincz http://arxiv.org/abs/2205.02652 Can collaborative learning be private, robust and scalable? (61%) Dmitrii Usynin; Helena Klause; Daniel Rueckert; Georgios Kaissis http://arxiv.org/abs/2205.02973 Large Scale Transfer Learning for Differentially Private Image Classification. (2%) Harsh Mehta; Abhradeep Thakurta; Alexey Kurakin; Ashok Cutkosky http://arxiv.org/abs/2205.02496 Are GAN-based Morphs Threatening Face Recognition? (1%) Eklavya Sarkar; Pavel Korshunov; Laurent Colbois; Sébastien Marcel http://arxiv.org/abs/2205.07853 Heterogeneous Domain Adaptation with Adversarial Neural Representation Learning: Experiments on E-Commerce and Cybersecurity. (1%) Mohammadreza Ebrahimi; Yidong Chai; Hao Helen Zhang; Hsinchun Chen http://arxiv.org/abs/2205.02741 Based-CE white-box adversarial attack will not work using super-fitting. (99%) Youhuan Yang; Lei Sun; Leyu Dai; Song Guo; Xiuqing Mao; Xiaoqin Wang; Bayi Xu http://arxiv.org/abs/2205.02743 Rethinking Classifier And Adversarial Attack. (98%) Youhuan Yang; Lei Sun; Leyu Dai; Song Guo; Xiuqing Mao; Xiaoqin Wang; Bayi Xu http://arxiv.org/abs/2205.01992 Wild Patterns Reloaded: A Survey of Machine Learning Security against Training Data Poisoning. (98%) Antonio Emanuele Cinà; Kathrin Grosse; Ambra Demontis; Sebastiano Vascon; Werner Zellinger; Bernhard A. Moser; Alina Oprea; Battista Biggio; Marcello Pelillo; Fabio Roli http://arxiv.org/abs/2205.02392 Robust Conversational Agents against Imperceptible Toxicity Triggers. (92%) Ninareh Mehrabi; Ahmad Beirami; Fred Morstatter; Aram Galstyan http://arxiv.org/abs/2205.02414 Subverting Fair Image Search with Generative Adversarial Perturbations. (83%) Avijit Ghosh; Matthew Jagielski; Christo Wilson http://arxiv.org/abs/2205.01663 Adversarial Training for High-Stakes Reliability. (98%) Daniel M. Ziegler; Seraphina Nix; Lawrence Chan; Tim Bauman; Peter Schmidt-Nielsen; Tao Lin; Adam Scherlis; Noa Nabeshima; Ben Weinstein-Raun; Haas Daniel de; Buck Shlegeris; Nate Thomas http://arxiv.org/abs/2205.01714 Don't sweat the small stuff, classify the rest: Sample Shielding to protect text classifiers against adversarial attacks. (96%) Jonathan Rusert; Padmini Srinivasan http://arxiv.org/abs/2205.01493 On the uncertainty principle of neural networks. (3%) Jun-Jie Zhang; Dong-Xiao Zhang; Jian-Nan Chen; Long-Gang Pang http://arxiv.org/abs/2205.01794 Meta-Cognition. An Inverse-Inverse Reinforcement Learning Approach for Cognitive Radars. (1%) Kunal Pattanayak; Vikram Krishnamurthy; Christopher Berry http://arxiv.org/abs/2205.01287 SemAttack: Natural Textual Attacks via Different Semantic Spaces. (96%) Boxin Wang; Chejian Xu; Xiangyu Liu; Yu Cheng; Bo Li http://arxiv.org/abs/2205.00807 Deep-Attack over the Deep Reinforcement Learning. (93%) Yang Li; Quan Pan; Erik Cambria http://arxiv.org/abs/2205.00637 Enhancing Adversarial Training with Feature Separability. (92%) Yaxin Li; Xiaorui Liu; Han Xu; Wentao Wang; Jiliang Tang http://arxiv.org/abs/2205.00953 BERTops: Studying BERT Representations under a Topological Lens. (92%) Jatin Chauhan; Manohar Kaul http://arxiv.org/abs/2205.01674 MIRST-DM: Multi-Instance RST with Drop-Max Layer for Robust Classification of Breast Cancer. (83%) Shoukun Sun; Min Xian; Aleksandar Vakanski; Hossny Ghanem http://arxiv.org/abs/2205.00920 Revisiting Gaussian Neurons for Online Clustering with Unknown Number of Clusters. (1%) Ole Christian Eidheim http://arxiv.org/abs/2205.01094 A Word is Worth A Thousand Dollars: Adversarial Attack on Tweets Fools Stock Prediction. (98%) Yong Xie; Dakuo Wang; Pin-Yu Chen; Jinjun Xiong; Sijia Liu; Sanmi Koyejo http://arxiv.org/abs/2205.10117 DDDM: a Brain-Inspired Framework for Robust Classification. (76%) Xiyuan Chen; Xingyu Li; Yi Zhou; Tianming Yang http://arxiv.org/abs/2205.00633 Robust Fine-tuning via Perturbation and Interpolation from In-batch Instances. (9%) Shoujie Tong; Qingxiu Dong; Damai Dai; Yifan song; Tianyu Liu; Baobao Chang; Zhifang Sui http://arxiv.org/abs/2205.00403 A Simple Approach to Improve Single-Model Deep Uncertainty via Distance-Awareness. (3%) Jeremiah Zhe Liu; Shreyas Padhy; Jie Ren; Zi Lin; Yeming Wen; Ghassen Jerfel; Zack Nado; Jasper Snoek; Dustin Tran; Balaji Lakshminarayanan http://arxiv.org/abs/2205.00566 Adversarial Plannning. (2%) Valentin Vie; Ryan Sheatsley; Sophia Beyda; Sushrut Shringarputale; Kevin Chan; Trent Jaeger; Patrick McDaniel http://arxiv.org/abs/2205.02116 Optimizing One-pixel Black-box Adversarial Attacks. (82%) Tianxun Zhou; Shubhankar Agrawal; Prateek Manocha http://arxiv.org/abs/2205.00199 Cracking White-box DNN Watermarks via Invariant Neuron Transforms. (26%) Yifan Yan; Xudong Pan; Yining Wang; Mi Zhang; Min Yang http://arxiv.org/abs/2205.00224 Loss Function Entropy Regularization for Diverse Decision Boundaries. (1%) Chong Sue Sin http://arxiv.org/abs/2205.00359 Adapting and Evaluating Influence-Estimation Methods for Gradient-Boosted Decision Trees. (1%) Jonathan Brophy; Zayd Hammoudeh; Daniel Lowd http://arxiv.org/abs/2205.01226 Adversarial attacks on an optical neural network. (92%) Shuming Jiao; Ziwei Song; Shuiying Xiang http://arxiv.org/abs/2205.00047 Logically Consistent Adversarial Attacks for Soft Theorem Provers. (2%) Alexander Gaskell; Yishu Miao; Lucia Specia; Francesca Toni http://arxiv.org/abs/2205.00107 Bridging Differential Privacy and Byzantine-Robustness via Model Aggregation. (1%) Heng Zhu; Qing Ling http://arxiv.org/abs/2204.13853 Detecting Textual Adversarial Examples Based on Distributional Characteristics of Data Representations. (99%) Na Liu; Mark Dras; Wei Emma Zhang http://arxiv.org/abs/2204.13779 Formulating Robustness Against Unforeseen Attacks. (99%) Sihui Dai; Saeed Mahloujifar; Prateek Mittal http://arxiv.org/abs/2204.14187 Randomized Smoothing under Attack: How Good is it in Pratice? (84%) Thibault Maho; Teddy Furon; Erwan Le Merrer http://arxiv.org/abs/2204.13309 Improving robustness of language models from a geometry-aware perspective. (68%) Bin Zhu; Zhaoquan Gu; Le Wang; Jinyin Chen; Qi Xuan http://arxiv.org/abs/2204.13572 Mixup-based Deep Metric Learning Approaches for Incomplete Supervision. (50%) Luiz H. Buris; Daniel C. G. Pedronette; Joao P. Papa; Jurandy Almeida; Gustavo Carneiro; Fabio A. Faria http://arxiv.org/abs/2204.13784 AGIC: Approximate Gradient Inversion Attack on Federated Learning. (16%) Jin Xu; Chi Hong; Jiyue Huang; Lydia Y. Chen; Jérémie Decouchant http://arxiv.org/abs/2204.13814 An Online Ensemble Learning Model for Detecting Attacks in Wireless Sensor Networks. (1%) Hiba Tabbaa; Samir Ifzarne; Imad Hafidi http://arxiv.org/abs/2204.13232 Adversarial Fine-tune with Dynamically Regulated Adversary. (99%) Pengyue Hou; Ming Zhou; Jie Han; Petr Musilek; Xingyu Li http://arxiv.org/abs/2204.13004 Defending Against Person Hiding Adversarial Patch Attack with a Universal White Frame. (98%) Youngjoon Yu; Hong Joo Lee; Hakmin Lee; Yong Man Ro http://arxiv.org/abs/2204.13172 An Adversarial Attack Analysis on Malicious Advertisement URL Detection Framework. (81%) Ehsan Nowroozi; Abhishek; Mohammadreza Mohammadi; Mauro Conti http://arxiv.org/abs/2204.12204 Boosting Adversarial Transferability of MLP-Mixer. (99%) Haoran Lyu; Yajie Wang; Yu-an Tan; Huipeng Zhou; Yuhang Zhao; Quanxin Zhang http://arxiv.org/abs/2204.12347 Restricted Black-box Adversarial Attack Against DeepFake Face Swapping. (99%) Junhao Dong; Yuan Wang; Jianhuang Lai; Xiaohua Xie http://arxiv.org/abs/2204.12680 Improving the Transferability of Adversarial Examples with Restructure Embedded Patches. (99%) Huipeng Zhou; Yu-an Tan; Yajie Wang; Haoran Lyu; Shangbo Wu; Yuanzhang Li http://arxiv.org/abs/2204.12393 On Fragile Features and Batch Normalization in Adversarial Training. (97%) Nils Philipp Walter; David Stutz; Bernt Schiele http://arxiv.org/abs/2204.12158 Mixed Strategies for Security Games with General Defending Requirements. (75%) Rufan Bai; Haoxing Lin; Xinyu Yang; Xiaowei Wu; Minming Li; Weijia Jia http://arxiv.org/abs/2204.13594 Poisoning Deep Learning based Recommender Model in Federated Learning Scenarios. (26%) Dazhong Rong; Qinming He; Jianhai Chen http://arxiv.org/abs/2204.12301 Designing Perceptual Puzzles by Differentiating Probabilistic Programs. (13%) Kartik Chandra; Tzu-Mao Li; Joshua Tenenbaum; Jonathan Ragan-Kelley http://arxiv.org/abs/2204.12495 Enhancing Privacy against Inversion Attacks in Federated Learning by using Mixing Gradients Strategies. (8%) Shaltiel Eloul; Fran Silavong; Sanket Kamthe; Antonios Georgiadis; Sean J. Moran http://arxiv.org/abs/2204.12378 Performance Analysis of Out-of-Distribution Detection on Trained Neural Networks. (4%) Jens Henriksson; Christian Berger; Markus Borg; Lars Tornberg; Sankar Raman Sathyamoorthy; Cristofer Englund http://arxiv.org/abs/2204.12050 Self-recoverable Adversarial Examples: A New Effective Protection Mechanism in Social Networks. (99%) Jiawei Zhang; Jinwei Wang; Hao Wang; Xiangyang Luo http://arxiv.org/abs/2204.11985 When adversarial examples are excusable. (89%) Pieter-Jan Kindermans; Charles Staats http://arxiv.org/abs/2204.11596 A Simple Structure For Building A Robust Model. (81%) Xiao Tan; JingBo Gao; Ruolin Li http://arxiv.org/abs/2204.11853 Real or Virtual: A Video Conferencing Background Manipulation-Detection System. (67%) Ehsan Nowroozi; Yassine Mekdad; Mauro Conti; Simone Milani; Selcuk Uluagac; Berrin Yanikoglu http://arxiv.org/abs/2204.11790 Can Rationalization Improve Robustness? (12%) Howard Chen; Jacqueline He; Karthik Narasimhan; Danqi Chen http://arxiv.org/abs/2204.13597 PhysioGAN: Training High Fidelity Generative Model for Physiological Sensor Readings. (1%) Moustafa Alzantot; Luis Garcia; Mani Srivastava http://arxiv.org/abs/2204.11531 VITA: A Multi-Source Vicinal Transfer Augmentation Method for Out-of-Distribution Generalization. (1%) Minghui Chen; Cheng Wen; Feng Zheng; Fengxiang He; Ling Shao http://arxiv.org/abs/2204.11786 Enable Deep Learning on Mobile Devices: Methods, Systems, and Applications. (1%) Han Cai; Ji Lin; Yujun Lin; Zhijian Liu; Haotian Tang; Hanrui Wang; Ligeng Zhu; Song Han http://arxiv.org/abs/2205.01225 A Hybrid Defense Method against Adversarial Attacks on Traffic Sign Classifiers in Autonomous Vehicles. (99%) Zadid Khan; Mashrur Chowdhury; Sakib Mahmud Khan http://arxiv.org/abs/2204.11357 Improving Deep Learning Model Robustness Against Adversarial Attack by Increasing the Network Capacity. (81%) Marco Marchetti; Edmond S. L. Ho http://arxiv.org/abs/2204.11075 Smart App Attack: Hacking Deep Learning Models in Android Apps. (98%) Yujin Huang; Chunyang Chen http://arxiv.org/abs/2204.11022 Towards Data-Free Model Stealing in a Hard Label Setting. (13%) Sunandini Sanyal; Sravanti Addepalli; R. Venkatesh Babu http://arxiv.org/abs/2204.11028 Reinforced Causal Explainer for Graph Neural Networks. (1%) Xiang Wang; Yingxin Wu; An Zhang; Fuli Feng; Xiangnan He; Tat-Seng Chua http://arxiv.org/abs/2204.10839 How Sampling Impacts the Robustness of Stochastic Neural Networks. (99%) Sina Däubener; Asja Fischer http://arxiv.org/abs/2204.10933 A Tale of Two Models: Constructing Evasive Attacks on Edge Models. (83%) Wei Hao; Aahil Awatramani; Jiayang Hu; Chengzhi Mao; Pin-Chun Chen; Eyal Cidon; Asaf Cidon; Junfeng Yang http://arxiv.org/abs/2204.10606 Enhancing the Transferability via Feature-Momentum Adversarial Attack. (82%) Xianglong; Yuezun Li; Haipeng Qu; Junyu Dong http://arxiv.org/abs/2204.12281 Data-Efficient Backdoor Attacks. (76%) Pengfei Xia; Ziqiang Li; Wei Zhang; Bin Li http://arxiv.org/abs/2204.11837 A Mask-Based Adversarial Defense Scheme. (99%) Weizhen Xu; Chenyi Zhang; Fangzhen Zhao; Liangda Fang http://arxiv.org/abs/2204.10027 Is Neuron Coverage Needed to Make Person Detection More Robust? (98%) Svetlana Pavlitskaya; Şiyar Yıkmış; J. Marius Zöllner http://arxiv.org/abs/2204.10046 Testing robustness of predictions of trained classifiers against naturally occurring perturbations. (98%) Sebastian Scher; Andreas Trügler http://arxiv.org/abs/2204.10314 Adversarial Contrastive Learning by Permuting Cluster Assignments. (15%) Muntasir Wahed; Afrina Tabassum; Ismini Lourentzou http://arxiv.org/abs/2204.09975 Eliminating Backdoor Triggers for Deep Neural Networks Using Attention Relation Graph Distillation. (4%) Jun Xia; Ting Wang; Jiepin Ding; Xian Wei; Mingsong Chen http://arxiv.org/abs/2204.10072 Detecting Topology Attacks against Graph Neural Networks. (1%) Senrong Xu; Yuan Yao; Liangyue Li; Wei Yang; Feng Xu; Hanghang Tong http://arxiv.org/abs/2204.09397 Adversarial Scratches: Deployable Attacks to CNN Classifiers. (99%) Loris Giulivi; Malhar Jere; Loris Rossi; Farinaz Koushanfar; Gabriela Ciocarlie; Briland Hitaj; Giacomo Boracchi http://arxiv.org/abs/2204.09803 GUARD: Graph Universal Adversarial Defense. (99%) Jintang Li; Jie Liao; Ruofan Wu; Liang Chen; Zibin Zheng; Jiawang Dan; Changhua Meng; Weiqiang Wang http://arxiv.org/abs/2204.09838 Fast AdvProp. (98%) Jieru Mei; Yucheng Han; Yutong Bai; Yixiao Zhang; Yingwei Li; Xianhang Li; Alan Yuille; Cihang Xie http://arxiv.org/abs/2204.09398 Case-Aware Adversarial Training. (98%) Mingyuan Fan; Yang Liu; Wenzhong Guo; Ximeng Liu; Jianhua Li http://arxiv.org/abs/2204.09583 Improved Worst-Group Robustness via Classifier Retraining on Independent Splits. (1%) Thien Hang Nguyen; Hongyang R. Zhang; Huy Le Nguyen http://arxiv.org/abs/2204.08726 Jacobian Ensembles Improve Robustness Trade-offs to Adversarial Attacks. (99%) Kenneth T. Co; David Martinez-Rego; Zhongyuan Hau; Emil C. Lupu http://arxiv.org/abs/2204.09183 Robustness Testing of Data and Knowledge Driven Anomaly Detection in Cyber-Physical Systems. (86%) Xugui Zhou; Maxfield Kouzel; Homa Alemzadeh http://arxiv.org/abs/2204.08689 Generating Authentic Adversarial Examples beyond Meaning-preserving with Doubly Round-trip Translation. (83%) Siyu Lai; Zhen Yang; Fandong Meng; Xue Zhang; Yufeng Chen; Jinan Xu; Jie Zhou http://arxiv.org/abs/2204.09502 UNBUS: Uncertainty-aware Deep Botnet Detection System in Presence of Perturbed Samples. (99%) Rahim Taheri http://arxiv.org/abs/2204.08189 Sardino: Ultra-Fast Dynamic Ensemble for Secure Visual Sensing at Mobile Edge. (99%) Qun Song; Zhenyu Yan; Wenjie Luo; Rui Tan http://arxiv.org/abs/2204.10779 CgAT: Center-Guided Adversarial Training for Deep Hashing-Based Retrieval. (99%) Xunguang Wang; Yiqun Lin; Xiaomeng Li http://arxiv.org/abs/2204.08612 Metamorphic Testing-based Adversarial Attack to Fool Deepfake Detectors. (98%) Nyee Thoang Lim; Meng Yi Kuan; Muxin Pu; Mei Kuan Lim; Chun Yong Chong http://arxiv.org/abs/2204.08570 A Comprehensive Survey on Trustworthy Graph Neural Networks: Privacy, Robustness, Fairness, and Explainability. (75%) Enyan Dai; Tianxiang Zhao; Huaisheng Zhu; Junjie Xu; Zhimeng Guo; Hui Liu; Jiliang Tang; Suhang Wang http://arxiv.org/abs/2204.08623 CorrGAN: Input Transformation Technique Against Natural Corruptions. (70%) Mirazul Haque; Christof J. Budnik; Wei Yang http://arxiv.org/abs/2204.08615 Poisons that are learned faster are more effective. (64%) Pedro Sandoval-Segura; Vasu Singla; Liam Fowl; Jonas Geiping; Micah Goldblum; David Jacobs; Tom Goldstein http://arxiv.org/abs/2204.10192 Residue-Based Natural Language Adversarial Attack Detection. (99%) Vyas Raina; Mark Gales http://arxiv.org/abs/2204.07932 Towards Comprehensive Testing on the Robustness of Cooperative Multi-agent Reinforcement Learning. (95%) Jun Guo; Yonghong Chen; Yihang Hao; Zixin Yin; Yin Yu; Simin Li http://arxiv.org/abs/2204.07772 SETTI: A Self-supervised Adversarial Malware Detection Architecture in an IoT Environment. (95%) Marjan Golmaryami; Rahim Taheri; Zahra Pooranian; Mohammad Shojafar; Pei Xiao http://arxiv.org/abs/2204.07752 Homomorphic Encryption and Federated Learning based Privacy-Preserving CNN Training: COVID-19 Detection Use-Case. (67%) Febrianti Wibawa; Ferhat Ozgur Catak; Salih Sarp; Murat Kuzlu; Umit Cali http://arxiv.org/abs/2204.07373 Revisiting the Adversarial Robustness-Accuracy Tradeoff in Robot Learning. (92%) Mathias Lechner; Alexander Amini; Daniela Rus; Thomas A. Henzinger http://arxiv.org/abs/2204.07018 From Environmental Sound Representation to Robustness of 2D CNN Models Against Adversarial Attacks. (99%) Mohammad Esmaeilpour; Patrick Cardinal; Alessandro Lameiras Koerich http://arxiv.org/abs/2204.06974 Planting Undetectable Backdoors in Machine Learning Models. (99%) Shafi Goldwasser; Michael P. Kim; Vinod Vaikuntanathan; Or Zamir http://arxiv.org/abs/2204.07024 Q-TART: Quickly Training for Adversarial Robustness and in-Transferability. (50%) Madan Ravi Ganesh; Salimeh Yasaei Sekeh; Jason J. Corso http://arxiv.org/abs/2204.07246 Robotic and Generative Adversarial Attacks in Offline Writer-independent Signature Verification. (41%) Jordan J. Bird http://arxiv.org/abs/2204.06173 Task-Driven Data Augmentation for Vision-Based Robotic Control. (96%) Shubhankar Agarwal; Sandeep P. Chinchali http://arxiv.org/abs/2204.06241 Stealing and Evading Malware Classifiers and Antivirus at Low False Positive Conditions. (87%) Maria Rigaki; Sebastian Garcia http://arxiv.org/abs/2204.06213 Defensive Patches for Robust Recognition in the Physical World. (80%) Jiakai Wang; Zixin Yin; Pengfei Hu; Aishan Liu; Renshuai Tao; Haotong Qin; Xianglong Liu; Dacheng Tao http://arxiv.org/abs/2204.06337 A Novel Approach to Train Diverse Types of Language Models for Health Mention Classification of Tweets. (78%) Pervaiz Iqbal Khan; Imran Razzak; Andreas Dengel; Sheraz Ahmed http://arxiv.org/abs/2204.06274 Overparameterized Linear Regression under Adversarial Attacks. (76%) Antônio H. Ribeiro; Thomas B. Schön http://arxiv.org/abs/2204.06273 Towards A Critical Evaluation of Robustness for Deep Learning Backdoor Countermeasures. (38%) Huming Qiu; Hua Ma; Zhi Zhang; Alsharif Abuadbba; Wei Kang; Anmin Fu; Yansong Gao http://arxiv.org/abs/2204.06624 A Natural Language Processing Approach for Instruction Set Architecture Identification. (1%) Dinuka Sahabandu; Sukarno Mertoguno; Radha Poovendran http://arxiv.org/abs/2204.06113 Liuer Mihou: A Practical Framework for Generating and Evaluating Grey-box Adversarial Attacks against NIDS. (99%) Ke He; Dan Dongseong Kim; Jing Sun; Jeong Do Yoo; Young Hun Lee; Huy Kang Kim http://arxiv.org/abs/2204.05764 Examining the Proximity of Adversarial Examples to Class Manifolds in Deep Networks. (98%) Štefan Pócoš; Iveta Bečková; Igor Farkaš http://arxiv.org/abs/2205.01625 Toward Robust Spiking Neural Network Against Adversarial Perturbation. (98%) Ling Liang; Kaidi Xu; Xing Hu; Lei Deng; Yuan Xie http://arxiv.org/abs/2204.05986 Machine Learning Security against Data Poisoning: Are We There Yet? (92%) Antonio Emanuele Cinà; Kathrin Grosse; Ambra Demontis; Battista Biggio; Fabio Roli; Marcello Pelillo http://arxiv.org/abs/2204.06106 Optimal Membership Inference Bounds for Adaptive Composition of Sampled Gaussian Mechanisms. (11%) Saeed Mahloujifar; Alexandre Sablayrolles; Graham Cormode; Somesh Jha http://arxiv.org/abs/2204.05687 3DeformRS: Certifying Spatial Deformations on Point Clouds. (9%) Gabriel Pérez S.; Juan C. Pérez; Motasem Alfarra; Silvio Giancola; Bernard Ghanem http://arxiv.org/abs/2204.05432 A Simple Approach to Adversarial Robustness in Few-shot Image Classification. (98%) Akshayvarun Subramanya; Hamed Pirsiavash http://arxiv.org/abs/2204.05255 Narcissus: A Practical Clean-Label Backdoor Attack with Limited Information. (92%) Yi Zeng; Minzhou Pan; Hoang Anh Just; Lingjuan Lyu; Meikang Qiu; Ruoxi Jia http://arxiv.org/abs/2204.05427 Generalizing Adversarial Explanations with Grad-CAM. (84%) Tanmay Chakraborty; Utkarsh Trehan; Khawla Mallat; Jean-Luc Dugelay http://arxiv.org/abs/2204.04890 Anti-Adversarially Manipulated Attributions for Weakly Supervised Semantic Segmentation and Object Localization. (83%) Jungbeom Lee; Eunji Kim; Jisoo Mok; Sungroh Yoon http://arxiv.org/abs/2204.05239 Exploring the Universal Vulnerability of Prompt-based Learning Paradigm. (47%) Lei Xu; Yangyi Chen; Ganqu Cui; Hongcheng Gao; Zhiyuan Liu http://arxiv.org/abs/2204.05376 medXGAN: Visual Explanations for Medical Classifiers through a Generative Latent Space. (1%) Amil Dravid; Florian Schiffers; Boqing Gong; Aggelos K. Katsaggelos http://arxiv.org/abs/2204.04636 "That Is a Suspicious Reaction!": Interpreting Logits Variation to Detect NLP Adversarial Attacks. (88%) Edoardo Mosca; Shreyash Agarwal; Javier Rando-Ramirez; Georg Groh http://arxiv.org/abs/2204.04768 Analysis of Power-Oriented Fault Injection Attacks on Spiking Neural Networks. (54%) Karthikeyan Nagarajan; Junde Li; Sina Sayyah Ensan; Mohammad Nasim Imtiaz Khan; Sachhidh Kannan; Swaroop Ghosh http://arxiv.org/abs/2204.04778 Measuring the False Sense of Security. (26%) Carlos Gomes http://arxiv.org/abs/2204.03851 Defense against Adversarial Attacks on Hybrid Speech Recognition using Joint Adversarial Fine-tuning with Denoiser. (99%) Sonal Joshi; Saurabh Kataria; Yiwen Shao; Piotr Zelasko; Jesus Villalba; Sanjeev Khudanpur; Najim Dehak http://arxiv.org/abs/2204.03848 AdvEst: Adversarial Perturbation Estimation to Classify and Detect Adversarial Attacks against Speaker Identification. (99%) Sonal Joshi; Saurabh Kataria; Jesus Villalba; Najim Dehak http://arxiv.org/abs/2204.04259 Evaluating the Adversarial Robustness for Fourier Neural Operators. (92%) Abolaji D. Adesoji; Pin-Yu Chen http://arxiv.org/abs/2204.05758 Backdoor Attack against NLP models with Robustness-Aware Perturbation defense. (87%) Shaik Mohammed Maqsood; Viveros Manuela Ceron; Addluri GowthamKrishna http://arxiv.org/abs/2204.04329 An Adaptive Black-box Backdoor Detection Method for Deep Neural Networks. (45%) Xinqiao Zhang; Huili Chen; Ke Huang; Farinaz Koushanfar http://arxiv.org/abs/2204.04220 Characterizing and Understanding the Behavior of Quantized Models for Reliable Deployment. (13%) Qiang Hu; Yuejun Guo; Maxime Cordy; Xiaofei Xie; Wei Ma; Mike Papadakis; Yves Le Traon http://arxiv.org/abs/2204.04090 Neural Tangent Generalization Attacks. (12%) Chia-Hung Yuan; Shan-Hung Wu http://arxiv.org/abs/2204.03994 Labeling-Free Comparison Testing of Deep Learning Models. (11%) Yuejun Guo; Qiang Hu; Maxime Cordy; Xiaofei Xie; Mike Papadakis; Yves Le Traon http://arxiv.org/abs/2204.03934 Does Robustness on ImageNet Transfer to Downstream Tasks? (2%) Yutaro Yamada; Mayu Otani http://arxiv.org/abs/2204.05227 The self-learning AI controller for adaptive power beaming with fiber-array laser transmitter system. (1%) A. M. Vorontsov; G. A. Filimonov http://arxiv.org/abs/2204.04063 Transfer Attacks Revisited: A Large-Scale Empirical Study in Real Computer Vision Settings. (99%) Yuhao Mao; Chong Fu; Saizhuo Wang; Shouling Ji; Xuhong Zhang; Zhenguang Liu; Jun Zhou; Alex X. Liu; Raheem Beyah; Ting Wang http://arxiv.org/abs/2204.03694 Adaptive-Gravity: A Defense Against Adversarial Samples. (99%) Ali Mirzaeian; Zhi Tian; Sai Manoj P D; Banafsheh S. Latibari; Ioannis Savidis; Houman Homayoun; Avesta Sasan http://arxiv.org/abs/2204.03714 Using Multiple Self-Supervised Tasks Improves Model Robustness. (81%) Matthew Lawhon; Chengzhi Mao; Junfeng Yang http://arxiv.org/abs/2204.03214 Transformer-Based Language Models for Software Vulnerability Detection: Performance, Model's Security and Platforms. (69%) Chandra Thapa; Seung Ick Jang; Muhammad Ejaz Ahmed; Seyit Camtepe; Josef Pieprzyk; Surya Nepal http://arxiv.org/abs/2204.03397 Defending Active Directory by Combining Neural Network based Dynamic Program and Evolutionary Diversity Optimisation. (1%) Diksha Goel; Max Hector Ward-Graham; Aneta Neumann; Frank Neumann; Hung Nguyen; Mingyu Guo http://arxiv.org/abs/2204.02887 Sampling-based Fast Gradient Rescaling Method for Highly Transferable Adversarial Attacks. (99%) Xu Han; Anmin Liu; Yifeng Xiong; Yanbo Fan; Kun He http://arxiv.org/abs/2204.02738 Masking Adversarial Damage: Finding Adversarial Saliency for Robust and Sparse Network. (95%) Byung-Kwan Lee; Junho Kim; Yong Man Ro http://arxiv.org/abs/2204.02735 Distilling Robust and Non-Robust Features in Adversarial Examples by Information Bottleneck. (93%) Junho Kim; Byung-Kwan Lee; Yong Man Ro http://arxiv.org/abs/2204.03154 Optimization Models and Interpretations for Three Types of Adversarial Perturbations against Support Vector Machines. (68%) Wen Su; Qingna Li; Chunfeng Cui http://arxiv.org/abs/2204.03141 Adversarial Machine Learning Attacks Against Video Anomaly Detection Systems. (62%) Furkan Mumcu; Keval Doshi; Yasin Yilmaz http://arxiv.org/abs/2204.02654 Adversarial Analysis of the Differentially-Private Federated Learning in Cyber-Physical Critical Infrastructures. (33%) Md Tamjid Jim Hossain; Shahriar Jim Badsha; Jim Hung; La; Haoting Shen; Shafkat Islam; Ibrahim Khalil; Xun Yi http://arxiv.org/abs/2204.02381 Hear No Evil: Towards Adversarial Robustness of Automatic Speech Recognition via Multi-Task Learning. (98%) Nilaksh Das; Duen Horng Chau http://arxiv.org/abs/2204.02481 Adversarial Robustness through the Lens of Convolutional Filters. (87%) Paul Gavrikov; Janis Keuper http://arxiv.org/abs/2204.02500 User-Level Differential Privacy against Attribute Inference Attack of Speech Emotion Recognition in Federated Learning. (2%) Tiantian Feng; Raghuveer Peri; Shrikanth Narayanan http://arxiv.org/abs/2204.02285 SwapMix: Diagnosing and Regularizing the Over-Reliance on Visual Context in Visual Question Answering. (1%) Vipul Gupta; Zhuowan Li; Adam Kortylewski; Chenyu Zhang; Yingwei Li; Alan Yuille http://arxiv.org/abs/2204.01975 GAIL-PT: A Generic Intelligent Penetration Testing Framework with Generative Adversarial Imitation Learning. (1%) Jinyin Chen; Shulong Hu; Haibin Zheng; Changyou Xing; Guomin Zhang http://arxiv.org/abs/2204.01568 DAD: Data-free Adversarial Defense at Test Time. (99%) Gaurav Kumar Nayak; Ruchit Rawal; Anirban Chakraborty http://arxiv.org/abs/2204.01560 SecureSense: Defending Adversarial Attack for Secure Device-Free Human Activity Recognition. (99%) Jianfei Yang; Han Zou; Lihua Xie http://arxiv.org/abs/2204.01738 Experimental quantum adversarial learning with programmable superconducting qubits. (99%) Wenhui Ren; Weikang Li; Shibo Xu; Ke Wang; Wenjie Jiang; Feitong Jin; Xuhao Zhu; Jiachen Chen; Zixuan Song; Pengfei Zhang; Hang Dong; Xu Zhang; Jinfeng Deng; Yu Gao; Chuanyu Zhang; Yaozu Wu; Bing Zhang; Qiujiang Guo; Hekang Li; Zhen Wang; Jacob Biamonte; Chao Song; Dong-Ling Deng; H. Wang http://arxiv.org/abs/2204.01321 PRADA: Practical Black-Box Adversarial Attacks against Neural Ranking Models. (99%) Chen Wu; Ruqing Zhang; Jiafeng Guo; Rijke Maarten de; Yixing Fan; Xueqi Cheng http://arxiv.org/abs/2204.01960 FaceSigns: Semi-Fragile Neural Watermarks for Media Authentication and Countering Deepfakes. (98%) Paarth Neekhara; Shehzeen Hussain; Xinqiao Zhang; Ke Huang; Julian McAuley; Farinaz Koushanfar http://arxiv.org/abs/2204.01090 Breaking the De-Pois Poisoning Defense. (98%) Alaa Anani; Mohamed Ghanem; Lotfy Abdel Khaliq http://arxiv.org/abs/2204.01099 Adversarially robust segmentation models learn perceptually-aligned gradients. (16%) Pedro Sandoval-Segura http://arxiv.org/abs/2204.01193 Detecting In-vehicle Intrusion via Semi-supervised Learning-based Convolutional Adversarial Autoencoders. (1%) Thien-Nu Hoang; Daehee Kim http://arxiv.org/abs/2204.00993 Improving Vision Transformers by Revisiting High-frequency Components. (1%) Jiawang Bai; Li Yuan; Shu-Tao Xia; Shuicheng Yan; Zhifeng Li; Wei Liu http://arxiv.org/abs/2204.00972 DST: Dynamic Substitute Training for Data-free Black-box Attack. (98%) Wenxuan Wang; Xuelin Qian; Yanwei Fu; Xiangyang Xue http://arxiv.org/abs/2204.00853 Adversarial Neon Beam: Robust Physical-World Adversarial Attack to DNNs. (98%) Chengyin Hu; Kalibinuer Tiliwalidi http://arxiv.org/abs/2204.00734 SkeleVision: Towards Adversarial Resiliency of Person Tracking with Multi-Task Learning. (47%) Nilaksh Das; Sheng-Yun Peng; Duen Horng Chau http://arxiv.org/abs/2204.00487 Robust and Accurate -- Compositional Architectures for Randomized Smoothing. (31%) Miklós Z. Horváth; Mark Niklas Müller; Marc Fischer; Martin Vechev http://arxiv.org/abs/2204.00491 FrequencyLowCut Pooling -- Plug & Play against Catastrophic Overfitting. (16%) Julia Grabinski; Steffen Jung; Janis Keuper; Margret Keuper http://arxiv.org/abs/2204.00292 Preventing Distillation-based Attacks on Neural Network IP. (2%) Mahdieh Grailoo; Zain Ul Abideen; Mairo Leier; Samuel Pagliarini http://arxiv.org/abs/2204.01499 FedRecAttack: Model Poisoning Attack to Federated Recommendation. (1%) Dazhong Rong; Shuai Ye; Ruoyan Zhao; Hon Ning Yuen; Jianhai Chen; Qinming He http://arxiv.org/abs/2204.00008 Improving Adversarial Transferability via Neuron Attribution-Based Attacks. (99%) Jianping Zhang; Weibin Wu; Jen-tse Huang; Yizhan Huang; Wenxuan Wang; Yuxin Su; Michael R. Lyu http://arxiv.org/abs/2203.17209 Adversarial Examples in Random Neural Networks with General Activations. (98%) Andrea Montanari; Yuchen Wu http://arxiv.org/abs/2204.00103 Scalable Whitebox Attacks on Tree-based Models. (96%) Giuseppe Castiglione; Gavin Ding; Masoud Hashemi; Christopher Srinivasa; Ga Wu http://arxiv.org/abs/2203.16931 Towards Robust Rain Removal Against Adversarial Attacks: A Comprehensive Benchmark Analysis and Beyond. (86%) Yi Yu; Wenhan Yang; Yap-Peng Tan; Alex C. Kot http://arxiv.org/abs/2204.00032 Truth Serum: Poisoning Machine Learning Models to Reveal Their Secrets. (81%) Florian Tramèr; Reza Shokri; Ayrton San Joaquin; Hoang Le; Matthew Jagielski; Sanghyun Hong; Nicholas Carlini http://arxiv.org/abs/2204.00089 Investigating Top-$k$ White-Box and Transferable Black-box Attack. (87%) Chaoning Zhang; Philipp Benz; Adil Karjauv; Jae Won Cho; Kang Zhang; In So Kweon http://arxiv.org/abs/2203.16130 Sensor Data Validation and Driving Safety in Autonomous Driving Systems. (83%) Jindi Zhang http://arxiv.org/abs/2203.16141 Example-based Explanations with Adversarial Attacks for Respiratory Sound Analysis. (56%) Yi Chang; Zhao Ren; Thanh Tam Nguyen; Wolfgang Nejdl; Björn W. Schuller http://arxiv.org/abs/2203.15283 Mel Frequency Spectral Domain Defenses against Adversarial Attacks on Speech Recognition Systems. (99%) Nicholas Mehlman; Anirudh Sreeram; Raghuveer Peri; Shrikanth Narayanan http://arxiv.org/abs/2203.15230 Zero-Query Transfer Attacks on Context-Aware Object Detectors. (99%) Zikui Cai; Shantanu Rane; Alejandro E. Brito; Chengyu Song; Srikanth V. Krishnamurthy; Amit K. Roy-Chowdhury; M. Salman Asif http://arxiv.org/abs/2203.15674 Exploring Frequency Adversarial Attacks for Face Forgery Detection. (99%) Shuai Jia; Chao Ma; Taiping Yao; Bangjie Yin; Shouhong Ding; Xiaokang Yang http://arxiv.org/abs/2203.16000 StyleFool: Fooling Video Classification Systems via Style Transfer. (99%) Yuxin Cao; Xi Xiao; Ruoxi Sun; Derui Wang; Minhui Xue; Sheng Wen http://arxiv.org/abs/2203.16536 Recent improvements of ASR models in the face of adversarial attacks. (98%) Raphael Olivier; Bhiksha Raj http://arxiv.org/abs/2203.15245 Robust Structured Declarative Classifiers for 3D Point Clouds: Defending Adversarial Attacks with Implicit Gradients. (83%) Kaidong Li; Ziming Zhang; Cuncong Zhong; Guanghui Wang http://arxiv.org/abs/2203.15529 Treatment Learning Causal Transformer for Noisy Image Classification. (26%) Chao-Han Huck Yang; I-Te Danny Hung; Yi-Chieh Liu; Pin-Yu Chen http://arxiv.org/abs/2203.15319 Can NMT Understand Me? Towards Perturbation-based Evaluation of NMT Models for Code Generation. (11%) Pietro Liguori; Cristina Improta; Vivo Simona De; Roberto Natella; Bojan Cukic; Domenico Cotroneo http://arxiv.org/abs/2203.14607 Boosting Black-Box Adversarial Attacks with Meta Learning. (99%) Junjie the State Key Lab of Intelligent Control and Decision of Complex Systems and the School of Automation, Beijing Institute of Technology, Beijing, China Beijing Institute of Technology Chongqing Innovation Center, Chongqing, China Fu; Jian the State Key Lab of Intelligent Control and Decision of Complex Systems and the School of Automation, Beijing Institute of Technology, Beijing, China Beijing Institute of Technology Chongqing Innovation Center, Chongqing, China Sun; Gang the State Key Lab of Intelligent Control and Decision of Complex Systems and the School of Automation, Beijing Institute of Technology, Beijing, China Beijing Institute of Technology Chongqing Innovation Center, Chongqing, China Wang http://arxiv.org/abs/2204.00426 A Fast and Efficient Conditional Learning for Tunable Trade-Off between Accuracy and Robustness. (62%) Souvik Kundu; Sairam Sundaresan; Massoud Pedram; Peter A. Beerel http://arxiv.org/abs/2203.14533 Robust Unlearnable Examples: Protecting Data Against Adversarial Learning. (16%) Shaopeng Fu; Fengxiang He; Yang Liu; Li Shen; Dacheng Tao http://arxiv.org/abs/2203.15076 Neurosymbolic hybrid approach to driver collision warning. (15%) Kyongsik Yun; Thomas Lu; Alexander Huyen; Patrick Hammer; Pei Wang http://arxiv.org/abs/2203.15563 Attacker Attribution of Audio Deepfakes. (1%) Nicolas M. Müller; Franziska Dieckmann; Jennifer Williams http://arxiv.org/abs/2203.14207 Text Adversarial Purification as Defense against Adversarial Attacks. (99%) Linyang Li; Demin Song; Xipeng Qiu http://arxiv.org/abs/2203.14299 Adversarial Representation Sharing: A Quantitative and Secure Collaborative Learning Framework. (8%) Jikun Chen; Feng Qiang; Na Ruan http://arxiv.org/abs/2203.14195 How to Robustify Black-Box ML Models? A Zeroth-Order Optimization Perspective. (99%) Yimeng Zhang; Yuguang Yao; Jinghan Jia; Jinfeng Yi; Mingyi Hong; Shiyu Chang; Sijia Liu http://arxiv.org/abs/2203.14046 A Survey of Robust Adversarial Training in Pattern Recognition: Fundamental, Theory, and Methodologies. (99%) Zhuang Qian; Kaizhu Huang; Qiu-Feng Wang; Xu-Yao Zhang http://arxiv.org/abs/2203.14145 Reverse Engineering of Imperceptible Adversarial Image Perturbations. (99%) Yifan Gong; Yuguang Yao; Yize Li; Yimeng Zhang; Xiaoming Liu; Xue Lin; Sijia Liu http://arxiv.org/abs/2203.14141 Efficient Global Robustness Certification of Neural Networks via Interleaving Twin-Network Encoding. (33%) Zhilu Wang; Chao Huang; Qi Zhu http://arxiv.org/abs/2203.14965 A Systematic Survey of Attack Detection and Prevention in Connected and Autonomous Vehicles. (1%) Trupil Limbasiya; Ko Zheng Teng; Sudipta Chattopadhyay; Jianying Zhou http://arxiv.org/abs/2203.14101 A Roadmap for Big Model. (1%) Sha Yuan; Hanyu Zhao; Shuai Zhao; Jiahong Leng; Yangxiao Liang; Xiaozhi Wang; Jifan Yu; Xin Lv; Zhou Shao; Jiaao He; Yankai Lin; Xu Han; Zhenghao Liu; Ning Ding; Yongming Rao; Yizhao Gao; Liang Zhang; Ming Ding; Cong Fang; Yisen Wang; Mingsheng Long; Jing Zhang; Yinpeng Dong; Tianyu Pang; Peng Cui; Lingxiao Huang; Zheng Liang; Huawei Shen; Hui Zhang; Quanshi Zhang; Qingxiu Dong; Zhixing Tan; Mingxuan Wang; Shuo Wang; Long Zhou; Haoran Li; Junwei Bao; Yingwei Pan; Weinan Zhang; Zhou Yu; Rui Yan; Chence Shi; Minghao Xu; Zuobai Zhang; Guoqiang Wang; Xiang Pan; Mengjie Li; Xiaoyu Chu; Zijun Yao; Fangwei Zhu; Shulin Cao; Weicheng Xue; Zixuan Ma; Zhengyan Zhang; Shengding Hu; Yujia Qin; Chaojun Xiao; Zheni Zeng; Ganqu Cui; Weize Chen; Weilin Zhao; Yuan Yao; Peng Li; Wenzhao Zheng; Wenliang Zhao; Ziyi Wang; Borui Zhang; Nanyi Fei; Anwen Hu; Zenan Ling; Haoyang Li; Boxi Cao; Xianpei Han; Weidong Zhan; Baobao Chang; Hao Sun; Jiawen Deng; Chujie Zheng; Juanzi Li; Lei Hou; Xigang Cao; Jidong Zhai; Zhiyuan Liu; Maosong Sun; Jiwen Lu; Zhiwu Lu; Qin Jin; Ruihua Song; Ji-Rong Wen; Zhouchen Lin; Liwei Wang; Hang Su; Jun Zhu; Zhifang Sui; Jiajun Zhang; Yang Liu; Xiaodong He; Minlie Huang; Jian Tang; Jie Tang http://arxiv.org/abs/2203.13479 Enhancing Transferability of Adversarial Examples with Spatial Momentum. (99%) Guoqiu Wang; Huanqian Yan; Xingxing Wei http://arxiv.org/abs/2203.13779 Origins of Low-dimensional Adversarial Perturbations. (98%) Elvis Dohmatob; Chuan Guo; Morgane Goibert http://arxiv.org/abs/2203.13639 Give Me Your Attention: Dot-Product Attention Considered Harmful for Adversarial Patch Robustness. (89%) Giulio Lovisotto; Nicole Finnie; Mauricio Munoz; Chaithanya Kumar Mummadi; Jan Hendrik Metzen http://arxiv.org/abs/2203.13890 Improving Robustness of Jet Tagging Algorithms with Adversarial Training. (10%) Annika Stein; Xavier Coubez; Spandan Mondal; Andrzej Novak; Alexander Schmidt http://arxiv.org/abs/2203.13455 A Unified Contrastive Energy-based Model for Understanding the Generative Ability of Adversarial Training. (5%) Yifei Wang; Yisen Wang; Jiansheng Yang; Zhouchen Lin http://arxiv.org/abs/2203.13834 A Stitch in Time Saves Nine: A Train-Time Regularizing Loss for Improved Neural Network Calibration. (1%) Ramya Hebbalaguppe; Jatin Prakash; Neelabh Madan; Chetan Arora http://arxiv.org/abs/2203.15506 Trojan Horse Training for Breaking Defenses against Backdoor Attacks in Deep Learning. (99%) Arezoo Rajabi; Bhaskar Ramasubramanian; Radha Poovendran http://arxiv.org/abs/2203.13214 A Perturbation Constrained Adversarial Attack for Evaluating the Robustness of Optical Flow. (99%) Jenny Schmalfuss; Philipp Scholze; Andrés Bruhn http://arxiv.org/abs/2203.12915 NPC: Neuron Path Coverage via Characterizing Decision Logic of Deep Neural Networks. (93%) Xiaofei Xie; Tianlin Li; Jian Wang; Lei Ma; Qing Guo; Felix Juefei-Xu; Yang Liu http://arxiv.org/abs/2203.12980 MERLIN -- Malware Evasion with Reinforcement LearnINg. (56%) Tony Quertier; Benjamin Marais; Stéphane Morucci; Bertrand Fournel http://arxiv.org/abs/2203.13612 Repairing Group-Level Errors for DNNs Using Weighted Regularization. (13%) Ziyuan Zhong; Yuchi Tian; Conor J. Sweeney; Vicente Ordonez-Roman; Baishakhi Ray http://arxiv.org/abs/2203.13277 A Manifold View of Adversarial Risk. (11%) Wenjia Zhang; Yikai Zhang; Xiaoling Hu; Mayank Goswami; Chao Chen; Dimitris Metaxas http://arxiv.org/abs/2203.15498 Powerful Physical Adversarial Examples Against Practical Face Recognition Systems. (99%) Inderjeet Singh; Toshinori Araki; Kazuya Kakizaki http://arxiv.org/abs/2203.12709 Adversarial Training for Improving Model Robustness? Look at Both Prediction and Interpretation. (99%) Hanjie Chen; Yangfeng Ji http://arxiv.org/abs/2203.12298 Input-specific Attention Subnetworks for Adversarial Detection. (99%) Emil Biju; Anirudh Sriram; Pratyush Kumar; Mitesh M Khapra http://arxiv.org/abs/2203.12208 Self-supervised Learning of Adversarial Example: Towards Good Generalizations for Deepfake Detection. (69%) Liang Chen; Yong Zhang; Yibing Song; Lingqiao Liu; Jue Wang http://arxiv.org/abs/2203.12249 Distort to Detect, not Affect: Detecting Stealthy Sensor Attacks with Micro-distortion. (3%) Suman Sourav; Binbin Chen http://arxiv.org/abs/2203.12387 On the (Limited) Generalization of MasterFace Attacks and Its Relation to the Capacity of Face Representations. (3%) Philipp Terhörst; Florian Bierbaum; Marco Huber; Naser Damer; Florian Kirchbuchner; Kiran Raja; Arjan Kuijper http://arxiv.org/abs/2203.11492 Exploring High-Order Structure for Robust Graph Structure Learning. (99%) Guangqian Yang; Yibing Zhan; Jinlong Li; Baosheng Yu; Liu Liu; Fengxiang He http://arxiv.org/abs/2203.12122 On Adversarial Robustness of Large-scale Audio Visual Learning. (93%) Juncheng B Bernie Li; Shuhui Bernie Qu; Xinjian Bernie Li; Bernie Po-Yao; Huang; Florian Metze http://arxiv.org/abs/2203.11864 On the (Non-)Robustness of Two-Layer Neural Networks in Different Learning Regimes. (86%) Elvis Dohmatob; Alberto Bietti http://arxiv.org/abs/2203.11633 Semi-Targeted Model Poisoning Attack on Federated Learning via Backward Error Analysis. (78%) Yuwei Sun; Hideya Ochiai; Jun Sakuma http://arxiv.org/abs/2203.11849 A Girl Has A Name, And It's ... Adversarial Authorship Attribution for Deobfuscation. (2%) Wanyue Zhai; Jonathan Rusert; Zubair Shafiq; Padmini Srinivasan http://arxiv.org/abs/2203.11894 GradViT: Gradient Inversion of Vision Transformers. (1%) Ali Hatamizadeh; Hongxu Yin; Holger Roth; Wenqi Li; Jan Kautz; Daguang Xu; Pavlo Molchanov http://arxiv.org/abs/2203.11805 On Robust Classification using Contractive Hamiltonian Neural ODEs. (1%) Muhammad Zakwan; Liang Xu; Giancarlo Ferrari-Trecate http://arxiv.org/abs/2203.11433 Making DeepFakes more spurious: evading deep face forgery detection via trace removal attack. (92%) Chi Liu; Huajie Chen; Tianqing Zhu; Jun Zhang; Wanlei Zhou http://arxiv.org/abs/2203.10902 Integrity Fingerprinting of DNN with Double Black-box Design and Verification. (10%) Shuo Wang; Sidharth Agarwal; Sharif Abuadbba; Kristen Moore; Surya Nepal; Salil Kanhere http://arxiv.org/abs/2203.11331 On The Robustness of Offensive Language Classifiers. (2%) Jonathan Rusert; Zubair Shafiq; Padmini Srinivasan http://arxiv.org/abs/2203.10734 Defending against Co-residence Attack in Energy-Efficient Cloud: An Optimization based Real-time Secure VM Allocation Strategy. (1%) Lu Cao; Ruiwen Li; Xiaojun Ruan; Yuhong Liu http://arxiv.org/abs/2203.10723 An Intermediate-level Attack Framework on The Basis of Linear Regression. (99%) Yiwen Guo; Qizhang Li; Wangmeng Zuo; Hao Chen http://arxiv.org/abs/2203.10714 A Prompting-based Approach for Adversarial Example Generation and Robustness Enhancement. (99%) Yuting Yang; Pei Huang; Juan Cao; Jintao Li; Yun Lin; Jin Song Dong; Feifei Ma; Jian Zhang http://arxiv.org/abs/2203.10693 Leveraging Expert Guided Adversarial Augmentation For Improving Generalization in Named Entity Recognition. (82%) Aaron Reich; Jiaao Chen; Aastha Agrawal; Yanzhe Zhang; Diyi Yang http://arxiv.org/abs/2203.10502 Adversarial Parameter Attack on Deep Neural Networks. (62%) Lijia Yu; Yihan Wang; Xiao-Shan Gao http://arxiv.org/abs/2203.10290 Adversarial Defense via Image Denoising with Chaotic Encryption. (99%) Shi Hu; Eric Nalisnick; Max Welling http://arxiv.org/abs/2203.10346 Perturbations in the Wild: Leveraging Human-Written Text Perturbations for Realistic Adversarial Attack and Defense. (98%) Thai Le; Jooyoung Lee; Kevin Yen; Yifan Hu; Dongwon Lee http://arxiv.org/abs/2203.11199 Distinguishing Non-natural from Natural Adversarial Samples for More Robust Pre-trained Language Model. (84%) Jiayi Wang; Rongzhou Bao; Zhuosheng Zhang; Hai Zhao http://arxiv.org/abs/2203.11201 Efficient Neural Network Analysis with Sum-of-Infeasibilities. (74%) Haoze Wu; Aleksandar Zeljić; Guy Katz; Clark Barrett http://arxiv.org/abs/2203.10366 Deep Learning Generalization, Extrapolation, and Over-parameterization. (68%) Roozbeh Yousefzadeh http://arxiv.org/abs/2203.10378 On Robust Prefix-Tuning for Text Classification. (10%) Zonghan Yang; Yang Liu http://arxiv.org/abs/2203.10166 Concept-based Adversarial Attacks: Tricking Humans and Classifiers Alike. (99%) Johannes Schneider; Giovanni Apruzzese http://arxiv.org/abs/2203.10183 Adversarial Attacks on Deep Learning-based Video Compression and Classification Systems. (99%) Jung-Woo Chang; Mojan Javaheripi; Seira Hidano; Farinaz Koushanfar http://arxiv.org/abs/2203.09849 Neural Predictor for Black-Box Adversarial Attacks on Speech Recognition. (99%) Marie Biolková; Bac Nguyen http://arxiv.org/abs/2203.09756 AutoAdversary: A Pixel Pruning Method for Sparse Adversarial Attack. (99%) Jinqiao Li; Xiaotao Liu; Jian Zhao; Furao Shen http://arxiv.org/abs/2203.09940 Alleviating Adversarial Attacks on Variational Autoencoders with MCMC. (96%) Anna Kuzina; Max Welling; Jakub M. Tomczak http://arxiv.org/abs/2203.09831 DTA: Physical Camouflage Attacks using Differentiable Transformation Network. (83%) Naufal Suryanto; Yongsu Kim; Hyoeun Kang; Harashta Tatimma Larasati; Youngyeo Yun; Thi-Thu-Huong Le; Hunmin Yang; Se-Yoon Oh; Howon Kim http://arxiv.org/abs/2203.09792 AdIoTack: Quantifying and Refining Resilience of Decision Tree Ensemble Inference Models against Adversarial Volumetric Attacks on IoT Networks. (78%) Arman Pashamokhtari; Gustavo Batista; Hassan Habibi Gharakheili http://arxiv.org/abs/2203.09790 Towards Robust 2D Convolution for Reliable Visual Recognition. (9%) Lida Li; Shuai Li; Kun Wang; Xiangchu Feng; Lei Zhang http://arxiv.org/abs/2203.09123 Improving the Transferability of Targeted Adversarial Examples through Object-Based Diverse Input. (99%) Junyoung Byun; Seungju Cho; Myung-Joon Kwon; Hee-Seon Kim; Changick Kim http://arxiv.org/abs/2203.09678 Self-Ensemble Adversarial Training for Improved Robustness. (99%) Hongjun Wang; Yisen Wang http://arxiv.org/abs/2203.09566 Leveraging Adversarial Examples to Quantify Membership Information Leakage. (98%) Grosso Ganesh Del; Hamid Jalalzai; Georg Pichler; Catuscia Palamidessi; Pablo Piantanida http://arxiv.org/abs/2203.09243 On the Properties of Adversarially-Trained CNNs. (93%) Mattia Carletti; Matteo Terzi; Gian Antonio Susto http://arxiv.org/abs/2203.09289 PiDAn: A Coherence Optimization Approach for Backdoor Attack Detection and Mitigation in Deep Neural Networks. (89%) Yue Wang; Wenqing Li; Esha Sarkar; Muhammad Shafique; Michail Maniatakos; Saif Eddin Jabari http://arxiv.org/abs/2203.09681 HDLock: Exploiting Privileged Encoding to Protect Hyperdimensional Computing Models against IP Stealing. (1%) Shijin Duan; Shaolei Ren; Xiaolin Xu http://arxiv.org/abs/2203.08959 Robustness through Cognitive Dissociation Mitigation in Contrastive Adversarial Training. (99%) Adir Rahamim; Itay Naeh http://arxiv.org/abs/2203.08519 Towards Practical Certifiable Patch Defense with Vision Transformer. (98%) Zhaoyu Chen; Bo Li; Jianghe Xu; Shuang Wu; Shouhong Ding; Wenqiang Zhang http://arxiv.org/abs/2203.08392 Patch-Fool: Are Vision Transformers Always Robust Against Adversarial Perturbations? (97%) Yonggan Fu; Shunyao Zhang; Shang Wu; Cheng Wan; Yingyan Lin http://arxiv.org/abs/2203.08945 Provable Adversarial Robustness for Fractional Lp Threat Models. (87%) Alexander Levine; Soheil Feizi http://arxiv.org/abs/2203.08739 What Do Adversarially trained Neural Networks Focus: A Fourier Domain-based Study. (83%) Binxiao Huang; Chaofan Tao; Rui Lin; Ngai Wong http://arxiv.org/abs/2203.08398 COPA: Certifying Robust Policies for Offline Reinforcement Learning against Poisoning Attacks. (82%) Fan Wu; Linyi Li; Chejian Xu; Huan Zhang; Bhavya Kailkhura; Krishnaram Kenthapadi; Ding Zhao; Bo Li http://arxiv.org/abs/2203.08689 Sniper Backdoor: Single Client Targeted Backdoor Attack in Federated Learning. (70%) Gorka Abad; Servio Paguada; Oguzhan Ersoy; Stjepan Picek; Víctor Julio Ramírez-Durán; Aitor Urbieta http://arxiv.org/abs/2203.08390 Reducing Flipping Errors in Deep Neural Networks. (68%) Xiang Deng; Yun Xiao; Bo Long; Zhongfei Zhang http://arxiv.org/abs/2203.08725 Attacking deep networks with surrogate-based adversarial black-box methods is easy. (45%) Nicholas A. Lord; Romain Mueller; Luca Bertinetto http://arxiv.org/abs/2203.08961 On the Convergence of Certified Robust Training with Interval Bound Propagation. (15%) Yihan Wang; Zhouxing Shi; Quanquan Gu; Cho-Jui Hsieh http://arxiv.org/abs/2203.08669 MPAF: Model Poisoning Attacks to Federated Learning based on Fake Clients. (15%) Xiaoyu Cao; Neil Zhenqiang Gong http://arxiv.org/abs/2203.08822 Understanding robustness and generalization of artificial neural networks through Fourier masks. (2%) Nikos Karantzas; Emma Besier; Josue Ortega Caro; Xaq Pitkow; Andreas S. Tolias; Ankit B. Patel; Fabio Anselmi http://arxiv.org/abs/2203.07653 Generalized but not Robust? Comparing the Effects of Data Modification Methods on Out-of-Domain Generalization and Adversarial Robustness. (76%) Tejas Gokhale; Swaroop Mishra; Man Luo; Bhavdeep Singh Sachdeva; Chitta Baral http://arxiv.org/abs/2203.08302 Internet-based Social Engineering Attacks, Defenses and Psychology: A Survey. (13%) Theodore Longtchi; Rosana Montañez Rodriguez; Laith Al-Shawaf; Adham Atyabi; Shouhuai Xu http://arxiv.org/abs/2203.07670 Towards Adversarial Control Loops in Sensor Attacks: A Case Study to Control the Kinematics and Actuation of Embedded Systems. (10%) Yazhou Tu; Sara Rampazzi; Xiali Hei http://arxiv.org/abs/2203.07713 LDP: Learnable Dynamic Precision for Efficient Deep Neural Network Training and Inference. (1%) Zhongzhi Yu; Yonggan Fu; Shang Wu; Mengquan Li; Haoran You; Yingyan Lin http://arxiv.org/abs/2203.07815 Adversarial Counterfactual Augmentation: Application in Alzheimer's Disease Classification. (1%) Tian Xia; Pedro Sanchez; Chen Qin; Sotirios A. Tsaftaris http://arxiv.org/abs/2203.06898 Efficient universal shuffle attack for visual object tracking. (99%) Siao Liu; Zhaoyu Chen; Wei Li; Jiwei Zhu; Jiafeng Wang; Wenqiang Zhang; Zhongxue Gan http://arxiv.org/abs/2203.09487 Defending Against Adversarial Attack in ECG Classification with Adversarial Distillation Training. (99%) Jiahao Shao; Shijia Geng; Zhaoji Fu; Weilun Xu; Tong Liu; Shenda Hong http://arxiv.org/abs/2203.07596 Task-Agnostic Robust Representation Learning. (98%) A. Tuan Nguyen; Ser Nam Lim; Philip Torr http://arxiv.org/abs/2203.08147 Energy-Latency Attacks via Sponge Poisoning. (91%) Antonio Emanuele Cinà; Ambra Demontis; Battista Biggio; Fabio Roli; Marcello Pelillo http://arxiv.org/abs/2203.07138 Adversarial amplitude swap towards robust image classifiers. (83%) Chun Yang Tan; Hiroshi Kera; Kazuhiko Kawamoto http://arxiv.org/abs/2203.07159 On the benefits of knowledge distillation for adversarial robustness. (82%) Javier Maroto; Guillermo Ortiz-Jiménez; Pascal Frossard http://arxiv.org/abs/2203.08148 RES-HD: Resilient Intelligent Fault Diagnosis Against Adversarial Attacks Using Hyper-Dimensional Computing. (82%) Onat Gungor; Tajana Rosing; Baris Aksanli http://arxiv.org/abs/2203.07341 Defending From Physically-Realizable Adversarial Attacks Through Internal Over-Activation Analysis. (54%) Giulio Rossolini; Federico Nesti; Fabio Brau; Alessandro Biondi; Giorgio Buttazzo http://arxiv.org/abs/2203.06616 LAS-AT: Adversarial Training with Learnable Attack Strategy. (99%) Xiaojun Jia; Yong Zhang; Baoyuan Wu; Ke Ma; Jue Wang; Xiaochun Cao http://arxiv.org/abs/2203.06694 Generating Practical Adversarial Network Traffic Flows Using NIDSGAN. (99%) Bolor-Erdene Zolbayar; Ryan Sheatsley; Patrick McDaniel; Michael J. Weisman; Sencun Zhu; Shitong Zhu; Srikanth Krishnamurthy http://arxiv.org/abs/2203.06570 Model Inversion Attack against Transfer Learning: Inverting a Model without Accessing It. (92%) Dayong Ye; Huiqiang Chen; Shuai Zhou; Tianqing Zhu; Wanlei Zhou; Shouling Ji http://arxiv.org/abs/2203.06580 One Parameter Defense -- Defending against Data Inference Attacks via Differential Privacy. (67%) Dayong Ye; Sheng Shen; Tianqing Zhu; Bo Liu; Wanlei Zhou http://arxiv.org/abs/2203.06587 Policy Learning for Robust Markov Decision Process with a Mismatched Generative Model. (3%) Jialian Li; Tongzheng Ren; Dong Yan; Hang Su; Jun Zhu http://arxiv.org/abs/2203.06560 Query-Efficient Black-box Adversarial Attacks Guided by a Transfer-based Prior. (99%) Yinpeng Dong; Shuyu Cheng; Tianyu Pang; Hang Su; Jun Zhu http://arxiv.org/abs/2203.06414 A Survey of Adversarial Defences and Robustness in NLP. (99%) Shreya Goyal; Sumanth Doddapaneni; Mitesh M. Khapra; Balaraman Ravindran http://arxiv.org/abs/2203.06555 Label-only Model Inversion Attack: The Attack that Requires the Least Information. (47%) Dayong Ye; Tianqing Zhu; Shuai Zhou; Bo Liu; Wanlei Zhou http://arxiv.org/abs/2203.05948 Block-Sparse Adversarial Attack to Fool Transformer-Based Text Classifiers. (99%) Sahar Sadrizadeh; Ljiljana Dolamic; Pascal Frossard http://arxiv.org/abs/2203.07027 Learning from Attacks: Attacking Variational Autoencoder for Improving Image Classification. (98%) Jianzhang Zheng; Fan Yang; Hao Shen; Xuan Tang; Mingsong Chen; Liang Song; Xian Wei http://arxiv.org/abs/2203.10930 An integrated Auto Encoder-Block Switching defense approach to prevent adversarial attacks. (96%) Anirudh Yadav; Ashutosh Upadhyay; S. Sharanya http://arxiv.org/abs/2203.06020 Enhancing Adversarial Training with Second-Order Statistics of Weights. (38%) Gaojie Jin; Xinping Yi; Wei Huang; Sven Schewe; Xiaowei Huang http://arxiv.org/abs/2203.06060 ROOD-MRI: Benchmarking the robustness of deep learning segmentation models to out-of-distribution and corrupted data in MRI. (33%) Lyndon Boone; Mahdi Biparva; Parisa Mojiri Forooshani; Joel Ramirez; Mario Masellis; Robert Bartha; Sean Symons; Stephen Strother; Sandra E. Black; Chris Heyn; Anne L. Martel; Richard H. Swartz; Maged Goubran http://arxiv.org/abs/2203.06254 Perception Over Time: Temporal Dynamics for Robust Image Understanding. (16%) Maryam Daniali; Edward Kim http://arxiv.org/abs/2203.05774 Reinforcement Learning for Linear Quadratic Control is Vulnerable Under Cost Manipulation. (15%) Yunhan Huang; Quanyan Zhu http://arxiv.org/abs/2203.05323 Exploiting the Potential of Datasets: A Data-Centric Approach for Model Robustness. (92%) Yiqi Zhong; Lei Wu; Xianming Liu; Junjun Jiang http://arxiv.org/abs/2203.05212 Membership Privacy Protection for Image Translation Models via Adversarial Knowledge Distillation. (75%) Saeed Ranjbar Alvar; Lanjun Wang; Jian Pei; Yong Zhang http://arxiv.org/abs/2203.05653 Attack Analysis of Face Recognition Authentication Systems Using Fast Gradient Sign Method. (69%) Arbena Musa; Kamer Vishi; Blerim Rexha http://arxiv.org/abs/2203.05408 Attacks as Defenses: Designing Robust Audio CAPTCHAs Using Attacks on Automatic Speech Recognition Systems. (64%) Hadi Abdullah; Aditya Karlekar; Saurabh Prasad; Muhammad Sajidur Rahman; Logan Blue; Luke A. Bauer; Vincent Bindschaedler; Patrick Traynor http://arxiv.org/abs/2203.05314 SoK: On the Semantic AI Security in Autonomous Driving. (10%) Junjie Shen; Ningfei Wang; Ziwen Wan; Yunpeng Luo; Takami Sato; Zhisheng Hu; Xinyang Zhang; Shengjian Guo; Zhenyu Zhong; Kang Li; Ziming Zhao; Chunming Qiao; Qi Alfred Chen http://arxiv.org/abs/2203.04607 Practical No-box Adversarial Attacks with Training-free Hybrid Image Transformation. (99%) Qilong Zhang; Chaoning Zhang; Chaoqun Li; Jingkuan Song; Lianli Gao; Heng Tao Shen http://arxiv.org/abs/2203.05154 Practical Evaluation of Adversarial Robustness via Adaptive Auto Attack. (99%) Ye Liu; Yaya Cheng; Lianli Gao; Xianglong Liu; Qilong Zhang; Jingkuan Song http://arxiv.org/abs/2203.05151 Frequency-driven Imperceptible Adversarial Attack on Semantic Similarity. (99%) Cheng Luo; Qinliang Lin; Weicheng Xie; Bizhu Wu; Jinheng Xie; Linlin Shen http://arxiv.org/abs/2203.04855 Binary Classification Under $\ell_0$ Attacks for General Noise Distribution. (98%) Payam Delgosha; Hamed Hassani; Ramtin Pedarsani http://arxiv.org/abs/2203.04623 Controllable Evaluation and Generation of Physical Adversarial Patch on Face Recognition. (97%) Xiao Yang; Yinpeng Dong; Tianyu Pang; Zihao Xiao; Hang Su; Jun Zhu http://arxiv.org/abs/2203.04886 Reverse Engineering $\ell_p$ attacks: A block-sparse optimization approach with recovery guarantees. (92%) Darshan Thaker; Paris Giampouras; René Vidal http://arxiv.org/abs/2203.04713 Defending Black-box Skeleton-based Human Activity Classifiers. (92%) He Wang; Yunfeng Diao; Zichang Tan; Guodong Guo http://arxiv.org/abs/2203.04696 Robust Federated Learning Against Adversarial Attacks for Speech Emotion Recognition. (81%) Yi Chang; Sofiane Laridi; Zhao Ren; Gregory Palmer; Björn W. Schuller; Marco Fisichella http://arxiv.org/abs/2203.05103 Improving Neural ODEs via Knowledge Distillation. (80%) Haoyu Chu; Shikui Wei; Qiming Lu; Yao Zhao http://arxiv.org/abs/2203.06055 Physics-aware Complex-valued Adversarial Machine Learning in Reconfigurable Diffractive All-optical Neural Network. (22%) Ruiyang Chen; Yingjie Li; Minhan Lou; Jichao Fan; Yingheng Tang; Berardi Sensale-Rodriguez; Cunxi Yu; Weilu Gao http://arxiv.org/abs/2203.04946 On the surprising tradeoff between ImageNet accuracy and perceptual similarity. (1%) Manoj Kumar; Neil Houlsby; Nal Kalchbrenner; Ekin D. Cubuk http://arxiv.org/abs/2203.04234 Adaptative Perturbation Patterns: Realistic Adversarial Learning for Robust NIDS. (99%) João Vitorino; Nuno Oliveira; Isabel Praça http://arxiv.org/abs/2203.04041 Shape-invariant 3D Adversarial Point Clouds. (99%) Qidong Huang; Xiaoyi Dong; Dongdong Chen; Hang Zhou; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/2203.03888 ART-Point: Improving Rotation Robustness of Point Cloud Classifiers via Adversarial Rotation. (92%) Robin Wang; Yibo Yang; Dacheng Tao http://arxiv.org/abs/2203.04160 Robustly-reliable learners under poisoning attacks. (13%) Maria-Florina Balcan; Avrim Blum; Steve Hanneke; Dravyansh Sharma http://arxiv.org/abs/2203.04428 DeepSE-WF: Unified Security Estimation for Website Fingerprinting Defenses. (2%) Alexander Veicht; Cedric Renggli; Diogo Barradas http://arxiv.org/abs/2203.06649 Joint rotational invariance and adversarial training of a dual-stream Transformer yields state of the art Brain-Score for Area V4. (1%) William Berrios; Arturo Deza http://arxiv.org/abs/2203.04420 Harmonicity Plays a Critical Role in DNN Based Versus in Biologically-Inspired Monaural Speech Segregation Systems. (1%) Rahil Institute for Systems Research, University of Maryland Parikh; Ilya Google Inc Kavalerov; Carol Institute for Systems Research, University of Maryland Espy-Wilson; Shihab Institute for Systems Research, University of Maryland Shamma http://arxiv.org/abs/2203.04412 ImageNet-Patch: A Dataset for Benchmarking Machine Learning Robustness against Adversarial Patches. (99%) Maura Pintor; Daniele Angioni; Angelo Sotgiu; Luca Demetrio; Ambra Demontis; Battista Biggio; Fabio Roli http://arxiv.org/abs/2203.04405 Art-Attack: Black-Box Adversarial Attack via Evolutionary Art. (99%) Phoenix Williams; Ke Li http://arxiv.org/abs/2203.03818 Shadows can be Dangerous: Stealthy and Effective Physical-world Adversarial Attack by Natural Phenomenon. (99%) Yiqi Zhong; Xianming Liu; Deming Zhai; Junjun Jiang; Xiangyang Ji http://arxiv.org/abs/2203.03373 Adversarial Texture for Fooling Person Detectors in the Physical World. (98%) Zhanhao Hu; Siyuan Huang; Xiaopei Zhu; Xiaolin Hu; Fuchun Sun; Bo Zhang http://arxiv.org/abs/2203.03762 Defending Graph Convolutional Networks against Dynamic Graph Perturbations via Bayesian Self-supervision. (83%) Jun Zhuang; Mohammad Al Hasan http://arxiv.org/abs/2203.03810 Towards Efficient Data-Centric Robust Machine Learning with Noise-based Augmentation. (31%) Xiaogeng Liu; Haoyu Wang; Yechao Zhang; Fangzhou Wu; Shengshan Hu http://arxiv.org/abs/2203.03128 $A^{3}D$: A Platform of Searching for Robust Neural Architectures and Efficient Adversarial Attacks. (99%) Jialiang Sun; Wen Yao; Tingsong Jiang; Chao Li; Xiaoqian Chen http://arxiv.org/abs/2203.03121 Protecting Facial Privacy: Generating Adversarial Identity Masks via Style-robust Makeup Transfer. (98%) Shengshan Hu; Xiaogeng Liu; Yechao Zhang; Minghui Li; Leo Yu Zhang; Hai Jin; Libing Wu http://arxiv.org/abs/2203.03048 Scalable Uncertainty Quantification for Deep Operator Networks using Randomized Priors. (45%) Yibo Yang; Georgios Kissas; Paris Perdikaris http://arxiv.org/abs/2203.02928 Evaluation of Interpretability Methods and Perturbation Artifacts in Deep Neural Networks. (2%) Lennart Brocki; Neo Christopher Chung http://arxiv.org/abs/2203.02735 aaeCAPTCHA: The Design and Implementation of Audio Adversarial CAPTCHA. (92%) Md Imran Hossen; Xiali Hei http://arxiv.org/abs/2203.03560 Targeted Data Poisoning Attack on News Recommendation System by Content Perturbation. (82%) Xudong Zhang; Zan Wang; Jingke Zhao; Lanjun Wang http://arxiv.org/abs/2203.02586 Concept-based Explanations for Out-Of-Distribution Detectors. (1%) Jihye Choi; Jayaram Raghuram; Ryan Feng; Jiefeng Chen; Somesh Jha; Atul Prakash http://arxiv.org/abs/2203.01516 Ad2Attack: Adaptive Adversarial Attack on Real-Time UAV Tracking. (99%) Changhong Fu; Sihang Li; Xinnan Yuan; Junjie Ye; Ziang Cao; Fangqiang Ding http://arxiv.org/abs/2203.01677 Detection of Word Adversarial Examples in Text Classification: Benchmark and Baseline via Robust Density Estimation. (98%) KiYoon Yoo; Jangho Kim; Jiho Jang; Nojun Kwak http://arxiv.org/abs/2203.02121 Adversarial Patterns: Building Robust Android Malware Classifiers. (98%) Dipkamal Bhusal; Nidhi Rastogi http://arxiv.org/abs/2203.01895 Improving Health Mentioning Classification of Tweets using Contrastive Adversarial Training. (84%) Pervaiz Iqbal Khan; Shoaib Ahmed Siddiqui; Imran Razzak; Andreas Dengel; Sheraz Ahmed http://arxiv.org/abs/2203.01925 Label-Only Model Inversion Attacks via Boundary Repulsion. (74%) Mostafa Kahla; Si Chen; Hoang Anh Just; Ruoxi Jia http://arxiv.org/abs/2203.01584 Fairness-aware Adversarial Perturbation Towards Bias Mitigation for Deployed Deep Models. (56%) Zhibo Wang; Xiaowei Dong; Henry Xue; Zhifei Zhang; Weifeng Chiu; Tao Wei; Kui Ren http://arxiv.org/abs/2203.02006 Why adversarial training can hurt robust accuracy. (22%) Jacob Clarysse; Julia Hörmann; Fanny Yang http://arxiv.org/abs/2203.01881 Understanding Failure Modes of Self-Supervised Learning. (4%) Neha Mukund Kalibhat; Kanika Narang; Liang Tan; Hamed Firooz; Maziar Sanjabi; Soheil Feizi http://arxiv.org/abs/2203.01606 Ensemble Methods for Robust Support Vector Machines using Integer Programming. (2%) Jannis Kurtz http://arxiv.org/abs/2203.02050 Autonomous and Resilient Control for Optimal LEO Satellite Constellation Coverage Against Space Threats. (1%) Yuhan Zhao; Quanyan Zhu http://arxiv.org/abs/2203.01439 Enhancing Adversarial Robustness for Deep Metric Learning. (99%) Mo Zhou; Vishal M. Patel http://arxiv.org/abs/2203.00922 Canonical foliations of neural networks: application to robustness. (98%) Eliot Tron; Nicolas Couellan; Stéphane Puechmorel http://arxiv.org/abs/2203.01177 Detecting Adversarial Perturbations in Multi-Task Perception. (98%) Marvin Klingner; Varun Ravi Kumar; Senthil Yogamani; Andreas Bär; Tim Fingscheidt http://arxiv.org/abs/2203.07983 Adversarial Robustness of Neural-Statistical Features in Detection of Generative Transformers. (69%) Evan Crothers; Nathalie Japkowicz; Herna Viktor; Paula Branco http://arxiv.org/abs/2203.00928 Video is All You Need: Attacking PPG-based Biometric Authentication. (13%) Lin Li; Chao Chen; Lei Pan; Jun Zhang; Yang Xiang http://arxiv.org/abs/2203.00915 MIAShield: Defending Membership Inference Attacks via Preemptive Exclusion of Members. (2%) Ismat Jarin; Birhanu Eshete http://arxiv.org/abs/2203.01212 A Quantitative Geometric Approach to Neural-Network Smoothness. (2%) Zi Wang; Gautam Prakriya; Somesh Jha http://arxiv.org/abs/2203.00302 Adversarial samples for deep monocular 6D object pose estimation. (99%) Jinlai Zhang; Weiming Li; Shuang Liang; Hao Wang; Jihong Zhu http://arxiv.org/abs/2203.00858 Physical Backdoor Attacks to Lane Detection Systems in Autonomous Driving. (87%) Xingshuo Han; Guowen Xu; Yuan Zhou; Xuehuan Yang; Jiwei Li; Tianwei Zhang http://arxiv.org/abs/2203.00553 Global-Local Regularization Via Distributional Robustness. (86%) Hoang Phan; Trung Le; Trung Phung; Tuan Anh Bui; Nhat Ho; Dinh Phung http://arxiv.org/abs/2203.01323 Benchmarking Robustness of Deep Learning Classifiers Using Two-Factor Perturbation. (11%) Wei Dai; Daniel Berleant http://arxiv.org/abs/2203.00637 Signature Correction Attack on Dilithium Signature Scheme. (1%) Saad Islam; Koksal Mus; Richa Singh; Patrick Schaumont; Berk Sunar http://arxiv.org/abs/2202.13625 Enhance transferability of adversarial examples with model architecture. (99%) Mingyuan Fan; Wenzhong Guo; Shengxing Yu; Zuobin Ying; Ximeng Liu http://arxiv.org/abs/2202.13755 Towards Robust Stacked Capsule Autoencoder with Hybrid Adversarial Training. (99%) Jiazhu Dai; Siwei Xiong http://arxiv.org/abs/2202.13711 Evaluating the Adversarial Robustness of Adaptive Test-time Defenses. (98%) Francesco Croce; Sven Gowal; Thomas Brunner; Evan Shelhamer; Matthias Hein; Taylan Cemgil http://arxiv.org/abs/2202.13922 MaMaDroid2.0 -- The Holes of Control Flow Graphs. (88%) Harel Berger; Chen Hajaj; Enrico Mariconti; Amit Dvir http://arxiv.org/abs/2202.13636 Improving Lexical Embeddings for Robust Question Answering. (67%) Weiwen Xu; Bowei Zou; Wai Lam; Ai Ti Aw http://arxiv.org/abs/2202.13817 Robust Textual Embedding against Word-level Adversarial Attacks. (26%) Yichen Yang; Xiaosen Wang; Kun He http://arxiv.org/abs/2202.14010 Artificial Intelligence for Cyber Security (AICS). (1%) James Holt; Edward Raff; Ahmad Ridley; Dennis Ross; Arunesh Sinha; Diane Staheli; William Streilen; Milind Tambe; Yevgeniy Vorobeychik; Allan Wollaber http://arxiv.org/abs/2203.00150 Explaining RADAR features for detecting spoofing attacks in Connected Autonomous Vehicles. (1%) Nidhi Rastogi; Sara Rampazzi; Michael Clifford; Miriam Heller; Matthew Bishop; Karl Levitt http://arxiv.org/abs/2202.13437 A Unified Wasserstein Distributional Robustness Framework for Adversarial Training. (99%) Tuan Anh Bui; Trung Le; Quan Tran; He Zhao; Dinh Phung http://arxiv.org/abs/2202.13440 Robust Control of Partially Specified Boolean Networks. (1%) Luboš Brim; Samuel Pastva; David Šafránek; Eva Šmijáková http://arxiv.org/abs/2202.13216 Adversarial robustness of sparse local Lipschitz predictors. (87%) Ramchandran Muthukumar; Jeremias Sulam http://arxiv.org/abs/2202.13074 Neuro-Inspired Deep Neural Networks with Sparse, Strong Activations. (45%) Metehan Cekic; Can Bakiskan; Upamanyu Madhow http://arxiv.org/abs/2202.13133 Automation of reversible steganographic coding with nonlinear discrete optimisation. (1%) Ching-Chun Chang http://arxiv.org/abs/2202.12860 ARIA: Adversarially Robust Image Attribution for Content Provenance. (99%) Maksym Andriushchenko; Xiaoyang Rebecca Li; Geoffrey Oxholm; Thomas Gittings; Tu Bui; Nicolas Flammarion; John Collomosse http://arxiv.org/abs/2202.12993 Projective Ranking-based GNN Evasion Attacks. (97%) He Zhang; Xingliang Yuan; Chuan Zhou; Shirui Pan http://arxiv.org/abs/2202.12506 On the Effectiveness of Dataset Watermarking in Adversarial Settings. (56%) Buse Gul Atli Tekgul; N. Asokan http://arxiv.org/abs/2202.12154 Towards Effective and Robust Neural Trojan Defenses via Input Filtering. (92%) Kien Do; Haripriya Harikumar; Hung Le; Dung Nguyen; Truyen Tran; Santu Rana; Dang Nguyen; Willy Susilo; Svetha Venkatesh http://arxiv.org/abs/2202.11910 Robust Probabilistic Time Series Forecasting. (76%) TaeHo Yoon; Youngsuk Park; Ernest K. Ryu; Yuyang Wang http://arxiv.org/abs/2202.12435 Understanding Adversarial Robustness from Feature Maps of Convolutional Layers. (70%) Cong Xu; Min Yang http://arxiv.org/abs/2202.12162 Measuring CLEVRness: Blackbox testing of Visual Reasoning Models. (16%) Spyridon Mouselinos; Henryk Michalewski; Mateusz Malinowski http://arxiv.org/abs/2202.12232 Bounding Membership Inference. (11%) Anvith Thudi; Ilia Shumailov; Franziska Boenisch; Nicolas Papernot http://arxiv.org/abs/2202.12412 Fourier-Based Augmentations for Improved Robustness and Uncertainty Calibration. (3%) Ryan Soklaski; Michael Yee; Theodoros Tsiligkaridis http://arxiv.org/abs/2202.11919 Threading the Needle of On and Off-Manifold Value Functions for Shapley Explanations. (2%) Chih-Kuan Yeh; Kuan-Yun Lee; Frederick Liu; Pradeep Ravikumar http://arxiv.org/abs/2202.11915 Interpolation-based Contrastive Learning for Few-Label Semi-Supervised Learning. (1%) Xihong Yang; Xiaochang Hu; Sihang Zhou; Xinwang Liu; En Zhu http://arxiv.org/abs/2202.11898 Improving Robustness of Convolutional Neural Networks Using Element-Wise Activation Scaling. (96%) Zhi-Yuan Zhang; Di Liu http://arxiv.org/abs/2202.11865 Using calibrator to improve robustness in Machine Reading Comprehension. (13%) Jing Jin; Houfeng Wang http://arxiv.org/abs/2202.11287 LPF-Defense: 3D Adversarial Defense based on Frequency Analysis. (99%) Hanieh Naderi; Kimia Noorbakhsh; Arian Etemadi; Shohreh Kasaei http://arxiv.org/abs/2202.10693 Universal adversarial perturbation for remote sensing images. (95%) Zhaoxia Yin; Qingyu Wang; Jin Tang; Bin Luo http://arxiv.org/abs/2202.10673 Seeing is Living? Rethinking the Security of Facial Liveness Verification in the Deepfake Era. (84%) Changjiang Li; Li Wang; Shouling Ji; Xuhong Zhang; Zhaohan Xi; Shanqing Guo; Ting Wang http://arxiv.org/abs/2202.11202 Indiscriminate Poisoning Attacks on Unsupervised Contrastive Learning. (1%) Hao He; Kaiwen Zha; Dina Katabi http://arxiv.org/abs/2202.10594 Adversarial Attacks on Speech Recognition Systems for Mission-Critical Applications: A Survey. (99%) Ngoc Dung Huynh; Mohamed Reda Bouadjenek; Imran Razzak; Kevin Lee; Chetan Arora; Ali Hassani; Arkady Zaslavsky http://arxiv.org/abs/2202.10523 Semi-Implicit Hybrid Gradient Methods with Application to Adversarial Robustness. (99%) Beomsu Kim; Junghoon Seo http://arxiv.org/abs/2202.10309 HoneyModels: Machine Learning Honeypots. (99%) Ahmed Abdou; Ryan Sheatsley; Yohan Beugin; Tyler Shipp; Patrick McDaniel http://arxiv.org/abs/2202.09994 Transferring Adversarial Robustness Through Robust Representation Matching. (99%) Pratik Vaishnavi; Kevin Eykholt; Amir Rahmati http://arxiv.org/abs/2202.10627 On the Effectiveness of Adversarial Training against Backdoor Attacks. (96%) Yinghua Gao; Dongxian Wu; Jingfeng Zhang; Guanhao Gan; Shu-Tao Xia; Gang Niu; Masashi Sugiyama http://arxiv.org/abs/2202.10276 Poisoning Attacks and Defenses on Artificial Intelligence: A Survey. (83%) Miguel A. Ramirez; Song-Kyoo Kim; Hussam Al Hamadi; Ernesto Damiani; Young-Ji Byon; Tae-Yeon Kim; Chung-Suk Cho; Chan Yeob Yeun http://arxiv.org/abs/2202.10377 A Tutorial on Adversarial Learning Attacks and Countermeasures. (75%) Cato Pauling; Michael Gimson; Muhammed Qaid; Ahmad Kida; Basel Halak http://arxiv.org/abs/2202.11196 Backdoor Defense in Federated Learning Using Differential Testing and Outlier Detection. (41%) Yein Kim; Huili Chen; Farinaz Koushanfar http://arxiv.org/abs/2202.10546 Privacy Leakage of Adversarial Training Models in Federated Learning Systems. (38%) Jingyang Zhang; Yiran Chen; Hai Li http://arxiv.org/abs/2202.10103 Robustness and Accuracy Could Be Reconcilable by (Proper) Definition. (11%) Tianyu Pang; Min Lin; Xiao Yang; Jun Zhu; Shuicheng Yan http://arxiv.org/abs/2202.10354 Cyber-Physical Defense in the Quantum Era. (2%) Michel Barbeau; Joaquin Garcia-Alfaro http://arxiv.org/abs/2202.11197 Real-time Over-the-air Adversarial Perturbations for Digital Communications using Deep Neural Networks. (93%) Roman A. Sandler; Peter K. Relich; Cloud Cho; Sean Holloway http://arxiv.org/abs/2202.09844 Sparsity Winning Twice: Better Robust Generaliztion from More Efficient Training. (26%) Tianlong Chen; Zhenyu Zhang; Pengjun Wang; Santosh Balachandra; Haoyu Ma; Zehao Wang; Zhangyang Wang http://arxiv.org/abs/2202.09735 Overparametrization improves robustness against adversarial attacks: A replication study. (3%) Ali Borji http://arxiv.org/abs/2202.09300 Exploring Adversarially Robust Training for Unsupervised Domain Adaptation. (99%) Shao-Yuan Lo; Vishal M. Patel http://arxiv.org/abs/2202.09446 Learning Representations Robust to Group Shifts and Adversarial Examples. (93%) Ming-Chang Chiu; Xuezhe Ma http://arxiv.org/abs/2202.09039 Critical Checkpoints for Evaluating Defence Models Against Adversarial Attack and Robustness. (92%) Kanak Tekwani; Manojkumar Parmar http://arxiv.org/abs/2202.10320 Resurrecting Trust in Facial Recognition: Mitigating Backdoor Attacks in Face Recognition to Prevent Potential Privacy Breaches. (80%) Reena Zelenkova; Jack Swallow; M. A. P. Chamikara; Dongxi Liu; Mohan Baruwal Chhetri; Seyit Camtepe; Marthie Grobler; Mahathir Almashor http://arxiv.org/abs/2202.09483 Data-Driven Mitigation of Adversarial Text Perturbation. (75%) Rasika Bhalerao; Mohammad Al-Rubaie; Anand Bhaskar; Igor Markov http://arxiv.org/abs/2202.10582 Debiasing Backdoor Attack: A Benign Application of Backdoor Attack in Eliminating Data Bias. (68%) Shangxi Wu; Qiuyang He; Yi Zhang; Jitao Sang http://arxiv.org/abs/2202.09248 Stochastic Perturbations of Tabular Features for Non-Deterministic Inference with Automunge. (38%) Nicholas J. Teague http://arxiv.org/abs/2202.11203 Label-Smoothed Backdoor Attack. (33%) Minlong Peng; Zidi Xiong; Mingming Sun; Ping Li http://arxiv.org/abs/2202.09389 Black-box Node Injection Attack for Graph Neural Networks. (33%) Mingxuan Ju; Yujie Fan; Yanfang Ye; Liang Zhao http://arxiv.org/abs/2202.09514 Robust Reinforcement Learning as a Stackelberg Game via Adaptively-Regularized Adversarial Training. (9%) Peide Huang; Mengdi Xu; Fei Fang; Ding Zhao http://arxiv.org/abs/2202.09465 Attacks, Defenses, And Tools: A Framework To Facilitate Robust AI/ML Systems. (4%) Mohamad Fazelnia; Igor Khokhlov; Mehdi Mirakhorli http://arxiv.org/abs/2202.09381 Synthetic Disinformation Attacks on Automated Fact Verification Systems. (1%) Yibing Du; Antoine Bosselut; Christopher D. Manning http://arxiv.org/abs/2202.08944 Rethinking Machine Learning Robustness via its Link with the Out-of-Distribution Problem. (99%) Abderrahmen Amich; Birhanu Eshete http://arxiv.org/abs/2202.08532 Mitigating Closed-model Adversarial Examples with Bayesian Neural Modeling for Enhanced End-to-End Speech Recognition. (98%) Chao-Han Huck Yang; Zeeshan Ahmed; Yile Gu; Joseph Szurley; Roger Ren; Linda Liu; Andreas Stolcke; Ivan Bulyko http://arxiv.org/abs/2202.08892 Developing Imperceptible Adversarial Patches to Camouflage Military Assets From Computer Vision Enabled Technologies. (98%) Chris Wise; Jo Plested http://arxiv.org/abs/2202.08602 Fingerprinting Deep Neural Networks Globally via Universal Adversarial Perturbations. (78%) Zirui Peng; Shaofeng Li; Guoxing Chen; Cheng Zhang; Haojin Zhu; Minhui Xue http://arxiv.org/abs/2202.08185 The Adversarial Security Mitigations of mmWave Beamforming Prediction Models using Defensive Distillation and Adversarial Retraining. (99%) Murat Kuzlu; Ferhat Ozgur Catak; Umit Cali; Evren Catak; Ozgur Guler http://arxiv.org/abs/2202.08057 Understanding and Improving Graph Injection Attack by Promoting Unnoticeability. (10%) Yongqiang Chen; Han Yang; Yonggang Zhang; Kaili Ma; Tongliang Liu; Bo Han; James Cheng http://arxiv.org/abs/2202.10943 Gradient Based Activations for Accurate Bias-Free Learning. (1%) Vinod K Kurmi; Rishabh Sharma; Yash Vardhan Sharma; Vinay P. Namboodiri http://arxiv.org/abs/2202.07342 Unreasonable Effectiveness of Last Hidden Layer Activations. (99%) Omer Faruk Tuna; Ferhat Ozgur Catak; M. Taner Eskil http://arxiv.org/abs/2202.07261 Exploring the Devil in Graph Spectral Domain for 3D Point Cloud Attacks. (99%) Qianjiang Hu; Daizong Liu; Wei Hu http://arxiv.org/abs/2202.07568 StratDef: Strategic Defense Against Adversarial Attacks in ML-based Malware Detection. (99%) Aqib Rashid; Jose Such http://arxiv.org/abs/2202.07453 Random Walks for Adversarial Meshes. (97%) Amir Belder; Gal Yefet; Ran Ben Izhak; Ayellet Tal http://arxiv.org/abs/2202.07802 Generative Adversarial Network-Driven Detection of Adversarial Tasks in Mobile Crowdsensing. (93%) Zhiyan Chen; Burak Kantarci http://arxiv.org/abs/2202.07815 Applying adversarial networks to increase the data efficiency and reliability of Self-Driving Cars. (89%) Aakash Kumar http://arxiv.org/abs/2202.07562 Improving the repeatability of deep learning models with Monte Carlo dropout. (1%) Andreanne Lemay; Katharina Hoebel; Christopher P. Bridge; Brian Befano; Sanjosé Silvia De; Diden Egemen; Ana Cecilia Rodriguez; Mark Schiffman; John Peter Campbell; Jayashree Kalpathy-Cramer http://arxiv.org/abs/2202.07201 Holistic Adversarial Robustness of Deep Learning Models. (1%) Pin-Yu Chen; Sijia Liu http://arxiv.org/abs/2202.07679 Taking a Step Back with KCal: Multi-Class Kernel-Based Calibration for Deep Neural Networks. (1%) Zhen Lin; Shubhendu Trivedi; Jimeng Sun http://arxiv.org/abs/2202.07054 Universal Adversarial Examples in Remote Sensing: Methodology and Benchmark. (99%) Yonghao Xu; Pedram Ghamisi http://arxiv.org/abs/2202.06488 Finding Dynamics Preserving Adversarial Winning Tickets. (86%) Xupeng Shi; Pengfei Zheng; A. Adam Ding; Yuan Gao; Weizhong Zhang http://arxiv.org/abs/2202.07114 Recent Advances in Reliable Deep Graph Learning: Inherent Noise, Distribution Shift, and Adversarial Attack. (83%) Jintang Li; Bingzhe Wu; Chengbin Hou; Guoji Fu; Yatao Bian; Liang Chen; Junzhou Huang; Zibin Zheng http://arxiv.org/abs/2202.06658 PFGE: Parsimonious Fast Geometric Ensembling of DNNs. (1%) Hao Guo; Jiyong Jin; Bin Liu http://arxiv.org/abs/2202.06701 UA-FedRec: Untargeted Attack on Federated News Recommendation. (1%) Jingwei Yi; Fangzhao Wu; Bin Zhu; Jing Yao; Zhulin Tao; Guangzhong Sun; Xing Xie http://arxiv.org/abs/2202.06312 Progressive Backdoor Erasing via connecting Backdoor and Adversarial Attacks. (99%) Bingxu Mu; Zhenxing Niu; Le Wang; Xue Wang; Rong Jin; Gang Hua http://arxiv.org/abs/2202.06382 Training with More Confidence: Mitigating Injected and Natural Backdoors During Training. (92%) Zhenting Wang; Hailun Ding; Juan Zhai; Shiqing Ma http://arxiv.org/abs/2202.06474 Extracting Label-specific Key Input Features for Neural Code Intelligence Models. (9%) Md Rafiqul Islam Rabin http://arxiv.org/abs/2202.06414 Defense Strategies Toward Model Poisoning Attacks in Federated Learning: A Survey. (2%) Zhilin Wang; Qiao Kang; Xinyi Zhang; Qin Hu http://arxiv.org/abs/2202.07471 SQuant: On-the-Fly Data-Free Quantization via Diagonal Hessian Approximation. (1%) Cong Guo; Yuxian Qiu; Jingwen Leng; Xiaotian Gao; Chen Zhang; Yunxin Liu; Fan Yang; Yuhao Zhu; Minyi Guo http://arxiv.org/abs/2202.06043 RoPGen: Towards Robust Code Authorship Attribution via Automatic Coding Style Transformation. (98%) Zhen Qian Li; Qian Guenevere; Chen; Chen Chen; Yayi Zou; Shouhuai Xu http://arxiv.org/abs/2202.07464 Excitement Surfeited Turns to Errors: Deep Learning Testing Framework Based on Excitable Neurons. (98%) Haibo Jin; Ruoxi Chen; Haibin Zheng; Jinyin Chen; Yao Cheng; Yue Yu; Xianglong Liu http://arxiv.org/abs/2202.07421 Adversarial Attacks and Defense Methods for Power Quality Recognition. (99%) Jiwei Tian; Buhong Wang; Jing Li; Zhen Wang; Mete Ozay http://arxiv.org/abs/2202.05687 Towards Adversarially Robust Deepfake Detection: An Ensemble Approach. (99%) Ashish Hooda; Neal Mangaokar; Ryan Feng; Kassem Fawaz; Somesh Jha; Atul Prakash http://arxiv.org/abs/2202.05953 Open-set Adversarial Defense with Clean-Adversarial Mutual Learning. (98%) Rui Shao; Pramuditha Perera; Pong C. Yuen; Vishal M. Patel http://arxiv.org/abs/2202.05758 Using Random Perturbations to Mitigate Adversarial Attacks on Sentiment Analysis Models. (92%) Abigail Swenor; Jugal Kalita http://arxiv.org/abs/2202.05488 Fast Adversarial Training with Noise Augmentation: A Unified Perspective on RandStart and GradAlign. (74%) Axi Niu; Kang Zhang; Chaoning Zhang; Chenshuang Zhang; In So Kweon; Chang D. Yoo; Yanning Zhang http://arxiv.org/abs/2202.05834 Predicting Out-of-Distribution Error with the Projection Norm. (62%) Yaodong Yu; Zitong Yang; Alexander Wei; Yi Ma; Jacob Steinhardt http://arxiv.org/abs/2202.05470 Jigsaw Puzzle: Selective Backdoor Attack to Subvert Malware Classifiers. (62%) Limin Yang; Zhi Chen; Jacopo Cortellazzi; Feargus Pendlebury; Kevin Tu; Fabio Pierazzi; Lorenzo Cavallaro; Gang Wang http://arxiv.org/abs/2202.05778 White-Box Attacks on Hate-speech BERT Classifiers in German with Explicit and Implicit Character Level Defense. (12%) Shahrukh Khan; Mahnoor Shahid; Navdeeppal Singh http://arxiv.org/abs/2202.05725 On the Detection of Adaptive Adversarial Attacks in Speaker Verification Systems. (10%) Zesheng Chen http://arxiv.org/abs/2202.05737 Improving Generalization via Uncertainty Driven Perturbations. (2%) Matteo Pagliardini; Gilberto Manunza; Martin Jaggi; Michael I. Jordan; Tatjana Chavdarova http://arxiv.org/abs/2202.05613 CMW-Net: Learning a Class-Aware Sample Weighting Mapping for Robust Deep Learning. (1%) Jun Shu; Xiang Yuan; Deyu Meng; Zongben Xu http://arxiv.org/abs/2202.05416 FAAG: Fast Adversarial Audio Generation through Interactive Attack Optimisation. (99%) Yuantian Miao; Chao Chen; Lei Pan; Jun Zhang; Yang Xiang http://arxiv.org/abs/2202.04978 Towards Assessing and Characterizing the Semantic Robustness of Face Recognition. (76%) Juan C. Pérez; Motasem Alfarra; Ali Thabet; Pablo Arbeláez; Bernard Ghanem http://arxiv.org/abs/2202.05068 Controlling the Complexity and Lipschitz Constant improves polynomial nets. (12%) Zhenyu Zhu; Fabian Latorre; Grigorios G Chrysos; Volkan Cevher http://arxiv.org/abs/2202.04975 FedAttack: Effective and Covert Poisoning Attack on Federated Recommendation via Hard Sampling. (8%) Chuhan Wu; Fangzhao Wu; Tao Qi; Yongfeng Huang; Xing Xie http://arxiv.org/abs/2202.05271 A Field of Experts Prior for Adapting Neural Networks at Test Time. (1%) Neerav Karani; Georg Brunner; Ertunc Erdil; Simin Fei; Kerem Tezcan; Krishna Chaitanya; Ender Konukoglu http://arxiv.org/abs/2202.04781 Adversarial Attack and Defense of YOLO Detectors in Autonomous Driving Scenarios. (99%) Jung Im Choi; Qing Tian http://arxiv.org/abs/2202.04347 Gradient Methods Provably Converge to Non-Robust Networks. (82%) Gal Vardi; Gilad Yehudai; Ohad Shamir http://arxiv.org/abs/2202.04479 False Memory Formation in Continual Learners Through Imperceptible Backdoor Trigger. (22%) Muhammad Umer; Robi Polikar http://arxiv.org/abs/2202.04311 ARIBA: Towards Accurate and Robust Identification of Backdoor Attacks in Federated Learning. (10%) Yuxi Mi; Jihong Guan; Shuigeng Zhou http://arxiv.org/abs/2202.04291 L2B: Learning to Bootstrap Robust Models for Combating Label Noise. (2%) Yuyin Zhou; Xianhang Li; Fengze Liu; Qingyue Wei; Xuxi Chen; Lequan Yu; Cihang Xie; Matthew P. Lungren; Lei Xing http://arxiv.org/abs/2202.04392 Model Architecture Adaption for Bayesian Neural Networks. (1%) Duo Wang; Yiren Zhao; Ilia Shumailov; Robert Mullins http://arxiv.org/abs/2202.04235 Towards Compositional Adversarial Robustness: Generalizing Adversarial Training to Composite Semantic Perturbations. (99%) Lei Hsiung; Yun-Yun Tsai; Pin-Yu Chen; Tsung-Yi Ho http://arxiv.org/abs/2202.03898 Verification-Aided Deep Ensemble Selection. (96%) Guy Amir; Guy Katz; Michael Schapira http://arxiv.org/abs/2202.04271 Adversarial Detection without Model Information. (87%) Abhishek Moitra; Youngeun Kim; Priyadarshini Panda http://arxiv.org/abs/2202.03861 Towards Making a Trojan-horse Attack on Text-to-Image Retrieval. (68%) Fan Hu; Aozhu Chen; Xirong Li http://arxiv.org/abs/2202.05395 Robust, Deep, and Reinforcement Learning for Management of Communication and Power Networks. (1%) Alireza Sadeghi http://arxiv.org/abs/2202.05877 Blind leads Blind: A Zero-Knowledge Attack on Federated Learning. (99%) Jiyue Huang; Zilong Zhao; Lydia Y. Chen; Stefanie Roos http://arxiv.org/abs/2202.03277 On The Empirical Effectiveness of Unrealistic Adversarial Hardening Against Realistic Adversarial Attacks. (99%) Salijona Dyrmishi; Salah Ghamizi; Thibault Simonetto; Yves Le Traon; Maxime Cordy http://arxiv.org/abs/2202.03077 Adversarial Attacks and Defense for Non-Parametric Two-Sample Tests. (98%) Xilie Xu; Jingfeng Zhang; Feng Liu; Masashi Sugiyama; Mohan Kankanhalli http://arxiv.org/abs/2202.03558 Evaluating Robustness of Cooperative MARL: A Model-based Approach. (98%) Nhan H. Pham; Lam M. Nguyen; Jie Chen; Hoang Thanh Lam; Subhro Das; Tsui-Wei Weng http://arxiv.org/abs/2202.03195 More is Better (Mostly): On the Backdoor Attacks in Federated Graph Neural Networks. (68%) Jing Xu; Rui Wang; Kaitai Liang; Stjepan Picek http://arxiv.org/abs/2202.03335 Membership Inference Attacks and Defenses in Neural Network Pruning. (50%) Xiaoyong Yuan; Lan Zhang http://arxiv.org/abs/2202.03104 SimGRACE: A Simple Framework for Graph Contrastive Learning without Data Augmentation. (4%) Jun Xia; Lirong Wu; Jintao Chen; Bozhen Hu; Stan Z. Li http://arxiv.org/abs/2202.03460 Deletion Inference, Reconstruction, and Compliance in Machine (Un)Learning. (3%) Ji Gao; Sanjam Garg; Mohammad Mahmoody; Prashant Nalini Vasudevan http://arxiv.org/abs/2202.02751 Tubes Among Us: Analog Attack on Automatic Speaker Identification. (99%) Shimaa Ahmed; Yash Wani; Ali Shahin Shamsabadi; Mohammad Yaghini; Ilia Shumailov; Nicolas Papernot; Kassem Fawaz http://arxiv.org/abs/2202.02902 Redactor: A Data-centric and Individualized Defense Against Inference Attacks. (8%) Geon Heo; Steven Euijong Whang http://arxiv.org/abs/2202.02626 Layer-wise Regularized Adversarial Training using Layers Sustainability Analysis (LSA) framework. (99%) Mohammad Khalooei; Mohammad Mehdi Homayounpour; Maryam Amirmazlaghani http://arxiv.org/abs/2202.02503 Adversarial Detector with Robust Classifier. (93%) Takayuki Osakabe; Maungmaung Aprilpyone; Sayaka Shiota; Hitoshi Kiya http://arxiv.org/abs/2202.02595 Memory Defense: More Robust Classification via a Memory-Masking Autoencoder. (76%) Eashan Lehigh University Adhikarla; Dan Lehigh University Luo; Brian D. Lehigh University Davison http://arxiv.org/abs/2202.02628 Improved Certified Defenses against Data Poisoning with (Deterministic) Finite Aggregation. (75%) Wenxiao Wang; Alexander Levine; Soheil Feizi http://arxiv.org/abs/2202.02236 Pixle: a fast and effective black-box attack based on rearranging pixels. (98%) Jary Pomponi; Simone Scardapane; Aurelio Uncini http://arxiv.org/abs/2202.03423 Backdoor Defense via Decoupling the Training Process. (80%) Kunzhe Huang; Yiming Li; Baoyuan Wu; Zhan Qin; Kui Ren http://arxiv.org/abs/2202.02278 LTU Attacker for Membership Inference. (67%) Joseph Pedersen; Rafael Muñoz-Gómez; Jiangnan Huang; Haozhe Sun; Wei-Wei Tu; Isabelle Guyon http://arxiv.org/abs/2202.02215 A Survey on Safety-Critical Driving Scenario Generation -- A Methodological Perspective. (1%) Wenhao Ding; Chejian Xu; Mansur Arief; Haohong Lin; Bo Li; Ding Zhao http://arxiv.org/abs/2202.01811 ObjectSeeker: Certifiably Robust Object Detection against Patch Hiding Attacks via Patch-agnostic Masking. (93%) Chong Xiang; Alexander Valtchanov; Saeed Mahloujifar; Prateek Mittal http://arxiv.org/abs/2202.01832 Adversarially Robust Models may not Transfer Better: Sufficient Conditions for Domain Transferability from the View of Regularization. (75%) Xiaojun Xu; Jacky Yibo Zhang; Evelyn Ma; Danny Son; Oluwasanmi Koyejo; Bo Li http://arxiv.org/abs/2202.01117 An Eye for an Eye: Defending against Gradient-based Attacks with Gradients. (99%) Hanbin Hong; Yuan Hong; Yu Kong http://arxiv.org/abs/2202.01186 Smoothed Embeddings for Certified Few-Shot Learning. (76%) Mikhail Pautov; Olesya Kuznetsova; Nurislam Tursynbek; Aleksandr Petiushko; Ivan Oseledets http://arxiv.org/abs/2202.01136 Probabilistically Robust Learning: Balancing Average- and Worst-case Performance. (75%) Alexander Robey; Luiz F. O. Chamon; George J. Pappas; Hamed Hassani http://arxiv.org/abs/2202.01181 Make Some Noise: Reliable and Efficient Single-Step Adversarial Training. (70%) Jorge Pau de; Adel Bibi; Riccardo Volpi; Amartya Sanyal; Philip H. S. Torr; Grégory Rogez; Puneet K. Dokania http://arxiv.org/abs/2202.01341 Robust Binary Models by Pruning Randomly-initialized Networks. (10%) Chen Liu; Ziqi Zhao; Sabine Süsstrunk; Mathieu Salzmann http://arxiv.org/abs/2202.01263 NoisyMix: Boosting Robustness by Combining Data Augmentations, Stability Training, and Noise Injections. (10%) N. Benjamin Erichson; Soon Hoe Lim; Francisco Utrera; Winnie Xu; Ziang Cao; Michael W. Mahoney http://arxiv.org/abs/2202.00399 Language Dependencies in Adversarial Attacks on Speech Recognition Systems. (98%) Karla Markert; Donika Mirdita; Konstantin Böttinger http://arxiv.org/abs/2202.00838 Finding Biological Plausibility for Adversarially Robust Features via Metameric Tasks. (80%) Anne Harrington; Arturo Deza http://arxiv.org/abs/2202.00673 Visualizing Automatic Speech Recognition -- Means for a Better Understanding? (64%) Karla Markert; Romain Parracone; Mykhailo Kulakov; Philip Sperl; Ching-Yu Kao; Konstantin Böttinger http://arxiv.org/abs/2202.00622 Datamodels: Predicting Predictions from Training Data. (2%) Andrew Ilyas; Sung Min Park; Logan Engstrom; Guillaume Leclerc; Aleksander Madry http://arxiv.org/abs/2201.12347 Adversarial Robustness in Deep Learning: Attacks on Fragile Neurons. (99%) Chandresh Pravin; Ivan Martino; Giuseppe Nicosia; Varun Ojha http://arxiv.org/abs/2201.13444 Boundary Defense Against Black-box Adversarial Attacks. (99%) Manjushree B. Aithal; Xiaohua Li http://arxiv.org/abs/2202.00091 Query Efficient Decision Based Sparse Attacks Against Black-Box Deep Learning Models. (99%) Viet Quoc Vo; Ehsan Abbasnejad; Damith C. Ranasinghe http://arxiv.org/abs/2201.13329 Can Adversarial Training Be Manipulated By Non-Robust Features? (98%) Lue Tao; Lei Feng; Hongxin Wei; Jinfeng Yi; Sheng-Jun Huang; Songcan Chen http://arxiv.org/abs/2201.13102 GADoT: GAN-based Adversarial Training for Robust DDoS Attack Detection. (96%) Maged Abdelaty; Sandra Scott-Hayward; Roberto Doriguzzi-Corin; Domenico Siracusa http://arxiv.org/abs/2202.03133 Rate Coding or Direct Coding: Which One is Better for Accurate, Robust, and Energy-efficient Spiking Neural Networks? (93%) Youngeun Kim; Hyoungseob Park; Abhishek Moitra; Abhiroop Bhattacharjee; Yeshwanth Venkatesha; Priyadarshini Panda http://arxiv.org/abs/2202.01179 AntidoteRT: Run-time Detection and Correction of Poison Attacks on Neural Networks. (89%) Muhammad Usman; Youcheng Sun; Divya Gopinath; Corina S. Pasareanu http://arxiv.org/abs/2201.13164 Imperceptible and Multi-channel Backdoor Attack against Deep Neural Networks. (81%) Mingfu Xue; Shifeng Ni; Yinghao Wu; Yushu Zhang; Jian Wang; Weiqiang Liu http://arxiv.org/abs/2201.13019 On the Robustness of Quality Measures for GANs. (80%) Motasem Alfarra; Juan C. Pérez; Anna Frühstück; Philip H. S. Torr; Peter Wonka; Bernard Ghanem http://arxiv.org/abs/2202.00008 MEGA: Model Stealing via Collaborative Generator-Substitute Networks. (76%) Chi Hong; Jiyue Huang; Lydia Y. Chen http://arxiv.org/abs/2201.13025 Learning Robust Representation through Graph Adversarial Contrastive Learning. (26%) Jiayan Guo; Shangyang Li; Yue Zhao; Yan Zhang http://arxiv.org/abs/2201.13279 UQGAN: A Unified Model for Uncertainty Quantification of Deep Classifiers trained via Conditional GANs. (16%) Philipp Oberdiek; Gernot A. Fink; Matthias Rottmann http://arxiv.org/abs/2201.13178 Few-Shot Backdoor Attacks on Visual Object Tracking. (10%) Yiming Li; Haoxiang Zhong; Xingjun Ma; Yong Jiang; Shu-Tao Xia http://arxiv.org/abs/2202.00137 Studying the Robustness of Anti-adversarial Federated Learning Models Detecting Cyberattacks in IoT Spectrum Sensors. (5%) Pedro Miguel Sánchez Sánchez; Alberto Huertas Celdrán; Timo Schenk; Adrian Lars Benjamin Iten; Gérôme Bovet; Gregorio Martínez Pérez; Burkhard Stiller http://arxiv.org/abs/2201.13086 Securing Federated Sensitive Topic Classification against Poisoning Attacks. (1%) Tianyue Chu; Alvaro Garcia-Recuero; Costas Iordanou; Georgios Smaragdakis; Nikolaos Laoutaris http://arxiv.org/abs/2201.12765 Improving Corruption and Adversarial Robustness by Enhancing Weak Subnets. (92%) Yong Guo; David Stutz; Bernt Schiele http://arxiv.org/abs/2201.12741 GARNET: Reduced-Rank Topology Learning for Robust and Scalable Graph Neural Networks. (84%) Chenhui Deng; Xiuyu Li; Zhuo Feng; Zhiru Zhang http://arxiv.org/abs/2201.12733 TPC: Transformation-Specific Smoothing for Point Cloud Models. (75%) Wenda Chu; Linyi Li; Bo Li http://arxiv.org/abs/2201.12527 Scale-Invariant Adversarial Attack for Evaluating and Enhancing Adversarial Defenses. (99%) Mengting Xu; Tao Zhang; Zhongnian Li; Daoqiang Zhang http://arxiv.org/abs/2201.12686 Robustness of Deep Recommendation Systems to Untargeted Interaction Perturbations. (82%) Sejoon Oh; Srijan Kumar http://arxiv.org/abs/2201.12700 Coordinated Attacks against Contextual Bandits: Fundamental Limits and Defense Mechanisms. (1%) Jeongyeol Kwon; Yonathan Efroni; Constantine Caramanis; Shie Mannor http://arxiv.org/abs/2201.12356 Adversarial Examples for Good: Adversarial Examples Guided Imbalanced Learning. (87%) Jie Zhang; Lei Zhang; Gang Li; Chao Wu http://arxiv.org/abs/2201.12107 Feature Visualization within an Automated Design Assessment leveraging Explainable Artificial Intelligence Methods. (81%) Raoul Schönhof; Artem Werner; Jannes Elstner; Boldizsar Zopcsak; Ramez Awad; Marco Huber http://arxiv.org/abs/2201.12440 Certifying Model Accuracy under Distribution Shifts. (74%) Aounon Kumar; Alexander Levine; Tom Goldstein; Soheil Feizi http://arxiv.org/abs/2201.12296 Benchmarking Robustness of 3D Point Cloud Recognition Against Common Corruptions. (13%) Jiachen Sun; Qingzhao Zhang; Bhavya Kailkhura; Zhiding Yu; Chaowei Xiao; Z. Morley Mao http://arxiv.org/abs/2201.12179 Plug & Play Attacks: Towards Robust and Flexible Model Inversion Attacks. (8%) Lukas Struppek; Dominik Hintersdorf; Antonio De Almeida Correia; Antonia Adler; Kristian Kersting http://arxiv.org/abs/2201.12211 Backdoors Stuck At The Frontdoor: Multi-Agent Backdoor Attacks That Backfire. (3%) Siddhartha Datta; Nigel Shadbolt http://arxiv.org/abs/2201.12328 Toward Training at ImageNet Scale with Differential Privacy. (1%) Alexey Kurakin; Shuang Song; Steve Chien; Roxana Geambasu; Andreas Terzis; Abhradeep Thakurta http://arxiv.org/abs/2201.11528 Beyond ImageNet Attack: Towards Crafting Adversarial Examples for Black-box Domains. (99%) Qilong Zhang; Xiaodan Li; Yuefeng Chen; Jingkuan Song; Lianli Gao; Yuan He; Hui Xue http://arxiv.org/abs/2201.11674 Vision Checklist: Towards Testable Error Analysis of Image Models to Help System Designers Interrogate Model Capabilities. (10%) Xin Du; Benedicte Legastelois; Bhargavi Ganesh; Ajitha Rajan; Hana Chockler; Vaishak Belle; Stuart Anderson; Subramanian Ramamoorthy http://arxiv.org/abs/2201.11692 SSLGuard: A Watermarking Scheme for Self-supervised Learning Pre-trained Encoders. (2%) Tianshuo Cong; Xinlei He; Yang Zhang http://arxiv.org/abs/2201.11377 CacheFX: A Framework for Evaluating Cache Security. (1%) Daniel Genkin; William Kosasih; Fangfei Liu; Anna Trikalinou; Thomas Unterluggauer; Yuval Yarom http://arxiv.org/abs/2201.10937 Boosting 3D Adversarial Attacks with Attacking On Frequency. (98%) Binbin Liu; Jinlai Zhang; Lyujie Chen; Jihong Zhu http://arxiv.org/abs/2201.10972 How Robust are Discriminatively Trained Zero-Shot Learning Models? (98%) Mehmet Kerim Yucel; Ramazan Gokberk Cinbis; Pinar Duygulu http://arxiv.org/abs/2201.11148 Autonomous Cyber Defense Introduces Risk: Can We Manage the Risk? (2%) Alexandre K. Ligo; Alexander Kott; Igor Linkov http://arxiv.org/abs/2201.10833 Automatic detection of access control vulnerabilities via API specification processing. (1%) Alexander Barabanov; Denis Dergunov; Denis Makrushin; Aleksey Teplov http://arxiv.org/abs/2201.10675 Virtual Adversarial Training for Semi-supervised Breast Mass Classification. (3%) Xuxin Chen; Ximin Wang; Ke Zhang; Kar-Ming Fung; Theresa C. Thai; Kathleen Moore; Robert S. Mannel; Hong Liu; Bin Zheng; Yuchen Qiu http://arxiv.org/abs/2201.10737 Class-Aware Adversarial Transformers for Medical Image Segmentation. (1%) Chenyu You; Ruihan Zhao; Fenglin Liu; Siyuan Dong; Sandeep Chinchali; Ufuk Topcu; Lawrence Staib; James S. Duncan http://arxiv.org/abs/2201.10207 SPIRAL: Self-supervised Perturbation-Invariant Representation Learning for Speech Pre-Training. (1%) Wenyong Huang; Zhenhe Zhang; Yu Ting Yeung; Xin Jiang; Qun Liu http://arxiv.org/abs/2201.09650 What You See is Not What the Network Infers: Detecting Adversarial Examples Based on Semantic Contradiction. (99%) Yijun Yang; Ruiyuan Gao; Yu Li; Qiuxia Lai; Qiang Xu http://arxiv.org/abs/2201.10055 Identifying a Training-Set Attack's Target Using Renormalized Influence Estimation. (95%) Zayd Hammoudeh; Daniel Lowd http://arxiv.org/abs/2201.09967 Attacks and Defenses for Free-Riders in Multi-Discriminator GAN. (76%) Zilong Zhao; Jiyue Huang; Stefanie Roos; Lydia Y. Chen http://arxiv.org/abs/2201.09538 Backdoor Defense with Machine Unlearning. (33%) Yang Liu; Mingyuan Fan; Cen Chen; Ximeng Liu; Zhuo Ma; Li Wang; Jianfeng Ma http://arxiv.org/abs/2201.09631 On the Complexity of Attacking Elliptic Curve Based Authentication Chips. (1%) Ievgen Kabin; Zoya Dyka; Dan Klann; Jan Schaeffner; Peter Langendoerfer http://arxiv.org/abs/2201.09369 Efficient and Robust Classification for Sparse Attacks. (83%) Mark Beliaev; Payam Delgosha; Hamed Hassani; Ramtin Pedarsani http://arxiv.org/abs/2202.00469 Gradient-guided Unsupervised Text Style Transfer via Contrastive Learning. (78%) Chenghao Fan; Ziao Li; Wei wei http://arxiv.org/abs/2201.09370 Are Your Sensitive Attributes Private? Novel Model Inversion Attribute Inference Attacks on Classification Models. (56%) Shagufta Mehnaz; Sayanton V. Dibbo; Ehsanul Kabir; Ninghui Li; Elisa Bertino http://arxiv.org/abs/2201.09243 Increasing the Cost of Model Extraction with Calibrated Proof of Work. (22%) Adam Dziedzic; Muhammad Ahmad Kaleem; Yu Shen Lu; Nicolas Papernot http://arxiv.org/abs/2201.08970 Parallel Rectangle Flip Attack: A Query-based Black-box Attack against Object Detection. (99%) Siyuan Liang; Baoyuan Wu; Yanbo Fan; Xingxing Wei; Xiaochun Cao http://arxiv.org/abs/2201.09109 Robust Unpaired Single Image Super-Resolution of Faces. (98%) Saurabh Goswami; Rajagopalan A. N http://arxiv.org/abs/2201.09051 On the Robustness of Counterfactual Explanations to Adverse Perturbations. (10%) Marco Virgolin; Saverio Fracaros http://arxiv.org/abs/2201.08698 Natural Attack for Pre-trained Models of Code. (99%) Zhou Yang; Jieke Shi; Junda He; David Lo http://arxiv.org/abs/2201.08557 Toward Enhanced Robustness in Unsupervised Graph Representation Learning: A Graph Information Bottleneck Perspective. (99%) Jihong Wang; Minnan Luo; Jundong Li; Ziqi Liu; Jun Zhou; Qinghua Zheng http://arxiv.org/abs/2201.08661 The Security of Deep Learning Defences for Medical Imaging. (80%) Moshe Levy; Guy Amit; Yuval Elovici; Yisroel Mirsky http://arxiv.org/abs/2201.08619 Dangerous Cloaking: Natural Trigger based Backdoor Attacks on Object Detectors in the Physical World. (75%) Hua Ma; Yinshan Li; Yansong Gao; Alsharif Abuadbba; Zhi Zhang; Anmin Fu; Hyoungshick Kim; Said F. Al-Sarawi; Nepal Surya; Derek Abbott http://arxiv.org/abs/2201.08555 Identifying Adversarial Attacks on Text Classifiers. (73%) Zhouhang Xie; Jonathan Brophy; Adam Noack; Wencong You; Kalyani Asthana; Carter Perkins; Sabrina Reis; Sameer Singh; Daniel Lowd http://arxiv.org/abs/2201.08956 The Many Faces of Adversarial Risk. (47%) Muni Sreenivas Pydi; Varun Jog http://arxiv.org/abs/2201.08193 TextHacker: Learning based Hybrid Local Search Algorithm for Text Hard-label Adversarial Attack. (99%) Zhen Yu; Xiaosen Wang; Wanxiang Che; Kun He http://arxiv.org/abs/2201.08318 Cheating Automatic Short Answer Grading: On the Adversarial Usage of Adjectives and Adverbs. (95%) Anna Filighera; Sebastian Ochs; Tim Steuer; Thomas Tregel http://arxiv.org/abs/2201.08135 Survey on Federated Learning Threats: concepts, taxonomy on attacks and defences, experimental study and challenges. (93%) Nuria Rodríguez-Barroso; Daniel Jiménez López; M. Victoria Luzón; Francisco Herrera; Eugenio Martínez-Cámara http://arxiv.org/abs/2201.08731 Low-Interception Waveform: To Prevent the Recognition of Spectrum Waveform Modulation via Adversarial Examples. (83%) Haidong Xie; Jia Tan; Xiaoying Zhang; Nan Ji; Haihua Liao; Zuguo Yu; Xueshuang Xiang; Naijin Liu http://arxiv.org/abs/2201.08474 Post-Training Detection of Backdoor Attacks for Two-Class and Multi-Attack Scenarios. (70%) Zhen Xiang; David J. Miller; George Kesidis http://arxiv.org/abs/2201.08052 Adversarial Jamming for a More Effective Constellation Attack. (56%) Haidong Xie; Yizhou Xu; Yuanqing Chen; Nan Ji; Shuai Yuan; Naijin Liu; Xueshuang Xiang http://arxiv.org/abs/2201.08388 Steerable Pyramid Transform Enables Robust Left Ventricle Quantification. (13%) Xiangyang Zhu; Kede Ma; Wufeng Xue http://arxiv.org/abs/2201.08531 Black-box Prompt Learning for Pre-trained Language Models. (13%) Shizhe Diao; Zhichao Huang; Ruijia Xu; Xuechun Li; Yong Lin; Xiao Zhou; Tong Zhang http://arxiv.org/abs/2201.08087 DeepGalaxy: Testing Neural Network Verifiers via Two-Dimensional Input Space Exploration. (1%) Xuan Xie; Fuyuan Zhang http://arxiv.org/abs/2201.07986 Unsupervised Graph Poisoning Attack via Contrastive Loss Back-propagation. (96%) Sixiao Zhang; Hongxu Chen; Xiangguo Sun; Yicong Li; Guandong Xu http://arxiv.org/abs/2201.07513 Can't Steal? Cont-Steal! Contrastive Stealing Attacks Against Image Encoders. (8%) Zeyang Sha; Xinlei He; Ning Yu; Michael Backes; Yang Zhang http://arxiv.org/abs/2201.07391 MetaV: A Meta-Verifier Approach to Task-Agnostic Model Fingerprinting. (99%) Xudong Pan; Yifan Yan; Mi Zhang; Min Yang http://arxiv.org/abs/2201.07012 Adversarial vulnerability of powerful near out-of-distribution detection. (78%) Stanislav Fort http://arxiv.org/abs/2201.07063 How to Backdoor HyperNetwork in Personalized Federated Learning? (13%) Phung Lai; NhatHai Phan; Issa Khalil; Abdallah Khreishah; Xintao Wu http://arxiv.org/abs/2201.06937 Secure IoT Routing: Selective Forwarding Attacks and Trust-based Defenses in RPL Network. (2%) Jun Jiang; Yuhong Liu http://arxiv.org/abs/2201.07381 Unveiling Project-Specific Bias in Neural Code Models. (1%) Zhiming Li; Yanzhou Li; Tianlin Li; Mengnan Du; Bozhi Wu; Yushi Cao; Junzhe Jiang; Yang Liu http://arxiv.org/abs/2201.07344 Lung Swapping Autoencoder: Learning a Disentangled Structure-texture Representation of Chest Radiographs. (1%) Lei Zhou; Joseph Bae; Huidong Liu; Gagandeep Singh; Jeremy Green; Amit Gupta; Dimitris Samaras; Prateek Prasanna http://arxiv.org/abs/2201.06427 Masked Faces with Faced Masks. (81%) Jiayi Zhu; Qing Guo; Felix Juefei-Xu; Yihao Huang; Yang Liu; Geguang Pu http://arxiv.org/abs/2201.06384 Cyberbullying Classifiers are Sensitive to Model-Agnostic Perturbations. (56%) Chris Emmery; Ákos Kádár; Grzegorz Chrupała; Walter Daelemans http://arxiv.org/abs/2201.06494 AugLy: Data Augmentations for Robustness. (3%) Zoe Papakipos; Joanna Bitton http://arxiv.org/abs/2201.06192 Fooling the Eyes of Autonomous Vehicles: Robust Physical Adversarial Examples Against Traffic Sign Recognition Systems. (99%) Wei Jia; Zhaojun Lu; Haichun Zhang; Zhenglin Liu; Jie Wang; Gang Qu http://arxiv.org/abs/2201.06070 ALA: Adversarial Lightness Attack via Naturalness-aware Regularizations. (99%) Liangru Sun; Felix Juefei-Xu; Yihao Huang; Qing Guo; Jiayi Zhu; Jincao Feng; Yang Liu; Geguang Pu http://arxiv.org/abs/2201.06093 Adversarial Machine Learning Threat Analysis in Open Radio Access Networks. (64%) Ron Bitton; Dan Avraham; Eitan Klevansky; Dudu Mimran; Oleg Brodt; Heiko Lehmann; Yuval Elovici; Asaf Shabtai http://arxiv.org/abs/2201.06202 Neighboring Backdoor Attacks on Graph Convolutional Network. (22%) Liang Chen; Qibiao Peng; Jintang Li; Yang Liu; Jiawei Chen; Yong Li; Zibin Zheng http://arxiv.org/abs/2201.05819 Interpretable and Effective Reinforcement Learning for Attacking against Graph-based Rumor Detection. (26%) Yuefei Lyu; Xiaoyu Yang; Jiaxin Liu; Philip S. Yu; Sihong Xie; Xi Zhang http://arxiv.org/abs/2201.05889 StolenEncoder: Stealing Pre-trained Encoders. (13%) Yupei Liu; Jinyuan Jia; Hongbin Liu; Neil Zhenqiang Gong http://arxiv.org/abs/2201.05320 CommonsenseQA 2.0: Exposing the Limits of AI through Gamification. (56%) Alon Talmor; Ori Yoran; Ronan Le Bras; Chandra Bhagavatula; Yoav Goldberg; Yejin Choi; Jonathan Berant http://arxiv.org/abs/2201.05326 Security Orchestration, Automation, and Response Engine for Deployment of Behavioural Honeypots. (1%) Upendra Bartwal; Subhasis Mukhopadhyay; Rohit Negi; Sandeep Shukla http://arxiv.org/abs/2201.05001 Evaluation of Four Black-box Adversarial Attacks and Some Query-efficient Improvement Analysis. (96%) Rui Wang http://arxiv.org/abs/2201.05149 The curse of overparametrization in adversarial training: Precise analysis of robust generalization for random features regression. (93%) Hamed Hassani; Adel Javanmard http://arxiv.org/abs/2201.05057 On Adversarial Robustness of Trajectory Prediction for Autonomous Vehicles. (83%) Qingzhao Zhang; Shengtuo Hu; Jiachen Sun; Qi Alfred Chen; Z. Morley Mao http://arxiv.org/abs/2201.04845 Reconstructing Training Data with Informed Adversaries. (54%) Borja Balle; Giovanni Cherubin; Jamie Hayes http://arxiv.org/abs/2201.05172 Jamming Attacks on Federated Learning in Wireless Networks. (2%) Yi Shi; Yalin E. Sagduyu http://arxiv.org/abs/2201.04733 Adversarially Robust Classification by Conditional Generative Model Inversion. (99%) Mitra Alirezaei; Tolga Tasdizen http://arxiv.org/abs/2201.04397 Towards Adversarially Robust Deep Image Denoising. (99%) Hanshu Yan; Jingfeng Zhang; Jiashi Feng; Masashi Sugiyama; Vincent Y. F. Tan http://arxiv.org/abs/2201.04569 Get your Foes Fooled: Proximal Gradient Split Learning for Defense against Model Inversion Attacks on IoMT data. (70%) Sunder Ali Khowaja; Ik Hyun Lee; Kapal Dev; Muhammad Aslam Jarwar; Nawab Muhammad Faseeh Qureshi http://arxiv.org/abs/2201.04736 Security for Machine Learning-based Software Systems: a survey of threats, practices and challenges. (1%) Huaming Chen; M. Ali Babar http://arxiv.org/abs/2201.03829 Quantifying Robustness to Adversarial Word Substitutions. (99%) Yuting Yang; Pei Huang; FeiFei Ma; Juan Cao; Meishan Zhang; Jian Zhang; Jintao Li http://arxiv.org/abs/2201.04011 Similarity-based Gray-box Adversarial Attack Against Deep Face Recognition. (99%) Hanrui Wang; Shuo Wang; Zhe Jin; Yandan Wang; Cunjian Chen; Massimo Tistarell http://arxiv.org/abs/2201.05071 Evaluation of Neural Networks Defenses and Attacks using NDCG and Reciprocal Rank Metrics. (98%) Haya Brama; Lihi Dery; Tal Grinshpoun http://arxiv.org/abs/2201.03281 IoTGAN: GAN Powered Camouflage Against Machine Learning Based IoT Device Identification. (89%) Tao Hou; Tao Wang; Zhuo Lu; Yao Liu; Yalin Sagduyu http://arxiv.org/abs/2201.03777 Reciprocal Adversarial Learning for Brain Tumor Segmentation: A Solution to BraTS Challenge 2021 Segmentation Task. (73%) Himashi Peiris; Zhaolin Chen; Gary Egan; Mehrtash Harandi http://arxiv.org/abs/2201.03353 GMFIM: A Generative Mask-guided Facial Image Manipulation Model for Privacy Preservation. (3%) Mohammad Hossein Khojaste; Nastaran Moradzadeh Farid; Ahmad Nickabadi http://arxiv.org/abs/2201.03668 Towards Group Robustness in the presence of Partial Group Labels. (1%) Vishnu Suresh Lokhande; Kihyuk Sohn; Jinsung Yoon; Madeleine Udell; Chen-Yu Lee; Tomas Pfister http://arxiv.org/abs/2201.02993 Rethink Stealthy Backdoor Attacks in Natural Language Processing. (89%) Lingfeng Shen; Haiyun Jiang; Lemao Liu; Shuming Shi http://arxiv.org/abs/2201.02986 A Retrospective and Futurespective of Rowhammer Attacks and Defenses on DRAM. (76%) Zhi Zhang; Jiahao Qi; Yueqiang Cheng; Shijie Jiang; Yiyang Lin; Yansong Gao; Surya Nepal; Yi Zou http://arxiv.org/abs/2201.03004 Privacy-aware Early Detection of COVID-19 through Adversarial Training. (10%) Omid Rohanian; Samaneh Kouchaki; Andrew Soltan; Jenny Yang; Morteza Rohanian; Yang Yang; David Clifton http://arxiv.org/abs/2201.02873 LoMar: A Local Defense Against Poisoning Attack on Federated Learning. (9%) Xingyu Li; Zhe Qu; Shangqing Zhao; Bo Tang; Zhuo Lu; Yao Liu http://arxiv.org/abs/2201.02863 PocketNN: Integer-only Training and Inference of Neural Networks via Direct Feedback Alignment and Pocket Activations in Pure C++. (1%) Jaewoo Song; Fangzhen Lin http://arxiv.org/abs/2201.02331 iDECODe: In-distribution Equivariance for Conformal Out-of-distribution Detection. (93%) Ramneet Kaur; Susmit Jha; Anirban Roy; Sangdon Park; Edgar Dobriban; Oleg Sokolsky; Insup Lee http://arxiv.org/abs/2201.02351 Asymptotic Security using Bayesian Defense Mechanisms with Application to Cyber Deception. (11%) Hampei Sasahara; Henrik Sandberg http://arxiv.org/abs/2201.02445 Negative Evidence Matters in Interpretable Histology Image Classification. (1%) Soufiane Belharbi; Marco Pedersoli; Ismail Ben Ayed; Luke McCaffrey; Eric Granger http://arxiv.org/abs/2201.02009 PAEG: Phrase-level Adversarial Example Generation for Neural Machine Translation. (98%) Juncheng Wan; Jian Yang; Shuming Ma; Dongdong Zhang; Weinan Zhang; Yong Yu; Zhoujun Li http://arxiv.org/abs/2201.02265 Learning to be adversarially robust and differentially private. (31%) Jamie Hayes; Borja Balle; M. Pawan Kumar http://arxiv.org/abs/2201.01965 Efficient Global Optimization of Two-layer ReLU Networks: Quadratic-time Algorithms and Adversarial Training. (2%) Yatong Bai; Tanmay Gautam; Somayeh Sojoudi http://arxiv.org/abs/2201.01850 On the Real-World Adversarial Robustness of Real-Time Semantic Segmentation Models for Autonomous Driving. (99%) Giulio Rossolini; Federico Nesti; Gianluca D'Amico; Saasha Nair; Alessandro Biondi; Giorgio Buttazzo http://arxiv.org/abs/2201.01621 ROOM: Adversarial Machine Learning Attacks Under Real-Time Constraints. (99%) Amira Guesmi; Khaled N. Khasawneh; Nael Abu-Ghazaleh; Ihsen Alouani http://arxiv.org/abs/2201.01842 Adversarial Robustness in Cognitive Radio Networks. (1%) Makan Zamanipour http://arxiv.org/abs/2201.01102 Towards Transferable Unrestricted Adversarial Examples with Minimum Changes. (99%) Fangcheng Liu; Chao Zhang; Hongyang Zhang http://arxiv.org/abs/2201.01080 Towards Understanding and Harnessing the Effect of Image Transformation in Adversarial Detection. (99%) Hui Liu; Bo Zhao; Yuefeng Peng; Weidong Li; Peng Liu http://arxiv.org/abs/2201.01235 On the Minimal Adversarial Perturbation for Deep Neural Networks with Provable Estimation Error. (86%) Fabio Brau; Giulio Rossolini; Alessandro Biondi; Giorgio Buttazzo http://arxiv.org/abs/2201.01409 Towards Understanding Quality Challenges of the Federated Learning for Neural Networks: A First Look from the Lens of Robustness. (31%) Amin Eslami Abyane; Derui Zhu; Roberto Souza; Lei Ma; Hadi Hemmati http://arxiv.org/abs/2201.01399 Corrupting Data to Remove Deceptive Perturbation: Using Preprocessing Method to Improve System Robustness. (10%) Hieu Le; Hans Walker; Dung Tran; Peter Chin http://arxiv.org/abs/2201.00672 Compression-Resistant Backdoor Attack against Deep Neural Networks. (75%) Mingfu Xue; Xin Wang; Shichang Sun; Yushu Zhang; Jian Wang; Weiqiang Liu http://arxiv.org/abs/2201.00763 DeepSight: Mitigating Backdoor Attacks in Federated Learning Through Deep Model Inspection. (68%) Phillip Rieger; Thien Duc Nguyen; Markus Miettinen; Ahmad-Reza Sadeghi http://arxiv.org/abs/2201.00801 Revisiting PGD Attacks for Stability Analysis of Large-Scale Nonlinear Systems and Perception-Based Control. (11%) Aaron Havens; Darioush Keivan; Peter Seiler; Geir Dullerud; Bin Hu http://arxiv.org/abs/2201.00455 Actor-Critic Network for Q&A in an Adversarial Environment. (33%) Bejan Sadeghian http://arxiv.org/abs/2201.00318 On Sensitivity of Deep Learning Based Text Classification Algorithms to Practical Input Perturbations. (12%) Aamir Miyajiwala; Arnav Ladkat; Samiksha Jagadale; Raviraj Joshi http://arxiv.org/abs/2201.00148 Rethinking Feature Uncertainty in Stochastic Neural Networks for Adversarial Robustness. (87%) Hao Yang; Min Wang; Zhengfei Yu; Yun Zhou http://arxiv.org/abs/2201.00191 Revisiting Neuron Coverage Metrics and Quality of Deep Neural Networks. (41%) Zhou Yang; Jieke Shi; Muhammad Hilmi Asyrofi; David Lo http://arxiv.org/abs/2201.00167 Generating Adversarial Samples For Training Wake-up Word Detection Systems Against Confusing Words. (1%) Haoxu Wang; Yan Jia; Zeqing Zhao; Xuyang Wang; Junjie Wang; Ming Li http://arxiv.org/abs/2201.00097 Adversarial Attack via Dual-Stage Network Erosion. (99%) Yexin Duan; Junhua Zou; Xingyu Zhou; Wu Zhang; Jin Zhang; Zhisong Pan http://arxiv.org/abs/2112.15329 On Distinctive Properties of Universal Perturbations. (83%) Sung Min Park; Kuo-An Wei; Kai Xiao; Jerry Li; Aleksander Madry http://arxiv.org/abs/2112.15250 Benign Overfitting in Adversarially Robust Linear Classification. (99%) Jinghui Chen; Yuan Cao; Quanquan Gu http://arxiv.org/abs/2112.15089 Causal Attention for Interpretable and Generalizable Graph Classification. (1%) Yongduo Sui; Xiang Wang; Jiancan Wu; Min Lin; Xiangnan He; Tat-Seng Chua http://arxiv.org/abs/2112.14420 Invertible Image Dataset Protection. (92%) Kejiang Chen; Xianhan Zeng; Qichao Ying; Sheng Li; Zhenxing Qian; Xinpeng Zhang http://arxiv.org/abs/2112.14468 Challenges and Approaches for Mitigating Byzantine Attacks in Federated Learning. (4%) Junyu Shi; Wei Wan; Shengshan Hu; Jianrong Lu; Leo Yu Zhang http://arxiv.org/abs/2112.14232 Constrained Gradient Descent: A Powerful and Principled Evasion Attack Against Neural Networks. (99%) Weiran Lin; Keane Lucas; Lujo Bauer; Michael K. Reiter; Mahmood Sharif http://arxiv.org/abs/2112.14337 Closer Look at the Transferability of Adversarial Examples: How They Fool Different Models Differently. (99%) Futa Waseda; Sosuke Nishikawa; Trung-Nghia Le; Huy H. Nguyen; Isao Echizen http://arxiv.org/abs/2201.02504 Repairing Adversarial Texts through Perturbation. (99%) Guoliang Dong; Jingyi Wang; Jun Sun; Sudipta Chattopadhyay; Xinyu Wang; Ting Dai; Jie Shi; Jin Song Dong http://arxiv.org/abs/2112.14299 DeepAdversaries: Examining the Robustness of Deep Learning Models for Galaxy Morphology Classification. (91%) Aleksandra Ćiprijanović; Diana Kafkes; Gregory Snyder; F. Javier Sánchez; Gabriel Nathan Perdue; Kevin Pedro; Brian Nord; Sandeep Madireddy; Stefan M. Wild http://arxiv.org/abs/2112.14340 Super-Efficient Super Resolution for Fast Adversarial Defense at the Edge. (88%) Kartikeya Bhardwaj; Dibakar Gope; James Ward; Paul Whatmough; Danny Loh http://arxiv.org/abs/2201.00402 A General Framework for Evaluating Robustness of Combinatorial Optimization Solvers on Graphs. (86%) Han Lu; Zenan Li; Runzhong Wang; Qibing Ren; Junchi Yan; Xiaokang Yang http://arxiv.org/abs/2112.14771 Gas Gauge: A Security Analysis Tool for Smart Contract Out-of-Gas Vulnerabilities. (1%) Behkish Nassirzadeh; Huaiying Sun; Sebastian Banescu; Vijay Ganesh http://arxiv.org/abs/2112.13534 Adversarial Attack for Asynchronous Event-based Data. (99%) Wooju Lee; Hyun Myung http://arxiv.org/abs/2112.13547 PRIME: A Few Primitives Can Boost Robustness to Common Corruptions. (81%) Apostolos Modas; Rahul Rade; Guillermo Ortiz-Jiménez; Seyed-Mohsen Moosavi-Dezfooli; Pascal Frossard http://arxiv.org/abs/2112.13989 Associative Adversarial Learning Based on Selective Attack. (26%) Runqi Wang; Xiaoyue Duan; Baochang Zhang; Song Xue; Wentao Zhu; David Doermann; Guodong Guo http://arxiv.org/abs/2112.13551 Learning Robust and Lightweight Model through Separable Structured Transformations. (8%) Yanhui Huang; Yangyu Xu; Xian Wei http://arxiv.org/abs/2112.13408 Perlin Noise Improve Adversarial Robustness. (99%) Chengjun Tang; Kun Zhang; Chunfang Xing; Yong Ding; Zengmin Xu http://arxiv.org/abs/2112.13267 Task and Model Agnostic Adversarial Attack on Graph Neural Networks. (99%) Kartik Sharma; Samidha Verma; Sourav Medya; Sayan Ranu; Arnab Bhattacharya http://arxiv.org/abs/2112.13214 NeuronFair: Interpretable White-Box Fairness Testing through Biased Neuron Identification. (50%) Haibin Zheng; Zhiqing Chen; Tianyu Du; Xuhong Zhang; Yao Cheng; Shouling Ji; Jingyi Wang; Yue Yu; Jinyin Chen http://arxiv.org/abs/2112.13162 Stealthy Attack on Algorithmic-Protected DNNs via Smart Bit Flipping. (99%) Behnam Ghavami; Seyd Movi; Zhenman Fang; Lesley Shannon http://arxiv.org/abs/2112.13060 NIP: Neuron-level Inverse Perturbation Against Adversarial Attacks. (98%) Ruoxi Chen; Haibo Jin; Jinyin Chen; Haibin Zheng; Yue Yu; Shouling Ji http://arxiv.org/abs/2112.13064 CatchBackdoor: Backdoor Testing by Critical Trojan Neural Path Identification via Differential Fuzzing. (82%) Haibo Jin; Ruoxi Chen; Jinyin Chen; Yao Cheng; Chong Fu; Ting Wang; Yue Yu; Zhaoyan Ming http://arxiv.org/abs/2112.13144 SoK: A Study of the Security on Voice Processing Systems. (9%) Robert Chang; Logan Kuo; Arthur Liu; Nader Sehatbakhsh http://arxiv.org/abs/2112.12998 DP-UTIL: Comprehensive Utility Analysis of Differential Privacy in Machine Learning. (1%) Ismat Jarin; Birhanu Eshete http://arxiv.org/abs/2112.13178 Gradient Leakage Attack Resilient Deep Learning. (1%) Wenqi Wei; Ling Liu http://arxiv.org/abs/2112.12431 Adaptive Modeling Against Adversarial Attacks. (99%) Zhiwen Yan; Teck Khim Ng http://arxiv.org/abs/2112.12376 Revisiting and Advancing Fast Adversarial Training Through The Lens of Bi-Level Optimization. (99%) Yihua Zhang; Guanhua Zhang; Prashant Khanduri; Mingyi Hong; Shiyu Chang; Sijia Liu http://arxiv.org/abs/2112.12920 Robust Secretary and Prophet Algorithms for Packing Integer Programs. (2%) C. J. Argue; Anupam Gupta; Marco Molinaro; Sahil Singla http://arxiv.org/abs/2112.12938 Counterfactual Memorization in Neural Language Models. (2%) Chiyuan Zhang; Daphne Ippolito; Katherine Lee; Matthew Jagielski; Florian Tramèr; Nicholas Carlini http://arxiv.org/abs/2112.12310 Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art. (99%) Xiang Ling; Lingfei Wu; Jiangyu Zhang; Zhenqing Qu; Wei Deng; Xiang Chen; Yaguan Qian; Chunming Wu; Shouling Ji; Tianyue Luo; Jingzheng Wu; Yanjun Wu http://arxiv.org/abs/2112.11668 How Should Pre-Trained Language Models Be Fine-Tuned Towards Adversarial Robustness? (98%) Xinhsuai Dong; Luu Anh Tuan; Min Lin; Shuicheng Yan; Hanwang Zhang http://arxiv.org/abs/2112.12095 Detect & Reject for Transferability of Black-box Adversarial Attacks Against Network Intrusion Detection Systems. (98%) Islam Debicha; Thibault Debatty; Jean-Michel Dricot; Wim Mees; Tayeb Kenaza http://arxiv.org/abs/2112.11937 Adversarial Deep Reinforcement Learning for Improving the Robustness of Multi-agent Autonomous Driving Policies. (96%) Aizaz Sharif; Dusica Marijan http://arxiv.org/abs/2112.12792 Understanding and Measuring Robustness of Multimodal Learning. (69%) Nishant Vishwamitra; Hongxin Hu; Ziming Zhao; Long Cheng; Feng Luo http://arxiv.org/abs/2112.11947 Evaluating the Robustness of Deep Reinforcement Learning for Autonomous and Adversarial Policies in a Multi-agent Urban Driving Environment. (41%) Aizaz Sharif; Dusica Marijan http://arxiv.org/abs/2112.11018 A Theoretical View of Linear Backpropagation and Its Convergence. (99%) Ziang Li; Yiwen Guo; Haodi Liu; Changshui Zhang http://arxiv.org/abs/2112.11660 An Attention Score Based Attacker for Black-box NLP Classifier. (91%) Yueyang Liu; Hunmin Lee; Zhipeng Cai http://arxiv.org/abs/2112.11414 Covert Communications via Adversarial Machine Learning and Reconfigurable Intelligent Surfaces. (81%) Brian Kim; Tugba Erpek; Yalin E. Sagduyu; Sennur Ulukus http://arxiv.org/abs/2112.11255 Mind the Gap! A Study on the Transferability of Virtual vs Physical-world Testing of Autonomous Driving Systems. (76%) Andrea Stocco; Brian Pulfer; Paolo Tonella http://arxiv.org/abs/2112.12084 Input-Specific Robustness Certification for Randomized Smoothing. (68%) Ruoxin Chen; Jie Li; Junchi Yan; Ping Li; Bin Sheng http://arxiv.org/abs/2112.11235 Improving Robustness with Image Filtering. (68%) Matteo Terzi; Mattia Carletti; Gian Antonio Susto http://arxiv.org/abs/2112.11313 On the Adversarial Robustness of Causal Algorithmic Recourse. (10%) Ricardo Dominguez-Olmedo; Amir-Hossein Karimi; Bernhard Schölkopf http://arxiv.org/abs/2112.11542 MIA-Former: Efficient and Robust Vision Transformers via Multi-grained Input-Adaptation. (4%) Zhongzhi Yu; Yonggan Fu; Sicheng Li; Chaojian Li; Yingyan Lin http://arxiv.org/abs/2112.11643 Exploring Credibility Scoring Metrics of Perception Systems for Autonomous Driving. (2%) Viren Khandal; Arth Vidyarthi http://arxiv.org/abs/2112.11136 Adversarial Gradient Driven Exploration for Deep Click-Through Rate Prediction. (2%) Kailun Wu; Zhangming Chan; Weijie Bian; Lejian Ren; Shiming Xiang; Shuguang Han; Hongbo Deng; Bo Zheng http://arxiv.org/abs/2112.11289 Longitudinal Study of the Prevalence of Malware Evasive Techniques. (1%) Lorenzo Maffia; Dario Nisi; Platon Kotzias; Giovanni Lagorio; Simone Aonzo; Davide Balzarotti http://arxiv.org/abs/2112.10525 Certified Federated Adversarial Training. (98%) Giulio Zizzo; Ambrish Rawat; Mathieu Sinn; Sergio Maffeis; Chris Hankin http://arxiv.org/abs/2112.11226 Energy-bounded Learning for Robust Models of Code. (83%) Nghi D. Q. Bui; Yijun Yu http://arxiv.org/abs/2112.12591 Black-Box Testing of Deep Neural Networks through Test Case Diversity. (82%) Zohreh Aghababaeyan; Manel Abdellatif; Lionel Briand; Ramesh S; Mojtaba Bagherzadeh http://arxiv.org/abs/2112.10424 Unifying Model Explainability and Robustness for Joint Text Classification and Rationale Extraction. (80%) Dongfang Li; Baotian Hu; Qingcai Chen; Tujie Xu; Jingcong Tao; Yunan Zhang http://arxiv.org/abs/2112.10690 Adversarially Robust Stability Certificates can be Sample-Efficient. (2%) Thomas T. C. K. Zhang; Stephen Tu; Nicholas M. Boffi; Jean-Jacques E. Slotine; Nikolai Matni http://arxiv.org/abs/2112.10098 Initiative Defense against Facial Manipulation. (67%) Qidong Huang; Jie Zhang; Wenbo Zhou; WeimingZhang; Nenghai Yu http://arxiv.org/abs/2112.09968 Being Friends Instead of Adversaries: Deep Networks Learn from Data Simplified by Other Networks. (12%) Simone Marullo; Matteo Tiezzi; Marco Gori; Stefano Melacci http://arxiv.org/abs/2112.10038 Android-COCO: Android Malware Detection with Graph Neural Network for Byte- and Native-Code. (1%) Peng Xu http://arxiv.org/abs/2112.09658 Reasoning Chain Based Adversarial Attack for Multi-hop Question Answering. (92%) Jiayu Fudan University Ding; Siyuan Fudan University Wang; Qin East China Normal University Chen; Zhongyu Fudan University Wei http://arxiv.org/abs/2112.09333 Deep Bayesian Learning for Car Hacking Detection. (81%) Laha Ale; Scott A. King; Ning Zhang http://arxiv.org/abs/2112.09669 Explain, Edit, and Understand: Rethinking User Study Design for Evaluating Model Explanations. (81%) Siddhant Arora; Danish Pruthi; Norman Sadeh; William W. Cohen; Zachary C. Lipton; Graham Neubig http://arxiv.org/abs/2112.09428 Dynamics-aware Adversarial Attack of 3D Sparse Convolution Network. (80%) An Tao; Yueqi Duan; He Wang; Ziyi Wu; Pengliang Ji; Haowen Sun; Jie Zhou; Jiwen Lu http://arxiv.org/abs/2112.09625 Provable Adversarial Robustness in the Quantum Model. (62%) Khashayar Barooti; Grzegorz Głuch; Ruediger Urbanke http://arxiv.org/abs/2112.09343 Domain Adaptation on Point Clouds via Geometry-Aware Implicits. (1%) Yuefan Shen; Yanchao Yang; Mi Yan; He Wang; Youyi Zheng; Leonidas Guibas http://arxiv.org/abs/2112.08862 Addressing Adversarial Machine Learning Attacks in Smart Healthcare Perspectives. (99%) Arawinkumaar Selvakkumar; Shantanu Pal; Zahra Jadidi http://arxiv.org/abs/2112.08691 Towards Robust Neural Image Compression: Adversarial Attack and Model Finetuning. (99%) Tong Chen; Zhan Ma http://arxiv.org/abs/2112.09219 All You Need is RAW: Defending Against Adversarial Attacks with Camera Image Pipelines. (99%) Yuxuan Zhang; Bo Dong; Felix Heide http://arxiv.org/abs/2112.09279 Robust Upper Bounds for Adversarial Training. (75%) Dimitris Bertsimas; Xavier Boix; Kimberly Villalobos Carballo; Dick den Hertog http://arxiv.org/abs/2112.09151 TAFIM: Targeted Adversarial Attacks against Facial Image Manipulations. (64%) Shivangi Aneja; Lev Markhasin; Matthias Niessner http://arxiv.org/abs/2112.08772 Sharpness-Aware Minimization with Dynamic Reweighting. (31%) Wenxuan Zhou; Fangyu Liu; Huan Zhang; Muhao Chen http://arxiv.org/abs/2112.09008 APTSHIELD: A Stable, Efficient and Real-time APT Detection System for Linux Hosts. (16%) Tiantian Zhu; Jinkai Yu; Tieming Chen; Jiayu Wang; Jie Ying; Ye Tian; Mingqi Lv; Yan Chen; Yuan Fan; Ting Wang http://arxiv.org/abs/2112.08806 Correlation inference attacks against machine learning models. (13%) Ana-Maria Creţu; Florent Guépin; Montjoye Yves-Alexandre de http://arxiv.org/abs/2112.09062 Models in the Loop: Aiding Crowdworkers with Generative Annotation Assistants. (2%) Max Bartolo; Tristan Thrush; Sebastian Riedel; Pontus Stenetorp; Robin Jia; Douwe Kiela http://arxiv.org/abs/2112.08810 Pure Noise to the Rescue of Insufficient Data: Improving Imbalanced Classification by Training on Random Noise Images. (2%) Shiran Zada; Itay Benou; Michal Irani http://arxiv.org/abs/2112.08304 On the Convergence and Robustness of Adversarial Training. (99%) Yisen Wang; Xingjun Ma; James Bailey; Jinfeng Yi; Bowen Zhou; Quanquan Gu http://arxiv.org/abs/2112.07921 Temporal Shuffling for Defending Deep Action Recognition Models against Adversarial Attacks. (98%) Jaehui Hwang; Huan Zhang; Jun-Ho Choi; Cho-Jui Hsieh; Jong-Seok Lee http://arxiv.org/abs/2112.08609 DuQM: A Chinese Dataset of Linguistically Perturbed Natural Questions for Evaluating the Robustness of Question Matching Models. (75%) Hongyu Zhu; Yan Chen; Jing Yan; Jing Liu; Yu Hong; Ying Chen; Hua Wu; Haifeng Wang http://arxiv.org/abs/2112.08102 Robust Neural Network Classification via Double Regularization. (1%) Olof Zetterqvist; Rebecka Jörnsten; Johan Jonasson http://arxiv.org/abs/2112.07400 Robustifying automatic speech recognition by extracting slowly varying features. (99%) Matias Pizarro; Dorothea Kolossa; Asja Fischer http://arxiv.org/abs/2112.07512 Adversarial Examples for Extreme Multilabel Text Classification. (99%) Mohammadreza Qaraei; Rohit Babbar http://arxiv.org/abs/2112.07668 Dual-Key Multimodal Backdoors for Visual Question Answering. (81%) Matthew Walmer; Karan Sikka; Indranil Sur; Abhinav Shrivastava; Susmit Jha http://arxiv.org/abs/2112.07324 On the Impact of Hard Adversarial Instances on Overfitting in Adversarial Training. (76%) Chen Liu; Zhichao Huang; Mathieu Salzmann; Tong Zhang; Sabine Süsstrunk http://arxiv.org/abs/2112.07178 MuxLink: Circumventing Learning-Resilient MUX-Locking Using Graph Neural Network-based Link Prediction. (4%) Lilas Alrahis; Satwik Patnaik; Muhammad Shafique; Ozgur Sinanoglu http://arxiv.org/abs/2112.06443 Detecting Audio Adversarial Examples with Logit Noising. (99%) Namgyu Park; Sangwoo Ji; Jong Kim http://arxiv.org/abs/2112.06569 Triangle Attack: A Query-efficient Decision-based Adversarial Attack. (99%) Xiaosen Wang; Zeliang Zhang; Kangheng Tong; Dihong Gong; Kun He; Zhifeng Li; Wei Liu http://arxiv.org/abs/2112.06323 Interpolated Joint Space Adversarial Training for Robust and Generalizable Defenses. (98%) Chun Pong Lau; Jiang Liu; Hossein Souri; Wei-An Lin; Soheil Feizi; Rama Chellappa http://arxiv.org/abs/2112.06276 Quantifying and Understanding Adversarial Examples in Discrete Input Spaces. (91%) Volodymyr Kuleshov; Evgenii Nikishin; Shantanu Thakoor; Tingfung Lau; Stefano Ermon http://arxiv.org/abs/2112.06274 SparseFed: Mitigating Model Poisoning Attacks in Federated Learning with Sparsification. (91%) Ashwinee Panda; Saeed Mahloujifar; Arjun N. Bhagoji; Supriyo Chakraborty; Prateek Mittal http://arxiv.org/abs/2112.06384 WOOD: Wasserstein-based Out-of-Distribution Detection. (12%) Yinan Wang; Wenbo Sun; Jionghua "Judy" Jin; Zhenyu "James" Kong; Xiaowei Yue http://arxiv.org/abs/2112.06063 MedAttacker: Exploring Black-Box Adversarial Attacks on Risk Prediction Models in Healthcare. (99%) Muchao Ye; Junyu Luo; Guanjie Zheng; Cao Xiao; Ting Wang; Fenglong Ma http://arxiv.org/abs/2112.06011 Improving the Transferability of Adversarial Examples with Resized-Diverse-Inputs, Diversity-Ensemble and Region Fitting. (98%) Junhua Zou; Zhisong Pan; Junyang Qiu; Xin Liu; Ting Rui; Wei Li http://arxiv.org/abs/2112.06116 Stereoscopic Universal Perturbations across Different Architectures and Datasets. (98%) Zachary Berger; Parth Agrawal; Tian Yu Liu; Stefano Soatto; Alex Wong http://arxiv.org/abs/2112.06658 Learning to Learn Transferable Attack. (99%) Shuman Fang; Jie Li; Xianming Lin; Rongrong Ji http://arxiv.org/abs/2112.05379 Cross-Modal Transferable Adversarial Attacks from Images to Videos. (99%) Zhipeng Wei; Jingjing Chen; Zuxuan Wu; Yu-Gang Jiang http://arxiv.org/abs/2112.05871 Attacking Point Cloud Segmentation with Color-only Perturbation. (99%) Jiacen Xu; Zhe Zhou; Boyuan Feng; Yufei Ding; Zhou Li http://arxiv.org/abs/2112.05634 Preemptive Image Robustification for Protecting Users against Man-in-the-Middle Adversarial Attacks. (92%) Seungyong Moon; Gaon An; Hyun Oh Song http://arxiv.org/abs/2112.05409 Batch Label Inference and Replacement Attacks in Black-Boxed Vertical Federated Learning. (75%) Yang Liu; Tianyuan Zou; Yan Kang; Wenhan Liu; Yuanqin He; Zhihao Yi; Qiang Yang http://arxiv.org/abs/2112.05588 Copy, Right? A Testing Framework for Copyright Protection of Deep Learning Models. (68%) Jialuo Chen; Jingyi Wang; Tinglan Peng; Youcheng Sun; Peng Cheng; Shouling Ji; Xingjun Ma; Bo Li; Dawn Song http://arxiv.org/abs/2112.05367 Efficient Action Poisoning Attacks on Linear Contextual Bandits. (67%) Guanlin Liu; Lifeng Lai http://arxiv.org/abs/2112.05495 How Private Is Your RL Policy? An Inverse RL Based Analysis Framework. (41%) Kritika Prakash; Fiza Husain; Praveen Paruchuri; Sujit P. Gujar http://arxiv.org/abs/2112.05423 SoK: On the Security & Privacy in Federated Learning. (5%) Gorka Abad; Stjepan Picek; Aitor Urbieta http://arxiv.org/abs/2112.04720 Amicable Aid: Turning Adversarial Attack to Benefit Classification. (99%) Juyeop Kim; Jun-Ho Choi; Soobeom Jang; Jong-Seok Lee http://arxiv.org/abs/2112.05005 Mutual Adversarial Training: Learning together is better than going alone. (99%) Jiang Liu; Chun Pong Lau; Hossein Souri; Soheil Feizi; Rama Chellappa http://arxiv.org/abs/2112.04948 PARL: Enhancing Diversity of Ensemble Networks to Resist Adversarial Attacks via Pairwise Adversarially Robust Loss Function. (99%) Manaar Alam; Shubhajit Datta; Debdeep Mukhopadhyay; Arijit Mondal; Partha Pratim Chakrabarti http://arxiv.org/abs/2112.05282 RamBoAttack: A Robust Query Efficient Deep Neural Network Decision Exploit. (99%) Viet Quoc Vo; Ehsan Abbasnejad; Damith C. Ranasinghe http://arxiv.org/abs/2112.05224 Spinning Language Models: Risks of Propaganda-As-A-Service and Countermeasures. (69%) Eugene Bagdasaryan; Vitaly Shmatikov http://arxiv.org/abs/2112.05310 Robustness Certificates for Implicit Neural Networks: A Mixed Monotone Contractive Approach. (38%) Saber Jafarpour; Matthew Abate; Alexander Davydov; Francesco Bullo; Samuel Coogan http://arxiv.org/abs/2112.05135 PixMix: Dreamlike Pictures Comprehensively Improve Safety Measures. (10%) Dan Hendrycks; Andy Zou; Mantas Mazeika; Leonard Tang; Dawn Song; Jacob Steinhardt http://arxiv.org/abs/2112.05307 Are We There Yet? Timing and Floating-Point Attacks on Differential Privacy Systems. (2%) Jiankai Jin; Eleanor McMurtry; Benjamin I. P. Rubinstein; Olga Ohrimenko http://arxiv.org/abs/2112.04764 3D-VField: Learning to Adversarially Deform Point Clouds for Robust 3D Object Detection. (1%) Alexander Lehner; Stefano Gasperini; Alvaro Marcos-Ramiro; Michael Schmidt; Mohammad-Ali Nikouei Mahani; Nassir Navab; Benjamin Busam; Federico Tombari http://arxiv.org/abs/2112.04532 Segment and Complete: Defending Object Detectors against Adversarial Patch Attacks with Robust Patch Detection. (99%) Jiang Liu; Alexander Levine; Chun Pong Lau; Rama Chellappa; Soheil Feizi http://arxiv.org/abs/2112.04367 On visual self-supervision and its effect on model robustness. (99%) Michal Kucer; Diane Oyen; Garrett Kenyon http://arxiv.org/abs/2112.04154 SNEAK: Synonymous Sentences-Aware Adversarial Attack on Natural Language Video Localization. (93%) Wenbo Gou; Wen Shi; Jian Lou; Lijie Huang; Pan Zhou; Ruixuan Li http://arxiv.org/abs/2112.04468 Revisiting Contrastive Learning through the Lens of Neighborhood Component Analysis: an Integrated Framework. (8%) Ching-Yun Ko; Jeet Mohapatra; Sijia Liu; Pin-Yu Chen; Luca Daniel; Lily Weng http://arxiv.org/abs/2112.03615 Saliency Diversified Deep Ensemble for Robustness to Adversaries. (99%) Alex Bogun; Dimche Kostadinov; Damian Borth http://arxiv.org/abs/2112.03909 Vehicle trajectory prediction works, but not everywhere. (50%) Mohammadhossein Bahari; Saeed Saadatnejad; Ahmad Rahimi; Mohammad Shaverdikondori; Mohammad Shahidzadeh; Seyed-Mohsen Moosavi-Dezfooli; Alexandre Alahi http://arxiv.org/abs/2112.03662 Lightning: Striking the Secure Isolation on GPU Clouds with Transient Hardware Faults. (11%) Rihui Sun; Pefei Qiu; Yongqiang Lyu; Donsheng Wang; Jiang Dong; Gang Qu http://arxiv.org/abs/2112.03570 Membership Inference Attacks From First Principles. (2%) Nicholas Carlini; Steve Chien; Milad Nasr; Shuang Song; Andreas Terzis; Florian Tramer http://arxiv.org/abs/2112.03508 Training Deep Models to be Explained with Fewer Examples. (1%) Tomoharu Iwata; Yuya Yoshikawa http://arxiv.org/abs/2112.04038 Presentation Attack Detection Methods based on Gaze Tracking and Pupil Dynamic: A Comprehensive Survey. (1%) Jalil Nourmohammadi Khiarak http://arxiv.org/abs/2112.03315 Adversarial Machine Learning In Network Intrusion Detection Domain: A Systematic Review. (99%) Huda Ali Alatwi; Charles Morisset http://arxiv.org/abs/2112.03492 Decision-based Black-box Attack Against Vision Transformers via Patch-wise Adversarial Removal. (84%) Yucheng Shi; Yahong Han; Yu-an Tan; Xiaohui Kuang http://arxiv.org/abs/2112.02797 ML Attack Models: Adversarial Attacks and Data Poisoning Attacks. (82%) Jing Lin; Long Dang; Mohamed Rahouti; Kaiqi Xiong http://arxiv.org/abs/2112.03350 Test-Time Detection of Backdoor Triggers for Poisoned Deep Neural Networks. (82%) Xi Li; Zhen Xiang; David J. Miller; George Kesidis http://arxiv.org/abs/2112.02918 When the Curious Abandon Honesty: Federated Learning Is Not Private. (68%) Franziska Boenisch; Adam Dziedzic; Roei Schuster; Ali Shahin Shamsabadi; Ilia Shumailov; Nicolas Papernot http://arxiv.org/abs/2112.03476 Defending against Model Stealing via Verifying Embedded External Features. (33%) Yiming Li; Linghui Zhu; Xiaojun Jia; Yong Jiang; Shu-Tao Xia; Xiaochun Cao http://arxiv.org/abs/2112.03223 Context-Aware Transfer Attacks for Object Detection. (1%) Zikui Cai; Xinxin Xie; Shasha Li; Mingjun Yin; Chengyu Song; Srikanth V. Krishnamurthy; Amit K. Roy-Chowdhury; M. Salman Asif http://arxiv.org/abs/2112.02542 Robust Active Learning: Sample-Efficient Training of Robust Deep Learning Models. (96%) Yuejun Guo; Qiang Hu; Maxime Cordy; Mike Papadakis; Yves Le Traon http://arxiv.org/abs/2112.02671 Stochastic Local Winner-Takes-All Networks Enable Profound Adversarial Robustness. (88%) Konstantinos P. Panousis; Sotirios Chatzis; Sergios Theodoridis http://arxiv.org/abs/2112.02705 Beyond Robustness: Resilience Verification of Tree-Based Classifiers. (2%) Stefano Calzavara; Lorenzo Cazzaro; Claudio Lucchese; Federico Marcuzzi; Salvatore Orlando http://arxiv.org/abs/2112.02606 On Impact of Semantically Similar Apps in Android Malware Datasets. (1%) Roopak Surendran http://arxiv.org/abs/2112.02469 RADA: Robust Adversarial Data Augmentation for Camera Localization in Challenging Weather. (10%) Jialu Wang; Muhamad Risqi U. Saputra; Chris Xiaoxuan Lu; Niki Trigon; Andrew Markham http://arxiv.org/abs/2112.01724 Single-Shot Black-Box Adversarial Attacks Against Malware Detectors: A Causal Language Model Approach. (99%) James Lee Hu; Mohammadreza Ebrahimi; Hsinchun Chen http://arxiv.org/abs/2112.02209 Generalized Likelihood Ratio Test for Adversarially Robust Hypothesis Testing. (99%) Bhagyashree Puranik; Upamanyu Madhow; Ramtin Pedarsani http://arxiv.org/abs/2112.01821 Blackbox Untargeted Adversarial Testing of Automatic Speech Recognition Systems. (98%) Xiaoliang Wu; Ajitha Rajan http://arxiv.org/abs/2112.01777 Attack-Centric Approach for Evaluating Transferability of Adversarial Samples in Machine Learning Models. (54%) Tochukwu Idika; Ismail Akturk http://arxiv.org/abs/2112.01723 Adversarial Attacks against a Satellite-borne Multispectral Cloud Detector. (13%) Andrew Du; Yee Wei Law; Michele Sasdelli; Bo Chen; Ken Clarke; Michael Brown; Tat-Jun Chin http://arxiv.org/abs/2112.02223 A Game-Theoretic Approach for AI-based Botnet Attack Defence. (9%) Hooman Alavizadeh; Julian Jang-Jaccard; Tansu Alpcan; Seyit A. Camtepe http://arxiv.org/abs/2112.01156 A Unified Framework for Adversarial Attack and Defense in Constrained Feature Space. (99%) Thibault Simonetto; Salijona Dyrmishi; Salah Ghamizi; Maxime Cordy; Yves Le Traon http://arxiv.org/abs/2112.01555 Is Approximation Universally Defensive Against Adversarial Attacks in Deep Neural Networks? (93%) Ayesha Siddique; Khaza Anuarul Hoque http://arxiv.org/abs/2112.01601 Is RobustBench/AutoAttack a suitable Benchmark for Adversarial Robustness? (75%) Peter Lorenz; Dominik Strassel; Margret Keuper; Janis Keuper http://arxiv.org/abs/2112.01423 Training Efficiency and Robustness in Deep Learning. (41%) Fartash Faghri http://arxiv.org/abs/2112.01405 FedRAD: Federated Robust Adaptive Distillation. (10%) Stefán Páll Sturluson; Samuel Trew; Luis Muñoz-González; Matei Grama; Jonathan Passerat-Palmbach; Daniel Rueckert; Amir Alansary http://arxiv.org/abs/2112.01148 FIBA: Frequency-Injection based Backdoor Attack in Medical Image Analysis. (3%) Yu Feng; Benteng Ma; Jing Zhang; Shanshan Zhao; Yong Xia; Dacheng Tao http://arxiv.org/abs/2112.01694 On the Existence of the Adversarial Bayes Classifier (Extended Version). (2%) Pranjal Awasthi; Natalie S. Frank; Mehryar Mohri http://arxiv.org/abs/2112.01008 Editing a classifier by rewriting its prediction rules. (1%) Shibani Santurkar; Dimitris Tsipras; Mahalaxmi Elango; David Bau; Antonio Torralba; Aleksander Madry http://arxiv.org/abs/2112.00973 Adversarial Robustness of Deep Reinforcement Learning based Dynamic Recommender Systems. (99%) Siyu Wang; Yuanjiang Cao; Xiaocong Chen; Lina Yao; Xianzhi Wang; Quan Z. Sheng http://arxiv.org/abs/2112.00323 Push Stricter to Decide Better: A Class-Conditional Feature Adaptive Framework for Improving Adversarial Robustness. (99%) Jia-Li Yin; Lehui Xie; Wanqing Zhu; Ximeng Liu; Bo-Hao Chen http://arxiv.org/abs/2112.00378 $\ell_\infty$-Robustness and Beyond: Unleashing Efficient Adversarial Training. (99%) Hadi M. Dolatabadi; Sarah Erfani; Christopher Leckie http://arxiv.org/abs/2112.00659 Certified Adversarial Defenses Meet Out-of-Distribution Corruptions: Benchmarking Robustness and Simple Baselines. (96%) Jiachen Sun; Akshay Mehra; Bhavya Kailkhura; Pin-Yu Chen; Dan Hendrycks; Jihun Hamm; Z. Morley Mao http://arxiv.org/abs/2112.00428 Adv-4-Adv: Thwarting Changing Adversarial Perturbations via Adversarial Domain Adaptation. (95%) Tianyue Zheng; Zhe Chen; Shuya Ding; Chao Cai; Jun Luo http://arxiv.org/abs/2112.00639 Robustness in Deep Learning for Computer Vision: Mind the gap? (31%) Nathan Drenkow; Numair Sani; Ilya Shpitser; Mathias Unberath http://arxiv.org/abs/2112.00686 CYBORG: Blending Human Saliency Into the Loss Improves Deep Learning. (1%) Aidan Boyd; Patrick Tinsley; Kevin Bowyer; Adam Czajka http://arxiv.org/abs/2111.15213 Using a GAN to Generate Adversarial Examples to Facial Image Recognition. (99%) Andrew Merrigan; Alan F. Smeaton http://arxiv.org/abs/2111.15160 Mitigating Adversarial Attacks by Distributing Different Copies to Different Users. (96%) Jiyi Zhang; Wesley Joon-Wie Tann; Ee-Chien Chang http://arxiv.org/abs/2111.15603 Human Imperceptible Attacks and Applications to Improve Fairness. (83%) Xinru Hua; Huanzhong Xu; Jose Blanchet; Viet Nguyen http://arxiv.org/abs/2112.00059 Evaluating Gradient Inversion Attacks and Defenses in Federated Learning. (81%) Yangsibo Huang; Samyak Gupta; Zhao Song; Kai Li; Sanjeev Arora http://arxiv.org/abs/2111.15487 FROB: Few-shot ROBust Model for Classification and Out-of-Distribution Detection. (78%) Nikolaos Dionelis http://arxiv.org/abs/2111.15276 COREATTACK: Breaking Up the Core Structure of Graphs. (78%) Bo Zhou; Yuqian Lv; Jinhuan Wang; Jian Zhang; Qi Xuan http://arxiv.org/abs/2112.00247 Adversarial Attacks Against Deep Generative Models on Data: A Survey. (12%) Hui Sun; Tianqing Zhu; Zhiqiu Zhang; Dawei Jin. Ping Xiong; Wanlei Zhou http://arxiv.org/abs/2111.15416 A Face Recognition System's Worst Morph Nightmare, Theoretically. (1%) Una M. Kelly; Raymond Veldhuis; Luuk Spreeuwers http://arxiv.org/abs/2111.15205 New Datasets for Dynamic Malware Classification. (1%) Berkant Düzgün; Aykut Çayır; Ferhat Demirkıran; Ceyda Nur Kayha; Buket Gençaydın; Hasan Dağ http://arxiv.org/abs/2112.00646 Reliability Assessment and Safety Arguments for Machine Learning Components in Assuring Learning-Enabled Autonomous Systems. (1%) Xingyu Zhao; Wei Huang; Vibhav Bharti; Yi Dong; Victoria Cox; Alec Banks; Sen Wang; Sven Schewe; Xiaowei Huang http://arxiv.org/abs/2111.14564 MedRDF: A Robust and Retrain-Less Diagnostic Framework for Medical Pretrained Models Against Adversarial Attack. (99%) Mengting Xu; Tao Zhang; Daoqiang Zhang http://arxiv.org/abs/2111.14833 Adversarial Attacks in Cooperative AI. (82%) Ted Fujimoto; Arthur Paul Pedersen http://arxiv.org/abs/2111.15039 Living-Off-The-Land Command Detection Using Active Learning. (10%) Talha Ongun; Jack W. Stokes; Jonathan Bar Or; Ke Tian; Farid Tajaddodianfar; Joshua Neil; Christian Seifert; Alina Oprea; John C. Platt http://arxiv.org/abs/2111.14726 Do Invariances in Deep Neural Networks Align with Human Perception? (9%) Vedant Nanda; Ayan Majumdar; Camila Kolling; John P. Dickerson; Krishna P. Gummadi; Bradley C. Love; Adrian Weller http://arxiv.org/abs/2111.14745 A Simple Long-Tailed Recognition Baseline via Vision-Language Model. (1%) Teli Ma; Shijie Geng; Mengmeng Wang; Jing Shao; Jiasen Lu; Hongsheng Li; Peng Gao; Yu Qiao http://arxiv.org/abs/2111.14341 ROBIN : A Benchmark for Robustness to Individual Nuisances in Real-World Out-of-Distribution Shifts. (1%) Bingchen Zhao; Shaozuo Yu; Wufei Ma; Mingxin Yu; Shenxiao Mei; Angtian Wang; Ju He; Alan Yuille; Adam Kortylewski http://arxiv.org/abs/2111.15121 Pyramid Adversarial Training Improves ViT Performance. (1%) Charles Herrmann; Kyle Sargent; Lu Jiang; Ramin Zabih; Huiwen Chang; Ce Liu; Dilip Krishnan; Deqing Sun http://arxiv.org/abs/2111.15518 Detecting Adversaries, yet Faltering to Noise? Leveraging Conditional Variational AutoEncoders for Adversary Detection in the Presence of Noisy Images. (96%) Dvij Kalaria; Aritra Hazra; Partha Pratim Chakrabarti http://arxiv.org/abs/2111.14185 MALIGN: Explainable Static Raw-byte Based Malware Family Classification using Sequence Alignment. (68%) Shoumik Saha; Sadia Afroz; Atif Rahman http://arxiv.org/abs/2111.14255 Automated Runtime-Aware Scheduling for Multi-Tenant DNN Inference on GPU. (1%) Fuxun Yu; Shawn Bray; Di Wang; Longfei Shangguan; Xulong Tang; Chenchen Liu; Xiang Chen http://arxiv.org/abs/2111.14271 ExCon: Explanation-driven Supervised Contrastive Learning for Image Classification. (1%) Zhibo Zhang; Jongseong Jang; Chiheb Trabelsi; Ruiwen Li; Scott Sanner; Yeonjeong Jeong; Dongsub Shim http://arxiv.org/abs/2111.13844 Adaptive Image Transformations for Transfer-based Adversarial Attack. (99%) Zheng Yuan; Jie Zhang; Shiguang Shan http://arxiv.org/abs/2111.13841 Adaptive Perturbation for Adversarial Attack. (99%) Zheng Yuan; Jie Zhang; Zhaoyan Jiang; Liangliang Li; Shiguang Shan http://arxiv.org/abs/2111.14037 Statically Detecting Adversarial Malware through Randomised Chaining. (98%) Matthew Crawford; Wei Wang; Ruoxi Sun; Minhui Xue http://arxiv.org/abs/2111.14035 Dissecting Malware in the Wild. (1%) Hamish Spencer; Wei Wang; Ruoxi Sun; Minhui Xue http://arxiv.org/abs/2111.13330 ArchRepair: Block-Level Architecture-Oriented Repairing for Deep Neural Networks. (50%) Hua Qi; Zhijie Wang; Qing Guo; Jianlang Chen; Felix Juefei-Xu; Lei Ma; Jianjun Zhao http://arxiv.org/abs/2111.12971 Natural & Adversarial Bokeh Rendering via Circle-of-Confusion Predictive Network. (99%) Yihao Huang; Felix Juefei-Xu; Qing Guo; Geguang Pu; Yang Liu http://arxiv.org/abs/2111.12922 Clustering Effect of (Linearized) Adversarial Robust Models. (97%) Yang Bai; Xin Yan; Yong Jiang; Shu-Tao Xia; Yisen Wang http://arxiv.org/abs/2111.13301 Simple Contrastive Representation Adversarial Learning for NLP Tasks. (93%) Deshui Miao; Jiaqi Zhang; Wenbo Xie; Jian Song; Xin Li; Lijuan Jia; Ning Guo http://arxiv.org/abs/2111.13244 Going Grayscale: The Road to Understanding and Improving Unlearnable Examples. (92%) Zhuoran Liu; Zhengyu Zhao; Alex Kolmus; Tijn Berns; Laarhoven Twan van; Tom Heskes; Martha Larson http://arxiv.org/abs/2111.12965 Towards Practical Deployment-Stage Backdoor Attack on Deep Neural Networks. (92%) Xiangyu Qi; Tinghao Xie; Ruizhe Pan; Jifeng Zhu; Yong Yang; Kai Bu http://arxiv.org/abs/2112.01299 Gradient Inversion Attack: Leaking Private Labels in Two-Party Split Learning. (3%) Sanjay Kariyappa; Moinuddin K Qureshi http://arxiv.org/abs/2111.13236 Joint inference and input optimization in equilibrium networks. (1%) Swaminathan Gurumurthy; Shaojie Bai; Zachary Manchester; J. Zico Kolter http://arxiv.org/abs/2111.12631 Unity is strength: Improving the Detection of Adversarial Examples with Ensemble Approaches. (99%) Francesco Craighero; Fabrizio Angaroni; Fabio Stella; Chiara Damiani; Marco Antoniotti; Alex Graudenzi http://arxiv.org/abs/2111.12305 Thundernna: a white box adversarial attack. (99%) Linfeng Ye; Shayan Mohajer Hamidi http://arxiv.org/abs/2111.12906 Robustness against Adversarial Attacks in Neural Networks using Incremental Dissipativity. (92%) Bernardo Aquino; Arash Rahnama; Peter Seiler; Lizhen Lin; Vijay Gupta http://arxiv.org/abs/2111.12629 WFDefProxy: Modularly Implementing and Empirically Evaluating Website Fingerprinting Defenses. (15%) Jiajun Gong; Wuqi Zhang; Charles Zhang; Tao Wang http://arxiv.org/abs/2111.12273 Sharpness-aware Quantization for Deep Neural Networks. (10%) Jing Liu; Jianfei Cai; Bohan Zhuang http://arxiv.org/abs/2111.12896 SLA$^2$P: Self-supervised Anomaly Detection with Adversarial Perturbation. (5%) Yizhou Wang; Can Qin; Rongzhe Wei; Yi Xu; Yue Bai; Yun Fu http://arxiv.org/abs/2111.12405 An Attack on Facial Soft-biometric Privacy Enhancement. (2%) Dailé Osorio-Roig; Christian Rathgeb; Pawel Drozdowski; Philipp Terhörst; Vitomir Štruc; Christoph Busch http://arxiv.org/abs/2111.12621 Accelerating Deep Learning with Dynamic Data Pruning. (1%) Ravi S Raju; Kyle Daruwalla; Mikko Lipasti http://arxiv.org/abs/2111.12034 Adversarial machine learning for protecting against online manipulation. (92%) Stefano Cresci; Marinella Petrocchi; Angelo Spognardi; Stefano Tognazzi http://arxiv.org/abs/2111.12197 Fixed Points in Cyber Space: Rethinking Optimal Evasion Attacks in the Age of AI-NIDS. (84%) Witt Christian Schroeder de; Yongchao Huang; Philip H. S. Torr; Martin Strohmeier http://arxiv.org/abs/2111.12229 Subspace Adversarial Training. (69%) Tao Li; Yingwen Wu; Sizhe Chen; Kun Fang; Xiaolin Huang http://arxiv.org/abs/2111.11986 HERO: Hessian-Enhanced Robust Optimization for Unifying and Improving Generalization and Quantization Performance. (1%) Huanrui Yang; Xiaoxuan Yang; Neil Zhenqiang Gong; Yiran Chen http://arxiv.org/abs/2111.11368 Adversarial Examples on Segmentation Models Can be Easy to Transfer. (99%) Jindong Gu; Hengshuang Zhao; Volker Tresp; Philip Torr http://arxiv.org/abs/2111.11056 Evaluating Adversarial Attacks on ImageNet: A Reality Check on Misclassification Classes. (99%) Utku Ozbulak; Maura Pintor; Messem Arnout Van; Neve Wesley De http://arxiv.org/abs/2111.10990 Imperceptible Transfer Attack and Defense on 3D Point Cloud Classification. (99%) Daizong Liu; Wei Hu http://arxiv.org/abs/2111.10991 Backdoor Attack through Frequency Domain. (92%) Tong Wang; Yuan Yao; Feng Xu; Shengwei An; Hanghang Tong; Ting Wang http://arxiv.org/abs/2111.11157 NTD: Non-Transferability Enabled Backdoor Detection. (69%) Yinshan Li; Hua Ma; Zhi Zhang; Yansong Gao; Alsharif Abuadbba; Anmin Fu; Yifeng Zheng; Said F. Al-Sarawi; Derek Abbott http://arxiv.org/abs/2111.11487 A Comparison of State-of-the-Art Techniques for Generating Adversarial Malware Binaries. (33%) Prithviraj Dasgupta; Zachariah Osman http://arxiv.org/abs/2111.11534 Poisoning Attacks to Local Differential Privacy Protocols for Key-Value Data. (13%) Yongji Wu; Xiaoyu Cao; Jinyuan Jia; Neil Zhenqiang Gong http://arxiv.org/abs/2111.11581 Automatic Mapping of the Best-Suited DNN Pruning Schemes for Real-Time Mobile Acceleration. (1%) Yifan Gong; Geng Yuan; Zheng Zhan; Wei Niu; Zhengang Li; Pu Zhao; Yuxuan Cai; Sijia Liu; Bin Ren; Xue Lin; Xulong Tang; Yanzhi Wang http://arxiv.org/abs/2111.11317 Electric Vehicle Attack Impact on Power Grid Operation. (1%) Mohammad Ali Sayed; Ribal Atallah; Chadi Assi; Mourad Debbabi http://arxiv.org/abs/2111.10752 Stochastic Variance Reduced Ensemble Adversarial Attack for Boosting the Adversarial Transferability. (99%) Yifeng Xiong; Jiadong Lin; Min Zhang; John E. Hopcroft; Kun He http://arxiv.org/abs/2111.10759 Adversarial Mask: Real-World Universal Adversarial Attack on Face Recognition Model. (99%) Alon Zolfi; Shai Avidan; Yuval Elovici; Asaf Shabtai http://arxiv.org/abs/2111.10969 Medical Aegis: Robust adversarial protectors for medical images. (99%) Qingsong Yao; Zecheng He; S. Kevin Zhou http://arxiv.org/abs/2111.10754 Local Linearity and Double Descent in Catastrophic Overfitting. (73%) Varun Sivashankar; Nikil Selvam http://arxiv.org/abs/2111.10844 Denoised Internal Models: a Brain-Inspired Autoencoder against Adversarial Attacks. (62%) Kaiyuan Liu; Xingyu Li; Yi Zhou; Jisong Guan; Yurui Lai; Ge Zhang; Hang Su; Jiachen Wang; Chunxu Guo http://arxiv.org/abs/2111.10659 Are Vision Transformers Robust to Patch Perturbations? (98%) Jindong Gu; Volker Tresp; Yao Qin http://arxiv.org/abs/2111.10055 Towards Efficiently Evaluating the Robustness of Deep Neural Networks in IoT Systems: A GAN-based Method. (99%) Tao Bai; Jun Zhao; Jinlin Zhu; Shoudong Han; Jiefeng Chen; Bo Li; Alex Kot http://arxiv.org/abs/2111.10291 Meta Adversarial Perturbations. (99%) Chia-Hung Yuan; Pin-Yu Chen; Chia-Mu Yu http://arxiv.org/abs/2111.10272 Resilience from Diversity: Population-based approach to harden models against adversarial attacks. (99%) Jasser Jasser; Ivan Garibay http://arxiv.org/abs/2111.10075 Enhanced countering adversarial attacks via input denoising and feature restoring. (99%) Yanni Li; Wenhui Zhang; Jiawei Liu; Xiaoli Kou; Hui Li; Jiangtao Cui http://arxiv.org/abs/2111.10481 PatchCensor: Patch Robustness Certification for Transformers via Exhaustive Testing. (99%) Yuheng Huang; Lei Ma; Yuanchun Li http://arxiv.org/abs/2111.10130 Fooling Adversarial Training with Inducing Noise. (98%) Zhirui Wang; Yifei Wang; Yisen Wang http://arxiv.org/abs/2111.10085 Exposing Weaknesses of Malware Detectors with Explainability-Guided Evasion Attacks. (86%) Wei Wang; Ruoxi Sun; Tian Dong; Shaofeng Li; Minhui Xue; Gareth Tyson; Haojin Zhu http://arxiv.org/abs/2111.09999 TnT Attacks! Universal Naturalistic Adversarial Patches Against Deep Neural Network Systems. (99%) Bao Gia Doan; Minhui Xue; Shiqing Ma; Ehsan Abbasnejad; Damith C. Ranasinghe http://arxiv.org/abs/2111.09961 A Review of Adversarial Attack and Defense for Classification Methods. (99%) Yao Li; Minhao Cheng; Cho-Jui Hsieh; Thomas C. M. Lee http://arxiv.org/abs/2111.09571 Robust Person Re-identification with Multi-Modal Joint Defence. (98%) Yunpeng Gong; Lifei Chen http://arxiv.org/abs/2111.09626 Enhancing the Insertion of NOP Instructions to Obfuscate Malware via Deep Reinforcement Learning. (96%) Daniel Gibert; Matt Fredrikson; Carles Mateu; Jordi Planes; Quan Le http://arxiv.org/abs/2112.03007 How to Build Robust FAQ Chatbot with Controllable Question Generator? (80%) Yan Pan; Mingyang Ma; Bernhard Pflugfelder; Georg Groh http://arxiv.org/abs/2111.09561 Adversarial attacks on voter model dynamics in complex networks. (76%) Katsumi Chiyomaru; Kazuhiro Takemoto http://arxiv.org/abs/2111.09679 Enhanced Membership Inference Attacks against Machine Learning Models. (12%) Jiayuan Ye; Aadyaa Maddi; Sasi Kumar Murakonda; Reza Shokri http://arxiv.org/abs/2111.09779 Wiggling Weights to Improve the Robustness of Classifiers. (2%) Sadaf Gulshad; Ivan Sosnovik; Arnold Smeulders http://arxiv.org/abs/2111.09613 Improving Transferability of Representations via Augmentation-Aware Self-Supervision. (1%) Hankook Lee; Kibok Lee; Kimin Lee; Honglak Lee; Jinwoo Shin http://arxiv.org/abs/2111.08954 TraSw: Tracklet-Switch Adversarial Attacks against Multi-Object Tracking. (99%) Delv Lin; Qi Chen; Chengyu Zhou; Kun He http://arxiv.org/abs/2111.08973 Generating Unrestricted 3D Adversarial Point Clouds. (99%) Xuelong Dai; Yanjie Li; Hua Dai; Bin Xiao http://arxiv.org/abs/2111.09277 SmoothMix: Training Confidence-calibrated Smoothed Classifiers for Certified Robustness. (93%) Jongheon Jeong; Sejun Park; Minkyu Kim; Heung-Chang Lee; Doguk Kim; Jinwoo Shin http://arxiv.org/abs/2111.09488 Attacking Deep Learning AI Hardware with Universal Adversarial Perturbation. (92%) Mehdi Sadi; B. M. S. Bahar Talukder; Kaniz Mishty; Md Tauhidur Rahman http://arxiv.org/abs/2111.09076 Do Not Trust Prediction Scores for Membership Inference Attacks. (33%) Dominik Hintersdorf; Lukas Struppek; Kristian Kersting http://arxiv.org/abs/2111.08591 Robustness of Bayesian Neural Networks to White-Box Adversarial Attacks. (99%) Adaku Uchendu; Daniel Campoy; Christopher Menart; Alexandra Hildenbrandt http://arxiv.org/abs/2111.08529 Improving the robustness and accuracy of biomedical language models through adversarial training. (99%) Milad Moradi; Matthias Samwald http://arxiv.org/abs/2111.08785 Detecting AutoAttack Perturbations in the Frequency Domain. (99%) Peter Lorenz; Paula Harder; Dominik Strassel; Margret Keuper; Janis Keuper http://arxiv.org/abs/2111.08864 Adversarial Tradeoffs in Linear Inverse Problems and Robust StateEstimation. (92%) Bruce D. Lee; Thomas T. C. K. Zhang; Hamed Hassani; Nikolai Matni http://arxiv.org/abs/2111.08485 Consistent Semantic Attacks on Optical Flow. (81%) Tom Koren; Lior Talker; Michael Dinerstein; Roy J Jevnisek http://arxiv.org/abs/2111.08429 An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences. (54%) Wei Guo; Benedetta Tondi; Mauro Barni http://arxiv.org/abs/2111.08251 Enabling equivariance for arbitrary Lie groups. (1%) Lachlan Ewen MacDonald; Sameera Ramasinghe; Simon Lucey http://arxiv.org/abs/2111.08223 A Survey on Adversarial Attacks for Malware Analysis. (98%) Kshitiz Aryal; Maanak Gupta; Mahmoud Abdelsalam http://arxiv.org/abs/2111.07970 Triggerless Backdoor Attack for NLP Tasks with Clean Labels. (68%) Leilei Gan; Jiwei Li; Tianwei Zhang; Xiaoya Li; Yuxian Meng; Fei Wu; Shangwei Guo; Chun Fan http://arxiv.org/abs/2111.07608 Property Inference Attacks Against GANs. (67%) Junhao Zhou; Yufei Chen; Chao Shen; Yang Zhang http://arxiv.org/abs/2111.07424 Generating Band-Limited Adversarial Surfaces Using Neural Networks. (99%) Roee Ben-Shlomo; Yevgeniy Men; Ido Imanuel http://arxiv.org/abs/2111.07492 Finding Optimal Tangent Points for Reducing Distortions of Hard-label Attacks. (76%) Chen Ma; Xiangyu Guo; Li Chen; Jun-Hai Yong; Yisen Wang http://arxiv.org/abs/2111.07454 Towards Interpretability of Speech Pause in Dementia Detection using Adversarial Learning. (75%) Youxiang Zhu; Bang Tran; Xiaohui Liang; John A. Batsis; Robert M. Roth http://arxiv.org/abs/2111.07439 Improving Compound Activity Classification via Deep Transfer and Representation Learning. (1%) Vishal Dey; Raghu Machiraju; Xia Ning http://arxiv.org/abs/2111.07239 Robust and Accurate Object Detection via Self-Knowledge Distillation. (62%) Weipeng Xu; Pengzhi Chu; Renhao Xie; Xiongziyan Xiao; Hongcheng Huang http://arxiv.org/abs/2111.07062 UNTANGLE: Unlocking Routing and Logic Obfuscation Using Graph Neural Networks-based Link Prediction. (2%) Lilas Alrahis; Satwik Patnaik; Muhammad Abdullah Hanif; Muhammad Shafique; Ozgur Sinanoglu http://arxiv.org/abs/2111.06979 Neural Population Geometry Reveals the Role of Stochasticity in Robust Perception. (99%) Joel Dapello; Jenelle Feather; Hang Le; Tiago Marques; David D. Cox; Josh H. McDermott; James J. DiCarlo; SueYeon Chung http://arxiv.org/abs/2111.07035 Measuring the Contribution of Multiple Model Representations in Detecting Adversarial Instances. (98%) Daniel Steinberg; Paul Munro http://arxiv.org/abs/2111.06961 Adversarially Robust Learning for Security-Constrained Optimal Power Flow. (10%) Priya L. Donti; Aayushya Agarwal; Neeraj Vijay Bedmutha; Larry Pileggi; J. Zico Kolter http://arxiv.org/abs/2111.06719 On Transferability of Prompt Tuning for Natural Language Processing. (8%) Yusheng Su; Xiaozhi Wang; Yujia Qin; Chi-Min Chan; Yankai Lin; Huadong Wang; Kaiyue Wen; Zhiyuan Liu; Peng Li; Juanzi Li; Lei Hou; Maosong Sun; Jie Zhou http://arxiv.org/abs/2111.06682 A Bayesian Nash equilibrium-based moving target defense against stealthy sensor attacks. (1%) David Umsonst; Serkan Sarıtaş; György Dán; Henrik Sandberg http://arxiv.org/abs/2111.06776 Resilient Consensus-based Multi-agent Reinforcement Learning. (1%) Martin Figura; Yixuan Lin; Ji Liu; Vijay Gupta http://arxiv.org/abs/2111.06063 On the Equivalence between Neural Network and Support Vector Machine. (1%) Yilan Chen; Wei Huang; Lam M. Nguyen; Tsui-Wei Weng http://arxiv.org/abs/2111.05978 Trustworthy Medical Segmentation with Uncertainty Estimation. (93%) Giuseppina Carannante; Dimah Dera; Nidhal C. Bouaynaya; Ghulam Rasool; Hassan M. Fathallah-Shaykh http://arxiv.org/abs/2111.05953 Robust Learning via Ensemble Density Propagation in Deep Neural Networks. (2%) Giuseppina Carannante; Dimah Dera; Ghulam Rasool; Nidhal C. Bouaynaya; Lyudmila Mihaylova http://arxiv.org/abs/2111.05063 Tightening the Approximation Error of Adversarial Risk with Auto Loss Function Search. (99%) Pengfei Xia; Ziqiang Li; Bin Li http://arxiv.org/abs/2111.05073 MixACM: Mixup-Based Robustness Transfer via Distillation of Activated Channel Maps. (99%) Muhammad Awais; Fengwei Zhou; Chuanlong Xie; Jiawei Li; Sung-Ho Bae; Zhenguo Li http://arxiv.org/abs/2111.05468 Sparse Adversarial Video Attacks with Spatial Transformations. (98%) Ronghui Mu; Wenjie Ruan; Leandro Soriano Marcolino; Qiang Ni http://arxiv.org/abs/2111.05077 A Statistical Difference Reduction Method for Escaping Backdoor Detection. (97%) Pengfei Xia; Hongjing Niu; Ziqiang Li; Bin Li http://arxiv.org/abs/2111.05328 Data Augmentation Can Improve Robustness. (73%) Sylvestre-Alvise Rebuffi; Sven Gowal; Dan A. Calian; Florian Stimberg; Olivia Wiles; Timothy Mann http://arxiv.org/abs/2111.05464 Are Transformers More Robust Than CNNs? (67%) Yutong Bai; Jieru Mei; Alan Yuille; Cihang Xie http://arxiv.org/abs/2111.04371 Geometrically Adaptive Dictionary Attack on Face Recognition. (99%) Junyoung Byun; Hyojun Go; Changick Kim http://arxiv.org/abs/2111.04303 Defense Against Explanation Manipulation. (98%) Ruixiang Tang; Ninghao Liu; Fan Yang; Na Zou; Xia Hu http://arxiv.org/abs/2111.04625 DeepSteal: Advanced Model Extractions Leveraging Efficient Weight Stealing in Memories. (98%) Adnan Siraj Rakin; Md Hafizul Islam Chowdhuryy; Fan Yao; Deliang Fan http://arxiv.org/abs/2111.04865 On Assessing The Safety of Reinforcement Learning algorithms Using Formal Methods. (75%) Paulina Stevia Nouwou Mindom; Amin Nikanjam; Foutse Khomh; John Mullins http://arxiv.org/abs/2111.04394 Get a Model! Model Hijacking Attack Against Machine Learning Models. (69%) Ahmed Salem; Michael Backes; Yang Zhang http://arxiv.org/abs/2111.04404 Robust and Information-theoretically Safe Bias Classifier against Adversarial Attacks. (69%) Lijia Yu; Xiao-Shan Gao http://arxiv.org/abs/2111.04330 Characterizing the adversarial vulnerability of speech self-supervised learning. (68%) Haibin Wu; Bo Zheng; Xu Li; Xixin Wu; Hung-yi Lee; Helen Meng http://arxiv.org/abs/2111.04703 HAPSSA: Holistic Approach to PDF Malware Detection Using Signal and Statistical Analysis. (67%) Tajuddin Manhar Mohammed; Lakshmanan Nataraj; Satish Chikkagoudar; Shivkumar Chandrasekaran; B. S. Manjunath http://arxiv.org/abs/2111.04314 Graph Robustness Benchmark: Benchmarking the Adversarial Robustness of Graph Machine Learning. (67%) Qinkai Zheng; Xu Zou; Yuxiao Dong; Yukuo Cen; Da Yin; Jiarong Xu; Yang Yang; Jie Tang http://arxiv.org/abs/2111.04550 BARFED: Byzantine Attack-Resistant Federated Averaging Based on Outlier Elimination. (45%) Ece Isik-Polat; Gorkem Polat; Altan Kocyigit http://arxiv.org/abs/2111.04266 Generative Dynamic Patch Attack. (99%) Xiang Li; Shihao Ji http://arxiv.org/abs/2111.04204 Natural Adversarial Objects. (81%) Felix Lau; Nishant Subramani; Sasha Harrison; Aerin Kim; Elliot Branson; Rosanne Liu http://arxiv.org/abs/2111.05108 "How Does It Detect A Malicious App?" Explaining the Predictions of AI-based Android Malware Detector. (11%) Zhi Lu; Vrizlynn L. L. Thing http://arxiv.org/abs/2111.03536 A Unified Game-Theoretic Interpretation of Adversarial Robustness. (98%) Jie Ren; Die Zhang; Yisen Wang; Lu Chen; Zhanpeng Zhou; Yiting Chen; Xu Cheng; Xin Wang; Meng Zhou; Jie Shi; Quanshi Zhang http://arxiv.org/abs/2112.03000 Sequential Randomized Smoothing for Adversarially Robust Speech Recognition. (96%) Raphael Olivier; Bhiksha Raj http://arxiv.org/abs/2111.03363 Federated Learning Attacks Revisited: A Critical Discussion of Gaps, Assumptions, and Evaluation Setups. (2%) Aidmar Wainakh; Ephraim Zimmer; Sandeep Subedi; Jens Keim; Tim Grube; Shankar Karuppayah; Alejandro Sanchez Guinea; Max Mühlhäuser http://arxiv.org/abs/2111.02840 Adversarial GLUE: A Multi-Task Benchmark for Robustness Evaluation of Language Models. (99%) Boxin Wang; Chejian Xu; Shuohang Wang; Zhe Gan; Yu Cheng; Jianfeng Gao; Ahmed Hassan Awadallah; Bo Li http://arxiv.org/abs/2111.02842 Adversarial Attacks on Graph Classification via Bayesian Optimisation. (87%) Xingchen Wan; Henry Kenlay; Binxin Ru; Arno Blaas; Michael A. Osborne; Xiaowen Dong http://arxiv.org/abs/2111.03120 Adversarial Attacks on Knowledge Graph Embeddings via Instance Attribution Methods. (47%) Peru Bhardwaj; John Kelleher; Luca Costabello; Declan O'Sullivan http://arxiv.org/abs/2111.02845 Attacking Deep Reinforcement Learning-Based Traffic Signal Control Systems with Colluding Vehicles. (3%) Ao Qu; Yihong Tang; Wei Ma http://arxiv.org/abs/2111.02331 LTD: Low Temperature Distillation for Robust Adversarial Training. (88%) Erh-Chung Chen; Che-Rung Lee http://arxiv.org/abs/2111.02018 Multi-Glimpse Network: A Robust and Efficient Classification Architecture based on Recurrent Downsampled Attention. (41%) Sia Huat Tan; Runpei Dong; Kaisheng Ma http://arxiv.org/abs/2111.01528 Effective and Imperceptible Adversarial Textual Attack via Multi-objectivization. (99%) Shengcai Liu; Ning Lu; Wenjing Hong; Chao Qian; Ke Tang http://arxiv.org/abs/2111.01714 Meta-Learning the Search Distribution of Black-Box Random Search Based Adversarial Attacks. (96%) Maksym Yatsura; Jan Hendrik Metzen; Matthias Hein http://arxiv.org/abs/2111.01395 Training Certifiably Robust Neural Networks with Efficient Local Lipschitz Bounds. (70%) Yujia Huang; Huan Zhang; Yuanyuan Shi; J Zico Kolter; Anima Anandkumar http://arxiv.org/abs/2111.01996 Pareto Adversarial Robustness: Balancing Spatial Robustness and Sensitivity-based Robustness. (68%) Ke Sun; Mingjie Li; Zhouchen Lin http://arxiv.org/abs/2111.01363 Knowledge Cross-Distillation for Membership Privacy. (38%) Rishav Chourasia; Batnyam Enkhtaivan; Kunihiro Ito; Junki Mori; Isamu Teranishi; Hikaru Tsuchida http://arxiv.org/abs/2111.01965 Adversarially Perturbed Wavelet-based Morphed Face Generation. (9%) Kelsey O'Haire; Sobhan Soleymani; Baaria Chaudhary; Poorya Aghdaie; Jeremy Dawson; Nasser M. Nasrabadi http://arxiv.org/abs/2111.00684 Graph Structural Attack by Spectral Distance. (93%) Lu Lin; Ethan Blaser; Hongning Wang http://arxiv.org/abs/2111.00898 Availability Attacks Create Shortcuts. (89%) Da Yu; Huishuai Zhang; Wei Chen; Jian Yin; Tie-Yan Liu http://arxiv.org/abs/2111.00961 Robustness of deep learning algorithms in astronomy -- galaxy morphology studies. (83%) A. Ćiprijanović; D. Kafkes; G. N. Perdue; K. Pedro; G. Snyder; F. J. Sánchez; S. Madireddy; S. Wild; B. Nord http://arxiv.org/abs/2111.01124 When Does Contrastive Learning Preserve Adversarial Robustness from Pretraining to Finetuning? (69%) Lijie Fan; Sijia Liu; Pin-Yu Chen; Gaoyuan Zhang; Chuang Gan http://arxiv.org/abs/2111.01080 ZeBRA: Precisely Destroying Neural Networks with Zero-Data Based Repeated Bit Flip Attack. (9%) Dahoon Park; Kon-Woo Kwon; Sunghoon Im; Jaeha Kung http://arxiv.org/abs/2111.00435 An Actor-Critic Method for Simulation-Based Optimization. (56%) Kuo Li; Qing-Shan Jia; Jiaqi Yan http://arxiv.org/abs/2111.00295 Get Fooled for the Right Reason: Improving Adversarial Robustness through a Teacher-guided Curriculum Learning Approach. (97%) Anindya Sarkar; Anirban Sarkar; Sowrya Gali; Vineeth N Balasubramanian http://arxiv.org/abs/2111.00350 AdvCodeMix: Adversarial Attack on Code-Mixed Data. (93%) Sourya Dipta Das; Ayan Basak; Soumil Mandal; Dipankar Das http://arxiv.org/abs/2111.00197 Backdoor Pre-trained Models Can Transfer to All. (3%) Lujia Shen; Shouling Ji; Xuhong Zhang; Jinfeng Li; Jing Chen; Jie Shi; Chengfang Fang; Jianwei Yin; Ting Wang http://arxiv.org/abs/2111.00169 Trojan Source: Invisible Vulnerabilities. (1%) Nicholas Boucher; Ross Anderson http://arxiv.org/abs/2110.15629 Attacking Video Recognition Models with Bullet-Screen Comments. (99%) Kai Chen; Zhipeng Wei; Jingjing Chen; Zuxuan Wu; Yu-Gang Jiang http://arxiv.org/abs/2110.15767 Adversarial Robustness with Semi-Infinite Constrained Learning. (92%) Alexander Robey; Luiz F. O. Chamon; George J. Pappas; Hamed Hassani; Alejandro Ribeiro http://arxiv.org/abs/2110.15764 {\epsilon}-weakened Robustness of Deep Neural Networks. (62%) Pei Huang; Yuting Yang; Minghao Liu; Fuqi Jia; Feifei Ma; Jian Zhang http://arxiv.org/abs/2111.00162 You are caught stealing my winning lottery ticket! Making a lottery ticket claim its ownership. (11%) Xuxi Chen; Tianlong Chen; Zhenyu Zhang; Zhangyang Wang http://arxiv.org/abs/2110.15317 Bridge the Gap Between CV and NLP! A Gradient-based Textual Adversarial Attack Framework. (99%) Lifan Yuan; Yichi Zhang; Yangyi Chen; Wei Wei http://arxiv.org/abs/2110.14880 AEVA: Black-box Backdoor Detection Using Adversarial Extreme Value Analysis. (92%) Junfeng Guo; Ang Li; Cong Liu http://arxiv.org/abs/2110.15188 The magnitude vector of images. (1%) Michael F. Adamer; Leslie O'Bray; Brouwer Edward De; Bastian Rieck; Karsten Borgwardt http://arxiv.org/abs/2110.14735 Towards Evaluating the Robustness of Neural Networks Learned by Transduction. (98%) Jiefeng Chen; Xi Wu; Yang Guo; Yingyu Liang; Somesh Jha http://arxiv.org/abs/2110.14855 CAP: Co-Adversarial Perturbation on Weights and Features for Improving Generalization of Graph Neural Networks. (98%) Haotian Xue; Kaixiong Zhou; Tianlong Chen; Kai Guo; Xia Hu; Yi Chang; Xin Wang http://arxiv.org/abs/2110.14693 Towards Robust Reasoning over Knowledge Graphs. (83%) Zhaohan Xi; Ren Pang; Changjiang Li; Shouling Ji; Xiapu Luo; Xusheng Xiao; Ting Wang http://arxiv.org/abs/2110.14357 Binarized ResNet: Enabling Robust Automatic Modulation Classification at the resource-constrained Edge. (80%) Deepsayan Sadhukhan; Nitin Priyadarshini Shankar; Nancy Nayak; Thulasi Tholeti; Sheetal Kalyani http://arxiv.org/abs/2110.14871 Generalized Depthwise-Separable Convolutions for Adversarially Robust and Efficient Neural Networks. (74%) Hassan Dbouk; Naresh R. Shanbhag http://arxiv.org/abs/2110.14430 Adversarial Neuron Pruning Purifies Backdoored Deep Models. (15%) Dongxian Wu; Yisen Wang http://arxiv.org/abs/2110.14844 From Intrinsic to Counterfactual: On the Explainability of Contextualized Recommender Systems. (5%) Yao Zhou; Haonan Wang; Jingrui He; Haixun Wang http://arxiv.org/abs/2110.14189 Robust Contrastive Learning Using Negative Samples with Diminished Semantics. (1%) Songwei Ge; Shlok Mishra; Haohan Wang; Chun-Liang Li; David Jacobs http://arxiv.org/abs/2110.14188 RoMA: Robust Model Adaptation for Offline Model-based Optimization. (1%) Sihyun Yu; Sungsoo Ahn; Le Song; Jinwoo Shin http://arxiv.org/abs/2110.13950 Can't Fool Me: Adversarially Robust Transformer for Video Understanding. (99%) Divya Choudhary; Palash Goyal; Saurabh Sahu http://arxiv.org/abs/2110.13935 Frequency Centric Defense Mechanisms against Adversarial Examples. (99%) Sanket B. Shah; Param Raval; Harin Khakhi; Mehul S. Raval http://arxiv.org/abs/2110.14120 ScaleCert: Scalable Certified Defense against Adversarial Patches with Sparse Superficial Layers. (99%) Husheng Han; Kaidi Xu; Xing Hu; Xiaobing Chen; Ling Liang; Zidong Du; Qi Guo; Yanzhi Wang; Yunji Chen http://arxiv.org/abs/2110.14068 Drawing Robust Scratch Tickets: Subnetworks with Inborn Robustness Are Found within Randomly Initialized Networks. (99%) Yonggan Fu; Qixuan Yu; Yang Zhang; Shang Wu; Xu Ouyang; David Cox; Yingyan Lin http://arxiv.org/abs/2110.13864 FL-WBC: Enhancing Robustness against Model Poisoning Attacks in Federated Learning from a Client Perspective. (98%) Jingwei Sun; Ang Li; Louis DiValentin; Amin Hassanzadeh; Yiran Chen; Hai Li http://arxiv.org/abs/2111.00861 A Frequency Perspective of Adversarial Robustness. (98%) Shishira R Maiya; Max Ehrlich; Vatsal Agarwal; Ser-Nam Lim; Tom Goldstein; Abhinav Shrivastava http://arxiv.org/abs/2110.13741 Disrupting Deep Uncertainty Estimation Without Harming Accuracy. (86%) Ido Galil; Ran El-Yaniv http://arxiv.org/abs/2110.14030 Improving Local Effectiveness for Global robust training. (83%) Jingyue Lu; M. Pawan Kumar http://arxiv.org/abs/2110.14038 Robustness of Graph Neural Networks at Scale. (76%) Simon Geisler; Tobias Schmidt; Hakan Şirin; Daniel Zügner; Aleksandar Bojchevski; Stephan Günnemann http://arxiv.org/abs/2110.13980 Adversarial Attacks and Defenses for Social Network Text Processing Applications: Techniques, Challenges and Future Research Directions. (75%) Izzat Alsmadi; Kashif Ahmad; Mahmoud Nazzal; Firoj Alam; Ala Al-Fuqaha; Abdallah Khreishah; Abdulelah Algosaibi http://arxiv.org/abs/2110.15053 Adversarial Robustness in Multi-Task Learning: Promises and Illusions. (64%) Salah Ghamizi; Maxime Cordy; Mike Papadakis; Yves Le Traon http://arxiv.org/abs/2110.13771 AugMax: Adversarial Composition of Random Augmentations for Robust Training. (56%) Haotao Wang; Chaowei Xiao; Jean Kossaifi; Zhiding Yu; Anima Anandkumar; Zhangyang Wang http://arxiv.org/abs/2110.13541 Qu-ANTI-zation: Exploiting Quantization Artifacts for Achieving Adversarial Outcomes. (50%) Sanghyun Hong; Michael-Andrei Panaitescu-Liess; Yiğitcan Kaya; Tudor Dumitraş http://arxiv.org/abs/2110.13414 Semantic Host-free Trojan Attack. (10%) Haripriya Harikumar; Kien Do; Santu Rana; Sunil Gupta; Svetha Venkatesh http://arxiv.org/abs/2110.15122 CAFE: Catastrophic Data Leakage in Vertical Federated Learning. (3%) Xiao Jin; Pin-Yu Chen; Chia-Yi Hsu; Chia-Mu Yu; Tianyi Chen http://arxiv.org/abs/2110.14032 MEST: Accurate and Fast Memory-Economic Sparse Training Framework on the Edge. (1%) Geng Yuan; Xiaolong Ma; Wei Niu; Zhengang Li; Zhenglun Kong; Ning Liu; Yifan Gong; Zheng Zhan; Chaoyang He; Qing Jin; Siyue Wang; Minghai Qin; Bin Ren; Yanzhi Wang; Sijia Liu; Xue Lin http://arxiv.org/abs/2110.14019 Reliable and Trustworthy Machine Learning for Health Using Dataset Shift Detection. (1%) Chunjong Park; Anas Awadalla; Tadayoshi Kohno; Shwetak Patel http://arxiv.org/abs/2110.13859 Defensive Tensorization. (1%) Adrian Bulat; Jean Kossaifi; Sourav Bhattacharya; Yannis Panagakis; Timothy Hospedales; Georgios Tzimiropoulos; Nicholas D Lane; Maja Pantic http://arxiv.org/abs/2110.13409 Task-Aware Meta Learning-based Siamese Neural Network for Classifying Obfuscated Malware. (1%) Jinting Zhu; Julian Jang-Jaccard; Amardeep Singh; Paul A. Watters; Seyit Camtepe http://arxiv.org/abs/2110.12976 Stable Neural ODE with Lyapunov-Stable Equilibrium Points for Defending Against Adversarial Attacks. (99%) Qiyu Kang; Yang Song; Qinxu Ding; Wee Peng Tay http://arxiv.org/abs/2110.12948 Generating Watermarked Adversarial Texts. (99%) Mingjie Li; Hanzhou Wu; Xinpeng Zhang http://arxiv.org/abs/2110.13250 Beyond $L_p$ clipping: Equalization-based Psychoacoustic Attacks against ASRs. (92%) Hadi Abdullah; Muhammad Sajidur Rahman; Christian Peeters; Cassidy Gibson; Washington Garcia; Vincent Bindschaedler; Thomas Shrimpton; Patrick Traynor http://arxiv.org/abs/2110.12734 Fast Gradient Non-sign Methods. (92%) Yaya Cheng; Jingkuan Song; Xiaosu Zhu; Qilong Zhang; Lianli Gao; Heng Tao Shen http://arxiv.org/abs/2110.14814 Ensemble Federated Adversarial Training with Non-IID data. (87%) Shuang Luo; Didi Zhu; Zexi Li; Chao Wu http://arxiv.org/abs/2110.13650 GANash -- A GAN approach to steganography. (81%) Venkatesh Subramaniyan; Vignesh Sivakumar; A. K. Vagheesan; S. Sakthivelan; K. J. Jegadish Kumar; K. K. Nagarajan http://arxiv.org/abs/2110.12690 A Dynamical System Perspective for Lipschitz Neural Networks. (81%) Laurent Meunier; Blaise Delattre; Alexandre Araujo; Alexandre Allauzen http://arxiv.org/abs/2110.12700 An Adaptive Structural Learning of Deep Belief Network for Image-based Crack Detection in Concrete Structures Using SDNET2018. (13%) Shin Kamada; Takumi Ichimura; Takashi Iwasaki http://arxiv.org/abs/2110.12357 Towards A Conceptually Simple Defensive Approach for Few-shot classifiers Against Adversarial Support Samples. (80%) Yi Xiang Marcus Tan; Penny Chong; Jiamei Sun; Ngai-man Cheung; Yuval Elovici; Alexander Binder http://arxiv.org/abs/2110.12321 ADC: Adversarial attacks against object Detection that evade Context consistency checks. (99%) Mingjun Yin; Shasha Li; Chengyu Song; M. Salman Asif; Amit K. Roy-Chowdhury; Srikanth V. Krishnamurthy http://arxiv.org/abs/2110.12308 A Layer-wise Adversarial-aware Quantization Optimization for Improving Robustness. (81%) Chang Song; Riya Ranjan; Hai Li http://arxiv.org/abs/2110.11987 Improving Robustness of Malware Classifiers using Adversarial Strings Generated from Perturbed Latent Representations. (99%) Marek Galovic; Branislav Bosansky; Viliam Lisy http://arxiv.org/abs/2110.12072 How and When Adversarial Robustness Transfers in Knowledge Distillation? (91%) Rulin Shao; Jinfeng Yi; Pin-Yu Chen; Cho-Jui Hsieh http://arxiv.org/abs/2110.12020 Fairness Degrading Adversarial Attacks Against Clustering Algorithms. (86%) Anshuman Chhabra; Adish Singla; Prasant Mohapatra http://arxiv.org/abs/2110.11950 Adversarial robustness for latent models: Revisiting the robust-standard accuracies tradeoff. (80%) Adel Javanmard; Mohammad Mehrabi http://arxiv.org/abs/2110.11578 PRECAD: Privacy-Preserving and Robust Federated Learning via Crypto-Aided Differential Privacy. (15%) Xiaolan Gu; Ming Li; Li Xiong http://arxiv.org/abs/2110.11597 ProtoShotXAI: Using Prototypical Few-Shot Architecture for Explainable AI. (15%) Samuel Hess; Gregory Ditzler http://arxiv.org/abs/2110.12923 Spoofing Detection on Hand Images Using Quality Assessment. (1%) Asish Bera; Ratnadeep Dey; Debotosh Bhattacharjee; Mita Nasipuri; Hubert P. H. Shum http://arxiv.org/abs/2110.11589 Text Counterfactuals via Latent Optimization and Shapley-Guided Search. (1%) Quintin Pope; Xiaoli Z. Fern http://arxiv.org/abs/2110.11891 On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning. (1%) Anvith Thudi; Hengrui Jia; Ilia Shumailov; Nicolas Papernot http://arxiv.org/abs/2110.11736 MANDERA: Malicious Node Detection in Federated Learning via Ranking. (1%) Wanchuang Zhu; Benjamin Zi Hao Zhao; Simon Luo; Tongliang Liu; Ke Deng http://arxiv.org/abs/2110.11459 CAPTIVE: Constrained Adversarial Perturbations to Thwart IC Reverse Engineering. (98%) Amir Hosein Afandizadeh Zargari; Marzieh AshrafiAmiri; Minjun Seo; Sai Manoj Pudukotai Dinakarrao; Mohammed E. Fouda; Fadi Kurdahi http://arxiv.org/abs/2110.11411 PROVES: Establishing Image Provenance using Semantic Signatures. (93%) Mingyang Xie; Manav Kulshrestha; Shaojie Wang; Jinghan Yang; Ayan Chakrabarti; Ning Zhang; Yevgeniy Vorobeychik http://arxiv.org/abs/2110.11088 RoMA: a Method for Neural Network Robustness Measurement and Assessment. (92%) Natan Levy; Guy Katz http://arxiv.org/abs/2110.11571 Anti-Backdoor Learning: Training Clean Models on Poisoned Data. (83%) Yige Li; Xixiang Lyu; Nodens Koren; Lingjuan Lyu; Bo Li; Xingjun Ma http://arxiv.org/abs/2110.10926 PipAttack: Poisoning Federated Recommender Systems forManipulating Item Promotion. (68%) Shijie Zhang; Hongzhi Yin; Tong Chen; Zi Huang; Quoc Viet Hung Nguyen; Lizhen Cui http://arxiv.org/abs/2110.11205 Robustness through Data Augmentation Loss Consistency. (61%) Tianjian Huang; Shaunak Halbe; Chinnadhurai Sankar; Pooyan Amini; Satwik Kottur; Alborz Geramifard; Meisam Razaviyayn; Ahmad Beirami http://arxiv.org/abs/2110.10942 Generalization of Neural Combinatorial Solvers Through the Lens of Adversarial Robustness. (61%) Simon Geisler; Johanna Sommer; Jan Schuchardt; Aleksandar Bojchevski; Stephan Günnemann http://arxiv.org/abs/2110.11024 Watermarking Graph Neural Networks based on Backdoor Attacks. (31%) Jing Xu; Stjepan Picek http://arxiv.org/abs/2110.11290 Physical Side-Channel Attacks on Embedded Neural Networks: A Survey. (8%) Maria Méndez Real; Rubén Salvador http://arxiv.org/abs/2110.10655 Adversarial Socialbot Learning via Multi-Agent Deep Hierarchical Reinforcement Learning. (83%) Thai Le; Long Tran-Thanh; Dongwon Lee http://arxiv.org/abs/2110.10482 Surrogate Representation Learning with Isometric Mapping for Gray-box Graph Adversarial Attacks. (62%) Zihan Liul; Yun Luo; Zelin Zang; Stan Z. Li http://arxiv.org/abs/2110.10444 Moir\'e Attack (MA): A New Potential Risk of Screen Photos. (56%) Dantong Niu; Ruohao Guo; Yisen Wang http://arxiv.org/abs/2110.10783 Adversarial attacks against Bayesian forecasting dynamic models. (13%) Roi Naveiro http://arxiv.org/abs/2110.12899 No One Representation to Rule Them All: Overlapping Features of Training Methods. (1%) Raphael Gontijo-Lopes; Yann Dauphin; Ekin D. Cubuk http://arxiv.org/abs/2110.10287 Multi-concept adversarial attacks. (99%) Vibha Belavadi; Yan Zhou; Murat Kantarcioglu; Bhavani M. Thuraisingham http://arxiv.org/abs/2110.09759 A Regularization Method to Improve Adversarial Robustness of Neural Networks for ECG Signal Classification. (96%) Linhai Ma; Liang Liang http://arxiv.org/abs/2110.10108 TESSERACT: Gradient Flip Score to Secure Federated Learning Against Model Poisoning Attacks. (69%) Atul Sharma; Wei Chen; Joshua Zhao; Qiang Qiu; Somali Chaterji; Saurabh Bagchi http://arxiv.org/abs/2110.09902 Understanding Convolutional Neural Networks from Theoretical Perspective via Volterra Convolution. (61%) Tenghui Li; Guoxu Zhou; Yuning Qiu; Qibin Zhao http://arxiv.org/abs/2110.10354 Detecting Backdoor Attacks Against Point Cloud Classifiers. (26%) Zhen Xiang; David J. Miller; Siheng Chen; Xi Li; George Kesidis http://arxiv.org/abs/2110.09814 Speech Pattern based Black-box Model Watermarking for Automatic Speech Recognition. (13%) Haozhe Chen; Weiming Zhang; Kunlin Liu; Kejiang Chen; Han Fang; Nenghai Yu http://arxiv.org/abs/2110.10291 A Deeper Look into RowHammer`s Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses. (5%) Lois Orosa; Abdullah Giray Yağlıkçı; Haocong Luo; Ataberk Olgun; Jisung Park; Hasan Hassan; Minesh Patel; Jeremie S. Kim; Onur Mutlu http://arxiv.org/abs/2110.09075 Boosting the Transferability of Video Adversarial Examples via Temporal Translation. (99%) Zhipeng Wei; Jingjing Chen; Zuxuan Wu; Yu-Gang Jiang http://arxiv.org/abs/2110.09714 Black-box Adversarial Attacks on Commercial Speech Platforms with Minimal Information. (99%) Baolin Zheng; Peipei Jiang; Qian Wang; Qi Li; Chao Shen; Cong Wang; Yunjie Ge; Qingyang Teng; Shenyi Zhang http://arxiv.org/abs/2110.09468 Improving Robustness using Generated Data. (97%) Sven Gowal; Sylvestre-Alvise Rebuffi; Olivia Wiles; Florian Stimberg; Dan Andrei Calian; Timothy Mann http://arxiv.org/abs/2110.09506 MEMO: Test Time Robustness via Adaptation and Augmentation. (13%) Marvin Zhang; Sergey Levine; Chelsea Finn http://arxiv.org/abs/2110.09929 Minimal Multi-Layer Modifications of Deep Neural Networks. (4%) Idan Refaeli; Guy Katz http://arxiv.org/abs/2110.09903 Unrestricted Adversarial Attacks on ImageNet Competition. (99%) Yuefeng Chen; Xiaofeng Mao; Yuan He; Hui Xue; Chao Li; Yinpeng Dong; Qi-An Fu; Xiao Yang; Wenzhao Xiang; Tianyu Pang; Hang Su; Jun Zhu; Fangcheng Liu; Chao Zhang; Hongyang Zhang; Yichi Zhang; Shilong Liu; Chang Liu; Wenzhao Xiang; Yajie Wang; Huipeng Zhou; Haoran Lyu; Yidan Xu; Zixuan Xu; Taoyu Zhu; Wenjun Li; Xianfeng Gao; Guoqiu Wang; Huanqian Yan; Ying Guo; Chaoning Zhang; Zheng Fang; Yang Wang; Bingyang Fu; Yunfei Zheng; Yekui Wang; Haorong Luo; Zhen Yang http://arxiv.org/abs/2110.08956 Improving Robustness of Reinforcement Learning for Power System Control with Adversarial Training. (99%) Alexander Daniel Pan; Daniel Yongkyun; Lee; Huan Zhang; Yize Chen; Yuanyuan Shi http://arxiv.org/abs/2110.09983 ECG-ATK-GAN: Robustness against Adversarial Attacks on ECGs using Conditional Generative Adversarial Networks. (99%) Khondker Fariha Hossain; Sharif Amit Kamran; Alireza Tavakkoli; Xingjun Ma http://arxiv.org/abs/2110.08760 Adapting Membership Inference Attacks to GNN for Graph Classification: Approaches and Implications. (22%) Bang Wu; Xiangwen Yang; Shirui Pan; Xingliang Yuan http://arxiv.org/abs/2110.08932 Poisoning Attacks on Fair Machine Learning. (12%) Minh-Hao Van; Wei Du; Xintao Wu; Aidong Lu http://arxiv.org/abs/2110.08712 Black-box Adversarial Attacks on Network-wide Multi-step Traffic State Prediction Models. (99%) Bibek Poudel; Weizi Li http://arxiv.org/abs/2110.08514 Analyzing Dynamic Adversarial Training Data in the Limit. (82%) Eric Wallace; Adina Williams; Robin Jia; Douwe Kiela http://arxiv.org/abs/2110.08517 Characterizing Improper Input Validation Vulnerabilities of Mobile Crowdsourcing Services. (5%) Sojhal Ismail Khan; Dominika Woszczyk; Chengzeng You; Soteris Demetriou; Muhammad Naveed http://arxiv.org/abs/2110.08690 Tackling the Imbalance for GNNs. (4%) Rui Wang; Weixuan Xiong; Qinghu Hou; Ou Wu http://arxiv.org/abs/2110.08449 Adversarial Attacks on Gaussian Process Bandits. (99%) Eric Han; Jonathan Scarlett http://arxiv.org/abs/2110.08036 Generating Natural Language Adversarial Examples through An Improved Beam Search Algorithm. (99%) Tengfei Zhao; Zhaocheng Ge; Hanping Hu; Dingmeng Shi http://arxiv.org/abs/2110.08042 Adversarial Attacks on ML Defense Models Competition. (99%) Yinpeng Dong; Qi-An Fu; Xiao Yang; Wenzhao Xiang; Tianyu Pang; Hang Su; Jun Zhu; Jiayu Tang; Yuefeng Chen; XiaoFeng Mao; Yuan He; Hui Xue; Chao Li; Ye Liu; Qilong Zhang; Lianli Gao; Yunrui Yu; Xitong Gao; Zhe Zhao; Daquan Lin; Jiadong Lin; Chuanbiao Song; Zihao Wang; Zhennan Wu; Yang Guo; Jiequan Cui; Xiaogang Xu; Pengguang Chen http://arxiv.org/abs/2110.08324 Mitigating Membership Inference Attacks by Self-Distillation Through a Novel Ensemble Architecture. (76%) Xinyu Tang; Saeed Mahloujifar; Liwei Song; Virat Shejwalkar; Milad Nasr; Amir Houmansadr; Prateek Mittal http://arxiv.org/abs/2110.08322 Robustness of different loss functions and their impact on networks learning capability. (76%) Vishal Rajput http://arxiv.org/abs/2110.08139 Chunked-Cache: On-Demand and Scalable Cache Isolation for Security Architectures. (22%) Ghada Dessouky; Alexander Gruler; Pouya Mahmoody; Ahmad-Reza Sadeghi; Emmanuel Stapf http://arxiv.org/abs/2110.08247 Textual Backdoor Attacks Can Be More Harmful via Two Simple Tricks. (10%) Yangyi Chen; Fanchao Qi; Zhiyuan Liu; Maosong Sun http://arxiv.org/abs/2110.07858 Understanding and Improving Robustness of Vision Transformers through Patch-based Negative Augmentation. (8%) Yao Qin; Chiyuan Zhang; Ting Chen; Balaji Lakshminarayanan; Alex Beutel; Xuezhi Wang http://arxiv.org/abs/2110.08113 Hand Me Your PIN! Inferring ATM PINs of Users Typing with a Covered Hand. (1%) Matteo Cardaioli; Stefano Cecconello; Mauro Conti; Simone Milani; Stjepan Picek; Eugen Saraci http://arxiv.org/abs/2110.07182 Adversarial examples by perturbing high-level features in intermediate decoder layers. (99%) Vojtěch Čermák; Lukáš Adam http://arxiv.org/abs/2110.07305 DI-AA: An Interpretable White-box Attack for Fooling Deep Neural Networks. (99%) Yixiang Wang; Jiqiang Liu; Xiaolin Chang; Jianhua Wang; Ricardo J. Rodríguez http://arxiv.org/abs/2110.07801 Adversarial Purification through Representation Disentanglement. (99%) Tao Bai; Jun Zhao; Lanqing Guo; Bihan Wen http://arxiv.org/abs/2110.07831 RAP: Robustness-Aware Perturbations for Defending against Backdoor Attacks on NLP Models. (93%) Wenkai Yang; Yankai Lin; Peng Li; Jie Zhou; Xu Sun http://arxiv.org/abs/2110.07683 An Optimization Perspective on Realizing Backdoor Injection Attacks on Deep Neural Networks in Hardware. (87%) M. Caner Tol; Saad Islam; Berk Sunar; Ziming Zhang http://arxiv.org/abs/2110.07667 Interactive Analysis of CNN Robustness. (80%) Stefan Sietzen; Mathias Lechner; Judy Borowski; Ramin Hasani; Manuela Waldner http://arxiv.org/abs/2110.07462 On Adversarial Vulnerability of PHM algorithms: An Initial Study. (69%) Weizhong Yan; Zhaoyuan Yang; Jianwei Qiu http://arxiv.org/abs/2110.07736 Identifying and Mitigating Spurious Correlations for Improving Robustness in NLP Models. (61%) Tianlu Wang; Diyi Yang; Xuezhi Wang http://arxiv.org/abs/2110.07537 Toward Degradation-Robust Voice Conversion. (9%) Chien-yu Huang; Kai-Wei Chang; Hung-yi Lee http://arxiv.org/abs/2110.07159 Interpreting the Robustness of Neural NLP Models to Textual Perturbations. (9%) Yunxiang Zhang; Liangming Pan; Samson Tan; Min-Yen Kan http://arxiv.org/abs/2110.07596 Retrieval-guided Counterfactual Generation for QA. (2%) Bhargavi Paranjape; Matthew Lamm; Ian Tenney http://arxiv.org/abs/2110.08260 Effective Certification of Monotone Deep Equilibrium Models. (1%) Mark Niklas Müller; Robin Staab; Marc Fischer; Martin Vechev http://arxiv.org/abs/2110.06816 A Framework for Verification of Wasserstein Adversarial Robustness. (99%) Tobias Wegel; Felix Assion; David Mickisch; Florens Greßner http://arxiv.org/abs/2110.06802 Identification of Attack-Specific Signatures in Adversarial Examples. (99%) Hossein Souri; Pirazh Khorramshahi; Chun Pong Lau; Micah Goldblum; Rama Chellappa http://arxiv.org/abs/2110.08256 Model-Agnostic Meta-Attack: Towards Reliable Evaluation of Adversarial Robustness. (99%) Xiao Yang; Yinpeng Dong; Wenzhao Xiang; Tianyu Pang; Hang Su; Jun Zhu http://arxiv.org/abs/2110.07139 Mind the Style of Text! Adversarial and Backdoor Attacks Based on Text Style Transfer. (98%) Fanchao Qi; Yangyi Chen; Xurui Zhang; Mukai Li; Zhiyuan Liu; Maosong Sun http://arxiv.org/abs/2110.07120 Brittle interpretations: The Vulnerability of TCAV and Other Concept-based Explainability Tools to Adversarial Attack. (93%) Davis Brown; Henry Kvinge http://arxiv.org/abs/2110.06904 Poison Forensics: Traceback of Data Poisoning Attacks in Neural Networks. (92%) Shawn Shan; Arjun Nitin Bhagoji; Haitao Zheng; Ben Y. Zhao http://arxiv.org/abs/2110.06850 Boosting the Certified Robustness of L-infinity Distance Nets. (1%) Bohang Zhang; Du Jiang; Di He; Liwei Wang http://arxiv.org/abs/2110.06513 Benchmarking the Robustness of Spatial-Temporal Models Against Corruptions. (1%) Chenyu Yi; Siyuan Yang; Haoliang Li; Yap-peng Tan; Alex Kot http://arxiv.org/abs/2110.07718 Adversarial Attack across Datasets. (99%) Yunxiao Qin; Yuanhao Xiong; Jinfeng Yi; Cho-Jui Hsieh http://arxiv.org/abs/2110.06468 Graph-Fraudster: Adversarial Attacks on Graph Neural Network Based Vertical Federated Learning. (99%) Jinyin Chen; Guohan Huang; Haibin Zheng; Shanqing Yu; Wenrong Jiang; Chen Cui http://arxiv.org/abs/2110.05748 SEPP: Similarity Estimation of Predicted Probabilities for Defending and Detecting Adversarial Text. (92%) Hoang-Quoc Nguyen-Son; Seira Hidano; Kazuhide Fukushima; Shinsaku Kiyomoto http://arxiv.org/abs/2110.06018 On the Security Risks of AutoML. (45%) Ren Pang; Zhaohan Xi; Shouling Ji; Xiapu Luo; Ting Wang http://arxiv.org/abs/2110.05797 Zero-bias Deep Neural Network for Quickest RF Signal Surveillance. (1%) Yongxin Liu; Yingjie Chen; Jian Wang; Shuteng Niu; Dahai Liu; Houbing Song http://arxiv.org/abs/2110.05007 Boosting Fast Adversarial Training with Learnable Adversarial Initialization. (99%) Xiaojun Jia; Yong Zhang; Baoyuan Wu; Jue Wang; Xiaochun Cao http://arxiv.org/abs/2110.05626 Parameterizing Activation Functions for Adversarial Robustness. (98%) Sihui Dai; Saeed Mahloujifar; Prateek Mittal http://arxiv.org/abs/2110.05059 Amicable examples for informed source separation. (86%) Naoya Takahashi; Yuki Mitsufuji http://arxiv.org/abs/2110.05691 Doubly-Trained Adversarial Data Augmentation for Neural Machine Translation. (12%) Weiting Tan; Shuoyang Ding; Huda Khayrallah; Philipp Koehn http://arxiv.org/abs/2110.05365 Intriguing Properties of Input-dependent Randomized Smoothing. (1%) Peter Súkeník; Aleksei Kuvshinov; Stephan Günnemann http://arxiv.org/abs/2110.05689 Hiding Images into Images with Real-world Robustness. (1%) Qichao Ying; Hang Zhou; Xianhan Zeng; Haisheng Xu; Zhenxing Qian; Xinpeng Zhang http://arxiv.org/abs/2110.05054 Source Mixing and Separation Robust Audio Steganography. (1%) Naoya Takahashi; Mayank Kumar Singh; Yuki Mitsufuji http://arxiv.org/abs/2110.05290 Homogeneous Learning: Self-Attention Decentralized Deep Learning. (1%) Yuwei Sun; Hideya Ochiai http://arxiv.org/abs/2110.05679 Large Language Models Can Be Strong Differentially Private Learners. (1%) Xuechen Li; Florian Tramèr; Percy Liang; Tatsunori Hashimoto http://arxiv.org/abs/2110.05076 A Closer Look at Prototype Classifier for Few-shot Image Classification. (1%) Mingcheng Hou; Issei Sato http://arxiv.org/abs/2110.07719 Certified Patch Robustness via Smoothed Vision Transformers. (1%) Hadi Salman; Saachi Jain; Eric Wong; Aleksander Mądry http://arxiv.org/abs/2110.04887 Adversarial Attacks in a Multi-view Setting: An Empirical Study of the Adversarial Patches Inter-view Transferability. (98%) Bilel Tarchoun; Ihsen Alouani; Anouar Ben Khalifa; Mohamed Ali Mahjoub http://arxiv.org/abs/2110.04731 Universal Adversarial Attacks on Neural Networks for Power Allocation in a Massive MIMO System. (92%) Pablo Millán Santos; B. R. Manoj; Meysam Sadeghi; Erik G. Larsson http://arxiv.org/abs/2110.04488 Demystifying the Transferability of Adversarial Attacks in Computer Networks. (99%) Ehsan Nowroozi; Yassine Mekdad; Mohammad Hajian Berenjestanaki; Mauro Conti; Abdeslam EL Fergougui http://arxiv.org/abs/2110.04471 Provably Efficient Black-Box Action Poisoning Attacks Against Reinforcement Learning. (93%) Guanlin Liu; Lifeng Lai http://arxiv.org/abs/2110.04571 Widen The Backdoor To Let More Attackers In. (13%) Siddhartha Datta; Giulio Lovisotto; Ivan Martinovic; Nigel Shadbolt http://arxiv.org/abs/2110.04158 Explainability-Aware One Point Attack for Point Cloud Neural Networks. (99%) Hanxiao Tan; Helena Kotthaus http://arxiv.org/abs/2110.06166 Game Theory for Adversarial Attacks and Defenses. (98%) Shorya Sharma http://arxiv.org/abs/2110.03999 Graphs as Tools to Improve Deep Learning Methods. (10%) Carlos Lassance; Myriam Bontonou; Mounia Hamidouche; Bastien Pasdeloup; Lucas Drumetz; Vincent Gripon http://arxiv.org/abs/2110.04180 IHOP: Improved Statistical Query Recovery against Searchable Symmetric Encryption through Quadratic Optimization. (3%) Simon Oya; Florian Kerschbaum http://arxiv.org/abs/2110.04259 A Wireless Intrusion Detection System for 802.11 WPA3 Networks. (1%) Neil Dalal; Nadeem Akhtar; Anubhav Gupta; Nikhil Karamchandani; Gaurav S. Kasbekar; Jatin Parekh http://arxiv.org/abs/2110.04301 Salient ImageNet: How to discover spurious features in Deep Learning? (1%) Sahil Singla; Soheil Feizi http://arxiv.org/abs/2110.03605 Robust Feature-Level Adversaries are Interpretability Tools. (99%) Stephen Casper; Max Nadeau; Dylan Hadfield-Menell; Gabriel Kreiman http://arxiv.org/abs/2110.03301 EvadeDroid: A Practical Evasion Attack on Machine Learning for Black-box Android Malware Detection. (99%) Hamid Bostani; Veelasha Moonsamy http://arxiv.org/abs/2110.03745 Adversarial Attack by Limited Point Cloud Surface Modifications. (98%) Atrin Arya; Hanieh Naderi; Shohreh Kasaei http://arxiv.org/abs/2110.03825 Exploring Architectural Ingredients of Adversarially Robust Deep Neural Networks. (98%) Hanxun Huang; Yisen Wang; Sarah Monazam Erfani; Quanquan Gu; James Bailey; Xingjun Ma http://arxiv.org/abs/2110.03875 Dyn-Backdoor: Backdoor Attack on Dynamic Link Prediction. (80%) Jinyin Chen; Haiyang Xiong; Haibin Zheng; Jian Zhang; Guodong Jiang; Yi Liu http://arxiv.org/abs/2110.03175 Fingerprinting Multi-exit Deep Neural Network Models via Inference Time. (62%) Tian Dong; Han Qiu; Tianwei Zhang; Jiwei Li; Hewu Li; Jialiang Lu http://arxiv.org/abs/2110.03735 Adversarial Unlearning of Backdoors via Implicit Hypergradient. (56%) Yi Zeng; Si Chen; Won Park; Z. Morley Mao; Ming Jin; Ruoxi Jia http://arxiv.org/abs/2110.03302 MPSN: Motion-aware Pseudo Siamese Network for Indoor Video Head Detection in Buildings. (1%) Kailai Sun; Xiaoteng Ma; Peng Liu; Qianchuan Zhao http://arxiv.org/abs/2110.11417 HIRE-SNN: Harnessing the Inherent Robustness of Energy-Efficient Deep Spiking Neural Networks by Training with Crafted Input Noise. (99%) Souvik Kundu; Massoud Pedram; Peter A. Beerel http://arxiv.org/abs/2110.02700 Reversible adversarial examples against local visual perturbation. (99%) Zhaoxia Yin; Li Chen; Shaowei Zhu http://arxiv.org/abs/2110.02516 Attack as the Best Defense: Nullifying Image-to-image Translation GANs via Limit-aware Adversarial Attack. (99%) Chin-Yuan Yeh; Hsi-Wen Chen; Hong-Han Shuai; De-Nian Yang; Ming-Syan Chen http://arxiv.org/abs/2110.02797 Adversarial Robustness Comparison of Vision Transformer and MLP-Mixer to CNNs. (99%) Philipp Benz; Soomin Ham; Chaoning Zhang; Adil Karjauv; In So Kweon http://arxiv.org/abs/2110.02498 Adversarial Attacks on Machinery Fault Diagnosis. (99%) Jiahao Chen; Diqun Yan http://arxiv.org/abs/2110.02929 Adversarial Attacks on Spiking Convolutional Networks for Event-based Vision. (98%) Julian Büchel; Gregor Lenz; Yalun Hu; Sadique Sheik; Martino Sorbaro http://arxiv.org/abs/2110.03092 A Uniform Framework for Anomaly Detection in Deep Neural Networks. (97%) Fangzhen Zhao; Chenyi Zhang; Naipeng Dong; Zefeng You; Zhenxin Wu http://arxiv.org/abs/2110.03135 Double Descent in Adversarial Training: An Implicit Label Noise Perspective. (88%) Chengyu Dong; Liyuan Liu; Jingbo Shang http://arxiv.org/abs/2110.03124 Improving Adversarial Robustness for Free with Snapshot Ensemble. (83%) Yihao Wang http://arxiv.org/abs/2110.03154 DoubleStar: Long-Range Attack Towards Depth Estimation based Obstacle Avoidance in Autonomous Systems. (45%) Ce Michigan State University Zhou; Qiben Michigan State University Yan; Yan Michigan State University Shi; Lichao Lehigh University Sun http://arxiv.org/abs/2110.02631 Inference Attacks Against Graph Neural Networks. (2%) Zhikun Zhang; Min Chen; Michael Backes; Yun Shen; Yang Zhang http://arxiv.org/abs/2110.03149 Data-driven behavioural biometrics for continuous and adaptive user verification using Smartphone and Smartwatch. (1%) Akriti Verma; Valeh Moghaddam; Adnan Anwar http://arxiv.org/abs/2110.03054 On The Vulnerability of Recurrent Neural Networks to Membership Inference Attacks. (1%) Yunhao Yang; Parham Gohari; Ufuk Topcu http://arxiv.org/abs/2110.03141 Efficient Sharpness-aware Minimization for Improved Training of Neural Networks. (1%) Jiawei Du; Hanshu Yan; Jiashi Feng; Joey Tianyi Zhou; Liangli Zhen; Rick Siow Mong Goh; Vincent Y. F. Tan http://arxiv.org/abs/2110.02504 Stegomalware: A Systematic Survey of MalwareHiding and Detection in Images, Machine LearningModels and Research Challenges. (1%) Rajasekhar Chaganti; Vinayakumar Ravi; Mamoun Alazab; Tuan D. Pham http://arxiv.org/abs/2110.02863 Exploring the Common Principal Subspace of Deep Features in Neural Networks. (1%) Haoran Liu; Haoyi Xiong; Yaqing Wang; Haozhe An; Dongrui Wu; Dejing Dou http://arxiv.org/abs/2110.02718 Generalizing Neural Networks by Reflecting Deviating Data in Production. (1%) Yan Xiao; Yun Lin; Ivan Beschastnikh; Changsheng Sun; David S. Rosenblum; Jin Song Dong http://arxiv.org/abs/2110.02125 Adversarial Robustness Verification and Attack Synthesis in Stochastic Systems. (99%) Lisa Oakley; Alina Oprea; Stavros Tripakis http://arxiv.org/abs/2110.01823 Adversarial Attacks on Black Box Video Classifiers: Leveraging the Power of Geometric Transformations. (99%) Shasha Li; Abhishek Aich; Shitong Zhu; M. Salman Asif; Chengyu Song; Amit K. Roy-Chowdhury; Srikanth Krishnamurthy http://arxiv.org/abs/2110.02364 Adversarial defenses via a mixture of generators. (99%) Maciej Żelaszczyk; Jacek Mańdziuk http://arxiv.org/abs/2110.01818 Neural Network Adversarial Attack Method Based on Improved Genetic Algorithm. (92%) Dingming Yang; Yanrong Cui; Hongqiang Yuan http://arxiv.org/abs/2110.02467 BadPre: Task-agnostic Backdoor Attacks to Pre-trained NLP Foundation Models. (33%) Kangjie Chen; Yuxian Meng; Xiaofei Sun; Shangwei Guo; Tianwei Zhang; Jiwei Li; Chun Fan http://arxiv.org/abs/2110.02424 Spectral Bias in Practice: The Role of Function Frequency in Generalization. (1%) Sara Fridovich-Keil; Raphael Gontijo-Lopes; Rebecca Roelofs http://arxiv.org/abs/2110.02417 CADA: Multi-scale Collaborative Adversarial Domain Adaptation for Unsupervised Optic Disc and Cup Segmentation. (1%) Peng Liu; Charlie T. Tran; Bin Kong; Ruogu Fang http://arxiv.org/abs/2110.02180 Noisy Feature Mixup. (1%) Soon Hoe Lim; N. Benjamin Erichson; Francisco Utrera; Winnie Xu; Michael W. Mahoney http://arxiv.org/abs/2110.01232 Benchmarking Safety Monitors for Image Classifiers with Machine Learning. (1%) Raul Sena LAAS Ferreira; Jean LAAS Arlat; Jeremie LAAS Guiochet; Hélène LAAS Waeselynck http://arxiv.org/abs/2110.01094 Adversarial Examples Generation for Reducing Implicit Gender Bias in Pre-trained Models. (82%) Wenqian Ye; Fei Xu; Yaojia Huang; Cassie Huang; Ji A http://arxiv.org/abs/2110.14597 Evaluating Deep Learning Models and Adversarial Attacks on Accelerometer-Based Gesture Authentication. (98%) Elliu Huang; Troia Fabio Di; Mark Stamp http://arxiv.org/abs/2110.00899 Anti-aliasing Deep Image Classifiers using Novel Depth Adaptive Blurring and Activation Function. (13%) Md Tahmid Hossain; Shyh Wei Teng; Ferdous Sohel; Guojun Lu http://arxiv.org/abs/2110.00623 Calibrated Adversarial Training. (98%) Tianjin Huang; Vlado Menkovski; Yulong Pei; Mykola Pechenizkiy http://arxiv.org/abs/2110.00708 Universal Adversarial Spoofing Attacks against Face Recognition. (87%) Takuma Amada; Seng Pei Liew; Kazuya Kakizaki; Toshinori Araki http://arxiv.org/abs/2110.00473 Score-Based Generative Classifiers. (84%) Roland S. Zimmermann; Lukas Schott; Yang Song; Benjamin A. Dunn; David A. Klindt http://arxiv.org/abs/2110.05929 One Timestep is All You Need: Training Spiking Neural Networks with Ultra Low Latency. (1%) Sayeed Shafayet Chowdhury; Nitin Rathi; Kaushik Roy http://arxiv.org/abs/2109.15160 Mitigating Black-Box Adversarial Attacks via Output Noise Perturbation. (98%) Manjushree B. Aithal; Xiaohua Li http://arxiv.org/abs/2109.15177 You Cannot Easily Catch Me: A Low-Detectable Adversarial Patch for Object Detectors. (95%) Zijian Zhu; Hang Su; Chang Liu; Wenzhao Xiang; Shibao Zheng http://arxiv.org/abs/2109.15009 Adversarial Semantic Contour for Object Detection. (92%) Yichi Zhang; Zijian Zhu; Xiao Yang; Jun Zhu http://arxiv.org/abs/2109.14868 From Zero-Shot Machine Learning to Zero-Day Attack Detection. (10%) Mohanad Sarhan; Siamak Layeghy; Marcus Gallagher; Marius Portmann http://arxiv.org/abs/2109.14205 On Brightness Agnostic Adversarial Examples Against Face Recognition Systems. (99%) Inderjeet Singh; Satoru Momiyama; Kazuya Kakizaki; Toshinori Araki http://arxiv.org/abs/2109.15031 Back in Black: A Comparative Evaluation of Recent State-Of-The-Art Black-Box Attacks. (70%) Kaleel Mahmood; Rigel Mahmood; Ethan Rathbun; Dijk Marten van http://arxiv.org/abs/2109.14707 BulletTrain: Accelerating Robust Neural Network Training via Boundary Example Mining. (41%) Weizhe Hua; Yichi Zhang; Chuan Guo; Zhiru Zhang; G. Edward Suh http://arxiv.org/abs/2109.14678 Mitigation of Adversarial Policy Imitation via Constrained Randomization of Policy (CRoP). (10%) Nancirose Piazza; Vahid Behzadan http://arxiv.org/abs/2109.14002 slimTrain -- A Stochastic Approximation Method for Training Separable Deep Neural Networks. (1%) Elizabeth Newman; Julianne Chung; Matthias Chung; Lars Ruthotto http://arxiv.org/abs/2109.12838 MUTEN: Boosting Gradient-Based Adversarial Attacks via Mutant-Based Ensembles. (99%) Yuejun Guo; Qiang Hu; Maxime Cordy; Michail Papadakis; Yves Le Traon http://arxiv.org/abs/2109.13069 Cluster Attack: Query-based Adversarial Attacks on Graphs with Graph-Dependent Priors. (99%) Zhengyi Wang; Zhongkai Hao; Ziqiao Wang; Hang Su; Jun Zhu http://arxiv.org/abs/2109.13215 Classification and Adversarial examples in an Overparameterized Linear Model: A Signal Processing Perspective. (98%) Adhyyan Narang; Vidya Muthukumar; Anant Sahai http://arxiv.org/abs/2109.13297 GANG-MAM: GAN based enGine for Modifying Android Malware. (64%) Renjith G; Sonia Laudanna; Aji S; Corrado Aaron Visaggio; Vinod P http://arxiv.org/abs/2109.12803 Distributionally Robust Multi-Output Regression Ranking. (3%) Shahabeddin Sotudian; Ruidi Chen; Ioannis Paschalidis http://arxiv.org/abs/2109.12851 Improving Uncertainty of Deep Learning-based Object Classification on Radar Spectra using Label Smoothing. (1%) Kanil Patel; William Beluch; Kilian Rambach; Michael Pfeiffer; Bin Yang http://arxiv.org/abs/2109.13012 Federated Deep Learning with Bayesian Privacy. (1%) Hanlin Gu; Lixin Fan; Bowen Li; Yan Kang; Yuan Yao; Qiang Yang http://arxiv.org/abs/2109.12772 Distributionally Robust Multiclass Classification and Applications in Deep CNN Image Classifiers. (11%) Ruidi Chen; Boran Hao; Ioannis Paschalidis http://arxiv.org/abs/2109.12459 Two Souls in an Adversarial Image: Towards Universal Adversarial Example Detection using Multi-view Inconsistency. (99%) Sohaib Kiani; Sana Awan; Chao Lan; Fengjun Li; Bo Luo http://arxiv.org/abs/2109.13232 Contributions to Large Scale Bayesian Inference and Adversarial Machine Learning. (98%) Víctor Gallego http://arxiv.org/abs/2109.12406 MINIMAL: Mining Models for Data Free Universal Adversarial Triggers. (93%) Swapnil Parekh; Yaman Singla Kumar; Somesh Singh; Changyou Chen; Balaji Krishnamurthy; Rajiv Ratn Shah http://arxiv.org/abs/2109.11803 Local Intrinsic Dimensionality Signals Adversarial Perturbations. (98%) Sandamal Weerasinghe; Tansu Alpcan; Sarah M. Erfani; Christopher Leckie; Benjamin I. P. Rubinstein http://arxiv.org/abs/2109.11308 Breaking BERT: Understanding its Vulnerabilities for Biomedical Named Entity Recognition through Adversarial Attack. (98%) Anne Dirkson; Suzan Verberne; Wessel Kraaij http://arxiv.org/abs/2109.11249 FooBaR: Fault Fooling Backdoor Attack on Neural Network Training. (88%) Jakub Breier; Xiaolu Hou; Martín Ochoa; Jesus Solano http://arxiv.org/abs/2109.11728 AES Systems Are Both Overstable And Oversensitive: Explaining Why And Proposing Defenses. (68%) Yaman Kumar Singla; Swapnil Parekh; Somesh Singh; Junyi Jessy Li; Rajiv Ratn Shah; Changyou Chen http://arxiv.org/abs/2109.11495 DeepAID: Interpreting and Improving Deep Learning-based Anomaly Detection in Security Applications. (1%) Dongqi Han; Zhiliang Wang; Wenqi Chen; Ying Zhong; Su Wang; Han Zhang; Jiahai Yang; Xingang Shi; Xia Yin http://arxiv.org/abs/2109.10770 Exploring Adversarial Examples for Efficient Active Learning in Machine Learning Classifiers. (99%) Honggang Yu; Shihfeng Zeng; Teng Zhang; Ing-Chao Lin; Yier Jin http://arxiv.org/abs/2109.10696 CC-Cert: A Probabilistic Approach to Certify General Robustness of Neural Networks. (81%) Mikhail Pautov; Nurislam Tursynbek; Marina Munkhoeva; Nikita Muravev; Aleksandr Petiushko; Ivan Oseledets http://arxiv.org/abs/2109.11041 Security Analysis of Capsule Network Inference using Horizontal Collaboration. (69%) Adewale Adeyemo; Faiq Khalid; Tolulope A. Odetola; Syed Rafay Hasan http://arxiv.org/abs/2109.11125 Adversarial Transfer Attacks With Unknown Data and Class Overlap. (62%) Luke E. Richards; André Nguyen; Ryan Capps; Steven Forsythe; Cynthia Matuszek; Edward Raff http://arxiv.org/abs/2109.10859 Pushing the Right Buttons: Adversarial Evaluation of Quality Estimation. (1%) Diptesh Kanojia; Marina Fomicheva; Tharindu Ranasinghe; Frédéric Blain; Constantin Orăsan; Lucia Specia http://arxiv.org/abs/2109.10512 Backdoor Attacks on Federated Learning with Lottery Ticket Hypothesis. (1%) Zeyuan Yin; Ye Yuan; Panfeng Guo; Pan Zhou http://arxiv.org/abs/2109.10417 Attacks on Visualization-Based Malware Detection: Balancing Effectiveness and Executability. (99%) Hadjer Benkraouda; Jingyu Qian; Hung Quoc Tran; Berkay Kaplan http://arxiv.org/abs/2109.10161 3D Point Cloud Completion with Geometric-Aware Adversarial Augmentation. (93%) Mengxi Wu; Hao Huang; Yi Fang http://arxiv.org/abs/2109.09955 DeSMP: Differential Privacy-exploited Stealthy Model Poisoning Attacks in Federated Learning. (76%) Md Tamjid Hossain; Shafkat Islam; Shahriar Badsha; Haoting Shen http://arxiv.org/abs/2109.09963 Privacy, Security, and Utility Analysis of Differentially Private CPES Data. (13%) Md Tamjid Hossain; Shahriar Badsha; Haoting Shen http://arxiv.org/abs/2109.09320 Robust Physical-World Attacks on Face Recognition. (99%) Xin Zheng; Yanbo Fan; Baoyuan Wu; Yong Zhang; Jue Wang; Shirui Pan http://arxiv.org/abs/2109.09901 Modeling Adversarial Noise for Adversarial Defense. (99%) Dawei Zhou; Nannan Wang; Bo Han; Tongliang Liu http://arxiv.org/abs/2109.09654 Can We Leverage Predictive Uncertainty to Detect Dataset Shift and Adversarial Examples in Android Malware Detection? (99%) Deqiang Li; Tian Qiu; Shuo Chen; Qianmu Li; Shouhuai Xu http://arxiv.org/abs/2109.09869 Robustness Analysis of Deep Learning Frameworks on Mobile Platforms. (10%) Amin Eslami Abyane; Hadi Hemmati http://arxiv.org/abs/2109.09598 "Hello, It's Me": Deep Learning-based Speech Synthesis Attacks in the Real World. (2%) Emily Wenger; Max Bronckers; Christian Cianfarani; Jenna Cryan; Angela Sha; Haitao Zheng; Ben Y. Zhao http://arxiv.org/abs/2109.09829 Towards Energy-Efficient and Secure Edge AI: A Cross-Layer Framework. (1%) Muhammad Shafique; Alberto Marchisio; Rachmad Vidya Wicaksana Putra; Muhammad Abdullah Hanif http://arxiv.org/abs/2109.09060 On the Noise Stability and Robustness of Adversarially Trained Networks on NVM Crossbars. (99%) Deboleena Roy; Chun Tao; Indranil Chakraborty; Kaushik Roy http://arxiv.org/abs/2109.09075 Adversarial Training with Contrastive Learning in NLP. (16%) Daniela N. Rim; DongNyeong Heo; Heeyoul Choi http://arxiv.org/abs/2109.08868 Clean-label Backdoor Attack against Deep Hashing based Retrieval. (98%) Kuofeng Gao; Jiawang Bai; Bin Chen; Dongxian Wu; Shu-Tao Xia http://arxiv.org/abs/2109.08465 Messing Up 3D Virtual Environments: Transferable Adversarial 3D Objects. (98%) Enrico Meloni; Matteo Tiezzi; Luca Pasqualini; Marco Gori; Stefano Melacci http://arxiv.org/abs/2109.08776 Exploring the Training Robustness of Distributional Reinforcement Learning against Noisy State Observations. (8%) Ke Sun; Yingnan Zhao; Shangling Jui; Linglong Kong http://arxiv.org/abs/2109.07986 Harnessing Perceptual Adversarial Patches for Crowd Counting. (99%) Shunchang Liu; Jiakai Wang; Aishan Liu; Yingwei Li; Yijie Gao; Xianglong Liu; Dacheng Tao http://arxiv.org/abs/2109.08191 KATANA: Simple Post-Training Robustness Using Test Time Augmentations. (98%) Gilad Cohen; Raja Giryes http://arxiv.org/abs/2109.07723 Targeted Attack on Deep RL-based Autonomous Driving with Learned Visual Patterns. (96%) Prasanth Buddareddygari; Travis Zhang; Yezhou Yang; Yi Ren http://arxiv.org/abs/2109.08139 Adversarial Attacks against Deep Learning Based Power Control in Wireless Communications. (95%) Brian Kim; Yi Shi; Yalin E. Sagduyu; Tugba Erpek; Sennur Ulukus http://arxiv.org/abs/2109.07926 Don't Search for a Search Method -- Simple Heuristics Suffice for Adversarial Text Attacks. (68%) Nathaniel Berger; Stefan Riezler; Artem Sokolov; Sebastian Ebert http://arxiv.org/abs/2109.08045 Membership Inference Attacks Against Recommender Systems. (3%) Minxing Zhang; Zhaochun Ren; Zihan Wang; Pengjie Ren; Zhumin Chen; Pengfei Hu; Yang Zhang http://arxiv.org/abs/2109.07142 Universal Adversarial Attack on Deep Learning Based Prognostics. (99%) Arghya Basak; Pradeep Rathore; Sri Harsha Nistala; Sagar Srinivas; Venkataramana Runkana http://arxiv.org/abs/2109.07171 Balancing detectability and performance of attacks on the control channel of Markov Decision Processes. (98%) Alessio Russo; Alexandre Proutiere http://arxiv.org/abs/2109.07193 FCA: Learning a 3D Full-coverage Vehicle Camouflage for Multi-view Physical Adversarial Attack. (95%) DonghuaWang; Tingsong Jiang; Jialiang Sun; Weien Zhou; Xiaoya Zhang; Zhiqiang Gong; Wen Yao; Xiaoqian Chen http://arxiv.org/abs/2109.07403 BERT is Robust! A Case Against Synonym-Based Adversarial Examples in Text Classification. (92%) Jens Hauser; Zhao Meng; Damián Pascual; Roger Wattenhofer http://arxiv.org/abs/2109.07177 Adversarial Mixing Policy for Relaxing Locally Linear Constraints in Mixup. (13%) Guang Liu; Yuzhao Mao; Hailong Huang; Weiguo Gao; Xuan Li http://arxiv.org/abs/2109.07395 Can one hear the shape of a neural network?: Snooping the GPU via Magnetic Side Channel. (10%) Henrique Teles Maia; Chang Xiao; Dingzeyu Li; Eitan Grinspun; Changxi Zheng http://arxiv.org/abs/2109.06634 A Novel Data Encryption Method Inspired by Adversarial Attacks. (99%) Praveen Fernando; Jin Wei-Kocsis http://arxiv.org/abs/2109.06536 Improving Gradient-based Adversarial Training for Text Classification by Contrastive Learning and Auto-Encoder. (99%) Yao Qiu; Jinchao Zhang; Jie Zhou http://arxiv.org/abs/2109.06777 PETGEN: Personalized Text Generation Attack on Deep Sequence Embedding-based Classification Models. (99%) Bing He; Mustaque Ahamad; Srijan Kumar http://arxiv.org/abs/2109.08026 EVAGAN: Evasion Generative Adversarial Network for Low Data Regimes. (76%) Rizwan Hamid Randhawa; Nauman Aslam; Muhammad Alauthman; Husnain Rafiq; Muhammad Khalid http://arxiv.org/abs/2109.06467 Dodging Attack Using Carefully Crafted Natural Makeup. (47%) Nitzan Guetta; Asaf Shabtai; Inderjeet Singh; Satoru Momiyama; Yuval Elovici http://arxiv.org/abs/2109.07028 Avengers Ensemble! Improving Transferability of Authorship Obfuscation. (12%) Muhammad Haroon; Muhammad Fareed Zaffar; Padmini Srinivasan; Zubair Shafiq http://arxiv.org/abs/2109.07048 ARCH: Efficient Adversarial Regularized Training with Caching. (8%) Simiao Zuo; Chen Liang; Haoming Jiang; Pengcheng He; Xiaodong Liu; Jianfeng Gao; Weizhu Chen; Tuo Zhao http://arxiv.org/abs/2109.05830 Adversarial Bone Length Attack on Action Recognition. (99%) Nariki Tanaka; Hiroshi Kera; Kazuhiko Kawamoto http://arxiv.org/abs/2109.05698 Randomized Substitution and Vote for Textual Adversarial Example Detection. (99%) Xiaosen Wang; Yifeng Xiong; Kun He http://arxiv.org/abs/2109.05820 Improving the Robustness of Adversarial Attacks Using an Affine-Invariant Gradient Estimator. (99%) Wenzhao Xiang; Hang Su; Chang Liu; Yandong Guo; Shibao Zheng http://arxiv.org/abs/2109.05919 Evolving Architectures with Gradient Misalignment toward Low Adversarial Transferability. (98%) Kevin Richard G. Operiano; Wanchalerm Pora; Hitoshi Iba; Hiroshi Kera http://arxiv.org/abs/2109.06358 A Practical Adversarial Attack on Contingency Detection of Smart Energy Systems. (98%) Moein Sabounchi; Jin Wei-Kocsis http://arxiv.org/abs/2109.05925 Adversarial Examples for Evaluating Math Word Problem Solvers. (96%) Vivek Kumar; Rishabh Maheshwary; Vikram Pudi http://arxiv.org/abs/2109.05695 PAT: Pseudo-Adversarial Training For Detecting Adversarial Videos. (86%) Nupur Thakur; Baoxin Li http://arxiv.org/abs/2109.05872 Byzantine-robust Federated Learning through Collaborative Malicious Gradient Filtering. (81%) Jian Xu; Shao-Lun Huang; Linqi Song; Tian Lan http://arxiv.org/abs/2109.06024 Formalizing and Estimating Distribution Inference Risks. (62%) Anshuman Suri; David Evans http://arxiv.org/abs/2109.05793 Virtual Data Augmentation: A Robust and General Framework for Fine-tuning Pre-trained Models. (50%) Kun Zhou; Wayne Xin Zhao; Sirui Wang; Fuzheng Zhang; Wei Wu; Ji-Rong Wen http://arxiv.org/abs/2109.06363 Sensor Adversarial Traits: Analyzing Robustness of 3D Object Detection Sensor Fusion Models. (16%) Won Park; Nan Li; Qi Alfred Chen; Z. Morley Mao http://arxiv.org/abs/2109.05751 Adversarially Trained Object Detector for Unsupervised Domain Adaptation. (3%) Kazuma Fujii; Hiroshi Kera; Kazuhiko Kawamoto http://arxiv.org/abs/2109.05771 Perturbation CheckLists for Evaluating NLG Evaluation Metrics. (1%) Ananya B. Sai; Tanay Dixit; Dev Yashpal Sheth; Sreyas Mohan; Mitesh M. Khapra http://arxiv.org/abs/2109.05696 How to Select One Among All? An Extensive Empirical Study Towards the Robustness of Knowledge Distillation in Natural Language Understanding. (1%) Tianda Li; Ahmad Rashid; Aref Jafari; Pranav Sharma; Ali Ghodsi; Mehdi Rezagholizadeh http://arxiv.org/abs/2109.06404 Detecting Safety Problems of Multi-Sensor Fusion in Autonomous Driving. (1%) Ziyuan Zhong; Zhisheng Hu; Shengjian Guo; Xinyang Zhang; Zhenyu Zhong; Baishakhi Ray http://arxiv.org/abs/2109.06176 TREATED:Towards Universal Defense against Textual Adversarial Attacks. (99%) Bin Zhu; Zhaoquan Gu; Le Wang; Zhihong Tian http://arxiv.org/abs/2109.05558 CoG: a Two-View Co-training Framework for Defending Adversarial Attacks on Graph. (98%) Xugang Wu; Huijun Wu; Xu Zhou; Kai Lu http://arxiv.org/abs/2109.05507 Check Your Other Door! Creating Backdoor Attacks in the Frequency Domain. (93%) Hasan Abed Al Kader Hammoud; Bernard Ghanem http://arxiv.org/abs/2109.05620 RockNER: A Simple Method to Create Adversarial Examples for Evaluating the Robustness of Named Entity Recognition Models. (84%) Bill Yuchen Lin; Wenyang Gao; Jun Yan; Ryan Moreno; Xiang Ren http://arxiv.org/abs/2109.05671 Shape-Biased Domain Generalization via Shock Graph Embeddings. (2%) Maruthi Narayanan; Vickram Rajendran; Benjamin Kimia http://arxiv.org/abs/2109.05659 Source Inference Attacks in Federated Learning. (1%) Hongsheng Hu; Zoran Salcic; Lichao Sun; Gillian Dobbie; Xuyun Zhang http://arxiv.org/abs/2109.05211 RobustART: Benchmarking Robustness on Architecture Design and Training Techniques. (98%) Shiyu Tang; Ruihao Gong; Yan Wang; Aishan Liu; Jiakai Wang; Xinyun Chen; Fengwei Yu; Xianglong Liu; Dawn Song; Alan Yuille; Philip H. S. Torr; Dacheng Tao http://arxiv.org/abs/2109.05223 2-in-1 Accelerator: Enabling Random Precision Switch for Winning Both Adversarial Robustness and Efficiency. (81%) Yonggan Fu; Yang Zhao; Qixuan Yu; Chaojian Li; Yingyan Lin http://arxiv.org/abs/2109.04775 A Strong Baseline for Query Efficient Attacks in a Black Box Setting. (99%) Rishabh Maheshwary; Saket Maheshwary; Vikram Pudi http://arxiv.org/abs/2109.04385 Contrasting Human- and Machine-Generated Word-Level Adversarial Examples for Text Classification. (99%) Maximilian Mozes; Max Bartolo; Pontus Stenetorp; Bennett Kleinberg; Lewis D. Griffin http://arxiv.org/abs/2109.04300 Energy Attack: On Transferring Adversarial Examples. (99%) Ruoxi Shi; Borui Yang; Yangzhou Jiang; Chenglong Zhao; Bingbing Ni http://arxiv.org/abs/2109.04460 Protein Folding Neural Networks Are Not Robust. (99%) Sumit Kumar Jha; Arvind Ramanathan; Rickard Ewetz; Alvaro Velasquez; Susmit Jha http://arxiv.org/abs/2109.04176 Towards Transferable Adversarial Attacks on Vision Transformers. (99%) Zhipeng Wei; Jingjing Chen; Micah Goldblum; Zuxuan Wu; Tom Goldstein; Yu-Gang Jiang http://arxiv.org/abs/2109.04367 Multi-granularity Textual Adversarial Attack with Behavior Cloning. (98%) Yangyi Chen; Jin Su; Wei Wei http://arxiv.org/abs/2109.04608 Spatially Focused Attack against Spatiotemporal Graph Neural Networks. (81%) Fuqiang Liu; Luis Miranda-Moreno; Lijun Sun http://arxiv.org/abs/2109.04615 Differential Privacy in Personalized Pricing with Nonparametric Demand Models. (26%) Xi Chen; Sentao Miao; Yining Wang http://arxiv.org/abs/2109.04344 EvilModel 2.0: Bringing Neural Network Models into Malware Attacks. (5%) Zhi Wang; Chaoge Liu; Xiang Cui; Jie Yin; Xutong Wang http://arxiv.org/abs/2109.03975 Membership Inference Attacks Against Temporally Correlated Data in Deep Reinforcement Learning. (89%) Maziar Gomrokchi; Susan Amin; Hossein Aboutalebi; Alexander Wong; Doina Precup http://arxiv.org/abs/2109.03857 Robust Optimal Classification Trees Against Adversarial Examples. (80%) Daniël Vos; Sicco Verwer http://arxiv.org/abs/2109.02889 Adversarial Parameter Defense by Multi-Step Risk Minimization. (98%) Zhiyuan Zhang; Ruixuan Luo; Xuancheng Ren; Qi Su; Liangyou Li; Xu Sun http://arxiv.org/abs/2109.02979 POW-HOW: An enduring timing side-channel to evade online malware sandboxes. (12%) Antonio Nappa; Panagiotis Papadopoulos; Matteo Varvello; Daniel Aceituno Gomez; Juan Tapiador; Andrea Lanzi http://arxiv.org/abs/2109.02973 Unpaired Adversarial Learning for Single Image Deraining with Rain-Space Contrastive Constraints. (1%) Xiang Chen; Jinshan Pan; Kui Jiang; Yufeng Huang; Caihua Kong; Longgang Dai; Yufeng Li http://arxiv.org/abs/2109.02765 Robustness and Generalization via Generative Adversarial Training. (82%) Omid Poursaeed; Tianxing Jiang; Harry Yang; Serge Belongie; SerNam Lim http://arxiv.org/abs/2109.02836 Trojan Signatures in DNN Weights. (33%) Greg Fields; Mohammad Samragh; Mojan Javaheripi; Farinaz Koushanfar; Tara Javidi http://arxiv.org/abs/2109.02532 Automated Robustness with Adversarial Training as a Post-Processing Step. (4%) Ambrish Rawat; Mathieu Sinn; Beat Buesser http://arxiv.org/abs/2109.02431 Exposing Length Divergence Bias of Textual Matching Models. (2%) Lan Jiang; Tianshu Lyu; Chong Meng; Xiaoyong Lyu; Dawei Yin http://arxiv.org/abs/2109.02229 Efficient Combinatorial Optimization for Word-level Adversarial Textual Attack. (98%) Shengcai Liu; Ning Lu; Cheng Chen; Ke Tang http://arxiv.org/abs/2109.02018 Tolerating Adversarial Attacks and Byzantine Faults in Distributed Machine Learning. (2%) Yusen Wu; Hao Chen; Xin Wang; Chao Liu; Phuong Nguyen; Yelena Yesha http://arxiv.org/abs/2109.03326 DexRay: A Simple, yet Effective Deep Learning Approach to Android Malware Detection based on Image Representation of Bytecode. (1%) Nadia Daoudi; Jordan Samhi; Abdoul Kader Kabore; Kevin Allix; Tegawendé F. Bissyandé; Jacques Klein http://arxiv.org/abs/2109.03329 Real-World Adversarial Examples involving Makeup Application. (99%) Chang-Sheng Lin; Chia-Yi Hsu; Pin-Yu Chen; Chia-Mu Yu http://arxiv.org/abs/2109.01945 Utilizing Adversarial Targeted Attacks to Boost Adversarial Robustness. (99%) Uriya Pesso; Koby Bibas; Meir Feder http://arxiv.org/abs/2109.01983 Training Meta-Surrogate Model for Transferable Adversarial Attack. (99%) Yunxiao Qin; Yuanhao Xiong; Jinfeng Yi; Cho-Jui Hsieh http://arxiv.org/abs/2109.01766 SEC4SR: A Security Analysis Platform for Speaker Recognition. (99%) Guangke Chen; Zhe Zhao; Fu Song; Sen Chen; Lingling Fan; Yang Liu http://arxiv.org/abs/2109.01553 Risk Assessment for Connected Vehicles under Stealthy Attacks on Vehicle-to-Vehicle Networks. (1%) Tianci Yang; Carlos Murguia; Chen Lv http://arxiv.org/abs/2109.01275 A Synergetic Attack against Neural Network Classifiers combining Backdoor and Adversarial Examples. (99%) Guanxiong Liu; Issa Khalil; Abdallah Khreishah; NhatHai Phan http://arxiv.org/abs/2109.00936 Impact of Attention on Adversarial Robustness of Image Classification Models. (99%) Prachi Agrawal; Narinder Singh Punn; Sanjay Kumar Sonbhadra; Sonali Agarwal http://arxiv.org/abs/2109.00946 Adversarial Robustness for Unsupervised Domain Adaptation. (98%) Muhammad Awais; Fengwei Zhou; Hang Xu; Lanqing Hong; Ping Luo; Sung-Ho Bae; Zhenguo Li http://arxiv.org/abs/2109.00864 Real World Robustness from Systematic Noise. (91%) Yan Wang; Yuhang Li; Ruihao Gong http://arxiv.org/abs/2109.00959 Building Compact and Robust Deep Neural Networks with Toeplitz Matrices. (61%) Alexandre Araujo http://arxiv.org/abs/2109.00544 Towards Improving Adversarial Training of NLP Models. (98%) Jin Yong Yoo; Yanjun Qi http://arxiv.org/abs/2109.00685 Excess Capacity and Backdoor Poisoning. (97%) Naren Sarayu Manoj; Avrim Blum http://arxiv.org/abs/2109.00678 Regional Adversarial Training for Better Robust Generalization. (96%) Chuanbiao Song; Yanbo Fan; Yicheng Yang; Baoyuan Wu; Yiming Li; Zhifeng Li; Kun He http://arxiv.org/abs/2109.00533 R-SNN: An Analysis and Design Methodology for Robustifying Spiking Neural Networks against Adversarial Attacks through Noise Filters for Dynamic Vision Sensors. (86%) Alberto Marchisio; Giacomo Pira; Maurizio Martina; Guido Masera; Muhammad Shafique http://arxiv.org/abs/2109.00542 Proof Transfer for Neural Network Verification. (9%) Christian Sprecher; Marc Fischer; Dimitar I. Dimitrov; Gagandeep Singh; Martin Vechev http://arxiv.org/abs/2109.00187 Guarding Machine Learning Hardware Against Physical Side-Channel Attacks. (2%) Anuj Dubey; Rosario Cammarota; Vikram Suresh; Aydin Aysu http://arxiv.org/abs/2108.13930 EG-Booster: Explanation-Guided Booster of ML Evasion Attacks. (99%) Abderrahmen Amich; Birhanu Eshete http://arxiv.org/abs/2108.13952 Morphence: Moving Target Defense Against Adversarial Examples. (99%) Abderrahmen Amich; Birhanu Eshete http://arxiv.org/abs/2109.00124 DPA: Learning Robust Physical Adversarial Camouflages for Object Detectors. (93%) Yexin Duan; Jialin Chen; Xingyu Zhou; Junhua Zou; Zhengyun He; Wu Zhang; Jin Zhang; Zhisong Pan http://arxiv.org/abs/2109.01165 Black-Box Attacks on Sequential Recommenders via Data-Free Model Extraction. (83%) Zhenrui Yue; Zhankui He; Huimin Zeng; Julian McAuley http://arxiv.org/abs/2108.13617 Segmentation Fault: A Cheap Defense Against Adversarial Machine Learning. (75%) Doha Al Bared; Mohamed Nassar http://arxiv.org/abs/2108.13888 Backdoor Attacks on Pre-trained Models by Layerwise Weight Poisoning. (4%) Linyang Li; Demin Song; Xiaonan Li; Jiehang Zeng; Ruotian Ma; Xipeng Qiu http://arxiv.org/abs/2108.13797 Sample Efficient Detection and Classification of Adversarial Attacks via Self-Supervised Embeddings. (99%) Mazda Moayeri; Soheil Feizi http://arxiv.org/abs/2108.13093 Investigating Vulnerabilities of Deep Neural Policies. (99%) Ezgi Korkmaz http://arxiv.org/abs/2108.13562 Adversarial Example Devastation and Detection on Speech Recognition System by Adding Random Noise. (99%) Mingyu Dong; Diqun Yan; Yongkang Gong; Rangding Wang http://arxiv.org/abs/2108.13049 Single Node Injection Attack against Graph Neural Networks. (68%) Shuchang Tao; Qi Cao; Huawei Shen; Junjie Huang; Yunfan Wu; Xueqi Cheng http://arxiv.org/abs/2108.13446 Benchmarking the Accuracy and Robustness of Feedback Alignment Algorithms. (41%) Albert Jiménez Sanfiz; Mohamed Akrout http://arxiv.org/abs/2108.13239 Adaptive perturbation adversarial training: based on reinforcement learning. (41%) Zhishen Nie; Ying Lin; Sp Ren; Lan Zhang http://arxiv.org/abs/2108.13602 How Does Adversarial Fine-Tuning Benefit BERT? (33%) Javid Ebrahimi; Hao Yang; Wei Zhang http://arxiv.org/abs/2108.13373 ML-based IoT Malware Detection Under Adversarial Settings: A Systematic Evaluation. (26%) Ahmed Abusnaina; Afsah Anwar; Sultan Alshamrani; Abdulrahman Alabduljabbar; RhongHo Jang; Daehun Nyang; David Mohaisen http://arxiv.org/abs/2108.13140 DuTrust: A Sentiment Analysis Dataset for Trustworthiness Evaluation. (1%) Lijie Wang; Hao Liu; Shuyuan Peng; Hongxuan Tang; Xinyan Xiao; Ying Chen; Hua Wu; Haifeng Wang http://arxiv.org/abs/2108.12777 Searching for an Effective Defender: Benchmarking Defense against Adversarial Word Substitution. (99%) Zongyi Li; Jianhan Xu; Jiehang Zeng; Linyang Li; Xiaoqing Zheng; Qi Zhang; Kai-Wei Chang; Cho-Jui Hsieh http://arxiv.org/abs/2108.13872 Reinforcement Learning Based Sparse Black-box Adversarial Attack on Video Recognition Models. (98%) Zeyuan Wang; Chaofeng Sha; Su Yang http://arxiv.org/abs/2108.12805 DropAttack: A Masked Weight Adversarial Training Method to Improve Generalization of Neural Networks. (82%) Shiwen Ni; Jiawen Li; Hung-Yu Kao http://arxiv.org/abs/2110.00425 HAT4RD: Hierarchical Adversarial Training for Rumor Detection on Social Media. (81%) Shiwen Ni; Jiawen Li; Hung-Yu Kao http://arxiv.org/abs/2108.12473 Mal2GCN: A Robust Malware Detection Approach Using Deep Graph Convolutional Networks With Non-Negative Weights. (99%) Omid Kargarnovin; Amir Mahdi Sadeghzadeh; Rasool Jalili http://arxiv.org/abs/2108.12492 Disrupting Adversarial Transferability in Deep Neural Networks. (98%) Christopher Wiedeman; Ge Wang http://arxiv.org/abs/2108.12237 Evaluating the Robustness of Neural Language Models to Input Perturbations. (16%) Milad Moradi; Matthias Samwald http://arxiv.org/abs/2108.12242 Deep learning models are not robust against noise in clinical text. (1%) Milad Moradi; Kathrin Blagec; Matthias Samwald http://arxiv.org/abs/2108.12001 Understanding the Logit Distributions of Adversarially-Trained Deep Neural Networks. (99%) Landan Seguin; Anthony Ndirango; Neeli Mishra; SueYeon Chung; Tyler Lee http://arxiv.org/abs/2108.11785 A Hierarchical Assessment of Adversarial Severity. (98%) Guillaume Jeanneret; Juan C Perez; Pablo Arbelaez http://arxiv.org/abs/2108.11765 Physical Adversarial Attacks on an Aerial Imagery Object Detector. (96%) Andrew Du; Bo Chen; Tat-Jun Chin; Yee Wei Law; Michele Sasdelli; Ramesh Rajasegaran; Dillon Campbell http://arxiv.org/abs/2108.11673 Why Adversarial Reprogramming Works, When It Fails, and How to Tell the Difference. (80%) Yang Zheng; Xiaoyi Feng; Zhaoqiang Xia; Xiaoyue Jiang; Ambra Demontis; Maura Pintor; Battista Biggio; Fabio Roli http://arxiv.org/abs/2108.12081 Detection and Continual Learning of Novel Face Presentation Attacks. (2%) Mohammad Rostami; Leonidas Spinoulas; Mohamed Hussein; Joe Mathai; Wael Abd-Almageed http://arxiv.org/abs/2108.11168 Adversarially Robust One-class Novelty Detection. (99%) Shao-Yuan Lo; Poojan Oza; Vishal M. Patel http://arxiv.org/abs/2108.11299 Certifiers Make Neural Networks Vulnerable to Availability Attacks. (99%) Tobias Lorenz; Marta Kwiatkowska; Mario Fritz http://arxiv.org/abs/2108.11135 Bridged Adversarial Training. (93%) Hoki Kim; Woojin Lee; Sungyoon Lee; Jaewook Lee http://arxiv.org/abs/2108.11505 Generalized Real-World Super-Resolution through Adversarial Robustness. (93%) Angela Castillo; María Escobar; Juan C. Pérez; Andrés Romero; Radu Timofte; Gool Luc Van; Pablo Arbeláez http://arxiv.org/abs/2108.11032 Improving Visual Quality of Unrestricted Adversarial Examples with Wavelet-VAE. (99%) Wenzhao Xiang; Chang Liu; Shibao Zheng http://arxiv.org/abs/2108.10879 Are socially-aware trajectory prediction models really socially-aware? (92%) Saeed Saadatnejad; Mohammadhossein Bahari; Pedram Khorsandi; Mohammad Saneian; Seyed-Mohsen Moosavi-Dezfooli; Alexandre Alahi http://arxiv.org/abs/2108.10992 OOWL500: Overcoming Dataset Collection Bias in the Wild. (76%) Brandon Leung; Chih-Hui Ho; Amir Persekian; David Orozco; Yen Chang; Erik Sandstrom; Bo Liu; Nuno Vasconcelos http://arxiv.org/abs/2108.10549 StyleAugment: Learning Texture De-biased Representations by Style Augmentation without Pre-defined Textures. (1%) Sanghyuk Chun; Song Park http://arxiv.org/abs/2108.10451 Adversarial Robustness of Deep Learning: Theory, Algorithms, and Applications. (99%) Wenjie Ruan; Xinping Yi; Xiaowei Huang http://arxiv.org/abs/2108.10015 Semantic-Preserving Adversarial Text Attacks. (99%) Xinghao Yang; Weifeng Liu; James Bailey; Tianqing Zhu; Dacheng Tao; Wei Liu http://arxiv.org/abs/2108.10217 Deep Bayesian Image Set Classification: A Defence Approach against Adversarial Attacks. (99%) Nima Mirnateghi; Syed Afaq Ali Shah; Mohammed Bennamoun http://arxiv.org/abs/2108.10251 Kryptonite: An Adversarial Attack Using Regional Focus. (99%) Yogesh Kulkarni; Krisha Bhambani http://arxiv.org/abs/2108.10241 Back to the Drawing Board: A Critical Evaluation of Poisoning Attacks on Federated Learning. (73%) Virat Shejwalkar; Amir Houmansadr; Peter Kairouz; Daniel Ramage http://arxiv.org/abs/2108.09929 SegMix: Co-occurrence Driven Mixup for Semantic Segmentation and Adversarial Robustness. (4%) Md Amirul Islam; Matthew Kowal; Konstantinos G. Derpanis; Neil D. B. Bruce http://arxiv.org/abs/2108.09713 Robustness-via-Synthesis: Robust Training with Generative Adversarial Perturbations. (99%) Inci M. Baytas; Debayan Deb http://arxiv.org/abs/2108.09891 Multi-Expert Adversarial Attack Detection in Person Re-identification Using Context Inconsistency. (98%) Xueping Wang; Shasha Li; Min Liu; Yaonan Wang; Amit K. Roy-Chowdhury http://arxiv.org/abs/2108.09768 Relating CNNs with brain: Challenges and findings. (10%) Reem Abdel-Salam http://arxiv.org/abs/2108.09513 A Hard Label Black-box Adversarial Attack Against Graph Neural Networks. (99%) Jiaming Mu; Binghui Wang; Qi Li; Kun Sun; Mingwei Xu; Zhuotao Liu http://arxiv.org/abs/2108.09454 "Adversarial Examples" for Proof-of-Learning. (98%) Rui Zhang; Jian Liu; Yuan Ding; Qingbiao Wu; Kui Ren http://arxiv.org/abs/2108.13551 Regularizing Instabilities in Image Reconstruction Arising from Learned Denoisers. (2%) Abinash Nayak http://arxiv.org/abs/2108.09034 AdvDrop: Adversarial Attack to DNNs by Dropping Information. (99%) Ranjie Duan; Yuefeng Chen; Dantong Niu; Yun Yang; A. K. Qin; Yuan He http://arxiv.org/abs/2108.09135 PatchCleanser: Certifiably Robust Defense against Adversarial Patches for Any Image Classifier. (99%) Chong Xiang; Saeed Mahloujifar; Prateek Mittal http://arxiv.org/abs/2108.09413 Integer-arithmetic-only Certified Robustness for Quantized Neural Networks. (98%) Haowen Lin; Jian Lou; Li Xiong; Cyrus Shahabi http://arxiv.org/abs/2108.09093 Towards Understanding the Generative Capability of Adversarially Robust Classifiers. (98%) Yao Zhu; Jiacheng Ma; Jiacheng Sun; Zewei Chen; Rongxin Jiang; Zhenguo Li http://arxiv.org/abs/2108.09383 Detecting and Segmenting Adversarial Graphics Patterns from Images. (93%) Xiangyu Purdue University Qu; Stanley H. Purdue University Chan http://arxiv.org/abs/2108.09033 UnSplit: Data-Oblivious Model Inversion, Model Stealing, and Label Inference Attacks Against Split Learning. (1%) Ege Erdogan; Alptekin Kupcu; A. Ercument Cicek http://arxiv.org/abs/2108.09343 Early-exit deep neural networks for distorted images: providing an efficient edge offloading. (1%) Roberto G. Pacheco; Fernanda D. V. R. Oliveira; Rodrigo S. Couto http://arxiv.org/abs/2108.08972 Application of Adversarial Examples to Physical ECG Signals. (99%) Taiga Waseda University Ono; Takeshi The University of Electro-Communications Sugawara; Jun University of Tsukuba Sakuma; Tatsuya Waseda University RIKEN AIP Mori http://arxiv.org/abs/2108.08560 Pruning in the Face of Adversaries. (99%) Florian Merkle; Maximilian Samsinger; Pascal Schöttle http://arxiv.org/abs/2108.08976 ASAT: Adaptively Scaled Adversarial Training in Time Series. (98%) Zhiyuan Zhang; Wei Li; Ruihan Bao; Keiko Harimoto; Yunfang Wu; Xu Sun http://arxiv.org/abs/2108.08487 Amplitude-Phase Recombination: Rethinking Robustness of Convolutional Neural Networks in Frequency Domain. (80%) Guangyao Chen; Peixi Peng; Li Ma; Jia Li; Lin Du; Yonghong Tian http://arxiv.org/abs/2108.07969 Revisiting Adversarial Robustness Distillation: Robust Soft Labels Make Student Better. (99%) Bojia Zi; Shihao Zhao; Xingjun Ma; Yu-Gang Jiang http://arxiv.org/abs/2108.08421 Exploiting Multi-Object Relationships for Detecting Adversarial Attacks in Complex Scenes. (98%) Mingjun Yin; Shasha Li; Zikui Cai; Chengyu Song; M. Salman Asif; Amit K. Roy-Chowdhury; Srikanth V. Krishnamurthy http://arxiv.org/abs/2108.08211 MBRS : Enhancing Robustness of DNN-based Watermarking by Mini-Batch of Real and Simulated JPEG Compression. (45%) Zhaoyang Jia; Han Fang; Weiming Zhang http://arxiv.org/abs/2108.08476 Proceedings of the 1st International Workshop on Adaptive Cyber Defense. (1%) Damian Marriott; Kimberly Ferguson-Walter; Sunny Fugate; Marco Carvalho http://arxiv.org/abs/2108.07602 When Should You Defend Your Classifier -- A Game-theoretical Analysis of Countermeasures against Adversarial Examples. (98%) Maximilian Samsinger; Florian Merkle; Pascal Schöttle; Tomas Pevny http://arxiv.org/abs/2108.07920 Adversarial Relighting Against Face Recognition. (98%) Qian Zhang; Qing Guo; Ruijun Gao; Felix Juefei-Xu; Hongkai Yu; Wei Feng http://arxiv.org/abs/2108.07958 Semantic Perturbations with Normalizing Flows for Improved Generalization. (13%) Oguz Kaan Yuksel; Sebastian U. Stich; Martin Jaggi; Tatjana Chavdarova http://arxiv.org/abs/2108.07594 Coalesced Multi-Output Tsetlin Machines with Clause Sharing. (1%) Sondre Glimsdal; Ole-Christoffer Granmo http://arxiv.org/abs/2108.07779 Appearance Based Deep Domain Adaptation for the Classification of Aerial Images. (1%) Dennis Wittich; Franz Rottensteiner http://arxiv.org/abs/2108.07033 Exploring Transferable and Robust Adversarial Perturbation Generation from the Perspective of Network Hierarchy. (99%) Ruikui Wang; Yuanfang Guo; Ruijie Yang; Yunhong Wang http://arxiv.org/abs/2108.06895 Interpreting Attributions and Interactions of Adversarial Attacks. (83%) Xin Wang; Shuyun Lin; Hao Zhang; Yufei Zhu; Quanshi Zhang http://arxiv.org/abs/2108.07229 Patch Attack Invariance: How Sensitive are Patch Attacks to 3D Pose? (62%) Max Lennon; Nathan Drenkow; Philippe Burlina http://arxiv.org/abs/2108.07256 NeuraCrypt is not private. (10%) Nicholas Carlini; Sanjam Garg; Somesh Jha; Saeed Mahloujifar; Mohammad Mahmoody; Florian Tramer http://arxiv.org/abs/2108.07083 Identifying and Exploiting Structures for Reliable Deep Learning. (2%) Amartya Sanyal http://arxiv.org/abs/2108.07258 On the Opportunities and Risks of Foundation Models. (2%) Rishi Bommasani; Drew A. Hudson; Ehsan Adeli; Russ Altman; Simran Arora; Arx Sydney von; Michael S. Bernstein; Jeannette Bohg; Antoine Bosselut; Emma Brunskill; Erik Brynjolfsson; Shyamal Buch; Dallas Card; Rodrigo Castellon; Niladri Chatterji; Annie Chen; Kathleen Creel; Jared Quincy Davis; Dora Demszky; Chris Donahue; Moussa Doumbouya; Esin Durmus; Stefano Ermon; John Etchemendy; Kawin Ethayarajh; Li Fei-Fei; Chelsea Finn; Trevor Gale; Lauren Gillespie; Karan Goel; Noah Goodman; Shelby Grossman; Neel Guha; Tatsunori Hashimoto; Peter Henderson; John Hewitt; Daniel E. Ho; Jenny Hong; Kyle Hsu; Jing Huang; Thomas Icard; Saahil Jain; Dan Jurafsky; Pratyusha Kalluri; Siddharth Karamcheti; Geoff Keeling; Fereshte Khani; Omar Khattab; Pang Wei Koh; Mark Krass; Ranjay Krishna; Rohith Kuditipudi; Ananya Kumar; Faisal Ladhak; Mina Lee; Tony Lee; Jure Leskovec; Isabelle Levent; Xiang Lisa Li; Xuechen Li; Tengyu Ma; Ali Malik; Christopher D. Manning; Suvir Mirchandani; Eric Mitchell; Zanele Munyikwa; Suraj Nair; Avanika Narayan; Deepak Narayanan; Ben Newman; Allen Nie; Juan Carlos Niebles; Hamed Nilforoshan; Julian Nyarko; Giray Ogut; Laurel Orr; Isabel Papadimitriou; Joon Sung Park; Chris Piech; Eva Portelance; Christopher Potts; Aditi Raghunathan; Rob Reich; Hongyu Ren; Frieda Rong; Yusuf Roohani; Camilo Ruiz; Jack Ryan; Christopher Ré; Dorsa Sadigh; Shiori Sagawa; Keshav Santhanam; Andy Shih; Krishnan Srinivasan; Alex Tamkin; Rohan Taori; Armin W. Thomas; Florian Tramèr; Rose E. Wang; William Wang; Bohan Wu; Jiajun Wu; Yuhuai Wu; Sang Michael Xie; Michihiro Yasunaga; Jiaxuan You; Matei Zaharia; Michael Zhang; Tianyi Zhang; Xikun Zhang; Yuhui Zhang; Lucia Zheng; Kaitlyn Zhou; Percy Liang http://arxiv.org/abs/2108.06885 Neural Architecture Dilation for Adversarial Robustness. (81%) Yanxi Li; Zhaohui Yang; Yunhe Wang; Chang Xu http://arxiv.org/abs/2108.06797 Deep Adversarially-Enhanced k-Nearest Neighbors. (74%) Ren Wang; Tianqi Chen http://arxiv.org/abs/2108.06871 IADA: Iterative Adversarial Data Augmentation Using Formal Verification and Expert Guidance. (1%) Ruixuan Liu; Changliu Liu http://arxiv.org/abs/2108.06504 LinkTeller: Recovering Private Edges from Graph Neural Networks via Influence Analysis. (1%) Fan Wu; Yunhui Long; Ce Zhang; Bo Li http://arxiv.org/abs/2108.06179 Evaluating the Robustness of Semantic Segmentation for Autonomous Driving against Real-World Adversarial Patch Attacks. (99%) Federico Nesti; Giulio Rossolini; Saasha Nair; Alessandro Biondi; Giorgio Buttazzo http://arxiv.org/abs/2108.06247 Optical Adversarial Attack. (98%) Abhiram Gnanasambandam; Alex M. Sherman; Stanley H. Chan http://arxiv.org/abs/2108.06280 Understanding Structural Vulnerability in Graph Convolutional Networks. (96%) Liang Chen; Jintang Li; Qibiao Peng; Yang Liu; Zibin Zheng; Carl Yang http://arxiv.org/abs/2108.06131 The Forgotten Threat of Voltage Glitching: A Case Study on Nvidia Tegra X2 SoCs. (1%) Otto Bittner; Thilo Krachenfels; Andreas Galauner; Jean-Pierre Seifert http://arxiv.org/abs/2108.06017 AGKD-BML: Defense Against Adversarial Attack by Attention Guided Knowledge Distillation and Bi-directional Metric Learning. (99%) Hong Wang; Yuefan Deng; Shinjae Yoo; Haibin Ling; Yuewei Lin http://arxiv.org/abs/2108.05948 Deep adversarial attack on target detection systems. (99%) Uche M. Osahor; Nasser M. Nasrabadi http://arxiv.org/abs/2108.05921 Hatemoji: A Test Suite and Adversarially-Generated Dataset for Benchmarking and Detecting Emoji-based Hate. (69%) Hannah Rose Kirk; Bertram Vidgen; Paul Röttger; Tristan Thrush; Scott A. Hale http://arxiv.org/abs/2108.05075 Turning Your Strength against You: Detecting and Mitigating Robust and Universal Adversarial Patch Attacks. (99%) Zitao Chen; Pritam Dash; Karthik Pattabiraman http://arxiv.org/abs/2108.05490 Attacks against Ranking Algorithms with Text Embeddings: a Case Study on Recruitment Algorithms. (78%) Anahita Samadi; Debapriya Banerjee; Shirin Nilizadeh http://arxiv.org/abs/2108.05018 Are Neural Ranking Models Robust? (4%) Chen Wu; Ruqing Zhang; Jiafeng Guo; Yixing Fan; Xueqi Cheng http://arxiv.org/abs/2108.05149 Logic Explained Networks. (1%) Gabriele Ciravegna; Pietro Barbiero; Francesco Giannini; Marco Gori; Pietro Lió; Marco Maggini; Stefano Melacci http://arxiv.org/abs/2108.04979 Simple black-box universal adversarial attacks on medical image classification based on deep neural networks. (99%) Kazuki Koga; Kazuhiro Takemoto http://arxiv.org/abs/2108.04890 On the Effect of Pruning on Adversarial Robustness. (81%) Artur Jordao; Helio Pedrini http://arxiv.org/abs/2108.04974 SoK: How Robust is Image Classification Deep Neural Network Watermarking? (Extended Version). (68%) Nils Lukas; Edward Jiang; Xinda Li; Florian Kerschbaum http://arxiv.org/abs/2108.04990 Perturbing Inputs for Fragile Interpretations in Deep Natural Language Processing. (64%) Sanchit Sinha; Hanjie Chen; Arshdeep Sekhon; Yangfeng Ji; Yanjun Qi http://arxiv.org/abs/2108.04584 UniNet: A Unified Scene Understanding Network and Exploring Multi-Task Relationships through the Lens of Adversarial Attacks. (2%) NareshKumar Gurulingan; Elahe Arani; Bahram Zonooz http://arxiv.org/abs/2108.04547 Instance-wise Hard Negative Example Generation for Contrastive Learning in Unpaired Image-to-Image Translation. (1%) Weilun Wang; Wengang Zhou; Jianmin Bao; Dong Chen; Houqiang Li http://arxiv.org/abs/2108.04204 Meta Gradient Adversarial Attack. (99%) Zheng Yuan; Jie Zhang; Yunpei Jia; Chuanqi Tan; Tao Xue; Shiguang Shan http://arxiv.org/abs/2108.04409 On Procedural Adversarial Noise Attack And Defense. (99%) Jun Yan; Xiaoyang Deng; Huilin Yin; Wancheng Ge http://arxiv.org/abs/2108.04430 Enhancing Knowledge Tracing via Adversarial Training. (98%) Xiaopeng Guo; Zhijie Huang; Jie Gao; Mingyu Shang; Maojing Shu; Jun Sun http://arxiv.org/abs/2108.04214 Neural Network Repair with Reachability Analysis. (96%) Xiaodong Yang; Tom Yamaguchi; Hoang-Dung Tran; Bardh Hoxha; Taylor T Johnson; Danil Prokhorov http://arxiv.org/abs/2108.04206 Classification Auto-Encoder based Detector against Diverse Data Poisoning Attacks. (92%) Fereshteh Razmi; Li Xiong http://arxiv.org/abs/2108.03803 Mis-spoke or mis-lead: Achieving Robustness in Multi-Agent Communicative Reinforcement Learning. (82%) Wanqi Xue; Wei Qiu; Bo An; Zinovi Rabinovich; Svetlana Obraztsova; Chai Kiat Yeo http://arxiv.org/abs/2108.04417 Privacy-Preserving Machine Learning: Methods, Challenges and Directions. (16%) Runhua Xu; Nathalie Baracaldo; James Joshi http://arxiv.org/abs/2108.04345 Explainable AI and susceptibility to adversarial attacks: a case study in classification of breast ultrasound images. (15%) Hamza Rasaee; Hassan Rivaz http://arxiv.org/abs/2108.03388 Jointly Attacking Graph Neural Network and its Explanations. (96%) Wenqi Fan; Wei Jin; Xiaorui Liu; Han Xu; Xianfeng Tang; Suhang Wang; Qing Li; Jiliang Tang; Jianping Wang; Charu Aggarwal http://arxiv.org/abs/2108.03506 Membership Inference Attacks on Lottery Ticket Networks. (33%) Aadesh Bagmar; Shishira R Maiya; Shruti Bidwalka; Amol Deshpande http://arxiv.org/abs/2108.03418 Information Bottleneck Approach to Spatial Attention Learning. (1%) Qiuxia Lai; Yu Li; Ailing Zeng; Minhao Liu; Hanqiu Sun; Qiang Xu http://arxiv.org/abs/2108.02940 Evaluating Adversarial Attacks on Driving Safety in Vision-Based Autonomous Vehicles. (80%) Jindi Zhang; Yang Lou; Jianping Wang; Kui Wu; Kejie Lu; Xiaohua Jia http://arxiv.org/abs/2108.03288 Ensemble Augmentation for Deep Neural Networks Using 1-D Time Series Vibration Data. (2%) Atik Faysal; Ngui Wai Keng; M. H. Lim http://arxiv.org/abs/2108.02756 BOSS: Bidirectional One-Shot Synthesis of Adversarial Examples. (99%) Ismail Alkhouri; Alvaro Velasquez; George Atia http://arxiv.org/abs/2108.02488 Poison Ink: Robust and Invisible Backdoor Attack. (99%) Jie Zhang; Dongdong Chen; Jing Liao; Qidong Huang; Gang Hua; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/2108.02502 Imperceptible Adversarial Examples by Spatial Chroma-Shift. (99%) Ayberk Aydin; Deniz Sen; Berat Tuna Karli; Oguz Hanoglu; Alptekin Temizel http://arxiv.org/abs/2108.04062 Householder Activations for Provable Robustness against Adversarial Attacks. (83%) Sahil Singla; Surbhi Singla; Soheil Feizi http://arxiv.org/abs/2108.02707 Fairness Properties of Face Recognition and Obfuscation Systems. (68%) Harrison Rosenberg; Brian Tang; Kassem Fawaz; Somesh Jha http://arxiv.org/abs/2108.02360 Exploring Structure Consistency for Deep Model Watermarking. (10%) Jie Zhang; Dongdong Chen; Jing Liao; Han Fang; Zehua Ma; Weiming Zhang; Gang Hua; Nenghai Yu http://arxiv.org/abs/2108.02501 Locally Interpretable One-Class Anomaly Detection for Credit Card Fraud Detection. (1%) Tungyu Wu; Youting Wang http://arxiv.org/abs/2108.02340 Robust Transfer Learning with Pretrained Language Models through Adapters. (82%) Wenjuan Han; Bo Pang; Yingnian Wu http://arxiv.org/abs/2108.01852 Semi-supervised Conditional GAN for Simultaneous Generation and Detection of Phishing URLs: A Game theoretic Perspective. (31%) Sharif Amit Kamran; Shamik Sengupta; Alireza Tavakkoli http://arxiv.org/abs/2108.01807 On the Robustness of Domain Adaption to Adversarial Attacks. (99%) Liyuan Zhang; Yuhang Zhou; Lei Zhang http://arxiv.org/abs/2108.02010 On the Exploitability of Audio Machine Learning Pipelines to Surreptitious Adversarial Examples. (99%) Adelin Travers; Lorna Licollari; Guanghan Wang; Varun Chandrasekaran; Adam Dziedzic; David Lie; Nicolas Papernot http://arxiv.org/abs/2108.01289 AdvRush: Searching for Adversarially Robust Neural Architectures. (99%) Jisoo Mok; Byunggook Na; Hyeokjun Choe; Sungroh Yoon http://arxiv.org/abs/2108.01644 The Devil is in the GAN: Backdoor Attacks and Defenses in Deep Generative Models. (88%) Ambrish Rawat; Killian Levacher; Mathieu Sinn http://arxiv.org/abs/2108.01281 DeepFreeze: Cold Boot Attacks and High Fidelity Model Recovery on Commercial EdgeML Device. (69%) Yoo-Seung Won; Soham Chatterjee; Dirmanto Jap; Arindam Basu; Shivam Bhasin http://arxiv.org/abs/2108.01734 Tutorials on Testing Neural Networks. (1%) Nicolas Berthier; Youcheng Sun; Wei Huang; Yanghao Zhang; Wenjie Ruan; Xiaowei Huang http://arxiv.org/abs/2108.01125 Hybrid Classical-Quantum Deep Learning Models for Autonomous Vehicle Traffic Image Classification Under Adversarial Attack. (98%) Reek Majumder; Sakib Mahmud Khan; Fahim Ahmed; Zadid Khan; Frank Ngeni; Gurcan Comert; Judith Mwakalonge; Dimitra Michalaka; Mashrur Chowdhury http://arxiv.org/abs/2108.00833 Adversarial Attacks Against Deep Reinforcement Learning Framework in Internet of Vehicles. (10%) Anum Talpur; Mohan Gurusamy http://arxiv.org/abs/2108.00701 Information Stealing in Federated Learning Systems Based on Generative Adversarial Networks. (9%) Yuwei Sun; Ng Chong; Hideya Ochiai http://arxiv.org/abs/2108.01124 Efficacy of Statistical and Artificial Intelligence-based False Information Cyberattack Detection Models for Connected Vehicles. (1%) Sakib Mahmud Khan; Gurcan Comert; Mashrur Chowdhury http://arxiv.org/abs/2108.00401 Advances in adversarial attacks and defenses in computer vision: A survey. (92%) Naveed Akhtar; Ajmal Mian; Navid Kardan; Mubarak Shah http://arxiv.org/abs/2108.00491 Certified Defense via Latent Space Randomized Smoothing with Orthogonal Encoders. (80%) Huimin Zeng; Jiahao Su; Furong Huang http://arxiv.org/abs/2108.00422 An Effective and Robust Detector for Logo Detection. (70%) Xiaojun Jia; Huanqian Yan; Yonglin Wu; Xingxing Wei; Xiaochun Cao; Yong Zhang http://arxiv.org/abs/2108.00402 Style Curriculum Learning for Robust Medical Image Segmentation. (2%) Zhendong Liu; Van Manh; Xin Yang; Xiaoqiong Huang; Karim Lekadir; Víctor Campello; Nishant Ravikumar; Alejandro F Frangi; Dong Ni http://arxiv.org/abs/2108.00180 Delving into Deep Image Prior for Adversarial Defense: A Novel Reconstruction-based Defense Framework. (99%) Li Ding; Yongwei Wang; Xin Ding; Kaiwen Yuan; Ping Wang; Hua Huang; Z. Jane Wang http://arxiv.org/abs/2108.00213 Adversarial Robustness of Deep Code Comment Generation. (99%) Yu Zhou; Xiaoqing Zhang; Juanjuan Shen; Tingting Han; Taolue Chen; Harald Gall http://arxiv.org/abs/2108.00335 Towards Adversarially Robust and Domain Generalizable Stereo Matching by Rethinking DNN Feature Backbones. (93%) Kelvin Cheng; Christopher Healey; Tianfu Wu http://arxiv.org/abs/2108.00146 T$_k$ML-AP: Adversarial Attacks to Top-$k$ Multi-Label Learning. (81%) Shu Hu; Lipeng Ke; Xin Wang; Siwei Lyu http://arxiv.org/abs/2108.00352 BadEncoder: Backdoor Attacks to Pre-trained Encoders in Self-Supervised Learning. (67%) Jinyuan Jia; Yupei Liu; Neil Zhenqiang Gong http://arxiv.org/abs/2108.00295 Fair Representation Learning using Interpolation Enabled Disentanglement. (1%) Akshita Jha; Bhanukiran Vinzamuri; Chandan K. Reddy http://arxiv.org/abs/2107.14601 Who's Afraid of Thomas Bayes? (92%) Erick Galinkin http://arxiv.org/abs/2107.14642 Practical Attacks on Voice Spoofing Countermeasures. (86%) Andre Kassis; Urs Hengartner http://arxiv.org/abs/2107.14569 Can You Hear It? Backdoor Attacks via Ultrasonic Triggers. (50%) Stefanos Koffas; Jing Xu; Mauro Conti; Stjepan Picek http://arxiv.org/abs/2107.14756 Unveiling the potential of Graph Neural Networks for robust Intrusion Detection. (13%) David Pujol-Perich; José Suárez-Varela; Albert Cabellos-Aparicio; Pere Barlet-Ros http://arxiv.org/abs/2107.14185 Feature Importance-aware Transferable Adversarial Attacks. (99%) Zhibo Wang; Hengchang Guo; Zhifei Zhang; Wenxin Liu; Zhan Qin; Kui Ren http://arxiv.org/abs/2107.14110 Enhancing Adversarial Robustness via Test-time Transformation Ensembling. (98%) Juan C. Pérez; Motasem Alfarra; Guillaume Jeanneret; Laura Rueda; Ali Thabet; Bernard Ghanem; Pablo Arbeláez http://arxiv.org/abs/2107.13962 The Robustness of Graph k-shell Structure under Adversarial Attacks. (93%) B. Zhou; Y. Q. Lv; Y. C. Mao; J. H. Wang; S. Q. Yu; Q. Xuan http://arxiv.org/abs/2107.13876 Understanding the Effects of Adversarial Personalized Ranking Optimization Method on Recommendation Quality. (31%) Vito Walter Anelli; Yashar Deldjoo; Noia Tommaso Di; Felice Antonio Merra http://arxiv.org/abs/2107.14344 Towards robust vision by multi-task learning on monkey visual cortex. (3%) Shahd Safarani; Arne Nix; Konstantin Willeke; Santiago A. Cadena; Kelli Restivo; George Denfield; Andreas S. Tolias; Fabian H. Sinz http://arxiv.org/abs/2107.13639 Imbalanced Adversarial Training with Reweighting. (86%) Wentao Wang; Han Xu; Xiaorui Liu; Yaxin Li; Bhavani Thuraisingham; Jiliang Tang http://arxiv.org/abs/2107.13541 Towards Robustness Against Natural Language Word Substitutions. (73%) Xinshuai Dong; Anh Tuan Luu; Rongrong Ji; Hong Liu http://arxiv.org/abs/2107.13491 Models of Computational Profiles to Study the Likelihood of DNN Metamorphic Test Cases. (67%) Ettore Merlo; Mira Marhaba; Foutse Khomh; Houssem Ben Braiek; Giuliano Antoniol http://arxiv.org/abs/2107.13335 WaveCNet: Wavelet Integrated CNNs to Suppress Aliasing Effect for Noise-Robust Image Classification. (15%) Qiufu Li; Linlin Shen; Sheng Guo; Zhihui Lai http://arxiv.org/abs/2107.13190 TableGAN-MCA: Evaluating Membership Collisions of GAN-Synthesized Tabular Data Releasing. (2%) Aoting Hu; Renjie Xie; Zhigang Lu; Aiqun Hu; Minhui Xue http://arxiv.org/abs/2107.12732 Towards Black-box Attacks on Deep Learning Apps. (89%) Hongchen Cao; Shuai Li; Yuming Zhou; Ming Fan; Xuejiao Zhao; Yutian Tang http://arxiv.org/abs/2107.12612 Poisoning Online Learning Filters: DDoS Attacks and Countermeasures. (50%) Wesley Joon-Wie Tann; Ee-Chien Chang http://arxiv.org/abs/2107.12873 PDF-Malware: An Overview on Threats, Detection and Evasion Attacks. (8%) Nicolas Fleury; Theo Dubrunquez; Ihsen Alouani http://arxiv.org/abs/2107.11986 Benign Adversarial Attack: Tricking Models for Goodness. (99%) Jitao Sang; Xian Zhao; Jiaming Zhang; Zhiyu Lin http://arxiv.org/abs/2107.12085 Learning to Adversarially Blur Visual Object Tracking. (98%) Qing Guo; Ziyi Cheng; Felix Juefei-Xu; Lei Ma; Xiaofei Xie; Yang Liu; Jianjun Zhao http://arxiv.org/abs/2107.12473 Adversarial Attacks with Time-Scale Representations. (96%) Alberto Santamaria-Pang; Jianwei Qiu; Aritra Chowdhury; James Kubricht; Peter Tu; Iyer Naresh; Nurali Virani http://arxiv.org/abs/2107.11671 Adversarial training may be a double-edged sword. (99%) Ali Rahmati; Seyed-Mohsen Moosavi-Dezfooli; Huaiyu Dai http://arxiv.org/abs/2107.11630 Detecting Adversarial Examples Is (Nearly) As Hard As Classifying Them. (98%) Florian Tramèr http://arxiv.org/abs/2107.11652 Stress Test Evaluation of Biomedical Word Embeddings. (73%) Vladimir Araujo; Andrés Carvallo; Carlos Aspillaga; Camilo Thorne; Denis Parra http://arxiv.org/abs/2107.11576 X-GGM: Graph Generative Modeling for Out-of-Distribution Generalization in Visual Question Answering. (1%) Jingjing Jiang; Ziyi Liu; Yifan Liu; Zhixiong Nan; Nanning Zheng http://arxiv.org/abs/2107.11275 A Differentiable Language Model Adversarial Attack on Text Classifiers. (99%) Ivan Fursov; Alexey Zaytsev; Pavel Burnyshev; Ekaterina Dmitrieva; Nikita Klyuchnikov; Andrey Kravchenko; Ekaterina Artemova; Evgeny Burnaev http://arxiv.org/abs/2107.11327 Structack: Structure-based Adversarial Attacks on Graph Neural Networks. (86%) Hussain Hussain; Tomislav Duricic; Elisabeth Lex; Denis Helic; Markus Strohmaier; Roman Kern http://arxiv.org/abs/2107.11252 Adversarial Reinforced Instruction Attacker for Robust Vision-Language Navigation. (45%) Bingqian Lin; Yi Zhu; Yanxin Long; Xiaodan Liang; Qixiang Ye; Liang Lin http://arxiv.org/abs/2107.11472 Clipped Hyperbolic Classifiers Are Super-Hyperbolic Classifiers. (8%) Yunhui Guo; Xudong Wang; Yubei Chen; Stella X. Yu http://arxiv.org/abs/2107.10873 On the Certified Robustness for Ensemble Models and Beyond. (99%) Zhuolin Yang; Linyi Li; Xiaojun Xu; Bhavya Kailkhura; Tao Xie; Bo Li http://arxiv.org/abs/2107.10480 Unsupervised Detection of Adversarial Examples with Model Explanations. (99%) Gihyuk Ko; Gyumin Lim http://arxiv.org/abs/2107.12173 Membership Inference Attack and Defense for Wireless Signal Classifiers with Deep Learning. (83%) Yi Shi; Yalin E. Sagduyu http://arxiv.org/abs/2107.10599 Towards Explaining Adversarial Examples Phenomenon in Artificial Neural Networks. (75%) Ramin Barati; Reza Safabakhsh; Mohammad Rahmati http://arxiv.org/abs/2107.10989 Estimating Predictive Uncertainty Under Program Data Distribution Shift. (1%) Yufei Li; Simin Chen; Wei Yang http://arxiv.org/abs/2107.10457 Ready for Emerging Threats to Recommender Systems? A Graph Convolution-based Generative Shilling Attack. (1%) Fan Wu; Min Gao; Junliang Yu; Zongwei Wang; Kecheng Liu; Xu Wange http://arxiv.org/abs/2107.09937 Fast and Scalable Adversarial Training of Kernel SVM via Doubly Stochastic Gradients. (98%) Huimin Wu; Zhengmian Hu; Bin Gu http://arxiv.org/abs/2107.10137 Improved Text Classification via Contrastive Adversarial Training. (84%) Lin Pan; Chung-Wei Hang; Avirup Sil; Saloni Potdar http://arxiv.org/abs/2107.10174 Black-box Probe for Unsupervised Domain Adaptation without Model Transferring. (81%) Kunhong Wu; Yucheng Shi; Yahong Han; Yunfeng Shao; Bingshuai Li http://arxiv.org/abs/2107.09898 Defending against Reconstruction Attack in Vertical Federated Learning. (10%) Jiankai Sun; Yuanshun Yao; Weihao Gao; Junyuan Xie; Chong Wang http://arxiv.org/abs/2107.10139 Generative Models for Security: Attacks, Defenses, and Opportunities. (10%) Luke A. Bauer; Vincent Bindschaedler http://arxiv.org/abs/2107.10045 A Tandem Framework Balancing Privacy and Security for Voice User Interfaces. (5%) Ranya Aloufi; Hamed Haddadi; David Boyle http://arxiv.org/abs/2107.10443 Spinning Sequence-to-Sequence Models with Meta-Backdoors. (4%) Eugene Bagdasaryan; Vitaly Shmatikov http://arxiv.org/abs/2107.10110 On the Convergence of Prior-Guided Zeroth-Order Optimization Algorithms. (2%) Shuyu Cheng; Guoqiang Wu; Jun Zhu http://arxiv.org/abs/2107.09804 Using Undervolting as an On-Device Defense Against Adversarial Machine Learning Attacks. (99%) Saikat Majumdar; Mohammad Hossein Samavatian; Kristin Barber; Radu Teodorescu http://arxiv.org/abs/2107.09258 A Markov Game Model for AI-based Cyber Security Attack Mitigation. (10%) Hooman Alavizadeh; Julian Jang-Jaccard; Tansu Alpcan; Seyit A. Camtepe http://arxiv.org/abs/2107.09833 Leaking Secrets through Modern Branch Predictor in the Speculative World. (1%) Md Hafizul Islam Chowdhuryy; Fan Yao http://arxiv.org/abs/2107.09225 Discriminator-Free Generative Adversarial Attack. (99%) Shaohao Lu; Yuqiao Xian; Ke Yan; Yi Hu; Xing Sun; Xiaowei Guo; Feiyue Huang; Wei-Shi Zheng http://arxiv.org/abs/2107.09502 Feature-Filter: Detecting Adversarial Examples through Filtering off Recessive Features. (99%) Hui Liu; Bo Zhao; Yuefeng Peng; Jiabao Guo; Peng Liu http://arxiv.org/abs/2107.09126 Examining the Human Perceptibility of Black-Box Adversarial Attacks on Face Recognition. (98%) Benjamin Spetter-Goldstein; Nataniel Ruiz; Sarah Adel Bargal http://arxiv.org/abs/2107.09045 On the Veracity of Local, Model-agnostic Explanations in Audio Classification: Targeted Investigations with Adversarial Examples. (80%) Verena Praher; Katharina Prinz; Arthur Flexer; Gerhard Widmer http://arxiv.org/abs/2107.08909 MEGEX: Data-Free Model Extraction Attack against Gradient-Based Explainable AI. (33%) Takayuki Miura; Satoshi Hasegawa; Toshiki Shibahara http://arxiv.org/abs/2107.08688 Structural Watermarking to Deep Neural Networks via Network Channel Pruning. (11%) Xiangyu Zhao; Yinzhe Yao; Hanzhou Wu; Xinpeng Zhang http://arxiv.org/abs/2108.04328 Generative Adversarial Neural Cellular Automata. (1%) Maximilian Otte; Quentin Delfosse; Johannes Czech; Kristian Kersting http://arxiv.org/abs/2107.08767 Improving Interpretability of Deep Neural Networks in Medical Diagnosis by Investigating the Individual Units. (1%) Woo-Jeoung Nam; Seong-Whan Lee http://arxiv.org/abs/2107.09044 Just Train Twice: Improving Group Robustness without Training Group Information. (1%) Evan Zheran Liu; Behzad Haghgoo; Annie S. Chen; Aditi Raghunathan; Pang Wei Koh; Shiori Sagawa; Percy Liang; Chelsea Finn http://arxiv.org/abs/2107.08402 RobustFed: A Truth Inference Approach for Robust Federated Learning. (1%) Farnaz Tahmasebian; Jian Lou; Li Xiong http://arxiv.org/abs/2107.08189 BEDS-Bench: Behavior of EHR-models under Distributional Shift--A Benchmark. (9%) Anand Avati; Martin Seneviratne; Emily Xue; Zhen Xu; Balaji Lakshminarayanan; Andrew M. Dai http://arxiv.org/abs/2107.07737 EGC2: Enhanced Graph Classification with Easy Graph Compression. (89%) Jinyin Chen; Haiyang Xiong; Haibin Zhenga; Dunjie Zhang; Jian Zhang; Mingwei Jia; Yi Liu http://arxiv.org/abs/2107.08821 Proceedings of ICML 2021 Workshop on Theoretic Foundation, Criticism, and Application Trend of Explainable AI. (1%) Quanshi Zhang; Tian Han; Lixin Fan; Zhanxing Zhu; Hang Su; Ying Nian Wu; Jie Ren; Hao Zhang http://arxiv.org/abs/2107.07610 Self-Supervised Contrastive Learning with Adversarial Perturbations for Defending Word Substitution-based Attacks. (99%) Zhao Meng; Yihan Dong; Mrinmaya Sachan; Roger Wattenhofer http://arxiv.org/abs/2107.07449 Adversarial Attacks on Multi-task Visual Perception for Autonomous Driving. (98%) Ibrahim Sobh; Ahmed Hamed; Varun Ravi Kumar; Senthil Yogamani http://arxiv.org/abs/2107.07677 ECG-Adv-GAN: Detecting ECG Adversarial Examples with Conditional Generative Adversarial Networks. (92%) Khondker Fariha Hossain; Sharif Amit Kamran; Alireza Tavakkoli; Lei Pan; Xingjun Ma; Sutharshan Rajasegarar; Chandan Karmaker http://arxiv.org/abs/2107.07618 Adversarial Attack for Uncertainty Estimation: Identifying Critical Regions in Neural Networks. (80%) Ismail Alarab; Simant Prakoonwit http://arxiv.org/abs/2107.07240 Subnet Replacement: Deployment-stage backdoor attack against deep neural networks in gray-box setting. (16%) Xiangyu Qi; Jifeng Zhu; Chulin Xie; Yong Yang http://arxiv.org/abs/2107.07150 Tailor: Generating and Perturbing Text with Semantic Controls. (3%) Alexis Ross; Tongshuang Wu; Hao Peng; Matthew E. Peters; Matt Gardner http://arxiv.org/abs/2107.07455 Shifts: A Dataset of Real Distributional Shift Across Multiple Large-Scale Tasks. (1%) Andrey Malinin; Neil Band; Ganshin; Alexander; German Chesnokov; Yarin Gal; Mark J. F. Gales; Alexey Noskov; Andrey Ploskonosov; Liudmila Prokhorenkova; Ivan Provilkov; Vatsal Raina; Vyas Raina; Roginskiy; Denis; Mariya Shmatova; Panos Tigas; Boris Yangel http://arxiv.org/abs/2107.06501 AdvFilter: Predictive Perturbation-aware Filtering against Adversarial Attack via Multi-domain Learning. (99%) Yihao Huang; Qing Guo; Felix Juefei-Xu; Lei Ma; Weikai Miao; Yang Liu; Geguang Pu http://arxiv.org/abs/2107.06882 Conservative Objective Models for Effective Offline Model-Based Optimization. (67%) Brandon Trabucco; Aviral Kumar; Xinyang Geng; Sergey Levine http://arxiv.org/abs/2107.06456 AID-Purifier: A Light Auxiliary Network for Boosting Adversarial Defense. (88%) Duhun Hwang; Eunjung Lee; Wonjong Rhee http://arxiv.org/abs/2107.06400 Using BERT Encoding to Tackle the Mad-lib Attack in SMS Spam Detection. (69%) Sergio Rojas-Galeano http://arxiv.org/abs/2107.06158 Correlation Analysis between the Robustness of Sparse Neural Networks and their Random Hidden Structural Priors. (41%) M. Ben Amor; J. Stier; M. Granitzer http://arxiv.org/abs/2107.06217 What classifiers know what they don't? (1%) Mohamed Ishmael Belghazi; David Lopez-Paz http://arxiv.org/abs/2107.05754 EvoBA: An Evolution Strategy as a Strong Baseline forBlack-Box Adversarial Attacks. (99%) Andrei Ilie; Marius Popescu; Alin Stefanescu http://arxiv.org/abs/2107.05780 Detect and Defense Against Adversarial Examples in Deep Learning using Natural Scene Statistics and Adaptive Denoising. (99%) Anouar Kherchouche; Sid Ahmed Fezza; Wassim Hamidouche http://arxiv.org/abs/2107.05222 Perceptual-based deep-learning denoiser as a defense against adversarial attacks on ASR systems. (96%) Anirudh Sreeram; Nicholas Mehlman; Raghuveer Peri; Dillon Knox; Shrikanth Narayanan http://arxiv.org/abs/2107.05243 Putting words into the system's mouth: A targeted attack on neural machine translation using monolingual data poisoning. (81%) Jun Wang; Chang Xu; Francisco Guzman; Ahmed El-Kishky; Yuqing Tang; Benjamin I. P. Rubinstein; Trevor Cohn http://arxiv.org/abs/2107.05712 A Closer Look at the Adversarial Robustness of Information Bottleneck Models. (70%) Iryna Korshunova; David Stutz; Alexander A. Alemi; Olivia Wiles; Sven Gowal http://arxiv.org/abs/2107.05747 SoftHebb: Bayesian inference in unsupervised Hebbian soft winner-take-all networks. (56%) Timoleon Moraitis; Dmitry Toichkin; Yansong Chua; Qinghai Guo http://arxiv.org/abs/2107.10302 Adversarial for Good? How the Adversarial ML Community's Values Impede Socially Beneficial Uses of Attacks. (76%) Kendra Albert; Maggie Delano; Bogdan Kulynych; Ram Shankar Siva Kumar http://arxiv.org/abs/2107.05166 Stateful Detection of Model Extraction Attacks. (2%) Soham Pal; Yash Gupta; Aditya Kanade; Shirish Shevade http://arxiv.org/abs/2107.05127 Attack Rules: An Adversarial Approach to Generate Attacks for Industrial Control Systems using Machine Learning. (1%) Muhammad Azmi Umer; Chuadhry Mujeeb Ahmed; Muhammad Taha Jilani; Aditya P. Mathur http://arxiv.org/abs/2107.04764 Hack The Box: Fooling Deep Learning Abstraction-Based Monitors. (91%) Sara Hajj Ibrahim; Mohamed Nassar http://arxiv.org/abs/2107.04863 HOMRS: High Order Metamorphic Relations Selector for Deep Neural Networks. (88%) Florian Tambon; Giulio Antoniol; Foutse Khomh http://arxiv.org/abs/2107.04827 Identifying Layers Susceptible to Adversarial Attacks. (83%) Shoaib Ahmed Siddiqui; Thomas Breuel http://arxiv.org/abs/2107.04882 Out of Distribution Detection and Adversarial Attacks on Deep Neural Networks for Robust Medical Image Analysis. (22%) Anisie Uwimana1; Ransalu Senanayake http://arxiv.org/abs/2107.04910 Cyber-Security Challenges in Aviation Industry: A Review of Current and Future Trends. (1%) Elochukwu Ukwandu; Mohamed Amine Ben Farah; Hanan Hindy; Miroslav Bures; Robert Atkinson; Christos Tachtatzis; Xavier Bellekens http://arxiv.org/abs/2107.04435 Learning to Detect Adversarial Examples Based on Class Scores. (99%) Tobias Uelwer; Felix Michels; Candido Oliver De http://arxiv.org/abs/2107.04749 Resilience of Autonomous Vehicle Object Category Detection to Universal Adversarial Perturbations. (99%) Mohammad Nayeem Teli; Seungwon Oh http://arxiv.org/abs/2107.04284 Universal 3-Dimensional Perturbations for Black-Box Attacks on Video Recognition Systems. (99%) Shangyu Xie; Han Wang; Yu Kong; Yuan Hong http://arxiv.org/abs/2107.07043 GGT: Graph-Guided Testing for Adversarial Sample Detection of Deep Neural Network. (98%) Zuohui Chen; Renxuan Wang; Jingyang Xiang; Yue Yu; Xin Xia; Shouling Ji; Qi Xuan; Xiaoniu Yang http://arxiv.org/abs/2107.04263 Towards Robust General Medical Image Segmentation. (83%) Laura Daza; Juan C. Pérez; Pablo Arbeláez http://arxiv.org/abs/2107.04487 ARC: Adversarially Robust Control Policies for Autonomous Vehicles. (38%) Sampo Kuutti; Saber Fallah; Richard Bowden http://arxiv.org/abs/2107.03806 Output Randomization: A Novel Defense for both White-box and Black-box Adversarial Models. (99%) Daniel Park; Haidar Khan; Azer Khan; Alex Gittens; Bülent Yener http://arxiv.org/abs/2107.04401 Improving Model Robustness with Latent Distribution Locally and Globally. (99%) Zhuang Qian; Shufei Zhang; Kaizhu Huang; Qiufeng Wang; Rui Zhang; Xinping Yi http://arxiv.org/abs/2107.03759 Analytically Tractable Hidden-States Inference in Bayesian Neural Networks. (50%) Luong-Ha Nguyen; James-A. Goulet http://arxiv.org/abs/2107.03919 Understanding the Limits of Unsupervised Domain Adaptation via Data Poisoning. (33%) Akshay Mehra; Bhavya Kailkhura; Pin-Yu Chen; Jihun Hamm http://arxiv.org/abs/2107.03050 Controlled Caption Generation for Images Through Adversarial Attacks. (99%) Nayyer Aafaq; Naveed Akhtar; Wei Liu; Mubarak Shah; Ajmal Mian http://arxiv.org/abs/2107.03250 Incorporating Label Uncertainty in Understanding Adversarial Robustness. (38%) Xiao Zhang; David Evans http://arxiv.org/abs/2107.03311 RoFL: Attestable Robustness for Secure Federated Learning. (2%) Lukas Burkhalter; Hidde Lycklama; Alexander Viand; Nicolas Küchler; Anwar Hithnawi http://arxiv.org/abs/2107.02425 GradDiv: Adversarial Robustness of Randomized Neural Networks via Gradient Diversity Regularization. (99%) Sungyoon Lee; Hoki Kim; Jaewook Lee http://arxiv.org/abs/2107.02434 Self-Adversarial Training incorporating Forgery Attention for Image Forgery Localization. (95%) Long Zhuo; Shunquan Tan; Bin Li; Jiwu Huang http://arxiv.org/abs/2108.04217 ROPUST: Improving Robustness through Fine-tuning with Photonic Processors and Synthetic Gradients. (76%) Alessandro Cappelli; Julien Launay; Laurent Meunier; Ruben Ohana; Iacopo Poli http://arxiv.org/abs/2107.02658 On Generalization of Graph Autoencoders with Adversarial Training. (12%) Tianjin huang; Yulong Pei; Vlado Menkovski; Mykola Pechenizkiy http://arxiv.org/abs/2107.02488 On Robustness of Lane Detection Models to Physical-World Adversarial Attacks in Autonomous Driving. (1%) Takami Sato; Qi Alfred Chen http://arxiv.org/abs/2107.01943 When and How to Fool Explainable Models (and Humans) with Adversarial Examples. (99%) Jon Vadillo; Roberto Santana; Jose A. Lozano http://arxiv.org/abs/2107.01809 Boosting Transferability of Targeted Adversarial Examples via Hierarchical Generative Networks. (99%) Xiao Yang; Yinpeng Dong; Tianyu Pang; Hang Su; Jun Zhu http://arxiv.org/abs/2107.01936 Adversarial Robustness of Probabilistic Network Embedding for Link Prediction. (87%) Xi Chen; Bo Kang; Jefrey Lijffijt; Bie Tijl De http://arxiv.org/abs/2107.02052 Dealing with Adversarial Player Strategies in the Neural Network Game iNNk through Ensemble Learning. (69%) Mathias Löwe; Jennifer Villareale; Evan Freed; Aleksanteri Sladek; Jichen Zhu; Sebastian Risi http://arxiv.org/abs/2107.02045 Understanding the Security of Deepfake Detection. (33%) Xiaoyu Cao; Neil Zhenqiang Gong http://arxiv.org/abs/2107.01806 Evaluating the Cybersecurity Risk of Real World, Machine Learning Production Systems. (15%) Ron Bitton; Nadav Maman; Inderjeet Singh; Satoru Momiyama; Yuval Elovici; Asaf Shabtai http://arxiv.org/abs/2107.01854 Poisoning Attack against Estimating from Pairwise Comparisons. (15%) Ke Ma; Qianqian Xu; Jinshan Zeng; Xiaochun Cao; Qingming Huang http://arxiv.org/abs/2107.06993 Confidence Conditioned Knowledge Distillation. (10%) Sourav Mishra; Suresh Sundaram http://arxiv.org/abs/2107.01561 Certifiably Robust Interpretation via Renyi Differential Privacy. (67%) Ao Liu; Xiaoyu Chen; Sijia Liu; Lirong Xia; Chuang Gan http://arxiv.org/abs/2107.01709 Mirror Mirror on the Wall: Next-Generation Wireless Jamming Attacks Based on Software-Controlled Surfaces. (1%) Paul Staat; Harald Elders-Boll; Christian Zenger; Christof Paar http://arxiv.org/abs/2107.01396 Demiguise Attack: Crafting Invisible Semantic Adversarial Perturbations with Perceptual Similarity. (99%) Yajie Wang; Shangbo Wu; Wenyi Jiang; Shengang Hao; Yu-an Tan; Quanxin Zhang http://arxiv.org/abs/2107.00561 Using Anomaly Feature Vectors for Detecting, Classifying and Warning of Outlier Adversarial Examples. (99%) Nelson Manohar-Alers; Ryan Feng; Sahib Singh; Jiguo Song; Atul Prakash http://arxiv.org/abs/2107.00415 DVS-Attacks: Adversarial Attacks on Dynamic Vision Sensors for Spiking Neural Networks. (99%) Alberto Marchisio; Giacomo Pira; Maurizio Martina; Guido Masera; Muhammad Shafique http://arxiv.org/abs/2107.00440 CLINE: Contrastive Learning with Semantic Negative Examples for Natural Language Understanding. (68%) Dong Wang; Ning Ding; Piji Li; Hai-Tao Zheng http://arxiv.org/abs/2107.00309 Adversarial Sample Detection for Speaker Verification by Neural Vocoders. (41%) Haibin Wu; Po-chun Hsu; Ji Gao; Shanshan Zhang; Shen Huang; Jian Kang; Zhiyong Wu; Helen Meng; Hung-yi Lee http://arxiv.org/abs/2107.00247 The Interplay between Distribution Parameters and the Accuracy-Robustness Tradeoff in Classification. (16%) Alireza Mousavi Hosseini; Amir Mohammad Abouei; Mohammad Hossein Rohban http://arxiv.org/abs/2107.00783 Reinforcement Learning for Feedback-Enabled Cyber Resilience. (10%) Yunhan Huang; Linan Huang; Quanyan Zhu http://arxiv.org/abs/2106.15998 Single-Step Adversarial Training for Semantic Segmentation. (96%) Daniel Wiens; Barbara Hammer http://arxiv.org/abs/2106.16198 Adversarial examples within the training distribution: A widespread challenge. (93%) Spandan Madan; Tomotake Sasaki; Hanspeter Pfister; Tzu-Mao Li; Xavier Boix http://arxiv.org/abs/2106.15860 Understanding Adversarial Attacks on Observations in Deep Reinforcement Learning. (84%) You Qiaoben; Chengyang Ying; Xinning Zhou; Hang Su; Jun Zhu; Bo Zhang http://arxiv.org/abs/2106.15820 Explanation-Guided Diagnosis of Machine Learning Evasion Attacks. (82%) Abderrahmen Amich; Birhanu Eshete http://arxiv.org/abs/2107.02897 Bi-Level Poisoning Attack Model and Countermeasure for Appliance Consumption Data of Smart Homes. (8%) Mustain Billah; Adnan Anwar; Ziaur Rahman; Syed Md. Galib http://arxiv.org/abs/2106.15850 Exploring Robustness of Neural Networks through Graph Measures. (8%) Asim Rowan University Waqas; Ghulam Rowan University Rasool; Hamza University of Minnesota Farooq; Nidhal C. Rowan University Bouaynaya http://arxiv.org/abs/2106.15890 A Context-Aware Information-Based Clone Node Attack Detection Scheme in Internet of Things. (1%) Khizar Hameed; Saurabh Garg; Muhammad Bilal Amin; Byeong Kang; Abid Khan http://arxiv.org/abs/2106.15853 Understanding and Improving Early Stopping for Learning with Noisy Labels. (1%) Yingbin Bai; Erkun Yang; Bo Han; Yanhua Yang; Jiatong Li; Yinian Mao; Gang Niu; Tongliang Liu http://arxiv.org/abs/2107.02894 Adversarial Machine Learning for Cybersecurity and Computer Vision: Current Developments and Challenges. (99%) Bowei Xi http://arxiv.org/abs/2107.00003 Understanding Adversarial Examples Through Deep Neural Network's Response Surface and Uncertainty Regions. (99%) Juan Shu; Bowei Xi; Charles Kamhoua http://arxiv.org/abs/2106.15360 Attack Transferability Characterization for Adversarially Robust Multi-label Classification. (99%) Zhuo Yang; Yufei Han; Xiangliang Zhang http://arxiv.org/abs/2106.15202 Inconspicuous Adversarial Patches for Fooling Image Recognition Systems on Mobile Devices. (99%) Tao Bai; Jinqi Luo; Jun Zhao http://arxiv.org/abs/2107.02895 Bio-Inspired Adversarial Attack Against Deep Neural Networks. (98%) Bowei Xi; Yujie Chen; Fan Fei; Zhan Tu; Xinyan Deng http://arxiv.org/abs/2106.15130 Do Not Deceive Your Employer with a Virtual Background: A Video Conferencing Manipulation-Detection System. (62%) Mauro Conti; Simone Milani; Ehsan Nowroozi; Gabriele Orazi http://arxiv.org/abs/2106.15764 The Threat of Offensive AI to Organizations. (54%) Yisroel Mirsky; Ambra Demontis; Jaidip Kotak; Ram Shankar; Deng Gelei; Liu Yang; Xiangyu Zhang; Wenke Lee; Yuval Elovici; Battista Biggio http://arxiv.org/abs/2106.15776 Local Reweighting for Adversarial Training. (22%) Ruize Gao; Feng Liu; Kaiwen Zhou; Gang Niu; Bo Han; James Cheng http://arxiv.org/abs/2106.15355 On the Interaction of Belief Bias and Explanations. (15%) Ana Valeria Gonzalez; Anna Rogers; Anders Søgaard http://arxiv.org/abs/2106.14815 Feature Importance Guided Attack: A Model Agnostic Adversarial Attack. (99%) Gilad Gressel; Niranjan Hegde; Archana Sreekumar; Michael Darling http://arxiv.org/abs/2106.15023 Evading Adversarial Example Detection Defenses with Orthogonal Projected Gradient Descent. (99%) Oliver Bryniarski; Nabeel Hingun; Pedro Pachuca; Vincent Wang; Nicholas Carlini http://arxiv.org/abs/2106.15058 Improving Transferability of Adversarial Patches on Face Recognition with Generative Models. (99%) Zihao Xiao; Xianfeng Gao; Chilin Fu; Yinpeng Dong; Wei Gao; Xiaolu Zhang; Jun Zhou; Jun Zhu http://arxiv.org/abs/2106.14851 Data Poisoning Won't Save You From Facial Recognition. (97%) Evani Radiya-Dixit; Florian Tramèr http://arxiv.org/abs/2106.14952 Adversarial Robustness of Streaming Algorithms through Importance Sampling. (61%) Vladimir Braverman; Avinatan Hassidim; Yossi Matias; Mariano Schain; Sandeep Silwal; Samson Zhou http://arxiv.org/abs/2106.14999 Test-Time Adaptation to Distribution Shift by Confidence Maximization and Input Transformation. (2%) Chaithanya Kumar Mummadi; Robin Hutmacher; Kilian Rambach; Evgeny Levinkov; Thomas Brox; Jan Hendrik Metzen http://arxiv.org/abs/2106.14432 Certified Robustness via Randomized Smoothing over Multiplicative Parameters. (1%) Nikita Muravev; Aleksandr Petiushko http://arxiv.org/abs/2106.14707 Realtime Robust Malicious Traffic Detection via Frequency Domain Analysis. (1%) Chuanpu Fu; Qi Li; Meng Shen; Ke Xu http://arxiv.org/abs/2107.02840 RAILS: A Robust Adversarial Immune-inspired Learning System. (98%) Ren Wang; Tianqi Chen; Stephen Lindsly; Cooper Stansbury; Alnawaz Rehemtulla; Indika Rajapakse; Alfred Hero http://arxiv.org/abs/2106.14152 Who is Responsible for Adversarial Defense? (93%) Kishor Datta Gupta; Dipankar Dasgupta http://arxiv.org/abs/2106.14300 ASK: Adversarial Soft k-Nearest Neighbor Attack and Defense. (82%) Ren Wang; Tianqi Chen; Philip Yao; Sijia Liu; Indika Rajapakse; Alfred Hero http://arxiv.org/abs/2107.02842 Immuno-mimetic Deep Neural Networks (Immuno-Net). (64%) Ren Wang; Tianqi Chen; Stephen Lindsly; Cooper Stansbury; Indika Rajapakse; Alfred Hero http://arxiv.org/abs/2106.14342 Stabilizing Equilibrium Models by Jacobian Regularization. (1%) Shaojie Bai; Vladlen Koltun; J. Zico Kolter http://arxiv.org/abs/2106.15357 Multi-stage Optimization based Adversarial Training. (99%) Xiaosen Wang; Chuanbiao Song; Liwei Wang; Kun He http://arxiv.org/abs/2106.13997 The Feasibility and Inevitability of Stealth Attacks. (69%) Ivan Y. Tyukin; Desmond J. Higham; Eliyas Woldegeorgis; Alexander N. Gorban http://arxiv.org/abs/2106.13326 On the (Un-)Avoidability of Adversarial Examples. (99%) Sadia Chowdhury; Ruth Urner http://arxiv.org/abs/2106.13394 Countering Adversarial Examples: Combining Input Transformation and Noisy Training. (99%) Cheng Zhang; Pan Gao http://arxiv.org/abs/2106.13123 Break it, Fix it: Attack and Defense for "Add-on'' Access Control Solutions in Distributed Data Analytics Platforms. (8%) Fahad Data Security Technologies Shaon; Sazzadur University of Arizona Rahaman; Murat Data Security Technologies Kantarcioglu http://arxiv.org/abs/2106.12611 Adversarial Examples in Multi-Layer Random ReLU Networks. (81%) Peter L. Bartlett; Sébastien Bubeck; Yeshwanth Cherapanamjeri http://arxiv.org/abs/2106.12478 Teacher Model Fingerprinting Attacks Against Transfer Learning. (2%) Yufei Chen; Chao Shen; Cong Wang; Yang Zhang http://arxiv.org/abs/2106.12723 Meaningfully Explaining Model Mistakes Using Conceptual Counterfactuals. (1%) Abubakar Abid; Mert Yuksekgonul; James Zou http://arxiv.org/abs/2106.12563 Feature Attributions and Counterfactual Explanations Can Be Manipulated. (1%) Dylan Slack; Sophie Hilgard; Sameer Singh; Himabindu Lakkaraju http://arxiv.org/abs/2106.12021 DetectX -- Adversarial Input Detection using Current Signatures in Memristive XBar Arrays. (99%) Abhishek Moitra; Priyadarshini Panda http://arxiv.org/abs/2106.11644 Self-Supervised Iterative Contextual Smoothing for Efficient Adversarial Defense against Gray- and Black-Box Attack. (99%) Sungmin Cha; Naeun Ko; Youngjoon Yoo; Taesup Moon http://arxiv.org/abs/2106.12900 Long-term Cross Adversarial Training: A Robust Meta-learning Method for Few-shot Classification Tasks. (83%) Fan Liu; Shuyu Zhao; Xuelong Dai; Bin Xiao http://arxiv.org/abs/2106.11629 On Adversarial Robustness of Synthetic Code Generation. (81%) Mrinal Anand; Pratik Kayal; Mayank Singh http://arxiv.org/abs/2106.11865 NetFense: Adversarial Defenses against Privacy Attacks on Neural Networks for Graph Data. (67%) I-Chung Hsieh; Cheng-Te Li http://arxiv.org/abs/2106.11732 FLEA: Provably Robust Fair Multisource Learning from Unreliable Training Data. (1%) Eugenia Iofinova; Nikola Konstantinov; Christoph H. Lampert http://arxiv.org/abs/2106.11420 Policy Smoothing for Provably Robust Reinforcement Learning. (99%) Aounon Kumar; Alexander Levine; Soheil Feizi http://arxiv.org/abs/2106.10996 Delving into the pixels of adversarial samples. (98%) Blerta Lindqvist http://arxiv.org/abs/2106.11424 HODA: Hardness-Oriented Detection of Model Extraction Attacks. (98%) Amir Mahdi Sadeghzadeh; Amir Mohammad Sobhanian; Faezeh Dehghan; Rasool Jalili http://arxiv.org/abs/2106.10974 Friendly Training: Neural Networks Can Adapt Data To Make Learning Easier. (91%) Simone Marullo; Matteo Tiezzi; Marco Gori; Stefano Melacci http://arxiv.org/abs/2106.11384 Membership Inference on Word Embedding and Beyond. (38%) Saeed Mahloujifar; Huseyin A. Inan; Melissa Chase; Esha Ghosh; Marcello Hasegawa http://arxiv.org/abs/2106.11478 An Alternative Auxiliary Task for Enhancing Image Classification. (11%) Chen Liu http://arxiv.org/abs/2106.14647 Zero-shot learning approach to adaptive Cybersecurity using Explainable AI. (1%) Dattaraj Rao; Shraddha Mane http://arxiv.org/abs/2106.10807 Adversarial Examples Make Strong Poisons. (98%) Liam Fowl; Micah Goldblum; Ping-yeh Chiang; Jonas Geiping; Wojtek Czaja; Tom Goldstein http://arxiv.org/abs/2106.10785 Adversarial Attack on Graph Neural Networks as An Influence Maximization Problem. (95%) Jiaqi Ma; Junwei Deng; Qiaozhu Mei http://arxiv.org/abs/2106.10696 Generative Model Adversarial Training for Deep Compressed Sensing. (8%) Ashkan Esmaeili http://arxiv.org/abs/2106.10606 Attack to Fool and Explain Deep Networks. (99%) Naveed Akhtar; Muhammad A. A. K. Jalwana; Mohammed Bennamoun; Ajmal Mian http://arxiv.org/abs/2106.11760 A Stealthy and Robust Fingerprinting Scheme for Generative Models. (47%) Li Guanlin; Guo Shangwei; Wang Run; Xu Guowen; Zhang Tianwei http://arxiv.org/abs/2106.10212 Residual Error: a New Performance Measure for Adversarial Robustness. (99%) Hossein Aboutalebi; Mohammad Javad Shafiee; Michelle Karg; Christian Scharfenberger; Alexander Wong http://arxiv.org/abs/2106.09947 Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples. (99%) Maura Pintor; Luca Demetrio; Angelo Sotgiu; Ambra Demontis; Nicholas Carlini; Battista Biggio; Fabio Roli http://arxiv.org/abs/2106.10151 The Dimpled Manifold Model of Adversarial Examples in Machine Learning. (99%) Adi Shamir; Odelia Melamed; Oriel BenShmuel http://arxiv.org/abs/2106.09992 Exploring Counterfactual Explanations Through the Lens of Adversarial Examples: A Theoretical and Empirical Analysis. (99%) Martin Pawelczyk; Chirag Agarwal; Shalmali Joshi; Sohini Upadhyay; Himabindu Lakkaraju http://arxiv.org/abs/2106.09908 Light Lies: Optical Adversarial Attack. (92%) Kyulim Kim; JeongSoo Kim; Seungri Song; Jun-Ho Choi; Chulmin Joo; Jong-Seok Lee http://arxiv.org/abs/2106.09989 BinarizedAttack: Structural Poisoning Attacks to Graph-based Anomaly Detection. (82%) Yulin Zhu; Yuni Lai; Kaifa Zhao; Xiapu Luo; Mingquan Yuan; Jian Ren; Kai Zhou http://arxiv.org/abs/2106.10252 Less is More: Feature Selection for Adversarial Robustness with Compressive Counter-Adversarial Attacks. (80%) Emre Ozfatura; Muhammad Zaid Hameed; Kerem Ozfatura; Deniz Gunduz http://arxiv.org/abs/2106.10324 Group-Structured Adversarial Training. (68%) Farzan Farnia; Amirali Aghazadeh; James Zou; David Tse http://arxiv.org/abs/2106.09993 Accumulative Poisoning Attacks on Real-time Data. (45%) Tianyu Pang; Xiao Yang; Yinpeng Dong; Hang Su; Jun Zhu http://arxiv.org/abs/2106.10147 Evaluating the Robustness of Trigger Set-Based Watermarks Embedded in Deep Neural Networks. (45%) Suyoung Lee; Wonho Song; Suman Jana; Meeyoung Cha; Sooel Son http://arxiv.org/abs/2106.10196 Federated Robustness Propagation: Sharing Adversarial Robustness in Federated Learning. (5%) Junyuan Hong; Haotao Wang; Zhangyang Wang; Jiayu Zhou http://arxiv.org/abs/2106.09872 Analyzing Adversarial Robustness of Deep Neural Networks in Pixel Space: a Semantic Perspective. (99%) Lina Wang; Xingshu Chen; Yulong Wang; Yawei Yue; Yi Zhu; Xuemei Zeng; Wei Wang http://arxiv.org/abs/2106.09898 Bad Characters: Imperceptible NLP Attacks. (99%) Nicholas Boucher; Ilia Shumailov; Ross Anderson; Nicolas Papernot http://arxiv.org/abs/2106.09501 DeepInsight: Interpretability Assisting Detection of Adversarial Samples on Graphs. (99%) Junhao Zhu; Yalu Shan; Jinhuan Wang; Shanqing Yu; Guanrong Chen; Qi Xuan http://arxiv.org/abs/2106.09534 Adversarial Visual Robustness by Causal Intervention. (99%) Kaihua Tang; Mingyuan Tao; Hanwang Zhang http://arxiv.org/abs/2106.09820 Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanning. (92%) Shubham Jain; Ana-Maria Cretu; Montjoye Yves-Alexandre de http://arxiv.org/abs/2106.09249 Invisible for both Camera and LiDAR: Security of Multi-Sensor Fusion based Perception in Autonomous Driving Under Physical-World Attacks. (91%) Yulong *co-first authors Cao*; Ningfei *co-first authors Wang*; Chaowei *co-first authors Xiao*; Dawei *co-first authors Yang*; Jin *co-first authors Fang; Ruigang *co-first authors Yang; Qi Alfred *co-first authors Chen; Mingyan *co-first authors Liu; Bo *co-first authors Li http://arxiv.org/abs/2106.09380 Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems. (82%) Giovanni Apruzzese; Mauro Andreolini; Luca Ferretti; Mirco Marchetti; Michele Colajanni http://arxiv.org/abs/2106.09667 Poisoning and Backdooring Contrastive Learning. (70%) Nicholas Carlini; Andreas Terzis http://arxiv.org/abs/2106.09292 CROP: Certifying Robust Policies for Reinforcement Learning through Functional Smoothing. (69%) Fan Wu; Linyi Li; Zijian Huang; Yevgeniy Vorobeychik; Ding Zhao; Bo Li http://arxiv.org/abs/2106.09242 CoCoFuzzing: Testing Neural Code Models with Coverage-Guided Fuzzing. (64%) Moshi Wei; Yuchao Huang; Jinqiu Yang; Junjie Wang; Song Wang http://arxiv.org/abs/2106.09385 On Deep Neural Network Calibration by Regularization and its Impact on Refinement. (3%) Aditya Singh; Alessandro Bay; Biswa Sengupta; Andrea Mirabile http://arxiv.org/abs/2106.09857 Effective Model Sparsification by Scheduled Grow-and-Prune Methods. (1%) Xiaolong Ma; Minghai Qin; Fei Sun; Zejiang Hou; Kun Yuan; Yi Xu; Yanzhi Wang; Yen-Kuang Chen; Rong Jin; Yuan Xie http://arxiv.org/abs/2106.08746 Real-time Adversarial Perturbations against Deep Reinforcement Learning Policies: Attacks and Defenses. (99%) Buse G. A. Tekgul; Shelly Wang; Samuel Marchal; N. Asokan http://arxiv.org/abs/2106.09222 Localized Uncertainty Attacks. (99%) Ousmane Amadou Dia; Theofanis Karaletsos; Caner Hazirbas; Cristian Canton Ferrer; Ilknur Kaynar Kabul; Erik Meijer http://arxiv.org/abs/2106.09223 Evaluating the Robustness of Bayesian Neural Networks Against Different Types of Attacks. (67%) Yutian Pang; Sheng Cheng; Jueming Hu; Yongming Liu http://arxiv.org/abs/2106.08970 Sleeper Agent: Scalable Hidden Trigger Backdoors for Neural Networks Trained from Scratch. (38%) Hossein Souri; Liam Fowl; Rama Chellappa; Micah Goldblum; Tom Goldstein http://arxiv.org/abs/2106.09106 Explainable AI for Natural Adversarial Images. (13%) Tomas Folke; ZhaoBin Li; Ravi B. Sojitra; Scott Cheng-Hsin Yang; Patrick Shafto http://arxiv.org/abs/2106.09129 A Winning Hand: Compressing Deep Networks Can Improve Out-Of-Distribution Robustness. (2%) James Diffenderfer; Brian R. Bartoldson; Shreya Chaganti; Jize Zhang; Bhavya Kailkhura http://arxiv.org/abs/2106.09121 Scaling-up Diverse Orthogonal Convolutional Networks with a Paraunitary Framework. (1%) Jiahao Su; Wonmin Byeon; Furong Huang http://arxiv.org/abs/2106.08913 Loki: Hardening Code Obfuscation Against Automated Attacks. (1%) Moritz Schloegel; Tim Blazytko; Moritz Contag; Cornelius Aschermann; Julius Basler; Thorsten Holz; Ali Abbasi http://arxiv.org/abs/2106.08361 Adversarial Attacks on Deep Models for Financial Transaction Records. (99%) Ivan Fursov; Matvey Morozov; Nina Kaploukhaya; Elizaveta Kovtun; Rodrigo Rivera-Castro; Gleb Gusev; Dmitry Babaev; Ivan Kireev; Alexey Zaytsev; Evgeny Burnaev http://arxiv.org/abs/2106.08299 Model Extraction and Adversarial Attacks on Neural Networks using Switching Power Information. (99%) Tommy Li; Cory Merkel http://arxiv.org/abs/2106.08387 Towards Adversarial Robustness via Transductive Learning. (80%) Jiefeng Chen; Yang Guo; Xi Wu; Tianqi Li; Qicheng Lao; Yingyu Liang; Somesh Jha http://arxiv.org/abs/2106.07868 Voting for the right answer: Adversarial defense for speaker verification. (78%) Haibin Wu; Yang Zhang; Zhiyong Wu; Dong Wang; Hung-yi Lee http://arxiv.org/abs/2106.08104 Detect and remove watermark in deep neural networks via generative adversarial networks. (68%) Haoqi Wang; Mingfu Xue; Shichang Sun; Yushu Zhang; Jian Wang; Weiqiang Liu http://arxiv.org/abs/2106.08283 CRFL: Certifiably Robust Federated Learning against Backdoor Attacks. (13%) Chulin Xie; Minghao Chen; Pin-Yu Chen; Bo Li http://arxiv.org/abs/2106.08013 Securing Face Liveness Detection Using Unforgeable Lip Motion Patterns. (12%) Man Senior Member, IEEE Zhou; Qian Senior Member, IEEE Wang; Qi Senior Member, IEEE Li; Peipei Senior Member, IEEE Jiang; Jingxiao Senior Member, IEEE Yang; Chao Senior Member, IEEE Shen; Cong Fellow, IEEE Wang; Shouhong Ding http://arxiv.org/abs/2106.07904 Probabilistic Margins for Instance Reweighting in Adversarial Training. (8%) Qizhou Wang; Feng Liu; Bo Han; Tongliang Liu; Chen Gong; Gang Niu; Mingyuan Zhou; Masashi Sugiyama http://arxiv.org/abs/2106.07895 CAN-LOC: Spoofing Detection and Physical Intrusion Localization on an In-Vehicle CAN Bus Based on Deep Features of Voltage Signals. (1%) Efrat Levy; Asaf Shabtai; Bogdan Groza; Pal-Stefan Murvay; Yuval Elovici http://arxiv.org/abs/2106.07445 PopSkipJump: Decision-Based Attack for Probabilistic Classifiers. (99%) Carl-Johann Simon-Gabriel; Noman Ahmed Sheikh; Andreas Krause http://arxiv.org/abs/2106.08153 Now You See It, Now You Dont: Adversarial Vulnerabilities in Computational Pathology. (99%) Alex Foote; Amina Asif; Ayesha Azam; Tim Marshall-Cox; Nasir Rajpoot; Fayyaz Minhas http://arxiv.org/abs/2106.07428 Audio Attacks and Defenses against AED Systems -- A Practical Study. (99%) Rodrigo dos Santos; Shirin Nilizadeh http://arxiv.org/abs/2106.07214 Backdoor Learning Curves: Explaining Backdoor Poisoning Beyond Influence Functions. (92%) Antonio Emanuele Cinà; Kathrin Grosse; Sebastiano Vascon; Ambra Demontis; Battista Biggio; Fabio Roli; Marcello Pelillo http://arxiv.org/abs/2106.07860 Evading Malware Classifiers via Monte Carlo Mutant Feature Discovery. (81%) John Boutsikas; Maksim E. Eren; Charles Varga; Edward Raff; Cynthia Matuszek; Charles Nicholas http://arxiv.org/abs/2106.07767 On the Relationship between Heterophily and Robustness of Graph Neural Networks. (81%) Jiong Zhu; Junchen Jin; Donald Loveland; Michael T. Schaub; Danai Koutra http://arxiv.org/abs/2106.07411 Partial success in closing the gap between human and machine vision. (15%) Robert Geirhos; Kantharaju Narayanappa; Benjamin Mitzkus; Tizian Thieringer; Matthias Bethge; Felix A. Wichmann; Wieland Brendel http://arxiv.org/abs/2106.07704 Text Generation with Efficient (Soft) Q-Learning. (2%) Han Guo; Bowen Tan; Zhengzhong Liu; Eric P. Xing; Zhiting Hu http://arxiv.org/abs/2106.07541 Resilient Control of Platooning Networked Robitic Systems via Dynamic Watermarking. (1%) Matthew Porter; Arnav Joshi; Sidhartha Dey; Qirui Wu; Pedro Hespanhol; Anil Aswani; Matthew Johnson-Roberson; Ram Vasudevan http://arxiv.org/abs/2106.07165 Self-training Guided Adversarial Domain Adaptation For Thermal Imagery. (1%) Ibrahim Batuhan Akkaya; Fazil Altinel; Ugur Halici http://arxiv.org/abs/2106.07851 Code Integrity Attestation for PLCs using Black Box Neural Network Predictions. (1%) Yuqi Chen; Christopher M. Poskitt; Jun Sun http://arxiv.org/abs/2106.07047 Target Model Agnostic Adversarial Attacks with Query Budgets on Language Understanding Models. (99%) Jatin Chauhan; Karan Bhukar; Manohar Kaul http://arxiv.org/abs/2106.07141 Selection of Source Images Heavily Influences the Effectiveness of Adversarial Attacks. (99%) Utku Ozbulak; Esla Timothy Anzaku; Neve Wesley De; Messem Arnout Van http://arxiv.org/abs/2106.06917 ATRAS: Adversarially Trained Robust Architecture Search. (96%) Yigit Alparslan; Edward Kim http://arxiv.org/abs/2106.07098 Security Analysis of Camera-LiDAR Semantic-Level Fusion Against Black-Box Attacks on Autonomous Vehicles. (64%) R. Spencer Hallyburton; Yupei Liu; Miroslav Pajic http://arxiv.org/abs/2106.07049 Weakly-supervised High-resolution Segmentation of Mammography Images for Breast Cancer Diagnosis. (1%) Kangning Liu; Yiqiu Shen; Nan Wu; Jakub Chłędowski; Carlos Fernandez-Granda; Krzysztof J. Geras http://arxiv.org/abs/2106.07068 HistoTransfer: Understanding Transfer Learning for Histopathology. (1%) Yash Sharma; Lubaina Ehsan; Sana Syed; Donald E. Brown http://arxiv.org/abs/2106.06685 Adversarial Robustness via Fisher-Rao Regularization. (67%) Marine Picot; Francisco Messina; Malik Boudiaf; Fabrice Labeau; Ismail Ben Ayed; Pablo Piantanida http://arxiv.org/abs/2106.06770 What can linearized neural networks actually say about generalization? (31%) Guillermo Ortiz-Jiménez; Seyed-Mohsen Moosavi-Dezfooli; Pascal Frossard http://arxiv.org/abs/2106.06895 FeSHI: Feature Map Based Stealthy Hardware Intrinsic Attack. (2%) Tolulope Odetola; Faiq Khalid; Travis Sandefur; Hawzhin Mohammed; Syed Rafay Hasan http://arxiv.org/abs/2106.06196 CausalAdv: Adversarial Robustness through the Lens of Causality. (99%) Yonggang Zhang; Mingming Gong; Tongliang Liu; Gang Niu; Xinmei Tian; Bo Han; Bernhard Schölkopf; Kun Zhang http://arxiv.org/abs/2106.06235 Knowledge Enhanced Machine Learning Pipeline against Diverse Adversarial Attacks. (99%) Nezihe Merve Gürel; Xiangyu Qi; Luka Rimanic; Ce Zhang; Bo Li http://arxiv.org/abs/2106.06041 Adversarial purification with Score-based generative models. (89%) Jongmin Yoon; Sung Ju Hwang; Juho Lee http://arxiv.org/abs/2106.06624 Relaxing Local Robustness. (80%) Klas Leino; Matt Fredrikson http://arxiv.org/abs/2106.06663 TDGIA:Effective Injection Attacks on Graph Neural Networks. (76%) Xu Zou; Qinkai Zheng; Yuxiao Dong; Xinyu Guan; Evgeny Kharlamov; Jialiang Lu; Jie Tang http://arxiv.org/abs/2106.06361 Turn the Combination Lock: Learnable Textual Backdoor Attacks via Word Substitution. (56%) Fanchao Qi; Yuan Yao; Sophia Xu; Zhiyuan Liu; Maosong Sun http://arxiv.org/abs/2106.06667 CARTL: Cooperative Adversarially-Robust Transfer Learning. (8%) Dian Chen; Hongxin Hu; Qian Wang; Yinli Li; Cong Wang; Chao Shen; Qi Li http://arxiv.org/abs/2106.06603 A Shuffling Framework for Local Differential Privacy. (1%) Casey Meehan; Amrita Roy Chowdhury; Kamalika Chaudhuri; Somesh Jha http://arxiv.org/abs/2106.06027 Sparse and Imperceptible Adversarial Attack via a Homotopy Algorithm. (99%) Mingkang Zhu; Tianlong Chen; Zhangyang Wang http://arxiv.org/abs/2106.05657 Deep neural network loses attention to adversarial images. (99%) Shashank Kotyan; Danilo Vasconcellos Vargas http://arxiv.org/abs/2106.05997 Verifying Quantized Neural Networks using SMT-Based Model Checking. (92%) Luiz Sena; Xidan Song; Erickson Alves; Iury Bessa; Edoardo Manino; Lucas Cordeiro; Eddie de Lima Filho http://arxiv.org/abs/2106.06056 Progressive-Scale Boundary Blackbox Attack via Projective Gradient Estimation. (80%) Jiawei Zhang; Linyi Li; Huichen Li; Xiaolu Zhang; Shuang Yang; Bo Li http://arxiv.org/abs/2106.05996 An Ensemble Approach Towards Adversarial Robustness. (41%) Haifeng Qian http://arxiv.org/abs/2106.05625 Towards an Automated Pipeline for Detecting and Classifying Malware through Machine Learning. (1%) Nicola Loi; Claudio Borile; Daniele Ucci http://arxiv.org/abs/2106.05964 Fair Classification with Adversarial Perturbations. (1%) L. Elisa Celis; Anay Mehrotra; Nisheeth K. Vishnoi http://arxiv.org/abs/2106.05825 HASI: Hardware-Accelerated Stochastic Inference, A Defense Against Adversarial Machine Learning Attacks. (99%) Mohammad Hossein Samavatian; Saikat Majumdar; Kristin Barber; Radu Teodorescu http://arxiv.org/abs/2106.05036 Towards Defending against Adversarial Examples via Attack-Invariant Features. (99%) Dawei Zhou; Tongliang Liu; Bo Han; Nannan Wang; Chunlei Peng; Xinbo Gao http://arxiv.org/abs/2106.04938 Attacking Adversarial Attacks as A Defense. (99%) Boxi Wu; Heng Pan; Li Shen; Jindong Gu; Shuai Zhao; Zhifeng Li; Deng Cai; Xiaofei He; Wei Liu http://arxiv.org/abs/2106.05453 Improving White-box Robustness of Pre-processing Defenses via Joint Adversarial Training. (99%) Dawei Zhou; Nannan Wang; Xinbo Gao; Bo Han; Jun Yu; Xiaoyu Wang; Tongliang Liu http://arxiv.org/abs/2106.05261 We Can Always Catch You: Detecting Adversarial Patched Objects WITH or WITHOUT Signature. (98%) Bin Liang; Jiachun Li; Jianjun Huang http://arxiv.org/abs/2106.05087 Who Is the Strongest Enemy? Towards Optimal and Efficient Evasion Attacks in Deep RL. (97%) Yanchao Sun; Ruijie Zheng; Yongyuan Liang; Furong Huang http://arxiv.org/abs/2106.05256 URLTran: Improving Phishing URL Detection Using Transformers. (10%) Pranav Maneriker; Jack W. Stokes; Edir Garcia Lazo; Diana Carutasu; Farid Tajaddodianfar; Arun Gururajan http://arxiv.org/abs/2106.05325 ZoPE: A Fast Optimizer for ReLU Networks with Low-Dimensional Inputs. (5%) Christopher A. Strong; Sydney M. Katz; Anthony L. Corso; Mykel J. Kochenderfer http://arxiv.org/abs/2106.04823 Practical Machine Learning Safety: A Survey and Primer. (4%) Sina Mohseni; Haotao Wang; Zhiding Yu; Chaowei Xiao; Zhangyang Wang; Jay Yadawa http://arxiv.org/abs/2106.05009 Network insensitivity to parameter noise via adversarial regularization. (2%) Julian Büchel; Fynn Faber; Dylan R. Muir http://arxiv.org/abs/2106.04169 On Improving Adversarial Transferability of Vision Transformers. (99%) Muzammal Naseer; Kanchana Ranasinghe; Salman Khan; Fahad Shahbaz Khan; Fatih Porikli http://arxiv.org/abs/2106.04569 Simulated Adversarial Testing of Face Recognition Models. (99%) Nataniel Ruiz; Adam Kortylewski; Weichao Qiu; Cihang Xie; Sarah Adel Bargal; Alan Yuille; Stan Sclaroff http://arxiv.org/abs/2106.04794 Towards the Memorization Effect of Neural Networks in Adversarial Training. (93%) Han Xu; Xiaorui Liu; Wentao Wang; Wenbiao Ding; Zhongqin Wu; Zitao Liu; Anil Jain; Jiliang Tang http://arxiv.org/abs/2106.04690 Handcrafted Backdoors in Deep Neural Networks. (92%) Sanghyun Hong; Nicholas Carlini; Alexey Kurakin http://arxiv.org/abs/2106.04435 Enhancing Robustness of Neural Networks through Fourier Stabilization. (73%) Netanel Raviv; Aidan Kelley; Michael Guo; Yevgeny Vorobeychik http://arxiv.org/abs/2106.04260 Provably Robust Detection of Out-of-distribution Data (almost) for free. (26%) Alexander Meinke; Julian Bitterwolf; Matthias Hein http://arxiv.org/abs/2106.03614 Adversarial Attack and Defense in Deep Ranking. (99%) Mo Zhou; Le Wang; Zhenxing Niu; Qilin Zhang; Nanning Zheng; Gang Hua http://arxiv.org/abs/2106.03734 Reveal of Vision Transformers Robustness against Adversarial Attacks. (99%) Ahmed Aldahdooh; Wassim Hamidouche; Olivier Deforges http://arxiv.org/abs/2106.03518 Position Bias Mitigation: A Knowledge-Aware Graph Model for Emotion Cause Extraction. (89%) Hanqi Yan; Lin Gui; Gabriele Pergola; Yulan He http://arxiv.org/abs/2106.03805 3DB: A Framework for Debugging Computer Vision Models. (45%) Guillaume Leclerc; Hadi Salman; Andrew Ilyas; Sai Vemprala; Logan Engstrom; Vibhav Vineet; Kai Xiao; Pengchuan Zhang; Shibani Santurkar; Greg Yang; Ashish Kapoor; Aleksander Madry http://arxiv.org/abs/2106.03613 RoSearch: Search for Robust Student Architectures When Distilling Pre-trained Language Models. (11%) Xin Guo; Jianlei Yang; Haoyi Zhou; Xucheng Ye; Jianxin Li http://arxiv.org/abs/2106.04066 Semantically Adversarial Scenario Generation with Explicit Knowledge Guidance. (1%) Wenhao Ding; Haohong Lin; Bo Li; Ding Zhao http://arxiv.org/abs/2106.03099 A Primer on Multi-Neuron Relaxation-based Adversarial Robustness Certification. (98%) Kevin Roth http://arxiv.org/abs/2106.03310 Zero-Shot Knowledge Distillation from a Decision-Based Black-Box Model. (4%) Zi Wang http://arxiv.org/abs/2106.02867 Ensemble Defense with Data Diversity: Weak Correlation Implies Strong Robustness. (92%) Renjue Li; Hanwei Zhang; Pengfei Yang; Cheng-Chao Huang; Aimin Zhou; Bai Xue; Lijun Zhang http://arxiv.org/abs/2106.02978 Robust Stochastic Linear Contextual Bandits Under Adversarial Attacks. (69%) Qin Ding; Cho-Jui Hsieh; James Sharpnack http://arxiv.org/abs/2106.02874 RDA: Robust Domain Adaptation via Fourier Adversarial Attacking. (2%) Jiaxing Huang; Dayan Guan; Aoran Xiao; Shijian Lu http://arxiv.org/abs/2106.02734 Revisiting Hilbert-Schmidt Information Bottleneck for Adversarial Robustness. (99%) Zifeng Wang; Tong Jian; Aria Masoomi; Stratis Ioannidis; Jennifer Dy http://arxiv.org/abs/2106.02732 BO-DBA: Query-Efficient Decision-Based Adversarial Attacks via Bayesian Optimization. (99%) Zhuosheng Zhang; Shucheng Yu http://arxiv.org/abs/2106.02280 Human-Adversarial Visual Question Answering. (31%) Sasha Sheng; Amanpreet Singh; Vedanuj Goswami; Jose Alberto Lopez Magana; Wojciech Galuba; Devi Parikh; Douwe Kiela http://arxiv.org/abs/2106.02749 Predify: Augmenting deep neural networks with brain-inspired predictive coding dynamics. (15%) Bhavin Choksi; Milad Mozafari; Callum Biggs O'May; Benjamin Ador; Andrea Alamia; Rufin VanRullen http://arxiv.org/abs/2106.02395 DOCTOR: A Simple Method for Detecting Misclassification Errors. (1%) Federica Granese; Marco Romanelli; Daniele Gorla; Catuscia Palamidessi; Pablo Piantanida http://arxiv.org/abs/2106.02443 Teaching keyword spotters to spot new keywords with limited examples. (1%) Abhijeet Awasthi; Kevin Kilgour; Hassan Rom http://arxiv.org/abs/2106.01617 Improving the Transferability of Adversarial Examples with New Iteration Framework and Input Dropout. (99%) Pengfei Xie; Linyuan Wang; Ruoxi Qin; Kai Qiao; Shuhao Shi; Guoen Hu; Bin Yan http://arxiv.org/abs/2106.01615 Imperceptible Adversarial Examples for Fake Image Detection. (99%) Quanyu Liao; Yuezun Li; Xin Wang; Bin Kong; Bin Zhu; Siwei Lyu; Youbing Yin; Qi Song; Xi Wu http://arxiv.org/abs/2106.02105 A Little Robustness Goes a Long Way: Leveraging Universal Features for Targeted Transfer Attacks. (99%) Jacob M. Springer; Melanie Mitchell; Garrett T. Kenyon http://arxiv.org/abs/2106.01618 Transferable Adversarial Examples for Anchor Free Object Detection. (99%) Quanyu Liao; Xin Wang; Bin Kong; Siwei Lyu; Bin Zhu; Youbing Yin; Qi Song; Xi Wu http://arxiv.org/abs/2106.01606 Exploring Memorization in Adversarial Training. (98%) Yinpeng Dong; Ke Xu; Xiao Yang; Tianyu Pang; Zhijie Deng; Hang Su; Jun Zhu http://arxiv.org/abs/2106.02078 Improving Neural Network Robustness via Persistency of Excitation. (68%) Kaustubh Sridhar; Oleg Sokolsky; Insup Lee; James Weimer http://arxiv.org/abs/2106.01810 Defending against Backdoor Attacks in Natural Language Generation. (38%) Chun Fan; Xiaoya Li; Yuxian Meng; Xiaofei Sun; Xiang Ao; Fei Wu; Jiwei Li; Tianwei Zhang http://arxiv.org/abs/2106.02240 Sneak Attack against Mobile Robotic Networks under Formation Control. (1%) Yushan Li; Jianping He; Xuda Ding; Lin Cai; Xinping Guan http://arxiv.org/abs/2106.01538 PDPGD: Primal-Dual Proximal Gradient Descent Adversarial Attack. (99%) Alexander Matyasko; Lap-Pui Chau http://arxiv.org/abs/2106.01065 Towards Robustness of Text-to-SQL Models against Synonym Substitution. (75%) Yujian Gan; Xinyun Chen; Qiuping Huang; Matthew Purver; John R. Woodward; Jinxia Xie; Pengsheng Huang http://arxiv.org/abs/2106.01452 BERT-Defense: A Probabilistic Model Based on BERT to Combat Cognitively Inspired Orthographic Adversarial Attacks. (62%) Yannik Keller; Jan Mackensen; Steffen Eger http://arxiv.org/abs/2106.00273 Adversarial Defense for Automatic Speaker Verification by Self-Supervised Learning. (99%) Haibin Wu; Xu Li; Andy T. Liu; Zhiyong Wu; Helen Meng; Hung-yi Lee http://arxiv.org/abs/2106.00769 Improving Compositionality of Neural Networks by Decoding Representations to Inputs. (68%) Mike Wu; Noah Goodman; Stefano Ermon http://arxiv.org/abs/2106.00660 Markpainting: Adversarial Machine Learning meets Inpainting. (12%) David Khachaturov; Ilia Shumailov; Yiren Zhao; Nicolas Papernot; Ross Anderson http://arxiv.org/abs/2106.00872 On the Efficacy of Adversarial Data Collection for Question Answering: Results from a Large-Scale Randomized Study. (9%) Divyansh Kaushik; Douwe Kiela; Zachary C. Lipton; Wen-tau Yih http://arxiv.org/abs/2106.00245 Adversarial VQA: A New Benchmark for Evaluating the Robustness of VQA Models. (5%) Linjie Li; Jie Lei; Zhe Gan; Jingjing Liu http://arxiv.org/abs/2106.01440 Memory Wrap: a Data-Efficient and Interpretable Extension to Image Classification Models. (1%) Rosa Biagio La; Roberto Capobianco; Daniele Nardi http://arxiv.org/abs/2106.00221 Concurrent Adversarial Learning for Large-Batch Training. (1%) Yong Liu; Xiangning Chen; Minhao Cheng; Cho-Jui Hsieh; Yang You http://arxiv.org/abs/2105.15157 Adaptive Feature Alignment for Adversarial Training. (99%) Tao Wang; Ruixin Zhang; Xingyu Chen; Kai Zhao; Xiaolin Huang; Yuge Huang; Shaoxin Li; Jilin Li; Feiyue Huang http://arxiv.org/abs/2105.15010 QueryNet: An Efficient Attack Framework with Surrogates Carrying Multiple Identities. (99%) Sizhe Chen; Zhehao Huang; Qinghua Tao; Xiaolin Huang http://arxiv.org/abs/2105.14727 Transferable Sparse Adversarial Attack. (99%) Ziwen He; Wei Wang; Jing Dong; Tieniu Tan http://arxiv.org/abs/2105.14785 Adversarial Training with Rectified Rejection. (99%) Tianyu Pang; Huishuai Zhang; Di He; Yinpeng Dong; Hang Su; Wei Chen; Jun Zhu; Tie-Yan Liu http://arxiv.org/abs/2105.14710 Robustifying $\ell_\infty$ Adversarial Training to the Union of Perturbation Models. (82%) Ameya D. Patil; Michael Tuttle; Alexander G. Schwing; Naresh R. Shanbhag http://arxiv.org/abs/2105.15057 Dominant Patterns: Critical Features Hidden in Deep Neural Networks. (80%) Zhixing Ye; Shaofei Qin; Sizhe Chen; Xiaolin Huang http://arxiv.org/abs/2105.14813 Exploration and Exploitation: Two Ways to Improve Chinese Spelling Correction Models. (75%) Chong Li; Cenyuan Zhang; Xiaoqing Zheng; Xuanjing Huang http://arxiv.org/abs/2105.14803 Gradient-based Data Subversion Attack Against Binary Classifiers. (73%) Rosni K Vasu; Sanjay Seetharaman; Shubham Malaviya; Manish Shukla; Sachin Lodha http://arxiv.org/abs/2105.15164 DISSECT: Disentangled Simultaneous Explanations via Concept Traversals. (1%) Asma Ghandeharioun; Been Kim; Chun-Liang Li; Brendan Jou; Brian Eoff; Rosalind W. Picard http://arxiv.org/abs/2105.14944 The effectiveness of feature attribution methods and its correlation with automatic evaluation scores. (1%) Giang Nguyen; Daeyoung Kim; Anh Nguyen http://arxiv.org/abs/2105.14644 Generating Adversarial Examples with Graph Neural Networks. (99%) Florian Jaeckle; M. Pawan Kumar http://arxiv.org/abs/2105.14553 Defending Pre-trained Language Models from Adversarial Word Substitutions Without Performance Sacrifice. (98%) Rongzhou Bao; Jiayi Wang; Hai Zhao http://arxiv.org/abs/2105.14676 NoiLIn: Do Noisy Labels Always Hurt Adversarial Training? (62%) Jingfeng Zhang; Xilie Xu; Bo Han; Tongliang Liu; Gang Niu; Lizhen Cui; Masashi Sugiyama http://arxiv.org/abs/2105.14564 Evaluating Resilience of Encrypted Traffic Classification Against Adversarial Evasion Attacks. (62%) Ramy Maarouf; Danish Sattar; Ashraf Matrawy http://arxiv.org/abs/2105.14638 DAAIN: Detection of Anomalous and Adversarial Input using Normalizing Flows. (12%) Baußnern Samuel von; Johannes Otterbach; Adrian Loy; Mathieu Salzmann; Thomas Wollmann http://arxiv.org/abs/2107.09507 EEG-based Cross-Subject Driver Drowsiness Recognition with an Interpretable Convolutional Neural Network. (1%) Jian Cui; Zirui Lan; Olga Sourina; Wolfgang Müller-Wittig http://arxiv.org/abs/2105.14259 Detecting Backdoor in Deep Neural Networks via Intentional Adversarial Perturbations. (99%) Mingfu Xue; Yinghao Wu; Zhiyu Wu; Jian Wang; Yushu Zhang; Weiqiang Liu http://arxiv.org/abs/2105.14240 Analysis and Applications of Class-wise Robustness in Adversarial Training. (99%) Qi Tian; Kun Kuang; Kelu Jiang; Fei Wu; Yisen Wang http://arxiv.org/abs/2105.14298 A Measurement Study on the (In)security of End-of-Life (EoL) Embedded Devices. (2%) Dingding Wang; Muhui Jiang; Rui Chang; Yajin Zhou; Baolei Hou; Xiapu Luo; Lei Wu; Kui Ren http://arxiv.org/abs/2105.13902 Demotivate adversarial defense in remote sensing. (99%) Adrien Chan-Hon-Tong; Gaston Lenczner; Aurelien Plyer http://arxiv.org/abs/2105.13697 AdvParams: An Active DNN Intellectual Property Protection Technique via Adversarial Perturbation Based Parameter Encryption. (92%) Mingfu Xue; Zhiyu Wu; Jian Wang; Yushu Zhang; Weiqiang Liu http://arxiv.org/abs/2105.13745 Robust Regularization with Adversarial Labelling of Perturbed Samples. (83%) Xiaohui Guo; Richong Zhang; Yaowei Zheng; Yongyi Mao http://arxiv.org/abs/2105.13746 SafeAMC: Adversarial training for robust modulation recognition models. (83%) Javier Maroto; Gérôme Bovet; Pascal Frossard http://arxiv.org/abs/2105.14119 Towards optimally abstaining from prediction. (81%) Adam Tauman Kalai; Varun Kanade http://arxiv.org/abs/2105.14083 Rethinking Noisy Label Models: Labeler-Dependent Noise with Adversarial Awareness. (76%) Glenn Dawson; Robi Polikar http://arxiv.org/abs/2105.14116 Visualizing Representations of Adversarially Perturbed Inputs. (68%) Daniel Steinberg; Paul Munro http://arxiv.org/abs/2105.13771 Chromatic and spatial analysis of one-pixel attacks against an image classifier. (15%) Janne Alatalo; Joni Korpihalkola; Tuomo Sipola; Tero Kokkonen http://arxiv.org/abs/2105.14173 FoveaTer: Foveated Transformer for Image Classification. (10%) Aditya Jonnalagadda; William Yang Wang; B. S. Manjunath; Miguel P. Eckstein http://arxiv.org/abs/2105.14035 DeepMoM: Robust Deep Learning With Median-of-Means. (1%) Shih-Ting Huang; Johannes Lederer http://arxiv.org/abs/2105.13530 A BIC-based Mixture Model Defense against Data Poisoning Attacks on Classifiers. (84%) Xi Li; David J. Miller; Zhen Xiang; George Kesidis http://arxiv.org/abs/2105.12427 Deep Repulsive Prototypes for Adversarial Robustness. (99%) Alex Serban; Erik Poll; Joost Visser http://arxiv.org/abs/2105.12419 Adversarial Attack Framework on Graph Embedding Models with Limited Knowledge. (98%) Heng Chang; Yu Rong; Tingyang Xu; Wenbing Huang; Honglei Zhang; Peng Cui; Xin Wang; Wenwu Zhu; Junzhou Huang http://arxiv.org/abs/2105.12508 Adversarial robustness against multiple $l_p$-threat models at the price of one and how to quickly fine-tune robust models to another threat model. (93%) Francesco Croce; Matthias Hein http://arxiv.org/abs/2105.12697 Can Linear Programs Have Adversarial Examples? A Causal Perspective. (83%) Matej Zečević; Devendra Singh Dhami; Kristian Kersting http://arxiv.org/abs/2105.12400 Hidden Killer: Invisible Textual Backdoor Attacks with Syntactic Trigger. (61%) Fanchao Qi; Mukai Li; Yangyi Chen; Zhengyan Zhang; Zhiyuan Liu; Yasheng Wang; Maosong Sun http://arxiv.org/abs/2105.12837 Fooling Partial Dependence via Data Poisoning. (13%) Hubert Baniecki; Wojciech Kretowicz; Przemyslaw Biecek http://arxiv.org/abs/2105.12237 Practical Convex Formulation of Robust One-hidden-layer Neural Network Training. (98%) Yatong Bai; Tanmay Gautam; Yu Gai; Somayeh Sojoudi http://arxiv.org/abs/2105.12106 Adversarial Attack Driven Data Augmentation for Accurate And Robust Medical Image Segmentation. (98%) Mst. Tasnim Pervin; Linmi Tao; Aminul Huq; Zuoxiang He; Li Huo http://arxiv.org/abs/2105.12049 Honest-but-Curious Nets: Sensitive Attributes of Private Inputs Can Be Secretly Coded into the Classifiers' Outputs. (67%) Mohammad Malekzadeh; Anastasia Borovykh; Deniz Gündüz http://arxiv.org/abs/2105.12189 Robust Value Iteration for Continuous Control Tasks. (9%) Michael Lutter; Shie Mannor; Jan Peters; Dieter Fox; Animesh Garg http://arxiv.org/abs/2105.11593 OFEI: A Semi-black-box Android Adversarial Sample Attack Framework Against DLaaS. (99%) Guangquan Xu; GuoHua Xin; Litao Jiao; Jian Liu; Shaoying Liu; Meiqi Feng; Xi Zheng http://arxiv.org/abs/2105.11363 Learning Security Classifiers with Verified Global Robustness Properties. (92%) Yizheng Chen; Shiqi Wang; Yue Qin; Xiaojing Liao; Suman Jana; David Wagner http://arxiv.org/abs/2105.11645 Feature Space Targeted Attacks by Statistic Alignment. (82%) Lianli Gao; Yaya Cheng; Qilong Zhang; Xing Xu; Jingkuan Song http://arxiv.org/abs/2105.11144 Improved OOD Generalization via Adversarial Training and Pre-training. (12%) Mingyang Yi; Lu Hou; Jiacheng Sun; Lifeng Shang; Xin Jiang; Qun Liu; Zhi-Ming Ma http://arxiv.org/abs/2105.11160 Out-of-Distribution Detection in Dermatology using Input Perturbation and Subset Scanning. (5%) Hannah Kim; Girmaw Abebe Tadesse; Celia Cintas; Skyler Speakman; Kush Varshney http://arxiv.org/abs/2105.11166 AirNet: Neural Network Transmission over the Air. (1%) Mikolaj Jankowski; Deniz Gunduz; Krystian Mikolajczyk http://arxiv.org/abs/2105.11172 Every Byte Matters: Traffic Analysis of Bluetooth Wearable Devices. (1%) Ludovic Barman; Alexandre Dumur; Apostolos Pyrgelis; Jean-Pierre Hubaux http://arxiv.org/abs/2105.11136 Using Adversarial Attacks to Reveal the Statistical Bias in Machine Reading Comprehension Models. (1%) Jieyu Lin; Jiajie Zou; Nai Ding http://arxiv.org/abs/2105.11103 Dissecting Click Fraud Autonomy in the Wild. (1%) Tong Zhu; Yan Meng; Haotian Hu; Xiaokuan Zhang; Minhui Xue; Haojin Zhu http://arxiv.org/abs/2105.10909 Killing Two Birds with One Stone: Stealing Model and Inferring Attribute from BERT-based APIs. (99%) Lingjuan Lyu; Xuanli He; Fangzhao Wu; Lichao Sun http://arxiv.org/abs/2105.10872 CMUA-Watermark: A Cross-Model Universal Adversarial Watermark for Combating Deepfakes. (92%) Hao Huang; Yongtao Wang; Zhaoyu Chen; Yuheng Li; Zhi Tang; Wei Chu; Jingdong Chen; Weisi Lin; Kai-Kuang Ma http://arxiv.org/abs/2105.10948 Regularization Can Help Mitigate Poisoning Attacks... with the Right Hyperparameters. (12%) Javier Carnerero-Cano; Luis Muñoz-González; Phillippa Spencer; Emil C. Lupu http://arxiv.org/abs/2105.10707 Adversarial Attacks and Mitigation for Anomaly Detectors of Cyber-Physical Systems. (99%) Yifan Jia; Jingyi Wang; Christopher M. Poskitt; Sudipta Chattopadhyay; Jun Sun; Yuqi Chen http://arxiv.org/abs/2105.10843 Exploring Robustness of Unsupervised Domain Adaptation in Semantic Segmentation. (98%) Jinyu Yang; Chunyuan Li; Weizhi An; Hehuan Ma; Yuzhi Guo; Yu Rong; Peilin Zhao; Junzhou Huang http://arxiv.org/abs/2105.10663 Securing Optical Networks using Quantum-secured Blockchain: An Overview. (1%) Purva Sharma; Vimal Bhatia; Shashi Prakash http://arxiv.org/abs/2105.10393 ReLUSyn: Synthesizing Stealthy Attacks for Deep Neural Network Based Cyber-Physical Systems. (81%) Aarti Kashyap; Syed Mubashir Iqbal; Karthik Pattabiraman; Margo Seltzer http://arxiv.org/abs/2105.10304 Exploring Misclassifications of Robust Neural Networks to Enhance Adversarial Attacks. (76%) Leo Schwinn; René Raab; An Nguyen; Dario Zanca; Bjoern Eskofier http://arxiv.org/abs/2105.10123 Backdoor Attacks on Self-Supervised Learning. (68%) Aniruddha Saha; Ajinkya Tejankar; Soroush Abbasi Koohpayegani; Hamed Pirsiavash http://arxiv.org/abs/2105.10497 Intriguing Properties of Vision Transformers. (8%) Muzammal Naseer; Kanchana Ranasinghe; Salman Khan; Munawar Hayat; Fahad Shahbaz Khan; Ming-Hsuan Yang http://arxiv.org/abs/2105.13843 Explainable Enterprise Credit Rating via Deep Feature Crossing Network. (1%) Weiyu Guo; Zhijiang Yang; Shu Wu; Fu Chen http://arxiv.org/abs/2105.09685 Simple Transparent Adversarial Examples. (99%) Jaydeep Borkar; Pin-Yu Chen http://arxiv.org/abs/2105.10101 Anomaly Detection of Adversarial Examples using Class-conditional Generative Adversarial Networks. (99%) Hang Wang; David J. Miller; George Kesidis http://arxiv.org/abs/2105.10051 Preventing Machine Learning Poisoning Attacks Using Authentication and Provenance. (11%) Jack W. Stokes; Paul England; Kevin Kane http://arxiv.org/abs/2105.10113 TestRank: Bringing Order into Unlabeled Test Instances for Deep Learning Tasks. (1%) Yu Li; Min Li; Qiuxia Lai; Yannan Liu; Qiang Xu http://arxiv.org/abs/2105.09022 Attack on practical speaker verification system using universal adversarial perturbations. (99%) Weiyi Zhang; Shuning Zhao; Le Liu; Jianmin Li; Xingliang Cheng; Thomas Fang Zheng; Xiaolin Hu http://arxiv.org/abs/2105.09090 Local Aggressive Adversarial Attacks on 3D Point Cloud. (99%) Yiming Sun; Feng Chen; Zhiyu Chen; Mingjie Wang http://arxiv.org/abs/2105.09109 An Orthogonal Classifier for Improving the Adversarial Robustness of Neural Networks. (76%) Cong Xu; Xiang Li; Min Yang http://arxiv.org/abs/2105.09394 Balancing Robustness and Sensitivity using Feature Contrastive Learning. (15%) Seungyeon Kim; Daniel Glasner; Srikumar Ramalingam; Cho-Jui Hsieh; Kishore Papineni; Sanjiv Kumar http://arxiv.org/abs/2105.09453 DeepStrike: Remotely-Guided Fault Injection Attacks on DNN Accelerator in Cloud-FPGA. (1%) Yukui Luo; Cheng Gongye; Yunsi Fei; Xiaolin Xu http://arxiv.org/abs/2105.09369 User Label Leakage from Gradients in Federated Learning. (1%) Aidmar Wainakh; Fabrizio Ventola; Till Müßig; Jens Keim; Carlos Garcia Cordero; Ephraim Zimmer; Tim Grube; Kristian Kersting; Max Mühlhäuser http://arxiv.org/abs/2105.09157 Hunter in the Dark: Deep Ensemble Networks for Discovering Anomalous Activity from Smart Networks. (1%) Shiyi Yang; Nour Moustafa; Hui Guo http://arxiv.org/abs/2105.08269 Sparta: Spatially Attentive and Adversarially Robust Activation. (99%) Qing Guo; Felix Juefei-Xu; Changqing Zhou; Wei Feng; Yang Liu; Song Wang http://arxiv.org/abs/2105.08620 Detecting Adversarial Examples with Bayesian Neural Network. (99%) Yao Li; Tongyi Tang; Cho-Jui Hsieh; Thomas C. M. Lee http://arxiv.org/abs/2105.08714 Fighting Gradients with Gradients: Dynamic Defenses against Adversarial Attacks. (98%) Dequan Wang; An Ju; Evan Shelhamer; David Wagner; Trevor Darrell http://arxiv.org/abs/2105.08619 On the Robustness of Domain Constraints. (98%) Ryan Sheatsley; Blaine Hoak; Eric Pauley; Yohan Beugin; Michael J. Weisman; Patrick McDaniel http://arxiv.org/abs/2105.08709 Learning and Certification under Instance-targeted Poisoning. (82%) Ji Gao; Amin Karbasi; Mohammad Mahmoody http://arxiv.org/abs/2105.07926 Towards Robust Vision Transformer. (95%) Xiaofeng Mao; Gege Qi; Yuefeng Chen; Xiaodan Li; Ranjie Duan; Shaokai Ye; Yuan He; Hui Xue http://arxiv.org/abs/2105.07985 Gradient Masking and the Underestimated Robustness Threats of Differential Privacy in Deep Learning. (93%) Franziska Boenisch; Philip Sperl; Konstantin Böttinger http://arxiv.org/abs/2105.08037 An SDE Framework for Adversarial Training, with Convergence and Robustness Analysis. (69%) Haotian Gu; Xin Guo http://arxiv.org/abs/2105.07754 A Fusion-Denoising Attack on InstaHide with Data Augmentation. (1%) Xinjian Luo; Xiaokui Xiao; Yuncheng Wu; Juncheng Liu; Beng Chin Ooi http://arxiv.org/abs/2105.07581 Vision Transformers are Robust Learners. (99%) Sayak Paul; Pin-Yu Chen http://arxiv.org/abs/2105.07553 Prototype-supervised Adversarial Network for Targeted Attack of Deep Hashing. (99%) Xunguang Wang; Zheng Zhang; Baoyuan Wu; Fumin Shen; Guangming Lu http://arxiv.org/abs/2105.07574 SoundFence: Securing Ultrasonic Sensors in Vehicles Using Physical-Layer Defense. (2%) Jianzhi Lou; Qiben Yan; Qing Hui; Huacheng Zeng http://arxiv.org/abs/2105.07334 Real-time Detection of Practical Universal Adversarial Perturbations. (99%) Kenneth T. Co; Luis Muñoz-González; Leslie Kanthan; Emil C. Lupu http://arxiv.org/abs/2105.06807 Salient Feature Extractor for Adversarial Defense on Deep Neural Networks. (99%) Jinyin Chen; Ruoxi Chen; Haibin Zheng; Zhaoyan Ming; Wenrong Jiang; Chen Cui http://arxiv.org/abs/2105.07078 High-Robustness, Low-Transferability Fingerprinting of Neural Networks. (9%) Siyue Wang; Xiao Wang; Pin-Yu Chen; Pu Zhao; Xue Lin http://arxiv.org/abs/2105.06956 Information-theoretic Evolution of Model Agnostic Global Explanations. (1%) Sukriti Verma; Nikaash Puri; Piyush Gupta; Balaji Krishnamurthy http://arxiv.org/abs/2105.07080 Iterative Algorithms for Assessing Network Resilience Against Structured Perturbations. (1%) Shenyu Liu; Sonia Martinez; Jorge Cortes http://arxiv.org/abs/2105.06512 Stochastic-Shield: A Probabilistic Approach Towards Training-Free Adversarial Defense in Quantized CNNs. (98%) Lorena Qendro; Sangwon Ha; Jong René de; Partha Maji http://arxiv.org/abs/2105.06152 When Human Pose Estimation Meets Robustness: Adversarial Algorithms and Benchmarks. (5%) Jiahang Wang; Sheng Jin; Wentao Liu; Weizhong Liu; Chen Qian; Ping Luo http://arxiv.org/abs/2105.06209 DeepObliviate: A Powerful Charm for Erasing Data Residual Memory in Deep Neural Networks. (1%) Yingzhe He; Guozhu Meng; Kai Chen; Jinwen He; Xingbo Hu http://arxiv.org/abs/2105.06625 Biometrics: Trust, but Verify. (1%) Anil K. Jain; Debayan Deb; Joshua J. Engelsma http://arxiv.org/abs/2105.05558 AVA: Adversarial Vignetting Attack against Visual Recognition. (99%) Binyu Tian; Felix Juefei-Xu; Qing Guo; Xiaofei Xie; Xiaohong Li; Yang Liu http://arxiv.org/abs/2105.05601 OutFlip: Generating Out-of-Domain Samples for Unknown Intent Detection with Natural Language Attack. (70%) DongHyun Choi; Myeong Cheol Shin; EungGyun Kim; Dong Ryeol Shin http://arxiv.org/abs/2105.05817 Adversarial Reinforcement Learning in Dynamic Channel Access and Power Control. (2%) Feng Wang; M. Cenk Gursoy; Senem Velipasalar http://arxiv.org/abs/2105.05610 A Statistical Threshold for Adversarial Classification in Laplace Mechanisms. (1%) Ayşe Ünsal; Melek Önen http://arxiv.org/abs/2105.04839 Poisoning MorphNet for Clean-Label Backdoor Attack to Point Clouds. (99%) Guiyu Tian; Wenhao Jiang; Wei Liu; Yadong Mu http://arxiv.org/abs/2105.04834 Improving Adversarial Transferability with Gradient Refining. (99%) Guoqiu Wang; Huanqian Yan; Ying Guo; Xingxing Wei http://arxiv.org/abs/2105.05381 Accuracy-Privacy Trade-off in Deep Ensemble: A Membership Inference Perspective. (16%) Shahbaz Rezaei; Zubair Shafiq; Xin Liu http://arxiv.org/abs/2105.05029 Adversarial examples attack based on random warm restart mechanism and improved Nesterov momentum. (99%) Tiangang Li http://arxiv.org/abs/2105.04128 Examining and Mitigating Kernel Saturation in Convolutional Neural Networks using Negative Images. (1%) Nidhi Gowdra; Roopak Sinha; Stephen MacDonell http://arxiv.org/abs/2105.03931 Automated Decision-based Adversarial Attacks. (99%) Qi-An Fu; Yinpeng Dong; Hang Su; Jun Zhu http://arxiv.org/abs/2105.04003 Efficiency-driven Hardware Optimization for Adversarially Robust Neural Networks. (88%) Abhiroop Bhattacharjee; Abhishek Moitra; Priyadarshini Panda http://arxiv.org/abs/2105.03905 Security Concerns on Machine Learning Solutions for 6G Networks in mmWave Beam Prediction. (81%) Ferhat Ozgur Catak; Evren Catak; Murat Kuzlu; Umit Cali http://arxiv.org/abs/2105.04070 Robust Training Using Natural Transformation. (13%) Shuo Wang; Lingjuan Lyu; Surya Nepal; Carsten Rudolph; Marthie Grobler; Kristen Moore http://arxiv.org/abs/2105.03834 Learning Image Attacks toward Vision Guided Autonomous Vehicles. (4%) Hyung-Jin Yoon; Hamidreza Jafarnejadsani; Petros Voulgaris http://arxiv.org/abs/2105.03917 Combining Time-Dependent Force Perturbations in Robot-Assisted Surgery Training. (1%) Yarden Sharon; Daniel Naftalovich; Lidor Bahar; Yael Refaely; Ilana Nisky http://arxiv.org/abs/2105.03689 Self-Supervised Adversarial Example Detection by Disentangled Representation. (99%) Zhaoxi Zhang; Leo Yu Zhang; Xufei Zheng; Shengshan Hu; Jinyu Tian; Jiantao Zhou http://arxiv.org/abs/2105.03592 De-Pois: An Attack-Agnostic Defense against Data Poisoning Attacks. (96%) Jian Chen; Xuxin Zhang; Rui Zhang; Chen Wang; Ling Liu http://arxiv.org/abs/2105.03743 Certified Robustness to Text Adversarial Attacks by Randomized [MASK]. (93%) Jiehang Zeng; Xiaoqing Zheng; Jianhan Xu; Linyang Li; Liping Yuan; Xuanjing Huang http://arxiv.org/abs/2105.03692 Provable Guarantees against Data Poisoning Using Self-Expansion and Compatibility. (81%) Charles Jin; Melinda Sun; Martin Rinard http://arxiv.org/abs/2105.03726 Mental Models of Adversarial Machine Learning. (16%) Lukas Bieringer; Kathrin Grosse; Michael Backes; Battista Biggio; Katharina Krombholz http://arxiv.org/abs/2105.03162 Adv-Makeup: A New Imperceptible and Transferable Attack on Face Recognition. (99%) Bangjie Yin; Wenxuan Wang; Taiping Yao; Junfeng Guo; Zelun Kong; Shouhong Ding; Jilin Li; Cong Liu http://arxiv.org/abs/2105.03491 Uniform Convergence, Adversarial Spheres and a Simple Remedy. (15%) Gregor Bachmann; Seyed-Mohsen Moosavi-Dezfooli; Thomas Hofmann http://arxiv.org/abs/2105.02803 Dynamic Defense Approach for Adversarial Robustness in Deep Neural Networks via Stochastic Ensemble Smoothed Model. (99%) Ruoxi Qin; Linyuan Wang; Xingyuan Chen; Xuehui Du; Bin Yan http://arxiv.org/abs/2105.02480 A Simple and Strong Baseline for Universal Targeted Attacks on Siamese Visual Tracking. (99%) Zhenbang Li; Yaya Shi; Jin Gao; Shaoru Wang; Bing Li; Pengpeng Liang; Weiming Hu http://arxiv.org/abs/2105.02942 Understanding Catastrophic Overfitting in Adversarial Training. (92%) Peilin Kang; Seyed-Mohsen Moosavi-Dezfooli http://arxiv.org/abs/2105.02435 Attestation Waves: Platform Trust via Remote Power Analysis. (1%) Ignacio M. Delgado-Lozano; Macarena C. Martínez-Rodríguez; Alexandros Bakas; Billy Bob Brumley; Antonis Michalas http://arxiv.org/abs/2105.01959 Attack-agnostic Adversarial Detection on Medical Data Using Explainable Machine Learning. (99%) Matthew Durham University, Durham, UK Watson; Noura Al Durham University, Durham, UK Moubayed http://arxiv.org/abs/2105.03251 Exploiting Vulnerabilities in Deep Neural Networks: Adversarial and Fault-Injection Attacks. (97%) Faiq Khalid; Muhammad Abdullah Hanif; Muhammad Shafique http://arxiv.org/abs/2105.02001 Contrastive Learning and Self-Training for Unsupervised Domain Adaptation in Semantic Segmentation. (1%) Robert A. Marsden; Alexander Bartler; Mario Döbler; Bin Yang http://arxiv.org/abs/2105.01867 A Theoretical-Empirical Approach to Estimating Sample Complexity of DNNs. (1%) Devansh Bisla; Apoorva Nandini Saridena; Anna Choromanska http://arxiv.org/abs/2105.01622 Poisoning the Unlabeled Dataset of Semi-Supervised Learning. (92%) Nicholas Carlini http://arxiv.org/abs/2105.01560 Broadly Applicable Targeted Data Sample Omission Attacks. (68%) Guy Barash; Eitan Farchi; Sarit Kraus; Onn Shehory http://arxiv.org/abs/2105.01403 An Overview of Laser Injection against Embedded Neural Network Models. (2%) Mathieu Dumont; Pierre-Alain Moellic; Raphael Viera; Jean-Max Dutertre; Rémi Bernhard http://arxiv.org/abs/2105.00622 Physical world assistive signals for deep neural network classifiers -- neither defense nor attack. (83%) Camilo Pestana; Wei Liu; David Glance; Robyn Owens; Ajmal Mian http://arxiv.org/abs/2105.00623 Black-Box Dissector: Towards Erasing-based Hard-Label Model Stealing Attack. (73%) Yixu Wang; Jie Li; Hong Liu; Yan Wang; Yongjian Wu; Feiyue Huang; Rongrong Ji http://arxiv.org/abs/2105.00495 BAARD: Blocking Adversarial Examples by Testing for Applicability, Reliability and Decidability. (99%) Xinglong Chang; Katharina Dost; Kaiqi Zhao; Ambra Demontis; Fabio Roli; Gill Dobbie; Jörg Wicker http://arxiv.org/abs/2105.00433 Who's Afraid of Adversarial Transferability? (99%) Ziv Katzir; Yuval Elovici http://arxiv.org/abs/2105.00389 Multi-Robot Coordination and Planning in Uncertain and Adversarial Environments. (10%) Lifeng Zhou; Pratap Tokekar http://arxiv.org/abs/2105.00529 GRNN: Generative Regression Neural Network -- A Data Leakage Attack for Federated Learning. (2%) Hanchi Ren; Jingjing Deng; Xianghua Xie http://arxiv.org/abs/2105.00391 Spinner: Automated Dynamic Command Subsystem Perturbation. (1%) Meng Wang; Chijung Jung; Ali Ahad; Yonghwi Kwon http://arxiv.org/abs/2105.00203 Adversarial Example Detection for DNN Models: A Review and Experimental Comparison. (99%) Ahmed Aldahdooh; Wassim Hamidouche; Sid Ahmed Fezza; Olivier Deforges http://arxiv.org/abs/2105.00278 A Perceptual Distortion Reduction Framework: Towards Generating Adversarial Examples with High Perceptual Quality and Attack Success Rate. (98%) Ruijie Yang; Yunhong Wang; Ruikui Wang; Yuanfang Guo http://arxiv.org/abs/2105.00227 On the Adversarial Robustness of Quantized Neural Networks. (75%) Micah Gorsline; James Smith; Cory Merkel http://arxiv.org/abs/2105.00164 Hidden Backdoors in Human-Centric Language Models. (73%) Shaofeng Li; Hui Liu; Tian Dong; Benjamin Zi Hao Zhao; Minhui Xue; Haojin Zhu; Jialiang Lu http://arxiv.org/abs/2105.00187 One Detector to Rule Them All: Towards a General Deepfake Attack Detection Framework. (62%) Shahroz Tariq; Sangyup Lee; Simon S. Woo http://arxiv.org/abs/2105.00249 A Master Key Backdoor for Universal Impersonation Attack against DNN-based Face Verification. (62%) Wei Guo; Benedetta Tondi; Mauro Barni http://arxiv.org/abs/2105.00350 Load Oscillating Attacks of Smart Grids: Demand Strategies and Vulnerability Analysis. (2%) Falah Alanazi; Jinsub Kim; Eduardo Cotilla-Sanchez http://arxiv.org/abs/2105.00303 RATT: Leveraging Unlabeled Data to Guarantee Generalization. (1%) Saurabh Garg; Sivaraman Balakrishnan; J. Zico Kolter; Zachary C. Lipton http://arxiv.org/abs/2104.15022 Deep Image Destruction: A Comprehensive Study on Vulnerability of Deep Image-to-Image Models against Adversarial Attacks. (99%) Jun-Ho Choi; Huan Zhang; Jun-Hyuk Kim; Cho-Jui Hsieh; Jong-Seok Lee http://arxiv.org/abs/2104.15061 Black-box Gradient Attack on Graph Neural Networks: Deeper Insights in Graph-based Attack and Defense. (99%) Haoxi Zhan; Xiaobing Pei http://arxiv.org/abs/2104.15064 Black-box adversarial attacks using Evolution Strategies. (98%) Hao Qiu; Leonardo Lucio Custode; Giovanni Iacca http://arxiv.org/abs/2105.00113 IPatch: A Remote Adversarial Patch. (97%) Yisroel Mirsky http://arxiv.org/abs/2104.15068 DeFiRanger: Detecting Price Manipulation Attacks on DeFi Applications. (10%) Siwei Wu; Dabao Wang; Jianting He; Yajin Zhou; Lei Wu; Xingliang Yuan; Qinming He; Kui Ren http://arxiv.org/abs/2104.14993 FIPAC: Thwarting Fault- and Software-Induced Control-Flow Attacks with ARM Pointer Authentication. (2%) Robert Schilling; Pascal Nasahl; Stefan Mangard http://arxiv.org/abs/2104.14528 GasHis-Transformer: A Multi-scale Visual Transformer Approach for Gastric Histopathology Image Classification. (67%) Haoyuan Chen; Chen Li; Xiaoyan Li; Ge Wang; Weiming Hu; Yixin Li; Wanli Liu; Changhao Sun; Yudong Yao; Yueyang Teng; Marcin Grzegorzek http://arxiv.org/abs/2104.14372 A neural anisotropic view of underspecification in deep learning. (26%) Guillermo Ortiz-Jimenez; Itamar Franco Salazar-Reque; Apostolos Modas; Seyed-Mohsen Moosavi-Dezfooli; Pascal Frossard http://arxiv.org/abs/2104.14672 Analytical bounds on the local Lipschitz constants of ReLU networks. (12%) Trevor Avant; Kristi A. Morgansen http://arxiv.org/abs/2104.14379 Learning Robust Variational Information Bottleneck with Reference. (5%) Weizhu Qian; Bowei Chen; Xiaowei Huang http://arxiv.org/abs/2104.13673 AdvHaze: Adversarial Haze Attack. (99%) Ruijun Gao; Qing Guo; Felix Juefei-Xu; Hongkai Yu; Wei Feng http://arxiv.org/abs/2104.13484 Improved and Efficient Text Adversarial Attacks using Target Information. (97%) Mahmoud Hossam; Trung Le; He Zhao; Viet Huynh; Dinh Phung http://arxiv.org/abs/2104.13295 Metamorphic Detection of Repackaged Malware. (91%) Shirish Singh; Gail Kaiser http://arxiv.org/abs/2104.13012 Structure-Aware Hierarchical Graph Pooling using Information Bottleneck. (2%) Kashob Kumar Roy; Amit Roy; A K M Mahbubur Rahman; M Ashraful Amin; Amin Ahsan Ali http://arxiv.org/abs/2104.13061 Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity. (1%) Mathias P. M. Parisot; Balazs Pejo; Dayana Spagnuelo http://arxiv.org/abs/2104.12426 Launching Adversarial Attacks against Network Intrusion Detection Systems for IoT. (99%) Pavlos Papadopoulos; Essen Oliver Thornewill von; Nikolaos Pitropakis; Christos Chrysoulas; Alexios Mylonas; William J. Buchanan http://arxiv.org/abs/2104.12378 Delving into Data: Effectively Substitute Training for Black-box Attack. (99%) Wenxuan Wang; Bangjie Yin; Taiping Yao; Li Zhang; Yanwei Fu; Shouhong Ding; Jilin Li; Feiyue Huang; Xiangyang Xue http://arxiv.org/abs/2104.12848 secml-malware: Pentesting Windows Malware Classifiers with Adversarial EXEmples in Python. (99%) Luca Demetrio; Battista Biggio http://arxiv.org/abs/2104.12623 Good Artists Copy, Great Artists Steal: Model Extraction Attacks Against Image Translation Generative Adversarial Networks. (98%) Sebastian Szyller; Vasisht Duddu; Tommi Gröndahl; N. Asokan http://arxiv.org/abs/2104.12679 Impact of Spatial Frequency Based Constraints on Adversarial Robustness. (98%) Rémi Bernhard; Pierre-Alain Moellic; Martial Mermillod; Yannick Bourrier; Romain Cohendet; Miguel Solinas; Marina Reyboz http://arxiv.org/abs/2104.12609 PatchGuard++: Efficient Provable Attack Detection against Adversarial Patches. (87%) Chong Xiang; Prateek Mittal http://arxiv.org/abs/2104.12146 3D Adversarial Attacks Beyond Point Cloud. (99%) Jinlai Zhang; Lyujie Chen; Binbin Liu; Bo Ouyang; Qizhi Xie; Jihong Zhu; Weiming Li; Yanmei Meng http://arxiv.org/abs/2104.12069 Making Generated Images Hard To Spot: A Transferable Attack On Synthetic Image Detectors. (81%) Xinwei Zhao; Matthew C. Stamm http://arxiv.org/abs/2104.13230 Influence Based Defense Against Data Poisoning Attacks in Online Learning. (99%) Sanjay Seetharaman; Shubham Malaviya; Rosni KV; Manish Shukla; Sachin Lodha http://arxiv.org/abs/2104.11470 Theoretical Study of Random Noise Defense against Query-Based Black-Box Attacks. (98%) Zeyu Qin; Yanbo Fan; Hongyuan Zha; Baoyuan Wu http://arxiv.org/abs/2104.11729 Evaluating Deception Detection Model Robustness To Linguistic Variation. (82%) Maria Glenski; Ellyn Ayton; Robin Cosbey; Dustin Arendt; Svitlana Volkova http://arxiv.org/abs/2104.11408 Lightweight Detection of Out-of-Distribution and Adversarial Samples via Channel Mean Discrepancy. (3%) Xin Dong; Junfeng Guo; Wei-Te Ting; H. T. Kung http://arxiv.org/abs/2104.11601 Improving Neural Silent Speech Interface Models by Adversarial Training. (1%) Amin Honarmandi Shandiz; László Tóth; Gábor Gosztolya; Alexandra Markó; Tamás Gábor Csapó http://arxiv.org/abs/2104.10868 Towards Adversarial Patch Analysis and Certified Defense against Crowd Counting. (99%) Qiming Wu; Zhikang Zou; Pan Zhou; Xiaoqing Ye; Binghui Wang; Ang Li http://arxiv.org/abs/2104.11101 Learning Transferable 3D Adversarial Cloaks for Deep Trained Detectors. (98%) Arman Maesumi; Mingkang Zhu; Yi Wang; Tianlong Chen; Zhangyang Wang; Chandrajit Bajaj http://arxiv.org/abs/2104.11103 Performance Evaluation of Adversarial Attacks: Discrepancies and Solutions. (86%) Jing Wu; Mingyi Zhou; Ce Zhu; Yipeng Liu; Mehrtash Harandi; Li Li http://arxiv.org/abs/2104.11294 Operator Shifting for General Noisy Matrix Systems. (56%) Philip Etter; Lexing Ying http://arxiv.org/abs/2104.11315 SPECTRE: Defending Against Backdoor Attacks Using Robust Statistics. (22%) Jonathan Hayase; Weihao Kong; Raghav Somani; Sewoong Oh http://arxiv.org/abs/2104.10377 Dual Head Adversarial Training. (99%) Yujing Jiang; Xingjun Ma; Sarah Monazam Erfani; James Bailey http://arxiv.org/abs/2104.10586 Mixture of Robust Experts (MoRE): A Flexible Defense Against Multiple Perturbations. (99%) Kaidi Xu; Chenan Wang; Xue Lin; Bhavya Kailkhura; Ryan Goldhahn http://arxiv.org/abs/2104.10837 Robust Certification for Laplace Learning on Geometric Graphs. (96%) Matthew Thorpe; Bao Wang http://arxiv.org/abs/2104.10459 Jacobian Regularization for Mitigating Universal Adversarial Perturbations. (95%) Kenneth T. Co; David Martinez Rego; Emil C. Lupu http://arxiv.org/abs/2104.10706 Dataset Inference: Ownership Resolution in Machine Learning. (83%) Pratyush Maini; Mohammad Yaghini; Nicolas Papernot http://arxiv.org/abs/2104.09852 Adversarial Training for Deep Learning-based Intrusion Detection Systems. (99%) Islam Debicha; Thibault Debatty; Jean-Michel Dricot; Wim Mees http://arxiv.org/abs/2104.10076 MixDefense: A Defense-in-Depth Framework for Adversarial Example Detection Based on Statistical and Semantic Analysis. (99%) Yijun Yang; Ruiyuan Gao; Yu Li; Qiuxia Lai; Qiang Xu http://arxiv.org/abs/2104.10336 MagicPai at SemEval-2021 Task 7: Method for Detecting and Rating Humor Based on Multi-Task Adversarial Training. (64%) Jian Ma; Shuyi Xie; Haiqin Yang; Lianxin Jiang; Mengyuan Zhou; Xiaoyi Ruan; Yang Mo http://arxiv.org/abs/2104.09789 Does enhanced shape bias improve neural network robustness to common corruptions? (26%) Chaithanya Kumar Mummadi; Ranjitha Subramaniam; Robin Hutmacher; Julien Vitay; Volker Fischer; Jan Hendrik Metzen http://arxiv.org/abs/2104.09872 Robust Sensor Fusion Algorithms Against Voice Command Attacks in Autonomous Vehicles. (9%) Jiwei Guan; Xi Zheng; Chen Wang; Yipeng Zhou; Alireza Jolfa http://arxiv.org/abs/2104.10262 Network Defense is Not a Game. (1%) Andres Molina-Markham; Ransom K. Winder; Ahmad Ridley http://arxiv.org/abs/2104.09722 Staircase Sign Method for Boosting Adversarial Attacks. (99%) Qilong Zhang; Xiaosu Zhu; Jingkuan Song; Lianli Gao; Heng Tao Shen http://arxiv.org/abs/2104.09425 Improving Adversarial Robustness Using Proxy Distributions. (99%) Vikash Sehwag; Saeed Mahloujifar; Tinashe Handina; Sihui Dai; Chong Xiang; Mung Chiang; Prateek Mittal http://arxiv.org/abs/2104.09369 Adversarial Diffusion Attacks on Graph-based Traffic Prediction Models. (99%) Lyuyi Zhu; Kairui Feng; Ziyuan Pu; Wei Ma http://arxiv.org/abs/2104.09284 LAFEAT: Piercing Through Adversarial Defenses with Latent Features. (99%) Yunrui Yu; Xitong Gao; Cheng-Zhong Xu http://arxiv.org/abs/2104.09197 Removing Adversarial Noise in Class Activation Feature Space. (99%) Dawei Zhou; Nannan Wang; Chunlei Peng; Xinbo Gao; Xiaoyu Wang; Jun Yu; Tongliang Liu http://arxiv.org/abs/2104.09172 Direction-Aggregated Attack for Transferable Adversarial Examples. (99%) Tianjin Huang; Vlado Menkovski; Yulong Pei; YuHao Wang; Mykola Pechenizkiy http://arxiv.org/abs/2104.09667 Manipulating SGD with Data Ordering Attacks. (95%) Ilia Shumailov; Zakhar Shumaylov; Dmitry Kazhdan; Yiren Zhao; Nicolas Papernot; Murat A. Erdogdu; Ross Anderson http://arxiv.org/abs/2104.09437 Provable Robustness of Adversarial Training for Learning Halfspaces with Noise. (22%) Difan Zou; Spencer Frei; Quanquan Gu http://arxiv.org/abs/2104.09203 Protecting the Intellectual Properties of Deep Neural Networks with an Additional Class and Steganographic Images. (11%) Shichang Sun; Mingfu Xue; Jian Wang; Weiqiang Liu http://arxiv.org/abs/2104.09136 Semi-Supervised Domain Adaptation with Prototypical Alignment and Consistency Learning. (1%) Kai Li; Chang Liu; Handong Zhao; Yulun Zhang; Yun Fu http://arxiv.org/abs/2104.08806 Best Practices for Noise-Based Augmentation to Improve the Performance of Emotion Recognition "In the Wild". (83%) Mimansa Jaiswal; Emily Mower Provost http://arxiv.org/abs/2104.08763 Making Attention Mechanisms More Robust and Interpretable with Virtual Adversarial Training. (68%) Shunsuke Kitada; Hitoshi Iyatomi http://arxiv.org/abs/2104.08782 On the Sensitivity and Stability of Model Interpretations in NLP. (1%) Fan Yin; Zhouxing Shi; Cho-Jui Hsieh; Kai-Wei Chang http://arxiv.org/abs/2104.08453 Attacking Text Classifiers via Sentence Rewriting Sampler. (99%) Lei Xu; Kalyan Veeramachaneni http://arxiv.org/abs/2104.08690 Rethinking Image-Scaling Attacks: The Interplay Between Vulnerabilities in Machine Learning Systems. (99%) Yue Gao; Ilia Shumailov; Kassem Fawaz http://arxiv.org/abs/2104.08678 Improving Question Answering Model Robustness with Synthetic Adversarial Data Generation. (98%) Max Bartolo; Tristan Thrush; Robin Jia; Sebastian Riedel; Pontus Stenetorp; Douwe Kiela http://arxiv.org/abs/2104.08645 Improving Zero-Shot Cross-Lingual Transfer Learning via Robust Training. (87%) Kuan-Hao Huang; Wasi Uddin Ahmad; Nanyun Peng; Kai-Wei Chang http://arxiv.org/abs/2104.08639 AM2iCo: Evaluating Word Meaning in Context across Low-ResourceLanguages with Adversarial Examples. (15%) Qianchu Liu; Edoardo M. Ponti; Diana McCarthy; Ivan Vulić; Anna Korhonen http://arxiv.org/abs/2104.08422 Fashion-Guided Adversarial Attack on Person Segmentation. (99%) Marc Treu; Trung-Nghia Le; Huy H. Nguyen; Junichi Yamagishi; Isao Echizen http://arxiv.org/abs/2104.08139 Towards Variable-Length Textual Adversarial Attacks. (99%) Junliang Guo; Zhirui Zhang; Linlin Zhang; Linli Xu; Boxing Chen; Enhong Chen; Weihua Luo http://arxiv.org/abs/2104.08231 An Adversarially-Learned Turing Test for Dialog Generation Models. (96%) Xiang Gao; Yizhe Zhang; Michel Galley; Bill Dolan http://arxiv.org/abs/2104.08323 Random and Adversarial Bit Error Robustness: Energy-Efficient and Secure DNN Accelerators. (83%) David Stutz; Nandhini Chandramoorthy; Matthias Hein; Bernt Schiele http://arxiv.org/abs/2104.08382 Lower Bounds on Cross-Entropy Loss in the Presence of Test-time Adversaries. (2%) Arjun Nitin Bhagoji; Daniel Cullina; Vikash Sehwag; Prateek Mittal http://arxiv.org/abs/2104.13733 Gradient-based Adversarial Attacks against Text Transformers. (99%) Chuan Guo; Alexandre Sablayrolles; Hervé Jégou; Douwe Kiela http://arxiv.org/abs/2104.07395 Robust Backdoor Attacks against Deep Neural Networks in Real Physical World. (86%) Mingfu Xue; Can He; Shichang Sun; Jian Wang; Weiqiang Liu http://arxiv.org/abs/2104.07646 Are Multilingual BERT models robust? A Case Study on Adversarial Attacks for Multilingual Question Answering. (12%) Sara Rosenthal; Mihaela Bornea; Avirup Sil http://arxiv.org/abs/2104.09994 Federated Learning for Malware Detection in IoT Devices. (10%) Valerian Rey; Pedro Miguel Sánchez Sánchez; Alberto Huertas Celdrán; Gérôme Bovet; Martin Jaggi http://arxiv.org/abs/2104.06728 Meaningful Adversarial Stickers for Face Recognition in Physical World. (98%) Ying Guo; Xingxing Wei; Guoqiu Wang; Bo Zhang http://arxiv.org/abs/2104.07167 Orthogonalizing Convolutional Layers with the Cayley Transform. (80%) Asher Trockman; J. Zico Kolter http://arxiv.org/abs/2104.06744 Defending Against Adversarial Denial-of-Service Data Poisoning Attacks. (38%) Nicolas M. Müller; Simon Roschmann; Konstantin Böttinger http://arxiv.org/abs/2104.06718 Improved Branch and Bound for Neural Network Verification via Lagrangian Decomposition. (1%) Palma Alessandro De; Rudy Bunel; Alban Desmaison; Krishnamurthy Dvijotham; Pushmeet Kohli; Philip H. S. Torr; M. Pawan Kumar http://arxiv.org/abs/2104.06377 Mitigating Adversarial Attack for Compute-in-Memory Accelerator Utilizing On-chip Finetune. (99%) Shanshi Huang; Hongwu Jiang; Shimeng Yu http://arxiv.org/abs/2104.06015 Detecting Operational Adversarial Examples for Reliable Deep Learning. (82%) Xingyu Zhao; Wei Huang; Sven Schewe; Yi Dong; Xiaowei Huang http://arxiv.org/abs/2104.05996 Fall of Giants: How popular text-based MLaaS fall against a simple evasion attack. (75%) Luca Pajola; Mauro Conti http://arxiv.org/abs/2104.05353 Sparse Coding Frontend for Robust Neural Networks. (99%) Can Bakiskan; Metehan Cekic; Ahmet Dundar Sezer; Upamanyu Madhow http://arxiv.org/abs/2104.05808 A Backdoor Attack against 3D Point Cloud Classifiers. (96%) Zhen Xiang; David J. Miller; Siheng Chen; Xi Li; George Kesidis http://arxiv.org/abs/2104.05801 Plot-guided Adversarial Example Construction for Evaluating Open-domain Story Generation. (56%) Sarik Ghazarian; Zixi Liu; Akash SM; Ralph Weischedel; Aram Galstyan; Nanyun Peng http://arxiv.org/abs/2104.05232 Double Perturbation: On the Robustness of Robustness and Counterfactual Bias Evaluation. (50%) Chong Zhang; Jieyu Zhao; Huan Zhang; Kai-Wei Chang; Cho-Jui Hsieh http://arxiv.org/abs/2104.05921 Thief, Beware of What Get You There: Towards Understanding Model Extraction Attack. (1%) Xinyi Zhang; Chengfang Fang; Jie Shi http://arxiv.org/abs/2104.05062 Achieving Model Robustness through Discrete Adversarial Training. (99%) Maor Ivgi; Jonathan Berant http://arxiv.org/abs/2104.05097 Pay attention to your loss: understanding misconceptions about 1-Lipschitz neural networks. (1%) Louis Béthune; Thibaut Boissin; Mathieu Serrurier; Franck Mamalet; Corentin Friedrich; Alberto González-Sanz http://arxiv.org/abs/2104.04680 Distributed Estimation over Directed Graphs Resilient to Sensor Spoofing. (69%) Shamik Bhattacharyya; Kiran Rokade; Rachel Kalpana Kalaimani http://arxiv.org/abs/2104.04725 Fool Me Twice: Entailment from Wikipedia Gamification. (61%) Julian Martin Eisenschlos; Bhuwan Dhingra; Jannis Bulian; Benjamin Börschinger; Jordan Boyd-Graber http://arxiv.org/abs/2104.04886 Adversarial Regularization as Stackelberg Game: An Unrolled Optimization Approach. (15%) Simiao Zuo; Chen Liang; Haoming Jiang; Xiaodong Liu; Pengcheng He; Jianfeng Gao; Weizhu Chen; Tuo Zhao http://arxiv.org/abs/2104.04907 Disentangled Contrastive Learning for Learning Robust Textual Representations. (11%) Xiang Chen; Xin Xie; Zhen Bi; Hongbin Ye; Shumin Deng; Ningyu Zhang; Huajun Chen http://arxiv.org/abs/2104.04448 Relating Adversarially Robust Generalization to Flat Minima. (99%) David Stutz; Matthias Hein; Bernt Schiele http://arxiv.org/abs/2104.04553 SPoTKD: A Protocol for Symmetric Key Distribution over Public Channels Using Self-Powered Timekeeping Devices. (1%) Mustafizur Rahman; Liang Zhou; Shantanu Chakrabartty http://arxiv.org/abs/2104.04268 Reversible Watermarking in Deep Convolutional Neural Networks for Integrity Authentication. (1%) Xiquan Guan; Huamin Feng; Weiming Zhang; Hang Zhou; Jie Zhang; Nenghai Yu http://arxiv.org/abs/2104.04405 Learning Sampling Policy for Faster Derivative Free Optimization. (1%) Zhou Zhai; Bin Gu; Heng Huang http://arxiv.org/abs/2104.04107 FACESEC: A Fine-grained Robustness Evaluation Framework for Face Recognition Systems. (98%) Liang Tong; Zhengzhang Chen; Jingchao Ni; Wei Cheng; Dongjin Song; Haifeng Chen; Yevgeniy Vorobeychik http://arxiv.org/abs/2104.03674 Explainability-based Backdoor Attacks Against Graph Neural Networks. (15%) Jing Jason Xu; Jason Minhui; Xue; Stjepan Picek http://arxiv.org/abs/2104.03863 A single gradient step finds adversarial examples on random two-layers neural networks. (10%) Sébastien Bubeck; Yeshwanth Cherapanamjeri; Gauthier Gidel; Rémi Tachet des Combes http://arxiv.org/abs/2104.04054 Adversarial Learning Inspired Emerging Side-Channel Attacks and Defenses. (8%) Abhijitt Dhavlle http://arxiv.org/abs/2104.03000 Universal Adversarial Training with Class-Wise Perturbations. (99%) Philipp Benz; Chaoning Zhang; Adil Karjauv; In So Kweon http://arxiv.org/abs/2104.02963 The art of defense: letting networks fool the attacker. (98%) Jinlai Zhang; Yinpeng Dong; Binbin Liu; Bo Ouyang; Jihong Zhu; Minchi Kuang; Houqing Wang; Yanmei Meng http://arxiv.org/abs/2104.03356 Universal Spectral Adversarial Attacks for Deformable Shapes. (81%) Arianna Rampini; Franco Pestarini; Luca Cosmo; Simone Melzi; Emanuele Rodolà http://arxiv.org/abs/2104.03180 Adversarial Robustness Guarantees for Gaussian Processes. (68%) Andrea Patane; Arno Blaas; Luca Laurenti; Luca Cardelli; Stephen Roberts; Marta Kwiatkowska http://arxiv.org/abs/2104.03413 Rethinking the Backdoor Attacks' Triggers: A Frequency Perspective. (61%) Yi Zeng; Won Park; Z. Morley Mao; Ruoxi Jia http://arxiv.org/abs/2104.03154 Improving Robustness of Deep Reinforcement Learning Agents: Environment Attacks based on Critic Networks. (10%) Lucas Schott; Manon Césaire; Hatem Hajri; Sylvain Lamprier http://arxiv.org/abs/2104.02922 Sparse Oblique Decision Trees: A Tool to Understand and Manipulate Neural Net Features. (3%) Suryabhan Singh Hada; Miguel Á. Carreira-Perpiñán; Arman Zharmagambetov http://arxiv.org/abs/2104.03366 An Object Detection based Solver for Google's Image reCAPTCHA v2. (1%) Md Imran Hossen; Yazhou Tu; Md Fazle Rabby; Md Nazmul Islam; Hui Cao; Xiali Hei http://arxiv.org/abs/2104.02757 Exploring Targeted Universal Adversarial Perturbations to End-to-end ASR Models. (93%) Zhiyun Lu; Wei Han; Yu Zhang; Liangliang Cao http://arxiv.org/abs/2104.02703 Adversarial Robustness under Long-Tailed Distribution. (89%) Tong Wu; Ziwei Liu; Qingqiu Huang; Yu Wang; Dahua Lin http://arxiv.org/abs/2104.02334 Robust Adversarial Classification via Abstaining. (75%) Abed AlRahman Al Makdah; Vaibhav Katewa; Fabio Pasqualetti http://arxiv.org/abs/2104.02361 Backdoor Attack in the Physical World. (2%) Yiming Li; Tongqing Zhai; Yong Jiang; Zhifeng Li; Shu-Tao Xia http://arxiv.org/abs/2104.02189 Robust Classification Under $\ell_0$ Attack for the Gaussian Mixture Model. (99%) Payam Delgosha; Hamed Hassani; Ramtin Pedarsani http://arxiv.org/abs/2104.02155 Adaptive Clustering of Robust Semantic Representations for Adversarial Image Purification. (98%) Samuel Henrique Silva; Arun Das; Ian Scarff; Peyman Najafirad http://arxiv.org/abs/2104.01782 BBAEG: Towards BERT-based Biomedical Adversarial Example Generation for Text Classification. (96%) Ishani Mondal http://arxiv.org/abs/2104.01789 Deep Learning-Based Autonomous Driving Systems: A Survey of Attacks and Defenses. (74%) Yao Deng; Tiehua Zhang; Guannan Lou; Xi Zheng; Jiong Jin; Qing-Long Han http://arxiv.org/abs/2104.02000 Can audio-visual integration strengthen robustness under multimodal attacks? (68%) Yapeng Tian; Chenliang Xu http://arxiv.org/abs/2104.02107 Jekyll: Attacking Medical Image Diagnostics using Deep Generative Models. (33%) Neal Mangaokar; Jiameng Pu; Parantapa Bhattacharya; Chandan K. Reddy; Bimal Viswanath http://arxiv.org/abs/2104.02156 Unified Detection of Digital and Physical Face Attacks. (8%) Debayan Deb; Xiaoming Liu; Anil K. Jain http://arxiv.org/abs/2104.02226 Beyond Categorical Label Representations for Image Classification. (2%) Boyuan Chen; Yu Li; Sunand Raghupathi; Hod Lipson http://arxiv.org/abs/2104.01853 Rethinking Perturbations in Encoder-Decoders for Fast Training. (1%) Sho Takase; Shun Kiyono http://arxiv.org/abs/2104.01732 Semantically Stealthy Adversarial Attacks against Segmentation Models. (99%) Zhenhua Chen; Chuhua Wang; David J. Crandall http://arxiv.org/abs/2104.01575 Reliably fast adversarial training via latent adversarial perturbation. (93%) Geon Yeong Park; Sang Wan Lee http://arxiv.org/abs/2104.01494 Mitigating Gradient-based Adversarial Attacks via Denoising and Compression. (99%) Rehana Mahfuz; Rajeev Sahay; Aly El Gamal http://arxiv.org/abs/2104.06375 Gradient-based Adversarial Deep Modulation Classification with Data-driven Subsampling. (93%) Jinho Yi; Aly El Gamal http://arxiv.org/abs/2104.01396 Property-driven Training: All You (N)Ever Wanted to Know About. (38%) Marco Casadio; Matthew Daggitt; Ekaterina Komendantskaya; Wen Kokke; Daniel Kienitz; Rob Stewart http://arxiv.org/abs/2104.01086 Defending Against Image Corruptions Through Adversarial Augmentations. (92%) Dan A. Calian; Florian Stimberg; Olivia Wiles; Sylvestre-Alvise Rebuffi; Andras Gyorgy; Timothy Mann; Sven Gowal http://arxiv.org/abs/2104.01026 RABA: A Robust Avatar Backdoor Attack on Deep Neural Network. (83%) Ying He; Zhili Shen; Chang Xia; Jingyu Hua; Wei Tong; Sheng Zhong http://arxiv.org/abs/2104.01231 Diverse Gaussian Noise Consistency Regularization for Robustness and Uncertainty Calibration under Noise Domain Shifts. (2%) Athanasios Tsiligkaridis; Theodoros Tsiligkaridis http://arxiv.org/abs/2104.00919 Fast-adapting and Privacy-preserving Federated Recommender System. (1%) Qinyong Wang; Hongzhi Yin; Tong Chen; Junliang Yu; Alexander Zhou; Xiangliang Zhang http://arxiv.org/abs/2104.00671 TRS: Transferability Reduced Ensemble via Encouraging Gradient Diversity and Model Smoothness. (99%) Zhuolin Yang; Linyi Li; Xiaojun Xu; Shiliang Zuo; Qian Chen; Benjamin Rubinstein; Pan Zhou; Ce Zhang; Bo Li http://arxiv.org/abs/2104.00322 Domain Invariant Adversarial Learning. (98%) Matan Levi; Idan Attias; Aryeh Kontorovich http://arxiv.org/abs/2104.00312 Normal vs. Adversarial: Salience-based Analysis of Adversarial Samples for Relation Extraction. (93%) Luoqiu Li; Xiang Chen; Ningyu Zhang; Shumin Deng; Xin Xie; Chuanqi Tan; Mosha Chen; Fei Huang; Huajun Chen http://arxiv.org/abs/2104.00447 Towards Evaluating and Training Verifiably Robust Neural Networks. (45%) Zhaoyang Lyu; Minghao Guo; Tong Wu; Guodong Xu; Kehuan Zhang; Dahua Lin http://arxiv.org/abs/2104.00460 Augmenting Zero Trust Architecture to Endpoints Using Blockchain: A Systematic Review. (3%) Lampis Alevizos; Vinh Thong Ta; Max Hashem Eiza http://arxiv.org/abs/2104.02570 Learning from Noisy Labels via Dynamic Loss Thresholding. (1%) Hao Yang; Youzhi Jin; Ziyin Li; Deng-Bao Wang; Lei Miao; Xin Geng; Min-Ling Zhang http://arxiv.org/abs/2104.00139 Adversarial Heart Attack: Neural Networks Fooled to Segment Heart Symbols in Chest X-Ray Images. (99%) Gerda Bortsova; Florian Dubost; Laurens Hogeweg; Ioannis Katramados; Bruijne Marleen de http://arxiv.org/abs/2103.17122 Adversarial Attacks and Defenses for Speech Recognition Systems. (99%) Piotr Żelasko; Sonal Joshi; Yiwen Shao; Jesus Villalba; Jan Trmal; Najim Dehak; Sanjeev Khudanpur http://arxiv.org/abs/2103.17268 Fast Certified Robust Training with Short Warmup. (86%) Zhouxing Shi; Yihan Wang; Huan Zhang; Jinfeng Yi; Cho-Jui Hsieh http://arxiv.org/abs/2104.00219 Fast Jacobian-Vector Product for Deep Networks. (22%) Randall Balestriero; Richard Baraniuk http://arxiv.org/abs/2104.00236 Too Expensive to Attack: A Joint Defense Framework to Mitigate Distributed Attacks for the Internet of Things Grid. (2%) Jianhua Li; Ximeng Liu; Jiong Jin; Shui Yu http://arxiv.org/abs/2103.17028 Digital Forensics vs. Anti-Digital Forensics: Techniques, Limitations and Recommendations. (1%) Jean-Paul A. Yaacoub; Hassan N. Noura; Ola Salman; Ali Chehab http://arxiv.org/abs/2104.02610 On the Robustness of Vision Transformers to Adversarial Examples. (99%) Kaleel Mahmood; Rigel Mahmood; Dijk Marten van http://arxiv.org/abs/2103.16148 Class-Aware Robust Adversarial Training for Object Detection. (96%) Pin-Chun Chen; Bo-Han Kung; Jun-Cheng Chen http://arxiv.org/abs/2103.16074 PointBA: Towards Backdoor Attacks in 3D Point Cloud. (92%) Xinke Li; Zhiru Chen; Yue Zhao; Zekun Tong; Yabang Zhao; Andrew Lim; Joey Tianyi Zhou http://arxiv.org/abs/2103.16255 What Causes Optical Flow Networks to be Vulnerable to Physical Adversarial Attacks. (91%) Simon Schrodi; Tonmoy Saikia; Thomas Brox http://arxiv.org/abs/2103.16714 Statistical inference for individual fairness. (67%) Subha Maity; Songkai Xue; Mikhail Yurochkin; Yuekai Sun http://arxiv.org/abs/2103.16629 Learning Lipschitz Feedback Policies from Expert Demonstrations: Closed-Loop Guarantees, Generalization and Robustness. (47%) Abed AlRahman Al Makdah; Vishaal Krishnan; Fabio Pasqualetti http://arxiv.org/abs/2103.16241 Improving robustness against common corruptions with frequency biased models. (1%) Tonmoy Saikia; Cordelia Schmid; Thomas Brox http://arxiv.org/abs/2103.15385 Lagrangian Objective Function Leads to Improved Unforeseen Attack Generalization in Adversarial Training. (99%) Mohammad Azizmalayeri; Mohammad Hossein Rohban http://arxiv.org/abs/2103.15571 Enhancing the Transferability of Adversarial Attacks through Variance Tuning. (99%) Xiaosen Wang; Kun He http://arxiv.org/abs/2103.15670 On the Adversarial Robustness of Vision Transformers. (99%) Rulin Shao; Zhouxing Shi; Jinfeng Yi; Pin-Yu Chen; Cho-Jui Hsieh http://arxiv.org/abs/2103.15476 ZeroGrad : Mitigating and Explaining Catastrophic Overfitting in FGSM Adversarial Training. (95%) Zeinab Golgooni; Mehrdad Saberi; Masih Eskandar; Mohammad Hossein Rohban http://arxiv.org/abs/2103.16031 Certifiably-Robust Federated Adversarial Learning via Randomized Smoothing. (93%) Cheng Chen; Bhavya Kailkhura; Ryan Goldhahn; Yi Zhou http://arxiv.org/abs/2103.15326 Fooling LiDAR Perception via Adversarial Trajectory Perturbation. (83%) Yiming Li; Congcong Wen; Felix Juefei-Xu; Chen Feng http://arxiv.org/abs/2103.15370 Robust Reinforcement Learning under model misspecification. (31%) Lebin Yu; Jian Wang; Xudong Zhang http://arxiv.org/abs/2103.15897 Automating Defense Against Adversarial Attacks: Discovery of Vulnerabilities and Application of Multi-INT Imagery to Protect Deployed Models. (16%) Josh Kalin; David Noever; Matthew Ciolino; Dominick Hambrick; Gerry Dozier http://arxiv.org/abs/2103.15918 MISA: Online Defense of Trojaned Models using Misattributions. (10%) Panagiota Kiourti; Wenchao Li; Anirban Roy; Karan Sikka; Susmit Jha http://arxiv.org/abs/2103.15543 Be Careful about Poisoned Word Embeddings: Exploring the Vulnerability of the Embedding Layers in NLP Models. (9%) Wenkai Yang; Lei Li; Zhiyuan Zhang; Xuancheng Ren; Xu Sun; Bin He http://arxiv.org/abs/2103.15383 Selective Output Smoothing Regularization: Regularize Neural Networks by Softening Output Distributions. (1%) Xuan Cheng; Tianshu Xie; Xiaomin Wang; Qifeng Weng; Minghui Liu; Jiali Deng; Ming Liu http://arxiv.org/abs/2103.15089 Improved Autoregressive Modeling with Distribution Smoothing. (86%) Chenlin Meng; Jiaming Song; Yang Song; Shengjia Zhao; Stefano Ermon http://arxiv.org/abs/2103.14977 On the benefits of robust models in modulation recognition. (99%) Javier Maroto; Gérôme Bovet; Pascal Frossard http://arxiv.org/abs/2103.14938 IoU Attack: Towards Temporally Coherent Black-Box Adversarial Attack for Visual Object Tracking. (99%) Shuai Jia; Yibing Song; Chao Ma; Xiaokang Yang http://arxiv.org/abs/2103.14835 LiBRe: A Practical Bayesian Approach to Adversarial Detection. (99%) Zhijie Deng; Xiao Yang; Shizhen Xu; Hang Su; Jun Zhu http://arxiv.org/abs/2103.14717 Cyclic Defense GAN Against Speech Adversarial Attacks. (99%) Mohammad Esmaeilpour; Patrick Cardinal; Alessandro Lameiras Koerich http://arxiv.org/abs/2103.14347 Combating Adversaries with Anti-Adversaries. (93%) Motasem Alfarra; Juan C. Pérez; Ali Thabet; Adel Bibi; Philip H. S. Torr; Bernard Ghanem http://arxiv.org/abs/2103.14641 On Generating Transferable Targeted Perturbations. (93%) Muzammal Naseer; Salman Khan; Munawar Hayat; Fahad Shahbaz Khan; Fatih Porikli http://arxiv.org/abs/2103.14332 Building Reliable Explanations of Unreliable Neural Networks: Locally Smoothing Perspective of Model Interpretation. (86%) Dohun Lim; Hyeonseok Lee; Sungchan Kim http://arxiv.org/abs/2103.14795 Ensemble-in-One: Learning Ensemble within Random Gated Networks for Enhanced Adversarial Robustness. (83%) Yi Cai; Xuefei Ning; Huazhong Yang; Yu Wang http://arxiv.org/abs/2103.14441 Visual Explanations from Spiking Neural Networks using Interspike Intervals. (62%) Youngeun Kim; Priyadarshini Panda http://arxiv.org/abs/2103.14577 Unsupervised Robust Domain Adaptation without Source Data. (13%) Peshal Agarwal; Danda Pani Paudel; Jan-Nico Zaech; Gool Luc Van http://arxiv.org/abs/2103.14222 Adversarial Attacks are Reversible with Natural Supervision. (99%) Chengzhi Mao; Mia Chiquier; Hao Wang; Junfeng Yang; Carl Vondrick http://arxiv.org/abs/2103.13989 Adversarial Attacks on Deep Learning Based mmWave Beam Prediction in 5G and Beyond. (98%) Brian Kim; Yalin E. Sagduyu; Tugba Erpek; Sennur Ulukus http://arxiv.org/abs/2103.14211 MagDR: Mask-guided Detection and Reconstruction for Defending Deepfakes. (81%) Zhikai Chen; Lingxi Xie; Shanmin Pang; Yong He; Bo Zhang http://arxiv.org/abs/2103.14172 Deep-RBF Networks for Anomaly Detection in Automotive Cyber-Physical Systems. (70%) Matthew Burruss; Shreyas Ramakrishna; Abhishek Dubey http://arxiv.org/abs/2103.14021 Orthogonal Projection Loss. (45%) Kanchana Ranasinghe; Muzammal Naseer; Munawar Hayat; Salman Khan; Fahad Shahbaz Khan http://arxiv.org/abs/2103.13612 THAT: Two Head Adversarial Training for Improving Robustness at Scale. (26%) Zuxuan Wu; Tom Goldstein; Larry S. Davis; Ser-Nam Lim http://arxiv.org/abs/2103.14244 A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks and Defenses in Cryptography. (11%) Xiaoxuan Lou; Tianwei Zhang; Jun Jiang; Yinqian Zhang http://arxiv.org/abs/2103.13628 HufuNet: Embedding the Left Piece as Watermark and Keeping the Right Piece for Ownership Verification in Deep Neural Networks. (10%) Peizhuo Lv; Pan Li; Shengzhi Zhang; Kai Chen; Ruigang Liang; Yue Zhao; Yingjiu Li http://arxiv.org/abs/2103.14108 The Geometry of Over-parameterized Regression and Adversarial Perturbations. (2%) Jason W. Rocks; Pankaj Mehta http://arxiv.org/abs/2103.14212 Synthesize-It-Classifier: Learning a Generative Classifier through RecurrentSelf-analysis. (1%) Arghya Pal; Rapha Phan; KokSheik Wong http://arxiv.org/abs/2103.13733 Spirit Distillation: Precise Real-time Prediction with Insufficient Data. (1%) Zhiyuan Wu; Hong Qi; Yu Jiang; Chupeng Cui; Zongmin Yang; Xinhui Xue http://arxiv.org/abs/2103.13598 Recent Advances in Large Margin Learning. (1%) Yiwen Guo; Changshui Zhang http://arxiv.org/abs/2103.13124 Towards Both Accurate and Robust Neural Networks without Extra Data. (99%) Faqiang Liu; Rong Zhao http://arxiv.org/abs/2103.13134 Vulnerability of Appearance-based Gaze Estimation. (97%) Mingjie Xu; Haofei Wang; Yunfei Liu; Feng Lu http://arxiv.org/abs/2103.13127 Black-box Detection of Backdoor Attacks with Limited Information and Data. (96%) Yinpeng Dong; Xiao Yang; Zhijie Deng; Tianyu Pang; Zihao Xiao; Hang Su; Jun Zhu http://arxiv.org/abs/2103.13567 Deepfake Forensics via An Adversarial Game. (10%) Zhi Wang; Yiwen Guo; Wangmeng Zuo http://arxiv.org/abs/2103.13886 Robust and Accurate Object Detection via Adversarial Learning. (98%) Xiangning Chen; Cihang Xie; Mingxing Tan; Li Zhang; Cho-Jui Hsieh; Boqing Gong http://arxiv.org/abs/2103.12531 CLIP: Cheap Lipschitz Training of Neural Networks. (96%) Leon Bungert; René Raab; Tim Roith; Leo Schwinn; Daniel Tenbrinck http://arxiv.org/abs/2103.12399 The Hammer and the Nut: Is Bilevel Optimization Really Needed to Poison Linear Classifiers? (92%) Antonio Emanuele Cinà; Sebastiano Vascon; Ambra Demontis; Battista Biggio; Fabio Roli; Marcello Pelillo http://arxiv.org/abs/2103.12719 Characterizing and Improving the Robustness of Self-Supervised Learning through Background Augmentations. (87%) Chaitanya K. Ryali; David J. Schwab; Ari S. Morcos http://arxiv.org/abs/2103.12469 RPATTACK: Refined Patch Attack on General Object Detectors. (76%) Hao Huang; Yongtao Wang; Zhaoyu Chen; Zhi Tang; Wenqiang Zhang; Kai-Kuang Ma http://arxiv.org/abs/2103.12535 NNrepair: Constraint-based Repair of Neural Network Classifiers. (50%) Muhammad Usman; Divya Gopinath; Youcheng Sun; Yannic Noller; Corina Pasareanu http://arxiv.org/abs/2103.12628 Are all outliers alike? On Understanding the Diversity of Outliers for Detecting OODs. (31%) Ramneet Kaur; Susmit Jha; Anirban Roy; Oleg Sokolsky; Insup Lee http://arxiv.org/abs/2103.12913 Improved Estimation of Concentration Under $\ell_p$-Norm Distance Metrics Using Half Spaces. (22%) Jack Prescott; Xiao Zhang; David Evans http://arxiv.org/abs/2103.12607 ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning. (1%) Oliver Lutz; Huili Chen; Hossein Fereidooni; Christoph Sendner; Alexandra Dmitrienko; Ahmad Reza Sadeghi; Farinaz Koushanfar http://arxiv.org/abs/2103.11576 Grey-box Adversarial Attack And Defence For Sentiment Classification. (99%) Ying Xu; Xu Zhong; Antonio Jimeno Yepes; Jey Han Lau http://arxiv.org/abs/2103.13815 Fast Approximate Spectral Normalization for Robust Deep Neural Networks. (98%) Zhixin Pan; Prabhat Mishra http://arxiv.org/abs/2103.12256 Spatio-Temporal Sparsification for General Robust Graph Convolution Networks. (87%) Mingming Lu; Ya Zhang http://arxiv.org/abs/2103.13813 RA-BNN: Constructing Robust & Accurate Binary Neural Network to Simultaneously Defend Adversarial Bit-Flip Attack and Improve Accuracy. (75%) Adnan Siraj Rakin; Li Yang; Jingtao Li; Fan Yao; Chaitali Chakrabarti; Yu Cao; Jae-sun Seo; Deliang Fan http://arxiv.org/abs/2103.12171 Adversarial Feature Augmentation and Normalization for Visual Recognition. (13%) Tianlong Chen; Yu Cheng; Zhe Gan; Jianfeng Wang; Lijuan Wang; Zhangyang Wang; Jingjing Liu http://arxiv.org/abs/2103.11589 Adversarially Optimized Mixup for Robust Classification. (13%) Jason Bunk; Srinjoy Chattopadhyay; B. S. Manjunath; Shivkumar Chandrasekaran http://arxiv.org/abs/2103.11526 ExAD: An Ensemble Approach for Explanation-based Adversarial Detection. (99%) Raj Vardhan; Ninghao Liu; Phakpoom Chinprutthiwong; Weijie Fu; Zhenyu Hu; Xia Ben Hu; Guofei Gu http://arxiv.org/abs/2103.11441 TextFlint: Unified Multilingual Robustness Evaluation Toolkit for Natural Language Processing. (75%) Tao Gui; Xiao Wang; Qi Zhang; Qin Liu; Yicheng Zou; Xin Zhou; Rui Zheng; Chong Zhang; Qinzhuo Wu; Jiacheng Ye; Zexiong Pang; Yongxin Zhang; Zhengyan Li; Ruotian Ma; Zichu Fei; Ruijian Cai; Jun Zhao; Xinwu Hu; Zhiheng Yan; Yiding Tan; Yuan Hu; Qiyuan Bian; Zhihua Liu; Bolin Zhu; Shan Qin; Xiaoyu Xing; Jinlan Fu; Yue Zhang; Minlong Peng; Xiaoqing Zheng; Yaqian Zhou; Zhongyu Wei; Xipeng Qiu; Xuanjing Huang http://arxiv.org/abs/2103.11372 Natural Perturbed Training for General Robustness of Neural Network Classifiers. (38%) Sadaf Gulshad; Arnold Smeulders http://arxiv.org/abs/2103.11362 Self adversarial attack as an augmentation method for immunohistochemical stainings. (33%) Jelica Vasiljević; Friedrich Feuerhake; Cédric Wemmert; Thomas Lampert http://arxiv.org/abs/2103.11257 Robust Models Are More Interpretable Because Attributions Look Normal. (15%) Zifan Wang; Matt Fredrikson; Anupam Datta http://arxiv.org/abs/2103.10787 LSDAT: Low-Rank and Sparse Decomposition for Decision-based Adversarial Attack. (99%) Ashkan Esmaeili; Marzieh Edraki; Nazanin Rahnavard; Mubarak Shah; Ajmal Mian http://arxiv.org/abs/2103.10651 SoK: A Modularized Approach to Study the Security of Automatic Speech Recognition Systems. (93%) Yuxuan Chen; Jiangshan Zhang; Xuejing Yuan; Shengzhi Zhang; Kai Chen; Xiaofeng Wang; Shanqing Guo http://arxiv.org/abs/2103.11002 Attribution of Gradient Based Adversarial Attacks for Reverse Engineering of Deceptions. (86%) Michael Goebel; Jason Bunk; Srinjoy Chattopadhyay; Lakshmanan Nataraj; Shivkumar Chandrasekaran; B. S. Manjunath http://arxiv.org/abs/2103.10689 Interpretable Deep Learning: Interpretation, Interpretability, Trustworthiness, and Beyond. (2%) Xuhong Li; Haoyi Xiong; Xingjian Li; Xuanyu Wu; Xiao Zhang; Ji Liu; Jiang Bian; Dejing Dou http://arxiv.org/abs/2103.11882 Generating Adversarial Computer Programs using Optimized Obfuscations. (99%) Shashank Srikant; Sijia Liu; Tamara Mitrovska; Shiyu Chang; Quanfu Fan; Gaoyuan Zhang; Una-May O'Reilly http://arxiv.org/abs/2103.10609 Boosting Adversarial Transferability through Enhanced Momentum. (99%) Xiaosen Wang; Jiadong Lin; Han Hu; Jingdong Wang; Kun He http://arxiv.org/abs/2103.10229 Explainable Adversarial Attacks in Deep Neural Networks Using Activation Profiles. (98%) Gabriel D. Cantareira; Rodrigo F. Mello; Fernando V. Paulovich http://arxiv.org/abs/2103.10043 Enhancing Transformer for Video Understanding Using Gated Multi-Level Attention and Temporal Adversarial Training. (76%) Saurabh Sahu; Palash Goyal http://arxiv.org/abs/2103.10013 Model Extraction and Adversarial Transferability, Your BERT is Vulnerable! (69%) Xuanli He; Lingjuan Lyu; Qiongkai Xu; Lichao Sun http://arxiv.org/abs/2103.10274 TOP: Backdoor Detection in Neural Networks via Transferability of Perturbation. (61%) Todd Huster; Emmanuel Ekwedike http://arxiv.org/abs/2103.10603 Noise Modulation: Let Your Model Interpret Itself. (54%) Haoyang Li; Xinggang Wang http://arxiv.org/abs/2103.10094 KoDF: A Large-scale Korean DeepFake Detection Dataset. (16%) Patrick Kwon; Jaeseong You; Gyuhyeon Nam; Sungwoo Park; Gyeongsu Chae http://arxiv.org/abs/2103.10480 Reading Isn't Believing: Adversarial Attacks On Multi-Modal Neurons. (9%) David A. Noever; Samantha E. Miller Noever http://arxiv.org/abs/2103.09916 Can Targeted Adversarial Examples Transfer When the Source and Target Models Have No Label Space Overlap? (99%) Nathan Inkawhich; Kevin J Liang; Jingyang Zhang; Huanrui Yang; Hai Li; Yiran Chen http://arxiv.org/abs/2103.09448 Adversarial Attacks on Camera-LiDAR Models for 3D Car Detection. (98%) Mazen Abdelfattah; Kaiwen Yuan; Z. Jane Wang; Rabab Ward http://arxiv.org/abs/2103.10834 Improved, Deterministic Smoothing for L1 Certified Robustness. (82%) Alexander Levine; Soheil Feizi http://arxiv.org/abs/2103.09947 Understanding Generalization in Adversarial Training via the Bias-Variance Decomposition. (41%) Yaodong Yu; Zitong Yang; Edgar Dobriban; Jacob Steinhardt; Yi Ma http://arxiv.org/abs/2103.09593 Code-Mixing on Sesame Street: Dawn of the Adversarial Polyglots. (38%) Samson Tan; Shafiq Joty http://arxiv.org/abs/2103.09713 Cyber Intrusion Detection by Using Deep Neural Networks with Attack-sharing Loss. (13%) Boxiang Wendy Dong; Wendy Hui; Wang; Aparna S. Varde; Dawei Li; Bharath K. Samanthula; Weifeng Sun; Liang Zhao http://arxiv.org/abs/2103.09151 Adversarial Driving: Attacking End-to-End Autonomous Driving. (93%) Han Wu; Syed Yunas; Sareh Rowlands; Wenjie Ruan; Johan Wahlstrom http://arxiv.org/abs/2103.08860 Adversarial YOLO: Defense Human Detection Patch Attacks via Detecting Adversarial Patches. (92%) Nan Ji; YanFei Feng; Haidong Xie; Xueshuang Xiang; Naijin Liu http://arxiv.org/abs/2103.08896 Anti-Adversarially Manipulated Attributions for Weakly and Semi-Supervised Semantic Segmentation. (75%) Jungbeom Lee; Eunji Kim; Sungroh Yoon http://arxiv.org/abs/2103.09265 Bio-inspired Robustness: A Review. (70%) Harshitha Machiraju; Oh-Hyeon Choung; Pascal Frossard; Michael. H Herzog http://arxiv.org/abs/2103.08265 Constant Random Perturbations Provide Adversarial Robustness with Minimal Effect on Accuracy. (83%) Bronya Roni Chernyak; Bhiksha Raj; Tamir Hazan; Joseph Keshet http://arxiv.org/abs/2103.08187 Adversarial Training is Not Ready for Robot Learning. (67%) Mathias Lechner; Ramin Hasani; Radu Grosu; Daniela Rus; Thomas A. Henzinger http://arxiv.org/abs/2103.08668 HDTest: Differential Fuzz Testing of Brain-Inspired Hyperdimensional Computing. (64%) Dongning Ma; Jianmin Guo; Yu Jiang; Xun Jiao http://arxiv.org/abs/2103.07470 Understanding invariance via feedforward inversion of discriminatively trained classifiers. (10%) Piotr Teterwak; Chiyuan Zhang; Dilip Krishnan; Michael C. Mozer http://arxiv.org/abs/2103.08561 Meta-Solver for Neural Ordinary Differential Equations. (2%) Julia Gusak; Alexandr Katrutsa; Talgat Daulbaev; Andrzej Cichocki; Ivan Oseledets http://arxiv.org/abs/2103.08095 Towards Robust Speech-to-Text Adversarial Attack. (99%) Mohammad Esmaeilpour; Patrick Cardinal; Alessandro Lameiras Koerich http://arxiv.org/abs/2103.08031 BreakingBED -- Breaking Binary and Efficient Deep Neural Networks by Adversarial Attacks. (98%) Manoj Rohit Vemparala; Alexander Frickenstein; Nael Fasfous; Lukas Frickenstein; Qi Zhao; Sabine Kuhn; Daniel Ehrhardt; Yuankai Wu; Christian Unger; Naveen Shankar Nagaraja; Walter Stechele http://arxiv.org/abs/2103.08086 Multi-Discriminator Sobolev Defense-GAN Against Adversarial Attacks for End-to-End Speech Systems. (82%) Mohammad Esmaeilpour; Patrick Cardinal; Alessandro Lameiras Koerich http://arxiv.org/abs/2103.07853 Membership Inference Attacks on Machine Learning: A Survey. (68%) Hongsheng Hu; Zoran Salcic; Lichao Sun; Gillian Dobbie; Philip S. Yu; Xuyun Zhang http://arxiv.org/abs/2103.07633 Attack as Defense: Characterizing Adversarial Examples using Robustness. (99%) Zhe Zhao; Guangke Chen; Jingyi Wang; Yiwei Yang; Fu Song; Jun Sun http://arxiv.org/abs/2103.07640 Generating Unrestricted Adversarial Examples via Three Parameters. (99%) Hanieh Naderi; Leili Goli; Shohreh Kasaei http://arxiv.org/abs/2103.07704 Simeon -- Secure Federated Machine Learning Through Iterative Filtering. (12%) Nicholas Malecki; Hye-young Paik; Aleksandar Ignjatovic; Alan Blair; Elisa Bertino http://arxiv.org/abs/2103.07595 Learning Defense Transformers for Counterattacking Adversarial Examples. (99%) Jincheng Li; Jiezhang Cao; Yifan Zhang; Jian Chen; Mingkui Tan http://arxiv.org/abs/2103.07598 Internal Wasserstein Distance for Adversarial Attack and Defense. (99%) Mingkui Tan; Shuhai Zhang; Jiezhang Cao; Jincheng Li; Yanwu Xu http://arxiv.org/abs/2103.07364 A Unified Game-Theoretic Interpretation of Adversarial Robustness. (98%) Jie Ren; Die Zhang; Yisen Wang; Lu Chen; Zhanpeng Zhou; Yiting Chen; Xu Cheng; Xin Wang; Meng Zhou; Jie Shi; Quanshi Zhang http://arxiv.org/abs/2103.07268 Adversarial Machine Learning Security Problems for 6G: mmWave Beam Prediction Use-Case. (82%) Evren Catak; Ferhat Ozgur Catak; Arild Moldsvor http://arxiv.org/abs/2103.07583 Network Environment Design for Autonomous Cyberdefense. (1%) Andres Molina-Markham; Cory Miniter; Becky Powell; Ahmad Ridley http://arxiv.org/abs/2103.06936 Stochastic-HMDs: Adversarial Resilient Hardware Malware Detectors through Voltage Over-scaling. (99%) Md Shohidul Islam; Ihsen Alouani; Khaled N. Khasawneh http://arxiv.org/abs/2103.06624 Beta-CROWN: Efficient Bound Propagation with Per-neuron Split Constraints for Complete and Incomplete Neural Network Verification. (99%) Shiqi Wang; Huan Zhang; Kaidi Xu; Xue Lin; Suman Jana; Cho-Jui Hsieh; J. Zico Kolter http://arxiv.org/abs/2103.06504 Adversarial Laser Beam: Effective Physical-World Attack to DNNs in a Blink. (99%) Ranjie Duan; Xiaofeng Mao; A. K. Qin; Yun Yang; Yuefeng Chen; Shaokai Ye; Yuan He http://arxiv.org/abs/2103.06487 DAFAR: Detecting Adversaries by Feedback-Autoencoder Reconstruction. (99%) Haowen Liu; Ping Yi; Hsiao-Ying Lin; Jie Shi http://arxiv.org/abs/2103.08306 ReinforceBug: A Framework to Generate Adversarial Textual Examples. (97%) Bushra Sabir; M. Ali Babar; Raj Gaire http://arxiv.org/abs/2103.06473 Multi-Task Federated Reinforcement Learning with Adversaries. (15%) Aqeel Anwar; Arijit Raychowdhury http://arxiv.org/abs/2103.06797 BODAME: Bilevel Optimization for Defense Against Model Extraction. (8%) Yuto Mori; Atsushi Nitanda; Akiko Takeda http://arxiv.org/abs/2103.08307 Improving Adversarial Robustness via Channel-wise Activation Suppressing. (99%) Yang Bai; Yuyuan Zeng; Yong Jiang; Shu-Tao Xia; Xingjun Ma; Yisen Wang http://arxiv.org/abs/2103.06297 TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack. (92%) Yam Sharon; David Berend; Yang Liu; Asaf Shabtai; Yuval Elovici http://arxiv.org/abs/2103.05905 VideoMoCo: Contrastive Video Representation Learning with Temporally Adversarial Examples. (67%) Tian Pan; Yibing Song; Tianyu Yang; Wenhao Jiang; Wei Liu http://arxiv.org/abs/2103.13329 Fine-tuning of Pre-trained End-to-end Speech Recognition with Generative Adversarial Networks. (1%) Md Akmal Haidar; Mehdi Rezagholizadeh http://arxiv.org/abs/2103.05232 Stabilized Medical Image Attacks. (99%) Gege Qi; Lijun Gong; Yibing Song; Kai Ma; Yefeng Zheng http://arxiv.org/abs/2103.05354 Revisiting Model's Uncertainty and Confidences for Adversarial Example Detection. (99%) Ahmed Aldahdooh; Wassim Hamidouche; Olivier Déforges http://arxiv.org/abs/2103.05248 Practical Relative Order Attack in Deep Ranking. (99%) Mo Zhou; Le Wang; Zhenxing Niu; Qilin Zhang; Yinghui Xu; Nanning Zheng; Gang Hua http://arxiv.org/abs/2103.05266 BASAR:Black-box Attack on Skeletal Action Recognition. (99%) Yunfeng Diao; Tianjia Shao; Yong-Liang Yang; Kun Zhou; He Wang http://arxiv.org/abs/2103.05347 Understanding the Robustness of Skeleton-based Action Recognition under Adversarial Attack. (98%) He Wang; Feixiang He; Zhexi Peng; Tianjia Shao; Yong-Liang Yang; Kun Zhou; David Hogg http://arxiv.org/abs/2103.05292 Deep Learning for Android Malware Defenses: a Systematic Literature Review. (11%) Yue Liu; Chakkrit Tantithamthavorn; Li Li; Yepang Liu http://arxiv.org/abs/2103.05590 Robust Black-box Watermarking for Deep NeuralNetwork using Inverse Document Frequency. (10%) Mohammad Mehdi Yadollahi; Farzaneh Shoeleh; Sajjad Dadkhah; Ali A. Ghorbani http://arxiv.org/abs/2103.05833 Towards Strengthening Deep Learning-based Side Channel Attacks with Mixup. (2%) Zhimin Luo; Mengce Zheng; Ping Wang; Minhui Jin; Jiajia Zhang; Honggang Hu; Nenghai Yu http://arxiv.org/abs/2103.04794 Packet-Level Adversarial Network Traffic Crafting using Sequence Generative Adversarial Networks. (99%) Qiumei Cheng; Shiying Zhou; Yi Shen; Dezhang Kong; Chunming Wu http://arxiv.org/abs/2103.04565 Improving Transformation-based Defenses against Adversarial Examples with First-order Perturbations. (99%) Haimin Zhang; Min Xu http://arxiv.org/abs/2103.05137 Contemplating real-world object classification. (81%) Ali Borji http://arxiv.org/abs/2103.04623 Consistency Regularization for Adversarial Robustness. (50%) Jihoon Tack; Sihyun Yu; Jongheon Jeong; Minseon Kim; Sung Ju Hwang; Jinwoo Shin http://arxiv.org/abs/2103.04952 Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses. (2%) Anatoly Shusterman; Ayush Agarwal; Sioli O'Connell; Daniel Genkin; Yossi Oren; Yuval Yarom http://arxiv.org/abs/2103.04814 Deeply Unsupervised Patch Re-Identification for Pre-training Object Detectors. (1%) Jian Ding; Enze Xie; Hang Xu; Chenhan Jiang; Zhenguo Li; Ping Luo; Gui-Song Xia http://arxiv.org/abs/2103.04980 Deep Model Intellectual Property Protection via Deep Watermarking. (1%) Jie Zhang; Dongdong Chen; Jing Liao; Weiming Zhang; Huamin Feng; Gang Hua; Nenghai Yu http://arxiv.org/abs/2103.05469 Universal Adversarial Perturbations and Image Spam Classifiers. (99%) Andy Phung; Mark Stamp http://arxiv.org/abs/2103.04302 Detecting Adversarial Examples from Sensitivity Inconsistency of Spatial-Transform Domain. (99%) Jinyu Tian; Jiantao Zhou; Yuanman Li; Jia Duan http://arxiv.org/abs/2103.04513 Improving Global Adversarial Robustness Generalization With Adversarially Trained GAN. (99%) Desheng School of Electrical Engineering, Southwest Jiaotong University, Chengdu, P. R. China Wang; Weidong School of Electrical Engineering, Southwest Jiaotong University, Chengdu, P. R. China Jin; Yunpu School of Electrical Engineering, Southwest Jiaotong University, Chengdu, P. R. China Wu; Aamir School of Electrical Engineering, Southwest Jiaotong University, Chengdu, P. R. China Khan http://arxiv.org/abs/2103.04436 Insta-RS: Instance-wise Randomized Smoothing for Improved Robustness and Accuracy. (76%) Chen Chen; Kezhi Kong; Peihong Yu; Juan Luque; Tom Goldstein; Furong Huang http://arxiv.org/abs/2103.04264 T-Miner: A Generative Approach to Defend Against Trojan Attacks on DNN-based Text Classification. (98%) Ahmadreza Azizi; Ibrahim Asadullah Tahmid; Asim Waheed; Neal Mangaokar; Jiameng Pu; Mobin Javed; Chandan K. Reddy; Bimal Viswanath http://arxiv.org/abs/2103.04038 Hidden Backdoor Attack against Semantic Segmentation Models. (93%) Yiming Li; Yanjie Li; Yalei Lv; Yong Jiang; Shu-Tao Xia http://arxiv.org/abs/2103.03530 Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence. (13%) Vasileios Mavroeidis; Siri Bromander http://arxiv.org/abs/2103.03701 Don't Forget to Sign the Gradients! (10%) Omid Aramoon; Pin-Yu Chen; Gang Qu http://arxiv.org/abs/2103.03831 Tor circuit fingerprinting defenses using adaptive padding. (1%) George Kadianakis; Theodoros Polyzos; Mike Perry; Kostas Chatzikokolakis http://arxiv.org/abs/2103.03325 Hard-label Manifolds: Unexpected Advantages of Query Efficiency for Finding On-manifold Adversarial Examples. (99%) Washington Garcia; Pin-Yu Chen; Somesh Jha; Scott Clouse; Kevin R. B. Butler http://arxiv.org/abs/2103.03344 WaveGuard: Understanding and Mitigating Audio Adversarial Examples. (99%) Shehzeen Hussain; Paarth Neekhara; Shlomo Dubnov; Julian McAuley; Farinaz Koushanfar http://arxiv.org/abs/2103.03438 Towards Evaluating the Robustness of Deep Diagnostic Models by Adversarial Attack. (99%) Mengting Xu; Tao Zhang; Zhongnian Li; Mingxia Liu; Daoqiang Zhang http://arxiv.org/abs/2103.02927 QAIR: Practical Query-efficient Black-Box Attacks for Image Retrieval. (99%) Xiaodan Li; Jinfeng Li; Yuefeng Chen; Shaokai Ye; Yuan He; Shuhui Wang; Hang Su; Hui Xue http://arxiv.org/abs/2103.03000 SpectralDefense: Detecting Adversarial Attacks on CNNs in the Fourier Domain. (99%) Paula Harder; Franz-Josef Pfreundt; Margret Keuper; Janis Keuper http://arxiv.org/abs/2103.03076 Gradient-Guided Dynamic Efficient Adversarial Training. (96%) Fu Wang; Yanghao Zhang; Yanbin Zheng; Wenjie Ruan http://arxiv.org/abs/2103.03046 PointGuard: Provably Robust 3D Point Cloud Classification. (92%) Hongbin Liu; Jinyuan Jia; Neil Zhenqiang Gong http://arxiv.org/abs/2103.03078 Defending Medical Image Diagnostics against Privacy Attacks using Generative Methods. (12%) William Paul; Yinzhi Cao; Miaomiao Zhang; Phil Burlina http://arxiv.org/abs/2103.03472 A Novel Framework for Threat Analysis of Machine Learning-based Smart Healthcare Systems. (1%) Nur Imtiazul Haque; Mohammad Ashiqur Rahman; Md Hasan Shahriar; Alvi Ataur Khalil; Selcuk Uluagac http://arxiv.org/abs/2103.02895 On the privacy-utility trade-off in differentially private hierarchical text classification. (1%) Dominik Wunderlich; Daniel Bernau; Francesco Aldà; Javier Parra-Arnau; Thorsten Strufe http://arxiv.org/abs/2103.02781 Structure-Preserving Progressive Low-rank Image Completion for Defending Adversarial Attacks. (99%) Zhiqun Zhao; Hengyou Wang; Hao Sun; Zhihai He http://arxiv.org/abs/2103.02718 A Modified Drake Equation for Assessing Adversarial Risk to Machine Learning Models. (89%) Josh Kalin; David Noever; Matthew Ciolino http://arxiv.org/abs/2103.02695 Shift Invariance Can Reduce Adversarial Robustness. (87%) Songwei Ge; Vasu Singla; Ronen Basri; David Jacobs http://arxiv.org/abs/2103.02654 A Robust Adversarial Network-Based End-to-End Communications System With Strong Generalization Ability Against Adversarial Attacks. (81%) Yudi Dong; Huaxia Wang; Yu-Dong Yao http://arxiv.org/abs/2103.02325 On the effectiveness of adversarial training against common corruptions. (67%) Klim Kireev; Maksym Andriushchenko; Nicolas Flammarion http://arxiv.org/abs/2103.02200 Formalizing Generalization and Robustness of Neural Networks to Weight Perturbations. (64%) Yu-Lin Tsai; Chia-Yi Hsu; Chia-Mu Yu; Pin-Yu Chen http://arxiv.org/abs/2103.01914 Evaluating the Robustness of Geometry-Aware Instance-Reweighted Adversarial Training. (99%) Dorjan Hitaj; Giulio Pagnotta; Iacopo Masi; Luigi V. Mancini http://arxiv.org/abs/2103.01498 A Survey On Universal Adversarial Attack. (99%) Chaoning Zhang; Philipp Benz; Chenguo Lin; Adil Karjauv; Jing Wu; In So Kweon http://arxiv.org/abs/2103.02014 Online Adversarial Attacks. (99%) Andjela Mladenovic; Avishek Joey Bose; Hugo Berard; William L. Hamilton; Simon Lacoste-Julien; Pascal Vincent; Gauthier Gidel http://arxiv.org/abs/2103.01895 Adversarial Examples for Unsupervised Machine Learning Models. (98%) Chia-Yi Hsu; Pin-Yu Chen; Songtao Lu; Sijia Liu; Chia-Mu Yu http://arxiv.org/abs/2103.01629 DeepCert: Verification of Contextually Relevant Robustness for Neural Network Image Classifiers. (97%) Colin Paterson; Haoze Wu; John Grese; Radu Calinescu; Corina S. Pasareanu; Clark Barrett http://arxiv.org/abs/2103.01527 ActiveGuard: An Active DNN IP Protection Technique via Adversarial Examples. (97%) Mingfu Xue; Shichang Sun; Can He; Yushu Zhang; Jian Wang; Weiqiang Liu http://arxiv.org/abs/2103.01946 Fixing Data Augmentation to Improve Adversarial Robustness. (69%) Sylvestre-Alvise Rebuffi; Sven Gowal; Dan A. Calian; Florian Stimberg; Olivia Wiles; Timothy Mann http://arxiv.org/abs/2103.01607 A Brief Survey on Deep Learning Based Data Hiding. (54%) Chaoning Zhang; Chenguo Lin; Philipp Benz; Kejiang Chen; Weiming Zhang; In So Kweon http://arxiv.org/abs/2103.02152 Group-wise Inhibition based Feature Regularization for Robust Classification. (16%) Haozhe Liu; Haoqian Wu; Weicheng Xie; Feng Liu; Linlin Shen http://arxiv.org/abs/2103.02079 DP-InstaHide: Provably Defusing Poisoning and Backdoor Attacks with Differentially Private Data Augmentations. (1%) Eitan Borgnia; Jonas Geiping; Valeriia Cherepanova; Liam Fowl; Arjun Gupta; Amin Ghiasi; Furong Huang; Micah Goldblum; Tom Goldstein http://arxiv.org/abs/2103.01050 Dual Attention Suppression Attack: Generate Adversarial Camouflage in Physical World. (99%) Jiakai Wang; Aishan Liu; Zixin Yin; Shunchang Liu; Shiyu Tang; Xianglong Liu http://arxiv.org/abs/2103.01359 Brain Programming is Immune to Adversarial Attacks: Towards Accurate and Robust Image Classification using Symbolic Learning. (99%) Gerardo Ibarra-Vazquez; Gustavo Olague; Mariana Chan-Ley; Cesar Puente; Carlos Soubervielle-Montalvo http://arxiv.org/abs/2103.01400 Smoothness Analysis of Adversarial Training. (98%) Sekitoshi Kanai; Masanori Yamada; Hiroshi Takahashi; Yuki Yamanaka; Yasutoshi Ida http://arxiv.org/abs/2103.00778 Explaining Adversarial Vulnerability with a Data Sparsity Hypothesis. (96%) Mahsa Paknezhad; Cuong Phuc Ngo; Amadeus Aristo Winarto; Alistair Cheong; Beh Chuen Yang; Wu Jiayang; Lee Hwee Kuan http://arxiv.org/abs/2103.01208 Mind the box: $l_1$-APGD for sparse adversarial attacks on image classifiers. (93%) Francesco Croce; Matthias Hein http://arxiv.org/abs/2103.01319 Adversarial training in communication constrained federated learning. (87%) Devansh Shah; Parijat Dube; Supriyo Chakraborty; Ashish Verma http://arxiv.org/abs/2103.01096 Counterfactual Explanations for Oblique Decision Trees: Exact, Efficient Algorithms. (82%) Miguel Á. Carreira-Perpiñán; Suryabhan Singh Hada http://arxiv.org/abs/2103.00847 Am I a Real or Fake Celebrity? Measuring Commercial Face Recognition Web APIs under Deepfake Impersonation Attack. (70%) Shahroz Tariq; Sowon Jeon; Simon S. Woo http://arxiv.org/abs/2103.01276 A Multiclass Boosting Framework for Achieving Fast and Provable Adversarial Robustness. (64%) Jacob Abernethy; Pranjal Awasthi; Satyen Kale http://arxiv.org/abs/2103.03102 Benchmarking Robustness of Deep Learning Classifiers Using Two-Factor Perturbation. (62%) Wei Dai; Daniel Berleant http://arxiv.org/abs/2103.00663 Model-Agnostic Defense for Lane Detection against Adversarial Attack. (98%) Henry Xu; An Ju; David Wagner http://arxiv.org/abs/2103.00671 Robust learning under clean-label attack. (22%) Avrim Blum; Steve Hanneke; Jian Qian; Han Shao http://arxiv.org/abs/2103.00250 Effective Universal Unrestricted Adversarial Attacks using a MOE Approach. (98%) A. E. Baia; Bari G. Di; V. Poggioni http://arxiv.org/abs/2103.00363 Tiny Adversarial Mulit-Objective Oneshot Neural Architecture Search. (93%) Guoyang Xie; Jinbao Wang; Guo Yu; Feng Zheng; Yaochu Jin http://arxiv.org/abs/2103.00345 End-to-end Uncertainty-based Mitigation of Adversarial Attacks to Automated Lane Centering. (73%) Ruochen Jiao; Hengyi Liang; Takami Sato; Junjie Shen; Qi Alfred Chen; Qi Zhu http://arxiv.org/abs/2103.00381 Adversarial Information Bottleneck. (33%) Pemhlong Zhai; Shihua Zhang http://arxiv.org/abs/2103.00229 Neuron Coverage-Guided Domain Generalization. (2%) Chris Xing Tian; Haoliang Li; Xiaofei Xie; Yang Liu; Shiqi Wang http://arxiv.org/abs/2102.13624 What Doesn't Kill You Makes You Robust(er): Adversarial Training against Poisons and Backdoors. Jonas Geiping; Liam Fowl; Gowthami Somepalli; Micah Goldblum; Michael Moeller; Tom Goldstein http://arxiv.org/abs/2103.00124 NEUROSPF: A tool for the Symbolic Analysis of Neural Networks. (68%) Muhammad Usman; Yannic Noller; Corina Pasareanu; Youcheng Sun; Divya Gopinath http://arxiv.org/abs/2102.13066 On Instabilities of Conventional Multi-Coil MRI Reconstruction to Small Adverserial Perturbations. Chi Zhang; Jinghan Jia; Burhaneddin Yaman; Steen Moeller; Sijia Liu; Mingyi Hong; Mehmet Akçakaya http://arxiv.org/abs/2102.12781 Do Input Gradients Highlight Discriminative Features? Harshay Shah; Prateek Jain; Praneeth Netrapalli http://arxiv.org/abs/2102.13184 Nonlinear Projection Based Gradient Estimation for Query Efficient Blackbox Attacks. Huichen Li; Linyi Li; Xiaojun Xu; Xiaolu Zhang; Shuang Yang; Bo Li http://arxiv.org/abs/2102.13170 Understanding Robustness in Teacher-Student Setting: A New Perspective. Zhuolin Yang; Zhaoxi Chen; Tiffany Cai; Xinyun Chen; Bo Li; Yuandong Tian http://arxiv.org/abs/2102.12827 Fast Minimum-norm Adversarial Attacks through Adaptive Norm Constraints. Maura Pintor; Fabio Roli; Wieland Brendel; Battista Biggio http://arxiv.org/abs/2102.13256 Cybersecurity Threats in Connected and Automated Vehicles based Federated Learning Systems. Ranwa Al Mallah; Godwin Badu-Marfo; Bilal Farooq http://arxiv.org/abs/2102.12967 A statistical framework for efficient out of distribution detection in deep neural networks. (1%) Matan Haroush; Tzviel Frostig; Ruth Heller; Daniel Soudry http://arxiv.org/abs/2102.12680 Confidence Calibration with Bounded Error Using Transformations. Sooyong Jang; Radoslav Ivanov; Insup lee; James Weimer http://arxiv.org/abs/2102.12567 Sketching Curvature for Efficient Out-of-Distribution Detection for Deep Neural Networks. Apoorva Sharma; Navid Azizan; Marco Pavone http://arxiv.org/abs/2102.12555 Robust SleepNets. Yigit Alparslan; Edward Kim http://arxiv.org/abs/2102.12192 Multiplicative Reweighting for Robust Neural Network Optimization. Noga Bar; Tomer Koren; Raja Giryes http://arxiv.org/abs/2102.12196 Identifying Untrustworthy Predictions in Neural Networks by Geometric Gradient Analysis. Leo Schwinn; An Nguyen; René Raab; Leon Bungert; Daniel Tenbrinck; Dario Zanca; Martin Burger; Bjoern Eskofier http://arxiv.org/abs/2102.12284 Graphfool: Targeted Label Adversarial Attack on Graph Embedding. Jinyin Chen; Xiang Lin; Dunjie Zhang; Wenrong Jiang; Guohan Huang; Hui Xiong; Yun Xiang http://arxiv.org/abs/2102.11917 The Sensitivity of Word Embeddings-based Author Detection Models to Semantic-preserving Adversarial Perturbations. Jeremiah Duncan; Fabian Fallas; Chris Gropp; Emily Herron; Maria Mahbub; Paula Olaya; Eduardo Ponce; Tabitha K. Samuel; Daniel Schultz; Sudarshan Srinivasan; Maofeng Tang; Viktor Zenkov; Quan Zhou; Edmon Begoli http://arxiv.org/abs/2102.11731 Rethinking Natural Adversarial Examples for Classification Models. Xiao Li; Jianmin Li; Ting Dai; Jie Shi; Jun Zhu; Xiaolin Hu http://arxiv.org/abs/2102.11860 Automated Discovery of Adaptive Attacks on Adversarial Defenses. Chengyuan Yao; Pavol Bielik; Petar Tsankov; Martin Vechev http://arxiv.org/abs/2102.12002 Adversarial Robustness with Non-uniform Perturbations. Ecenaz Erdemir; Jeffrey Bickford; Luca Melis; Sergul Aydore http://arxiv.org/abs/2102.11935 Non-Singular Adversarial Robustness of Neural Networks. Yu-Lin Tsai; Chia-Yi Hsu; Chia-Mu Yu; Pin-Yu Chen http://arxiv.org/abs/2102.11584 Enhancing Model Robustness By Incorporating Adversarial Knowledge Into Semantic Representation. Jinfeng Li; Tianyu Du; Xiangyu Liu; Rong Zhang; Hui Xue; Shouling Ji http://arxiv.org/abs/2102.11586 Adversarial Examples Detection beyond Image Space. Kejiang Chen; Yuefeng Chen; Hang Zhou; Chuan Qin; Xiaofeng Mao; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/2102.11502 Oriole: Thwarting Privacy against Trustworthy Deep Learning Models. Liuqiao Chen; Hu Wang; Benjamin Zi Hao Zhao; Minhui Xue; Haifeng Qian http://arxiv.org/abs/2102.10875 On the robustness of randomized classifiers to adversarial examples. Rafael Pinot; Laurent Meunier; Florian Yger; Cédric Gouy-Pailler; Yann Chevaleyre; Jamal Atif http://arxiv.org/abs/2102.11010 Resilience of Bayesian Layer-Wise Explanations under Adversarial Attacks. Ginevra Carbone; Guido Sanguinetti; Luca Bortolussi http://arxiv.org/abs/2102.11455 Man-in-The-Middle Attacks and Defense in a Power System Cyber-Physical Testbed. Patrick Wlazlo; Abhijeet Sahu; Zeyu Mao; Hao Huang; Ana Goulart; Katherine Davis; Saman Zonouz http://arxiv.org/abs/2102.11382 Sandwich Batch Normalization: A Drop-In Replacement for Feature Distribution Heterogeneity. Xinyu Gong; Wuyang Chen; Tianlong Chen; Zhangyang Wang http://arxiv.org/abs/2102.10534 The Effects of Image Distribution and Task on Adversarial Robustness. Owen Kunhardt; Arturo Deza; Tomaso Poggio http://arxiv.org/abs/2102.10707 A Zeroth-Order Block Coordinate Descent Algorithm for Huge-Scale Black-Box Optimization. HanQin Cai; Yuchen Lou; Daniel McKenzie; Wotao Yin http://arxiv.org/abs/2102.12894 Constrained Optimization to Train Neural Networks on Critical and Under-Represented Classes. (1%) Sara Sangalli; Ertunc Erdil; Andreas Hoetker; Olivio Donati; Ender Konukoglu http://arxiv.org/abs/2102.10454 On Fast Adversarial Robustness Adaptation in Model-Agnostic Meta-Learning. Ren Wang; Kaidi Xu; Sijia Liu; Pin-Yu Chen; Tsui-Wei Weng; Chuang Gan; Meng Wang http://arxiv.org/abs/2102.10343 Measuring $\ell_\infty$ Attacks by the $\ell_2$ Norm. Sizhe Chen; Qinghua Tao; Zhixing Ye; Xiaolin Huang http://arxiv.org/abs/2102.11069 A PAC-Bayes Analysis of Adversarial Robustness. Guillaume IRIT Vidot; Paul LHC Viallard; Amaury LHC Habrard; Emilie LHC Morvant http://arxiv.org/abs/2102.10055 Effective and Efficient Vote Attack on Capsule Networks. Jindong Gu; Baoyuan Wu; Volker Tresp http://arxiv.org/abs/2102.09230 Random Projections for Improved Adversarial Robustness. Ginevra Carbone; Guido Sanguinetti; Luca Bortolussi http://arxiv.org/abs/2102.09695 Fortify Machine Learning Production Systems: Detect and Classify Adversarial Attacks. Matthew Ciolino; Josh Kalin; David Noever http://arxiv.org/abs/2102.09479 Make Sure You're Unsure: A Framework for Verifying Probabilistic Specifications. Leonard Berrada; Sumanth Dathathri; Krishnamurthy Dvijotham; Robert Stanforth; Rudy Bunel; Jonathan Uesato; Sven Gowal; M. Pawan Kumar http://arxiv.org/abs/2102.09701 Center Smoothing: Provable Robustness for Functions with Metric-Space Outputs. Aounon Kumar; Tom Goldstein http://arxiv.org/abs/2102.09012 Improving Hierarchical Adversarial Robustness of Deep Neural Networks. Avery Ma; Aladin Virmaux; Kevin Scaman; Juwei Lu http://arxiv.org/abs/2102.09086 Consistent Non-Parametric Methods for Maximizing Robustness. Robi Bhattacharjee; Kamalika Chaudhuri http://arxiv.org/abs/2102.08868 Bridging the Gap Between Adversarial Robustness and Optimization Bias. Fartash Faghri; Sven Gowal; Cristina Vasconcelos; David J. Fleet; Fabian Pedregosa; Nicolas Le Roux http://arxiv.org/abs/2102.09057 Towards Adversarial-Resilient Deep Neural Networks for False Data Injection Attack Detection in Power Grids. Jiangnan Li; Yingyuan Yang; Jinyuan Stella Sun; Kevin Tomsovic; Hairong Qi http://arxiv.org/abs/2102.08452 Globally-Robust Neural Networks. Klas Leino; Zifan Wang; Matt Fredrikson http://arxiv.org/abs/2102.08093 A Law of Robustness for Weight-bounded Neural Networks. Hisham Husain; Borja Balle http://arxiv.org/abs/2102.08079 Just Noticeable Difference for Machine Perception and Generation of Regularized Adversarial Images with Minimal Perturbation. Adil Kaan Akan; Emre Akbas; Fatos T. Yarman Vural http://arxiv.org/abs/2102.07437 Data Profiling for Adversarial Training: On the Ruin of Problematic Data. Chengyu Dong; Liyuan Liu; Jingbo Shang http://arxiv.org/abs/2102.07818 Certified Robustness to Programmable Transformations in LSTMs. Yuhao Zhang; Aws Albarghouthi; Loris D'Antoni http://arxiv.org/abs/2102.07360 Generating Structured Adversarial Attacks Using Frank-Wolfe Method. Ehsan Kazemi; Thomas Kerdreux; Liquang Wang http://arxiv.org/abs/2102.07788 Universal Adversarial Examples and Perturbations for Quantum Classifiers. Weiyuan Gong; Dong-Ling Deng http://arxiv.org/abs/2102.07861 Low Curvature Activations Reduce Overfitting in Adversarial Training. Vasu Singla; Sahil Singla; David Jacobs; Soheil Feizi http://arxiv.org/abs/2102.07389 And/or trade-off in artificial neurons: impact on adversarial robustness. Alessandro Fontana http://arxiv.org/abs/2102.07559 Certifiably Robust Variational Autoencoders. Ben Barrett; Alexander Camuto; Matthew Willetts; Tom Rainforth http://arxiv.org/abs/2102.07327 Guided Interpolation for Adversarial Training. Chen Chen; Jingfeng Zhang; Xilie Xu; Tianlei Hu; Gang Niu; Gang Chen; Masashi Sugiyama http://arxiv.org/abs/2102.07244 Resilient Machine Learning for Networked Cyber Physical Systems: A Survey for Machine Learning Security to Securing Machine Learning for CPS. Felix Olowononi; Danda B. Rawat; Chunmei Liu http://arxiv.org/abs/2102.07265 Exploring Adversarial Robustness of Deep Metric Learning. Thomas Kobber Panum; Zi Wang; Pengyu Kan; Earlence Fernandes; Somesh Jha http://arxiv.org/abs/2102.07164 Adversarial Attack on Network Embeddings via Supervised Network Poisoning. Viresh Gupta; Tanmoy Chakraborty http://arxiv.org/abs/2102.07140 Perceptually Constrained Adversarial Attacks. Muhammad Zaid Hameed; Andras Gyorgy http://arxiv.org/abs/2102.07304 CAP-GAN: Towards Adversarial Robustness with Cycle-consistent Attentional Purification. Mingu Kang; Trung Quang Tran; Seungju Cho; Daeyoung Kim http://arxiv.org/abs/2102.07325 Cross-modal Adversarial Reprogramming. Paarth Neekhara; Shehzeen Hussain; Jinglong Du; Shlomo Dubnov; Farinaz Koushanfar; Julian McAuley http://arxiv.org/abs/2102.06905 Mixed Nash Equilibria in the Adversarial Examples Game. Laurent Meunier; Meyer Scetbon; Rafael Pinot; Jamal Atif; Yann Chevaleyre http://arxiv.org/abs/2102.07047 Adversarial defense for automatic speaker verification by cascaded self-supervised learning models. Haibin Wu; Xu Li; Andy T. Liu; Zhiyong Wu; Helen Meng; Hung-yi Lee http://arxiv.org/abs/2102.06638 UAVs Path Deviation Attacks: Survey and Research Challenges. Francesco Betti Sorbelli; Mauro Conti; Cristina M. Pinotti; Giulio Rigoni http://arxiv.org/abs/2102.06479 Universal Adversarial Perturbations Through the Lens of Deep Steganography: Towards A Fourier Perspective. Chaoning Zhang; Philipp Benz; Adil Karjauv; In So Kweon http://arxiv.org/abs/2102.06747 Universal Adversarial Perturbations for Malware. Raphael Labaca-Castro; Luis Muñoz-González; Feargus Pendlebury; Gabi Dreo Rodosek; Fabio Pierazzi; Lorenzo Cavallaro http://arxiv.org/abs/2102.06700 On the Paradox of Certified Training. (13%) Nikola Jovanović; Mislav Balunović; Maximilian Baader; Martin Vechev http://arxiv.org/abs/2102.05950 Adversarially robust deepfake media detection using fused convolutional neural network predictions. Sohail Ahmed Khan; Alessandro Artusi; Hang Dai http://arxiv.org/abs/2102.06162 Defuse: Harnessing Unrestricted Adversarial Examples for Debugging Models Beyond Test Accuracy. Dylan Slack; Nathalie Rauschmayr; Krishnaram Kenthapadi http://arxiv.org/abs/2102.05913 RobOT: Robustness-Oriented Testing for Deep Learning Systems. Jingyi Wang; Jialuo Chen; Youcheng Sun; Xingjun Ma; Dongxia Wang; Jun Sun; Peng Cheng http://arxiv.org/abs/2102.05561 Meta Federated Learning. Omid Aramoon; Pin-Yu Chen; Gang Qu; Yuan Tian http://arxiv.org/abs/2102.05475 Adversarial Robustness: What fools you makes you stronger. Grzegorz Głuch; Rüdiger Urbanke http://arxiv.org/abs/2102.05311 CIFS: Improving Adversarial Robustness of CNNs via Channel-wise Importance-based Feature Selection. Hanshu Yan; Jingfeng Zhang; Gang Niu; Jiashi Feng; Vincent Y. F. Tan; Masashi Sugiyama http://arxiv.org/abs/2102.05431 Dompteur: Taming Audio Adversarial Examples. Thorsten Eisenhofer; Lea Schönherr; Joel Frank; Lars Speckemeier; Dorothea Kolossa; Thorsten Holz http://arxiv.org/abs/2102.05334 Enhancing Real-World Adversarial Patches through 3D Modeling of Complex Target Scenes. Yael Mathov; Lior Rokach; Yuval Elovici http://arxiv.org/abs/2102.05363 Towards Certifying L-infinity Robustness using Neural Networks with L-inf-dist Neurons. Bohang Zhang; Tianle Cai; Zhou Lu; Di He; Liwei Wang http://arxiv.org/abs/2102.05368 RoBIC: A benchmark suite for assessing classifiers robustness. Thibault Maho; Benoît Bonnet; Teddy Furon; Erwan Le Merrer http://arxiv.org/abs/2102.05289 Bayesian Inference with Certifiable Adversarial Robustness. Matthew Wicker; Luca Laurenti; Andrea Patane; Zhoutong Chen; Zheng Zhang; Marta Kwiatkowska http://arxiv.org/abs/2102.04836 Target Training Does Adversarial Training Without Adversarial Samples. Blerta Lindqvist http://arxiv.org/abs/2102.04661 Security and Privacy for Artificial Intelligence: Opportunities and Challenges. Ayodeji Oseni; Nour Moustafa; Helge Janicke; Peng Liu; Zahir Tari; Athanasios Vasilakos http://arxiv.org/abs/2102.05104 "What's in the box?!": Deflecting Adversarial Attacks by Randomly Deploying Adversarially-Disjoint Models. Sahar Abdelnabi; Mario Fritz http://arxiv.org/abs/2102.05110 Adversarial Perturbations Are Not So Weird: Entanglement of Robust and Non-Robust Features in Neural Network Classifiers. Jacob M. Springer; Melanie Mitchell; Garrett T. Kenyon http://arxiv.org/abs/2102.05241 Detecting Localized Adversarial Examples: A Generic Approach using Critical Region Analysis. Fengting Li; Xuankai Liu; Xiaoli Zhang; Qi Li; Kun Sun; Kang Li http://arxiv.org/abs/2102.06020 Making Paper Reviewing Robust to Bid Manipulation Attacks. Ruihan Wu; Chuan Guo; Felix Wu; Rahul Kidambi; der Maaten Laurens van; Kilian Q. Weinberger http://arxiv.org/abs/2102.05096 Towards Bridging the gap between Empirical and Certified Robustness against Adversarial Examples. Jay Nandy; Sudipan Saha; Wynne Hsu; Mong Li Lee; Xiao Xiang Zhu http://arxiv.org/abs/2102.04154 Efficient Certified Defenses Against Patch Attacks on Image Classifiers. Jan Hendrik Metzen; Maksym Yatsura http://arxiv.org/abs/2102.04291 A Real-time Defense against Website Fingerprinting Attacks. Shawn Shan; Arjun Nitin Bhagoji; Haitao Zheng; Ben Y. Zhao http://arxiv.org/abs/2102.04615 Benford's law: what does it say on adversarial images? João G. Zago; Fabio L. Baldissera; Eric A. Antonelo; Rodrigo T. Saad http://arxiv.org/abs/2102.04150 Exploiting epistemic uncertainty of the deep learning models to generate adversarial samples. Omer Faruk Tuna; Ferhat Ozgur Catak; M. Taner Eskil http://arxiv.org/abs/2102.03726 Adversarial example generation with AdaBelief Optimizer and Crop Invariance. Bo Yang; Hengwei Zhang; Yuchen Zhang; Kaiyong Xu; Jindong Wang http://arxiv.org/abs/2102.03728 Adversarial Imaging Pipelines. Buu Phan; Fahim Mannan; Felix Heide http://arxiv.org/abs/2102.03716 SPADE: A Spectral Method for Black-Box Adversarial Robustness Evaluation. Wuxinlin Cheng; Chenhui Deng; Zhiqiang Zhao; Yaohui Cai; Zhiru Zhang; Zhuo Feng http://arxiv.org/abs/2102.03483 Corner Case Generation and Analysis for Safety Assessment of Autonomous Vehicles. Haowei Sun; Shuo Feng; Xintao Yan; Henry X. Liu http://arxiv.org/abs/2102.03016 Model Agnostic Answer Reranking System for Adversarial Question Answering. Sagnik Majumder; Chinmoy Samant; Greg Durrett http://arxiv.org/abs/2102.03381 Robust Single-step Adversarial Training with Regularizer. Lehui Xie; Yaopeng Wang; Jia-Li Yin; Ximeng Liu http://arxiv.org/abs/2102.03482 Understanding the Interaction of Adversarial Training with Noisy Labels. Jianing Zhu; Jingfeng Zhang; Bo Han; Tongliang Liu; Gang Niu; Hongxia Yang; Mohan Kankanhalli; Masashi Sugiyama http://arxiv.org/abs/2102.03156 Optimal Transport as a Defense Against Adversarial Attacks. Quentin Bouniot; Romaric Audigier; Angélique Loesch http://arxiv.org/abs/2102.02956 DetectorGuard: Provably Securing Object Detectors against Localized Patch Hiding Attacks. Chong Xiang; Prateek Mittal http://arxiv.org/abs/2102.02950 Adversarial Training Makes Weight Loss Landscape Sharper in Logistic Regression. Masanori Yamada; Sekitoshi Kanai; Tomoharu Iwata; Tomokatsu Takahashi; Yuki Yamanaka; Hiroshi Takahashi; Atsutoshi Kumagai http://arxiv.org/abs/2102.02885 Adversarial Robustness Study of Convolutional Neural Network for Lumbar Disk Shape Reconstruction from MR images. Jiasong Chen; Linchen Qian; Timur Urakov; Weiyong Gu; Liang Liang http://arxiv.org/abs/2102.02923 PredCoin: Defense against Query-based Hard-label Attack. Junfeng Guo; Yaswanth Yadlapalli; Thiele Lothar; Ang Li; Cong Liu http://arxiv.org/abs/2102.02729 Adversarial Attacks and Defenses in Physiological Computing: A Systematic Review. Dongrui Wu; Weili Fang; Yi Zhang; Liuqing Yang; Hanbin Luo; Lieyun Ding; Xiaodong Xu; Xiang Yu http://arxiv.org/abs/2102.02417 Audio Adversarial Examples: Attacks Using Vocal Masks. Lynnette Ng; Kai Yuan Tay; Wei Han Chua; Lucerne Loke; Danqi Ye; Melissa Chua http://arxiv.org/abs/2102.02551 ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models. Yugeng Liu; Rui Wen; Xinlei He; Ahmed Salem; Zhikun Zhang; Michael Backes; Cristofaro Emiliano De; Mario Fritz; Yang Zhang http://arxiv.org/abs/2102.02145 Adversarially Robust Learning with Unknown Perturbation Sets. Omar Montasser; Steve Hanneke; Nathan Srebro http://arxiv.org/abs/2102.02128 IWA: Integrated Gradient based White-box Attacks for Fooling Deep Neural Networks. Yixiang Wang; Jiqiang Liu; Xiaolin Chang; Jelena Mišić; Vojislav B. Mišić http://arxiv.org/abs/2102.01563 On Robustness of Neural Semantic Parsers. Shuo Huang; Zhuang Li; Lizhen Qu; Lei Pan http://arxiv.org/abs/2102.01862 Towards Robust Neural Networks via Close-loop Control. Zhuotong Chen; Qianxiao Li; Zheng Zhang http://arxiv.org/abs/2102.01356 Recent Advances in Adversarial Training for Adversarial Robustness. Tao Bai; Jinqi Luo; Jun Zhao; Bihan Wen; Qian Wang http://arxiv.org/abs/2102.01336 Probabilistic Trust Intervals for Out of Distribution Detection. (2%) Gagandeep Singh; Deepak Mishra http://arxiv.org/abs/2102.01208 Fast Training of Provably Robust Neural Networks by SingleProp. Akhilan Boopathy; Tsui-Wei Weng; Sijia Liu; Pin-Yu Chen; Gaoyuan Zhang; Luca Daniel http://arxiv.org/abs/2102.00662 Towards Speeding up Adversarial Training in Latent Spaces. Yaguan Qian; Qiqi Shao; Tengteng Yao; Bin Wang; Shaoning Zeng; Zhaoquan Gu; Wassim Swaileh http://arxiv.org/abs/2102.00918 Robust Adversarial Attacks Against DNN-Based Wireless Communication Systems. Alireza Bahramali; Milad Nasr; Amir Houmansadr; Dennis Goeckel; Don Towsley http://arxiv.org/abs/2102.00533 Deep Deterministic Information Bottleneck with Matrix-based Entropy Functional. Xi Yu; Shujian Yu; Jose C. Principe http://arxiv.org/abs/2102.00449 Towards Imperceptible Query-limited Adversarial Attacks with Perceptual Feature Fidelity Loss. Pengrui Quan; Ruiming Guo; Mani Srivastava http://arxiv.org/abs/2102.00436 Admix: Enhancing the Transferability of Adversarial Attacks. Xiaosen Wang; Xuanran He; Jingdong Wang; Kun He http://arxiv.org/abs/2102.00313 Cortical Features for Defense Against Adversarial Audio Attacks. Ilya Kavalerov; Ruijie Zheng; Wojciech Czaja; Rama Chellappa http://arxiv.org/abs/2102.00029 You Only Query Once: Effective Black Box Adversarial Attacks with Minimal Repeated Queries. Devin Willmott; Anit Kumar Sahu; Fatemeh Sheikholeslami; Filipe Condessa; Zico Kolter http://arxiv.org/abs/2101.12097 Adversarial Machine Learning Attacks on Condition-Based Maintenance Capabilities. Hamidreza Habibollahi Najaf Abadi http://arxiv.org/abs/2101.12090 Adversarial Attacks on Deep Learning Based Power Allocation in a Massive MIMO Network. B. R. Manoj; Meysam Sadeghi; Erik G. Larsson http://arxiv.org/abs/2101.12100 Increasing the Confidence of Deep Neural Networks by Coverage Analysis. Giulio Rossolini; Alessandro Biondi; Giorgio Carlo Buttazzo http://arxiv.org/abs/2101.12372 Adversarial Learning with Cost-Sensitive Classes. Haojing Shen; Sihong Chen; Ran Wang; Xizhao Wang http://arxiv.org/abs/2101.12031 Robust Android Malware Detection System against Adversarial Attacks using Q-Learning. Hemant Rathore; Sanjay K. Sahay; Piyush Nikam; Mohit Sewak http://arxiv.org/abs/2101.11443 Adversaries in Online Learning Revisited: with applications in Robust Optimization and Adversarial training. Sebastian Pokutta; Huan Xu http://arxiv.org/abs/2101.11310 Adversarial Stylometry in the Wild: Transferable Lexical Substitution Attacks on Author Profiling. Chris Emmery; Ákos Kádár; Grzegorz Chrupała http://arxiv.org/abs/2101.11453 Meta Adversarial Training against Universal Patches. Jan Hendrik Metzen; Nicole Finnie; Robin Hutmacher http://arxiv.org/abs/2101.11466 Detecting Adversarial Examples by Input Transformations, Defense Perturbations, and Voting. Federico Nesti; Alessandro Biondi; Giorgio Buttazzo http://arxiv.org/abs/2101.11766 Improving Neural Network Robustness through Neighborhood Preserving Layers. Bingyuan Liu; Christopher Malon; Lingzhou Xue; Erik Kruus http://arxiv.org/abs/2101.10876 Blind Image Denoising and Inpainting Using Robust Hadamard Autoencoders. Rasika Karkare; Randy Paffenroth; Gunjan Mahindre http://arxiv.org/abs/2101.11073 Property Inference From Poisoning. Melissa Chase; Esha Ghosh; Saeed Mahloujifar http://arxiv.org/abs/2101.10792 Adversarial Vulnerability of Active Transfer Learning. Nicolas M. Müller; Konstantin Böttinger http://arxiv.org/abs/2101.10586 SkeletonVis: Interactive Visualization for Understanding Adversarial Attacks on Human Action Recognition Models. Haekyu Park; Zijie J. Wang; Nilaksh Das; Anindya S. Paul; Pruthvi Perumalla; Zhiyan Zhou; Duen Horng Chau http://arxiv.org/abs/2101.11081 The Effect of Class Definitions on the Transferability of Adversarial Attacks Against Forensic CNNs. Xinwei Zhao; Matthew C. Stamm http://arxiv.org/abs/2101.11060 Defenses Against Multi-Sticker Physical Domain Attacks on Classifiers. Xinwei Zhao; Matthew C. Stamm http://arxiv.org/abs/2101.10562 Investigating the significance of adversarial attacks and their relation to interpretability for radar-based human activity recognition systems. Utku Ozbulak; Baptist Vandersmissen; Azarakhsh Jalalvand; Ivo Couckuyt; Messem Arnout Van; Neve Wesley De http://arxiv.org/abs/2101.10710 Visual explanation of black-box model: Similarity Difference and Uniqueness (SIDU) method. Satya M. Muddamsetty; Mohammad N. S. Jahromi; Andreea E. Ciontos; Laura M. Fenoy; Thomas B. Moeslund http://arxiv.org/abs/2101.10747 Towards Universal Physical Attacks On Cascaded Camera-Lidar 3D Object Detection Models. Mazen Abdelfattah; Kaiwen Yuan; Z. Jane Wang; Rabab Ward http://arxiv.org/abs/2101.10001 Diverse Adversaries for Mitigating Bias in Training. Xudong Han; Timothy Baldwin; Trevor Cohn http://arxiv.org/abs/2101.10011 They See Me Rollin': Inherent Vulnerability of the Rolling Shutter in CMOS Image Sensors. Sebastian Köhler; Giulio Lovisotto; Simon Birnbach; Richard Baker; Ivan Martinovic http://arxiv.org/abs/2101.09930 Generalizing Adversarial Examples by AdaBelief Optimizer. Yixiang Wang; Jiqiang Liu; Xiaolin Chang http://arxiv.org/abs/2101.10102 Towards Practical Robustness Analysis for DNNs based on PAC-Model Learning. Renjue Li; Pengfei Yang; Cheng-Chao Huang; Youcheng Sun; Bai Xue; Lijun Zhang http://arxiv.org/abs/2101.10063 Few-Shot Website Fingerprinting Attack. Mantun Chen; Yongjun Wang; Zhiquan Qin; Xiatian Zhu http://arxiv.org/abs/2101.10027 Understanding and Achieving Efficient Robustness with Adversarial Supervised Contrastive Learning. Anh Bui; Trung Le; He Zhao; Paul Montague; Seyit Camtepe; Dinh Phung http://arxiv.org/abs/2101.09568 A Transferable Anti-Forensic Attack on Forensic CNNs Using A Generative Adversarial Network. Xinwei Zhao; Chen Chen; Matthew C. Stamm http://arxiv.org/abs/2101.09451 Error Diffusion Halftoning Against Adversarial Examples. Shao-Yuan Lo; Vishal M. Patel http://arxiv.org/abs/2101.09617 A Comprehensive Evaluation Framework for Deep Model Robustness. Jun Guo; Wei Bao; Jiakai Wang; Yuqing Ma; Xinghai Gao; Gang Xiao; Aishan Liu; Jian Dong; Xianglong Liu; Wenjun Wu http://arxiv.org/abs/2101.09387 Online Adversarial Purification based on Self-Supervision. Changhao Shi; Chester Holtz; Gal Mishne http://arxiv.org/abs/2101.09306 Towards Optimal Branching of Linear and Semidefinite Relaxations for Neural Network Robustness Certification. Brendon G. Anderson; Ziye Ma; Jingqi Li; Somayeh Sojoudi http://arxiv.org/abs/2101.09324 Generating Black-Box Adversarial Examples in Sparse Domain. Hadi Zanddizari; Behnam Zeinali; J. Morris Chang http://arxiv.org/abs/2101.09108 Adaptive Neighbourhoods for the Discovery of Adversarial Examples. Jay Morgan; Adeline Paiement; Arno Pauly; Monika Seisenberger http://arxiv.org/abs/2101.08452 Robust Reinforcement Learning on State Observations with Learned Optimal Adversary. Huan Zhang; Hongge Chen; Duane Boning; Cho-Jui Hsieh http://arxiv.org/abs/2101.08523 Adv-OLM: Generating Textual Adversaries via OLM. Vijit Malik; Ashwani Bhat; Ashutosh Modi http://arxiv.org/abs/2101.08732 Self-Adaptive Training: Bridging Supervised and Self-Supervised Learning. Lang Huang; Chao Zhang; Hongyang Zhang http://arxiv.org/abs/2101.08783 A Person Re-identification Data Augmentation Method with Adversarial Defense Effect. Yunpeng Gong; Zhiyong Zeng; Liwen Chen; Yifan Luo; Bin Weng; Feng Ye http://arxiv.org/abs/2101.08909 Adversarial Attacks and Defenses for Speaker Identification Systems. Sonal Joshi; Jesús Villalba; Piotr Żelasko; Laureano Moro-Velázquez; Najim Dehak http://arxiv.org/abs/2101.08533 A general multi-modal data learning method for Person Re-identification. (78%) Yunpeng Gong http://arxiv.org/abs/2101.08030 Adversarial Attacks for Tabular Data: Application to Fraud Detection and Imbalanced Data. Francesco Cartella; Orlando Anunciacao; Yuki Funabiki; Daisuke Yamaguchi; Toru Akishita; Olivier Elshocht http://arxiv.org/abs/2101.08386 Invariance, encodings, and generalization: learning identity effects with neural networks. S. Brugiapaglia; M. Liu; P. Tupper http://arxiv.org/abs/2101.08154 Fooling thermal infrared pedestrian detectors in real world using small bulbs. Xiaopei Zhu; Xiao Li; Jianmin Li; Zheyao Wang; Xiaolin Hu http://arxiv.org/abs/2101.07922 LowKey: Leveraging Adversarial Attacks to Protect Social Media Users from Facial Recognition. Valeriia Cherepanova; Micah Goldblum; Harrison Foley; Shiyuan Duan; John Dickerson; Gavin Taylor; Tom Goldstein http://arxiv.org/abs/2101.07910 A Search-Based Testing Framework for Deep Neural Networks of Source Code Embedding. Maryam Vahdat Pour; Zhuo Li; Lei Ma; Hadi Hemmati http://arxiv.org/abs/2101.07538 PICA: A Pixel Correlation-based Attentional Black-box Adversarial Attack. Jie Wang; Zhaoxia Yin; Jin Tang; Jing Jiang; Bin Luo http://arxiv.org/abs/2101.07512 Attention-Guided Black-box Adversarial Attacks with Large-Scale Multiobjective Evolutionary Optimization. Jie Wang; Zhaoxia Yin; Jing Jiang; Yang Du http://arxiv.org/abs/2101.06898 What Do Deep Nets Learn? Class-wise Patterns Revealed in the Input Space. Shihao Zhao; Xingjun Ma; Yisen Wang; James Bailey; Bo Li; Yu-Gang Jiang http://arxiv.org/abs/2101.06969 Red Alarm for Pre-trained Models: Universal Vulnerability to Neuron-Level Backdoor Attacks. (1%) Zhengyan Zhang; Guangxuan Xiao; Yongwei Li; Tian Lv; Fanchao Qi; Zhiyuan Liu; Yasheng Wang; Xin Jiang; Maosong Sun http://arxiv.org/abs/2101.06704 Adversarial Interaction Attack: Fooling AI to Misinterpret Human Intentions. Nodens Koren; Qiuhong Ke; Yisen Wang; James Bailey; Xingjun Ma http://arxiv.org/abs/2101.06855 GraphAttacker: A General Multi-Task GraphAttack Framework. Jinyin Chen; Dunjie Zhang; Zhaoyan Ming; Kejie Huang; Wenrong Jiang; Chen Cui http://arxiv.org/abs/2101.06784 Exploring Adversarial Robustness of Multi-Sensor Perception Systems in Self Driving. James Tu; Huichen Li; Xinchen Yan; Mengye Ren; Yun Chen; Ming Liang; Eilyan Bitar; Ersin Yumer; Raquel Urtasun http://arxiv.org/abs/2101.06507 Multi-objective Search of Robust Neural Architectures against Multiple Types of Adversarial Attacks. Jia Liu; Yaochu Jin http://arxiv.org/abs/2101.06560 Adversarial Attacks On Multi-Agent Communication. James Tu; Tsunhsuan Wang; Jingkang Wang; Sivabalan Manivasagam; Mengye Ren; Raquel Urtasun http://arxiv.org/abs/2101.06309 Fundamental Tradeoffs in Distributionally Adversarial Training. Mohammad Mehrabi; Adel Javanmard; Ryan A. Rossi; Anup Rao; Tung Mai http://arxiv.org/abs/2101.06092 Black-box Adversarial Attacks in Autonomous Vehicle Technology. K Naveen Kumar; C Vishnu; Reshmi Mitra; C Krishna Mohan http://arxiv.org/abs/2101.06061 Heating up decision boundaries: isocapacitory saturation, adversarial scenarios and generalization bounds. Bogdan Georgiev; Lukas Franken; Mayukh Mukherjee http://arxiv.org/abs/2101.06069 Mining Data Impressions from Deep Models as Substitute for the Unavailable Training Data. Gaurav Kumar Nayak; Konda Reddy Mopuri; Saksham Jain; Anirban Chakraborty http://arxiv.org/abs/2101.05833 Context-Aware Image Denoising with Auto-Threshold Canny Edge Detection to Suppress Adversarial Perturbation. Li-Yun Wang; Yeganeh Jalalpour; Wu-chi Feng http://arxiv.org/abs/2101.05950 Robusta: Robust AutoML for Feature Selection via Reinforcement Learning. Xiaoyang Wang; Bo Li; Yibo Zhang; Bhavya Kailkhura; Klara Nahrstedt http://arxiv.org/abs/2101.05930 Neural Attention Distillation: Erasing Backdoor Triggers from Deep Neural Networks. Yige Li; Xixiang Lyu; Nodens Koren; Lingjuan Lyu; Bo Li; Xingjun Ma http://arxiv.org/abs/2101.05639 Untargeted, Targeted and Universal Adversarial Attacks and Defenses on Time Series. Pradeep Rathore; Arghya Basak; Sri Harsha Nistala; Venkataramana Runkana http://arxiv.org/abs/2101.05209 Image Steganography based on Iteratively Adversarial Samples of A Synchronized-directions Sub-image. Xinghong Qin; Shunquan Tan; Bin Li; Weixuan Tang; Jiwu Huang http://arxiv.org/abs/2101.04840 Robustness Gym: Unifying the NLP Evaluation Landscape. Karan Goel; Nazneen Rajani; Jesse Vig; Samson Tan; Jason Wu; Stephan Zheng; Caiming Xiong; Mohit Bansal; Christopher Ré http://arxiv.org/abs/2101.04401 Robustness of on-device Models: Adversarial Attack to Deep Learning Models on Android Apps. Yujin Huang; Han Hu; Chunyang Chen http://arxiv.org/abs/2101.04321 Random Transformation of Image Brightness for Adversarial Attack. Bo Yang; Kaiyong Xu; Hengjun Wang; Hengwei Zhang http://arxiv.org/abs/2101.04829 On the Effectiveness of Small Input Noise for Defending Against Query-based Black-Box Attacks. Junyoung Byun; Hyojun Go; Changick Kim http://arxiv.org/abs/2101.03924 The Vulnerability of Semantic Segmentation Networks to Adversarial Attacks in Autonomous Driving: Enhancing Extensive Environment Sensing. Andreas Bär; Jonas Löhdefink; Nikhil Kapoor; Serin J. Varghese; Fabian Hüger; Peter Schlicht; Tim Fingscheidt http://arxiv.org/abs/2101.05624 Adversarially Robust and Explainable Model Compression with On-Device Personalization for Text Classification. Yao Qiang; Supriya Tumkur Suresh Kumar; Marco Brocanelli; Dongxiao Zhu http://arxiv.org/abs/2101.02899 Adversarial Attack Attribution: Discovering Attributable Signals in Adversarial ML Attacks. Marissa Dotter; Sherry Xie; Keith Manville; Josh Harguess; Colin Busho; Mikel Rodriguez http://arxiv.org/abs/2101.03218 DiPSeN: Differentially Private Self-normalizing Neural Networks For Adversarial Robustness in Federated Learning. Olakunle Ibitoye; M. Omair Shafiq; Ashraf Matrawy http://arxiv.org/abs/2101.03272 Exploring Adversarial Fake Images on Face Manifold. Dongze Li; Wei Wang; Hongxing Fan; Jing Dong http://arxiv.org/abs/2101.02689 The Effect of Prior Lipschitz Continuity on the Adversarial Robustness of Bayesian Neural Networks. Arno Blaas; Stephen J. Roberts http://arxiv.org/abs/2101.02483 Robust Text CAPTCHAs Using Adversarial Examples. Rulin Shao; Zhouxing Shi; Jinfeng Yi; Pin-Yu Chen; Cho-Jui Hsieh http://arxiv.org/abs/2101.02115 Adversarial Robustness by Design through Analog Computing and Synthetic Gradients. Alessandro Cappelli; Ruben Ohana; Julien Launay; Laurent Meunier; Iacopo Poli; Florent Krzakala http://arxiv.org/abs/2101.02325 Understanding the Error in Evaluating Adversarial Robustness. Pengfei Xia; Ziqiang Li; Hongjing Niu; Bin Li http://arxiv.org/abs/2101.01543 Noise Sensitivity-Based Energy Efficient and Robust Adversary Detection in Neural Networks. Rachel Sterneck; Abhishek Moitra; Priyadarshini Panda http://arxiv.org/abs/2101.00989 Fooling Object Detectors: Adversarial Attacks by Half-Neighbor Masks. Yanghao Zhang; Fu Wang; Wenjie Ruan http://arxiv.org/abs/2101.01121 Local Competition and Stochasticity for Adversarial Robustness in Deep Learning. Konstantinos P. Panousis; Sotirios Chatzis; Antonios Alexos; Sergios Theodoridis http://arxiv.org/abs/2101.01032 Local Black-box Adversarial Attacks: A Query Efficient Approach. Tao Xiang; Hangcheng Liu; Shangwei Guo; Tianwei Zhang; Xiaofeng Liao http://arxiv.org/abs/2101.02559 Robust Machine Learning Systems: Challenges, Current Trends, Perspectives, and the Road Ahead. Muhammad Shafique; Mahum Naseer; Theocharis Theocharides; Christos Kyrkou; Onur Mutlu; Lois Orosa; Jungwook Choi http://arxiv.org/abs/2101.00521 Improving DGA-Based Malicious Domain Classifiers for Malware Defense with Adversarial Machine Learning. Ibrahim Yilmaz; Ambareen Siraj; Denis Ulybyshev http://arxiv.org/abs/2012.15699 Better Robustness by More Coverage: Adversarial Training with Mixup Augmentation for Robust Fine-tuning. Chenglei Si; Zhengyan Zhang; Fanchao Qi; Zhiyuan Liu; Yasheng Wang; Qun Liu; Maosong Sun http://arxiv.org/abs/2012.15503 Patch-wise++ Perturbation for Adversarial Targeted Attacks. Lianli Gao; Qilong Zhang; Jingkuan Song; Heng Tao Shen http://arxiv.org/abs/2012.15183 Temporally-Transferable Perturbations: Efficient, One-Shot Adversarial Attacks for Online Visual Object Trackers. Krishna Kanth Nakka; Mathieu Salzmann http://arxiv.org/abs/2012.15386 Beating Attackers At Their Own Games: Adversarial Example Detection Using Adversarial Gradient Directions. Yuhang Wu; Sunpreet S. Arora; Yanhong Wu; Hao Yang http://arxiv.org/abs/2101.10452 Black-box Adversarial Attacks on Monocular Depth Estimation Using Evolutionary Multi-objective Optimization. Renya Department of Information Science and Biomedical Engineering, Graduate School of Science and Engineering, Kagoshima University Daimo; Satoshi Department of Information Science and Biomedical Engineering, Graduate School of Science and Engineering, Kagoshima University Ono; Takahiro Department of Information Science and Biomedical Engineering, Graduate School of Science and Engineering, Kagoshima University Suzuki http://arxiv.org/abs/2012.14769 Generating Adversarial Examples in Chinese Texts Using Sentence-Pieces. Linyang Li; Yunfan Shao; Demin Song; Xipeng Qiu; Xuanjing Huang http://arxiv.org/abs/2012.14965 Improving Adversarial Robustness in Weight-quantized Neural Networks. Chang Song; Elias Fallon; Hai Li http://arxiv.org/abs/2012.14738 With False Friends Like These, Who Can Have Self-Knowledge? Lue Tao; Songcan Chen http://arxiv.org/abs/2012.14956 Generating Natural Language Attacks in a Hard Label Black Box Setting. Rishabh Maheshwary; Saket Maheshwary; Vikram Pudi http://arxiv.org/abs/2012.14395 Enhanced Regularizers for Attributional Robustness. Anindya Sarkar; Anirban Sarkar; Vineeth N Balasubramanian http://arxiv.org/abs/2012.14352 Analysis of Dominant Classes in Universal Adversarial Perturbations. Jon Vadillo; Roberto Santana; Jose A. Lozano http://arxiv.org/abs/2012.14057 Person Re-identification with Adversarial Triplet Embedding. Xinglu Wang http://arxiv.org/abs/2012.13872 My Teacher Thinks The World Is Flat! Interpreting Automatic Essay Scoring Mechanism. Swapnil Parekh; Yaman Kumar Singla; Changyou Chen; Junyi Jessy Li; Rajiv Ratn Shah http://arxiv.org/abs/2012.13692 Sparse Adversarial Attack to Object Detection. Jiayu Bao http://arxiv.org/abs/2012.14427 Assessment of the Relative Importance of different hyper-parameters of LSTM for an IDS. Mohit Sewak; Sanjay K. Sahay; Hemant Rathore http://arxiv.org/abs/2012.13573 Robustness, Privacy, and Generalization of Adversarial Training. Fengxiang He; Shaopeng Fu; Bohan Wang; Dacheng Tao http://arxiv.org/abs/2012.13628 A Simple Fine-tuning Is All You Need: Towards Robust Deep Learning Via Adversarial Fine-tuning. Ahmadreza Jeddi; Mohammad Javad Shafiee; Alexander Wong http://arxiv.org/abs/2012.13339 A Context Aware Approach for Generating Natural Language Attacks. Rishabh Maheshwary; Saket Maheshwary; Vikram Pudi http://arxiv.org/abs/2012.13111 Exploring Adversarial Examples via Invertible Neural Networks. Ruqi Bai; Saurabh Bagchi; David I. Inouye http://arxiv.org/abs/2012.13103 Improving the Certified Robustness of Neural Networks via Consistency Regularization. Mengting Xu; Tao Zhang; Zhongnian Li; Daoqiang Zhang http://arxiv.org/abs/2012.13154 Adversarial Momentum-Contrastive Pre-Training. Cong Xu; Min Yang http://arxiv.org/abs/2012.13489 Learning Robust Representation for Clustering through Locality Preserving Variational Discriminative Network. Ruixuan Luo; Wei Li; Zhiyuan Zhang; Ruihan Bao; Keiko Harimoto; Xu Sun http://arxiv.org/abs/2012.12528 The Translucent Patch: A Physical and Universal Attack on Object Detectors. Alon Zolfi; Moshe Kravchik; Yuval Elovici; Asaf Shabtai http://arxiv.org/abs/2012.12640 Gradient-Free Adversarial Attacks for Bayesian Neural Networks. Matthew Yuan; Matthew Wicker; Luca Laurenti http://arxiv.org/abs/2012.12529 SCOPE CPS: Secure Compiling of PLCs in Cyber-Physical Systems. Eyasu Getahun Chekole; Martin Ochoa; Sudipta Chattopadhyay http://arxiv.org/abs/2012.15740 Poisoning Attacks on Cyber Attack Detectors for Industrial Control Systems. Moshe Kravchik; Battista Biggio; Asaf Shabtai http://arxiv.org/abs/2012.12141 Learning to Initialize Gradient Descent Using Gradient Descent. Kartik Ahuja; Amit Dhurandhar; Kush R. Varshney http://arxiv.org/abs/2012.12235 Unadversarial Examples: Designing Objects for Robust Vision. Hadi Salman; Andrew Ilyas; Logan Engstrom; Sai Vemprala; Aleksander Madry; Ashish Kapoor http://arxiv.org/abs/2012.11835 Multi-shot NAS for Discovering Adversarially Robust Convolutional Neural Architectures at Targeted Capacities. Xuefei Ning; Junbo Zhao; Wenshuo Li; Tianchen Zhao; Huazhong Yang; Yu Wang http://arxiv.org/abs/2012.12368 On Frank-Wolfe Optimization for Adversarial Robustness and Interpretability. Theodoros Tsiligkaridis; Jay Roberts http://arxiv.org/abs/2012.11352 Genetic Adversarial Training of Decision Trees. Francesco Ranzato; Marco Zanella http://arxiv.org/abs/2012.11220 Incremental Verification of Fixed-Point Implementations of Neural Networks. Luiz Sena; Erickson Alves; Iury Bessa; Eddie Filho; Lucas Cordeiro http://arxiv.org/abs/2012.11442 Blurring Fools the Network -- Adversarial Attacks by Feature Peak Suppression and Gaussian Blurring. Chenchen Zhao; Hao Li http://arxiv.org/abs/2012.11413 Exploiting Vulnerability of Pooling in Convolutional Neural Networks by Strict Layer-Output Manipulation for Adversarial Attacks. Chenchen Zhao; Hao Li http://arxiv.org/abs/2012.11212 Deep Feature Space Trojan Attack of Neural Networks by Controlled Detoxification. Siyuan Cheng; Yingqi Liu; Shiqing Ma; Xiangyu Zhang http://arxiv.org/abs/2012.11769 Self-Progressing Robust Training. Minhao Cheng; Pin-Yu Chen; Sijia Liu; Shiyu Chang; Cho-Jui Hsieh; Payel Das http://arxiv.org/abs/2012.11138 Adjust-free adversarial example generation in speech recognition using evolutionary multi-objective optimization under black-box condition. Shoma Ishida; Satoshi Ono http://arxiv.org/abs/2012.11619 Defence against adversarial attacks using classical and quantum-enhanced Boltzmann machines. Aidan Kehoe; Peter Wittek; Yanbo Xue; Alejandro Pozas-Kerstjens http://arxiv.org/abs/2012.11207 On Success and Simplicity: A Second Look at Transferable Targeted Attacks. Zhengyu Zhao; Zhuoran Liu; Martha Larson http://arxiv.org/abs/2012.11701 Learning from What We Know: How to Perform Vulnerability Prediction using Noisy Historical Data. (1%) Aayush Garg; Renzo Degiovanni; Matthieu Jimenez; Maxime Cordy; Mike Papadakis; Yves Le Traon http://arxiv.org/abs/2012.14456 Color Channel Perturbation Attacks for Fooling Convolutional Neural Networks and A Defense Against Such Attacks. Jayendra Kantipudi; Shiv Ram Dubey; Soumendu Chakraborty http://arxiv.org/abs/2012.10794 Sample Complexity of Adversarially Robust Linear Classification on Separated Data. Robi Bhattacharjee; Somesh Jha; Kamalika Chaudhuri http://arxiv.org/abs/2012.10076 Semantics and explanation: why counterfactual explanations produce adversarial examples in deep neural networks. Kieran Browne; Ben Swift http://arxiv.org/abs/2012.10282 ROBY: Evaluating the Robustness of a Deep Model by its Decision Boundaries. Jinyin Chen; Zhen Wang; Haibin Zheng; Jun Xiao; Zhaoyan Ming http://arxiv.org/abs/2012.10235 AdvExpander: Generating Natural Language Adversarial Examples by Expanding Text. Zhihong Shao; Zitao Liu; Jiyong Zhang; Zhongqin Wu; Minlie Huang http://arxiv.org/abs/2012.10278 Adversarially Robust Estimate and Risk Analysis in Linear Regression. Yue Xing; Ruizhi Zhang; Guang Cheng http://arxiv.org/abs/2012.10485 RAILS: A Robust Adversarial Immune-inspired Learning System. Ren Wang; Tianqi Chen; Stephen Lindsly; Alnawaz Rehemtulla; Alfred Hero; Indika Rajapakse http://arxiv.org/abs/2012.10438 Efficient Training of Robust Decision Trees Against Adversarial Examples. Daniël Vos; Sicco Verwer http://arxiv.org/abs/2101.05219 On the human-recognizability phenomenon of adversarially trained deep image classifiers. Jonathan Helland; Nathan VanHoudnos http://arxiv.org/abs/2012.09427 Characterizing the Evasion Attackability of Multi-label Classifiers. Zhuo Yang; Yufei Han; Xiangliang Zhang http://arxiv.org/abs/2012.09501 A Hierarchical Feature Constraint to Camouflage Medical Adversarial Attacks. Qingsong Yao; Zecheng He; Yi Lin; Kai Ma; Yefeng Zheng; S. Kevin Zhou http://arxiv.org/abs/2012.09384 On the Limitations of Denoising Strategies as Adversarial Defenses. Zhonghan Niu; Zhaoxi Chen; Linyi Li; Yubin Yang; Bo Li; Jinfeng Yi http://arxiv.org/abs/2012.08588 FoggySight: A Scheme for Facial Lookup Privacy. Ivan Evtimov; Pascal Sturmfels; Tadayoshi Kohno http://arxiv.org/abs/2012.08096 FAWA: Fast Adversarial Watermark Attack on Optical Character Recognition (OCR) Systems. Lu Chen; Jiao Sun; Wei Xu http://arxiv.org/abs/2012.08112 Amata: An Annealing Mechanism for Adversarial Training Acceleration. Nanyang Ye; Qianxiao Li; Xiao-Yun Zhou; Zhanxing Zhu http://arxiv.org/abs/2012.07372 Disentangled Information Bottleneck. Ziqi Pan; Li Niu; Jianfu Zhang; Liqing Zhang http://arxiv.org/abs/2012.07887 Adaptive Verifiable Training Using Pairwise Class Similarity. Shiqi Wang; Kevin Eykholt; Taesung Lee; Jiyong Jang; Ian Molloy http://arxiv.org/abs/2012.07828 Robustness Threats of Differential Privacy. Nurislam Tursynbek; Aleksandr Petiushko; Ivan Oseledets http://arxiv.org/abs/2012.07474 HaS-Nets: A Heal and Select Mechanism to Defend DNNs Against Backdoor Attacks for Data Collection Scenarios. Hassan Ali; Surya Nepal; Salil S. Kanhere; Sanjay Jha http://arxiv.org/abs/2012.07688 Improving Adversarial Robustness via Probabilistically Compact Loss with Logit Constraints. Xin Li; Xiangrui Li; Deng Pan; Dongxiao Zhu http://arxiv.org/abs/2012.07994 Binary Black-box Evasion Attacks Against Deep Learning-based Static Malware Detectors with Adversarial Byte-Level Language Model. Mohammadreza Ebrahimi; Ning Zhang; James Hu; Muhammad Taqi Raza; Hsinchun Chen http://arxiv.org/abs/2012.07280 Contrastive Learning with Adversarial Perturbations for Conditional Text Generation. Seanie Lee; Dong Bok Lee; Sung Ju Hwang http://arxiv.org/abs/2012.07233 Achieving Adversarial Robustness Requires An Active Teacher. Chao Ma; Lexing Ying http://arxiv.org/abs/2012.06757 Query-free Black-box Adversarial Attacks on Graphs. Jiarong Xu; Yizhou Sun; Xin Jiang; Yanhao Wang; Yang Yang; Chunping Wang; Jiangang Lu http://arxiv.org/abs/2012.06390 Closeness and Uncertainty Aware Adversarial Examples Detection in Adversarial Machine Learning. Omer Faruk Tuna; Ferhat Ozgur Catak; M. Taner Eskil http://arxiv.org/abs/2012.06405 Attack Agnostic Detection of Adversarial Examples via Random Subspace Analysis. Nathan Drenkow; Neil Fendley; Philippe Burlina http://arxiv.org/abs/2012.06568 Analyzing and Improving Adversarial Training for Generative Modeling. (86%) Xuwang Yin; Shiying Li; Gustavo K. Rohde http://arxiv.org/abs/2012.05948 GNNUnlock: Graph Neural Networks-based Oracle-less Unlocking Scheme for Provably Secure Logic Locking. Lilas Alrahis; Satwik Patnaik; Faiq Khalid; Muhammad Abdullah Hanif; Hani Saleh; Muhammad Shafique; Ozgur Sinanoglu http://arxiv.org/abs/2012.06058 Next Wave Artificial Intelligence: Robust, Explainable, Adaptable, Ethical, and Accountable. Odest Chadwicke Jenkins; Daniel Lopresti; Melanie Mitchell http://arxiv.org/abs/2012.06122 DSRNA: Differentiable Search of Robust Neural Architectures. Ramtin Hosseini; Xingyi Yang; Pengtao Xie http://arxiv.org/abs/2012.06110 I-GCN: Robust Graph Convolutional Network via Influence Mechanism. Haoxi Zhan; Xiaobing Pei http://arxiv.org/abs/2012.06332 An Empirical Review of Adversarial Defenses. Ayush Goel http://arxiv.org/abs/2012.06024 Robustness and Transferability of Universal Attacks on Compressed Models. Alberto G. Matachana; Kenneth T. Co; Luis Muñoz-González; David Martinez; Emil C. Lupu http://arxiv.org/abs/2012.05657 Geometric Adversarial Attacks and Defenses on 3D Point Clouds. Itai Lang; Uriel Kotlicki; Shai Avidan http://arxiv.org/abs/2012.05858 SPAA: Stealthy Projector-based Adversarial Attacks on Deep Image Classifiers. Bingyao Huang; Haibin Ling http://arxiv.org/abs/2012.05027 Generating Out of Distribution Adversarial Attack using Latent Space Poisoning. Ujjwal Upadhyay; Prerana Mukherjee http://arxiv.org/abs/2012.06330 Detection of Adversarial Supports in Few-shot Classifiers Using Self-Similarity and Filtering. Yi Xiang Marcus Tan; Penny Chong; Jiamei Sun; Ngai-Man Cheung; Yuval Elovici; Alexander Binder http://arxiv.org/abs/2012.05321 Securing Deep Spiking Neural Networks against Adversarial Attacks through Inherent Structural Parameters. Rida El-Allami; Alberto Marchisio; Muhammad Shafique; Ihsen Alouani http://arxiv.org/abs/2012.05434 Composite Adversarial Attacks. Xiaofeng Mao; Yuefeng Chen; Shuhui Wang; Hang Su; Yuan He; Hui Xue http://arxiv.org/abs/2012.06043 Provable Defense against Privacy Leakage in Federated Learning from Representation Perspective. Jingwei Sun; Ang Li; Binghui Wang; Huanrui Yang; Hai Li; Yiran Chen http://arxiv.org/abs/2012.04729 On 1/n neural representation and robustness. Josue Nassar; Piotr Aleksander Sokol; SueYeon Chung; Kenneth D. Harris; Il Memming Park http://arxiv.org/abs/2012.04692 Locally optimal detection of stochastic targeted universal adversarial perturbations. Amish Goel; Pierre Moulin http://arxiv.org/abs/2012.04734 A Deep Marginal-Contrastive Defense against Adversarial Attacks on 1D Models. Mohammed Hassanin; Nour Moustafa; Murat Tahtali http://arxiv.org/abs/2012.04382 Using Feature Alignment can Improve Clean Average Precision and Adversarial Robustness in Object Detection. Weipeng Xu; Hongcheng Huang http://arxiv.org/abs/2012.04864 EvaLDA: Efficient Evasion Attacks Towards Latent Dirichlet Allocation. Qi Zhou; Haipeng Chen; Yitao Zheng; Zhen Wang http://arxiv.org/abs/2012.04262 Overcomplete Representations Against Adversarial Videos. Shao-Yuan Lo; Jeya Maria Jose Valanarasu; Vishal M. Patel http://arxiv.org/abs/2012.04750 Mitigating the Impact of Adversarial Attacks in Very Deep Networks. Mohammed Hassanin; Ibrahim Radwan; Nour Moustafa; Murat Tahtali; Neeraj Kumar http://arxiv.org/abs/2012.04353 Reinforcement Based Learning on Classification Task Could Yield Better Generalization and Adversarial Accuracy. Shashi Kant Gupta http://arxiv.org/abs/2012.04432 Poisoning Semi-supervised Federated Learning via Unlabeled Data: Attacks and Defenses. (95%) Yi Liu; Xingliang Yuan; Ruihui Zhao; Cong Wang; Dusit Niyato; Yefeng Zheng http://arxiv.org/abs/2012.04351 Data Dependent Randomized Smoothing. (1%) Motasem Alfarra; Adel Bibi; Philip H. S. Torr; Bernard Ghanem http://arxiv.org/abs/2012.03516 A Singular Value Perspective on Model Robustness. Malhar Jere; Maghav Kumar; Farinaz Koushanfar http://arxiv.org/abs/2012.03528 Backpropagating Linearly Improves Transferability of Adversarial Examples. Yiwen Guo; Qizhang Li; Hao Chen http://arxiv.org/abs/2012.03483 Learning to Separate Clusters of Adversarial Representations for Robust Adversarial Detection. Byunggill Joe; Jihun Hamm; Sung Ju Hwang; Sooel Son; Insik Shin http://arxiv.org/abs/2012.03843 Are DNNs fooled by extremely unrecognizable images? Soichiro Kumano; Hiroshi Kera; Toshihiko Yamasaki http://arxiv.org/abs/2012.03460 Reprogramming Language Models for Molecular Representation Learning. Ria Vinod; Pin-Yu Chen; Payel Das http://arxiv.org/abs/2012.03404 Black-box Model Inversion Attribute Inference Attacks on Classification Models. Shagufta Mehnaz; Ninghui Li; Elisa Bertino http://arxiv.org/abs/2012.03310 PAC-Learning for Strategic Classification. Ravi Sundaram; Anil Vullikanti; Haifeng Xu; Fan Yao http://arxiv.org/abs/2012.02976 Evaluating adversarial robustness in simulated cerebellum. Liu Yuezhang; Bo Li; Qifeng Chen http://arxiv.org/abs/2012.02632 Advocating for Multiple Defense Strategies against Adversarial Examples. Alexandre Araujo; Laurent Meunier; Rafael Pinot; Benjamin Negrevergne http://arxiv.org/abs/2012.02525 Practical No-box Adversarial Attacks against DNNs. Qizhang Li; Yiwen Guo; Hao Chen http://arxiv.org/abs/2012.02452 Towards Natural Robustness Against Adversarial Examples. Haoyu Chu; Shikui Wei; Yao Zhao http://arxiv.org/abs/2012.02486 Unsupervised Adversarially-Robust Representation Learning on Graphs. Jiarong Xu; Yang Yang; Junru Chen; Chunping Wang; Xin Jiang; Jiangang Lu; Yizhou Sun http://arxiv.org/abs/2012.02521 Kernel-convoluted Deep Neural Networks with Data Augmentation. Minjin Kim; Young-geun Kim; Dongha Kim; Yongdai Kim; Myunghee Cho Paik http://arxiv.org/abs/2012.02048 Ethical Testing in the Real World: Evaluating Physical Testing of Adversarial Machine Learning. Kendra Albert; Maggie Delano; Jonathon Penney; Afsaneh Rigot; Ram Shankar Siva Kumar http://arxiv.org/abs/2012.01791 FAT: Federated Adversarial Training. Giulio Zizzo; Ambrish Rawat; Mathieu Sinn; Beat Buesser http://arxiv.org/abs/2012.01901 An Empirical Study of Derivative-Free-Optimization Algorithms for Targeted Black-Box Attacks in Deep Neural Networks. Giuseppe Ughi; Vinayak Abrol; Jared Tanner http://arxiv.org/abs/2012.02160 Channel Effects on Surrogate Models of Adversarial Attacks against Wireless Signal Classifiers. Brian Kim; Yalin E. Sagduyu; Tugba Erpek; Kemal Davaslioglu; Sennur Ulukus http://arxiv.org/abs/2012.01806 Attribute-Guided Adversarial Training for Robustness to Natural Perturbations. Tejas Gokhale; Rushil Anirudh; Bhavya Kailkhura; Jayaraman J. Thiagarajan; Chitta Baral; Yezhou Yang http://arxiv.org/abs/2012.01558 From a Fourier-Domain Perspective on Adversarial Examples to a Wiener Filter Defense for Semantic Segmentation. Nikhil Kapoor; Andreas Bär; Serin Varghese; Jan David Schneider; Fabian Hüger; Peter Schlicht; Tim Fingscheidt http://arxiv.org/abs/2012.01701 FenceBox: A Platform for Defeating Adversarial Examples with Data Augmentation Techniques. Han Qiu; Yi Zeng; Tianwei Zhang; Yong Jiang; Meikang Qiu http://arxiv.org/abs/2012.01654 Towards Defending Multiple $\ell_p$-norm Bounded Adversarial Perturbations via Gated Batch Normalization. Aishan Liu; Shiyu Tang; Xinyun Chen; Lei Huang; Haotong Qin; Xianglong Liu; Dacheng Tao http://arxiv.org/abs/2012.01699 Content-Adaptive Pixel Discretization to Improve Model Robustness. Ryan Feng; Wu-chi Feng; Atul Prakash http://arxiv.org/abs/2012.01274 How Robust are Randomized Smoothing based Defenses to Data Poisoning? Akshay Mehra; Bhavya Kailkhura; Pin-Yu Chen; Jihun Hamm http://arxiv.org/abs/2012.00802 Adversarial Robustness Across Representation Spaces. Pranjal Awasthi; George Yu; Chun-Sung Ferng; Andrew Tomkins; Da-Cheng Juan http://arxiv.org/abs/2012.00558 Robustness Out of the Box: Compositional Representations Naturally Defend Against Black-Box Patch Attacks. Christian Cosgrove; Adam Kortylewski; Chenglin Yang; Alan Yuille http://arxiv.org/abs/2012.00567 Boosting Adversarial Attacks on Neural Networks with Better Optimizer. Heng Yin; Hengwei Zhang; Jindong Wang; Ruiyu Dou http://arxiv.org/abs/2012.00517 One-Pixel Attack Deceives Computer-Assisted Diagnosis of Cancer. Joni Korpihalkola; Tuomo Sipola; Samir Puuska; Tero Kokkonen http://arxiv.org/abs/2012.00909 Towards Imperceptible Adversarial Image Patches Based on Network Explanations. Yaguan Qian; Jiamin Wang; Bin Wang; Zhaoquan Gu; Xiang Ling; Chunming Wu http://arxiv.org/abs/2011.14969 Guided Adversarial Attack for Evaluating and Enhancing Adversarial Defenses. Gaurang Sriramanan; Sravanti Addepalli; Arya Baburaj; R. Venkatesh Babu http://arxiv.org/abs/2011.14585 Just One Moment: Structural Vulnerability of Deep Action Recognition against One Frame Attack. Jaehui Hwang; Jun-Hyuk Kim; Jun-Ho Choi; Jong-Seok Lee http://arxiv.org/abs/2011.14427 Architectural Adversarial Robustness: The Case for Deep Pursuit. George Cazenavette; Calvin Murdock; Simon Lucey http://arxiv.org/abs/2011.14365 A Targeted Universal Attack on Graph Convolutional Network. Jiazhu Dai; Weifeng Zhu; Xiangfeng Luo http://arxiv.org/abs/2011.14498 SwitchX: Gmin-Gmax Switching for Energy-Efficient and Robust Implementation of Binary Neural Networks on ReRAM Xbars. Abhiroop Bhattacharjee; Priyadarshini Panda http://arxiv.org/abs/2011.14224 Cyberbiosecurity: DNA Injection Attack in Synthetic Biology. Dor Farbiash; Rami Puzis http://arxiv.org/abs/2011.14085 Deterministic Certification to Adversarial Attacks via Bernstein Polynomial Approximation. Ching-Chia Kao; Jhe-Bang Ko; Chun-Shien Lu http://arxiv.org/abs/2011.14218 FaceGuard: A Self-Supervised Defense Against Adversarial Face Images. Debayan Deb; Xiaoming Liu; Anil K. Jain http://arxiv.org/abs/2011.13705 3D Invisible Cloak. Mingfu Xue; Can He; Zhiyu Wu; Jian Wang; Zhe Liu; Weiqiang Liu http://arxiv.org/abs/2011.13824 Fast and Complete: Enabling Complete Neural Network Verification with Rapid and Massively Parallel Incomplete Verifiers. Kaidi Xu; Huan Zhang; Shiqi Wang; Yihan Wang; Suman Jana; Xue Lin; Cho-Jui Hsieh http://arxiv.org/abs/2011.14031 Voting based ensemble improves robustness of defensive models. Devvrit; Minhao Cheng; Cho-Jui Hsieh; Inderjit Dhillon http://arxiv.org/abs/2011.14045 Generalized Adversarial Examples: Attacks and Defenses. Haojing Shen; Sihong Chen; Ran Wang; Xizhao Wang http://arxiv.org/abs/2011.13692 Robust and Natural Physical Adversarial Examples for Object Detectors. Mingfu Xue; Chengxiang Yuan; Can He; Jian Wang; Weiqiang Liu http://arxiv.org/abs/2011.13560 SocialGuard: An Adversarial Example Based Privacy-Preserving Technique for Social Images. Mingfu Xue; Shichang Sun; Zhiyu Wu; Can He; Jian Wang; Weiqiang Liu http://arxiv.org/abs/2011.13696 Use the Spear as a Shield: A Novel Adversarial Example based Privacy-Preserving Technique against Membership Inference Attacks. Mingfu Xue; Chengxiang Yuan; Can He; Zhiyu Wu; Yushu Zhang; Zhe Liu; Weiqiang Liu http://arxiv.org/abs/2011.13538 Rethinking Uncertainty in Deep Learning: Whether and How it Improves Robustness. Yilun Jin; Lixin Fan; Kam Woh Ng; Ce Ju; Qiang Yang http://arxiv.org/abs/2011.13392 Exposing the Robustness and Vulnerability of Hybrid 8T-6T SRAM Memory Architectures to Adversarial Attacks in Deep Neural Networks. Abhishek Moitra; Priyadarshini Panda http://arxiv.org/abs/2011.13526 Robust Attacks on Deep Learning Face Recognition in the Physical World. Meng Shen; Hao Yu; Liehuang Zhu; Ke Xu; Qi Li; Xiaojiang Du http://arxiv.org/abs/2011.13181 Regularization with Latent Space Virtual Adversarial Training. Genki Osada; Budrul Ahsan; Revoti Prasad Bora; Takashi Nishide http://arxiv.org/abs/2011.13375 Invisible Perturbations: Physical Adversarial Examples Exploiting the Rolling Shutter Effect. Athena Sayles; Ashish Hooda; Mohit Gupta; Rahul Chatterjee; Earlence Fernandes http://arxiv.org/abs/2011.12680 Adversarial Attack on Facial Recognition using Visible Light. Morgan Frearson; Kien Nguyen http://arxiv.org/abs/2011.12902 Adversarial Evaluation of Multimodal Models under Realistic Gray Box Assumption. Ivan Evtimov; Russel Howes; Brian Dolhansky; Hamed Firooz; Cristian Canton Ferrer http://arxiv.org/abs/2011.12807 SurFree: a fast surrogate-free black-box attack. Thibault Maho; Teddy Furon; Erwan Le Merrer http://arxiv.org/abs/2011.13011 Advancing diagnostic performance and clinical usability of neural networks via adversarial training and dual batch normalization. Tianyu Han; Sven Nebelung; Federico Pedersoli; Markus Zimmermann; Maximilian Schulze-Hagen; Michael Ho; Christoph Haarburger; Fabian Kiessling; Christiane Kuhl; Volkmar Schulz; Daniel Truhn http://arxiv.org/abs/2011.14934 Probing Model Signal-Awareness via Prediction-Preserving Input Minimization. (80%) Sahil Suneja; Yunhui Zheng; Yufan Zhuang; Jim Laredo; Alessandro Morari http://arxiv.org/abs/2011.12344 Trust but Verify: Assigning Prediction Credibility by Counterfactual Constrained Learning. Luiz F. O. Chamon; Santiago Paternain; Alejandro Ribeiro http://arxiv.org/abs/2011.12423 Stochastic sparse adversarial attacks. Manon Césaire; Hatem Hajri; Sylvain Lamprier; Patrick Gallinari http://arxiv.org/abs/2011.11922 On the Adversarial Robustness of 3D Point Cloud Classification. Jiachen Sun; Karl Koenig; Yulong Cao; Qi Alfred Chen; Z. Morley Mao http://arxiv.org/abs/2011.11957 Towards Imperceptible Universal Attacks on Texture Recognition. Yingpeng Deng; Lina J. Karam http://arxiv.org/abs/2011.12720 Omni: Automated Ensemble with Unexpected Models against Adversarial Evasion Attack. Rui Shu; Tianpei Xia; Laurie Williams; Tim Menzies http://arxiv.org/abs/2011.11857 Augmented Lagrangian Adversarial Attacks. Jérôme Rony; Eric Granger; Marco Pedersoli; Ismail Ben Ayed http://arxiv.org/abs/2011.11164 Learnable Boundary Guided Adversarial Training. Jiequan Cui; Shu Liu; Liwei Wang; Jiaya Jia http://arxiv.org/abs/2011.11637 Nudge Attacks on Point-Cloud DNNs. Yiren Zhao; Ilia Shumailov; Robert Mullins; Ross Anderson http://arxiv.org/abs/2011.10794 Spatially Correlated Patterns in Adversarial Images. Nandish Chattopadhyay; Lionell Yip En Zhi; Bryan Tan Bing Xing; Anupam Chattopadhyay http://arxiv.org/abs/2011.10867 A Neuro-Inspired Autoencoding Defense Against Adversarial Perturbations. Can Bakiskan; Metehan Cekic; Ahmet Dundar Sezer; Upamanyu Madhow http://arxiv.org/abs/2011.10850 Robust Data Hiding Using Inverse Gradient Attention. (2%) Honglei Zhang; Hu Wang; Yuanzhouhan Cao; Chunhua Shen; Yidong Li http://arxiv.org/abs/2011.10280 Are Chess Discussions Racist? An Adversarial Hate Speech Data Set. Rupak Sarkar; Ashiqur R. KhudaBukhsh http://arxiv.org/abs/2011.10492 Detecting Universal Trigger's Adversarial Attack with Honeypot. Thai Le; Noseong Park; Dongwon Lee http://arxiv.org/abs/2011.09789 An Experimental Study of Semantic Continuity for Deep Learning Models. Shangxi Wu; Jitao Sang; Xian Zhao; Lizhang Chen http://arxiv.org/abs/2011.09719 Adversarial Examples for $k$-Nearest Neighbor Classifiers Based on Higher-Order Voronoi Diagrams. Chawin Sitawarin; Evgenios M. Kornaropoulos; Dawn Song; David Wagner http://arxiv.org/abs/2011.09957 Adversarial Threats to DeepFake Detection: A Practical Perspective. Paarth Neekhara; Brian Dolhansky; Joanna Bitton; Cristian Canton Ferrer http://arxiv.org/abs/2011.09824 Multi-Task Adversarial Attack. Pengxin Guo; Yuancheng Xu; Baijiong Lin; Yu Zhang http://arxiv.org/abs/2011.11486 Latent Adversarial Debiasing: Mitigating Collider Bias in Deep Neural Networks. Luke Darlow; Stanisław Jastrzębski; Amos Storkey http://arxiv.org/abs/2011.09563 Robustified Domain Adaptation. Jiajin Zhang; Hanqing Chao; Pingkun Yan http://arxiv.org/abs/2011.09473 Adversarial collision attacks on image hashing functions. Brian Dolhansky; Cristian Canton Ferrer http://arxiv.org/abs/2011.09526 Contextual Fusion For Adversarial Robustness. Aiswarya Akumalla; Seth Haney; Maksim Bazhenov http://arxiv.org/abs/2011.09393 Adversarial Turing Patterns from Cellular Automata. Nurislam Tursynbek; Ilya Vilkoviskiy; Maria Sindeeva; Ivan Oseledets http://arxiv.org/abs/2011.09364 Self-Gradient Networks. Hossein Aboutalebi; Mohammad Javad Shafiee Alexander Wong http://arxiv.org/abs/2011.09123 Adversarial Profiles: Detecting Out-Distribution & Adversarial Samples in Pre-trained CNNs. Arezoo Rajabi; Rakesh B. Bobba http://arxiv.org/abs/2011.08483 FoolHD: Fooling speaker identification by Highly imperceptible adversarial Disturbances. Ali Shahin Shamsabadi; Francisco Sepúlveda Teixeira; Alberto Abad; Bhiksha Raj; Andrea Cavallaro; Isabel Trancoso http://arxiv.org/abs/2011.08908 SIENA: Stochastic Multi-Expert Neural Patcher. Thai Le; Noseong Park; Dongwon Lee http://arxiv.org/abs/2011.09066 Shaping Deep Feature Space towards Gaussian Mixture for Visual Classification. Weitao Wan; Jiansheng Chen; Cheng Yu; Tong Wu; Yuanyi Zhong; Ming-Hsuan Yang http://arxiv.org/abs/2011.08558 Generating universal language adversarial examples by understanding and enhancing the transferability across neural models. Liping Yuan; Xiaoqing Zheng; Yi Zhou; Cho-Jui Hsieh; Kai-wei Chang; Xuanjing Huang http://arxiv.org/abs/2011.08485 Probing Predictions on OOD Images via Nearest Categories. (75%) Yao-Yuan Yang; Cyrus Rashtchian; Ruslan Salakhutdinov; Kamalika Chaudhuri http://arxiv.org/abs/2011.07793 MAAC: Novel Alert Correlation Method To Detect Multi-step Attack. Xiaoyu Wang; Lei Yu; Houhua He; Xiaorui Gong http://arxiv.org/abs/2011.08105 Enforcing robust control guarantees within neural network policies. Priya L. Donti; Melrose Roderick; Mahyar Fazlyab; J. Zico Kolter http://arxiv.org/abs/2011.07835 Adversarially Robust Classification based on GLRT. Bhagyashree Puranik; Upamanyu Madhow; Ramtin Pedarsani http://arxiv.org/abs/2011.08102 Combining GANs and AutoEncoders for Efficient Anomaly Detection. Fabio ISTI CNR, Pisa, Italy Carrara; Giuseppe ISTI CNR, Pisa, Italy Amato; Luca ISTI CNR, Pisa, Italy Brombin; Fabrizio ISTI CNR, Pisa, Italy Falchi; Claudio ISTI CNR, Pisa, Italy Gennaro http://arxiv.org/abs/2011.08367 Extreme Value Preserving Networks. Mingjie Sun; Jianguo Li; Changshui Zhang http://arxiv.org/abs/2011.07478 Towards Understanding the Regularization of Adversarial Robustness on Neural Networks. Yuxin Wen; Shuai Li; Kui Jia http://arxiv.org/abs/2011.07697 Ensemble of Models Trained by Key-based Transformed Images for Adversarially Robust Defense Against Black-box Attacks. MaungMaung AprilPyone; Hitoshi Kiya http://arxiv.org/abs/2011.07633 Almost Tight L0-norm Certified Robustness of Top-k Predictions against Adversarial Perturbations. Jinyuan Jia; Binghui Wang; Xiaoyu Cao; Hongbin Liu; Neil Zhenqiang Gong http://arxiv.org/abs/2011.07603 Power Side-Channel Attacks on BNN Accelerators in Remote FPGAs. (1%) Shayan Moini; Shanquan Tian; Jakub Szefer; Daniel Holcomb; Russell Tessier http://arxiv.org/abs/2011.07430 Audio-Visual Event Recognition through the lens of Adversary. Juncheng B Li; Kaixin Ma; Shuhui Qu; Po-Yao Huang; Florian Metze http://arxiv.org/abs/2011.06978 Transformer-Encoder Detector Module: Using Context to Improve Robustness to Adversarial Attacks on Object Detection. Faisal Alamri; Sinan Kalkan; Nicolas Pugeault http://arxiv.org/abs/2011.07114 Query-based Targeted Action-Space Adversarial Policies on Deep Reinforcement Learning Agents. Xian Yeow Lee; Yasaman Esfandiari; Kai Liang Tan; Soumik Sarkar http://arxiv.org/abs/2011.06690 Adversarial Robustness Against Image Color Transformation within Parametric Filter Space. Zhengyu Zhao; Zhuoran Liu; Martha Larson http://arxiv.org/abs/2011.06585 Sparse PCA: Algorithms, Adversarial Perturbations and Certificates. Tommaso d'Orsi; Pravesh K. Kothari; Gleb Novikov; David Steurer http://arxiv.org/abs/2011.05623 Adversarial images for the primate brain. Li Yuan; Will Xiao; Gabriel Kreiman; Francis E. H. Tay; Jiashi Feng; Margaret S. Livingstone http://arxiv.org/abs/2011.05850 Detecting Adversarial Patches with Class Conditional Reconstruction Networks. Perry Deng; Mohammad Saidur Rahman; Matthew Wright http://arxiv.org/abs/2011.05074 Efficient and Transferable Adversarial Examples from Bayesian Neural Networks. Martin Gubri; Maxime Cordy; Mike Papadakis; Yves Le Traon; Koushik Sen http://arxiv.org/abs/2011.04268 Solving Inverse Problems With Deep Neural Networks -- Robustness Included? Martin Genzel; Jan Macdonald; Maximilian März http://arxiv.org/abs/2011.03901 Adversarial Black-Box Attacks On Text Classifiers Using Multi-Objective Genetic Optimization Guided By Deep Networks. Alex Mathai; Shreya Khare; Srikanth Tamilselvam; Senthil Mani http://arxiv.org/abs/2011.05157 Bridging the Performance Gap between FGSM and PGD Adversarial Training. Tianjin Huang; Vlado Menkovski; Yulong Pei; Mykola Pechenizkiy http://arxiv.org/abs/2011.03574 Single-Node Attacks for Fooling Graph Neural Networks. Ben Finkelshtein; Chaim Baskin; Evgenii Zheltonozhskii; Uri Alon http://arxiv.org/abs/2011.05973 A survey on practical adversarial examples for malware classifiers. Daniel Park; Bülent Yener http://arxiv.org/abs/2011.02701 A Black-Box Attack Model for Visually-Aware Recommender Systems. Rami Cohen; Oren Sar Shalom; Dietmar Jannach; Amihood Amir http://arxiv.org/abs/2011.03010 Data Augmentation via Structured Adversarial Perturbations. Calvin Luo; Hossein Mobahi; Samy Bengio http://arxiv.org/abs/2011.02675 Defense-friendly Images in Adversarial Attacks: Dataset and Metrics forPerturbation Difficulty. Camilo Pestana; Wei Liu; David Glance; Ajmal Mian http://arxiv.org/abs/2011.02707 Dynamically Sampled Nonlocal Gradients for Stronger Adversarial Attacks. Leo Schwinn; An Nguyen; René Raab; Dario Zanca; Bjoern Eskofier; Daniel Tenbrinck; Martin Burger http://arxiv.org/abs/2011.01514 You Do (Not) Belong Here: Detecting DPI Evasion Attacks with Context Learning. Shitong Zhu; Shasha Li; Zhongjie Wang; Xun Chen; Zhiyun Qian; Srikanth V. Krishnamurthy; Kevin S. Chan; Ananthram Swami http://arxiv.org/abs/2011.01846 Detecting Word Sense Disambiguation Biases in Machine Translation for Model-Agnostic Adversarial Attacks. Denis Emelin; Ivan Titov; Rico Sennrich http://arxiv.org/abs/2011.01538 Penetrating RF Fingerprinting-based Authentication with a Generative Adversarial Attack. Samurdhi Karunaratne; Enes Krijestorac; Danijela Cabric http://arxiv.org/abs/2011.01539 Recent Advances in Understanding Adversarial Robustness of Deep Neural Networks. Tao Bai; Jinqi Luo; Jun Zhao http://arxiv.org/abs/2011.03083 A Tunable Robust Pruning Framework Through Dynamic Network Rewiring of DNNs. Souvik Kundu; Mahdi Nazemi; Peter A. Beerel; Massoud Pedram http://arxiv.org/abs/2011.01509 MalFox: Camouflaged Adversarial Malware Example Generation Based on Conv-GANs Against Black-Box Detectors. Fangtian Zhong; Xiuzhen Cheng; Dongxiao Yu; Bei Gong; Shuaiwen Song; Jiguo Yu http://arxiv.org/abs/2011.01183 Adversarial Examples in Constrained Domains. Ryan Sheatsley; Nicolas Papernot; Michael Weisman; Gunjan Verma; Patrick McDaniel http://arxiv.org/abs/2011.01132 Frequency-based Automated Modulation Classification in the Presence of Adversaries. Rajeev Sahay; Christopher G. Brinton; David J. Love http://arxiv.org/abs/2011.01435 Robust Algorithms for Online Convex Problems via Primal-Dual. Marco Molinaro http://arxiv.org/abs/2011.02272 Trustworthy AI. Richa Singh; Mayank Vatsa; Nalini Ratha http://arxiv.org/abs/2011.00566 LG-GAN: Label Guided Adversarial Network for Flexible Targeted Attack of Point Cloud-based Deep Networks. Hang Zhou; Dongdong Chen; Jing Liao; Weiming Zhang; Kejiang Chen; Xiaoyi Dong; Kunlin Liu; Gang Hua; Nenghai Yu http://arxiv.org/abs/2011.05976 Vulnerability of the Neural Networks Against Adversarial Examples: A Survey. Rui Zhao http://arxiv.org/abs/2011.01755 MAD-VAE: Manifold Awareness Defense Variational Autoencoder. Frederick Morlock; Dingsu Wang http://arxiv.org/abs/2011.00144 Integer Programming-based Error-Correcting Output Code Design for Robust Classification. Samarth Gupta; Saurabh Amin http://arxiv.org/abs/2010.16336 Leveraging Extracted Model Adversaries for Improved Black Box Attacks. Naveen Jafer Nizar; Ari Kobren http://arxiv.org/abs/2011.00101 EEG-Based Brain-Computer Interfaces Are Vulnerable to Backdoor Attacks. Lubin Meng; Jian Huang; Zhigang Zeng; Xue Jiang; Shan Yu; Tzyy-Ping Jung; Chin-Teng Lin; Ricardo Chavarriaga; Dongrui Wu http://arxiv.org/abs/2011.00095 Adversarial Attacks on Optimization based Planners. Sai Vemprala; Ashish Kapoor http://arxiv.org/abs/2010.16204 Capture the Bot: Using Adversarial Examples to Improve CAPTCHA Robustness to Bot Attacks. Dorjan Hitaj; Briland Hitaj; Sushil Jajodia; Luigi V. Mancini http://arxiv.org/abs/2011.05254 Perception Improvement for Free: Exploring Imperceptible Black-box Adversarial Attacks on Image Classification. Yongwei Wang; Mingquan Feng; Rabab Ward; Z. Jane Wang; Lanjun Wang http://arxiv.org/abs/2011.00070 Adversarial Robust Training of Deep Learning MRI Reconstruction Models. Francesco Calivá; Kaiyang Cheng; Rutwik Shah; Valentina Pedoia http://arxiv.org/abs/2010.16074 Volumetric Medical Image Segmentation: A 3D Deep Coarse-to-fine Framework and Its Adversarial Examples. Yingwei Li; Zhuotun Zhu; Yuyin Zhou; Yingda Xia; Wei Shen; Elliot K. Fishman; Alan L. Yuille http://arxiv.org/abs/2010.15886 Perception Matters: Exploring Imperceptible and Transferable Anti-forensics for GAN-generated Fake Face Imagery Detection. Yongwei Wang; Xin Ding; Li Ding; Rabab Ward; Z. Jane Wang http://arxiv.org/abs/2010.15974 Can the state of relevant neurons in a deep neural networks serve as indicators for detecting adversarial attacks? Roger Granda; Tinne Tuytelaars; Jose Oramas http://arxiv.org/abs/2010.15651 Reliable Graph Neural Networks via Robust Aggregation. Simon Geisler; Daniel Zügner; Stephan Günnemann http://arxiv.org/abs/2010.15824 Passport-aware Normalization for Deep Model Protection. Jie Zhang; Dongdong Chen; Jing Liao; Weiming Zhang; Gang Hua; Nenghai Yu http://arxiv.org/abs/2010.15391 Robustifying Binary Classification to Adversarial Perturbation. Fariborz Salehi; Babak Hassibi http://arxiv.org/abs/2010.15487 Beyond cross-entropy: learning highly separable feature distributions for robust and accurate classification. Arslan Ali; Andrea Migliorati; Tiziano Bianchi; Enrico Magli http://arxiv.org/abs/2010.15773 WaveTransform: Crafting Adversarial Examples via Input Decomposition. Divyam Anshumaan; Akshay Agarwal; Mayank Vatsa; Richa Singh http://arxiv.org/abs/2010.16045 Machine Learning (In) Security: A Stream of Problems. (8%) Fabrício Ceschin; Marcus Botacin; Albert Bifet; Bernhard Pfahringer; Luiz S. Oliveira; Heitor Murilo Gomes; André Grégio http://arxiv.org/abs/2010.14927 Most ReLU Networks Suffer from $\ell^2$ Adversarial Perturbations. Amit Daniely; Hadas Schacham http://arxiv.org/abs/2010.14974 Object Hider: Adversarial Patch Attack Against Object Detectors. Yusheng Zhao; Huanqian Yan; Xingxing Wei http://arxiv.org/abs/2010.14986 Evaluating Robustness of Predictive Uncertainty Estimation: Are Dirichlet-based Models Reliable? Anna-Kathrin Kopetzki; Bertrand Charpentier; Daniel Zügner; Sandhya Giri; Stephan Günnemann http://arxiv.org/abs/2010.14919 Transferable Universal Adversarial Perturbations Using Generative Models. Atiye Sadat Hashemi; Andreas Bär; Saeed Mozaffari; Tim Fingscheidt http://arxiv.org/abs/2010.14291 Fast Local Attack: Generating Local Adversarial Examples for Object Detectors. Quanyu Liao; Xin Wang; Bin Kong; Siwei Lyu; Youbing Yin; Qi Song; Xi Wu http://arxiv.org/abs/2010.14121 Anti-perturbation of Online Social Networks by Graph Label Transition. Jun Zhuang; Mohammad Al Hasan http://arxiv.org/abs/2010.13751 Robust and Verifiable Information Embedding Attacks to Deep Neural Networks via Error-Correcting Codes. Jinyuan Jia; Binghui Wang; Neil Zhenqiang Gong http://arxiv.org/abs/2010.13773 GreedyFool: Distortion-Aware Sparse Adversarial Attack. Xiaoyi Dong; Dongdong Chen; Jianmin Bao; Chuan Qin; Lu Yuan; Weiming Zhang; Nenghai Yu; Dong Chen http://arxiv.org/abs/2010.13337 Robust Pre-Training by Adversarial Contrastive Learning. Ziyu Jiang; Tianlong Chen; Ting Chen; Zhangyang Wang http://arxiv.org/abs/2010.13880 Versatile Verification of Tree Ensembles. Laurens Devos; Wannes Meert; Jesse Davis http://arxiv.org/abs/2010.13365 Robustness May Be at Odds with Fairness: An Empirical Study on Class-wise Accuracy. Philipp Benz; Chaoning Zhang; Adil Karjauv; In So Kweon http://arxiv.org/abs/2010.13356 Exploring the Security Boundary of Data Reconstruction via Neuron Exclusivity Analysis. (16%) Xudong Pan; Mi Zhang; Yifan Yan; Jiaming Zhu; Min Yang http://arxiv.org/abs/2010.13247 Attack Agnostic Adversarial Defense via Visual Imperceptible Bound. Saheb Chhabra; Akshay Agarwal; Richa Singh; Mayank Vatsa http://arxiv.org/abs/2010.13070 Dynamic Adversarial Patch for Evading Object Detection Models. Shahar Hoory; Tzvika Shapira; Asaf Shabtai; Yuval Elovici http://arxiv.org/abs/2010.13275 Asymptotic Behavior of Adversarial Training in Binary Classification. Hossein Taheri; Ramtin Pedarsani; Christos Thrampoulidis http://arxiv.org/abs/2010.12905 ATRO: Adversarial Training with a Rejection Option. Masahiro Kato; Zhenghang Cui; Yoshihiro Fukuhara http://arxiv.org/abs/2010.12989 Are Adversarial Examples Created Equal? A Learnable Weighted Minimax Risk for Robustness under Non-uniform Attacks. Huimin Zeng; Chen Zhu; Tom Goldstein; Furong Huang http://arxiv.org/abs/2010.12809 Stop Bugging Me! Evading Modern-Day Wiretapping Using Adversarial Perturbations. Yael Mathov; Tal Ben Senior; Asaf Shabtai; Yuval Elovici http://arxiv.org/abs/2010.12510 Improving Robustness by Augmenting Training Sentences with Predicate-Argument Structures. Nafise Sadat Moosavi; Boer Marcel de; Prasetya Ajie Utama; Iryna Gurevych http://arxiv.org/abs/2010.12190 Towards Robust Neural Networks via Orthogonal Diversity. Kun Fang; Qinghua Tao; Yingwen Wu; Tao Li; Jia Cai; Feipeng Cai; Xiaolin Huang; Jie Yang http://arxiv.org/abs/2010.12050 Contrastive Learning with Adversarial Examples. Chih-Hui Ho; Nuno Vasconcelos http://arxiv.org/abs/2010.11782 Adversarial Attacks on Binary Image Recognition Systems. Eric Balkanski; Harrison Chase; Kojin Oshiba; Alexander Rilee; Yaron Singer; Richard Wang http://arxiv.org/abs/2010.11869 Rewriting Meaningful Sentences via Conditional BERT Sampling and an application on fooling text classifiers. Lei Xu; Ivan Ramirez; Kalyan Veeramachaneni http://arxiv.org/abs/2010.11598 An Efficient Adversarial Attack for Tree Ensembles. Chong Zhang; Huan Zhang; Cho-Jui Hsieh http://arxiv.org/abs/2010.12088 Adversarial Robustness of Supervised Sparse Coding. Jeremias Sulam; Ramchandran Muthukumar; Raman Arora http://arxiv.org/abs/2010.11645 Enabling certification of verification-agnostic networks via memory-efficient semidefinite programming. Sumanth Dathathri; Krishnamurthy Dvijotham; Alexey Kurakin; Aditi Raghunathan; Jonathan Uesato; Rudy Bunel; Shreya Shankar; Jacob Steinhardt; Ian Goodfellow; Percy Liang; Pushmeet Kohli http://arxiv.org/abs/2010.11535 Defense-guided Transferable Adversarial Attacks. Zifei Zhang; Kai Qiao; Jian Chen; Ningning Liang http://arxiv.org/abs/2010.11828 Once-for-All Adversarial Training: In-Situ Tradeoff between Robustness and Accuracy for Free. Haotao Wang; Tianlong Chen; Shupeng Gui; Ting-Kuei Hu; Ji Liu; Zhangyang Wang http://arxiv.org/abs/2010.11388 Adversarial Attacks on Deep Algorithmic Trading Policies. Yaser Faghan; Nancirose Piazza; Vahid Behzadan; Ali Fathi http://arxiv.org/abs/2010.11415 Maximum Mean Discrepancy is Aware of Adversarial Attacks. Ruize Gao; Feng Liu; Jingfeng Zhang; Bo Han; Tongliang Liu; Gang Niu; Masashi Sugiyama http://arxiv.org/abs/2010.11213 Precise Statistical Analysis of Classification Accuracies for Adversarial Training. Adel Javanmard; Mahdi Soltanolkotabi http://arxiv.org/abs/2010.11742 Learning Black-Box Attackers with Transferable Priors and Query Feedback. Jiancheng Yang; Yangzhou Jiang; Xiaoyang Huang; Bingbing Ni; Chenglong Zhao http://arxiv.org/abs/2010.11352 Class-Conditional Defense GAN Against End-to-End Speech Attacks. Mohammad Esmaeilpour; Patrick Cardinal; Alessandro Lameiras Koerich http://arxiv.org/abs/2010.10987 A Distributional Robustness Certificate by Randomized Smoothing. Jungang Yang; Liyao Xiang; Ruidong Chen; Yukun Wang; Wei Wang; Xinbing Wang http://arxiv.org/abs/2010.10242 Preventing Personal Data Theft in Images with Adversarial ML. Thomas Cilloni; Wei Wang; Charles Walter; Charles Fleming http://arxiv.org/abs/2010.10650 Towards Understanding the Dynamics of the First-Order Adversaries. Zhun Deng; Hangfeng He; Jiaoyang Huang; Weijie J. Su http://arxiv.org/abs/2010.10047 Robust Neural Networks inspired by Strong Stability Preserving Runge-Kutta methods. Byungjoo Kim; Bryce Chudomelka; Jinyoung Park; Jaewoo Kang; Youngjoon Hong; Hyunwoo J. Kim http://arxiv.org/abs/2010.10712 Boosting Gradient for White-Box Adversarial Attacks. Hongying Liu; Zhenyu Zhou; Fanhua Shang; Xiaoyu Qi; Yuanyuan Liu; Licheng Jiao http://arxiv.org/abs/2010.10549 Tight Second-Order Certificates for Randomized Smoothing. Alexander Levine; Aounon Kumar; Thomas Goldstein; Soheil Feizi http://arxiv.org/abs/2010.09680 A Survey of Machine Learning Techniques in Adversarial Image Forensics. Ehsan Nowroozi; Ali Dehghantanha; Reza M. Parizi; Kim-Kwang Raymond Choo http://arxiv.org/abs/2010.09569 Against All Odds: Winning the Defense Challenge in an Evasion Competition with Diversification. Erwin Quiring; Lukas Pirch; Michael Reimsbach; Daniel Arp; Konrad Rieck http://arxiv.org/abs/2010.09670 RobustBench: a standardized adversarial robustness benchmark. Francesco Croce; Maksym Andriushchenko; Vikash Sehwag; Nicolas Flammarion; Mung Chiang; Prateek Mittal; Matthias Hein http://arxiv.org/abs/2010.09624 Optimism in the Face of Adversity: Understanding and Improving Deep Learning through Adversarial Robustness. Guillermo Ortiz-Jimenez; Apostolos Modas; Seyed-Mohsen Moosavi-Dezfooli; Pascal Frossard http://arxiv.org/abs/2010.09633 Verifying the Causes of Adversarial Examples. Honglin Li; Yifei Fan; Frieder Ganz; Anthony Yezzi; Payam Barnaghi http://arxiv.org/abs/2010.09246 When Bots Take Over the Stock Market: Evasion Attacks Against Algorithmic Traders. Elior Nehemya; Yael Mathov; Asaf Shabtai; Yuval Elovici http://arxiv.org/abs/2010.09891 FLAG: Adversarial Data Augmentation for Graph Neural Networks. Kezhi Kong; Guohao Li; Mucong Ding; Zuxuan Wu; Chen Zhu; Bernard Ghanem; Gavin Taylor; Tom Goldstein http://arxiv.org/abs/2010.09119 FADER: Fast Adversarial Example Rejection. Francesco Crecchi; Marco Melis; Angelo Sotgiu; Davide Bacciu; Battista Biggio http://arxiv.org/abs/2010.09080 Poisoned classifiers are not only backdoored, they are fundamentally broken. Mingjie Sun; Siddhant Agarwal; J. Zico Kolter http://arxiv.org/abs/2010.08546 A Generative Model based Adversarial Security of Deep Learning and Linear Classifier Models. erhat Ozgur Catak; Samed Sivaslioglu; Kevser Sahinbas http://arxiv.org/abs/2010.08844 Finding Physical Adversarial Examples for Autonomous Driving with Fast and Differentiable Image Compositing. Jinghan Yang; Adith Boloor; Ayan Chakrabarti; Xuan Zhang; Yevgeniy Vorobeychik http://arxiv.org/abs/2010.08852 Weight-Covariance Alignment for Adversarially Robust Neural Networks. Panagiotis Eustratiadis; Henry Gouk; Da Li; Timothy Hospedales http://arxiv.org/abs/2010.11679 DPAttack: Diffused Patch Attacks against Universal Object Detection. Shudeng Wu; Tao Dai; Shu-Tao Xia http://arxiv.org/abs/2010.08542 Mischief: A Simple Black-Box Attack Against Transformer Architectures. Wynter Adrian de http://arxiv.org/abs/2010.08418 Learning Robust Algorithms for Online Allocation Problems Using Adversarial Training. Goran Zuzic; Di Wang; Aranyak Mehta; D. Sivakumar http://arxiv.org/abs/2010.07542 Adversarial Images through Stega Glasses. Benoît CRIStAL Bonnet; Teddy CRIStAL Furon; Patrick CRIStAL Bas http://arxiv.org/abs/2010.07849 A Hamiltonian Monte Carlo Method for Probabilistic Adversarial Attack and Learning. Hongjun Wang; Guanbin Li; Xiaobai Liu; Liang Lin http://arxiv.org/abs/2010.07788 Generalizing Universal Adversarial Attacks Beyond Additive Perturbations. Yanghao Zhang; Wenjie Ruan; Fu Wang; Xiaowei Huang http://arxiv.org/abs/2010.07532 Certifying Neural Network Robustness to Random Input Noise from Samples. Brendon G. Anderson; Somayeh Sojoudi http://arxiv.org/abs/2010.08034 Overfitting or Underfitting? Understand Robustness Drop in Adversarial Training. Zichao Li; Liyuan Liu; Chengyu Dong; Jingbo Shang http://arxiv.org/abs/2010.08001 Maximum-Entropy Adversarial Data Augmentation for Improved Generalization and Robustness. Long Zhao; Ting Liu; Xi Peng; Dimitris Metaxas http://arxiv.org/abs/2010.09212 Exploiting Vulnerabilities of Deep Learning-based Energy Theft Detection in AMI through Adversarial Attacks. Jiangnan Li; Yingyuan Yang; Jinyuan Stella Sun http://arxiv.org/abs/2010.11143 Progressive Defense Against Adversarial Attacks for Deep Learning as a Service in Internet of Things. Ling Wang; Cheng Zhang; Zejian Luo; Chenguang Liu; Jie Liu; Xi Zheng; Athanasios Vasilakos http://arxiv.org/abs/2010.06943 Pair the Dots: Jointly Examining Training History and Test Stimuli for Model Interpretability. Yuxian Meng; Chun Fan; Zijun Sun; Eduard Hovy; Fei Wu; Jiwei Li http://arxiv.org/abs/2010.07190 Towards Resistant Audio Adversarial Examples. Tom Dörr; Karla Markert; Nicolas M. Müller; Konstantin Böttinger http://arxiv.org/abs/2010.07230 An Adversarial Attack against Stacked Capsule Autoencoder. Jiazhu Dai; Siwei Xiong http://arxiv.org/abs/2010.06812 Explain2Attack: Text Adversarial Attacks via Cross-Domain Interpretability. Mahmoud Hossam; Trung Le; He Zhao; Dinh Phung http://arxiv.org/abs/2010.06855 GreedyFool: Multi-Factor Imperceptibility and Its Application to Designing Black-box Adversarial Example Attack. Hui Liu; Bo Zhao; Jiabao Guo; Yang An; Peng Liu http://arxiv.org/abs/2010.06545 Toward Few-step Adversarial Training from a Frequency Perspective. Hans Shih-Han Wang; Cory Cornelius; Brandon Edwards; Jason Martin http://arxiv.org/abs/2010.06651 Higher-Order Certification for Randomized Smoothing. Jeet Mohapatra; Ching-Yun Ko; Tsui-Wei Weng; Pin-Yu Chen; Sijia Liu; Luca Daniel http://arxiv.org/abs/2010.07693 Linking average- and worst-case perturbation robustness via class selectivity and dimensionality. Matthew L. Leavitt; Ari Morcos http://arxiv.org/abs/2010.06107 Universal Model for 3D Medical Image Analysis. Xiaoman Zhang; Ya Zhang; Xiaoyun Zhang; Yanfeng Wang http://arxiv.org/abs/2010.06121 To be Robust or to be Fair: Towards Fairness in Adversarial Training. Han Xu; Xiaorui Liu; Yaxin Li; Jiliang Tang http://arxiv.org/abs/2010.06131 Learning to Attack with Fewer Pixels: A Probabilistic Post-hoc Framework for Refining Arbitrary Dense Adversarial Attacks. He Zhao; Thanh Nguyen; Trung Le; Paul Montague; Vel Olivier De; Tamas Abraham; Dinh Phung http://arxiv.org/abs/2010.05981 Shape-Texture Debiased Neural Network Training. Yingwei Li; Qihang Yu; Mingxing Tan; Jieru Mei; Peng Tang; Wei Shen; Alan Yuille; Cihang Xie http://arxiv.org/abs/2010.06154 On the Power of Abstention and Data-Driven Decision Making for Adversarial Robustness. Maria-Florina Balcan; Avrim Blum; Dravyansh Sharma; Hongyang Zhang http://arxiv.org/abs/2010.05648 From Hero to Z\'eroe: A Benchmark of Low-Level Adversarial Attacks. Steffen Eger; Yannik Benz http://arxiv.org/abs/2010.05736 EFSG: Evolutionary Fooling Sentences Generator. Giovanni Marco Di; Marco Brambilla http://arxiv.org/abs/2010.06087 Contrast and Classify: Training Robust VQA Models. (2%) Yash Kant; Abhinav Moudgil; Dhruv Batra; Devi Parikh; Harsh Agrawal http://arxiv.org/abs/2010.05419 Gradient-based Analysis of NLP Models is Manipulable. Junlin Wang; Jens Tuyls; Eric Wallace; Sameer Singh http://arxiv.org/abs/2010.05272 IF-Defense: 3D Adversarial Point Cloud Defense via Implicit Function based Restoration. Ziyi Wu; Yueqi Duan; He Wang; Qingnan Fan; Leonidas J. Guibas http://arxiv.org/abs/2010.05125 Is It Time to Redefine the Classification Task for Deep Neural Networks? Keji Han; Yun Li http://arxiv.org/abs/2010.04925 Regularizing Neural Networks via Adversarial Model Perturbation. (1%) Yaowei Zheng; Richong Zhang; Yongyi Mao http://arxiv.org/abs/2010.04821 Understanding Spatial Robustness of Deep Neural Networks. Ziyuan Zhong; Yuchi Tian; Baishakhi Ray http://arxiv.org/abs/2010.04819 How Does Mixup Help With Robustness and Generalization? Linjun Zhang; Zhun Deng; Kenji Kawaguchi; Amirata Ghorbani; James Zou http://arxiv.org/abs/2010.03856 Transcending Transcend: Revisiting Malware Classification with Conformal Evaluation. Federico Barbero; Feargus Pendlebury; Fabio Pierazzi; Lorenzo Cavallaro http://arxiv.org/abs/2010.03844 Improve Adversarial Robustness via Weight Penalization on Classification Layer. Cong Xu; Dan Li; Min Yang http://arxiv.org/abs/2010.04055 A Unified Approach to Interpreting and Boosting Adversarial Transferability. Xin Wang; Jie Ren; Shuyun Lin; Xiangming Zhu; Yisen Wang; Quanshi Zhang http://arxiv.org/abs/2010.04092 Improved Techniques for Model Inversion Attacks. Si Chen; Ruoxi Jia; Guo-Jun Qi http://arxiv.org/abs/2010.04216 Affine-Invariant Robust Training. Oriol Barbany Mayor http://arxiv.org/abs/2010.04331 Targeted Attention Attack on Deep Learning Models in Road Sign Recognition. Xinghao Yang; Weifeng Liu; Shengli Zhang; Wei Liu; Dacheng Tao http://arxiv.org/abs/2010.04205 Gaussian MRF Covariance Modeling for Efficient Black-Box Adversarial Attacks. Anit Kumar Sahu; Satya Narayan Shukla; J. Zico Kolter http://arxiv.org/abs/2010.03465 Hiding the Access Pattern is Not Enough: Exploiting Search Pattern Leakage in Searchable Encryption. Simon Oya; Florian Kerschbaum http://arxiv.org/abs/2010.03245 Learning Clusterable Visual Features for Zero-Shot Recognition. Jingyi Xu; Zhixin Shu; Dimitris Samaras http://arxiv.org/abs/2010.03282 Don't Trigger Me! A Triggerless Backdoor Attack Against Deep Neural Networks. Ahmed Salem; Michael Backes; Yang Zhang http://arxiv.org/abs/2010.03630 Revisiting Batch Normalization for Improving Corruption Robustness. Philipp Benz; Chaoning Zhang; Adil Karjauv; In So Kweon http://arxiv.org/abs/2010.03316 Batch Normalization Increases Adversarial Vulnerability: Disentangling Usefulness and Robustness of Model Features. Philipp Benz; Chaoning Zhang; In So Kweon http://arxiv.org/abs/2010.03735 Decamouflage: A Framework to Detect Image-Scaling Attacks on Convolutional Neural Networks. Bedeuro Kim; Alsharif Abuadbba; Yansong Gao; Yifeng Zheng; Muhammad Ejaz Ahmed; Hyoungshick Kim; Surya Nepal http://arxiv.org/abs/2010.03258 Global Optimization of Objective Functions Represented by ReLU Networks. Christopher A. Strong; Haoze Wu; Aleksandar Zeljić; Kyle D. Julian; Guy Katz; Clark Barrett; Mykel J. Kochenderfer http://arxiv.org/abs/2010.03300 CD-UAP: Class Discriminative Universal Adversarial Perturbation. Chaoning Zhang; Philipp Benz; Tooba Imtiaz; In So Kweon http://arxiv.org/abs/2010.03180 Not All Datasets Are Born Equal: On Heterogeneous Data and Adversarial Examples. Eden Levy; Yael Mathov; Ziv Katzir; Asaf Shabtai; Yuval Elovici http://arxiv.org/abs/2010.03288 Double Targeted Universal Adversarial Perturbations. Philipp Benz; Chaoning Zhang; Tooba Imtiaz; In So Kweon http://arxiv.org/abs/2010.03593 Uncovering the Limits of Adversarial Training against Norm-Bounded Adversarial Examples. Sven Gowal; Chongli Qin; Jonathan Uesato; Timothy Mann; Pushmeet Kohli http://arxiv.org/abs/2010.03671 Adversarial Attacks to Machine Learning-Based Smart Healthcare Systems. AKM Iqtidar Newaz; Nur Imtiazul Haque; Amit Kumar Sikder; Mohammad Ashiqur Rahman; A. Selcuk Uluagac http://arxiv.org/abs/2010.03164 Adversarial attacks on audio source separation. Naoya Takahashi; Shota Inoue; Yuki Mitsufuji http://arxiv.org/abs/2010.02468 Visualizing Color-wise Saliency of Black-Box Image Classification Models. Yuhki SenseTime Japan Hatakeyama; Hiroki SenseTime Japan Sakuma; Yoshinori SenseTime Japan Konishi; Kohei Kyoto University Suenaga http://arxiv.org/abs/2010.02558 Constraining Logits by Bounded Function for Adversarial Robustness. Sekitoshi Kanai; Masanori Yamada; Shin'ya Yamaguchi; Hiroshi Takahashi; Yasutoshi Ida http://arxiv.org/abs/2010.03072 Adversarial Patch Attacks on Monocular Depth Estimation Networks. Koichiro Yamanaka; Ryutaroh Matsumoto; Keita Takahashi; Toshiaki Fujii http://arxiv.org/abs/2010.03007 BAAAN: Backdoor Attacks Against Autoencoder and GAN-Based Machine Learning Models. Ahmed Salem; Yannick Sautter; Michael Backes; Mathias Humbert; Yang Zhang http://arxiv.org/abs/2010.02065 Detecting Misclassification Errors in Neural Networks with a Gaussian Process Model. Xin Qiu; Risto Miikkulainen http://arxiv.org/abs/2010.02508 Adversarial Boot Camp: label free certified robustness in one epoch. Ryan Campbell; Chris Finlay; Adam M Oberman http://arxiv.org/abs/2010.02364 Understanding Classifier Mistakes with Generative Models. Laëtitia Shao; Yang Song; Stefano Ermon http://arxiv.org/abs/2010.02338 CAT-Gen: Improving Robustness in NLP Models via Controlled Adversarial Text Generation. Tianlu Wang; Xuezhi Wang; Yao Qin; Ben Packer; Kang Li; Jilin Chen; Alex Beutel; Ed Chi http://arxiv.org/abs/2010.01770 Second-Order NLP Adversarial Examples. John X. Morris http://arxiv.org/abs/2010.02432 A Panda? No, It's a Sloth: Slowdown Attacks on Adaptive Multi-Exit Neural Network Inference. Sanghyun Hong; Yiğitcan Kaya; Ionuţ-Vlad Modoranu; Tudor Dumitraş http://arxiv.org/abs/2010.02329 InfoBERT: Improving Robustness of Language Models from An Information Theoretic Perspective. Boxin Wang; Shuohang Wang; Yu Cheng; Zhe Gan; Ruoxi Jia; Bo Li; Jingjing Liu http://arxiv.org/abs/2010.01799 Understanding Catastrophic Overfitting in Single-step Adversarial Training. Hoki Kim; Woojin Lee; Jaewook Lee http://arxiv.org/abs/2010.02456 Downscaling Attack and Defense: Turning What You See Back Into What You Get. Andrew J. Lohn http://arxiv.org/abs/2010.02387 Metadata-Based Detection of Child Sexual Abuse Material. (1%) Mayana Pereira; Rahul Dodhia; Hyrum Anderson; Richard Brown http://arxiv.org/abs/2010.01724 TextAttack: Lessons learned in designing Python frameworks for NLP. John X. Morris; Jin Yong Yoo; Yanjun Qi http://arxiv.org/abs/2010.01506 A Study for Universal Adversarial Attacks on Texture Recognition. Yingpeng Deng; Lina J. Karam http://arxiv.org/abs/2010.01610 Adversarial Attack and Defense of Structured Prediction Models. Wenjuan Han; Liwen Zhang; Yong Jiang; Kewei Tu http://arxiv.org/abs/2010.01736 Geometry-aware Instance-reweighted Adversarial Training. Jingfeng Zhang; Jianing Zhu; Gang Niu; Bo Han; Masashi Sugiyama; Mohan Kankanhalli http://arxiv.org/abs/2010.01592 Unknown Presentation Attack Detection against Rational Attackers. Ali Khodabakhsh; Zahid Akhtar http://arxiv.org/abs/2010.01401 Adversarial and Natural Perturbations for General Robustness. Sadaf Gulshad; Jan Hendrik Metzen; Arnold Smeulders http://arxiv.org/abs/2010.01329 Multi-Step Adversarial Perturbations on Recommender Systems Embeddings. Vito Walter Anelli; Alejandro Bellogín; Yashar Deldjoo; Noia Tommaso Di; Felice Antonio Merra http://arxiv.org/abs/2010.01345 A Geometry-Inspired Attack for Generating Natural Language Adversarial Examples. Zhao Meng; Roger Wattenhofer http://arxiv.org/abs/2010.01278 Efficient Robust Training via Backward Smoothing. Jinghui Chen; Yu Cheng; Zhe Gan; Quanquan Gu; Jingjing Liu http://arxiv.org/abs/2010.01279 Do Wider Neural Networks Really Help Adversarial Robustness? Boxi Wu; Jinghui Chen; Deng Cai; Xiaofei He; Quanquan Gu http://arxiv.org/abs/2010.00990 Note: An alternative proof of the vulnerability of $k$-NN classifiers in high intrinsic dimensionality regions. Teddy Furon http://arxiv.org/abs/2010.00984 An Empirical Study of DNNs Robustification Inefficacy in Protecting Visual Recommenders. Vito Walter Anelli; Noia Tommaso Di; Daniele Malitesta; Felice Antonio Merra http://arxiv.org/abs/2010.00801 Block-wise Image Transformation with Secret Key for Adversarially Robust Defense. MaungMaung AprilPyone; Hitoshi Kiya http://arxiv.org/abs/2010.01039 Query complexity of adversarial attacks. Grzegorz Głuch; Rüdiger Urbanke http://arxiv.org/abs/2010.01250 CorrAttack: Black-box Adversarial Attack with Structured Search. Zhichao Huang; Yaowei Huang; Tong Zhang http://arxiv.org/abs/2010.01238 A Deep Genetic Programming based Methodology for Art Media Classification Robust to Adversarial Perturbations. Gustavo Olague; Gerardo Ibarra-Vazquez; Mariana Chan-Ley; Cesar Puente; Carlos Soubervielle-Montalvo; Axel Martinez http://arxiv.org/abs/2010.01171 Data-Driven Certification of Neural Networks with Random Input Noise. (16%) Brendon G. Anderson; Somayeh Sojoudi http://arxiv.org/abs/2010.02004 Assessing Robustness of Text Classification through Maximal Safe Radius Computation. Malfa Emanuele La; Min Wu; Luca Laurenti; Benjie Wang; Anthony Hartshorn; Marta Kwiatkowska http://arxiv.org/abs/2010.00467 Bag of Tricks for Adversarial Training. Tianyu Pang; Xiao Yang; Yinpeng Dong; Hang Su; Jun Zhu http://arxiv.org/abs/2010.00071 Erratum Concerning the Obfuscated Gradients Attack on Stochastic Activation Pruning. Guneet S. Dhillon; Nicholas Carlini http://arxiv.org/abs/2009.14454 Accurate and Robust Feature Importance Estimation under Distribution Shifts. Jayaraman J. Thiagarajan; Vivek Narayanaswamy; Rushil Anirudh; Peer-Timo Bremer; Andreas Spanias http://arxiv.org/abs/2009.14455 Uncertainty-Matching Graph Neural Networks to Defend Against Poisoning Attacks. Uday Shankar Shanthamallu; Jayaraman J. Thiagarajan; Andreas Spanias http://arxiv.org/abs/2009.14720 DVERGE: Diversifying Vulnerabilities for Enhanced Robust Generation of Ensembles. Huanrui Yang; Jingyang Zhang; Hongliang Dong; Nathan Inkawhich; Andrew Gardner; Andrew Touchet; Wesley Wilkes; Heath Berry; Hai Li http://arxiv.org/abs/2009.13971 Neural Topic Modeling with Cycle-Consistent Adversarial Training. Xuemeng Hu; Rui Wang; Deyu Zhou; Yuxuan Xiong http://arxiv.org/abs/2009.14075 Fast Fr\'echet Inception Distance. Alexander Mathiasen; Frederik Hvilshøj http://arxiv.org/abs/2009.13720 Adversarial Attacks Against Deep Learning Systems for ICD-9 Code Assignment. Sharan Raja; Rudraksh Tuwani http://arxiv.org/abs/2009.13562 STRATA: Building Robustness with a Simple Method for Generating Black-box Adversarial Attacks for Models of Code. Jacob M. Springer; Bryn Marie Reinstadler; Una-May O'Reilly http://arxiv.org/abs/2009.13504 Graph Adversarial Networks: Protecting Information against Adversarial Attacks. Peiyuan Liao; Han Zhao; Keyulu Xu; Tommi Jaakkola; Geoffrey Gordon; Stefanie Jegelka; Ruslan Salakhutdinov http://arxiv.org/abs/2009.13145 Adversarial Robustness of Stabilized NeuralODEs Might be from Obfuscated Gradients. Yifei Huang; Yaodong Yu; Hongyang Zhang; Yi Ma; Yuan Yao http://arxiv.org/abs/2009.13243 Generating End-to-End Adversarial Examples for Malware Classifiers Using Explainability. Ishai Rosenberg; Shai Meir; Jonathan Berrebi; Ilay Gordon; Guillaume Sicard; Eli David http://arxiv.org/abs/2009.13714 Learning to Generate Image Source-Agnostic Universal Adversarial Perturbations. (92%) Pu Zhao; Parikshit Ram; Songtao Lu; Yuguang Yao; Djallel Bouneffouf; Xue Lin; Sijia Liu http://arxiv.org/abs/2009.12927 Learning to Improve Image Compression without Changing the Standard Decoder. Yannick Strümpler; Ren Yang; Radu Timofte http://arxiv.org/abs/2009.13038 RoGAT: a robust GNN combined revised GAT with adjusted graphs. Xianchen Zhou; Yaoyun Zeng; Hongxia Wang http://arxiv.org/abs/2009.13033 Where Does the Robustness Come from? A Study of the Transformation-based Ensemble Defence. Chang Liao; Yao Cheng; Chengfang Fang; Jie Shi http://arxiv.org/abs/2009.12718 Differentially Private Adversarial Robustness Through Randomized Perturbations. Nan Xu; Oluwaseyi Feyisetan; Abhinav Aggarwal; Zekun Xu; Nathanael Teissier http://arxiv.org/abs/2009.12724 Beneficial Perturbations Network for Defending Adversarial Examples. Shixian Wen; Amanda Rios; Laurent Itti http://arxiv.org/abs/2009.12088 Training CNNs in Presence of JPEG Compression: Multimedia Forensics vs Computer Vision. Sara Mandelli; Nicolò Bonettini; Paolo Bestagini; Stefano Tubaro http://arxiv.org/abs/2009.12064 Attention Meets Perturbations: Robust and Interpretable Attention with Adversarial Training. Shunsuke Kitada; Hitoshi Iyatomi http://arxiv.org/abs/2009.13250 Advancing the Research and Development of Assured Artificial Intelligence and Machine Learning Capabilities. Tyler J. Shipp; Daniel J. Clouse; Lucia Michael J. De; Metin B. Ahiskali; Kai Steverson; Jonathan M. Mullin; Nathaniel D. Bastian http://arxiv.org/abs/2009.11911 Adversarial Examples in Deep Learning for Multivariate Time Series Regression. Gautam Raj Mode; Khaza Anuarul Hoque http://arxiv.org/abs/2009.11508 Improving Query Efficiency of Black-box Adversarial Attack. Yang Bai; Yuyuan Zeng; Yong Jiang; Yisen Wang; Shu-Tao Xia; Weiwei Guo http://arxiv.org/abs/2009.11416 Enhancing Mixup-based Semi-Supervised Learning with Explicit Lipschitz Regularization. Prashnna Kumar Gyawali; Sandesh Ghimire; Linwei Wang http://arxiv.org/abs/2009.11321 Improving Dialog Evaluation with a Multi-reference Adversarial Dataset and Large Scale Pretraining. Ananya B. Sai; Akash Kumar Mohankumar; Siddhartha Arora; Mitesh M. Khapra http://arxiv.org/abs/2009.11349 Adversarial robustness via stochastic regularization of neural activation sensitivity. Gil Fidel; Ron Bitton; Ziv Katzir; Asaf Shabtai http://arxiv.org/abs/2009.10975 A Partial Break of the Honeypots Defense to Catch Adversarial Attacks. Nicholas Carlini http://arxiv.org/abs/2009.10978 Semantics-Preserving Adversarial Training. Wonseok Lee; Hanbit Lee; Sang-goo Lee http://arxiv.org/abs/2009.11090 Robustification of Segmentation Models Against Adversarial Perturbations In Medical Imaging. Hanwool Park; Amirhossein Bayat; Mohammad Sabokrou; Jan S. Kirschke; Bjoern H. Menze http://arxiv.org/abs/2009.11397 Detection of Iterative Adversarial Attacks via Counter Attack. Matthias Rottmann; Kira Maag; Mathis Peyron; Natasa Krejic; Hanno Gottschalk http://arxiv.org/abs/2010.01950 Torchattacks: A PyTorch Repository for Adversarial Attacks. Hoki Kim http://arxiv.org/abs/2009.10639 What Do You See? Evaluation of Explainable Artificial Intelligence (XAI) Interpretability through Neural Backdoors. Yi-Shan Lin; Wen-Chuan Lee; Z. Berkay Celik http://arxiv.org/abs/2009.10623 Tailoring: encoding inductive biases by optimizing unsupervised objectives at prediction time. Ferran Alet; Kenji Kawaguchi; Tomas Lozano-Perez; Leslie Pack Kaelbling http://arxiv.org/abs/2009.10568 Adversarial Attack Based Countermeasures against Deep Learning Side-Channel Attacks. Ruizhe Gu; Ping Wang; Mengce Zheng; Honggang Hu; Nenghai Yu http://arxiv.org/abs/2009.10235 Uncertainty-aware Attention Graph Neural Network for Defending Adversarial Attacks. Boyuan Feng; Yuke Wang; Zheng Wang; Yufei Ding http://arxiv.org/abs/2009.10233 Scalable Adversarial Attack on Graph Neural Networks with Alternating Direction Method of Multipliers. Boyuan Feng; Yuke Wang; Xu Li; Yufei Ding http://arxiv.org/abs/2009.09774 Generating Adversarial yet Inconspicuous Patches with a Single Image. Jinqi Luo; Tao Bai; Jun Zhao; Bo Li http://arxiv.org/abs/2009.10526 Adversarial Training with Stochastic Weight Average. Joong-Won Hwang; Youngwan Lee; Sungchan Oh; Yuseok Bae http://arxiv.org/abs/2009.09612 Improving Ensemble Robustness by Collaboratively Promoting and Demoting Adversarial Robustness. Anh Bui; Trung Le; He Zhao; Paul Montague; Olivier deVel; Tamas Abraham; Dinh Phung http://arxiv.org/abs/2009.09663 DeepDyve: Dynamic Verification for Deep Neural Networks. Yu Li; Min Li; Bo Luo; Ye Tian; Qiang Xu http://arxiv.org/abs/2009.09922 Feature Distillation With Guided Adversarial Contrastive Learning. Tao Bai; Jinnan Chen; Jun Zhao; Bihan Wen; Xudong Jiang; Alex Kot http://arxiv.org/abs/2009.10149 Crafting Adversarial Examples for Deep Learning Based Prognostics (Extended Version). Gautam Raj Mode; Khaza Anuarul Hoque http://arxiv.org/abs/2009.10142 Stereopagnosia: Fooling Stereo Networks with Adversarial Perturbations. Alex Wong; Mukund Mundhra; Stefano Soatto http://arxiv.org/abs/2009.10064 Optimal Provable Robustness of Quantum Classification via Quantum Hypothesis Testing. Maurice Weber; Nana Liu; Bo Li; Ce Zhang; Zhikuan Zhao http://arxiv.org/abs/2009.10060 Password Strength Signaling: A Counter-Intuitive Defense Against Password Cracking. (1%) Wenjie Bai; Jeremiah Blocki; Ben Harsha http://arxiv.org/abs/2009.09587 Improving Robustness and Generality of NLP Models Using Disentangled Representations. Jiawei Wu; Xiaoya Li; Xiang Ao; Yuxian Meng; Fei Wu; Jiwei Li http://arxiv.org/abs/2009.09318 Efficient Certification of Spatial Robustness. Anian Ruoss; Maximilian Baader; Mislav Balunović; Martin Vechev http://arxiv.org/abs/2009.09191 OpenAttack: An Open-source Textual Adversarial Attack Toolkit. Guoyang Zeng; Fanchao Qi; Qianrui Zhou; Tingji Zhang; Bairu Hou; Yuan Zang; Zhiyuan Liu; Maosong Sun http://arxiv.org/abs/2009.09258 Making Images Undiscoverable from Co-Saliency Detection. Ruijun Gao; Qing Guo; Felix Juefei-Xu; Hongkai Yu; Xuhong Ren; Wei Feng; Song Wang http://arxiv.org/abs/2009.09231 Adversarial Exposure Attack on Diabetic Retinopathy Imagery. Yupeng Cheng; Felix Juefei-Xu; Qing Guo; Huazhu Fu; Xiaofei Xie; Shang-Wei Lin; Weisi Lin; Yang Liu http://arxiv.org/abs/2009.09247 Bias Field Poses a Threat to DNN-based X-Ray Recognition. Binyu Tian; Qing Guo; Felix Juefei-Xu; Wen Le Chan; Yupeng Cheng; Xiaohong Li; Xiaofei Xie; Shengchao Qin http://arxiv.org/abs/2009.09192 Learning to Attack: Towards Textual Adversarial Attacking in Real-world Situations. Yuan Zang; Bairu Hou; Fanchao Qi; Zhiyuan Liu; Xiaojun Meng; Maosong Sun http://arxiv.org/abs/2009.09205 Adversarial Rain Attack and Defensive Deraining for DNN Perception. Liming Zhai; Felix Juefei-Xu; Qing Guo; Xiaofei Xie; Lei Ma; Wei Feng; Shengchao Qin; Yang Liu http://arxiv.org/abs/2009.10537 EI-MTD:Moving Target Defense for Edge Intelligence against Adversarial Attacks. Yaguan Qian; Qiqi Shao; Jiamin Wang; Xiang Lin; Yankai Guo; Zhaoquan Gu; Bin Wang; Chunming Wu http://arxiv.org/abs/2009.09026 Robust Decentralized Learning for Neural Networks. Yao Zhou; Jun Wu; Jingrui He http://arxiv.org/abs/2009.09090 MIRAGE: Mitigating Conflict-Based Cache Attacks with a Practical Fully-Associative Design. (1%) Gururaj Saileshwar; Moinuddin Qureshi http://arxiv.org/abs/2009.08061 Certifying Confidence via Randomized Smoothing. Aounon Kumar; Alexander Levine; Soheil Feizi; Tom Goldstein http://arxiv.org/abs/2009.08205 Generating Label Cohesive and Well-Formed Adversarial Claims. Pepa Atanasova; Dustin Wright; Isabelle Augenstein http://arxiv.org/abs/2009.08194 Vax-a-Net: Training-time Defence Against Adversarial Patch Attacks. T. Gittings; S. Schneider; J. Collomosse http://arxiv.org/abs/2009.08233 Label Smoothing and Adversarial Robustness. Chaohao Fu; Hongbin Chen; Na Ruan; Weijia Jia http://arxiv.org/abs/2009.08110 Online Alternate Generator against Adversarial Attacks. Haofeng Li; Yirui Zeng; Guanbin Li; Liang Lin; Yizhou Yu http://arxiv.org/abs/2009.08058 MultAV: Multiplicative Adversarial Videos. Shao-Yuan Lo; Vishal M. Patel http://arxiv.org/abs/2009.08070 On the Transferability of Minimal Prediction Preserving Inputs in Question Answering. Shayne Longpre; Yi Lu; Christopher DuBois http://arxiv.org/abs/2009.08435 Large Norms of CNN Layers Do Not Hurt Adversarial Robustness. Youwei Liang; Dong Huang http://arxiv.org/abs/2009.08311 Multimodal Safety-Critical Scenarios Generation for Decision-Making Algorithms Evaluation. Wenhao Ding; Baiming Chen; Bo Li; Kim Ji Eun; Ding Zhao http://arxiv.org/abs/2009.07974 Analysis of Generalizability of Deep Neural Networks Based on the Complexity of Decision Boundary. Shuyue Guan; Murray Loew http://arxiv.org/abs/2009.07753 Malicious Network Traffic Detection via Deep Learning: An Information Theoretic View. Erick Galinkin http://arxiv.org/abs/2009.07502 Contextualized Perturbation for Textual Adversarial Attack. Dianqi Li; Yizhe Zhang; Hao Peng; Liqun Chen; Chris Brockett; Ming-Ting Sun; Bill Dolan http://arxiv.org/abs/2009.06962 Puzzle Mix: Exploiting Saliency and Local Statistics for Optimal Mixup. Jang-Hyun Kim; Wonho Choo; Hyun Oh Song http://arxiv.org/abs/2009.06996 Light Can Hack Your Face! Black-box Backdoor Attack on Face Recognition Systems. Haoliang Nanyang Technological University, Singapore Li; Yufei Nanyang Technological University, Singapore Wang; Xiaofei Nanyang Technological University, Singapore Xie; Yang Nanyang Technological University, Singapore Liu; Shiqi City University of Hong Kong Wang; Renjie Nanyang Technological University, Singapore Wan; Lap-Pui Nanyang Technological University, Singapore Chau; Alex C. Nanyang Technological University, Singapore Kot http://arxiv.org/abs/2009.07191 Switching Gradient Directions for Query-Efficient Black-Box Adversarial Attacks. Chen Ma; Shuyu Cheng; Li Chen; Junhai Yong http://arxiv.org/abs/2009.07024 Decision-based Universal Adversarial Attack. Jing Wu; Mingyi Zhou; Shuaicheng Liu; Yipeng Liu; Ce Zhu http://arxiv.org/abs/2009.06530 A Game Theoretic Analysis of Additive Adversarial Attacks and Defenses. Ambar Pal; René Vidal http://arxiv.org/abs/2009.06571 Input Hessian Regularization of Neural Networks. Waleed Mustafa; Robert A. Vandermeulen; Marius Kloft http://arxiv.org/abs/2009.06589 Robust Deep Learning Ensemble against Deception. Wenqi Wei; Ling Liu http://arxiv.org/abs/2009.06701 Hold Tight and Never Let Go: Security of Deep Learning based Automated Lane Centering under Physical-World Attack. Takami Sato; Junjie Shen; Ningfei Wang; Yunhan Jack Jia; Xue Lin; Qi Alfred Chen http://arxiv.org/abs/2009.05965 Manifold attack. Khanh-Hung Tran; Fred-Maurice Ngole-Mboula; Jean-Luc Starck http://arxiv.org/abs/2009.06114 Towards the Quantification of Safety Risks in Deep Neural Networks. Peipei Xu; Wenjie Ruan; Xiaowei Huang http://arxiv.org/abs/2009.05872 Certified Robustness of Graph Classification against Topology Attack with Randomized Smoothing. Zhidong Gao; Rui Hu; Yanmin Gong http://arxiv.org/abs/2009.05244 Defending Against Multiple and Unforeseen Adversarial Videos. Shao-Yuan Lo; Vishal M. Patel http://arxiv.org/abs/2009.05460 Robust Neural Machine Translation: Modeling Orthographic and Interpunctual Variation. Toms Bergmanis; Artūrs Stafanovičs; Mārcis Pinnis http://arxiv.org/abs/2009.05423 Achieving Adversarial Robustness via Sparsity. Shufan Wang; Ningyi Liao; Liyao Xiang; Nanyang Ye; Quanshi Zhang http://arxiv.org/abs/2009.05487 The Intriguing Relation Between Counterfactual Explanations and Adversarial Examples. Timo Freiesleben http://arxiv.org/abs/2009.05602 Semantic-preserving Reinforcement Learning Attack Against Graph Neural Networks for Malware Detection. Lan Zhang; Peng Liu; Yoon-Ho Choi http://arxiv.org/abs/2009.04923 Second Order Optimization for Adversarial Robustness and Interpretability. Theodoros Tsiligkaridis; Jay Roberts http://arxiv.org/abs/2009.04709 Quantifying the Preferential Direction of the Model Gradient in Adversarial Training With Projected Gradient Descent. Ricardo Bigolin Lanfredi; Joyce D. Schroeder; Tolga Tasdizen http://arxiv.org/abs/2009.04614 End-to-end Kernel Learning via Generative Random Fourier Features. Kun Fang; Xiaolin Huang; Fanghui Liu; Jie Yang http://arxiv.org/abs/2009.06368 Searching for a Search Method: Benchmarking Search Algorithms for Generating NLP Adversarial Examples. Jin Yong Yoo; John X. Morris; Eli Lifland; Yanjun Qi http://arxiv.org/abs/2009.05474 A black-box adversarial attack for poisoning clustering. Antonio Emanuele Cinà; Alessandro Torcinovich; Marcello Pelillo http://arxiv.org/abs/2009.04131 SoK: Certified Robustness for Deep Neural Networks. Linyi Li; Tao Xie; Bo Li http://arxiv.org/abs/2009.04004 Fuzzy Unique Image Transformation: Defense Against Adversarial Attacks On Deep COVID-19 Models. Achyut Mani Tripathi; Ashish Mishra http://arxiv.org/abs/2009.03728 Adversarial Machine Learning in Image Classification: A Survey Towards the Defender's Perspective. Gabriel Resende Machado; Eugênio Silva; Ronaldo Ribeiro Goldschmidt http://arxiv.org/abs/2009.03364 Adversarial attacks on deep learning models for fatty liver disease classification by modification of ultrasound image reconstruction method. Michal Byra; Grzegorz Styczynski; Cezary Szmigielski; Piotr Kalinowski; Lukasz Michalowski; Rafal Paluszkiewicz; Bogna Ziarkiewicz-Wroblewska; Krzysztof Zieniewicz; Andrzej Nowicki http://arxiv.org/abs/2009.03488 Adversarial Attack on Large Scale Graph. Jintang Li; Tao Xie; Liang Chen; Fenfang Xie; Xiangnan He; Zibin Zheng http://arxiv.org/abs/2009.03136 Black Box to White Box: Discover Model Characteristics Based on Strategic Probing. Josh Kalin; Matthew Ciolino; David Noever; Gerry Dozier http://arxiv.org/abs/2009.02877 A Game Theoretic Analysis of LQG Control under Adversarial Attack. Zuxing Li; György Dán; Dong Liu http://arxiv.org/abs/2009.02874 Dynamically Computing Adversarial Perturbations for Recurrent Neural Networks. Shankar A. Deka; Dušan M. Stipanović; Claire J. Tomlin http://arxiv.org/abs/2009.02738 Detection Defense Against Adversarial Attacks with Saliency Map. Dengpan Ye; Chuanxi Chen; Changrui Liu; Hao Wang; Shunzhi Jiang http://arxiv.org/abs/2009.02608 Bluff: Interactively Deciphering Adversarial Attacks on Deep Neural Networks. Nilaksh Polo Das; Haekyu Polo Park; Zijie J. Polo Wang; Fred Polo Hohman; Robert Polo Firstman; Emily Polo Rogers; Duen Polo Horng; Chau http://arxiv.org/abs/2009.02470 Dual Manifold Adversarial Robustness: Defense against Lp and non-Lp Adversarial Attacks. Wei-An Lin; Chun Pong Lau; Alexander Levine; Rama Chellappa; Soheil Feizi http://arxiv.org/abs/2009.01729 MIPGAN -- Generating Strong and High Quality Morphing Attacks Using Identity Prior Driven GAN. (10%) Haoyu Zhang; Sushma Venkatesh; Raghavendra Ramachandra; Kiran Raja; Naser Damer; Christoph Busch http://arxiv.org/abs/2009.01672 Yet Meta Learning Can Adapt Fast, It Can Also Break Easily. Han Xu; Yaxin Li; Xiaorui Liu; Hui Liu; Jiliang Tang http://arxiv.org/abs/2009.01110 Perceptual Deep Neural Networks: Adversarial Robustness through Input Recreation. Danilo Vasconcellos Vargas; Bingli Liao; Takahiro Kanzaki http://arxiv.org/abs/2009.00814 Open-set Adversarial Defense. Rui Shao; Pramuditha Perera; Pong C. Yuen; Vishal M. Patel http://arxiv.org/abs/2009.00902 Adversarially Robust Neural Architectures. Minjing Dong; Yanxi Li; Yunhe Wang; Chang Xu http://arxiv.org/abs/2009.01122 Flow-based detection and proxy-based evasion of encrypted malware C2 traffic. Carlos University of Porto and INESC TEC Novo; Ricardo University of Porto and INESC TEC Morla http://arxiv.org/abs/2009.01109 Adversarial Attacks on Deep Learning Systems for User Identification based on Motion Sensors. Cezara Benegui; Radu Tudor Ionescu http://arxiv.org/abs/2009.00960 Simulating Unknown Target Models for Query-Efficient Black-box Attacks. Chen Ma; Li Chen; Jun-Hai Yong http://arxiv.org/abs/2009.09803 Defending against substitute model black box adversarial attacks with the 01 loss. Yunzhe Xue; Meiyan Xie; Usman Roshan http://arxiv.org/abs/2008.13671 Adversarial Patch Camouflage against Aerial Detection. Ajaya Adhikari; Richard den Hollander; Ioannis Tolios; Bekkum Michael van; Anneloes Bal; Stijn Hendriks; Maarten Kruithof; Dennis Gross; Nils Jansen; Guillermo Pérez; Kit Buurman; Stephan Raaijmakers http://arxiv.org/abs/2009.01048 MALCOM: Generating Malicious Comments to Attack Neural Fake News Detection Models. Thai Le; Suhang Wang; Dongwon Lee http://arxiv.org/abs/2009.00203 Efficient, Direct, and Restricted Black-Box Graph Evasion Attacks to Any-Layer Graph Neural Networks via Influence Function. Binghui Wang; Tianxiang Zhou; Minhua Lin; Pan Zhou; Ang Li; Meng Pang; Hai Li; Yiran Chen http://arxiv.org/abs/2008.13261 Benchmarking adversarial attacks and defenses for time-series data. Shoaib Ahmed Siddiqui; Andreas Dengel; Sheraz Ahmed http://arxiv.org/abs/2008.13305 An Integrated Approach to Produce Robust Models with High Efficiency. Zhijian Li; Bao Wang; Jack Xin http://arxiv.org/abs/2008.13336 Shape Defense Against Adversarial Attacks. Ali Borji http://arxiv.org/abs/2008.12997 Improving Resistance to Adversarial Deformations by Regularizing Gradients. Pengfei Xia; Bin Li http://arxiv.org/abs/2008.12328 A Scene-Agnostic Framework with Adversarial Training for Abnormal Event Detection in Video. Mariana-Iuliana Georgescu; Radu Tudor Ionescu; Fahad Shahbaz Khan; Marius Popescu; Mubarak Shah http://arxiv.org/abs/2008.12008 GhostBuster: Looking Into Shadows to Detect Ghost Objects in Autonomous Vehicle 3D Sensing. Zhongyuan Hau; Soteris Demetriou; Luis Muñoz-González; Emil C. Lupu http://arxiv.org/abs/2008.12066 Minimal Adversarial Examples for Deep Learning on 3D Point Clouds. Jaeyeon Kim; Binh-Son Hua; Duc Thanh Nguyen; Sai-Kit Yeung http://arxiv.org/abs/2008.12016 On the Intrinsic Robustness of NVM Crossbars Against Adversarial Attacks. Deboleena Roy; Indranil Chakraborty; Timur Ibrayev; Kaushik Roy http://arxiv.org/abs/2009.00097 Adversarial Eigen Attack on Black-Box Models. Linjun Zhou; Peng Cui; Yinan Jiang; Shiqiang Yang http://arxiv.org/abs/2008.12454 Color and Edge-Aware Adversarial Image Perturbations. Robert Bassett; Mitchell Graves; Patrick Reilly http://arxiv.org/abs/2008.12338 Adversarially Robust Learning via Entropic Regularization. Gauri Jagatap; Ameya Joshi; Animesh Basak Chowdhury; Siddharth Garg; Chinmay Hegde http://arxiv.org/abs/2008.11618 Adversarially Training for Audio Classifiers. Raymel Alfonso Sallo; Mohammad Esmaeilpour; Patrick Cardinal http://arxiv.org/abs/2008.11300 Likelihood Landscapes: A Unifying Principle Behind Many Adversarial Defenses. Fu Lin; Rohit Mittapalli; Prithvijit Chattopadhyay; Daniel Bolya; Judy Hoffman http://arxiv.org/abs/2008.11089 Two Sides of the Same Coin: White-box and Black-box Attacks for Transfer Learning. Yinghua Zhang; Yangqiu Song; Jian Liang; Kun Bai; Qiang Yang http://arxiv.org/abs/2008.11298 Rethinking Non-idealities in Memristive Crossbars for Adversarial Robustness in Neural Networks. Abhiroop Bhattacharjee; Priyadarshini Panda http://arxiv.org/abs/2008.11278 An Adversarial Attack Defending System for Securing In-Vehicle Networks. Yi Li; Jing Lin; Kaiqi Xiong http://arxiv.org/abs/2008.10715 Certified Robustness of Graph Neural Networks against Adversarial Structural Perturbation. Binghui Wang; Jinyuan Jia; Xiaoyu Cao; Neil Zhenqiang Gong http://arxiv.org/abs/2008.10106 Developing and Defeating Adversarial Examples. Ian McDiarmid-Sterling; Allan Moser http://arxiv.org/abs/2008.09954 Ptolemy: Architecture Support for Robust Deep Learning. Yiming Gan; Yuxian Qiu; Jingwen Leng; Minyi Guo; Yuhao Zhu http://arxiv.org/abs/2008.10138 PermuteAttack: Counterfactual Explanation of Machine Learning Credit Scorecards. Masoud Hashemi; Ali Fathi http://arxiv.org/abs/2008.09824 Self-Competitive Neural Networks. Iman Saberi; Fathiyeh Faghih http://arxiv.org/abs/2008.09381 A Survey on Assessing the Generalization Envelope of Deep Neural Networks: Predictive Uncertainty, Out-of-distribution and Adversarial Samples. Julia Lust; Alexandru Paul Condurache http://arxiv.org/abs/2008.09148 Towards adversarial robustness with 01 loss neural networks. Yunzhe Xue; Meiyan Xie; Usman Roshan http://arxiv.org/abs/2008.09194 On Attribution of Deepfakes. Baiwu Zhang; Jin Peng Zhou; Ilia Shumailov; Nicolas Papernot http://arxiv.org/abs/2008.09010 $\beta$-Variational Classifiers Under Attack. Marco Maggipinto; Matteo Terzi; Gian Antonio Susto http://arxiv.org/abs/2008.08847 Yet Another Intermediate-Level Attack. Qizhang Li; Yiwen Guo; Hao Chen http://arxiv.org/abs/2008.08750 Prototype-based interpretation of the functionality of neurons in winner-take-all neural networks. Ramin Zarei Sabzevar; Kamaledin Ghiasi-Shirazi; Ahad Harati http://arxiv.org/abs/2008.08384 Addressing Neural Network Robustness with Mixup and Targeted Labeling Adversarial Training. Alfred Laugros; Alice Caplier; Matthieu Ospici http://arxiv.org/abs/2008.08755 On $\ell_p$-norm Robustness of Ensemble Stumps and Trees. Yihan Wang; Huan Zhang; Hongge Chen; Duane Boning; Cho-Jui Hsieh http://arxiv.org/abs/2008.07838 Improving adversarial robustness of deep neural networks by using semantic information. Lina Wang; Rui Tang; Yawei Yue; Xingshu Chen; Wei Wang; Yi Zhu; Xuemei Zeng http://arxiv.org/abs/2008.09041 Direct Adversarial Training for GANs. Ziqiang Li http://arxiv.org/abs/2008.08170 Accelerated Zeroth-Order and First-Order Momentum Methods from Mini to Minimax Optimization. Feihu Huang; Shangqian Gao; Jian Pei; Heng Huang http://arxiv.org/abs/2008.07651 A Deep Dive into Adversarial Robustness in Zero-Shot Learning. Mehmet Kerim Yucel; Ramazan Gokberk Cinbis; Pinar Duygulu http://arxiv.org/abs/2008.07685 Adversarial Attack and Defense Strategies for Deep Speaker Recognition Systems. Arindam Jati; Chin-Cheng Hsu; Monisankha Pal; Raghuveer Peri; Wael AbdAlmageed; Shrikanth Narayanan http://arxiv.org/abs/2008.07125 Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection. Luca Demetrio; Scott E. Coull; Battista Biggio; Giovanni Lagorio; Alessandro Armando; Fabio Roli http://arxiv.org/abs/2008.07230 Robustness Verification of Quantum Classifiers. (81%) Ji Guan; Wang Fang; Mingsheng Ying http://arxiv.org/abs/2008.06860 TextDecepter: Hard Label Black Box Attack on Text Classifiers. Sachin Saxena http://arxiv.org/abs/2008.07015 Adversarial Concurrent Training: Optimizing Robustness and Accuracy Trade-off of Deep Neural Networks. Elahe Arani; Fahad Sarfraz; Bahram Zonooz http://arxiv.org/abs/2008.06822 Relevance Attack on Detectors. Sizhe Chen; Fan He; Xiaolin Huang; Kun Zhang http://arxiv.org/abs/2008.06199 Defending Adversarial Attacks without Adversarial Attacks in Deep Reinforcement Learning. Xinghua Qu; Yew-Soon Ong; Abhishek Gupta; Zhu Sun http://arxiv.org/abs/2008.06631 On the Generalization Properties of Adversarial Training. Yue Xing; Qifan Song; Guang Cheng http://arxiv.org/abs/2009.05107 Generating Image Adversarial Examples by Embedding Digital Watermarks. Yuexin Xiang; Tiantian Li; Wei Ren; Tianqing Zhu; Kim-Kwang Raymond Choo http://arxiv.org/abs/2008.06081 Adversarial Training and Provable Robustness: A Tale of Two Objectives. Jiameng Fan; Wenchao Li http://arxiv.org/abs/2008.06069 Semantically Adversarial Learnable Filters. Ali Shahin Shamsabadi; Changjae Oh; Andrea Cavallaro http://arxiv.org/abs/2008.07369 Continuous Patrolling Games. (45%) Steve Alpern; Thuy Bui; Thomas Lidbetter; Katerina Papadaki http://arxiv.org/abs/2008.05247 Learning to Learn from Mistakes: Robust Optimization for Adversarial Noise. Alex Serban; Erik Poll; Joost Visser http://arxiv.org/abs/2008.05230 Defending Adversarial Examples via DNN Bottleneck Reinforcement. Wenqing Liu; Miaojing Shi; Teddy Furon; Li Li http://arxiv.org/abs/2008.05667 Feature Binding with Category-Dependant MixUp for Semantic Segmentation and Adversarial Robustness. Md Amirul Islam; Matthew Kowal; Konstantinos G. Derpanis; Neil D. B. Bruce http://arxiv.org/abs/2008.05536 Semantics-preserving adversarial attacks in NLP. Rahul Singh; Tarun Joshi; Vijayan N. Nair; Agus Sudjianto http://arxiv.org/abs/2008.04876 Revisiting Adversarially Learned Injection Attacks Against Recommender Systems. Jiaxi Tang; Hongyi Wen; Ke Wang http://arxiv.org/abs/2008.04254 Informative Dropout for Robust Representation Learning: A Shape-bias Perspective. Baifeng Shi; Dinghuai Zhang; Qi Dai; Zhanxing Zhu; Yadong Mu; Jingdong Wang http://arxiv.org/abs/2008.04203 FireBERT: Hardening BERT-based classifiers against adversarial attack. Gunnar Mein; Kevin Hartman; Andrew Morris http://arxiv.org/abs/2008.03677 Enhancing Robustness Against Adversarial Examples in Network Intrusion Detection Systems. Mohammad J. Hashemi; Eric Keller http://arxiv.org/abs/2008.03709 Adversarial Training with Fast Gradient Projection Method against Synonym Substitution based Text Attacks. Xiaosen Wang; Yichen Yang; Yihe Deng; Kun He http://arxiv.org/abs/2008.03609 Enhance CNN Robustness Against Noises for Classification of 12-Lead ECG with Variable Length. Linhai Ma; Liang Liang http://arxiv.org/abs/2008.10356 Visual Attack and Defense on Text. Shengjun Liu; Ningkang Jiang; Yuanbin Wu http://arxiv.org/abs/2008.03072 Optimizing Information Loss Towards Robust Neural Networks. Philip Sperl; Konstantin Böttinger http://arxiv.org/abs/2008.04094 Adversarial Examples on Object Recognition: A Comprehensive Survey. Alex Serban; Erik Poll; Joost Visser http://arxiv.org/abs/2008.02883 Stronger and Faster Wasserstein Adversarial Attacks. Kaiwen Wu; Allen Houze Wang; Yaoliang Yu http://arxiv.org/abs/2008.02965 Improve Generalization and Robustness of Neural Networks via Weight Scale Shifting Invariant Regularizations. Ziquan Liu; Yufei Cui; Antoni B. Chan http://arxiv.org/abs/2008.02197 One word at a time: adversarial attacks on retrieval models. Nisarg Raval; Manisha Verma http://arxiv.org/abs/2008.01976 Robust Deep Reinforcement Learning through Adversarial Loss. Tuomas Oikarinen; Wang Zhang; Alexandre Megretski; Luca Daniel; Tsui-Wei Weng http://arxiv.org/abs/2008.01919 Adv-watermark: A Novel Watermark Perturbation for Adversarial Examples. Xiaojun Jia; Xingxing Wei; Xiaochun Cao; Xiaoguang Han http://arxiv.org/abs/2008.01524 TREND: Transferability based Robust ENsemble Design. Deepak Ravikumar; Sangamesh Kodge; Isha Garg; Kaushik Roy http://arxiv.org/abs/2008.01761 Can Adversarial Weight Perturbations Inject Neural Backdoors? Siddhant Garg; Adarsh Kumar; Vibhor Goel; Yingyu Liang http://arxiv.org/abs/2008.01786 Entropy Guided Adversarial Model for Weakly Supervised Object Localization. Sabrina Narimene Benassou; Wuzhen Shi; Feng Jiang http://arxiv.org/abs/2008.01219 Hardware Accelerator for Adversarial Attacks on Deep Learning Neural Networks. Haoqiang Guo; Lu Peng; Jian Zhang; Fang Qi; Lide Duan http://arxiv.org/abs/2008.00698 Anti-Bandit Neural Architecture Search for Model Defense. Hanlin Chen; Baochang Zhang; Song Xue; Xuan Gong; Hong Liu; Rongrong Ji; David Doermann http://arxiv.org/abs/2008.00217 Efficient Adversarial Attacks for Visual Object Tracking. Siyuan Liang; Xingxing Wei; Siyuan Yao; Xiaochun Cao http://arxiv.org/abs/2008.00312 Trojaning Language Models for Fun and Profit. Xinyang Zhang; Zheng Zhang; Shouling Ji; Ting Wang http://arxiv.org/abs/2008.00138 Vulnerability Under Adversarial Machine Learning: Bias or Variance? Hossein Aboutalebi; Mohammad Javad Shafiee; Michelle Karg; Christian Scharfenberger; Alexander Wong http://arxiv.org/abs/2007.16118 Physical Adversarial Attack on Vehicle Detector in the Carla Simulator. Tong Wu; Xuefei Ning; Wenshuo Li; Ranran Huang; Huazhong Yang; Yu Wang http://arxiv.org/abs/2007.16204 Adversarial Attacks with Multiple Antennas Against Deep Learning-Based Modulation Classifiers. Brian Kim; Yalin E. Sagduyu; Tugba Erpek; Kemal Davaslioglu; Sennur Ulukus http://arxiv.org/abs/2007.15836 TEAM: We Need More Powerful Adversarial Examples for DNNs. Yaguan Qian; Ximin Zhang; Bin Wang; Wei Li; Zhaoquan Gu; Haijiang Wang; Wassim Swaileh http://arxiv.org/abs/2007.15310 Black-box Adversarial Sample Generation Based on Differential Evolution. Junyu Lin; Lei Xu; Yingqi Liu; Xiangyu Zhang http://arxiv.org/abs/2007.15290 A Data Augmentation-based Defense Method Against Adversarial Attacks in Neural Networks. Yi Zeng; Han Qiu; Gerard Memmi; Meikang Qiu http://arxiv.org/abs/2007.15805 vWitness: Certifying Web Page Interactions with Computer Vision. (83%) He Shuang; Lianying Zhao; David Lie http://arxiv.org/abs/2007.14714 End-to-End Adversarial White Box Attacks on Music Instrument Classification. Katharina Johannes Kepler University Linz Prinz; Arthur Johannes Kepler University Linz Flexer http://arxiv.org/abs/2007.14983 Adversarial Robustness for Machine Learning Cyber Defenses Using Log Data. Kai Steverson; Jonathan Mullin; Metin Ahiskali http://arxiv.org/abs/2007.15036 Generative Classifiers as a Basis for Trustworthy Computer Vision. Radek Mackowiak; Lynton Ardizzone; Ullrich Köthe; Carsten Rother http://arxiv.org/abs/2007.14672 Stylized Adversarial Defense. Muzammal Naseer; Salman Khan; Munawar Hayat; Fahad Shahbaz Khan; Fatih Porikli http://arxiv.org/abs/2007.15147 Detecting Anomalous Inputs to DNN Classifiers By Joint Statistical Testing at the Layers. Jayaram Raghuram; Varun Chandrasekaran; Somesh Jha; Suman Banerjee http://arxiv.org/abs/2007.14433 Cassandra: Detecting Trojaned Networks from Adversarial Perturbations. Xiaoyu Zhang; Ajmal Mian; Rohit Gupta; Nazanin Rahnavard; Mubarak Shah http://arxiv.org/abs/2007.14042 Derivation of Information-Theoretically Optimal Adversarial Attacks with Applications to Robust Machine Learning. Jirong Yi; Raghu Mudumbai; Weiyu Xu http://arxiv.org/abs/2007.14120 Reachable Sets of Classifiers and Regression Models: (Non-)Robustness Analysis and Robust Training. Anna-Kathrin Kopetzki; Stephan Günnemann http://arxiv.org/abs/2007.14321 Label-Only Membership Inference Attacks. Christopher A. Choquette-Choo; Florian Tramer; Nicholas Carlini; Nicolas Papernot http://arxiv.org/abs/2008.02076 Attacking and Defending Machine Learning Applications of Public Cloud. Dou Goodman; Hao Xin http://arxiv.org/abs/2007.13960 KOVIS: Keypoint-based Visual Servoing with Zero-Shot Sim-to-Real Transfer for Robotics Manipulation. En Yen Puang; Keng Peng Tee; Wei Jing http://arxiv.org/abs/2007.13703 From Sound Representation to Model Robustness. Mohamad Esmaeilpour; Patrick Cardinal; Alessandro Lameiras Koerich http://arxiv.org/abs/2007.13632 Towards Accuracy-Fairness Paradox: Adversarial Example-based Data Augmentation for Visual Debiasing. Yi Zhang; Jitao Sang http://arxiv.org/abs/2007.14249 RANDOM MASK: Towards Robust Convolutional Neural Networks. Tiange Luo; Tianle Cai; Mengxiao Zhang; Siyu Chen; Liwei Wang http://arxiv.org/abs/2007.13073 Robust Collective Classification against Structural Attacks. Kai Zhou; Yevgeniy Vorobeychik http://arxiv.org/abs/2007.13171 Train Like a (Var)Pro: Efficient Training of Neural Networks with Variable Projection. (1%) Elizabeth Newman; Lars Ruthotto; Joseph Hart; Bart van Bloemen Waanders http://arxiv.org/abs/2007.12881 MirrorNet: Bio-Inspired Adversarial Attack for Camouflaged Object Segmentation. Jinnan Yan; Trung-Nghia Le; Khanh-Duy Nguyen; Minh-Triet Tran; Thanh-Toan Do; Tam V. Nguyen http://arxiv.org/abs/2007.12861 Adversarial Privacy-preserving Filter. Jiaming Zhang; Jitao Sang; Xian Zhao; Xiaowen Huang; Yanfeng Sun; Yongli Hu http://arxiv.org/abs/2007.12892 MP3 Compression To Diminish Adversarial Noise in End-to-End Speech Recognition. Iustina Andronic; Ludwig Kürzinger; Edgar Ricardo Chavez Rosas; Gerhard Rigoll; Bernhard U. Seeber http://arxiv.org/abs/2007.12684 Deep Co-Training with Task Decomposition for Semi-Supervised Domain Adaptation. (1%) Luyu Yang; Yan Wang; Mingfei Gao; Abhinav Shrivastava; Kilian Q. Weinberger; Wei-Lun Chao; Ser-Nam Lim http://arxiv.org/abs/2007.12133 Provably Robust Adversarial Examples. Dimitar I. Dimitrov; Gagandeep Singh; Timon Gehr; Martin Vechev http://arxiv.org/abs/2007.11206 SOCRATES: Towards a Unified Platform for Neural Network Verification. Long H. Pham; Jiaying Li; Jun Sun http://arxiv.org/abs/2007.11259 Adversarial Training Reduces Information and Improves Transferability. Matteo Terzi; Alessandro Achille; Marco Maggipinto; Gian Antonio Susto http://arxiv.org/abs/2007.11693 Robust Machine Learning via Privacy/Rate-Distortion Theory. Ye Wang; Shuchin Aeron; Adnan Siraj Rakin; Toshiaki Koike-Akino; Pierre Moulin http://arxiv.org/abs/2007.11709 Threat of Adversarial Attacks on Face Recognition: A Comprehensive Survey. Fatemeh Vakhshiteh; Raghavendra Ramachandra; Ahmad Nickabadi http://arxiv.org/abs/2007.10723 Audio Adversarial Examples for Robust Hybrid CTC/Attention Speech Recognition. Ludwig Kürzinger; Edgar Ricardo Chavez Rosas; Lujun Li; Tobias Watzel; Gerhard Rigoll http://arxiv.org/abs/2007.10593 Towards Visual Distortion in Black-Box Attacks. Nannan Li; Zhenzhong Chen http://arxiv.org/abs/2007.10505 DeepNNK: Explaining deep models and their generalization using polytope interpolation. Sarath Shekkizhar; Antonio Ortega http://arxiv.org/abs/2007.09916 Evaluating a Simple Retraining Strategy as a Defense Against Adversarial Attacks. Nupur Thakur; Yuzhen Ding; Baoxin Li http://arxiv.org/abs/2007.09919 Robust Tracking against Adversarial Attacks. Shuai Jia; Chao Ma; Yibing Song; Xiaokang Yang http://arxiv.org/abs/2007.10868 Scaling Polyhedral Neural Network Verification on GPUs. Christoph Müller; François Serre; Gagandeep Singh; Markus Püschel; Martin Vechev http://arxiv.org/abs/2007.10485 AdvFoolGen: Creating Persistent Troubles for Deep Classifiers. Yuzhen Ding; Nupur Thakur; Baoxin Li http://arxiv.org/abs/2007.09592 Semantic Equivalent Adversarial Data Augmentation for Visual Question Answering. Ruixue Tang; Chao Ma; Wei Emma Zhang; Qi Wu; Xiaokang Yang http://arxiv.org/abs/2007.09766 Exploiting vulnerabilities of deep neural networks for privacy protection. Ricardo Sanchez-Matilla; Chau Yi Li; Ali Shahin Shamsabadi; Riccardo Mazzon; Andrea Cavallaro http://arxiv.org/abs/2007.09763 Connecting the Dots: Detecting Adversarial Perturbations Using Context Inconsistency. Shasha Li; Shitong Zhu; Sudipta Paul; Amit Roy-Chowdhury; Chengyu Song; Srikanth Krishnamurthy; Ananthram Swami; Kevin S Chan http://arxiv.org/abs/2007.09647 Adversarial Immunization for Improving Certifiable Robustness on Graphs. Shuchang Tao; Huawei Shen; Qi Cao; Liang Hou; Xueqi Cheng http://arxiv.org/abs/2007.09431 DDR-ID: Dual Deep Reconstruction Networks Based Image Decomposition for Anomaly Detection. Dongyun Lin; Yiqun Li; Shudong Xie; Tin Lay Nwe; Sheng Dong http://arxiv.org/abs/2007.09327 Towards Quantum-Secure Authentication and Key Agreement via Abstract Multi-Agent Interaction. (1%) Ibrahim H. Ahmed; Josiah P. Hanna; Elliot Fosong; Stefano V. Albrecht http://arxiv.org/abs/2007.10812 Anomaly Detection in Unsupervised Surveillance Setting Using Ensemble of Multimodal Data with Adversarial Defense. Sayeed Shafayet Chowdhury; Kaji Mejbaul Islam; Rouhan Noor http://arxiv.org/abs/2007.09200 Neural Networks with Recurrent Generative Feedback. Yujia Huang; James Gornet; Sihui Dai; Zhiding Yu; Tan Nguyen; Doris Y. Tsao; Anima Anandkumar http://arxiv.org/abs/2007.08716 Understanding and Diagnosing Vulnerability under Adversarial Attacks. Haizhong Zheng; Ziqi Zhang; Honglak Lee; Atul Prakash http://arxiv.org/abs/2007.08714 Transfer Learning without Knowing: Reprogramming Black-box Machine Learning Models with Scarce Data and Limited Resources. Yun-Yun Tsai; Pin-Yu Chen; Tsung-Yi Ho http://arxiv.org/abs/2007.12625 Accelerated Stochastic Gradient-free and Projection-free Methods. Feihu Huang; Lue Tao; Songcan Chen http://arxiv.org/abs/2007.08473 Provable Worst Case Guarantees for the Detection of Out-of-Distribution Data. Julian Bitterwolf; Alexander Meinke; Matthias Hein http://arxiv.org/abs/2007.08428 An Empirical Study on the Robustness of NAS based Architectures. Chaitanya Devaguptapu; Devansh Agarwal; Gaurav Mittal; Vineeth N Balasubramanian http://arxiv.org/abs/2007.08489 Do Adversarially Robust ImageNet Models Transfer Better? Hadi Salman; Andrew Ilyas; Logan Engstrom; Ashish Kapoor; Aleksander Madry http://arxiv.org/abs/2007.08450 Learning perturbation sets for robust machine learning. Eric Wong; J. Zico Kolter http://arxiv.org/abs/2007.08558 On Robustness and Transferability of Convolutional Neural Networks. (1%) Josip Djolonga; Jessica Yung; Michael Tschannen; Rob Romijnders; Lucas Beyer; Alexander Kolesnikov; Joan Puigcerver; Matthias Minderer; Alexander D'Amour; Dan Moldovan; Sylvain Gelly; Neil Houlsby; Xiaohua Zhai; Mario Lucic http://arxiv.org/abs/2007.08319 Less is More: A privacy-respecting Android malware classifier using Federated Learning. (1%) Rafa Gálvez; Veelasha Moonsamy; Claudia Diaz http://arxiv.org/abs/2007.07646 A Survey of Privacy Attacks in Machine Learning. Maria Rigaki; Sebastian Garcia http://arxiv.org/abs/2007.08520 Accelerating Robustness Verification of Deep Neural Networks Guided by Target Labels. Wenjie Wan; Zhaodi Zhang; Yiwei Zhu; Min Zhang; Fu Song http://arxiv.org/abs/2007.08041 A Survey on Security Attacks and Defense Techniques for Connected and Autonomous Vehicles. Minh Pham; Kaiqi Xiong http://arxiv.org/abs/2007.10115 Towards robust sensing for Autonomous Vehicles: An adversarial perspective. Apostolos Modas; Ricardo Sanchez-Matilla; Pascal Frossard; Andrea Cavallaro http://arxiv.org/abs/2007.07176 Robustifying Reinforcement Learning Agents via Action Space Adversarial Training. Kai Liang Tan; Yasaman Esfandiari; Xian Yeow Lee; Aakanksha; Soumik Sarkar http://arxiv.org/abs/2007.06803 Bounding The Number of Linear Regions in Local Area for Neural Networks with ReLU Activations. Rui Zhu; Bo Lin; Haixu Tang http://arxiv.org/abs/2007.07236 Multitask Learning Strengthens Adversarial Robustness. Chengzhi Mao; Amogh Gupta; Vikram Nitin; Baishakhi Ray; Shuran Song; Junfeng Yang; Carl Vondrick http://arxiv.org/abs/2007.06993 Adversarial Examples and Metrics. Nico Döttling; Kathrin Grosse; Michael Backes; Ian Molloy http://arxiv.org/abs/2007.07435 AdvFlow: Inconspicuous Black-box Adversarial Attacks using Normalizing Flows. Hadi M. Dolatabadi; Sarah Erfani; Christopher Leckie http://arxiv.org/abs/2007.07097 Pasadena: Perceptually Aware and Stealthy Adversarial Denoise Attack. Yupeng Cheng; Qing Guo; Felix Juefei-Xu; Wei Feng; Shang-Wei Lin; Weisi Lin; Yang Liu http://arxiv.org/abs/2007.07001 Adversarial Attacks against Neural Networks in Audio Domain: Exploiting Principal Components. Ken Alparslan; Yigit Alparslan; Matthew Burlick http://arxiv.org/abs/2007.07365 Towards a Theoretical Understanding of the Robustness of Variational Autoencoders. Alexander Camuto; Matthew Willetts; Stephen Roberts; Chris Holmes; Tom Rainforth http://arxiv.org/abs/2007.06381 A simple defense against adversarial attacks on heatmap explanations. Laura Rieger; Lars Kai Hansen http://arxiv.org/abs/2007.06189 Understanding Adversarial Examples from the Mutual Influence of Images and Perturbations. Chaoning Zhang; Philipp Benz; Tooba Imtiaz; In-So Kweon http://arxiv.org/abs/2007.06555 Adversarial robustness via robust low rank representations. Pranjal Awasthi; Himanshu Jain; Ankit Singh Rawat; Aravindan Vijayaraghavan http://arxiv.org/abs/2007.07205 Security and Machine Learning in the Real World. Ivan Evtimov; Weidong Cui; Ece Kamar; Emre Kiciman; Tadayoshi Kohno; Jerry Li http://arxiv.org/abs/2007.07210 Hard Label Black-box Adversarial Attacks in Low Query Budget Regimes. Satya Narayan Shukla; Anit Kumar Sahu; Devin Willmott; J. Zico Kolter http://arxiv.org/abs/2007.06796 Calling Out Bluff: Attacking the Robustness of Automatic Scoring Systems with Simple Adversarial Testing. Yaman Kumar; Mehar Bhatia; Anubha Kabra; Jessy Junyi Li; Di Jin; Rajiv Ratn Shah http://arxiv.org/abs/2007.06622 SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems. Hadi Abdullah; Kevin Warren; Vincent Bindschaedler; Nicolas Papernot; Patrick Traynor http://arxiv.org/abs/2007.06765 Patch-wise Attack for Fooling Deep Neural Network. Lianli Gao; Qilong Zhang; Jingkuan Song; Xianglong Liu; Heng Tao Shen http://arxiv.org/abs/2007.06174 Generating Fluent Adversarial Examples for Natural Languages. Huangzhao Zhang; Hao Zhou; Ning Miao; Lei Li http://arxiv.org/abs/2007.06055 Adversarial jamming attacks and defense strategies via adaptive deep reinforcement learning. Feng Wang; Chen Zhong; M. Cenk Gursoy; Senem Velipasalar http://arxiv.org/abs/2007.06032 Probabilistic Jacobian-based Saliency Maps Attacks. Théo Combey; António Loison; Maxime Faucher; Hatem Hajri http://arxiv.org/abs/2007.05828 Understanding Object Detection Through An Adversarial Lens. Ka-Ho Chow; Ling Liu; Mehmet Emre Gursoy; Stacey Truex; Wenqi Wei; Yanzhao Wu http://arxiv.org/abs/2007.05817 ManiGen: A Manifold Aided Black-box Generator of Adversarial Examples. Guanxiong Liu; Issa Khalil; Abdallah Khreishah; Abdulelah Algosaibi; Adel Aldalbahi; Mohammed Alaneem; Abdulaziz Alhumam; Mohammed Anan http://arxiv.org/abs/2007.05869 Adversarially-Trained Deep Nets Transfer Better: Illustration on Image Classification. (15%) Francisco Utrera; Evan Kravitz; N. Benjamin Erichson; Rajiv Khanna; Michael W. Mahoney http://arxiv.org/abs/2007.05573 Improved Detection of Adversarial Images Using Deep Neural Networks. Yutong Gao; Yi Pan http://arxiv.org/abs/2007.05225 Miss the Point: Targeted Adversarial Attack on Multiple Landmark Detection. Qingsong Yao; Zecheng He; Hu Han; S. Kevin Zhou http://arxiv.org/abs/2007.05315 Generating Adversarial Inputs Using A Black-box Differential Technique. João Batista Pereira Matos Juúnior; Lucas Carvalho Cordeiro; Marcelo d'Amorim; Xiaowei Huang http://arxiv.org/abs/2007.05123 Improving Adversarial Robustness by Enforcing Local and Global Compactness. Anh Bui; Trung Le; He Zhao; Paul Montague; Olivier deVel; Tamas Abraham; Dinh Phung http://arxiv.org/abs/2007.05086 Boundary thickness and robustness in learning models. Yaoqing Yang; Rajiv Khanna; Yaodong Yu; Amir Gholami; Kurt Keutzer; Joseph E. Gonzalez; Kannan Ramchandran; Michael W. Mahoney http://arxiv.org/abs/2007.06704 Node Copying for Protection Against Graph Neural Network Topology Attacks. Florence Regol; Soumyasundar Pal; Mark Coates http://arxiv.org/abs/2007.04564 Efficient detection of adversarial images. Darpan Kumar Yadav; Kartik Mundra; Rahul Modpur; Arpan Chattopadhyay; Indra Narayan Kar http://arxiv.org/abs/2007.04028 How benign is benign overfitting? Amartya Sanyal; Puneet K Dokania; Varun Kanade; Philip H. S. Torr http://arxiv.org/abs/2007.04137 SLAP: Improving Physical Adversarial Examples with Short-Lived Adversarial Perturbations. Giulio Lovisotto; Henry Turner; Ivo Sluganovic; Martin Strohmeier; Ivan Martinovic http://arxiv.org/abs/2007.04118 RobFR: Benchmarking Adversarial Robustness on Face Recognition. Xiao Yang; Dingcheng Yang; Yinpeng Dong; Hang Su; Wenjian Yu; Jun Zhu http://arxiv.org/abs/2007.04391 A Critical Evaluation of Open-World Machine Learning. Liwei Song; Vikash Sehwag; Arjun Nitin Bhagoji; Prateek Mittal http://arxiv.org/abs/2007.04440 On the relationship between class selectivity, dimensionality, and robustness. Matthew L. Leavitt; Ari S. Morcos http://arxiv.org/abs/2007.04472 Evaluation of Adversarial Training on Different Types of Neural Networks in Deep Learning-based IDSs. Rana Abou Khamis; Ashraf Matrawy http://arxiv.org/abs/2007.03244 Robust Learning with Frequency Domain Regularization. Weiyu Guo; Yidong Ouyang http://arxiv.org/abs/2007.03198 Regional Image Perturbation Reduces $L_p$ Norms of Adversarial Examples While Maintaining Model-to-model Transferability. Utku Ozbulak; Jonathan Peck; Neve Wesley De; Bart Goossens; Yvan Saeys; Messem Arnout Van http://arxiv.org/abs/2007.03832 Fast Training of Deep Neural Networks Robust to Adversarial Perturbations. Justin Goodwin; Olivia Brown; Victoria Helus http://arxiv.org/abs/2007.03838 Making Adversarial Examples More Transferable and Indistinguishable. Junhua Zou; Yexin Duan; Boyu Li; Wu Zhang; Yu Pan; Zhisong Pan http://arxiv.org/abs/2007.03730 Detection as Regression: Certified Object Detection by Median Smoothing. Ping-yeh Chiang; Michael J. Curry; Ahmed Abdelkader; Aounon Kumar; John Dickerson; Tom Goldstein http://arxiv.org/abs/2007.02771 Certifying Decision Trees Against Evasion Attacks by Program Analysis. Stefano Calzavara; Pietro Ferrara; Claudio Lucchese http://arxiv.org/abs/2007.02650 On Data Augmentation and Adversarial Risk: An Empirical Analysis. Hamid Eghbal-zadeh; Khaled Koutini; Paul Primus; Verena Haunschmid; Michal Lewandowski; Werner Zellinger; Bernhard A. Moser; Gerhard Widmer http://arxiv.org/abs/2007.02617 Understanding and Improving Fast Adversarial Training. Maksym Andriushchenko; Nicolas Flammarion http://arxiv.org/abs/2007.02734 Black-box Adversarial Example Generation with Normalizing Flows. Hadi M. Dolatabadi; Sarah Erfani; Christopher Leckie http://arxiv.org/abs/2007.02407 Adversarial Learning in the Cyber Security Domain. Ihai Rosenberg; Asaf Shabtai; Yuval Elovici; Lior Rokach http://arxiv.org/abs/2007.02209 On Connections between Regularizations for Improving DNN Robustness. Yiwen Guo; Long Chen; Yurong Chen; Changshui Zhang http://arxiv.org/abs/2007.02047 Relationship between manifold smoothness and adversarial vulnerability in deep learning with local errors. Zijian Jiang; Jianwen Zhou; Haiping Huang http://arxiv.org/abs/2007.02196 Deep Active Learning via Open Set Recognition. (1%) Jaya Krishna Mandivarapu; Blake Camp; Rolando Estrada http://arxiv.org/abs/2007.01507 Towards Robust Deep Learning with Ensemble Networks and Noisy Layers. Yuting Liang; Reza Samavi http://arxiv.org/abs/2007.01003 Efficient Proximal Mapping of the 1-path-norm of Shallow Networks. Fabian Latorre; Paul Rolland; Nadav Hallak; Volkan Cevher http://arxiv.org/abs/2007.01017 Deep Learning Defenses Against Adversarial Examples for Dynamic Risk Assessment. Xabier Echeberria-Barrio; Amaia Gil-Lerchundi; Ines Goicoechea-Telleria; Raul Orduna-Urrutia http://arxiv.org/abs/2007.01356 Decoder-free Robustness Disentanglement without (Additional) Supervision. Yifei Wang; Dan Peng; Furui Liu; Zhenguo Li; Zhitang Chen; Jiansheng Yang http://arxiv.org/abs/2007.01472 Increasing Trustworthiness of Deep Neural Networks via Accuracy Monitoring. Zhihui Shao; Jianyi Yang; Shaolei Ren http://arxiv.org/abs/2007.01855 Trace-Norm Adversarial Examples. Ehsan Kazemi; Thomas Kerdreux; Liqiang Wang http://arxiv.org/abs/2007.01299 Generating Adversarial Examples withControllable Non-transferability. Renzhi Wang; Tianwei Zhang; Xiaofei Xie; Lei Ma; Cong Tian; Felix Juefei-Xu; Yang Liu http://arxiv.org/abs/2007.00251 Unifying Model Explainability and Robustness via Machine-Checkable Concepts. Vedant Nanda; Till Speicher; John P. Dickerson; Krishna P. Gummadi; Muhammad Bilal Zafar http://arxiv.org/abs/2007.00644 Measuring Robustness to Natural Distribution Shifts in Image Classification. Rohan Taori; Achal Dave; Vaishaal Shankar; Nicholas Carlini; Benjamin Recht; Ludwig Schmidt http://arxiv.org/abs/2007.00337 Determining Sequence of Image Processing Technique (IPT) to Detect Adversarial Attacks. Kishor Datta Gupta; Dipankar Dasgupta; Zahid Akhtar http://arxiv.org/abs/2007.00806 Query-Free Adversarial Transfer via Undertrained Surrogates. Chris Miller; Soroush Vosoughi http://arxiv.org/abs/2007.00720 Adversarial Example Games. Avishek Joey Bose; Gauthier Gidel; Hugo Berard; Andre Cianflone; Pascal Vincent; Simon Lacoste-Julien; William L. Hamilton http://arxiv.org/abs/2007.00772 Robustness against Relational Adversary. Yizhen Wang; Xiaozhu Meng; Ke Wang; Mihai Christodorescu; Somesh Jha http://arxiv.org/abs/2007.00289 A Le Cam Type Bound for Adversarial Learning and Applications. Qiuling Xu; Kevin Bello; Jean Honorio http://arxiv.org/abs/2007.00753 Opportunities and Challenges in Deep Learning Adversarial Robustness: A Survey. Samuel Henrique Silva; Peyman Najafirad http://arxiv.org/abs/2006.16974 Towards Robust LiDAR-based Perception in Autonomous Driving: General Black-box Adversarial Sensor Attack and Countermeasures. Jiachen Sun; Yulong Cao; Qi Alfred Chen; Z. Morley Mao http://arxiv.org/abs/2006.16545 Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection. Deqiang Li; Qianmu Li http://arxiv.org/abs/2006.16520 Black-box Certification and Learning under Adversarial Perturbations. Hassan Ashtiani; Vinayak Pathak; Ruth Urner http://arxiv.org/abs/2007.00147 Neural Network Virtual Sensors for Fuel Injection Quantities with Provable Performance Specifications. Eric Wong; Tim Schneider; Joerg Schmitt; Frank R. Schmidt; J. Zico Kolter http://arxiv.org/abs/2007.00146 Generating Adversarial Examples with an Optimized Quality. Aminollah Khormali; DaeHun Nyang; David Mohaisen http://arxiv.org/abs/2006.16055 Harnessing Adversarial Distances to Discover High-Confidence Errors. Walter Bennette; Karsten Maurer; Sean Sisti http://arxiv.org/abs/2006.16384 Sharp Statistical Guarantees for Adversarially Robust Gaussian Classification. Chen Dan; Yuting Wei; Pradeep Ravikumar http://arxiv.org/abs/2006.16179 Legal Risks of Adversarial Machine Learning Research. Ram Shankar Siva Kumar; Jonathon Penney; Bruce Schneier; Kendra Albert http://arxiv.org/abs/2006.16427 Biologically Inspired Mechanisms for Adversarial Robustness. Manish V. Reddy; Andrzej Banburski; Nishka Pant; Tomaso Poggio http://arxiv.org/abs/2006.16375 Improving Uncertainty Estimates through the Relationship with Adversarial Robustness. Yao Qin; Xuezhi Wang; Alex Beutel; Ed H. Chi http://arxiv.org/abs/2006.15632 FDA3 : Federated Defense Against Adversarial Attacks for Cloud-Based IIoT Applications. Yunfei Song; Tian Liu; Tongquan Wei; Xiangfeng Wang; Zhe Tao; Mingsong Chen http://arxiv.org/abs/2006.15669 Geometry-Inspired Top-k Adversarial Perturbations. Nurislam Tursynbek; Aleksandr Petiushko; Ivan Oseledets http://arxiv.org/abs/2006.14856 Orthogonal Deep Models As Defense Against Black-Box Attacks. Mohammad A. A. K. Jalwana; Naveed Akhtar; Mohammed Bennamoun; Ajmal Mian http://arxiv.org/abs/2006.15207 Informative Outlier Matters: Robustifying Out-of-distribution Detection Using Outlier Mining. Jiefeng Chen; Yixuan Li; Xi Wu; Yingyu Liang; Somesh Jha http://arxiv.org/abs/2006.15127 Diverse Knowledge Distillation (DKD): A Solution for Improving The Robustness of Ensemble Models Against Adversarial Attacks. Ali Mirzaeian; Jana Kosecka; Houman Homayoun; Tinoosh Mohsenin; Avesta Sasan http://arxiv.org/abs/2006.14871 Can We Mitigate Backdoor Attack Using Adversarial Detection Methods? Kaidi Jin; Tianwei Zhang; Chao Shen; Yufei Chen; Ming Fan; Chenhao Lin; Ting Liu http://arxiv.org/abs/2006.14536 Smooth Adversarial Training. Cihang Xie; Mingxing Tan; Boqing Gong; Alan Yuille; Quoc V. Le http://arxiv.org/abs/2006.14748 Proper Network Interpretability Helps Adversarial Robustness in Classification. Akhilan Boopathy; Sijia Liu; Gaoyuan Zhang; Cynthia Liu; Pin-Yu Chen; Shiyu Chang; Luca Daniel http://arxiv.org/abs/2006.14512 Uncovering the Connections Between Adversarial Transferability and Knowledge Transferability. Kaizhao Liang; Jacky Y. Zhang; Boxin Wang; Zhuolin Yang; Oluwasanmi Koyejo; Bo Li http://arxiv.org/abs/2006.14655 Can 3D Adversarial Logos Cloak Humans? Yi Wang; Jingyang Zhou; Tianlong Chen; Sijia Liu; Shiyu Chang; Chandrajit Bajaj; Zhangyang Wang http://arxiv.org/abs/2006.13555 Defending against adversarial attacks on medical imaging AI system, classification or detection? Xin Li; Deng Pan; Dongxiao Zhu http://arxiv.org/abs/2006.14032 Compositional Explanations of Neurons. Jesse Mu; Jacob Andreas http://arxiv.org/abs/2006.14042 Blacklight: Defending Black-Box Adversarial Attacks on Deep Neural Networks. Huiying Li; Shawn Shan; Emily Wenger; Jiayun Zhang; Haitao Zheng; Ben Y. Zhao http://arxiv.org/abs/2006.13726 Imbalanced Gradients: A Subtle Cause of Overestimated Adversarial Robustness. Xingjun Ma; Linxi Jiang; Hanxun Huang; Zejia Weng; James Bailey; Yu-Gang Jiang http://arxiv.org/abs/2006.12792 RayS: A Ray Searching Method for Hard-label Adversarial Attack. Jinghui Chen; Quanquan Gu http://arxiv.org/abs/2006.12834 Sparse-RS: a versatile framework for query-efficient sparse black-box adversarial attacks. Francesco Croce; Maksym Andriushchenko; Naman D. Singh; Nicolas Flammarion; Matthias Hein http://arxiv.org/abs/2006.13192 Adversarial Robustness of Deep Sensor Fusion Models. Shaojie Wang; Tong Wu; Ayan Chakrabarti; Yevgeniy Vorobeychik http://arxiv.org/abs/2006.12135 Learning to Generate Noise for Multi-Attack Robustness. Divyam Madaan; Jinwoo Shin; Sung Ju Hwang http://arxiv.org/abs/2006.12655 Perceptual Adversarial Robustness: Defense Against Unseen Threat Models. Cassidy Laidlaw; Sahil Singla; Soheil Feizi http://arxiv.org/abs/2006.11776 Network Moments: Extensions and Sparse-Smooth Attacks. Modar Alfadly; Adel Bibi; Emilio Botero; Salman Alsubaihi; Bernard Ghanem http://arxiv.org/abs/2006.11604 How do SGD hyperparameters in natural training affect adversarial robustness? Sandesh Kamath; Amit Deshpande; K V Subrahmanyam http://arxiv.org/abs/2006.11627 Defense against Adversarial Attacks in NLP via Dirichlet Neighborhood Ensemble. Yi Zhou; Xiaoqing Zheng; Cho-Jui Hsieh; Kai-wei Chang; Xuanjing Huang http://arxiv.org/abs/2006.11561 Stochastic Shortest Path with Adversarially Changing Costs. (1%) Aviv Rosenberg; Yishay Mansour http://arxiv.org/abs/2006.11440 Local Convolutions Cause an Implicit Bias towards High Frequency Adversarial Examples. Josue Ortega Caro; Yilong Ju; Ryan Pyle; Sourav Dey; Wieland Brendel; Fabio Anselmi; Ankit Patel http://arxiv.org/abs/2006.11122 A general framework for defining and optimizing robustness. Alessandro Tibo; Manfred Jaeger; Kim G. Larsen http://arxiv.org/abs/2006.11103 Analyzing the Real-World Applicability of DGA Classifiers. Arthur Drichel; Ulrike Meyer; Samuel Schüppen; Dominik Teubert http://arxiv.org/abs/2006.11007 Towards an Adversarially Robust Normalization Approach. Muhammad Awais; Fahad Shamshad; Sung-Ho Bae http://arxiv.org/abs/2006.11078 Differentiable Language Model Adversarial Attacks on Categorical Sequence Classifiers. I. Fursov; A. Zaytsev; N. Kluchnikov; A. Kravchenko; E. Burnaev http://arxiv.org/abs/2006.11004 Adversarial Attacks for Multi-view Deep Models. Xuli Sun; Shiliang Sun http://arxiv.org/abs/2006.10620 Local Competition and Uncertainty for Adversarial Robustness in Deep Learning. Antonios Alexos; Konstantinos P. Panousis; Sotirios Chatzis http://arxiv.org/abs/2006.10679 Dissecting Deep Networks into an Ensemble of Generative Classifiers for Robust Predictions. Lokender Tiwari; Anish Madan; Saket Anand; Subhashis Banerjee http://arxiv.org/abs/2006.10885 The Dilemma Between Dimensionality Reduction and Adversarial Robustness. Sheila Alemany; Niki Pissinou http://arxiv.org/abs/2006.10876 Beware the Black-Box: on the Robustness of Recent Defenses to Adversarial Examples. Kaleel Mahmood; Deniz Gurevin; Dijk Marten van; Phuong Ha Nguyen http://arxiv.org/abs/2006.09994 Noise or Signal: The Role of Image Backgrounds in Object Recognition. Kai Xiao; Logan Engstrom; Andrew Ilyas; Aleksander Madry http://arxiv.org/abs/2006.10013 Adversarial Examples Detection and Analysis with Layer-wise Autoencoders. Bartosz Wójcik; Paweł Morawiecki; Marek Śmieja; Tomasz Krzyżek; Przemysław Spurek; Jacek Tabor http://arxiv.org/abs/2006.09701 Adversarial Defense by Latent Style Transformations. Shuo Wang; Surya Nepal; Alsharif Abuadbba; Carsten Rudolph; Marthie Grobler http://arxiv.org/abs/2006.12247 Disrupting Deepfakes with an Adversarial Attack that Survives Training. Eran Segalis http://arxiv.org/abs/2006.09989 Universal Lower-Bounds on Classification Error under Adversarial Attacks and Random Corruption. Elvis Dohmatob http://arxiv.org/abs/2006.12621 Fairness Through Robustness: Investigating Robustness Disparity in Deep Learning. Vedant Nanda; Samuel Dooley; Sahil Singla; Soheil Feizi; John P. Dickerson http://arxiv.org/abs/2006.08914 Calibrating Deep Neural Network Classifiers on Out-of-Distribution Datasets. Zhihui Shao; Jianyi Yang; Shaolei Ren http://arxiv.org/abs/2006.08947 SPLASH: Learnable Activation Functions for Improving Accuracy and Adversarial Robustness. Mohammadamin Tavakoli; Forest Agostinelli; Pierre Baldi http://arxiv.org/abs/2006.09040 Debona: Decoupled Boundary Network Analysis for Tighter Bounds and Faster Adversarial Robustness Proofs. Christopher Brix; Thomas Noll http://arxiv.org/abs/2006.09510 On sparse connectivity, adversarial robustness, and a novel model of the artificial neuron. Sergey Bochkanov http://arxiv.org/abs/2006.09539 AdvMind: Inferring Adversary Intent of Black-Box Attacks. Ren Pang; Xinyang Zhang; Shouling Ji; Xiapu Luo; Ting Wang http://arxiv.org/abs/2006.09373 The shape and simplicity biases of adversarially robust ImageNet-trained CNNs. Peijie Chen; Chirag Agarwal; Anh Nguyen http://arxiv.org/abs/2006.08789 Total Deep Variation: A Stable Regularizer for Inverse Problems. Erich Kobler; Alexander Effland; Karl Kunisch; Thomas Pock http://arxiv.org/abs/2006.08900 DefenseVGAE: Defending against Adversarial Attacks on Graph Data via a Variational Graph Autoencoder. Ao Zhang; Jinwen Ma http://arxiv.org/abs/2006.08476 Improving Adversarial Robustness via Unlabeled Out-of-Domain Data. Zhun Deng; Linjun Zhang; Amirata Ghorbani; James Zou http://arxiv.org/abs/2006.08391 Fast & Accurate Method for Bounding the Singular Values of Convolutional Layers with Application to Lipschitz Regularization. Alexandre Araujo; Benjamin Negrevergne; Yann Chevaleyre; Jamal Atif http://arxiv.org/abs/2006.08149 GNNGuard: Defending Graph Neural Networks against Adversarial Attacks. Xiang Zhang; Marinka Zitnik http://arxiv.org/abs/2006.08538 CG-ATTACK: Modeling the Conditional Distribution of Adversarial Perturbations to Boost Black-Box Attack. Yan Feng; Baoyuan Wu; Yanbo Fan; Li Liu; Zhifeng Li; Shutao Xia http://arxiv.org/abs/2006.08656 Multiscale Deep Equilibrium Models. Shaojie Bai; Vladlen Koltun; J. Zico Kolter http://arxiv.org/abs/2006.07989 GradAug: A New Regularization Method for Deep Neural Networks. Taojiannan Yang; Sijie Zhu; Chen Chen http://arxiv.org/abs/2006.07794 PatchUp: A Regularization Technique for Convolutional Neural Networks. Mojtaba Faramarzi; Mohammad Amini; Akilesh Badrinaaraayanan; Vikas Verma; Sarath Chandar http://arxiv.org/abs/2006.07828 On Saliency Maps and Adversarial Robustness. Puneet Mangla; Vedant Singh; Vineeth N Balasubramanian http://arxiv.org/abs/2006.07800 On the transferability of adversarial examples between convex and 01 loss models. Yunzhe Xue; Meiyan Xie; Usman Roshan http://arxiv.org/abs/2006.07934 Adversarial Attacks and Detection on Reinforcement Learning-Based Interactive Recommender Systems. Yuanjiang Cao; Xiaocong Chen; Lina Yao; Xianzhi Wang; Wei Emma Zhang http://arxiv.org/abs/2006.08020 Sparsity Turns Adversarial: Energy and Latency Attacks on Deep Neural Networks. Sarada Krithivasan; Sanchari Sen; Anand Raghunathan http://arxiv.org/abs/2006.07942 Duplicity Games for Deception Design with an Application to Insider Threat Mitigation. (11%) Linan Huang; Quanyan Zhu http://arxiv.org/abs/2006.07710 The Pitfalls of Simplicity Bias in Neural Networks. Harshay Shah; Kaustav Tamuly; Aditi Raghunathan; Prateek Jain; Praneeth Netrapalli http://arxiv.org/abs/2006.07589 Adversarial Self-Supervised Contrastive Learning. Minseon Kim; Jihoon Tack; Sung Ju Hwang http://arxiv.org/abs/2006.07682 Rethinking Clustering for Robustness. Motasem Alfarra; Juan C. Pérez; Adel Bibi; Ali Thabet; Pablo Arbeláez; Bernard Ghanem http://arxiv.org/abs/2006.07700 Defensive Approximation: Securing CNNs using Approximate Computing. Amira Guesmi; Ihsen Alouani; Khaled Khasawneh; Mouna Baklouti; Tarek Frikha; Mohamed Abid; Nael Abu-Ghazaleh http://arxiv.org/abs/2006.07024 Provably Robust Metric Learning. Lu Wang; Xuanqing Liu; Jinfeng Yi; Yuan Jiang; Cho-Jui Hsieh http://arxiv.org/abs/2006.07421 Defending against GAN-based Deepfake Attacks via Transformation-aware Adversarial Faces. Chaofei Yang; Lei Ding; Yiran Chen; Hai Li http://arxiv.org/abs/2006.07258 D-square-B: Deep Distribution Bound for Natural-looking Adversarial Attack. Qiuling Xu; Guanhong Tao; Xiangyu Zhang http://arxiv.org/abs/2006.08602 Targeted Adversarial Perturbations for Monocular Depth Prediction. Alex Wong; Safa Cicek; Stefano Soatto http://arxiv.org/abs/2006.06195 Large-Scale Adversarial Training for Vision-and-Language Representation Learning. Zhe Gan; Yen-Chun Chen; Linjie Li; Chen Zhu; Yu Cheng; Jingjing Liu http://arxiv.org/abs/2006.06643 Smoothed Geometry for Robust Attribution. Zifan Wang; Haofan Wang; Shakul Ramkumar; Matt Fredrikson; Piotr Mardziel; Anupam Datta http://arxiv.org/abs/2006.06493 Protecting Against Image Translation Deepfakes by Leaking Universal Perturbations from Black-Box Neural Networks. Nataniel Ruiz; Sarah Adel Bargal; Stan Sclaroff http://arxiv.org/abs/2006.06186 Investigating Robustness of Adversarial Samples Detection for Automatic Speaker Verification. Xu Li; Na Li; Jinghua Zhong; Xixin Wu; Xunying Liu; Dan Su; Dong Yu; Helen Meng http://arxiv.org/abs/2006.06861 Robustness to Adversarial Attacks in Learning-Enabled Controllers. Zikang Xiong; Joe Eappen; He Zhu; Suresh Jagannathan http://arxiv.org/abs/2006.06759 On the Tightness of Semidefinite Relaxations for Certifying Robustness to Adversarial Examples. Richard Y. Zhang http://arxiv.org/abs/2006.06356 Adversarial Attack Vulnerability of Medical Image Analysis Systems: Unexplored Factors. Suzanne C. Wetstein; Cristina González-Gonzalo; Gerda Bortsova; Bart Liefers; Florian Dubost; Ioannis Katramados; Laurens Hogeweg; Ginneken Bram van; Josien P. W. Pluim; Bruijne Marleen de; Clara I. Sánchez; Mitko Veta http://arxiv.org/abs/2006.06520 Achieving robustness in classification using optimal transport with hinge regularization. Mathieu Serrurier; Franck Mamalet; Alberto González-Sanz; Thibaut Boissin; Jean-Michel Loubes; Barrio Eustasio del http://arxiv.org/abs/2006.06721 Backdoor Smoothing: Demystifying Backdoor Attacks on Deep Neural Networks. (96%) Kathrin Grosse; Taesung Lee; Battista Biggio; Youngja Park; Michael Backes; Ian Molloy http://arxiv.org/abs/2006.05648 Evaluating Graph Vulnerability and Robustness using TIGER. Scott Freitas; Duen Horng Chau http://arxiv.org/abs/2006.06028 Towards Robust Fine-grained Recognition by Maximal Separation of Discriminative Features. Krishna Kanth Nakka; Mathieu Salzmann http://arxiv.org/abs/2006.06061 Deterministic Gaussian Averaged Neural Networks. Ryan Campbell; Chris Finlay; Adam M Oberman http://arxiv.org/abs/2006.05749 Interpolation between Residual and Non-Residual Networks. Zonghan Yang; Yang Liu; Chenglong Bao; Zuoqiang Shi http://arxiv.org/abs/2006.05945 Towards Certified Robustness of Metric Learning. Xiaochen Yang; Yiwen Guo; Mingzhi Dong; Jing-Hao Xue http://arxiv.org/abs/2006.05095 Towards an Intrinsic Definition of Robustness for a Classifier. Théo Giraudon; Vincent Gripon; Matthias Löwe; Franck Vermet http://arxiv.org/abs/2006.05057 Black-Box Adversarial Attacks on Graph Neural Networks with Limited Node Access. Jiaqi Ma; Shuangrui Ding; Qiaozhu Mei http://arxiv.org/abs/2006.05097 GAP++: Learning to generate target-conditioned adversarial examples. Xiaofeng Mao; Yuefeng Chen; Yuhong Li; Yuan He; Hui Xue http://arxiv.org/abs/2006.05594 Adversarial Attacks on Brain-Inspired Hyperdimensional Computing-Based Classifiers. Fangfang Yang; Shaolei Ren http://arxiv.org/abs/2006.05161 Provable tradeoffs in adversarially robust classification. Edgar Dobriban; Hamed Hassani; David Hong; Alexander Robey http://arxiv.org/abs/2006.05630 Distributional Robust Batch Contextual Bandits. (1%) Nian Si; Fan Zhang; Zhengyuan Zhou; Jose Blanchet http://arxiv.org/abs/2006.04935 Calibrated neighborhood aware confidence measure for deep metric learning. Maryna Karpusha; Sunghee Yun; Istvan Fehervari http://arxiv.org/abs/2006.04924 A Self-supervised Approach for Adversarial Robustness. Muzammal Naseer; Salman Khan; Munawar Hayat; Fahad Shahbaz Khan; Fatih Porikli http://arxiv.org/abs/2006.04349 Distributional Robustness with IPMs and links to Regularization and GANs. Hisham Husain http://arxiv.org/abs/2006.04449 On Universalized Adversarial and Invariant Perturbations. Sandesh Kamath; Amit Deshpande; K V Subrahmanyam http://arxiv.org/abs/2006.04504 Tricking Adversarial Attacks To Fail. Blerta Lindqvist http://arxiv.org/abs/2006.04403 Global Robustness Verification Networks. Weidi Sun; Yuteng Lu; Xiyue Zhang; Zhanxing Zhu; Meng Sun http://arxiv.org/abs/2006.04622 Trade-offs between membership privacy & adversarially robust learning. Jamie Hayes http://arxiv.org/abs/2006.04621 Adversarial Feature Desensitization. Pouya Bashivan; Reza Bayat; Adam Ibrahim; Kartik Ahuja; Mojtaba Faramarzi; Touraj Laleh; Blake Aaron Richards; Irina Rish http://arxiv.org/abs/2006.04208 Extensions and limitations of randomized smoothing for robustness guarantees. Jamie Hayes http://arxiv.org/abs/2006.04183 Uncertainty-Aware Deep Classifiers using Generative Models. Murat Sensoy; Lance Kaplan; Federico Cerutti; Maryam Saleki http://arxiv.org/abs/2006.03873 Unique properties of adversarially trained linear classifiers on Gaussian data. Jamie Hayes http://arxiv.org/abs/2006.03833 Can Domain Knowledge Alleviate Adversarial Attacks in Multi-Label Classifiers? Stefano Melacci; Gabriele Ciravegna; Angelo Sotgiu; Ambra Demontis; Battista Biggio; Marco Gori; Fabio Roli http://arxiv.org/abs/2006.03243 Adversarial Image Generation and Training for Deep Convolutional Neural Networks. Ronghua Shi; Hai Shu; Hongtu Zhu; Ziqi Chen http://arxiv.org/abs/2006.03712 Lipschitz Bounds and Provably Robust Training by Laplacian Smoothing. Vishaal Krishnan; Abed AlRahman Al Makdah; Fabio Pasqualetti http://arxiv.org/abs/2006.03463 Sponge Examples: Energy-Latency Attacks on Neural Networks. Ilia Shumailov; Yiren Zhao; Daniel Bates; Nicolas Papernot; Robert Mullins; Ross Anderson http://arxiv.org/abs/2006.02724 Characterizing the Weight Space for Different Learning Models. Saurav Musunuru; Jay N. Paranjape; Rahul Kumar Dubey; Vijendran G. Venkoparao http://arxiv.org/abs/2006.03089 Towards Understanding Fast Adversarial Training. Bai Li; Shiqi Wang; Suman Jana; Lawrence Carin http://arxiv.org/abs/2006.03214 Defense for Black-box Attacks on Anti-spoofing Models by Self-Supervised Learning. Haibin Wu; Andy T. Liu; Hung-yi Lee http://arxiv.org/abs/2006.03184 Pick-Object-Attack: Type-Specific Adversarial Attack for Object Detection. Omid Mohamad Nezami; Akshay Chaturvedi; Mark Dras; Utpal Garain http://arxiv.org/abs/2006.01791 SaliencyMix: A Saliency Guided Data Augmentation Strategy for Better Regularization. A. F. M. Shahab Uddin; Mst. Sirazam Monira; Wheemyung Shin; TaeChoong Chung; Sung-Ho Bae http://arxiv.org/abs/2006.01408 Exploring the role of Input and Output Layers of a Deep Neural Network in Adversarial Defense. Jay N. Paranjape; Rahul Kumar Dubey; Vijendran V Gopalan http://arxiv.org/abs/2006.01456 Perturbation Analysis of Gradient-based Adversarial Attacks. Utku Ozbulak; Manvel Gasparyan; Neve Wesley De; Messem Arnout Van http://arxiv.org/abs/2006.01888 Adversarial Item Promotion: Vulnerabilities at the Core of Top-N Recommenders that Use Images to Address Cold Start. Zhuoran Liu; Martha Larson http://arxiv.org/abs/2006.01906 Detecting Audio Attacks on ASR Systems with Dropout Uncertainty. Tejas Jayashankar; Jonathan Le Roux; Pierre Moulin http://arxiv.org/abs/2006.00731 Second-Order Provable Defenses against Adversarial Attacks. Sahil Singla; Soheil Feizi http://arxiv.org/abs/2006.00817 Adversarial Attacks on Reinforcement Learning based Energy Management Systems of Extended Range Electric Delivery Vehicles. Pengyue Wang; Yan Li; Shashi Shekhar; William F. Northrop http://arxiv.org/abs/2006.00860 Adversarial Attacks on Classifiers for Eye-based User Modelling. Inken CISPA Helmholtz Center for Information Security Hagestedt; Michael CISPA Helmholtz Center for Information Security Backes; Andreas University of Stuttgart Bulling http://arxiv.org/abs/2006.01304 Rethinking Empirical Evaluation of Adversarial Robustness Using First-Order Attack Methods. Kyungmi Lee; Anantha P. Chandrakasan http://arxiv.org/abs/2006.00442 Evaluations and Methods for Explanation through Robustness Analysis. Cheng-Yu Hsieh; Chih-Kuan Yeh; Xuanqing Liu; Pradeep Ravikumar; Seungyeon Kim; Sanjiv Kumar; Cho-Jui Hsieh http://arxiv.org/abs/2006.00602 Estimating Principal Components under Adversarial Perturbations. Pranjal Awasthi; Xue Chen; Aravindan Vijayaraghavan http://arxiv.org/abs/2006.00387 Exploring Model Robustness with Adaptive Networks and Improved Adversarial Training. Zheng Xu; Ali Shafahi; Tom Goldstein http://arxiv.org/abs/2005.14424 SAFER: A Structure-free Approach for Certified Robustness to Adversarial Word Substitutions. Mao Ye; Chengyue Gong; Qiang Liu http://arxiv.org/abs/2005.14302 Monocular Depth Estimators: Vulnerabilities and Attacks. Alwyn Mathew; Aditya Prakash Patra; Jimson Mathew http://arxiv.org/abs/2005.14137 QEBA: Query-Efficient Boundary-Based Blackbox Attack. Huichen Li; Xiaojun Xu; Xiaolu Zhang; Shuang Yang; Bo Li http://arxiv.org/abs/2005.14108 Adversarial Attacks and Defense on Texts: A Survey. Aminul Huq; Mst. Tasnim Pervin http://arxiv.org/abs/2006.03686 Adversarial Robustness of Deep Convolutional Candlestick Learner. Jun-Hao Chen; Samuel Yen-Chi Chen; Yun-Cheng Tsai; Chih-Shiang Shur http://arxiv.org/abs/2005.13293 Enhancing Resilience of Deep Learning Networks by Means of Transferable Adversaries. Moritz Seiler; Heike Trautmann; Pascal Kerschke http://arxiv.org/abs/2005.13712 Mitigating Advanced Adversarial Attacks with More Advanced Gradient Obfuscation Techniques. Han Qiu; Yi Zeng; Qinkai Zheng; Tianwei Zhang; Meikang Qiu; Gerard Memmi http://arxiv.org/abs/2005.13525 Stochastic Security: Adversarial Defense Using Long-Run Dynamics of Energy-Based Models. Mitch Hill; Jonathan Mitchell; Song-Chun Zhu http://arxiv.org/abs/2005.13748 Calibrated Surrogate Losses for Adversarially Robust Classification. Han Bao; Clayton Scott; Masashi Sugiyama http://arxiv.org/abs/2005.13123 Effects of Forward Error Correction on Communications Aware Evasion Attacks. Matthew DelVecchio; Bryse Flowers; William C. Headley http://arxiv.org/abs/2005.13124 Investigating a Spectral Deception Loss Metric for Training Machine Learning-based Evasion Attacks. Matthew DelVecchio; Vanessa Arndorfer; William C. Headley http://arxiv.org/abs/2005.12696 Generating Semantically Valid Adversarial Questions for TableQA. Yi Zhu; Menglin Xia; Yiwei Zhou http://arxiv.org/abs/2005.12154 Adversarial Feature Selection against Evasion Attacks. Fei Zhang; Patrick P. K. Chan; Battista Biggio; Daniel S. Yeung; Fabio Roli http://arxiv.org/abs/2005.14611 Detecting Adversarial Examples for Speech Recognition via Uncertainty Quantification. Sina Däubener; Lea Schönherr; Asja Fischer; Dorothea Kolossa http://arxiv.org/abs/2005.11671 SoK: Arms Race in Adversarial Malware Detection. Deqiang Li; Qianmu Li; Yanfang Ye; Shouhuai Xu http://arxiv.org/abs/2005.11904 Adaptive Adversarial Logits Pairing. Shangxi Wu; Jitao Sang; Kaiyuan Xu; Guanhua Zheng; Changsheng Xu http://arxiv.org/abs/2005.11626 ShapeAdv: Generating Shape-Aware Adversarial 3D Point Clouds. Kibok Lee; Zhuoyuan Chen; Xinchen Yan; Raquel Urtasun; Ersin Yumer http://arxiv.org/abs/2005.11560 Adversarial Attack on Hierarchical Graph Pooling Neural Networks. Haoteng Tang; Guixiang Ma; Yurong Chen; Lei Guo; Wei Wang; Bo Zeng; Liang Zhan http://arxiv.org/abs/2005.11516 Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend. (1%) Ivan Puddu; Moritz Schneider; Miro Haller; Srdjan Čapkun http://arxiv.org/abs/2005.11061 Vulnerability of deep neural networks for detecting COVID-19 cases from chest X-ray images to universal adversarial attacks. Hokuto Hirano; Kazuki Koga; Kazuhiro Takemoto http://arxiv.org/abs/2005.10750 Revisiting Role of Autoencoders in Adversarial Settings. Byeong Cheon Kim; Jung Uk Kim; Hakmin Lee; Yong Man Ro http://arxiv.org/abs/2005.10757 Robust Ensemble Model Training via Random Layer Sampling Against Adversarial Attack. Hakmin Lee; Hong Joo Lee; Seong Tae Kim; Yong Man Ro http://arxiv.org/abs/2005.10637 Inaudible Adversarial Perturbations for Targeted Attack in Speaker Recognition. Qing Wang; Pengcheng Guo; Lei Xie http://arxiv.org/abs/2005.10987 Investigating Vulnerability to Adversarial Examples on Multimodal Data Fusion in Deep Learning. Youngjoon Yu; Hong Joo Lee; Byeong Cheon Kim; Jung Uk Kim; Yong Man Ro http://arxiv.org/abs/2005.10203 Graph Structure Learning for Robust Graph Neural Networks. Wei Jin; Yao Ma; Xiaorui Liu; Xianfeng Tang; Suhang Wang; Jiliang Tang http://arxiv.org/abs/2005.10247 Model-Based Robust Deep Learning: Generalizing to Natural, Out-of-Distribution Data. Alexander Robey; Hamed Hassani; George J. Pappas http://arxiv.org/abs/2005.10284 An Adversarial Approach for Explaining the Predictions of Deep Neural Networks. Arash Rahnama; Andrew Tseng http://arxiv.org/abs/2005.10322 A survey on Adversarial Recommender Systems: from Attack/Defense strategies to Generative Adversarial Networks. Yashar Deldjoo; Noia Tommaso Di; Felice Antonio Merra http://arxiv.org/abs/2005.10190 Feature Purification: How Adversarial Training Performs Robust Deep Learning. Zeyuan Allen-Zhu; Yuanzhi Li http://arxiv.org/abs/2005.09294 Synthesizing Unrestricted False Positive Adversarial Objects Using Generative Models. Martin Kotuliak; Sandro E. Schoenborn; Andrei Dan http://arxiv.org/abs/2005.09257 Bias-based Universal Adversarial Patch Attack for Automatic Check-out. Aishan Liu; Jiakai Wang; Xianglong Liu; Bowen Cao; Chongzhi Zhang; Hang Yu http://arxiv.org/abs/2005.08632 Universalization of any adversarial attack using very few test examples. Sandesh Kamath; Amit Deshpande; K V Subrahmanyam http://arxiv.org/abs/2005.09170 On Intrinsic Dataset Properties for Adversarial Machine Learning. Jeffrey Z. Pan; Nicholas Zufelt http://arxiv.org/abs/2005.08781 Defending Your Voice: Adversarial Attack on Voice Conversion. Chien-yu Huang; Yist Y. Lin; Hung-yi Lee; Lin-shan Lee http://arxiv.org/abs/2005.08454 Reliability and Robustness analysis of Machine Learning based Phishing URL Detectors. Bushra University of Adelaide, CREST - The Centre for Research on Engineering Software Technologies, CSIROs Data61 Sabir; M. Ali University of Adelaide, CREST - The Centre for Research on Engineering Software Technologies Babar; Raj CSIROs Data61 Gaire; Alsharif CSIROs DATA61 Abuadbba http://arxiv.org/abs/2005.09134 Improve robustness of DNN for ECG signal classification:a noise-to-signal ratio perspective. Linhai Ma; Liang Liang http://arxiv.org/abs/2005.09147 Increasing-Margin Adversarial (IMA) Training to Improve Adversarial Robustness of Neural Networks. Linhai Ma; Liang Liang http://arxiv.org/abs/2005.09161 Spatiotemporal Attacks for Embodied Agents. Aishan Liu; Tairan Huang; Xianglong Liu; Yitao Xu; Yuqing Ma; Xinyun Chen; Stephen J. Maybank; Dacheng Tao http://arxiv.org/abs/2005.08321 Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks. Mahdieh Abbasi; Arezoo Rajabi; Christian Gagne; Rakesh B. Bobba http://arxiv.org/abs/2005.08087 Universal Adversarial Perturbations: A Survey. Ashutosh Chaubey; Nikhil Agrawal; Kavya Barnwal; Keerat K. Guliani; Pramod Mehta http://arxiv.org/abs/2005.07998 Encryption Inspired Adversarial Defense for Visual Classification. MaungMaung AprilPyone; Hitoshi Kiya http://arxiv.org/abs/2005.10884 PatchGuard: Provable Defense against Adversarial Patches Using Masks on Small Receptive Fields. Chong Xiang; Arjun Nitin Bhagoji; Vikash Sehwag; Prateek Mittal http://arxiv.org/abs/2005.07675 How to Make 5G Communications "Invisible": Adversarial Machine Learning for Wireless Privacy. Brian Kim; Yalin E. Sagduyu; Kemal Davaslioglu; Tugba Erpek; Sennur Ulukus http://arxiv.org/abs/2005.07519 Practical Traffic-space Adversarial Attacks on Learning-based NIDSs. Dongqi Han; Zhiliang Wang; Ying Zhong; Wenqi Chen; Jiahai Yang; Shuqiang Lu; Xingang Shi; Xia Yin http://arxiv.org/abs/2005.07606 Initializing Perturbations in Multiple Directions for Fast Adversarial Training. Xunguang Wang; Ship Peng Xu; Eric Ke Wang http://arxiv.org/abs/2005.07099 Stealthy and Efficient Adversarial Attacks against Deep Reinforcement Learning. Jianwen Sun; Tianwei Zhang; Xiaofei Xie; Lei Ma; Yan Zheng; Kangjie Chen; Yang Liu http://arxiv.org/abs/2005.07347 Towards Assessment of Randomized Mechanisms for Certifying Adversarial Robustness. Tianhang Zheng; Di Wang; Baochun Li; Jinhui Xu http://arxiv.org/abs/2005.07145 A Deep Learning-based Fine-grained Hierarchical Learning Approach for Robust Malware Classification. Ahmed Abusnaina; Mohammed Abuhamad; Hisham Alasmary; Afsah Anwar; Rhongho Jang; Saeed Salem; DaeHun Nyang; David Mohaisen http://arxiv.org/abs/2005.06149 DeepRobust: A PyTorch Library for Adversarial Attacks and Defenses. Yaxin Li; Wei Jin; Han Xu; Jiliang Tang http://arxiv.org/abs/2005.05750 Evaluating Ensemble Robustness Against Adversarial Attacks. George Adam; Romain Speciel http://arxiv.org/abs/2005.06023 Increased-confidence adversarial examples for improved transferability of Counter-Forensic attacks. Wenjie Li; Benedetta Tondi; Rongrong Ni; Mauro Barni http://arxiv.org/abs/2005.06107 Adversarial examples are useful too! Ali Borji http://arxiv.org/abs/2005.05552 Effective and Robust Detection of Adversarial Examples via Benford-Fourier Coefficients. Chengcheng Ma; Baoyuan Wu; Shibiao Xu; Yanbo Fan; Yong Zhang; Xiaopeng Zhang; Zhifeng Li http://arxiv.org/abs/2005.05321 Channel-Aware Adversarial Attacks Against Deep Learning-Based Wireless Signal Classifiers. Brian Kim; Yalin E. Sagduyu; Kemal Davaslioglu; Tugba Erpek; Sennur Ulukus http://arxiv.org/abs/2005.04871 Spanning Attack: Reinforce Black-box Attacks with Unlabeled Data. Lu Wang; Huan Zhang; Jinfeng Yi; Cho-Jui Hsieh; Yuan Jiang http://arxiv.org/abs/2005.04364 It's Morphin' Time! Combating Linguistic Discrimination with Inflectional Perturbations. Samson Tan; Shafiq Joty; Min-Yen Kan; Richard Socher http://arxiv.org/abs/2005.04564 Class-Aware Domain Adaptation for Improving Adversarial Robustness. Xianxu Hou; Jingxin Liu; Bolei Xu; Xiaolong Wang; Bozhi Liu; Guoping Qiu http://arxiv.org/abs/2005.04272 Towards Robustness against Unsuspicious Adversarial Examples. Liang Tong; Minzhe Guo; Atul Prakash; Yevgeniy Vorobeychik http://arxiv.org/abs/2005.03597 Efficient Exact Verification of Binarized Neural Networks. Kai Jia; Martin Rinard http://arxiv.org/abs/2005.03837 Projection & Probability-Driven Black-Box Attack. Jie Li; Rongrong Ji; Hong Liu; Jianzhuang Liu; Bineng Zhong; Cheng Deng; Qi Tian http://arxiv.org/abs/2005.03644 Defending Hardware-based Malware Detectors against Adversarial Attacks. Abraham Peedikayil Kuruvila; Shamik Kundu; Kanad Basu http://arxiv.org/abs/2005.02936 GraCIAS: Grassmannian of Corrupted Images for Adversarial Security. Ankita Shukla; Pavan Turaga; Saket Anand http://arxiv.org/abs/2005.02929 Training robust neural networks using Lipschitz bounds. Patricia Pauli; Anne Koch; Julian Berberich; Paul Kohler; Frank Allgöwer http://arxiv.org/abs/2005.02552 Enhancing Intrinsic Adversarial Robustness via Feature Pyramid Decoder. Guanlin Li; Shuya Ding; Jun Luo; Chang Liu http://arxiv.org/abs/2005.02270 Hacking the Waveform: Generalized Wireless Adversarial Deep Learning. Francesco Restuccia; Salvatore D'Oro; Amani Al-Shawabka; Bruno Costa Rendon; Kaushik Chowdhury; Stratis Ioannidis; Tommaso Melodia http://arxiv.org/abs/2005.02313 Adversarial Training against Location-Optimized Adversarial Patches. Sukrut Rao; David Stutz; Bernt Schiele http://arxiv.org/abs/2005.02540 Measuring Adversarial Robustness using a Voronoi-Epsilon Adversary. Hyeongji Kim; Pekka Parviainen; Ketil Malde http://arxiv.org/abs/2005.01499 On the Benefits of Models with Perceptually-Aligned Gradients. Gunjan Aggarwal; Abhishek Sinha; Nupur Kumari; Mayank Singh http://arxiv.org/abs/2005.01452 Do Gradient-based Explanations Tell Anything About Adversarial Robustness to Android Malware? Marco Melis; Michele Scalas; Ambra Demontis; Davide Maiorca; Battista Biggio; Giorgio Giacinto; Fabio Roli http://arxiv.org/abs/2005.01229 Robust Encodings: A Framework for Combating Adversarial Typos. Erik Jones; Robin Jia; Aditi Raghunathan; Percy Liang http://arxiv.org/abs/2005.00695 On the Generalization Effects of Linear Transformations in Data Augmentation. (1%) Sen Wu; Hongyang R. Zhang; Gregory Valiant; Christopher Ré http://arxiv.org/abs/2005.00656 Jacks of All Trades, Masters Of None: Addressing Distributional Shift and Obtrusiveness via Transparent Patch Attacks. Neil Fendley; Max Lennon; I-Jeng Wang; Philippe Burlina; Nathan Drenkow http://arxiv.org/abs/2005.00683 Birds have four legs?! NumerSense: Probing Numerical Commonsense Knowledge of Pre-trained Language Models. Bill Yuchen Lin; Seyeon Lee; Rahul Khanna; Xiang Ren http://arxiv.org/abs/2005.00616 Robust Deep Learning as Optimal Control: Insights and Convergence Guarantees. Jacob H. Seidman; Mahyar Fazlyab; Victor M. Preciado; George J. Pappas http://arxiv.org/abs/2005.00446 Defense of Word-level Adversarial Attacks via Random Substitution Encoding. Zhaoyang Wang; Hongtao Wang http://arxiv.org/abs/2005.00190 Evaluating Neural Machine Comprehension Model Robustness to Noisy Inputs and Adversarial Attacks. Winston Wu; Dustin Arendt; Svitlana Volkova http://arxiv.org/abs/2004.15015 Imitation Attacks and Defenses for Black-box Machine Translation Systems. Eric Wallace; Mitchell Stern; Dawn Song http://arxiv.org/abs/2005.00174 Universal Adversarial Attacks with Natural Triggers for Text Classification. Liwei Song; Xinwei Yu; Hsuan-Tung Peng; Karthik Narasimhan http://arxiv.org/abs/2005.00060 Bridging Mode Connectivity in Loss Landscapes and Adversarial Robustness. Pu Zhao; Pin-Yu Chen; Payel Das; Karthikeyan Natesan Ramamurthy; Xue Lin http://arxiv.org/abs/2004.14861 Perturbing Across the Feature Hierarchy to Improve Standard and Strict Blackbox Attack Transferability. Nathan Inkawhich; Kevin J Liang; Binghui Wang; Matthew Inkawhich; Lawrence Carin; Yiran Chen http://arxiv.org/abs/2004.14543 TAVAT: Token-Aware Virtual Adversarial Training for Language Understanding. Linyang Li; Xipeng Qiu http://arxiv.org/abs/2005.05909 TextAttack: A Framework for Adversarial Attacks, Data Augmentation, and Adversarial Training in NLP. John X. Morris; Eli Lifland; Jin Yong Yoo; Jake Grigsby; Di Jin; Yanjun Qi http://arxiv.org/abs/2004.13617 Adversarial Learning Guarantees for Linear Hypotheses and Neural Networks. Pranjal Awasthi; Natalie Frank; Mehryar Mohri http://arxiv.org/abs/2004.13799 Minority Reports Defense: Defending Against Adversarial Patches. Michael McCoyd; Won Park; Steven Chen; Neil Shah; Ryan Roggenkemper; Minjune Hwang; Jason Xinyu Liu; David Wagner http://arxiv.org/abs/2004.12864 DeSePtion: Dual Sequence Prediction and Adversarial Examples for Improved Fact-Checking. Christopher Hidey; Tuhin Chakrabarty; Tariq Alhindi; Siddharth Varia; Kriste Krstovski; Mona Diab; Smaranda Muresan http://arxiv.org/abs/2004.12771 Adversarial Fooling Beyond "Flipping the Label". Konda Reddy Mopuri; Vaisakh Shaj; R. Venkatesh Babu http://arxiv.org/abs/2004.12764 "Call me sexist, but...": Revisiting Sexism Detection Using Psychological Scales and Adversarial Samples. (81%) Mattia Samory; Indira Sen; Julian Kohne; Fabian Floeck; Claudia Wagner http://arxiv.org/abs/2004.12519 Transferable Perturbations of Deep Feature Distributions. Nathan Inkawhich; Kevin J Liang; Lawrence Carin; Yiran Chen http://arxiv.org/abs/2004.12385 Towards Feature Space Adversarial Attack. Qiuling Xu; Guanhong Tao; Siyuan Cheng; Xiangyu Zhang http://arxiv.org/abs/2005.02160 Printing and Scanning Attack for Image Counter Forensics. Hailey James; Otkrist Gupta; Dan Raviv http://arxiv.org/abs/2004.12478 Improved Image Wasserstein Attacks and Defenses. Edward J. Hu; Adith Swaminathan; Hadi Salman; Greg Yang http://arxiv.org/abs/2004.12227 Improved Adversarial Training via Learned Optimizer. Yuanhao Xiong; Cho-Jui Hsieh http://arxiv.org/abs/2004.12261 Enabling Fast and Universal Audio Adversarial Attack Using Generative Model. Yi Xie; Zhuohang Li; Cong Shi; Jian Liu; Yingying Chen; Bo Yuan http://arxiv.org/abs/2004.13013 Harnessing adversarial examples with a surprisingly simple defense. Ali Borji http://arxiv.org/abs/2004.11573 Towards Characterizing Adversarial Defects of Deep Learning Software from the Lens of Uncertainty. Xiyue Zhang; Xiaofei Xie; Lei Ma; Xiaoning Du; Qiang Hu; Yang Liu; Jianjun Zhao; Meng Sun http://arxiv.org/abs/2004.13002 A Black-box Adversarial Attack Strategy with Adjustable Sparsity and Generalizability for Deep Image Classifiers. Arka Ghosh; Sankha Subhra Mullick; Shounak Datta; Swagatam Das; Rammohan Mallipeddi; Asit Kr. Das http://arxiv.org/abs/2004.14174 Reevaluating Adversarial Examples in Natural Language. John X. Morris; Eli Lifland; Jack Lanchantin; Yangfeng Ji; Yanjun Qi http://arxiv.org/abs/2004.11898 Adversarial Machine Learning in Network Intrusion Detection Systems. Elie Alhajjar; Paul Maxwell; Nathaniel D. Bastian http://arxiv.org/abs/2004.11488 Adversarial Attacks and Defenses: An Interpretation Perspective. Ninghao Liu; Mengnan Du; Ruocheng Guo; Huan Liu; Xia Hu http://arxiv.org/abs/2004.11114 Evaluating Adversarial Robustness for Deep Neural Network Interpretability using fMRI Decoding. Patrick McClure; Dustin Moraczewski; Ka Chun Lam; Adam Thomas; Francisco Pereira http://arxiv.org/abs/2004.11157 On Adversarial Examples for Biomedical NLP Tasks. Vladimir Araujo; Andres Carvallo; Carlos Aspillaga; Denis Parra http://arxiv.org/abs/2004.11273 Ensemble Generative Cleaning with Feedback Loops for Defending Adversarial Attacks. Jianhe Yuan; Zhihai He http://arxiv.org/abs/2004.11072 Improved Noise and Attack Robustness for Semantic Segmentation by Using Multi-Task Training with Self-Supervised Depth Estimation. Marvin Klingner; Andreas Bär; Tim Fingscheidt http://arxiv.org/abs/2004.14798 RAIN: A Simple Approach for Robust and Accurate Image Classification Networks. Jiawei Du; Hanshu Yan; Vincent Y. F. Tan; Joey Tianyi Zhou; Rick Siow Mong Goh; Jiashi Feng http://arxiv.org/abs/2004.10700 CodNN -- Robust Neural Networks From Coded Classification. Netanel Andrew Raviv; Siddharth Andrew Jain; Pulakesh Andrew Upadhyaya; Jehoshua Andrew Bruck; Andrew Anxiao; Jiang http://arxiv.org/abs/2004.10608 Provably robust deep generative models. Filipe Condessa; Zico Kolter http://arxiv.org/abs/2004.11233 QUANOS- Adversarial Noise Sensitivity Driven Hybrid Quantization of Neural Networks. Priyadarshini Panda http://arxiv.org/abs/2004.10882 Adversarial examples and where to find them. Niklas Risse; Christina Göpfert; Jan Philip Göpfert http://arxiv.org/abs/2004.13825 Scalable Attack on Graph Data by Injecting Vicious Nodes. Jihong Wang; Minnan Luo; Fnu Suya; Jundong Li; Zijiang Yang; Qinghua Zheng http://arxiv.org/abs/2004.10250 Certifying Joint Adversarial Robustness for Model Ensembles. Mainuddin Ahmad Jonas; David Evans http://arxiv.org/abs/2004.10281 Probabilistic Safety for Bayesian Neural Networks. Matthew Wicker; Luca Laurenti; Andrea Patane; Marta Kwiatkowska http://arxiv.org/abs/2004.09984 BERT-ATTACK: Adversarial Attack Against BERT Using BERT. Linyang Li; Ruotian Ma; Qipeng Guo; Xiangyang Xue; Xipeng Qiu http://arxiv.org/abs/2004.10162 EMPIR: Ensembles of Mixed Precision Deep Networks for Increased Robustness against Adversarial Attacks. Sanchari Sen; Balaraman Ravindran; Anand Raghunathan http://arxiv.org/abs/2004.09179 GraN: An Efficient Gradient-Norm Based Detector for Adversarial and Misclassified Examples. Julia Lust; Alexandru Paul Condurache http://arxiv.org/abs/2004.09677 Approximate exploitability: Learning a best response in large games. (74%) Finbarr Timbers; Nolan Bard; Edward Lockhart; Marc Lanctot; Martin Schmid; Neil Burch; Julian Schrittwieser; Thomas Hubert; Michael Bowling http://arxiv.org/abs/2004.08833 Dynamic Knowledge Graph-based Dialogue Generation with Improved Adversarial Meta-Learning. Hongcai Xu; Junpeng Bao; Gaojie Zhang http://arxiv.org/abs/2004.08994 Adversarial Training for Large Neural Language Models. Xiaodong Liu; Hao Cheng; Pengcheng He; Weizhu Chen; Yu Wang; Hoifung Poon; Jianfeng Gao http://arxiv.org/abs/2004.09007 Headless Horseman: Adversarial Attacks on Transfer Learning Models. Ahmed Abdelkader; Michael J. Curry; Liam Fowl; Tom Goldstein; Avi Schwarzschild; Manli Shu; Christoph Studer; Chen Zhu http://arxiv.org/abs/2004.08705 Protecting Classifiers From Attacks. A Bayesian Approach. Victor Gallego; Roi Naveiro; Alberto Redondo; David Rios Insua; Fabrizio Ruggeri http://arxiv.org/abs/2004.08628 Single-step Adversarial training with Dropout Scheduling. Vivek B. S.; R. Venkatesh Babu http://arxiv.org/abs/2004.08443 Adversarial Attack on Deep Learning-Based Splice Localization. Andras Rozsa; Zheng Zhong; Terrance E. Boult http://arxiv.org/abs/2004.07780 Shortcut Learning in Deep Neural Networks. Robert Geirhos; Jörn-Henrik Jacobsen; Claudio Michaelis; Richard Zemel; Wieland Brendel; Matthias Bethge; Felix A. Wichmann http://arxiv.org/abs/2004.07955 Targeted Attack for Deep Hashing based Retrieval. Jiawang Bai; Bin Chen; Yiming Li; Dongxian Wu; Weiwei Guo; Shu-tao Xia; En-hui Yang http://arxiv.org/abs/2004.07919 A Framework for Enhancing Deep Neural Networks Against Adversarial Malware. Deqiang Li; Qianmu Li; Yanfang Ye; Shouhuai Xu http://arxiv.org/abs/2004.06954 Advanced Evasion Attacks and Mitigations on Practical ML-Based Phishing Website Classifiers. Yusi Lei; Sen Chen; Lingling Fan; Fu Song; Yang Liu http://arxiv.org/abs/2004.06562 On the Optimal Interaction Range for Multi-Agent Systems Under Adversarial Attack. Saad J Saleh http://arxiv.org/abs/2004.06383 Extending Adversarial Attacks to Produce Adversarial Class Probability Distributions. Jon Vadillo; Roberto Santana; Jose A. Lozano http://arxiv.org/abs/2004.05923 Adversarial Robustness Guarantees for Random Deep Neural Networks. Palma Giacomo De; Bobak T. Kiani; Seth Lloyd http://arxiv.org/abs/2004.05887 Frequency-Guided Word Substitutions for Detecting Textual Adversarial Examples. Maximilian Mozes; Pontus Stenetorp; Bennett Kleinberg; Lewis D. Griffin http://arxiv.org/abs/2004.05884 Adversarial Weight Perturbation Helps Robust Generalization. Dongxian Wu; Shu-tao Xia; Yisen Wang http://arxiv.org/abs/2004.06076 Adversarial Augmentation Policy Search for Domain and Cross-Lingual Generalization in Reading Comprehension. Adyasha Maharana; Mohit Bansal http://arxiv.org/abs/2004.06288 Towards Robust Classification with Image Quality Assessment. Yeli Feng; Yiyu Cai http://arxiv.org/abs/2004.05790 Towards Transferable Adversarial Attack against Deep Face Recognition. Yaoyao Zhong; Weihong Deng http://arxiv.org/abs/2004.05682 PatchAttack: A Black-box Texture-based Attack with Reinforcement Learning. Chenglin Yang; Adam Kortylewski; Cihang Xie; Yinzhi Cao; Alan Yuille http://arxiv.org/abs/2004.11819 Domain Adaptive Transfer Attack (DATA)-based Segmentation Networks for Building Extraction from Aerial Images. Younghwan Na; Jun Hee Kim; Kyungsu Lee; Juhum Park; Jae Youn Hwang; Jihwan P. Choi http://arxiv.org/abs/2004.06496 Certified Adversarial Robustness for Deep Reinforcement Learning. Michael Everett; Bjorn Lutjens; Jonathan P. How http://arxiv.org/abs/2004.05465 Robust Large-Margin Learning in Hyperbolic Space. Melanie Weber; Manzil Zaheer; Ankit Singh Rawat; Aditya Menon; Sanjiv Kumar http://arxiv.org/abs/2004.05511 Verification of Deep Convolutional Neural Networks Using ImageStars. Hoang-Dung Tran; Stanley Bak; Weiming Xiang; Taylor T. Johnson http://arxiv.org/abs/2004.05005 Adversarial Attacks on Machine Learning Cybersecurity Defences in Industrial Control Systems. Eirini Anthi; Lowri Williams; Matilda Rhode; Pete Burnap; Adam Wedgbury http://arxiv.org/abs/2004.04919 Luring of transferable adversarial perturbations in the black-box paradigm. Rémi Bernhard; Pierre-Alain Moellic; Jean-Max Dutertre http://arxiv.org/abs/2004.05914 Blind Adversarial Training: Balance Accuracy and Robustness. Haidong Xie; Xueshuang Xiang; Naijin Liu; Bin Dong http://arxiv.org/abs/2004.05913 Blind Adversarial Pruning: Balance Accuracy, Efficiency and Robustness. Haidong Xie; Lixin Qian; Xueshuang Xiang; Naijin Liu http://arxiv.org/abs/2004.04479 On Adversarial Examples and Stealth Attacks in Artificial Intelligence Systems. Ivan Y. Tyukin; Desmond J. Higham; Alexander N. Gorban http://arxiv.org/abs/2004.04199 Transferable, Controllable, and Inconspicuous Adversarial Attacks on Person Re-identification With Deep Mis-Ranking. Hongjun Wang; Guangrun Wang; Ya Li; Dongyu Zhang; Liang Lin http://arxiv.org/abs/2004.03742 Towards Evaluating the Robustness of Chinese BERT Classifiers. Boxin Wang; Boyuan Pan; Xin Li; Bo Li http://arxiv.org/abs/2004.03295 Feature Partitioning for Robust Tree Ensembles and their Certification in Adversarial Scenarios. Stefano Calzavara; Claudio Lucchese; Federico Marcuzzi; Salvatore Orlando http://arxiv.org/abs/2004.03434 Learning to fool the speaker recognition. Jiguo Li; Xinfeng Zhang; Jizheng Xu; Li Zhang; Yue Wang; Siwei Ma; Wen Gao http://arxiv.org/abs/2004.03428 Universal Adversarial Perturbations Generative Network for Speaker Recognition. Jiguo Li; Xinfeng Zhang; Chuanmin Jia; Jizheng Xu; Li Zhang; Yue Wang; Siwei Ma; Wen Gao http://arxiv.org/abs/2004.02183 Approximate Manifold Defense Against Multiple Adversarial Perturbations. Jay Nandy; Wynne Hsu; Mong Li Lee http://arxiv.org/abs/2004.01903 Understanding (Non-)Robust Feature Disentanglement and the Relationship Between Low- and High-Dimensional Adversarial Attacks. Zuowen Wang; Leo Horne http://arxiv.org/abs/2004.01970 BAE: BERT-based Adversarial Examples for Text Classification. Siddhant Garg; Goutham Ramakrishnan http://arxiv.org/abs/2004.01832 Adversarial Robustness through Regularization: A Second-Order Approach. Avery Ma; Fartash Faghri; Amir-massoud Farahmand http://arxiv.org/abs/2004.00622 Evading Deepfake-Image Detectors with White- and Black-Box Attacks. Nicholas Carlini; Hany Farid http://arxiv.org/abs/2004.00306 Towards Achieving Adversarial Robustness by Enforcing Feature Consistency Across Bit Planes. Sravanti Addepalli; Vivek B. S.; Arya Baburaj; Gaurang Sriramanan; R. Venkatesh Babu http://arxiv.org/abs/2004.00543 Physically Realizable Adversarial Examples for LiDAR Object Detection. James Tu; Mengye Ren; Siva Manivasagam; Ming Liang; Bin Yang; Richard Du; Frank Cheng; Raquel Urtasun http://arxiv.org/abs/2003.13969 A Thorough Comparison Study on Adversarial Attacks and Defenses for Common Thorax Disease Classification in Chest X-rays. Chendi Rao; Jiezhang Cao; Runhao Zeng; Qi Chen; Huazhu Fu; Yanwu Xu; Mingkui Tan http://arxiv.org/abs/2003.13917 Characterizing Speech Adversarial Examples Using Self-Attention U-Net Enhancement. Chao-Han Huck Yang; Jun Qi; Pin-Yu Chen; Xiaoli Ma; Chin-Hui Lee http://arxiv.org/abs/2004.00410 Adversarial Attacks on Multivariate Time Series. Samuel Harford; Fazle Karim; Houshang Darabi http://arxiv.org/abs/2003.13511 Improved Gradient based Adversarial Attacks for Quantized Networks. Kartik Gupta; Thalaiyasingam Ajanthan http://arxiv.org/abs/2003.13370 Towards Deep Learning Models Resistant to Large Perturbations. Amirreza Shaeiri; Rozhin Nobahari; Mohammad Hossein Rohban http://arxiv.org/abs/2003.13526 Efficient Black-box Optimization of Adversarial Windows Malware with Constrained Manipulations. Luca Demetrio; Battista Biggio; Giovanni Lagorio; Fabio Roli; Alessandro Armando http://arxiv.org/abs/2003.12862 Adversarial Robustness: From Self-Supervised Pre-Training to Fine-Tuning. Tianlong Chen; Sijia Liu; Shiyu Chang; Yu Cheng; Lisa Amini; Zhangyang Wang http://arxiv.org/abs/2003.12703 DaST: Data-free Substitute Training for Adversarial Attacks. Mingyi Zhou; Jing Wu; Yipeng Liu; Shuaicheng Liu; Ce Zhu http://arxiv.org/abs/2003.12760 Adversarial Imitation Attack. Mingyi Zhou; Jing Wu; Yipeng Liu; Shuaicheng Liu; Xiang Zhang; Ce Zhu http://arxiv.org/abs/2003.11816 Do Deep Minds Think Alike? Selective Adversarial Attacks for Fine-Grained Manipulation of Multiple Deep Neural Networks. Zain Khan; Jirong Yi; Raghu Mudumbai; Xiaodong Wu; Weiyu Xu http://arxiv.org/abs/2003.11855 Challenging the adversarial robustness of DNNs based on error-correcting output codes. Bowen Zhang; Benedetta Tondi; Xixiang Lv; Mauro Barni http://arxiv.org/abs/2003.11323 Plausible Counterfactuals: Auditing Deep Learning Classifiers with Realistic Adversarial Examples. Alejandro Barredo-Arrieta; Ser Javier Del http://arxiv.org/abs/2003.11145 Adversarial Light Projection Attacks on Face Recognition Systems: A Feasibility Study. Luan Nguyen; Sunpreet S. Arora; Yuhang Wu; Hao Yang http://arxiv.org/abs/2003.10602 Defense Through Diverse Directions. Christopher M. Bender; Yang Li; Yifeng Shi; Michael K. Reiter; Junier B. Oliva http://arxiv.org/abs/2003.10315 Adversarial Attacks on Monocular Depth Estimation. Ziqi Zhang; Xinge Zhu; Yingwei Li; Xiangqun Chen; Yao Guo http://arxiv.org/abs/2003.10399 Inherent Adversarial Robustness of Deep Spiking Neural Networks: Effects of Discrete Input Encoding and Non-Linear Activations. Saima Sharmin; Nitin Rathi; Priyadarshini Panda; Kaushik Roy http://arxiv.org/abs/2003.10596 Adversarial Perturbations Fool Deepfake Detectors. Apurva Gandhi; Shomik Jain http://arxiv.org/abs/2003.10041 Understanding the robustness of deep neural network classifiers for breast cancer screening. Witold Oleszkiewicz; Taro Makino; Stanisław Jastrzębski; Tomasz Trzciński; Linda Moy; Kyunghyun Cho; Laura Heacock; Krzysztof J. Geras http://arxiv.org/abs/2003.10045 Architectural Resilience to Foreground-and-Background Adversarial Noise. Carl Cheng; Evan Hu http://arxiv.org/abs/2003.10804 Detecting Adversarial Examples in Learning-Enabled Cyber-Physical Systems using Variational Autoencoder for Regression. Feiyang Cai; Jiani Li; Xenofon Koutsoukos http://arxiv.org/abs/2003.09711 Robust Out-of-distribution Detection in Neural Networks. Jiefeng Chen; Yixuan Li; Xi Wu; Yingyu Liang; Somesh Jha http://arxiv.org/abs/2003.09595 Cooling-Shrinking Attack: Blinding the Tracker with Imperceptible Noises. Bin Yan; Dong Wang; Huchuan Lu; Xiaoyun Yang http://arxiv.org/abs/2003.11917 Adversarial Examples and the Deeper Riddle of Induction: The Need for a Theory of Artifacts in Deep Learning. Cameron Buckner http://arxiv.org/abs/2004.02756 Investigating Image Applications Based on Spatial-Frequency Transform and Deep Learning Techniques. Qinkai Zheng; Han Qiu; Gerard Memmi; Isabelle Bloch http://arxiv.org/abs/2003.09416 Quantum noise protects quantum classifiers against adversaries. Yuxuan Du; Min-Hsiu Hsieh; Tongliang Liu; Dacheng Tao; Nana Liu http://arxiv.org/abs/2003.09372 One Neuron to Fool Them All. Anshuman Suri; David Evans http://arxiv.org/abs/2003.09461 Adversarial Robustness on In- and Out-Distribution Improves Explainability. Maximilian Augustin; Alexander Meinke; Matthias Hein http://arxiv.org/abs/2003.08937 Breaking certified defenses: Semantic adversarial examples with spoofed robustness certificates. Amin Ghiasi; Ali Shafahi; Tom Goldstein http://arxiv.org/abs/2003.08861 Face-Off: Adversarial Face Obfuscation. Varun Chandrasekaran; Chuhan Gao; Brian Tang; Kassem Fawaz; Somesh Jha; Suman Banerjee http://arxiv.org/abs/2003.08938 Robust Deep Reinforcement Learning against Adversarial Perturbations on State Observations. Huan Zhang; Hongge Chen; Chaowei Xiao; Bo Li; Mingyan Liu; Duane Boning; Cho-Jui Hsieh http://arxiv.org/abs/2003.08907 Overinterpretation reveals image classification model pathologies. (81%) Brandon Carter; Siddhartha Jain; Jonas Mueller; David Gifford http://arxiv.org/abs/2003.08837 Vulnerabilities of Connectionist AI Applications: Evaluation and Defence. Christian Berghoff; Matthias Neu; Twickel Arndt von http://arxiv.org/abs/2003.08034 Generating Socially Acceptable Perturbations for Efficient Evaluation of Autonomous Vehicles. Songan Zhang; Huei Peng; Subramanya Nageshrao; H. Eric Tseng http://arxiv.org/abs/2003.08093 Solving Non-Convex Non-Differentiable Min-Max Games using Proximal Gradient Method. Babak Barazandeh; Meisam Razaviyayn http://arxiv.org/abs/2003.09347 SAT: Improving Adversarial Training via Curriculum-Based Loss Smoothing. Chawin Sitawarin; Supriyo Chakraborty; David Wagner http://arxiv.org/abs/2003.07637 Motion-Excited Sampler: Video Adversarial Attack with Sparked Prior. Hu Zhang; Linchao Zhu; Yi Zhu; Yi Yang http://arxiv.org/abs/2003.07573 Heat and Blur: An Effective and Fast Defense Against Adversarial Examples. Haya Brama; Tal Grinshpoun http://arxiv.org/abs/2003.07982 Adversarial Transferability in Wearable Sensor Systems. Ramesh Kumar Sah; Hassan Ghasemzadeh http://arxiv.org/abs/2003.06878 Output Diversified Initialization for Adversarial Attacks. Yusuke Tashiro; Yang Song; Stefano Ermon http://arxiv.org/abs/2003.06979 Anomalous Example Detection in Deep Learning: A Survey. Saikiran Bulusu; Bhavya Kailkhura; Bo Li; Pramod K. Varshney; Dawn Song http://arxiv.org/abs/2003.06814 Towards Face Encryption by Generating Adversarial Identity Masks. Xiao Yang; Yinpeng Dong; Tianyu Pang; Hang Su; Jun Zhu; Yuefeng Chen; Hui Xue http://arxiv.org/abs/2003.06974 Toward Adversarial Robustness via Semi-supervised Robust Training. Yiming Li; Baoyuan Wu; Yan Feng; Yanbo Fan; Yong Jiang; Zhifeng Li; Shutao Xia http://arxiv.org/abs/2003.06559 Minimum-Norm Adversarial Examples on KNN and KNN-Based Models. Chawin Sitawarin; David Wagner http://arxiv.org/abs/2003.06693 Certified Defenses for Adversarial Patches. Ping-Yeh Chiang; Renkun Ni; Ahmed Abdelkader; Chen Zhu; Christoph Studer; Tom Goldstein http://arxiv.org/abs/2003.06555 Dynamic Divide-and-Conquer Adversarial Training for Robust Semantic Segmentation. Xiaogang Xu; Hengshuang Zhao; Jiaya Jia http://arxiv.org/abs/2003.06566 On the benefits of defining vicinal distributions in latent space. Puneet Mangla; Vedant Singh; Shreyas Jayant Havaldar; Vineeth N Balasubramanian http://arxiv.org/abs/2003.06428 Towards a Resilient Machine Learning Classifier -- a Case Study of Ransomware Detection. Chih-Yuan Yang; Ravi Sahita http://arxiv.org/abs/2003.06468 GeoDA: a geometric framework for black-box adversarial attacks. Ali Rahmati; Seyed-Mohsen Moosavi-Dezfooli; Pascal Frossard; Huaiyu Dai http://arxiv.org/abs/2003.06121 When are Non-Parametric Methods Robust? Robi Bhattacharjee; Kamalika Chaudhuri http://arxiv.org/abs/2003.05822 Topological Effects on Attacks Against Vertex Classification. Benjamin A. Miller; Mustafa Çamurcu; Alexander J. Gomez; Kevin Chan; Tina Eliassi-Rad http://arxiv.org/abs/2003.05703 Inline Detection of DGA Domains Using Side Information. Raaghavi Sivaguru; Jonathan Peck; Femi Olumofin; Anderson Nascimento; Cock Martine De http://arxiv.org/abs/2003.05669 ARAE: Adversarially Robust Training of Autoencoders Improves Novelty Detection. Mohammadreza Salehi; Atrin Arya; Barbod Pajoum; Mohammad Otoofi; Amirreza Shaeiri; Mohammad Hossein Rohban; Hamid R. Rabiee http://arxiv.org/abs/2003.05631 ConAML: Constrained Adversarial Machine Learning for Cyber-Physical Systems. Jiangnan Li; Yingyuan Yang; Jinyuan Stella Sun; Kevin Tomsovic; Hairong Qi http://arxiv.org/abs/2003.05549 Frequency-Tuned Universal Adversarial Attacks. Yingpeng Deng; Lina J. Karam http://arxiv.org/abs/2003.04820 SAD: Saliency-based Defenses Against Adversarial Examples. Richard Tran; David Patrick; Michael Geyer; Amanda Fernandez http://arxiv.org/abs/2003.05005 Using an ensemble color space model to tackle adversarial examples. Shreyank N Gowda; Chun Yuan http://arxiv.org/abs/2003.04884 Cryptanalytic Extraction of Neural Network Models. Nicholas Carlini; Matthew Jagielski; Ilya Mironov http://arxiv.org/abs/2003.05730 A Survey of Adversarial Learning on Graphs. Liang Chen; Jintang Li; Jiaying Peng; Tao Xie; Zengxu Cao; Kun Xu; Xiangnan He; Zibin Zheng http://arxiv.org/abs/2003.04475 Domain Adaptation with Conditional Distribution Matching and Generalized Label Shift. Remi Tachet des Combes; Han Zhao; Yu-Xiang Wang; Geoff Gordon http://arxiv.org/abs/2003.04247 Towards Probabilistic Verification of Machine Unlearning. David Marco Sommer; Liwei Song; Sameer Wagh; Prateek Mittal http://arxiv.org/abs/2003.04286 Manifold Regularization for Locally Stable Deep Neural Networks. Charles Jin; Martin Rinard http://arxiv.org/abs/2003.10388 Generating Natural Language Adversarial Examples on a Large Scale with Generative Models. Yankun Ren; Jianbin Lin; Siliang Tang; Jun Zhou; Shuang Yang; Yuan Qi; Xiang Ren http://arxiv.org/abs/2003.04173 Gradient-based adversarial attacks on categorical sequence models via traversing an embedded world. Ivan Fursov; Alexey Zaytsev; Nikita Kluchnikov; Andrey Kravchenko; Evgeny Burnaev http://arxiv.org/abs/2003.04735 Security of Distributed Machine Learning: A Game-Theoretic Approach to Design Secure DSVM. Rui Zhang; Quanyan Zhu http://arxiv.org/abs/2003.03879 An Empirical Evaluation on Robustness and Uncertainty of Regularization Methods. Sanghyuk Chun; Seong Joon Oh; Sangdoo Yun; Dongyoon Han; Junsuk Choe; Youngjoon Yoo http://arxiv.org/abs/2003.03722 On the Robustness of Cooperative Multi-Agent Reinforcement Learning. Jieyu Lin; Kristina Dzeparoska; Sai Qian Zhang; Alberto Leon-Garcia; Nicolas Papernot http://arxiv.org/abs/2003.03778 Adversarial Attacks on Probabilistic Autoregressive Forecasting Models. Raphaël Dang-Nhu; Gagandeep Singh; Pavol Bielik; Martin Vechev http://arxiv.org/abs/2003.08757 Adversarial Camouflage: Hiding Physical-World Attacks with Natural Styles. Ranjie Duan; Xingjun Ma; Yisen Wang; James Bailey; A. K. Qin; Yun Yang http://arxiv.org/abs/2003.03824 No Surprises: Training Robust Lung Nodule Detection for Low-Dose CT Scans by Augmenting with Adversarial Attacks. Siqi Liu; Arnaud Arindra Adiyoso Setio; Florin C. Ghesu; Eli Gibson; Sasa Grbic; Bogdan Georgescu; Dorin Comaniciu http://arxiv.org/abs/2003.03675 Dynamic Backdoor Attacks Against Machine Learning Models. Ahmed Salem; Rui Wen; Michael Backes; Shiqing Ma; Yang Zhang http://arxiv.org/abs/2003.03546 Adversarial Machine Learning: Bayesian Perspectives. (26%) David Rios Insua; Roi Naveiro; Victor Gallego; Jason Poulos http://arxiv.org/abs/2003.03065 Defense against adversarial attacks on spoofing countermeasures of ASV. Haibin Wu; Songxiang Liu; Helen Meng; Hung-yi Lee http://arxiv.org/abs/2003.03143 Triple Memory Networks: a Brain-Inspired Method for Continual Learning. Liyuan Wang; Bo Lei; Qian Li; Hang Su; Jun Zhu; Yi Zhong http://arxiv.org/abs/2003.03100 MAB-Malware: A Reinforcement Learning Framework for Attacking Static Malware Classifiers. Wei Song; Xuezixiang Li; Sadia Afroz; Deepali Garg; Dmitry Kuznetsov; Heng Yin http://arxiv.org/abs/2003.05733 Towards Practical Lottery Ticket Hypothesis for Adversarial Training. Bai Li; Shiqi Wang; Yunhan Jia; Yantao Lu; Zhenyu Zhong; Lawrence Carin; Suman Jana http://arxiv.org/abs/2003.03021 Exploiting Verified Neural Networks via Floating Point Numerical Error. Kai Jia; Martin Rinard http://arxiv.org/abs/2003.02732 Detection and Recovery of Adversarial Attacks with Injected Attractors. Jiyi Zhang; Ee-Chien Chang; Hwee Kuan Lee http://arxiv.org/abs/2003.02460 Adversarial Robustness Through Local Lipschitzness. Yao-Yuan Yang; Cyrus Rashtchian; Hongyang Zhang; Ruslan Salakhutdinov; Kamalika Chaudhuri http://arxiv.org/abs/2003.02484 Adversarial Vertex Mixup: Toward Better Adversarially Robust Generalization. Saehyung Lee; Hyungyu Lee; Sungroh Yoon http://arxiv.org/abs/2003.02750 Search Space of Adversarial Perturbations against Image Filters. Dang Duy Thang; Toshihiro Matsui http://arxiv.org/abs/2003.02301 Real-time, Universal, and Robust Adversarial Attacks Against Speaker Recognition Systems. Yi Xie; Cong Shi; Zhuohang Li; Jian Liu; Yingying Chen; Bo Yuan http://arxiv.org/abs/2003.02188 Colored Noise Injection for Training Adversarially Robust Neural Networks. Evgenii Zheltonozhskii; Chaim Baskin; Yaniv Nemcovsky; Brian Chmiel; Avi Mendelson; Alex M. Bronstein http://arxiv.org/abs/2003.01895 Double Backpropagation for Training Autoencoders against Adversarial Attack. Chengjin Sun; Sizhe Chen; Xiaolin Huang http://arxiv.org/abs/2003.01908 Black-box Smoothing: A Provable Defense for Pretrained Classifiers. Hadi Salman; Mingjie Sun; Greg Yang; Ashish Kapoor; J. Zico Kolter http://arxiv.org/abs/2003.01993 Metrics and methods for robustness evaluation of neural networks with generative models. Igor Buzhinsky; Arseny Nerinovsky; Stavros Tripakis http://arxiv.org/abs/2003.01690 Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. Francesco Croce; Matthias Hein http://arxiv.org/abs/2003.01595 Analyzing Accuracy Loss in Randomized Smoothing Defenses. Yue Gao; Harrison Rosenberg; Kassem Fawaz; Somesh Jha; Justin Hsu http://arxiv.org/abs/2003.01665 Discriminative Multi-level Reconstruction under Compact Latent Space for One-Class Novelty Detection. Jaewoo Park; Yoon Gyo Jung; Andrew Beng Jin Teoh http://arxiv.org/abs/2003.01782 Security of Deep Learning based Lane Keeping System under Physical-World Adversarial Attack. Takami Sato; Junjie Shen; Ningfei Wang; Yunhan Jack Jia; Xue Lin; Qi Alfred Chen http://arxiv.org/abs/2003.01872 Type I Attack for Generative Models. Chengjin Sun; Sizhe Chen; Jia Cai; Xiaolin Huang http://arxiv.org/abs/2003.01295 Data-Free Adversarial Perturbations for Practical Black-Box Attack. ZhaoXin Huan; Yulong Wang; Xiaolu Zhang; Lin Shang; Chilin Fu; Jun Zhou http://arxiv.org/abs/2003.01090 Learn2Perturb: an End-to-end Feature Perturbation Learning to Improve Adversarial Robustness. Ahmadreza Jeddi; Mohammad Javad Shafiee; Michelle Karg; Christian Scharfenberger; Alexander Wong http://arxiv.org/abs/2003.01279 Disrupting Deepfakes: Adversarial Attacks Against Conditional Image Translation Networks and Facial Manipulation Systems. Nataniel Ruiz; Sarah Adel Bargal; Stan Sclaroff http://arxiv.org/abs/2003.01249 Hidden Cost of Randomized Smoothing. Jeet Lily Mohapatra; Ching-Yun Lily Ko; Lily Tsui-Wei; Weng; Sijia Liu; Pin-Yu Chen; Luca Daniel http://arxiv.org/abs/2003.01261 Adversarial Network Traffic: Towards Evaluating the Robustness of Deep Learning-Based Network Traffic Classification. Amir Mahdi Sadeghzadeh; Saeed Shiravi; Rasool Jalili http://arxiv.org/abs/2003.00653 Adversarial Attacks and Defenses on Graphs: A Review, A Tool and Empirical Studies. Wei Jin; Yaxin Li; Han Xu; Yiqi Wang; Shuiwang Ji; Charu Aggarwal; Jiliang Tang http://arxiv.org/abs/2003.00378 Understanding the Intrinsic Robustness of Image Distributions using Conditional Generative Models. Xiao Zhang; Jinghui Chen; Quanquan Gu; David Evans http://arxiv.org/abs/2003.00402 Why is the Mahalanobis Distance Effective for Anomaly Detection? Ryo Kamoi; Kei Kobayashi http://arxiv.org/abs/2003.00120 Improving Certified Robustness via Statistical Learning with Logical Reasoning. Zhuolin Yang; Zhikuan Zhao; Boxin Wang; Jiawei Zhang; Linyi Li; Hengzhi Pei; Bojan Karlas; Ji Liu; Heng Guo; Ce Zhang; Bo Li http://arxiv.org/abs/2002.12913 Applying Tensor Decomposition to image for Robustness against Adversarial Attack. Seungju Cho; Tae Joon Jun; Mingu Kang; Daeyoung Kim http://arxiv.org/abs/2003.04985 Adv-BERT: BERT is not robust on misspellings! Generating nature adversarial samples on BERT. Lichao Sun; Kazuma Hashimoto; Wenpeng Yin; Akari Asai; Jia Li; Philip Yu; Caiming Xiong http://arxiv.org/abs/2002.12504 Detecting Patch Adversarial Attacks with Image Residuals. Marius Arvinte; Ahmed Tewfik; Sriram Vishwanath http://arxiv.org/abs/2002.12463 Certified Defense to Image Transformations via Randomized Smoothing. Marc Fischer; Maximilian Baader; Martin Vechev http://arxiv.org/abs/2002.12527 Are L2 adversarial examples intrinsically different? Mingxuan Li; Jingyuan Wang; Yufan Wu http://arxiv.org/abs/2002.12398 TSS: Transformation-Specific Smoothing for Robustness Certification. Linyi Li; Maurice Weber; Xiaojun Xu; Luka Rimanic; Bhavya Kailkhura; Tao Xie; Ce Zhang; Bo Li http://arxiv.org/abs/2002.12222 On Isometry Robustness of Deep 3D Point Cloud Models under Adversarial Attacks. Yue Zhao; Yuwei Wu; Caihua Chen; Andrew Lim http://arxiv.org/abs/2002.12520 Utilizing Network Properties to Detect Erroneous Inputs. Matt Gorbett; Nathaniel Blanchard http://arxiv.org/abs/2002.12047 FMix: Enhancing Mixed Sample Data Augmentation. (22%) Ethan Harris; Antonia Marcu; Matthew Painter; Mahesan Niranjan; Adam Prügel-Bennett; Jonathon Hare http://arxiv.org/abs/2002.11572 Revisiting Ensembles in an Adversarial Context: Improving Natural Accuracy. Aditya Saligrama; Guillaume Leclerc http://arxiv.org/abs/2002.11318 Invariance vs. Robustness of Neural Networks. Sandesh Kamath; Amit Deshpande; K V Subrahmanyam http://arxiv.org/abs/2002.11569 Overfitting in adversarially robust deep learning. Leslie Rice; Eric Wong; J. Zico Kolter http://arxiv.org/abs/2002.11320 MGA: Momentum Gradient Attack on Network. Jinyin Chen; Yixian Chen; Haibin Zheng; Shijing Shen; Shanqing Yu; Dan Zhang; Qi Xuan http://arxiv.org/abs/2002.11821 Improving Robustness of Deep-Learning-Based Image Reconstruction. Ankit Raj; Yoram Bresler; Bo Li http://arxiv.org/abs/2002.11881 Defense-PointNet: Protecting PointNet Against Adversarial Attacks. Yu Zhang; Gongbo Liang; Tawfiq Salem; Nathan Jacobs http://arxiv.org/abs/2002.11374 Adversarial Attack on Deep Product Quantization Network for Image Retrieval. Yan Feng; Bin Chen; Tao Dai; Shutao Xia http://arxiv.org/abs/2002.11565 Randomization matters. How to defend against strong adversarial attacks. Rafael Pinot; Raphael Ettedgui; Geovani Rizk; Yann Chevaleyre; Jamal Atif http://arxiv.org/abs/2002.11798 Learning Adversarially Robust Representations via Worst-Case Mutual Information Maximization. Sicheng Zhu; Xiao Zhang; David Evans http://arxiv.org/abs/2002.10716 Understanding and Mitigating the Tradeoff Between Robustness and Accuracy. Aditi Raghunathan; Sang Michael Xie; Fanny Yang; John Duchi; Percy Liang http://arxiv.org/abs/2002.11080 The Curious Case of Adversarially Robust Models: More Data Can Help, Double Descend, or Hurt Generalization. Yifei Min; Lin Chen; Amin Karbasi http://arxiv.org/abs/2002.10703 G\"odel's Sentence Is An Adversarial Example But Unsolvable. Xiaodong Qi; Lansheng Han http://arxiv.org/abs/2002.10947 Towards an Efficient and General Framework of Robust Training for Graph Neural Networks. Kaidi Xu; Sijia Liu; Pin-Yu Chen; Mengshu Sun; Caiwen Ding; Bhavya Kailkhura; Xue Lin http://arxiv.org/abs/2002.10733 (De)Randomized Smoothing for Certifiable Defense against Patch Attacks. Alexander Levine; Soheil Feizi http://arxiv.org/abs/2002.11242 Attacks Which Do Not Kill Training Make Adversarial Learning Stronger. Jingfeng Zhang; Xilie Xu; Bo Han; Gang Niu; Lizhen Cui; Masashi Sugiyama; Mohan Kankanhalli http://arxiv.org/abs/2002.11293 Adversarial Ranking Attack and Defense. Mo Zhou; Zhenxing Niu; Le Wang; Qilin Zhang; Gang Hua http://arxiv.org/abs/2002.10349 A Model-Based Derivative-Free Approach to Black-Box Adversarial Examples: BOBYQA. Giuseppe Ughi; Vinayak Abrol; Jared Tanner http://arxiv.org/abs/2002.10084 Utilizing a null class to restrict decision spaces and defend against neural network adversarial attacks. Matthew J. Roos http://arxiv.org/abs/2003.00883 Adversarial Perturbations Prevail in the Y-Channel of the YCbCr Color Space. Camilo Pestana; Naveed Akhtar; Wei Liu; David Glance; Ajmal Mian http://arxiv.org/abs/2002.10097 Towards Rapid and Robust Adversarial Training with One-Step Attacks. Leo Schwinn; René Raab; Björn Eskofier http://arxiv.org/abs/2002.10477 Precise Tradeoffs in Adversarial Training for Linear Regression. Adel Javanmard; Mahdi Soltanolkotabi; Hamed Hassani http://arxiv.org/abs/2002.10509 HYDRA: Pruning Adversarially Robust Neural Networks. Vikash Sehwag; Shiqi Wang; Prateek Mittal; Suman Jana http://arxiv.org/abs/2002.09896 Adversarial Attack on DL-based Massive MIMO CSI Feedback. Qing Liu; Jiajia Guo; Chao-Kai Wen; Shi Jin http://arxiv.org/abs/2002.10025 Triple Wins: Boosting Accuracy, Robustness and Efficiency Together by Enabling Input-Adaptive Inference. Ting-Kuei Hu; Tianlong Chen; Haotao Wang; Zhangyang Wang http://arxiv.org/abs/2002.09772 Non-Intrusive Detection of Adversarial Deep Learning Attacks via Observer Networks. Kirthi Shankar Sivamani; Rajeev Sahay; Aly El Gamal http://arxiv.org/abs/2002.09674 Temporal Sparse Adversarial Attack on Sequence-based Gait Recognition. Ziwen He; Wei Wang; Jing Dong; Tieniu Tan http://arxiv.org/abs/2002.09792 Real-Time Detectors for Digital and Physical Adversarial Inputs to Perception Systems. Yiannis Kantaros; Taylor Carpenter; Kaustubh Sridhar; Yahan Yang; Insup Lee; James Weimer http://arxiv.org/abs/2002.09632 Using Single-Step Adversarial Training to Defend Iterative Adversarial Examples. Guanxiong Liu; Issa Khalil; Abdallah Khreishah http://arxiv.org/abs/2002.09580 Polarizing Front Ends for Robust CNNs. Can Bakiskan; Soorya Gopalakrishnan; Metehan Cekic; Upamanyu Madhow; Ramtin Pedarsani http://arxiv.org/abs/2002.09422 Robustness from Simple Classifiers. Sharon Qian; Dimitris Kalimeris; Gal Kaplun; Yaron Singer http://arxiv.org/abs/2002.09364 Adversarial Detection and Correction by Matching Prediction Distributions. Giovanni Vacanti; Looveren Arnaud Van http://arxiv.org/abs/2002.09576 UnMask: Adversarial Detection and Defense Through Robust Feature Alignment. Scott Freitas; Shang-Tse Chen; Zijie J. Wang; Duen Horng Chau http://arxiv.org/abs/2002.09579 Robustness to Programmable String Transformations via Augmented Abstract Training. Yuhao Zhang; Aws Albarghouthi; Loris D'Antoni http://arxiv.org/abs/2002.09169 Black-Box Certification with Randomized Smoothing: A Functional Optimization Based Framework. Dinghuai Zhang; Mao Ye; Chengyue Gong; Zhanxing Zhu; Qiang Liu http://arxiv.org/abs/2002.09565 Adversarial Attacks on Machine Learning Systems for High-Frequency Trading. Micah Goldblum; Avi Schwarzschild; Ankit B. Patel; Tom Goldstein http://arxiv.org/abs/2002.09027 Enhanced Adversarial Strategically-Timed Attacks against Deep Reinforcement Learning. Chao-Han Huck Yang; Jun Qi; Pin-Yu Chen; Yi Ouyang; I-Te Danny Hung; Chin-Hui Lee; Xiaoli Ma http://arxiv.org/abs/2002.08838 On the Decision Boundaries of Deep Neural Networks: A Tropical Geometry Perspective. Motasem Alfarra; Adel Bibi; Hasan Hammoud; Mohamed Gaafar; Bernard Ghanem http://arxiv.org/abs/2002.08859 A Bayes-Optimal View on Adversarial Examples. Eitan Richardson; Yair Weiss http://arxiv.org/abs/2002.08740 Towards Certifiable Adversarial Sample Detection. Ilia Shumailov; Yiren Zhao; Robert Mullins; Ross Anderson http://arxiv.org/abs/2002.08619 Boosting Adversarial Training with Hypersphere Embedding. Tianyu Pang; Xiao Yang; Yinpeng Dong; Kun Xu; Hang Su; Jun Zhu http://arxiv.org/abs/2002.08569 Byzantine-resilient Decentralized Stochastic Gradient Descent. (5%) Shangwei Guo; Tianwei Zhang; Han Yu; Xiaofei Xie; Lei Ma; Tao Xiang; Yang Liu http://arxiv.org/abs/2002.10248 Bayes-TrEx: Model Transparency by Example. Serena Booth; Yilun Zhou; Ankit Shah; Julie Shah http://arxiv.org/abs/2002.08439 AdvMS: A Multi-source Multi-cost Defense Against Adversarial Attacks. Xiao Wang; Siyue Wang; Pin-Yu Chen; Xue Lin; Peter Chin http://arxiv.org/abs/2002.08527 NAttack! Adversarial Attacks to bypass a GAN based classifier trained to detect Network intrusion. Aritran Piplai; Sai Sree Laya Chukkapalli; Anupam Joshi http://arxiv.org/abs/2002.08347 On Adaptive Attacks to Adversarial Example Defenses. Florian Tramer; Nicholas Carlini; Wieland Brendel; Aleksander Madry http://arxiv.org/abs/2002.08012 Indirect Adversarial Attacks via Poisoning Neighbors for Graph Convolutional Networks. Tsubasa Takahashi http://arxiv.org/abs/2002.08118 Randomized Smoothing of All Shapes and Sizes. Greg Yang; Tony Duan; J. Edward Hu; Hadi Salman; Ilya Razenshteyn; Jerry Li http://arxiv.org/abs/2002.08000 Action-Manipulation Attacks Against Stochastic Bandits: Attacks and Defense. Guanlin Liu; Lifeng lai http://arxiv.org/abs/2002.07405 Deflecting Adversarial Attacks. Yao Qin; Nicholas Frosst; Colin Raffel; Garrison Cottrell; Geoffrey Hinton http://arxiv.org/abs/2002.07891 Towards Query-Efficient Black-Box Adversary with Zeroth-Order Natural Gradient Descent. Pu Zhao; Pin-Yu Chen; Siyue Wang; Xue Lin http://arxiv.org/abs/2002.07920 Block Switching: A Stochastic Approach for Deep Learning Security. Xiao Wang; Siyue Wang; Pin-Yu Chen; Xue Lin; Peter Chin http://arxiv.org/abs/2002.10252 TensorShield: Tensor-based Defense Against Adversarial Attacks on Images. Negin Entezari; Evangelos E. Papalexakis http://arxiv.org/abs/2002.06816 On the Similarity of Deep Learning Representations Across Didactic and Adversarial Examples. Pamela K. Douglas; Farzad Vasheghani Farahani http://arxiv.org/abs/2002.06864 Scalable Quantitative Verification For Deep Neural Networks. Teodora Baluta; Zheng Leong Chua; Kuldeep S. Meel; Prateek Saxena http://arxiv.org/abs/2002.06789 CAT: Customized Adversarial Training for Improved Robustness. Minhao Cheng; Qi Lei; Pin-Yu Chen; Inderjit Dhillon; Cho-Jui Hsieh http://arxiv.org/abs/2002.07317 On the Matrix-Free Generation of Adversarial Perturbations for Black-Box Attacks. Hisaichi Shibata; Shouhei Hanaoka; Yukihiro Nomura; Naoto Hayashi; Osamu Abe http://arxiv.org/abs/2002.07214 Robust Stochastic Bandit Algorithms under Probabilistic Unbounded Adversarial Attack. Ziwei Guan; Kaiyi Ji; Donald J Jr Bucci; Timothy Y Hu; Joseph Palombo; Michael Liston; Yingbin Liang http://arxiv.org/abs/2002.07246 Regularized Training and Tight Certification for Randomized Smoothed Classifier with Provable Robustness. Huijie Feng; Chunpeng Wu; Guoyang Chen; Weifeng Zhang; Yang Ning http://arxiv.org/abs/2002.07088 GRAPHITE: A Practical Framework for Generating Automatic Physical Adversarial Machine Learning Attacks. Ryan Feng; Neal Mangaokar; Jiefeng Chen; Earlence Fernandes; Somesh Jha; Atul Prakash http://arxiv.org/abs/2002.06668 Over-parameterized Adversarial Training: An Analysis Overcoming the Curse of Dimensionality. Yi Zhang; Orestis Plevrakis; Simon S. Du; Xingguo Li; Zhao Song; Sanjeev Arora http://arxiv.org/abs/2003.04808 Undersensitivity in Neural Reading Comprehension. Johannes Welbl; Pasquale Minervini; Max Bartolo; Pontus Stenetorp; Sebastian Riedel http://arxiv.org/abs/2002.06349 Hold me tight! Influence of discriminative features on deep network boundaries. Guillermo Ortiz-Jimenez; Apostolos Modas; Seyed-Mohsen Moosavi-Dezfooli; Pascal Frossard http://arxiv.org/abs/2002.06495 Blind Adversarial Network Perturbations. Milad Nasr; Alireza Bahramali; Amir Houmansadr http://arxiv.org/abs/2002.05990 Skip Connections Matter: On the Transferability of Adversarial Examples Generated with ResNets. Dongxian Wu; Yisen Wang; Shu-Tao Xia; James Bailey; Xingjun Ma http://arxiv.org/abs/2002.05999 Adversarial Distributional Training for Robust Deep Learning. Yinpeng Dong; Zhijie Deng; Tianyu Pang; Hang Su; Jun Zhu http://arxiv.org/abs/2002.05388 Recurrent Attention Model with Log-Polar Mapping is Robust against Adversarial Attacks. Taro Kiritani; Koji Ono http://arxiv.org/abs/2002.05379 The Conditional Entropy Bottleneck. Ian Fischer http://arxiv.org/abs/2002.05463 Identifying Audio Adversarial Examples via Anomalous Pattern Detection. Victor Akinwande; Celia Cintas; Skyler Speakman; Srihari Sridharan http://arxiv.org/abs/2002.05283 Stabilizing Differentiable Architecture Search via Perturbation-based Regularization. Xiangning Chen; Cho-Jui Hsieh http://arxiv.org/abs/2002.05123 Over-the-Air Adversarial Flickering Attacks against Video Recognition Networks. Roi Pony; Itay Naeh; Shie Mannor http://arxiv.org/abs/2002.04694 Adversarial Robustness for Code. Pavol Bielik; Martin Vechev http://arxiv.org/abs/2002.04599 Fundamental Tradeoffs between Invariance and Sensitivity to Adversarial Perturbations. Florian Tramèr; Jens Behrmann; Nicholas Carlini; Nicolas Papernot; Jörn-Henrik Jacobsen http://arxiv.org/abs/2002.04359 Robustness of Bayesian Neural Networks to Gradient-Based Attacks. Ginevra Carbone; Matthew Wicker; Luca Laurenti; Andrea Patane; Luca Bortolussi; Guido Sanguinetti http://arxiv.org/abs/2002.04237 Improving the affordability of robustness training for DNNs. Sidharth Gupta; Parijat Dube; Ashish Verma http://arxiv.org/abs/2002.04742 Fast Geometric Projections for Local Robustness Certification. Aymeric Fromherz; Klas Leino; Matt Fredrikson; Bryan Parno; Corina Păsăreanu http://arxiv.org/abs/2002.04784 Graph Universal Adversarial Attacks: A Few Bad Actors Ruin Graph Learning Models. Xiao Zang; Yi Xie; Jie Chen; Bo Yuan http://arxiv.org/abs/2002.04725 More Data Can Expand the Generalization Gap Between Adversarially Robust and Standard Models. Lin Chen; Yifei Min; Mingrui Zhang; Amin Karbasi http://arxiv.org/abs/2002.03924 Playing to Learn Better: Repeated Games for Adversarial Learning with Multiple Classifiers. Prithviraj Dasgupta; Joseph B. Collins; Michael McCarrick http://arxiv.org/abs/2002.03793 Adversarial Data Encryption. Yingdong Hu; Liang Zhang; Wei Shan; Xiaoxiao Qin; Jing Qi; Zhenzhou Wu; Yang Yuan http://arxiv.org/abs/2002.04197 Generalised Lipschitz Regularisation Equals Distributional Robustness. Zac Cranko; Zhan Shi; Xinhua Zhang; Richard Nock; Simon Kornblith http://arxiv.org/abs/2002.03331 MDEA: Malware Detection with Evolutionary Adversarial Learning. Xiruo Wang; Risto Miikkulainen http://arxiv.org/abs/2002.03444 Robust binary classification with the 01 loss. Yunzhe Xue; Meiyan Xie; Usman Roshan http://arxiv.org/abs/2002.03500 Watch out! Motion is Blurring the Vision of Your Deep Neural Networks. Qing Guo; Felix Juefei-Xu; Xiaofei Xie; Lei Ma; Jian Wang; Bing Yu; Wei Feng; Yang Liu http://arxiv.org/abs/2002.05517 Feature-level Malware Obfuscation in Deep Learning. Keith Dillon http://arxiv.org/abs/2002.12749 Adversarial Deepfakes: Evaluating Vulnerability of Deepfake Detectors to Adversarial Examples. Paarth Neekhara; Shehzeen Hussain; Malhar Jere; Farinaz Koushanfar; Julian McAuley http://arxiv.org/abs/2003.04367 Category-wise Attack: Transferable Adversarial Examples for Anchor Free Object Detection. Quanyu Liao; Xin Wang; Bin Kong; Siwei Lyu; Youbing Yin; Qi Song; Xi Wu http://arxiv.org/abs/2002.03421 Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing. Jinyuan Jia; Binghui Wang; Xiaoyu Cao; Neil Zhenqiang Gong http://arxiv.org/abs/2002.03517 Random Smoothing Might be Unable to Certify $\ell_\infty$ Robustness for High-Dimensional Images. Avrim Blum; Travis Dick; Naren Manoj; Hongyang Zhang http://arxiv.org/abs/2002.03339 Input Validation for Neural Networks via Runtime Local Robustness Verification. Jiangchao Liu; Liqian Chen; Antoine Mine; Ji Wang http://arxiv.org/abs/2002.03095 Attacking Optical Character Recognition (OCR) Systems with Adversarial Watermarks. Lu Chen; Wei Xu http://arxiv.org/abs/2002.03239 Curse of Dimensionality on Randomized Smoothing for Certifiable Robustness. Aounon Kumar; Alexander Levine; Tom Goldstein; Soheil Feizi http://arxiv.org/abs/2002.02998 Renofeation: A Simple Transfer Learning Method for Improved Adversarial Robustness. Ting-Wu Chin; Cha Zhang; Diana Marculescu http://arxiv.org/abs/2002.03080 Analysis of Random Perturbations for Robust Convolutional Neural Networks. Adam Dziedzic; Sanjay Krishnan http://arxiv.org/abs/2002.02776 RAID: Randomized Adversarial-Input Detection for Neural Networks. Hasan Ferit Eniser; Maria Christakis; Valentin Wüstholz http://arxiv.org/abs/2002.02842 Assessing the Adversarial Robustness of Monte Carlo and Distillation Methods for Deep Bayesian Neural Network Classification. Meet P. Vadera; Satya Narayan Shukla; Brian Jalaian; Benjamin M. Marlin http://arxiv.org/abs/2002.03043 Semantic Robustness of Models of Source Code. Goutham Ramakrishnan; Jordan Henkel; Zi Wang; Aws Albarghouthi; Somesh Jha; Thomas Reps http://arxiv.org/abs/2002.02424 Reliability Validation of Learning Enabled Vehicle Tracking. Youcheng Sun; Yifan Zhou; Simon Maskell; James Sharp; Xiaowei Huang http://arxiv.org/abs/2002.02175 An Analysis of Adversarial Attacks and Defenses on Autonomous Driving Models. Yao Deng; Xi Zheng; Tianyi Zhang; Chen Chen; Guannan Lou; Miryung Kim http://arxiv.org/abs/2002.02196 AI-GAN: Attack-Inspired Generation of Adversarial Examples. Tao Bai; Jun Zhao; Jinlin Zhu; Shoudong Han; Jiefeng Chen; Bo Li; Alex Kot http://arxiv.org/abs/2002.02400 Over-the-Air Adversarial Attacks on Deep Learning Based Modulation Classifier over Wireless Channels. Brian Kim; Yalin E. Sagduyu; Kemal Davaslioglu; Tugba Erpek; Sennur Ulukus http://arxiv.org/abs/2002.01810 Understanding the Decision Boundary of Deep Neural Networks: An Empirical Study. David Mickisch; Felix Assion; Florens Greßner; Wiebke Günther; Mariele Motta http://arxiv.org/abs/2002.01147 Adversarially Robust Frame Sampling with Bounded Irregularities. Hanhan Li; Pin Wang http://arxiv.org/abs/2002.01249 Adversarial Attacks to Scale-Free Networks: Testing the Robustness of Physical Criteria. Qi Xuan; Yalu Shan; Jinhuan Wang; Zhongyuan Ruan; Guanrong Chen http://arxiv.org/abs/2002.01256 Minimax Defense against Gradient-based Adversarial Attacks. Blerta Lindqvist; Rauf Izmailov http://arxiv.org/abs/2002.01008 A Differentiable Color Filter for Generating Unrestricted Adversarial Images. Zhengyu Zhao; Zhuoran Liu; Martha Larson http://arxiv.org/abs/2002.00614 Regularizers for Single-step Adversarial Training. B. S. Vivek; R. Venkatesh Babu http://arxiv.org/abs/2002.02007 Defending Adversarial Attacks via Semantic Feature Manipulation. Shuo Wang; Tianle Chen; Surya Nepal; Carsten Rudolph; Marthie Grobler; Shangyu Chen http://arxiv.org/abs/2002.00526 Robust saliency maps with decoy-enhanced saliency score. Yang Lu; Wenbo Guo; Xinyu Xing; William Stafford Noble http://arxiv.org/abs/2002.02372 Towards Sharper First-Order Adversary with Quantized Gradients. Zhuanghua Liu; Ivor W. Tsang http://arxiv.org/abs/2002.00179 AdvJND: Generating Adversarial Examples with Just Noticeable Difference. Zifei Zhang; Kai Qiao; Lingyun Jiang; Linyuan Wang; Bin Yan http://arxiv.org/abs/2001.11905 Additive Tree Ensembles: Reasoning About Potential Instances. Laurens Devos; Wannes Meert; Jesse Davis http://arxiv.org/abs/2002.05648 Politics of Adversarial Machine Learning. Kendra Albert; Jonathon Penney; Bruce Schneier; Ram Shankar Siva Kumar http://arxiv.org/abs/2002.00760 FastWordBug: A Fast Method To Generate Adversarial Text Against NLP Applications. Dou Goodman; Lv Zhonghou; Wang minghua http://arxiv.org/abs/2001.11569 Tiny Noise Can Make an EEG-Based Brain-Computer Interface Speller Output Anything. Xiao Zhang; Dongrui Wu; Lieyun Ding; Hanbin Luo; Chin-Teng Lin; Tzyy-Ping Jung; Ricardo Chavarriaga http://arxiv.org/abs/2001.10999 A4 : Evading Learning-based Adblockers. Shitong Zhu; Zhongjie Wang; Xun Chen; Shasha Li; Umar Iqbal; Zhiyun Qian; Kevin S. Chan; Srikanth V. Krishnamurthy; Zubair Shafiq http://arxiv.org/abs/2001.11108 D2M: Dynamic Defense and Modeling of Adversarial Movement in Networks. Scott Freitas; Andrew Wicker; Duen Horng Chau; Joshua Neil http://arxiv.org/abs/2001.11064 Just Noticeable Difference for Machines to Generate Adversarial Images. Adil Kaan Akan; Mehmet Ali Genc; Fatos T. Yarman Vural http://arxiv.org/abs/2001.11055 Semantic Adversarial Perturbations using Learnt Representations. Isaac Dunn; Tom Melham; Daniel Kroening http://arxiv.org/abs/2001.11137 Adversarial Attacks on Convolutional Neural Networks in Facial Recognition Domain. Yigit Alparslan; Ken Alparslan; Jeremy Keim-Shenk; Shweta Khade; Rachel Greenstadt http://arxiv.org/abs/2001.10648 Modelling and Quantifying Membership Information Leakage in Machine Learning. Farhad Farokhi; Mohamed Ali Kaafar http://arxiv.org/abs/2001.10916 Interpreting Machine Learning Malware Detectors Which Leverage N-gram Analysis. William Briguglio; Sherif Saad http://arxiv.org/abs/2001.09993 Generating Natural Adversarial Hyperspectral examples with a modified Wasserstein GAN. Jean-Christophe OBELIX Burnel; Kilian OBELIX Fatras; Nicolas OBELIX Courty http://arxiv.org/abs/2001.09598 FakeLocator: Robust Localization of GAN-Based Face Manipulations via Semantic Segmentation Networks with Bells and Whistles. Yihao Huang; Felix Juefei-Xu; Run Wang; Xiaofei Xie; Lei Ma; Jianwen Li; Weikai Miao; Yang Liu; Geguang Pu http://arxiv.org/abs/2001.09684 Challenges and Countermeasures for Adversarial Attacks on Deep Reinforcement Learning. Inaam Ilahi; Muhammad Usama; Junaid Qadir; Muhammad Umar Janjua; Ala Al-Fuqaha; Dinh Thai Hoang; Dusit Niyato http://arxiv.org/abs/2001.09610 Practical Fast Gradient Sign Attack against Mammographic Image Classifier. Ibrahim Yilmaz http://arxiv.org/abs/2001.09486 Ensemble Noise Simulation to Handle Uncertainty about Gradient-based Adversarial Attacks. Rehana Mahfuz; Rajeev Sahay; Aly El Gamal http://arxiv.org/abs/2002.03751 Weighted Average Precision: Adversarial Example Detection in the Visual Perception of Autonomous Vehicles. Yilan Li; Senem Velipasalar http://arxiv.org/abs/2001.09388 AI-Powered GUI Attack and Its Defensive Methods. Ning Yu; Zachary Tuttle; Carl Jake Thurnau; Emmanuel Mireku http://arxiv.org/abs/2001.09395 Analyzing the Noise Robustness of Deep Neural Networks. Kelei Cao; Mengchen Liu; Hang Su; Jing Wu; Jun Zhu; Shixia Liu http://arxiv.org/abs/2001.08883 When Wireless Security Meets Machine Learning: Motivation, Challenges, and Research Directions. Yalin E. Sagduyu; Yi Shi; Tugba Erpek; William Headley; Bryse Flowers; George Stantchev; Zhuo Lu http://arxiv.org/abs/2001.08855 Privacy for All: Demystify Vulnerability Disparity of Differential Privacy against Membership Inference Attack. Bo Zhang; Ruotong Yu; Haipei Sun; Yanying Li; Jun Xu; Hui Wang http://arxiv.org/abs/2001.08389 Towards Robust DNNs: An Taylor Expansion-Based Method for Generating Powerful Adversarial Examples. Ya-guan Qian; Xi-Ming Zhang; Bin Wang; Wei Li; Jian-Hai Chen; Wu-Jie Zhou; Jing-Sheng Lei http://arxiv.org/abs/2001.08444 On the human evaluation of audio adversarial examples. Jon Vadillo; Roberto Santana http://arxiv.org/abs/2001.07933 Adversarial Attack on Community Detection by Hiding Individuals. Jia Li; Honglei Zhang; Zhichao Han; Yu Rong; Hong Cheng; Junzhou Huang http://arxiv.org/abs/2001.07645 SAUNet: Shape Attentive U-Net for Interpretable Medical Image Segmentation. Jesse Sun; Fatemeh Darbeha; Mark Zaidi; Bo Wang http://arxiv.org/abs/2001.08103 Secure and Robust Machine Learning for Healthcare: A Survey. Adnan Qayyum; Junaid Qadir; Muhammad Bilal; Ala Al-Fuqaha http://arxiv.org/abs/2001.07685 FixMatch: Simplifying Semi-Supervised Learning with Consistency and Confidence. Kihyuk Sohn; David Berthelot; Chun-Liang Li; Zizhao Zhang; Nicholas Carlini; Ekin D. Cubuk; Alex Kurakin; Han Zhang; Colin Raffel http://arxiv.org/abs/2001.07792 GhostImage: Perception Domain Attacks against Vision-based Object Classification Systems. Yanmao Man; Ming Li; Ryan Gerdes http://arxiv.org/abs/2001.07631 Generate High-Resolution Adversarial Samples by Identifying Effective Features. Sizhe Chen; Peidong Zhang; Chengjin Sun; Jia Cai; Xiaolin Huang http://arxiv.org/abs/2001.07769 Massif: Interactive Interpretation of Adversarial Attacks on Deep Learning. Nilaksh Polo Das; Haekyu Polo Park; Zijie J. Polo Wang; Fred Polo Hohman; Robert Polo Firstman; Emily Polo Rogers; Duen Polo Horng; Chau http://arxiv.org/abs/2001.07820 Elephant in the Room: An Evaluation Framework for Assessing Adversarial Examples in NLP. Ying Xu; Xu Zhong; Antonio Jose Jimeno Yepes; Jey Han Lau http://arxiv.org/abs/2001.06309 Cyber Attack Detection thanks to Machine Learning Algorithms. Antoine Delplace; Sheryl Hermoso; Kristofer Anandita http://arxiv.org/abs/2001.06099 Code-Bridged Classifier (CBC): A Low or Negative Overhead Defense for Making a CNN Classifier Robust Against Adversarial Attacks. Farnaz Behnia; Ali Mirzaeian; Mohammad Sabokrou; Sai Manoj; Tinoosh Mohsenin; Khaled N. Khasawneh; Liang Zhao; Houman Homayoun; Avesta Sasan http://arxiv.org/abs/2001.05873 A Little Fog for a Large Turn. Harshitha Machiraju; Vineeth N Balasubramanian http://arxiv.org/abs/2001.07523 The gap between theory and practice in function approximation with deep neural networks. Ben Adcock; Nick Dexter http://arxiv.org/abs/2001.06325 Universal Adversarial Attack on Attention and the Resulting Dataset DAmageNet. Sizhe Chen; Zhengbao He; Chengjin Sun; Jie Yang; Xiaolin Huang http://arxiv.org/abs/2001.06057 Increasing the robustness of DNNs against image corruptions by playing the Game of Noise. Evgenia Rusak; Lukas Schott; Roland S. Zimmermann; Julian Bitterwolf; Oliver Bringmann; Matthias Bethge; Wieland Brendel http://arxiv.org/abs/2001.04974 Noisy Machines: Understanding Noisy Neural Networks and Enhancing Robustness to Analog Hardware Errors Using Distillation. Chuteng Zhou; Prad Kadambi; Matthew Mattina; Paul N. Whatmough http://arxiv.org/abs/2001.05574 Advbox: a toolbox to generate adversarial examples that fool neural networks. Dou Goodman; Hao Xin; Wang Yang; Wu Yuesheng; Xiong Junfeng; Zhang Huan http://arxiv.org/abs/2001.04011 Membership Inference Attacks Against Object Detection Models. Yeachan Park; Myungjoo Kang http://arxiv.org/abs/2001.04051 An Adversarial Approach for the Robust Classification of Pneumonia from Chest Radiographs. Joseph D. Janizek; Gabriel Erion; Alex J. DeGrave; Su-In Lee http://arxiv.org/abs/2001.03994 Fast is better than free: Revisiting adversarial training. Eric Wong; Leslie Rice; J. Zico Kolter http://arxiv.org/abs/2001.05286 Exploring and Improving Robustness of Multi Task Deep Neural Networks via Domain Agnostic Defenses. Kashyap Coimbatore Murali http://arxiv.org/abs/2001.03754 Sparse Black-box Video Attack with Reinforcement Learning. Huanqian Yan; Xingxing Wei; Bo Li http://arxiv.org/abs/2001.03662 ReluDiff: Differential Verification of Deep Neural Networks. Brandon Paulsen; Jingbo Wang; Chao Wang http://arxiv.org/abs/2001.03311 Guess First to Enable Better Compression and Adversarial Robustness. Sicheng Zhu; Bang An; Shiyu Niu http://arxiv.org/abs/2001.02438 To Transfer or Not to Transfer: Misclassification Attacks Against Transfer Learned Text Classifiers. Bijeeta Pal; Shruti Tople http://arxiv.org/abs/2001.02378 MACER: Attack-free and Scalable Robust Training via Maximizing Certified Radius. Runtian Zhai; Chen Dan; Di He; Huan Zhang; Boqing Gong; Pradeep Ravikumar; Cho-Jui Hsieh; Liwei Wang http://arxiv.org/abs/2001.03460 Transferability of Adversarial Examples to Attack Cloud-based Image Classifier Service. Dou Goodman http://arxiv.org/abs/2001.01987 Softmax-based Classification is k-means Clustering: Formal Proof, Consequences for Adversarial Attacks, and Improvement through Centroid Based Tailoring. Sibylle Hess; Wouter Duivesteijn; Decebal Mocanu http://arxiv.org/abs/2001.01506 Deceiving Image-to-Image Translation Networks for Autonomous Driving with Adversarial Perturbations. Lin Wang; Wonjune Cho; Kuk-Jin Yoon http://arxiv.org/abs/2001.02297 Generating Semantic Adversarial Examples via Feature Manipulation. Shuo Wang; Surya Nepal; Carsten Rudolph; Marthie Grobler; Shangyu Chen; Tianle Chen http://arxiv.org/abs/2001.01172 The Human Visual System and Adversarial AI. Yaoshiang Ho; Samuel Wookey http://arxiv.org/abs/2001.00483 Reject Illegal Inputs with Generative Classifier Derived from Any Discriminative Classifier. Xin Wang http://arxiv.org/abs/2001.01587 Exploring Adversarial Attack in Spiking Neural Networks with Spike-Compatible Gradient. Ling Liang; Xing Hu; Lei Deng; Yujie Wu; Guoqi Li; Yufei Ding; Peng Li; Yuan Xie http://arxiv.org/abs/2001.00308 Ensembles of Many Diverse Weak Defenses can be Strong: Defending Deep Neural Networks Against Adversarial Attacks. Ying Meng; Jianhai Su; Jason O'Kane; Pooyan Jamshidi http://arxiv.org/abs/1912.13258 Automated Testing for Deep Learning Systems with Differential Behavior Criteria. Yuan Gao; Yiqiang Han http://arxiv.org/abs/2001.00071 Protecting GANs against privacy attacks by preventing overfitting. Sumit Mukherjee; Yixi Xu; Anusua Trivedi; Juan Lavista Ferres http://arxiv.org/abs/2001.00116 Erase and Restore: Simple, Accurate and Resilient Detection of $L_2$ Adversarial Examples. Fei Zuo; Qiang Zeng http://arxiv.org/abs/2001.00030 Quantum Adversarial Machine Learning. Sirui Lu; Lu-Ming Duan; Dong-Ling Deng http://arxiv.org/abs/2001.05844 Adversarial Example Generation using Evolutionary Multi-objective Optimization. Takahiro Suzuki; Shingo Takeshita; Satoshi Ono http://arxiv.org/abs/1912.12859 Defending from adversarial examples with a two-stream architecture. Hao Ge; Xiaoguang Tu; Mei Xie; Zheng Ma http://arxiv.org/abs/1912.12510 Detecting Out-of-Distribution Examples with In-distribution Examples and Gram Matrices. Chandramouli Shama Sastry; Sageev Oore http://arxiv.org/abs/1912.12463 Search Based Repair of Deep Neural Networks. Jeongju Sohn; Sungmin Kang; Shin Yoo http://arxiv.org/abs/1912.11852 Benchmarking Adversarial Robustness. Yinpeng Dong; Qi-An Fu; Xiao Yang; Tianyu Pang; Hang Su; Zihao Xiao; Jun Zhu http://arxiv.org/abs/1912.11969 Efficient Adversarial Training with Transferable Adversarial Examples. Haizhong Zheng; Ziqi Zhang; Juncheng Gu; Honglak Lee; Atul Prakash http://arxiv.org/abs/1912.11464 Attack-Resistant Federated Learning with Residual-based Reweighting. Shuhao Fu; Chulin Xie; Bo Li; Qifeng Chen http://arxiv.org/abs/1912.11372 Analysis of Moving Target Defense Against False Data Injection Attacks on Power Grid. Zhenyong Zhang; Ruilong Deng; Member; IEEE; David K. Y. Yau; Senior Member; IEEE; Peng Cheng; Member; IEEE; Jiming Chen; Fellow; IEEE http://arxiv.org/abs/1912.11279 Cronus: Robust and Heterogeneous Collaborative Learning with Black-Box Knowledge Transfer. Hongyan Chang; Virat Shejwalkar; Reza Shokri; Amir Houmansadr http://arxiv.org/abs/1912.11460 Characterizing the Decision Boundary of Deep Neural Networks. Hamid Karimi; Tyler Derr; Jiliang Tang http://arxiv.org/abs/1912.12106 White Noise Analysis of Neural Networks. Ali Borji; Sikun Lin http://arxiv.org/abs/1912.11188 Adversarial AutoAugment. Xinyu Zhang; Qiang Wang; Jian Zhang; Zhao Zhong http://arxiv.org/abs/1912.11171 Geometry-aware Generation of Adversarial and Cooperative Point Clouds. Yuxin Wen; Jiehong Lin; Ke Chen; Kui Jia http://arxiv.org/abs/1912.10375 T3: Tree-Autoencoder Constrained Adversarial Text Generation for Targeted Attack. Boxin Wang; Hengzhi Pei; Boyuan Pan; Qian Chen; Shuohang Wang; Bo Li http://arxiv.org/abs/1912.10154 Measuring Dataset Granularity. Yin Cui; Zeqi Gu; Dhruv Mahajan; der Maaten Laurens van; Serge Belongie; Ser-Nam Lim http://arxiv.org/abs/1912.09899 Certified Robustness for Top-k Predictions against Adversarial Perturbations via Randomized Smoothing. Jinyuan Jia; Xiaoyu Cao; Binghui Wang; Neil Zhenqiang Gong http://arxiv.org/abs/1912.10013 secml: A Python Library for Secure and Explainable Machine Learning. Maura Pintor; Luca Demetrio; Angelo Sotgiu; Marco Melis; Ambra Demontis; Battista Biggio http://arxiv.org/abs/1912.10185 Jacobian Adversarially Regularized Networks for Robustness. Alvin Chan; Yi Tay; Yew Soon Ong; Jie Fu http://arxiv.org/abs/1912.09855 Explainability and Adversarial Robustness for RNNs. Alexander Hartl; Maximilian Bachl; Joachim Fabini; Tanja Zseby http://arxiv.org/abs/1912.09670 Adversarial symmetric GANs: bridging adversarial samples and adversarial networks. Faqiang Liu; Mingkun Xu; Guoqi Li; Jing Pei; Luping Shi; Rong Zhao http://arxiv.org/abs/1912.10834 Does Symbolic Knowledge Prevent Adversarial Fooling? Stefano Teso http://arxiv.org/abs/1912.10833 A New Ensemble Method for Concessively Targeted Multi-model Attack. Ziwen He; Wei Wang; Xinsheng Xuan; Jing Dong; Tieniu Tan http://arxiv.org/abs/1912.12170 Mitigating large adversarial perturbations on X-MAS (X minus Moving Averaged Samples). Woohyung Chun; Sung-Min Hong; Junho Huh; Inyup Kang http://arxiv.org/abs/1912.09064 Optimization-Guided Binary Diversification to Mislead Neural Networks for Malware Detection. Mahmood Sharif; Keane Lucas; Lujo Bauer; Michael K. Reiter; Saurabh Shintre http://arxiv.org/abs/1912.09059 $n$-ML: Mitigating Adversarial Examples via Ensembles of Topologically Manipulated Classifiers. Mahmood Sharif; Lujo Bauer; Michael K. Reiter http://arxiv.org/abs/1912.09533 Towards Verifying Robustness of Neural Networks Against Semantic Perturbations. Jeet Lily Mohapatra; Lily Tsui-Wei; Weng; Pin-Yu Chen; Sijia Liu; Luca Daniel http://arxiv.org/abs/1912.09405 Perturbations on the Perceptual Ball. Andrew Elliott; Stephen Law; Chris Russell http://arxiv.org/abs/1912.08981 Identifying Adversarial Sentences by Analyzing Text Complexity. Hoang-Quoc Nguyen-Son; Tran Phuong Thao; Seira Hidano; Shinsaku Kiyomoto http://arxiv.org/abs/1912.08954 An Adversarial Perturbation Oriented Domain Adaptation Approach for Semantic Segmentation. Jihan Yang; Ruijia Xu; Ruiyu Li; Xiaojuan Qi; Xiaoyong Shen; Guanbin Li; Liang Lin http://arxiv.org/abs/1912.08865 Adversarial VC-dimension and Sample Complexity of Neural Networks. Zetong Qi; T. J. Wilder http://arxiv.org/abs/1912.09303 SIGMA : Strengthening IDS with GAN and Metaheuristics Attacks. Simon Msika; Alejandro Quintero; Foutse Khomh http://arxiv.org/abs/1912.08639 Detecting Adversarial Attacks On Audio-Visual Speech Recognition. Pingchuan Ma; Stavros Petridis; Maja Pantic http://arxiv.org/abs/1912.08166 APRICOT: A Dataset of Physical Adversarial Attacks on Object Detection. A. Braunegg; Amartya Chakraborty; Michael Krumdick; Nicole Lape; Sara Leary; Keith Manville; Elizabeth Merkhofer; Laura Strickhart; Matthew Walmer http://arxiv.org/abs/1912.07742 CAG: A Real-time Low-cost Enhanced-robustness High-transferability Content-aware Adversarial Attack Generator. Huy Phan; Yi Xie; Siyu Liao; Jie Chen; Bo Yuan http://arxiv.org/abs/1912.07748 MimicGAN: Robust Projection onto Image Manifolds with Corruption Mimicking. Rushil Anirudh; Jayaraman J. Thiagarajan; Bhavya Kailkhura; Timo Bremer http://arxiv.org/abs/1912.07458 On-manifold Adversarial Data Augmentation Improves Uncertainty Calibration. Kanil Patel; William Beluch; Dan Zhang; Michael Pfeiffer; Bin Yang http://arxiv.org/abs/1912.07561 Constructing a provably adversarially-robust classifier from a high accuracy one. Grzegorz Głuch; Rüdiger Urbanke http://arxiv.org/abs/1912.07160 DAmageNet: A Universal Adversarial Dataset. Sizhe Chen; Xiaolin Huang; Zhengbao He; Chengjin Sun http://arxiv.org/abs/1912.06960 What Else Can Fool Deep Learning? Addressing Color Constancy Errors on Deep Neural Network Performance. Mahmoud Afifi; Michael S Brown http://arxiv.org/abs/1912.06872 Towards Robust Toxic Content Classification. Keita Kurita; Anna Belova; Antonios Anastasopoulos http://arxiv.org/abs/1912.06409 Potential adversarial samples for white-box attacks. Amir Nazemi; Paul Fieguth http://arxiv.org/abs/1912.05683 Learning to Model Aspects of Hearing Perception Using Neural Loss Functions. Prateek Verma; Jonathan Berger http://arxiv.org/abs/1912.05661 Gabor Layers Enhance Network Robustness. Juan C. Pérez; Motasem Alfarra; Guillaume Jeanneret; Adel Bibi; Ali Thabet; Bernard Ghanem; Pablo Arbeláez http://arxiv.org/abs/1912.05333 An Efficient Approach for Using Expectation Maximization Algorithm in Capsule Networks. Moein Hasani; Amin Nasim Saravi; Hassan Khotanlou http://arxiv.org/abs/1912.05391 Detecting and Correcting Adversarial Images Using Image Processing Operations and Convolutional Neural Networks. Huy H. Nguyen; Minoru Kuribayashi; Junichi Yamagishi; Isao Echizen http://arxiv.org/abs/1912.05699 What it Thinks is Important is Important: Robustness Transfers through Input Gradients. Alvin Chan; Yi Tay; Yew-Soon Ong http://arxiv.org/abs/1912.05945 Towards a Robust Classifier: An MDL-Based Method for Generating Adversarial Examples. Behzad Asadi; Vijay Varadharajan http://arxiv.org/abs/1912.04538 Appending Adversarial Frames for Universal Video Attack. Zhikai Chen; Lingxi Xie; Shanmin Pang; Yong He; Qi Tian http://arxiv.org/abs/1912.04792 Training Provably Robust Models by Polyhedral Envelope Regularization. Chen Liu; Mathieu Salzmann; Sabine Süsstrunk http://arxiv.org/abs/1912.04884 Statistically Robust Neural Network Classification. (22%) Benjie Wang; Stefan Webb; Tom Rainforth http://arxiv.org/abs/1912.04497 Feature Losses for Adversarial Robustness. Kirthi Shankar Sivamani http://arxiv.org/abs/1912.03790 Hardening Random Forest Cyber Detectors Against Adversarial Attacks. Giovanni Apruzzese; Mauro Andreolini; Michele Colajanni; Mirco Marchetti http://arxiv.org/abs/1912.03829 Amora: Black-box Adversarial Morphing Attack. Run Wang; Felix Juefei-Xu; Xiaofei Xie; Lei Ma; Yihao Huang; Yang Liu http://arxiv.org/abs/1912.03609 Exploring the Back Alleys: Analysing The Robustness of Alternative Neural Network Architectures against Adversarial Attacks. Yi Xiang Marcus Tan; Yuval Elovici; Alexander Binder http://arxiv.org/abs/1912.03192 Achieving Robustness in the Wild via Adversarial Mixing with Disentangled Representations. Sven Gowal; Chongli Qin; Po-Sen Huang; Taylan Cemgil; Krishnamurthy Dvijotham; Timothy Mann; Pushmeet Kohli http://arxiv.org/abs/1912.03406 Principal Component Properties of Adversarial Samples. Malhar Jere; Sandro Herbig; Christine Lind; Farinaz Koushanfar http://arxiv.org/abs/1912.03430 Training Deep Neural Networks for Interpretability and Adversarial Robustness. Adam Noack; Isaac Ahern; Dejing Dou; Boyang Li http://arxiv.org/abs/1912.02918 Detection of Face Recognition Adversarial Attacks. Fabio Valerio Massoli; Fabio Carrara; Giuseppe Amato; Fabrizio Falchi http://arxiv.org/abs/1912.02386 The Search for Sparse, Robust Neural Networks. Justin Cosentino; Federico Zaiter; Dan Pei; Jun Zhu http://arxiv.org/abs/1912.02598 Region-Wise Attack: On Efficient Generation of Robust Physical Adversarial Examples. Bo Luo; Qiang Xu http://arxiv.org/abs/1912.01810 Learning with Multiplicative Perturbations. Xiulong Yang; Shihao Ji http://arxiv.org/abs/1912.02258 A Survey of Game Theoretic Approaches for Adversarial Machine Learning in Cybersecurity Tasks. Prithviraj Dasgupta; Joseph B. Collins http://arxiv.org/abs/1912.02153 Walking on the Edge: Fast, Low-Distortion Adversarial Examples. Hanwei Zhang; Yannis Avrithis; Teddy Furon; Laurent Amsaleg http://arxiv.org/abs/1912.02184 Towards Robust Image Classification Using Sequential Attention Models. Daniel Zoran; Mike Chrzanowski; Po-Sen Huang; Sven Gowal; Alex Mott; Pushmeet Kohl http://arxiv.org/abs/1912.02316 Scratch that! An Evolution-based Adversarial Attack against Neural Networks. Malhar Jere; Briland Hitaj; Gabriela Ciocarlie; Farinaz Koushanfar http://arxiv.org/abs/1912.01667 A Survey of Black-Box Adversarial Attacks on Computer Vision Models. Siddhant Bhambri; Sumanyu Muku; Avinash Tulasi; Arun Balaji Buduru http://arxiv.org/abs/1912.01978 FANNet: Formal Analysis of Noise Tolerance, Training Bias and Input Sensitivity in Neural Networks. Mahum Naseer; Mishal Fatima Minhas; Faiq Khalid; Muhammad Abdullah Hanif; Osman Hasan; Muhammad Shafique http://arxiv.org/abs/1912.01149 Cost-Aware Robust Tree Ensembles for Security Applications. Yizheng Chen; Shiqi Wang; Weifan Jiang; Asaf Cidon; Suman Jana http://arxiv.org/abs/1912.00888 Deep Neural Network Fingerprinting by Conferrable Adversarial Examples. Nils Lukas; Yuxuan Zhang; Florian Kerschbaum http://arxiv.org/abs/1912.01171 Universal Adversarial Perturbations for CNN Classifiers in EEG-Based BCIs. Zihan Liu; Xiao Zhang; Lubin Meng; Dongrui Wu http://arxiv.org/abs/1912.00330 Adversary A3C for Robust Reinforcement Learning. Zhaoyuan Gu; Zhenzhong Jia; Howie Choset http://arxiv.org/abs/1912.00466 A Method for Computing Class-wise Universal Adversarial Perturbations. Tejus Gupta; Abhishek Sinha; Nupur Kumari; Mayank Singh; Balaji Krishnamurthy http://arxiv.org/abs/1912.00461 AdvPC: Transferable Adversarial Perturbations on 3D Point Clouds. Abdullah Hamdi; Sara Rojas; Ali Thabet; Bernard Ghanem http://arxiv.org/abs/1912.05021 Design and Interpretation of Universal Adversarial Patches in Face Detection. Xiao Yang; Fangyun Wei; Hongyang Zhang; Jun Zhu http://arxiv.org/abs/1912.00181 Error-Correcting Neural Network. Yang Song; Qiyu Kang; Wee Peng Tay http://arxiv.org/abs/1912.00049 Square Attack: a query-efficient black-box adversarial attack via random search. Maksym Andriushchenko; Francesco Croce; Nicolas Flammarion; Matthias Hein http://arxiv.org/abs/1911.12562 Towards Privacy and Security of Deep Learning Systems: A Survey. Yingzhe He; Guozhu Meng; Kai Chen; Xingbo Hu; Jinwen He http://arxiv.org/abs/1911.11932 Survey of Attacks and Defenses on Edge-Deployed Neural Networks. Mihailo Isakov; Vijay Gadepally; Karen M. Gettings; Michel A. Kinsy http://arxiv.org/abs/1911.11881 An Adaptive View of Adversarial Robustness from Test-time Smoothing Defense. Chao Tang; Yifei Fan; Anthony Yezzi http://arxiv.org/abs/1911.11946 Can Attention Masks Improve Adversarial Robustness? Pratik Vaishnavi; Tianji Cong; Kevin Eykholt; Atul Prakash; Amir Rahmati http://arxiv.org/abs/1911.11746 Defending Against Adversarial Machine Learning. Alison Jenkins http://arxiv.org/abs/1911.11484 Using Depth for Pixel-Wise Detection of Adversarial Attacks in Crowd Counting. Weizhe Liu; Mathieu Salzmann; Pascal Fua http://arxiv.org/abs/1911.11253 Playing it Safe: Adversarial Robustness with an Abstain Option. Cassidy Laidlaw; Soheil Feizi http://arxiv.org/abs/1911.10891 ColorFool: Semantic Adversarial Colorization. Ali Shahin Shamsabadi; Ricardo Sanchez-Matilla; Andrea Cavallaro http://arxiv.org/abs/1911.10875 Adversarial Attack with Pattern Replacement. Ziang Dong; Liang Mao; Shiliang Sun http://arxiv.org/abs/1911.11219 One Man's Trash is Another Man's Treasure: Resisting Adversarial Examples by Adversarial Examples. Chang Xiao; Changxi Zheng http://arxiv.org/abs/1911.10695 When NAS Meets Robustness: In Search of Robust Architectures against Adversarial Attacks. Minghao Guo; Yuzhe Yang; Rui Xu; Ziwei Liu; Dahua Lin http://arxiv.org/abs/1911.10561 Time-aware Gradient Attack on Dynamic Network Link Prediction. Jinyin Chen; Jian Zhang; Zhi Chen; Min Du; Feifei Li; Qi Xuan http://arxiv.org/abs/1911.10435 Robust Assessment of Real-World Adversarial Examples. Brett Jefferson; Carlos Ortiz Marrero http://arxiv.org/abs/1911.10364 Universal Adversarial Robustness of Texture and Shape-Biased Models. Kenneth T. Co; Luis Muñoz-González; Leslie Kanthan; Ben Glocker; Emil C. Lupu http://arxiv.org/abs/1911.10258 Bounding Singular Values of Convolution Layers. Sahil Singla; Soheil Feizi http://arxiv.org/abs/1911.11616 Enhancing Cross-task Black-Box Transferability of Adversarial Examples with Dispersion Reduction. Yantao Lu; Yunhan Jia; Jianyu Wang; Bai Li; Weiheng Chai; Lawrence Carin; Senem Velipasalar http://arxiv.org/abs/1911.10008 Attack Agnostic Statistical Method for Adversarial Detection. Sambuddha Saha; Aashish Kumar; Pratyush Sahay; George Jose; Srinivas Kruthiventi; Harikrishna Muralidhara http://arxiv.org/abs/1911.10182 Universal adversarial examples in speech command classification. Jon Vadillo; Roberto Santana http://arxiv.org/abs/1911.10291 Invert and Defend: Model-based Approximate Inversion of Generative Adversarial Networks for Secure Inference. Wei-An Lin; Yogesh Balaji; Pouya Samangouei; Rama Chellappa http://arxiv.org/abs/1911.09449 Heuristic Black-box Adversarial Attacks on Video Recognition Models. Zhipeng Wei; Jingjing Chen; Xingxing Wei; Linxi Jiang; Tat-Seng Chua; Fengfeng Zhou; Yu-Gang Jiang http://arxiv.org/abs/1911.09665 Adversarial Examples Improve Image Recognition. Cihang Xie; Mingxing Tan; Boqing Gong; Jiang Wang; Alan Yuille; Quoc V. Le http://arxiv.org/abs/1911.09307 Patch-level Neighborhood Interpolation: A General and Effective Graph-based Regularization Strategy. (1%) Ke Sun; Bing Yu; Zhouchen Lin; Zhanxing Zhu http://arxiv.org/abs/1911.09272 Robustness Certificates for Sparse Adversarial Attacks by Randomized Ablation. Alexander Levine; Soheil Feizi http://arxiv.org/abs/1911.08790 Analysis of Deep Networks for Monocular Depth Estimation Through Adversarial Attacks with Proposal of a Defense Method. Junjie Hu; Takayuki Okatani http://arxiv.org/abs/1911.09058 Fine-grained Synthesis of Unrestricted Adversarial Examples. Omid Poursaeed; Tianxing Jiang; Harry Yang; Serge Belongie; Ser-Nam Lim http://arxiv.org/abs/1911.08723 Deep Minimax Probability Machine. Lirong He; Ziyi Guo; Kaizhu Huang; Zenglin Xu http://arxiv.org/abs/1911.08635 Logic-inspired Deep Neural Networks. Minh Le http://arxiv.org/abs/1911.08696 Where is the Bottleneck of Adversarial Learning with Unlabeled Data? Jingfeng Zhang; Bo Han; Gang Niu; Tongliang Liu; Masashi Sugiyama http://arxiv.org/abs/1911.08654 Adversarial Robustness of Flow-Based Generative Models. Phillip Pope; Yogesh Balaji; Soheil Feizi http://arxiv.org/abs/1911.08432 Defective Convolutional Layers Learn Robust CNNs. Tiange Luo; Tianle Cai; Mengxiao Zhang; Siyu Chen; Di He; Liwei Wang http://arxiv.org/abs/1911.08644 Generate (non-software) Bugs to Fool Classifiers. Hiromu Yakura; Youhei Akimoto; Jun Sakuma http://arxiv.org/abs/1911.07682 A New Ensemble Adversarial Attack Powered by Long-term Gradient Memories. Zhaohui Che; Ali Borji; Guangtao Zhai; Suiyi Ling; Jing Li; Patrick Le Callet http://arxiv.org/abs/1911.08053 A novel method for identifying the deep neural network model with the Serial Number. XiangRui Xu; YaQin Li; Cao Yuan http://arxiv.org/abs/1911.08011 Adversarial Attacks on Grid Events Classification: An Adversarial Machine Learning Approach. Iman Niazazari; Hanif Livani http://arxiv.org/abs/1911.07989 WITCHcraft: Efficient PGD attacks with random step size. Ping-Yeh Chiang; Jonas Geiping; Micah Goldblum; Tom Goldstein; Renkun Ni; Steven Reich; Ali Shafahi http://arxiv.org/abs/1911.08090 Deep Detector Health Management under Adversarial Campaigns. Javier Echauz; Keith Kenemer; Sarfaraz Hussein; Jay Dhaliwal; Saurabh Shintre; Slawomir Grzonkowski; Andrew Gardner http://arxiv.org/abs/1911.07201 Countering Inconsistent Labelling by Google's Vision API for Rotated Images. Aman Apte; Aritra Bandyopadhyay; K Akhilesh Shenoy; Jason Peter Andrews; Aditya Rathod; Manish Agnihotri; Aditya Jajodia http://arxiv.org/abs/1911.07421 Deep Verifier Networks: Verification of Deep Discriminative Models with Deep Generative Models. Tong Che; Xiaofeng Liu; Site Li; Yubin Ge; Ruixiang Zhang; Caiming Xiong; Yoshua Bengio http://arxiv.org/abs/1911.07198 Smoothed Inference for Adversarially-Trained Models. Yaniv Nemcovsky; Evgenii Zheltonozhskii; Chaim Baskin; Brian Chmiel; Maxim Fishman; Alex M. Bronstein; Avi Mendelson http://arxiv.org/abs/1911.07107 SMART: Skeletal Motion Action Recognition aTtack. He Wang; Feixiang He; Zexi Peng; Yongliang Yang; Tianjia Shao; Kun Zhou; David Hogg http://arxiv.org/abs/1911.07015 Suspicion-Free Adversarial Attacks on Clustering Algorithms. Anshuman Chhabra; Abhishek Roy; Prasant Mohapatra http://arxiv.org/abs/1911.07140 Black-Box Adversarial Attack with Transferable Model-based Embedding. Zhichao Huang; Tong Zhang http://arxiv.org/abs/1911.06968 Defensive Few-shot Learning. Wenbin Li; Lei Wang; Xingxing Zhang; Lei Qi; Jing Huo; Yang Gao; Jiebo Luo http://arxiv.org/abs/1911.06587 Learning To Characterize Adversarial Subspaces. Xiaofeng Mao; Yuefeng Chen; Yuhong Li; Yuan He; Hui Xue http://arxiv.org/abs/1911.06479 On Model Robustness Against Adversarial Examples. Shufei Zhang; Kaizhu Huang; Zenglin Xu http://arxiv.org/abs/1911.06502 Simple iterative method for generating targeted universal adversarial perturbations. Hokuto Hirano; Kazuhiro Takemoto http://arxiv.org/abs/1911.06591 AdvKnn: Adversarial Attacks On K-Nearest Neighbor Classifiers With Approximate Gradients. Xiaodan Li; Yuefeng Chen; Yuan He; Hui Xue http://arxiv.org/abs/1912.01487 Adversarial Embedding: A robust and elusive Steganography and Watermarking technique. Salah Ghamizi; Maxime Cordy; Mike Papadakis; Yves Le Traon http://arxiv.org/abs/1911.06470 Self-supervised Adversarial Training. Kejiang Chen; Hang Zhou; Yuefeng Chen; Xiaofeng Mao; Yuhong Li; Yuan He; Hui Xue; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/1911.06285 DomainGAN: Generating Adversarial Examples to Attack Domain Generation Algorithm Classifiers. Isaac Corley; Jonathan Lwowski; Justin Hoffman http://arxiv.org/abs/1911.07931 CAGFuzz: Coverage-Guided Adversarial Generative Fuzzing Testing of Deep Learning Systems. Pengcheng Zhang; Qiyin Dai; Patrizio Pelliccione http://arxiv.org/abs/1911.05904 There is Limited Correlation between Coverage and Robustness for Deep Neural Networks. Yizhen Dong; Peixin Zhang; Jingyi Wang; Shuang Liu; Jun Sun; Jianye Hao; Xinyu Wang; Li Wang; Jin Song Dong; Dai Ting http://arxiv.org/abs/1911.05916 Adversarial Margin Maximization Networks. Ziang Yan; Yiwen Guo; Changshui Zhang http://arxiv.org/abs/1911.05153 Improving Robustness of Task Oriented Dialog Systems. Arash Einolghozati; Sonal Gupta; Mrinal Mohit; Rushin Shah http://arxiv.org/abs/1911.04681 On Robustness to Adversarial Examples and Polynomial Optimization. Pranjal Awasthi; Abhratanu Dutta; Aravindan Vijayaraghavan http://arxiv.org/abs/1911.05268 Adversarial Examples in Modern Machine Learning: A Review. Rey Reza Wiyatno; Anqi Xu; Ousmane Dia; Berker Archy de http://arxiv.org/abs/1911.06269 Few-Features Attack to Fool Machine Learning Models through Mask-Based GAN. Feng Chen; Yunkai Shang; Bo Xu; Jincheng Hu http://arxiv.org/abs/1911.06155 RNN-Test: Towards Adversarial Testing for Recurrent Neural Network Systems. Jianmin Guo; Yue Zhao; Quan Zhang; Yu Jiang http://arxiv.org/abs/1911.05072 Learning From Brains How to Regularize Machines. Zhe Li; Wieland Brendel; Edgar Y. Walker; Erick Cobos; Taliah Muhammad; Jacob Reimer; Matthias Bethge; Fabian H. Sinz; Xaq Pitkow; Andreas S. Tolias http://arxiv.org/abs/1911.04636 Robust Design of Deep Neural Networks against Adversarial Attacks based on Lyapunov Theory. Arash Rahnama; Andre T. Nguyen; Edward Raff http://arxiv.org/abs/1911.04657 CALPA-NET: Channel-pruning-assisted Deep Residual Network for Steganalysis of Digital Images. Shunquan Tan; Weilong Wu; Zilong Shao; Qiushi Li; Bin Li; Jiwu Huang http://arxiv.org/abs/1911.04429 GraphDefense: Towards Robust Graph Convolutional Networks. Xiaoyun Wang; Xuanqing Liu; Cho-Jui Hsieh http://arxiv.org/abs/1911.03677 A Reinforced Generation of Adversarial Samples for Neural Machine Translation. Wei Zou; Shujian Huang; Jun Xie; Xinyu Dai; Jiajun Chen http://arxiv.org/abs/1911.03614 Improving Machine Reading Comprehension via Adversarial Training. Ziqing Yang; Yiming Cui; Wanxiang Che; Ting Liu; Shijin Wang; Guoping Hu http://arxiv.org/abs/1911.03784 Adaptive versus Standard Descent Methods and Robustness Against Adversarial Examples. Marc Khoury http://arxiv.org/abs/1911.03849 Minimalistic Attacks: How Little it Takes to Fool a Deep Reinforcement Learning Policy. Xinghua Qu; Zhu Sun; Yew-Soon Ong; Abhishek Gupta; Pengfei Wei http://arxiv.org/abs/1911.04278 Adversarial Attacks on Time-Series Intrusion Detection for Industrial Control Systems. Giulio Zizzo; Chris Hankin; Sergio Maffeis; Kevin Jones http://arxiv.org/abs/1911.07922 Patch augmentation: Towards efficient decision boundaries for neural networks. Marcus D. Bloice; Andreas Holzinger http://arxiv.org/abs/1911.03109 Domain Robustness in Neural Machine Translation. Mathias Müller; Annette Rios; Rico Sennrich http://arxiv.org/abs/1911.03078 Adversarial Attacks on GMM i-vector based Speaker Verification Systems. Xu Li; Jinghua Zhong; Xixin Wu; Jianwei Yu; Xunying Liu; Helen Meng http://arxiv.org/abs/1911.03274 Imperceptible Adversarial Attacks on Tabular Data. Vincent Ballet; Xavier Renard; Jonathan Aigrain; Thibault Laugel; Pascal Frossard; Marcin Detyniecki http://arxiv.org/abs/1911.04606 White-Box Target Attack for EEG-Based BCI Regression Problems. Lubin Meng; Chin-Teng Lin; Tzyy-Ring Jung; Dongrui Wu http://arxiv.org/abs/1911.04338 Active Learning for Black-Box Adversarial Attacks in EEG-Based Brain-Computer Interfaces. Xue Jiang; Xiao Zhang; Dongrui Wu http://arxiv.org/abs/1911.02466 Towards Large yet Imperceptible Adversarial Image Perturbations with Perceptual Color Distance. Zhengyu Zhao; Zhuoran Liu; Martha Larson http://arxiv.org/abs/1911.02508 Fooling LIME and SHAP: Adversarial Attacks on Post hoc Explanation Methods. Dylan Slack; Sophie Hilgard; Emily Jia; Sameer Singh; Himabindu Lakkaraju http://arxiv.org/abs/1911.02621 The Threat of Adversarial Attacks on Machine Learning in Network Security -- A Survey. Olakunle Ibitoye; Rana Abou-Khamis; Ashraf Matrawy; M. Omair Shafiq http://arxiv.org/abs/1911.02360 Reversible Adversarial Example based on Reversible Image Transformation. Zhaoxia Yin; Hua Wang; Weiming Zhang http://arxiv.org/abs/1911.01670 Adversarial Enhancement for Community Detection in Complex Networks. Jiajun Zhou; Zhi Chen; Min Du; Lihong Chen; Shanqing Yu; Feifei Li; Guanrong Chen; Qi Xuan http://arxiv.org/abs/1911.01921 DLA: Dense-Layer-Analysis for Adversarial Example Detection. Philip Sperl; Ching-Yu Kao; Peng Chen; Konstantin Böttinger http://arxiv.org/abs/1911.02142 Intriguing Properties of Adversarial ML Attacks in the Problem Space. Fabio Pierazzi; Feargus Pendlebury; Jacopo Cortellazzi; Lorenzo Cavallaro http://arxiv.org/abs/1911.01952 Coverage Guided Testing for Recurrent Neural Networks. Wei Huang; Youcheng Sun; Xingyu Zhao; James Sharp; Wenjie Ruan; Jie Meng; Xiaowei Huang http://arxiv.org/abs/1911.01043 Persistency of Excitation for Robustness of Neural Networks. Kamil Nar; S. Shankar Sastry http://arxiv.org/abs/1911.01172 Fast-UAP: An Algorithm for Speeding up Universal Adversarial Perturbation Generation with Orientation of Perturbation Vectors. Jiazhu Dai; Le Shu http://arxiv.org/abs/1911.01559 A Tale of Evil Twins: Adversarial Inputs versus Poisoned Models. Ren Pang; Hua Shen; Xinyang Zhang; Shouling Ji; Yevgeniy Vorobeychik; Xiapu Luo; Alex Liu; Ting Wang http://arxiv.org/abs/1911.01840 Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems. Guangke Chen; Sen Chen; Lingling Fan; Xiaoning Du; Zhe Zhao; Fu Song; Yang Liu http://arxiv.org/abs/1911.00870 MadNet: Using a MAD Optimization for Defending Against Adversarial Attacks. Shai Rozenberg; Gal Elidan; Ran El-Yaniv http://arxiv.org/abs/1911.00650 Automatic Detection of Generated Text is Easiest when Humans are Fooled. Daphne Ippolito; Daniel Duckworth; Chris Callison-Burch; Douglas Eck http://arxiv.org/abs/1911.00660 Security of Facial Forensics Models Against Adversarial Attacks. Rong Huang; Fuming Fang; Huy H. Nguyen; Junichi Yamagishi; Isao Echizen http://arxiv.org/abs/1910.14655 Enhancing Certifiable Robustness via a Deep Model Ensemble. Huan Zhang; Minhao Cheng; Cho-Jui Hsieh http://arxiv.org/abs/1910.14356 Certifiable Robustness to Graph Perturbations. Aleksandar Bojchevski; Stephan Günnemann http://arxiv.org/abs/1911.00126 Adversarial Music: Real World Audio Adversary Against Wake-word Detection System. Juncheng B. Li; Shuhui Qu; Xinjian Li; Joseph Szurley; J. Zico Kolter; Florian Metze http://arxiv.org/abs/1910.14107 Investigating Resistance of Deep Learning-based IDS against Adversaries using min-max Optimization. Rana Abou Khamis; Omair Shafiq; Ashraf Matrawy http://arxiv.org/abs/1910.14184 Beyond Universal Person Re-ID Attack. Wenjie Ding; Xing Wei; Rongrong Ji; Xiaopeng Hong; Qi Tian; Yihong Gong http://arxiv.org/abs/1910.13222 Adversarial Example in Remote Sensing Image Recognition. Li Chen; Guowei Zhu; Qi Li; Haifeng Li http://arxiv.org/abs/1910.13025 Active Subspace of Neural Networks: Structural Analysis and Universal Attacks. Chunfeng Cui; Kaiqi Zhang; Talgat Daulbaev; Julia Gusak; Ivan Oseledets; Zheng Zhang http://arxiv.org/abs/1910.12908 Certified Adversarial Robustness for Deep Reinforcement Learning. Björn Lütjens; Michael Everett; Jonathan P. How http://arxiv.org/abs/1910.12196 Word-level Textual Adversarial Attacking as Combinatorial Optimization. Yuan Zang; Fanchao Qi; Chenghao Yang; Zhiyuan Liu; Meng Zhang; Qun Liu; Maosong Sun http://arxiv.org/abs/1910.12227 EdgeFool: An Adversarial Image Enhancement Filter. Ali Shahin Shamsabadi; Changjae Oh; Andrea Cavallaro http://arxiv.org/abs/1911.00927 Spot Evasion Attacks: Adversarial Examples for License Plate Recognition Systems with Convolutional Neural Networks. Ya-guan Qian; Dan-feng Ma; Bin Wang; Jun Pan; Jia-min Wang; Jian-hai Chen; Wu-jie Zhou; Jing-sheng Lei http://arxiv.org/abs/1910.12084 Detection of Adversarial Attacks and Characterization of Adversarial Subspace. Mohammad Esmaeilpour; Patrick Cardinal; Alessandro Lameiras Koerich http://arxiv.org/abs/1910.12163 Understanding and Quantifying Adversarial Examples Existence in Linear Classification. Xupeng Shi; A. Adam Ding http://arxiv.org/abs/1910.12165 Adversarial Defense Via Local Flatness Regularization. Jia Xu; Yiming Li; Yong Jiang; Shu-Tao Xia http://arxiv.org/abs/1910.12392 Effectiveness of random deep feature selection for securing image manipulation detectors against adversarial examples. Mauro Barni; Ehsan Nowroozi; Benedetta Tondi; Bowen Zhang http://arxiv.org/abs/1910.11603 MediaEval 2019: Concealed FGSM Perturbations for Privacy Preservation. Panagiotis Linardos; Suzanne Little; Kevin McGuinness http://arxiv.org/abs/1910.11585 Label Smoothing and Logit Squeezing: A Replacement for Adversarial Training? Ali Shafahi; Amin Ghiasi; Furong Huang; Tom Goldstein http://arxiv.org/abs/1910.10994 ATZSL: Defensive Zero-Shot Recognition in the Presence of Adversaries. Xingxing Zhang; Shupeng Gui; Zhenfeng Zhu; Yao Zhao; Ji Liu http://arxiv.org/abs/1910.10679 A Useful Taxonomy for Adversarial Robustness of Neural Networks. Leslie N. Smith http://arxiv.org/abs/1910.10783 Wasserstein Smoothing: Certified Robustness against Wasserstein Adversarial Attacks. Alexander Levine; Soheil Feizi http://arxiv.org/abs/1910.10053 Attacking Optical Flow. Anurag Ranjan; Joel Janai; Andreas Geiger; Michael J. Black http://arxiv.org/abs/1910.10013 Adversarial Example Detection by Classification for Deep Speech Recognition. Saeid Samizade; Zheng-Hua Tan; Chao Shen; Xiaohong Guan http://arxiv.org/abs/1910.10106 Cross-Representation Transferability of Adversarial Attacks: From Spectrograms to Audio Waveforms. Karl M. Koerich; Mohammad Esmailpour; Sajjad Abdoli; Alceu S. Jr. Britto; Alessandro L. Koerich http://arxiv.org/abs/1910.09821 Structure Matters: Towards Generating Transferable Adversarial Images. Dan Peng; Zizhan Zheng; Linhao Luo; Xiaofeng Zhang http://arxiv.org/abs/1910.09239 Recovering Localized Adversarial Attacks. Jan Philip Göpfert; Heiko Wersing; Barbara Hammer http://arxiv.org/abs/1910.09464 Learning to Learn by Zeroth-Order Oracle. Yangjun Ruan; Yuanhao Xiong; Sashank Reddi; Sanjiv Kumar; Cho-Jui Hsieh http://arxiv.org/abs/1910.09338 An Alternative Surrogate Loss for PGD-based Adversarial Testing. Sven Gowal; Jonathan Uesato; Chongli Qin; Po-Sen Huang; Timothy Mann; Pushmeet Kohli http://arxiv.org/abs/1910.08910 Enhancing Recurrent Neural Networks with Sememes. Yujia Qin; Fanchao Qi; Sicong Ouyang; Zhiyuan Liu; Cheng Yang; Yasheng Wang; Qun Liu; Maosong Sun http://arxiv.org/abs/1910.08716 Adversarial Attacks on Spoofing Countermeasures of automatic speaker verification. Songxiang Liu; Haibin Wu; Hung-yi Lee; Helen Meng http://arxiv.org/abs/1910.08650 Toward Metrics for Differentiating Out-of-Distribution Sets. Mahdieh Abbasi; Changjian Shui; Arezoo Rajabi; Christian Gagne; Rakesh Bobba http://arxiv.org/abs/1910.08640 Are Perceptually-Aligned Gradients a General Property of Robust Classifiers? Simran Kaur; Jeremy Cohen; Zachary C. Lipton http://arxiv.org/abs/1910.08681 Spatial-aware Online Adversarial Perturbations Against Visual Object Tracking. Qing Guo; Xiaofei Xie; Lei Ma; Zhongguo Li; Wei Feng; Yang Liu http://arxiv.org/abs/1910.08623 A Fast Saddle-Point Dynamical System Approach to Robust Deep Learning. Yasaman Esfandiari; Aditya Balu; Keivan Ebrahimi; Umesh Vaidya; Nicola Elia; Soumik Sarkar http://arxiv.org/abs/1910.08051 Instance adaptive adversarial training: Improved accuracy tradeoffs in neural nets. Yogesh Balaji; Tom Goldstein; Judy Hoffman http://arxiv.org/abs/1910.08108 Enforcing Linearity in DNN succours Robustness and Adversarial Image Generation. Anindya Sarkar; Nikhil Kumar Gupta; Raghu Iyengar http://arxiv.org/abs/1910.08536 LanCe: A Comprehensive and Lightweight CNN Defense Methodology against Physical Adversarial Attacks on Embedded Multimedia Applications. Zirui Xu; Fuxun Yu; Xiang Chen http://arxiv.org/abs/1910.11099 Adversarial T-shirt! Evading Person Detectors in A Physical World. Kaidi Xu; Gaoyuan Zhang; Sijia Liu; Quanfu Fan; Mengshu Sun; Hongge Chen; Pin-Yu Chen; Yanzhi Wang; Xue Lin http://arxiv.org/abs/1910.07629 A New Defense Against Adversarial Images: Turning a Weakness into a Strength. Tao Yu; Shengyuan Hu; Chuan Guo; Wei-Lun Chao; Kilian Q. Weinberger http://arxiv.org/abs/1910.06813 Improving Robustness of time series classifier with Neural ODE guided gradient based data augmentation. Anindya Sarkar; Anirudh Sunder Raj; Raghu Sesha Iyengar http://arxiv.org/abs/1910.07416 Understanding Misclassifications by Attributes. Sadaf Gulshad; Zeynep Akata; Jan Hendrik Metzen; Arnold Smeulders http://arxiv.org/abs/1910.07517 Adversarial Examples for Models of Code. Noam Yefet; Uri Alon; Eran Yahav http://arxiv.org/abs/1910.07067 On adversarial patches: real-world attack on ArcFace-100 face recognition system. Mikhail Pautov; Grigorii Melnikov; Edgar Kaziakhmedov; Klim Kireev; Aleksandr Petiushko http://arxiv.org/abs/1910.06296 DeepSearch: Simple and Effective Blackbox Fuzzing of Deep Neural Networks. Fuyuan Zhang; Sankalan Pal Chowdhury; Maria Christakis http://arxiv.org/abs/1910.06259 Confidence-Calibrated Adversarial Training: Generalizing to Unseen Attacks. David Stutz; Matthias Hein; Bernt Schiele http://arxiv.org/abs/1910.06513 ZO-AdaMM: Zeroth-Order Adaptive Momentum Method for Black-Box Optimization. Xiangyi Chen; Sijia Liu; Kaidi Xu; Xingguo Li; Xue Lin; Mingyi Hong; David Cox http://arxiv.org/abs/1910.06838 Man-in-the-Middle Attacks against Machine Learning Classifiers via Malicious Generative Models. Derek Derui; Wang; Chaoran Li; Sheng Wen; Surya Nepal; Yang Xiang http://arxiv.org/abs/1910.06261 Real-world adversarial attack on MTCNN face detection system. Edgar Kaziakhmedov; Klim Kireev; Grigorii Melnikov; Mikhail Pautov; Aleksandr Petiushko http://arxiv.org/abs/1910.05513 On Robustness of Neural Ordinary Differential Equations. Hanshu Yan; Jiawei Du; Vincent Y. F. Tan; Jiashi Feng http://arxiv.org/abs/1910.05262 Hear "No Evil", See "Kenansville": Efficient and Transferable Black-Box Attacks on Speech Recognition and Voice Identification Systems. Hadi Abdullah; Muhammad Sajidur Rahman; Washington Garcia; Logan Blue; Kevin Warren; Anurag Swarnim Yadav; Tom Shrimpton; Patrick Traynor http://arxiv.org/abs/1910.05018 Verification of Neural Networks: Specifying Global Robustness using Generative Models. Nathanaël Fijalkow; Mohit Kumar Gupta http://arxiv.org/abs/1910.04618 Universal Adversarial Perturbation for Text Classification. Hang Gao; Tim Oates http://arxiv.org/abs/1910.04819 Information Aware Max-Norm Dirichlet Networks for Predictive Uncertainty Estimation. Theodoros Tsiligkaridis http://arxiv.org/abs/1910.03850 Learning deep forest with multi-scale Local Binary Pattern features for face anti-spoofing. Rizhao Cai; Changsheng Chen http://arxiv.org/abs/1910.03810 Adversarial Learning of Deepfakes in Accounting. Marco Schreyer; Timur Sattarov; Bernd Reimer; Damian Borth http://arxiv.org/abs/1910.03916 Deep Latent Defence. Giulio Zizzo; Chris Hankin; Sergio Maffeis; Kevin Jones http://arxiv.org/abs/1910.04279 Adversarial Training: embedding adversarial perturbations into the parameter space of a neural network to build a robust system. Shixian Wen; Laurent Itti http://arxiv.org/abs/1910.03468 Directional Adversarial Training for Cost Sensitive Deep Learning Classification Applications. Matteo Terzi; Gian Antonio Susto; Pratik Chaudhari http://arxiv.org/abs/1910.03624 SmoothFool: An Efficient Framework for Computing Smooth Adversarial Perturbations. Ali Dabouei; Sobhan Soleymani; Fariborz Taherkhani; Jeremy Dawson; Nasser M. Nasrabadi http://arxiv.org/abs/1910.02673 Interpretable Disentanglement of Neural Networks by Extracting Class-Specific Subnetwork. Yulong Wang; Xiaolin Hu; Hang Su http://arxiv.org/abs/1910.02354 Unrestricted Adversarial Attacks for Semantic Segmentation. Guangyu Shen; Chengzhi Mao; Junfeng Yang; Baishakhi Ray http://arxiv.org/abs/1910.02244 Yet another but more efficient black-box adversarial attack: tiling and evolution strategies. Laurent Meunier; Jamal Atif; Olivier Teytaud http://arxiv.org/abs/1910.02125 Requirements for Developing Robust Neural Networks. John S. Hyatt; Michael S. Lee http://arxiv.org/abs/1910.02095 Adversarial Examples for Cost-Sensitive Classifiers. Gavin S. Hartnett; Andrew J. Lohn; Alexander P. Sedlack http://arxiv.org/abs/1910.01329 Perturbations are not Enough: Generating Adversarial Examples with Spatial Distortions. He Zhao; Trung Le; Paul Montague; Vel Olivier De; Tamas Abraham; Dinh Phung http://arxiv.org/abs/1910.02785 BUZz: BUffer Zones for defending adversarial examples in image classification. Kaleel Mahmood; Phuong Ha Nguyen; Lam M. Nguyen; Thanh Nguyen; Dijk Marten van http://arxiv.org/abs/1910.01624 Verification of Neural Network Behaviour: Formal Guarantees for Power System Applications. Andreas Venzke; Spyros Chatzivasileiadis http://arxiv.org/abs/1910.01907 Attacking Vision-based Perception in End-to-End Autonomous Driving Models. Adith Boloor; Karthik Garimella; Xin He; Christopher Gill; Yevgeniy Vorobeychik; Xuan Zhang http://arxiv.org/abs/1910.00982 Adversarially Robust Few-Shot Learning: A Meta-Learning Approach. Micah Goldblum; Liam Fowl; Tom Goldstein http://arxiv.org/abs/1910.00736 Boosting Image Recognition with Non-differentiable Constraints. Xuan Li; Yuchen Lu; Peng Xu; Jizong Peng; Christian Desrosiers; Xue Liu http://arxiv.org/abs/1910.00727 Generating Semantic Adversarial Examples with Differentiable Rendering. Lakshya Jain; Wilson Wu; Steven Chen; Uyeong Jang; Varun Chandrasekaran; Sanjit Seshia; Somesh Jha http://arxiv.org/abs/1910.00327 Attacking CNN-based anti-spoofing face authentication in the physical domain. Bowen Zhang; Benedetta Tondi; Mauro Barni http://arxiv.org/abs/1910.00511 An Efficient and Margin-Approaching Zero-Confidence Adversarial Attack. Yang Zhang; Shiyu Chang; Mo Yu; Kaizhi Qian http://arxiv.org/abs/1910.01742 Cross-Layer Strategic Ensemble Defense Against Adversarial Examples. Wenqi Wei; Ling Liu; Margaret Loper; Ka-Ho Chow; Emre Gursoy; Stacey Truex; Yanzhao Wu http://arxiv.org/abs/1910.00470 Deep Neural Rejection against Adversarial Examples. Angelo Sotgiu; Ambra Demontis; Marco Melis; Battista Biggio; Giorgio Fumera; Xiaoyi Feng; Fabio Roli http://arxiv.org/abs/1909.13857 Black-box Adversarial Attacks with Bayesian Optimization. Satya Narayan Shukla; Anit Kumar Sahu; Devin Willmott; J. Zico Kolter http://arxiv.org/abs/1909.13806 Min-Max Optimization without Gradients: Convergence and Applications to Adversarial ML. Sijia Liu; Songtao Lu; Xiangyi Chen; Yao Feng; Kaidi Xu; Abdullah Al-Dujaili; Minyi Hong; Una-May O'Reilly http://arxiv.org/abs/1910.00068 Role of Spatial Context in Adversarial Robustness for Object Detection. Aniruddha Saha; Akshayvarun Subramanya; Koninika Patil; Hamed Pirsiavash http://arxiv.org/abs/1910.06907 Techniques for Adversarial Examples Threatening the Safety of Artificial Intelligence Based Systems. Utku Kose http://arxiv.org/abs/1909.12734 Maximal adversarial perturbations for obfuscation: Hiding certain attributes while preserving rest. Indu Ilanchezian; Praneeth Vepakomma; Abhishek Singh; Otkrist Gupta; G. N. Srinivasa Prasanna; Ramesh Raskar http://arxiv.org/abs/1909.12741 Impact of Low-bitwidth Quantization on the Adversarial Robustness for Embedded Neural Networks. Rémi Bernhard; Pierre-Alain Moellic; Jean-Max Dutertre http://arxiv.org/abs/1910.04858 Training-Free Uncertainty Estimation for Dense Regression: Sensitivity as a Surrogate. (1%) Lu Mi; Hao Wang; Yonglong Tian; Hao He; Nir Shavit http://arxiv.org/abs/1909.12031 Towards Understanding the Transferability of Deep Representations. Hong Liu; Mingsheng Long; Jianmin Wang; Michael I. Jordan http://arxiv.org/abs/1909.12167 Adversarial Machine Learning Attack on Modulation Classification. Muhammad Usama; Muhammad Asim; Junaid Qadir; Ala Al-Fuqaha; Muhammad Ali Imran http://arxiv.org/abs/1909.12161 Adversarial ML Attack on Self Organizing Cellular Networks. Salah-ud-din Farooq; Muhammad Usama; Junaid Qadir; Muhammad Ali Imran http://arxiv.org/abs/1909.12180 Towards neural networks that provably know when they don't know. Alexander Meinke; Matthias Hein http://arxiv.org/abs/1909.12272 Lower Bounds on Adversarial Robustness from Optimal Transport. Arjun Nitin Bhagoji; Daniel Cullina; Prateek Mittal http://arxiv.org/abs/1909.11786 Probabilistic Modeling of Deep Features for Out-of-Distribution and Adversarial Detection. Nilesh A. Ahuja; Ibrahima Ndiour; Trushant Kalyanpur; Omesh Tickoo http://arxiv.org/abs/1909.11515 Mixup Inference: Better Exploiting Mixup to Defend Adversarial Attacks. Tianyu Pang; Kun Xu; Jun Zhu http://arxiv.org/abs/1909.11764 FreeLB: Enhanced Adversarial Training for Natural Language Understanding. Chen Zhu; Yu Cheng; Zhe Gan; Siqi Sun; Tom Goldstein; Jingjing Liu http://arxiv.org/abs/1909.11202 A Visual Analytics Framework for Adversarial Text Generation. Brandon Laughlin; Christopher Collins; Karthik Sankaranarayanan; Khalil El-Khatib http://arxiv.org/abs/1909.11167 Intelligent image synthesis to attack a segmentation CNN using adversarial learning. Liang Chen; Paul Bentley; Kensaku Mori; Kazunari Misawa; Michitaka Fujiwara; Daniel Rueckert http://arxiv.org/abs/1909.10773 Sign-OPT: A Query-Efficient Hard-label Adversarial Attack. Minhao Cheng; Simranjit Singh; Patrick Chen; Pin-Yu Chen; Sijia Liu; Cho-Jui Hsieh http://arxiv.org/abs/1909.11201 Matrix Sketching for Secure Collaborative Machine Learning. (1%) Mengjiao Zhang; Shusen Wang http://arxiv.org/abs/1909.10594 MemGuard: Defending against Black-Box Membership Inference Attacks via Adversarial Examples. Jinyuan Jia; Ahmed Salem; Michael Backes; Yang Zhang; Neil Zhenqiang Gong http://arxiv.org/abs/1909.10147 Robust Local Features for Improving the Generalization of Adversarial Training. Chuanbiao Song; Kun He; Jiadong Lin; Liwei Wang; John E. Hopcroft http://arxiv.org/abs/1909.10480 FENCE: Feasible Evasion Attacks on Neural Networks in Constrained Environments. Alesia Chernikova; Alina Oprea http://arxiv.org/abs/1909.09938 HAWKEYE: Adversarial Example Detector for Deep Neural Networks. Jinkyu Koo; Michael Roth; Saurabh Bagchi http://arxiv.org/abs/1909.10023 Towards Interpreting Recurrent Neural Networks through Probabilistic Abstraction. Guoliang Dong; Jingyi Wang; Jun Sun; Yang Zhang; Xinyu Wang; Ting Dai; Jin Song Dong; Xingen Wang http://arxiv.org/abs/1909.09481 Adversarial Learning with Margin-based Triplet Embedding Regularization. Yaoyao Zhong; Weihong Deng http://arxiv.org/abs/1909.09735 COPYCAT: Practical Adversarial Attacks on Visualization-Based Malware Detection. Aminollah Khormali; Ahmed Abusnaina; Songqing Chen; DaeHun Nyang; Aziz Mohaisen http://arxiv.org/abs/1909.09552 Defending Against Physically Realizable Attacks on Image Classification. Tong Wu; Liang Tong; Yevgeniy Vorobeychik http://arxiv.org/abs/1909.09263 Propagated Perturbation of Adversarial Attack for well-known CNNs: Empirical Study and its Explanation. Jihyeun Yoon; Kyungyul Kim; Jongseong Jang http://arxiv.org/abs/1909.08864 Adversarial Vulnerability Bounds for Gaussian Process Classification. Michael Thomas Smith; Kathrin Grosse; Michael Backes; Mauricio A Alvarez http://arxiv.org/abs/1909.08830 Absum: Simple Regularization Method for Reducing Structural Sensitivity of Convolutional Neural Networks. Sekitoshi Kanai; Yasutoshi Ida; Yasuhiro Fujiwara; Masanori Yamada; Shuichi Adachi http://arxiv.org/abs/1909.12927 Toward Robust Image Classification. Basemah Alshemali; Alta Graham; Jugal Kalita http://arxiv.org/abs/1909.09034 Training Robust Deep Neural Networks via Adversarial Noise Propagation. Aishan Liu; Xianglong Liu; Chongzhi Zhang; Hang Yu; Qiang Liu; Dacheng Tao http://arxiv.org/abs/1909.08072 Adversarial Attacks and Defenses in Images, Graphs and Text: A Review. Han Xu; Yao Ma; Haochen Liu; Debayan Deb; Hui Liu; Jiliang Tang; Anil Jain http://arxiv.org/abs/1909.07873 Generating Black-Box Adversarial Examples for Text Classifiers Using a Deep Reinforced Model. Prashanth Vijayaraghavan; Deb Roy http://arxiv.org/abs/1909.08526 Defending against Machine Learning based Inference Attacks via Adversarial Examples: Opportunities and Challenges. Jinyuan Jia; Neil Zhenqiang Gong http://arxiv.org/abs/1909.07490 They Might NOT Be Giants: Crafting Black-Box Adversarial Examples with Fewer Queries Using Particle Swarm Optimization. Rayan Mosli; Matthew Wright; Bo Yuan; Yin Pan http://arxiv.org/abs/1909.07558 HAD-GAN: A Human-perception Auxiliary Defense GAN to Defend Adversarial Examples. Wanting Yu; Hongyi Yu; Lingyun Jiang; Mengli Zhang; Kai Qiao; Linyuan Wang; Bin Yan http://arxiv.org/abs/1909.07283 Towards Quality Assurance of Software Product Lines with Adversarial Configurations. Paul Temple; Mathieu Acher; Gilles Perrouin; Battista Biggio; Jean-marc Jezequel; Fabio Roli http://arxiv.org/abs/1909.06978 Interpreting and Improving Adversarial Robustness with Neuron Sensitivity. Chongzhi Zhang; Aishan Liu; Xianglong Liu; Yitao Xu; Hang Yu; Yuqing Ma; Tianlin Li http://arxiv.org/abs/1909.06727 An Empirical Study towards Characterizing Deep Learning Development and Deployment across Different Frameworks and Platforms. Qianyu Guo; Sen Chen; Xiaofei Xie; Lei Ma; Qiang Hu; Hongtao Liu; Yang Liu; Jianjun Zhao; Xiaohong Li http://arxiv.org/abs/1909.06872 Detecting Adversarial Samples Using Influence Functions and Nearest Neighbors. Gilad Cohen; Guillermo Sapiro; Raja Giryes http://arxiv.org/abs/1909.06723 Natural Language Adversarial Attacks and Defenses in Word Level. Xiaosen Wang; Hao Jin; Kun He http://arxiv.org/abs/1909.06500 Adversarial Attack on Skeleton-based Human Action Recognition. Jian Liu; Naveed Akhtar; Ajmal Mian http://arxiv.org/abs/1909.06044 Say What I Want: Towards the Dark Side of Neural Dialogue Models. Haochen Liu; Tyler Derr; Zitao Liu; Jiliang Tang http://arxiv.org/abs/1909.06271 White-Box Adversarial Defense via Self-Supervised Data Estimation. Zudi Lin; Hanspeter Pfister; Ziming Zhang http://arxiv.org/abs/1909.06137 Defending Against Adversarial Attacks by Suppressing the Largest Eigenvalue of Fisher Information Matrix. Chaomin Shen; Yaxin Peng; Guixu Zhang; Jinsong Fan http://arxiv.org/abs/1909.05527 Inspecting adversarial examples using the Fisher information. Jörg Martin; Clemens Elster http://arxiv.org/abs/1909.05580 An Empirical Investigation of Randomized Defenses against Adversarial Attacks. Yannik Potdevin; Dirk Nowotka; Vijay Ganesh http://arxiv.org/abs/1909.05921 Transferable Adversarial Robustness using Adversarially Trained Autoencoders. Pratik Vaishnavi; Kevin Eykholt; Atul Prakash; Amir Rahmati http://arxiv.org/abs/1909.05443 Feedback Learning for Improving the Robustness of Neural Networks. Chang Song; Zuoguan Wang; Hai Li http://arxiv.org/abs/1909.05040 Sparse and Imperceivable Adversarial Attacks. Francesco Croce; Matthias Hein http://arxiv.org/abs/1909.04779 Localized Adversarial Training for Increased Accuracy and Robustness in Image Classification. Eitan Rothberg; Tingting Chen; Luo Jie; Hao Ji http://arxiv.org/abs/1909.04837 Identifying and Resisting Adversarial Videos Using Temporal Consistency. Xiaojun Jia; Xingxing Wei; Xiaochun Cao http://arxiv.org/abs/1909.04778 Effectiveness of Adversarial Examples and Defenses for Malware Classification. Robert Podschwadt; Hassan Takabi http://arxiv.org/abs/1909.04839 Towards Noise-Robust Neural Networks via Progressive Adversarial Training. Hang Yu; Aishan Liu; Xianglong Liu; Jichen Yang; Chongzhi Zhang http://arxiv.org/abs/1909.04326 UPC: Learning Universal Physical Camouflage Attacks on Object Detectors. Lifeng Huang; Chengying Gao; Yuyin Zhou; Changqing Zou; Cihang Xie; Alan Yuille; Ning Liu http://arxiv.org/abs/1909.04385 FDA: Feature Disruptive Attack. Aditya Ganeshan; B. S. Vivek; R. Venkatesh Babu http://arxiv.org/abs/1909.04311 Learning to Disentangle Robust and Vulnerable Features for Adversarial Detection. Byunggill Joe; Sung Ju Hwang; Insik Shin http://arxiv.org/abs/1909.04288 Toward Finding The Global Optimal of Adversarial Examples. Zhenxin Xiao; Kai-Wei Chang; Cho-Jui Hsieh http://arxiv.org/abs/1909.04068 Adversarial Robustness Against the Union of Multiple Perturbation Models. Pratyush Maini; Eric Wong; J. Zico Kolter http://arxiv.org/abs/1909.04126 DeepObfuscator: Obfuscating Intermediate Representations with Privacy-Preserving Adversarial Learning on Smartphones. (1%) Ang Li; Jiayi Guo; Huanrui Yang; Flora D. Salim; Yiran Chen http://arxiv.org/abs/1909.03413 STA: Adversarial Attacks on Siamese Trackers. Xugang Wu; Xiaoping Wang; Xu Zhou; Songlei Jian http://arxiv.org/abs/1909.03418 When Explainability Meets Adversarial Learning: Detecting Adversarial Examples using SHAP Signatures. Gil Fidel; Ron Bitton; Asaf Shabtai http://arxiv.org/abs/1909.03084 Learning to Discriminate Perturbations for Blocking Adversarial Attacks in Text Classification. Yichao Zhou; Jyun-Yu Jiang; Kai-Wei Chang; Wei Wang http://arxiv.org/abs/1909.04495 Natural Adversarial Sentence Generation with Gradient-based Perturbation. Yu-Lun Hsieh; Minhao Cheng; Da-Cheng Juan; Wei Wei; Wen-Lian Hsu; Cho-Jui Hsieh http://arxiv.org/abs/1909.02918 Blackbox Attacks on Reinforcement Learning Agents Using Approximated Temporal Information. Yiren Zhao; Ilia Shumailov; Han Cui; Xitong Gao; Robert Mullins; Ross Anderson http://arxiv.org/abs/1909.02583 Spatiotemporally Constrained Action Space Attacks on Deep Reinforcement Learning Agents. Xian Yeow Lee; Sambit Ghadai; Kai Liang Tan; Chinmay Hegde; Soumik Sarkar http://arxiv.org/abs/1909.02560 Adversarial Examples with Difficult Common Words for Paraphrase Identification. Zhouxing Shi; Minlie Huang; Ting Yao; Jingfang Xu http://arxiv.org/abs/1909.02436 Are Adversarial Robustness and Common Perturbation Robustness Independent Attributes ? Alfred Laugros; Alice Caplier; Matthieu Ospici http://arxiv.org/abs/1909.00986 Certified Robustness to Adversarial Word Substitutions. Robin Jia; Aditi Raghunathan; Kerem Göksel; Percy Liang http://arxiv.org/abs/1909.01492 Achieving Verified Robustness to Symbol Substitutions via Interval Bound Propagation. Po-Sen Huang; Robert Stanforth; Johannes Welbl; Chris Dyer; Dani Yogatama; Sven Gowal; Krishnamurthy Dvijotham; Pushmeet Kohli http://arxiv.org/abs/1909.00900 Metric Learning for Adversarial Robustness. Chengzhi Mao; Ziyuan Zhong; Junfeng Yang; Carl Vondrick; Baishakhi Ray http://arxiv.org/abs/1908.11514 Adversarial Training Methods for Network Embedding. Quanyu Dai; Xiao Shen; Liang Zhang; Qiang Li; Dan Wang http://arxiv.org/abs/1908.11091 Deep Neural Network Ensembles against Deception: Ensemble Diversity, Accuracy and Robustness. Ling Liu; Wenqi Wei; Ka-Ho Chow; Margaret Loper; Emre Gursoy; Stacey Truex; Yanzhao Wu http://arxiv.org/abs/1908.11230 Defeating Misclassification Attacks Against Transfer Learning. Bang Wu; Shuo Wang; Xingliang Yuan; Cong Wang; Carsten Rudolph; Xiangwen Yang http://arxiv.org/abs/1908.11332 Universal, transferable and targeted adversarial attacks. Junde Wu; Rao Fu http://arxiv.org/abs/1908.09705 A Statistical Defense Approach for Detecting Adversarial Examples. Alessandro Cennamo; Ido Freeman; Anton Kummert http://arxiv.org/abs/1908.09699 Gated Convolutional Networks with Hybrid Connectivity for Image Classification. Chuanguang Yang; Zhulin An; Hui Zhu; Xiaolong Hu; Kun Zhang; Kaiqiang Xu; Chao Li; Yongjun Xu http://arxiv.org/abs/1908.09364 Adversarial Edit Attacks for Tree Data. Benjamin Paaßen http://arxiv.org/abs/1908.09327 advPattern: Physical-World Attacks on Deep Person Re-Identification via Adversarially Transformable Patterns. Zhibo Wang; Siyan Zheng; Mengkai Song; Qian Wang; Alireza Rahimpour; Hairong Qi http://arxiv.org/abs/1908.09163 Targeted Mismatch Adversarial Attack: Query with a Flower to Retrieve the Tower. Giorgos Tolias; Filip Radenovic; Ond{ř}ej Chum http://arxiv.org/abs/1908.11435 Improving Adversarial Robustness via Attention and Adversarial Logit Pairing. Dou Goodman; Xingjian Li; Jun Huan; Tao Wei http://arxiv.org/abs/1908.08705 AdvHat: Real-world adversarial attack on ArcFace Face ID system. Stepan Komkov; Aleksandr Petiushko http://arxiv.org/abs/1908.08413 Saliency Methods for Explaining Adversarial Attacks. Jindong Gu; Volker Tresp http://arxiv.org/abs/1908.08016 Testing Robustness Against Unforeseen Adversaries. Daniel Kang; Yi Sun; Dan Hendrycks; Tom Brown; Jacob Steinhardt http://arxiv.org/abs/1908.07899 Evaluating Defensive Distillation For Defending Text Processing Neural Networks Against Adversarial Examples. Marcus Soll; Tobias Hinz; Sven Magg; Stefan Wermter http://arxiv.org/abs/1908.07667 Denoising and Verification Cross-Layer Ensemble Against Black-box Adversarial Attacks. Ka-Ho Chow; Wenqi Wei; Yanzhao Wu; Ling Liu http://arxiv.org/abs/1908.07558 Transferring Robustness for Graph Neural Network Against Poisoning Attacks. Xianfeng Tang; Yandong Li; Yiwei Sun; Huaxiu Yao; Prasenjit Mitra; Suhang Wang http://arxiv.org/abs/1908.07125 Universal Adversarial Triggers for NLP. Eric Wallace; Shi Feng; Nikhil Kandpal; Matt Gardner; Sameer Singh http://arxiv.org/abs/1908.07116 Protecting Neural Networks with Hierarchical Random Switching: Towards Better Robustness-Accuracy Trade-off for Stochastic Defenses. Xiao Wang; Siyue Wang; Pin-Yu Chen; Yanzhi Wang; Brian Kulis; Xue Lin; Peter Chin http://arxiv.org/abs/1908.07000 Hybrid Batch Attacks: Finding Black-box Adversarial Examples with Limited Queries. Fnu Suya; Jianfeng Chi; David Evans; Yuan Tian http://arxiv.org/abs/1908.06401 On the Robustness of Human Pose Estimation. Sahil Shah; Naman Jain; Abhishek Sharma; Arjun Jain http://arxiv.org/abs/1908.06566 Adversarial Defense by Suppressing High-frequency Components. Zhendong Zhang; Cheolkon Jung; Xiaolong Liang http://arxiv.org/abs/1908.06353 Verification of Neural Network Control Policy Under Persistent Adversarial Perturbation. Yuh-Shyang Wang; Tsui-Wei Weng; Luca Daniel http://arxiv.org/abs/1908.06281 Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks. Jiadong Lin; Chuanbiao Song; Kun He; Liwei Wang; John E. Hopcroft http://arxiv.org/abs/1908.06062 Adversarial point perturbations on 3D objects. Daniel Liu; Ronald Yu; Hao Su http://arxiv.org/abs/1908.05185 Once a MAN: Towards Multi-Target Attack via Learning Multi-Target Adversarial Network Once. Jiangfan Han; Xiaoyi Dong; Ruimao Zhang; Dongdong Chen; Weiming Zhang; Nenghai Yu; Ping Luo; Xiaogang Wang http://arxiv.org/abs/1908.05008 AdvFaces: Adversarial Face Synthesis. Debayan Deb; Jianbang Zhang; Anil K. Jain http://arxiv.org/abs/1908.05195 DAPAS : Denoising Autoencoder to Prevent Adversarial attack in Semantic Segmentation. Seungju Cho; Tae Joon Jun; Byungsoo Oh; Daeyoung Kim http://arxiv.org/abs/1908.04473 On Defending Against Label Flipping Attacks on Malware Detection Systems. Rahim Taheri; Reza Javidan; Mohammad Shojafar; Zahra Pooranian; Ali Miri; Mauro Conti http://arxiv.org/abs/1908.04355 Adversarial Neural Pruning with Latent Vulnerability Suppression. Divyam Madaan; Jinwoo Shin; Sung Ju Hwang http://arxiv.org/abs/1908.03560 On the Adversarial Robustness of Neural Networks without Weight Transport. Mohamed Akrout http://arxiv.org/abs/1908.03176 Defending Against Adversarial Iris Examples Using Wavelet Decomposition. Sobhan Soleymani; Ali Dabouei; Jeremy Dawson; Nasser M. Nasrabadi http://arxiv.org/abs/1908.03173 Universal Adversarial Audio Perturbations. Sajjad Abdoli; Luiz G. Hafemann; Jerome Rony; Ismail Ben Ayed; Patrick Cardinal; Alessandro L. Koerich http://arxiv.org/abs/1908.02435 Improved Adversarial Robustness by Reducing Open Space Risk via Tent Activations. Andras Rozsa; Terrance E. Boult http://arxiv.org/abs/1908.02802 Investigating Decision Boundaries of Trained Neural Networks. Roozbeh Yousefzadeh; Dianne P O'Leary http://arxiv.org/abs/1908.02374 Explaining Deep Neural Networks Using Spectrum-Based Fault Localization. Youcheng Sun; Hana Chockler; Xiaowei Huang; Daniel Kroening http://arxiv.org/abs/1908.02199 MetaAdvDet: Towards Robust Detection of Evolving Adversarial Attacks. Chen Ma; Chenxu Zhao; Hailin Shi; Li Chen; Junhai Yong; Dan Zeng http://arxiv.org/abs/1908.02256 BlurNet: Defense by Filtering the Feature Maps. Ravi Raju; Mikko Lipasti http://arxiv.org/abs/1908.02658 Random Directional Attack for Fooling Deep Neural Networks. Wenjian Luo; Chenwang Wu; Nan Zhou; Li Ni http://arxiv.org/abs/1908.01517 Adversarial Self-Defense for Cycle-Consistent GANs. Dina Bashkirova; Ben Usman; Kate Saenko http://arxiv.org/abs/1908.01469 Automated Detection System for Adversarial Examples with High-Frequency Noises Sieve. Dang Duy Thang; Toshihiro Matsui http://arxiv.org/abs/1908.01667 A principled approach for generating adversarial images under non-smooth dissimilarity metrics. Aram-Alexandre Pooladian; Chris Finlay; Tim Hoheisel; Adam Oberman http://arxiv.org/abs/1908.01551 Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition Systems. Lea Schönherr; Thorsten Eisenhofer; Steffen Zeiler; Thorsten Holz; Dorothea Kolossa http://arxiv.org/abs/1908.01297 A Restricted Black-box Adversarial Framework Towards Attacking Graph Embedding Models. Heng Chang; Yu Rong; Tingyang Xu; Wenbing Huang; Honglei Zhang; Peng Cui; Wenwu Zhu; Junzhou Huang http://arxiv.org/abs/1908.01165 Exploring the Robustness of NMT Systems to Nonsensical Inputs. Akshay Chaturvedi; Abijith KP; Utpal Garain http://arxiv.org/abs/1908.00706 AdvGAN++ : Harnessing latent layers for adversary generation. Puneet Mangla; Surgan Jandial; Sakshi Varshney; Vineeth N Balasubramanian http://arxiv.org/abs/1908.00635 Black-box Adversarial ML Attack on Modulation Classification. Muhammad Usama; Junaid Qadir; Ala Al-Fuqaha http://arxiv.org/abs/1908.00656 Robustifying deep networks for image segmentation. Zheng Liu; Jinnian Zhang; Varun Jog; Po-Ling Loh; Alan B McMillan http://arxiv.org/abs/1908.00096 Adversarial Robustness Curves. Christina Göpfert; Jan Philip Göpfert; Barbara Hammer http://arxiv.org/abs/1907.13548 Optimal Attacks on Reinforcement Learning Policies. Alessio Russo; Alexandre Proutiere http://arxiv.org/abs/1907.13124 Impact of Adversarial Examples on Deep Learning Models for Biomedical Image Segmentation. Utku Ozbulak; Messem Arnout Van; Neve Wesley De http://arxiv.org/abs/1907.12744 Not All Adversarial Examples Require a Complex Defense: Identifying Over-optimized Adversarial Examples with IQR-based Logit Thresholding. Utku Ozbulak; Messem Arnout Van; Neve Wesley De http://arxiv.org/abs/1907.12138 Are Odds Really Odd? Bypassing Statistical Detection of Adversarial Examples. Hossein Hosseini; Sreeram Kannan; Radha Poovendran http://arxiv.org/abs/1907.11932 Is BERT Really Robust? A Strong Baseline for Natural Language Attack on Text Classification and Entailment. Di Jin; Zhijing Jin; Joey Tianyi Zhou; Peter Szolovits http://arxiv.org/abs/1907.11780 Understanding Adversarial Robustness: The Trade-off between Minimum and Average Margin. Kaiwen Wu; Yaoliang Yu http://arxiv.org/abs/1907.11684 On the Design of Black-box Adversarial Examples by Leveraging Gradient-free Optimization and Operator Splitting Method. Pu Zhao; Sijia Liu; Pin-Yu Chen; Nghia Hoang; Kaidi Xu; Bhavya Kailkhura; Xue Lin http://arxiv.org/abs/1907.10310 Towards Adversarially Robust Object Detection. Haichao Zhang; Jianyu Wang http://arxiv.org/abs/1907.10737 Joint Adversarial Training: Incorporating both Spatial and Pixel Attacks. Haichao Zhang; Jianyu Wang http://arxiv.org/abs/1907.10764 Defense Against Adversarial Attacks Using Feature Scattering-based Adversarial Training. Haichao Zhang; Jianyu Wang http://arxiv.org/abs/1907.12934 Weakly Supervised Localization using Min-Max Entropy: an Interpretable Framework. Soufiane Belharbi; Jérôme Rony; Jose Dolz; Ismail Ben Ayed; Luke McCaffrey; Eric Granger http://arxiv.org/abs/1907.10456 Understanding Adversarial Attacks on Deep Learning Based Medical Image Analysis Systems. Xingjun Ma; Yuhao Niu; Lin Gu; Yisen Wang; Yitian Zhao; James Bailey; Feng Lu http://arxiv.org/abs/1907.10823 Enhancing Adversarial Example Transferability with an Intermediate Level Attack. Qian Huang; Isay Katsman; Horace He; Zeqi Gu; Serge Belongie; Ser-Nam Lim http://arxiv.org/abs/1907.09470 Characterizing Attacks on Deep Reinforcement Learning. Xinlei Pan; Chaowei Xiao; Warren He; Shuang Yang; Jian Peng; Mingjie Sun; Jinfeng Yi; Zijiang Yang; Mingyan Liu; Bo Li; Dawn Song http://arxiv.org/abs/1907.07732 Connecting Lyapunov Control Theory to Adversarial Attacks. Arash Rahnama; Andre T. Nguyen; Edward Raff http://arxiv.org/abs/1907.07640 Robustness properties of Facebook's ResNeXt WSL models. A. Emin Orhan http://arxiv.org/abs/1907.07487 Constrained Concealment Attacks against Reconstruction-based Anomaly Detectors in Industrial Control Systems. Alessandro Erba; Riccardo Taormina; Stefano Galelli; Marcello Pogliani; Michele Carminati; Stefano Zanero; Nils Ole Tippenhauer http://arxiv.org/abs/1907.07291 Adversarial Security Attacks and Perturbations on Machine Learning and Deep Learning Methods. Arif Siddiqi http://arxiv.org/abs/1907.07001 Latent Adversarial Defence with Boundary-guided Generation. Xiaowei Zhou; Ivor W. Tsang; Jie Yin http://arxiv.org/abs/1907.07174 Natural Adversarial Examples. Dan Hendrycks; Kevin Zhao; Steven Basart; Jacob Steinhardt; Dawn Song http://arxiv.org/abs/1907.06826 Adversarial Sensor Attack on LiDAR-based Perception in Autonomous Driving. Yulong Cao; Chaowei Xiao; Benjamin Cyr; Yimeng Zhou; Won Park; Sara Rampazzi; Qi Alfred Chen; Kevin Fu; Z. Morley Mao http://arxiv.org/abs/1907.07296 Explaining Vulnerabilities to Adversarial Machine Learning through Visual Analytics. Yuxin Ma; Tiankai Xie; Jundong Li; Ross Maciejewski http://arxiv.org/abs/1907.06800 Graph Interpolating Activation Improves Both Natural and Robust Accuracies in Data-Efficient Deep Learning. Bao Wang; Stanley J. Osher http://arxiv.org/abs/1907.06565 Recovery Guarantees for Compressible Signals with Adversarial Noise. Jasjeet Dhaliwal; Kyle Hambrook http://arxiv.org/abs/1907.06291 Measuring the Transferability of Adversarial Examples. Deyan Petrov; Timothy M. Hospedales http://arxiv.org/abs/1907.05793 Unsupervised Adversarial Attacks on Deep Feature-based Retrieval with GAN. Guoping Zhao; Mingyu Zhang; Jiajun Liu; Ji-Rong Wen http://arxiv.org/abs/1907.05587 Stateful Detection of Black-Box Adversarial Attacks. Steven Chen; Nicholas Carlini; David Wagner http://arxiv.org/abs/1907.05600 Generative Modeling by Estimating Gradients of the Data Distribution. Yang Song; Stefano Ermon http://arxiv.org/abs/1907.05718 Why Blocking Targeted Adversarial Perturbations Impairs the Ability to Learn. Ziv Katzir; Yuval Elovici http://arxiv.org/abs/1907.05418 Adversarial Objects Against LiDAR-Based Autonomous Driving Systems. Yulong Cao; Chaowei Xiao; Dawei Yang; Jing Fang; Ruigang Yang; Mingyan Liu; Bo Li http://arxiv.org/abs/1907.04774 Metamorphic Detection of Adversarial Examples in Deep Learning Models With Affine Transformations. Rohan Reddy Mekala; Gudjon Einar Magnusson; Adam Porter; Mikael Lindvall; Madeline Diep http://arxiv.org/abs/1907.04449 PhysGAN: Generating Physical-World-Resilient Adversarial Examples for Autonomous Driving. Zelun Kong; Junfeng Guo; Ang Li; Cong Liu http://arxiv.org/abs/1907.05274 Affine Disentangled GAN for Interpretable and Robust AV Perception. Letao Liu; Martin Saerbeck; Justin Dauwels http://arxiv.org/abs/1907.02957 Detecting and Diagnosing Adversarial Images with Class-Conditional Capsule Reconstructions. Yao Qin; Nicholas Frosst; Sara Sabour; Colin Raffel; Garrison Cottrell; Geoffrey Hinton http://arxiv.org/abs/1907.02610 Adversarial Robustness through Local Linearization. Chongli Qin; James Martens; Sven Gowal; Dilip Krishnan; Krishnamurthy Dvijotham; Alhussein Fawzi; Soham De; Robert Stanforth; Pushmeet Kohli http://arxiv.org/abs/1907.02477 Adversarial Attacks in Sound Event Classification. Vinod Subramanian; Emmanouil Benetos; Ning Xu; SKoT McDonald; Mark Sandler http://arxiv.org/abs/1907.01996 Robust Synthesis of Adversarial Visual Examples Using a Deep Image Prior. Thomas Gittings; Steve Schneider; John Collomosse http://arxiv.org/abs/1907.02044 Minimally distorted Adversarial Examples with a Fast Adaptive Boundary Attack. Francesco Croce; Matthias Hein http://arxiv.org/abs/1907.01216 Efficient Cyber Attacks Detection in Industrial Control Systems Using Lightweight Neural Networks and PCA. Moshe Kravchik; Asaf Shabtai http://arxiv.org/abs/1907.01197 Treant: Training Evasion-Aware Decision Trees. Stefano Calzavara; Claudio Lucchese; Gabriele Tolomei; Seyum Assefa Abebe; Salvatore Orlando http://arxiv.org/abs/1907.00895 Comment on "Adv-BNN: Improved Adversarial Defense through Robust Bayesian Neural Network". Roland S. Zimmermann http://arxiv.org/abs/1907.01023 Diminishing the Effect of Adversarial Perturbations via Refining Feature Representation. Nader Asadi; AmirMohammad Sarfi; Sahba Tahsini; Mahdi Eftekhari http://arxiv.org/abs/1907.01003 Accurate, reliable and fast robustness evaluation. Wieland Brendel; Jonas Rauber; Matthias Kümmerer; Ivan Ustyuzhaninov; Matthias Bethge http://arxiv.org/abs/1907.00374 Fooling a Real Car with Adversarial Traffic Signs. Nir Morgulis; Alexander Kreines; Shachar Mendelowitz; Yuval Weisglass http://arxiv.org/abs/1906.12340 Using Self-Supervised Learning Can Improve Model Robustness and Uncertainty. Dan Hendrycks; Mantas Mazeika; Saurav Kadavath; Dawn Song http://arxiv.org/abs/1906.12269 Certifiable Robustness and Robust Training for Graph Convolutional Networks. Daniel Zügner; Stephan Günnemann http://arxiv.org/abs/1906.12061 Learning to Cope with Adversarial Attacks. Xian Yeow Lee; Aaron Havens; Girish Chowdhary; Soumik Sarkar http://arxiv.org/abs/1907.00098 Robustness Guarantees for Deep Neural Networks on Videos. Min Wu; Marta Kwiatkowska http://arxiv.org/abs/1906.11729 Using Intuition from Empirical Properties to Simplify Adversarial Training Defense. Guanxiong Liu; Issa Khalil; Abdallah Khreishah http://arxiv.org/abs/1906.11567 Adversarial Robustness via Label-Smoothing. Morgane Goibert; Elvis Dohmatob http://arxiv.org/abs/1906.11667 Evolving Robust Neural Architectures to Defend from Adversarial Attacks. Shashank Kotyan; Danilo Vasconcellos Vargas http://arxiv.org/abs/1906.11327 The Adversarial Robustness of Sampling. Omri Ben-Eliezer; Eylon Yogev http://arxiv.org/abs/1906.10973 Defending Adversarial Attacks by Correcting logits. Yifeng Li; Lingxi Xie; Ya Zhang; Rui Zhang; Yanfeng Wang; Qi Tian http://arxiv.org/abs/1906.10395 Quantitative Verification of Neural Networks And its Security Applications. Teodora Baluta; Shiqi Shen; Shweta Shinde; Kuldeep S. Meel; Prateek Saxena http://arxiv.org/abs/1906.10773 Are Adversarial Perturbations a Showstopper for ML-Based CAD? A Case Study on CNN-Based Lithographic Hotspot Detection. Kang Liu; Haoyu Yang; Yuzhe Ma; Benjamin Tan; Bei Yu; Evangeline F. Y. Young; Ramesh Karri; Siddharth Garg http://arxiv.org/abs/1906.10571 Deceptive Reinforcement Learning Under Adversarial Manipulations on Cost Signals. Yunhan Huang; Quanyan Zhu http://arxiv.org/abs/1906.09525 Defending Against Adversarial Examples with K-Nearest Neighbor. Chawin Sitawarin; David Wagner http://arxiv.org/abs/1906.09288 Hiding Faces in Plain Sight: Disrupting AI Face Synthesis with Adversarial Perturbations. Yuezun Li; Xin Yang; Baoyuan Wu; Siwei Lyu http://arxiv.org/abs/1906.08988 A Fourier Perspective on Model Robustness in Computer Vision. Dong Yin; Raphael Gontijo Lopes; Jonathon Shlens; Ekin D. Cubuk; Justin Gilmer http://arxiv.org/abs/1906.09072 Evolution Attack On Neural Networks. YiGui Luo; RuiJia Yang; Wei Sha; WeiYi Ding; YouTeng Sun; YiSi Wang http://arxiv.org/abs/1906.09300 Adversarial Examples to Fool Iris Recognition Systems. Sobhan Soleymani; Ali Dabouei; Jeremy Dawson; Nasser M. Nasrabadi http://arxiv.org/abs/1906.09313 A Cyclically-Trained Adversarial Network for Invariant Representation Learning. Jiawei Chen; Janusz Konrad; Prakash Ishwar http://arxiv.org/abs/1906.11897 On Physical Adversarial Patches for Object Detection. Mark Lee; Zico Kolter http://arxiv.org/abs/1907.03720 Catfish Effect Between Internal and External Attackers:Being Semi-honest is Helpful. Hanqing Liu; Na Ruan; Joseph K. Liu http://arxiv.org/abs/1906.08416 Improving the robustness of ImageNet classifiers using elements of human visual cognition. A. Emin Orhan; Brenden M. Lake http://arxiv.org/abs/1906.07982 A unified view on differential privacy and robustness to adversarial examples. Rafael Pinot; Florian Yger; Cédric Gouy-Pailler; Jamal Atif http://arxiv.org/abs/1906.07916 Convergence of Adversarial Training in Overparametrized Networks. Ruiqi Gao; Tianle Cai; Haochuan Li; Liwei Wang; Cho-Jui Hsieh; Jason D. Lee http://arxiv.org/abs/1906.07920 Global Adversarial Attacks for Assessing Deep Learning Robustness. Hanbin Hu; Mit Shah; Jianhua Z. Huang; Peng Li http://arxiv.org/abs/1906.07997 Cloud-based Image Classification Service Is Not Robust To Simple Transformations: A Forgotten Battlefield. Dou Goodman; Tao Wei http://arxiv.org/abs/1906.07927 SemanticAdv: Generating Adversarial Examples via Attribute-conditional Image Editing. Haonan Qiu; Chaowei Xiao; Lei Yang; Xinchen Yan; Honglak Lee; Bo Li http://arxiv.org/abs/1906.07153 Adversarial attacks on Copyright Detection Systems. Parsa Saadatpanah; Ali Shafahi; Tom Goldstein http://arxiv.org/abs/1906.06919 Improving Black-box Adversarial Attacks with a Transfer-based Prior. Shuyu Cheng; Yinpeng Dong; Tianyu Pang; Hang Su; Jun Zhu http://arxiv.org/abs/1906.07077 The Attack Generator: A Systematic Approach Towards Constructing Adversarial Attacks. Felix Assion; Peter Schlicht; Florens Greßner; Wiebke Günther; Fabian Hüger; Nico Schmidt; Umair Rasheed http://arxiv.org/abs/1906.06784 Interpolated Adversarial Training: Achieving Robust Neural Networks without Sacrificing Accuracy. Alex Lamb; Vikas Verma; Juho Kannala; Yoshua Bengio http://arxiv.org/abs/1906.06765 Defending Against Adversarial Attacks Using Random Forests. Yifan Ding; Liqiang Wang; Huan Zhang; Jinfeng Yi; Deliang Fan; Boqing Gong http://arxiv.org/abs/1906.06627 Representation Quality Of Neural Networks Links To Adversarial Attacks and Defences. Shashank Kotyan; Danilo Vasconcellos Vargas; Moe Matsuki http://arxiv.org/abs/1906.06032 Adversarial Training Can Hurt Generalization. Aditi Raghunathan; Sang Michael Xie; Fanny Yang; John C. Duchi; Percy Liang http://arxiv.org/abs/1906.06110 Towards Compact and Robust Deep Neural Networks. Vikash Sehwag; Shiqi Wang; Prateek Mittal; Suman Jana http://arxiv.org/abs/1906.06355 Perceptual Based Adversarial Audio Attacks. Joseph Szurley; J. Zico Kolter http://arxiv.org/abs/1906.06086 Copy and Paste: A Simple But Effective Initialization Method for Black-Box Adversarial Attacks. Thomas Brunner; Frederik Diehl; Alois Knoll http://arxiv.org/abs/1906.06449 Robust or Private? Adversarial Training Makes Models More Vulnerable to Privacy Attacks. Felipe A. Mejia; Paul Gamble; Zigfried Hampel-Arias; Michael Lomnitz; Nina Lopatina; Lucas Tindall; Maria Alejandra Barrios http://arxiv.org/abs/1906.06316 Towards Stable and Efficient Training of Verifiably Robust Neural Networks. Huan Zhang; Hongge Chen; Chaowei Xiao; Bo Li; Duane Boning; Cho-Jui Hsieh http://arxiv.org/abs/1906.06026 Adversarial Robustness Assessment: Why both $L_0$ and $L_\infty$ Attacks Are Necessary. Shashank Kotyan; Danilo Vasconcellos Vargas http://arxiv.org/abs/1906.05599 A Computationally Efficient Method for Defending Adversarial Deep Learning Attacks. Rajeev Sahay; Rehana Mahfuz; Aly El Gamal http://arxiv.org/abs/1906.05815 Lower Bounds for Adversarially Robust PAC Learning. Dimitrios I. Diochnos; Saeed Mahloujifar; Mohammad Mahmoody http://arxiv.org/abs/1906.04948 Tight Certificates of Adversarial Robustness for Randomly Smoothed Classifiers. Guang-He Lee; Yang Yuan; Shiyu Chang; Tommi S. Jaakkola http://arxiv.org/abs/1906.04392 Subspace Attack: Exploiting Promising Subspaces for Query-Efficient Black-box Attacks. Ziang Yan; Yiwen Guo; Changshui Zhang http://arxiv.org/abs/1906.04606 Mimic and Fool: A Task Agnostic Adversarial Attack. Akshay Chaturvedi; Utpal Garain http://arxiv.org/abs/1906.04893 Efficient and Accurate Estimation of Lipschitz Constants for Deep Neural Networks. Mahyar Fazlyab; Alexander Robey; Hamed Hassani; Manfred Morari; George J. Pappas http://arxiv.org/abs/1906.03973 E-LPIPS: Robust Perceptual Image Similarity via Random Transformation Ensembles. Markus Kettunen; Erik Härkönen; Jaakko Lehtinen http://arxiv.org/abs/1906.03972 Evaluating the Robustness of Nearest Neighbor Classifiers: A Primal-Dual Perspective. Lu Wang; Xuanqing Liu; Jinfeng Yi; Zhi-Hua Zhou; Cho-Jui Hsieh http://arxiv.org/abs/1906.03849 Robustness Verification of Tree-based Models. Hongge Chen; Huan Zhang; Si Si; Yang Li; Duane Boning; Cho-Jui Hsieh http://arxiv.org/abs/1906.04214 Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective. Kaidi Xu; Hongge Chen; Sijia Liu; Pin-Yu Chen; Tsui-Wei Weng; Mingyi Hong; Xue Lin http://arxiv.org/abs/1906.03612 On the Vulnerability of Capsule Networks to Adversarial Attacks. Felix Michels; Tobias Uelwer; Eric Upschulte; Stefan Harmeling http://arxiv.org/abs/1906.03787 Intriguing properties of adversarial training. Cihang Xie; Alan Yuille http://arxiv.org/abs/1906.03749 Improved Adversarial Robustness via Logit Regularization Methods. Cecilia Summers; Michael J. Dinneen http://arxiv.org/abs/1906.03750 Attacking Graph Convolutional Networks via Rewiring. Yao Ma; Suhang Wang; Tyler Derr; Lingfei Wu; Jiliang Tang http://arxiv.org/abs/1906.03563 Towards A Unified Min-Max Framework for Adversarial Exploration and Robustness. Jingkang Wang; Tianyun Zhang; Sijia Liu; Pin-Yu Chen; Jiacen Xu; Makan Fardad; Bo Li http://arxiv.org/abs/1906.04584 Provably Robust Deep Learning via Adversarially Trained Smoothed Classifiers. Hadi Salman; Greg Yang; Jerry Li; Pengchuan Zhang; Huan Zhang; Ilya Razenshteyn; Sebastien Bubeck http://arxiv.org/abs/1906.03466 Strategies to architect AI Safety: Defense to guard AI from Adversaries. Rajagopal. A; Nirmala. V http://arxiv.org/abs/1906.03455 Sensitivity of Deep Convolutional Networks to Gabor Noise. Kenneth T. Co; Luis Muñoz-González; Emil C. Lupu http://arxiv.org/abs/1906.03499 ML-LOO: Detecting Adversarial Examples with Feature Attribution. Puyudi Yang; Jianbo Chen; Cho-Jui Hsieh; Jane-Ling Wang; Michael I. Jordan http://arxiv.org/abs/1906.03526 Provably Robust Boosted Decision Stumps and Trees against Adversarial Attacks. Maksym Andriushchenko; Matthias Hein http://arxiv.org/abs/1906.03397 Making targeted black-box evasion attacks effective and efficient. Mika Juuti; Buse Gul Atli; N. Asokan http://arxiv.org/abs/1906.03444 Defending Against Universal Attacks Through Selective Feature Regeneration. Tejas Borkar; Felix Heide; Lina Karam http://arxiv.org/abs/1906.03231 A cryptographic approach to black box adversarial machine learning. Kevin Shi; Daniel Hsu; Allison Bishop http://arxiv.org/abs/1906.03367 Using learned optimizers to make models robust to input noise. Luke Metz; Niru Maheswaranathan; Jonathon Shlens; Jascha Sohl-Dickstein; Ekin D. Cubuk http://arxiv.org/abs/1906.03333 Efficient Project Gradient Descent for Ensemble Adversarial Attack. Fanyou Wu; Rado Gazo; Eva Haviarova; Bedrich Benes http://arxiv.org/abs/1906.02931 Inductive Bias of Gradient Descent based Adversarial Training on Separable Data. Yan Li; Ethan X. Fang; Huan Xu; Tuo Zhao http://arxiv.org/abs/1906.02896 Adversarial Explanations for Understanding Image Classification Decisions and Improved Neural Network Robustness. Walt Woods; Jack Chen; Christof Teuscher http://arxiv.org/abs/1906.03310 Robustness for Non-Parametric Classification: A Generic Attack and Defense. Yao-Yuan Yang; Cyrus Rashtchian; Yizhen Wang; Kamalika Chaudhuri http://arxiv.org/abs/1906.02816 Robust Attacks against Multiple Classifiers. Juan C. Perdomo; Yaron Singer http://arxiv.org/abs/1906.02611 Improving Robustness Without Sacrificing Accuracy with Patch Gaussian Augmentation. Raphael Gontijo Lopes; Dong Yin; Ben Poole; Justin Gilmer; Ekin D. Cubuk http://arxiv.org/abs/1906.02494 Understanding Adversarial Behavior of DNNs by Disentangling Non-Robust and Robust Components in Performance Metric. Yujun Shi; Benben Liao; Guangyong Chen; Yun Liu; Ming-Ming Cheng; Jiashi Feng http://arxiv.org/abs/1906.02439 Should Adversarial Attacks Use Pixel p-Norm? Ayon Sen; Xiaojin Zhu; Liam Marshall; Robert Nowak http://arxiv.org/abs/1906.09453 Image Synthesis with a Single (Robust) Classifier. Shibani Santurkar; Dimitris Tsipras; Brandon Tran; Andrew Ilyas; Logan Engstrom; Aleksander Madry http://arxiv.org/abs/1906.02337 MNIST-C: A Robustness Benchmark for Computer Vision. Norman Mu; Justin Gilmer http://arxiv.org/abs/1906.02282 Enhancing Gradient-based Attacks with Symbolic Intervals. Shiqi Wang; Yizheng Chen; Ahmed Abdou; Suman Jana http://arxiv.org/abs/1906.02398 Query-efficient Meta Attack to Deep Neural Networks. Jiawei Du; Hu Zhang; Joey Tianyi Zhou; Yi Yang; Jiashi Feng http://arxiv.org/abs/1906.02032 c-Eval: A Unified Metric to Evaluate Feature-based Explanations via Perturbation. Minh N. Vu; Truc D. Nguyen; NhatHai Phan; Ralucca Gera; My T. Thai http://arxiv.org/abs/1906.02033 Multi-way Encoding for Robustness. Donghyun Kim; Sarah Adel Bargal; Jianming Zhang; Stan Sclaroff http://arxiv.org/abs/1906.01527 Adversarial Training is a Form of Data-dependent Operator Norm Regularization. Kevin Roth; Yannic Kilcher; Thomas Hofmann http://arxiv.org/abs/1906.01121 Adversarial Exploitation of Policy Imitation. Vahid Behzadan; William Hsu http://arxiv.org/abs/1906.01110 RL-Based Method for Benchmarking the Adversarial Resilience and Robustness of Deep Reinforcement Learning Policies. Vahid Behzadan; William Hsu http://arxiv.org/abs/1906.00698 Adversarial Risk Bounds for Neural Networks through Sparsity based Compression. Emilio Rafael Balda; Arash Behboodi; Niklas Koep; Rudolf Mathar http://arxiv.org/abs/1906.00679 The Adversarial Machine Learning Conundrum: Can The Insecurity of ML Become The Achilles' Heel of Cognitive Networks? Muhammad Usama; Junaid Qadir; Ala Al-Fuqaha; Mounir Hamdi http://arxiv.org/abs/1906.00945 Adversarial Robustness as a Prior for Learned Representations. Logan Engstrom; Andrew Ilyas; Shibani Santurkar; Dimitris Tsipras; Brandon Tran; Aleksander Madry http://arxiv.org/abs/1906.00735 Achieving Generalizable Robustness of Deep Neural Networks by Stability Training. Jan Laermann; Wojciech Samek; Nils Strodthoff http://arxiv.org/abs/1906.01040 A Surprising Density of Illusionable Natural Speech. Melody Y. Guan; Gregory Valiant http://arxiv.org/abs/1906.00628 Fast and Stable Interval Bounds Propagation for Training Verifiably Robust Models. Paweł Morawiecki; Przemysław Spurek; Marek Śmieja; Jacek Tabor http://arxiv.org/abs/1906.01171 Understanding the Limitations of Conditional Generative Models. Ethan Fetaya; Jörn-Henrik Jacobsen; Will Grathwohl; Richard Zemel http://arxiv.org/abs/1906.00555 Adversarially Robust Generalization Just Requires More Unlabeled Data. Runtian Zhai; Tianle Cai; Di He; Chen Dan; Kun He; John Hopcroft; Liwei Wang http://arxiv.org/abs/1906.00335 Adversarial Examples for Edge Detection: They Exist, and They Transfer. Christian Cosgrove; Alan L. Yuille http://arxiv.org/abs/1906.00204 Perceptual Evaluation of Adversarial Attacks for CNN-based Image Classification. Sid Ahmed Fezza; Yassine Bakhti; Wassim Hamidouche; Olivier Déforges http://arxiv.org/abs/1906.00258 Enhancing Transformation-based Defenses using a Distribution Classifier. Connie Kou; Hwee Kuan Lee; Ee-Chien Chang; Teck Khim Ng http://arxiv.org/abs/1905.13736 Unlabeled Data Improves Adversarial Robustness. Yair Carmon; Aditi Raghunathan; Ludwig Schmidt; Percy Liang; John C. Duchi http://arxiv.org/abs/1905.13472 Reverse KL-Divergence Training of Prior Networks: Improved Uncertainty and Adversarial Robustness. Andrey Malinin; Mark Gales http://arxiv.org/abs/1905.13725 Are Labels Required for Improving Adversarial Robustness? Jonathan Uesato; Jean-Baptiste Alayrac; Po-Sen Huang; Robert Stanforth; Alhussein Fawzi; Pushmeet Kohli http://arxiv.org/abs/1905.13399 Real-Time Adversarial Attacks. Yuan Gong; Boyang Li; Christian Poellabauer; Yiyu Shi http://arxiv.org/abs/1905.13386 Residual Networks as Nonlinear Systems: Stability Analysis using Linearization. Kai Rothauge; Zhewei Yao; Zixi Hu; Michael W. Mahoney http://arxiv.org/abs/1905.13284 Identifying Classes Susceptible to Adversarial Attacks. Rangeet Pan; Md Johirul Islam; Shibbir Ahmed; Hridesh Rajan http://arxiv.org/abs/1905.13074 Robust Sparse Regularization: Simultaneously Optimizing Neural Network Robustness and Compactness. Adnan Siraj Rakin; Zhezhi He; Li Yang; Yanzhi Wang; Liqiang Wang; Deliang Fan http://arxiv.org/abs/1905.12864 Interpretable Adversarial Training for Text. Samuel Barham; Soheil Feizi http://arxiv.org/abs/1905.12797 Bandlimiting Neural Networks Against Adversarial Attacks. Yuping Lin; Kasra Ahmadi K. A.; Hui Jiang http://arxiv.org/abs/1905.12386 Misleading Authorship Attribution of Source Code using Adversarial Learning. Erwin Quiring; Alwin Maier; Konrad Rieck http://arxiv.org/abs/1905.12762 Securing Connected & Autonomous Vehicles: Challenges Posed by Adversarial Machine Learning and The Way Forward. Adnan Qayyum; Muhammad Usama; Junaid Qadir; Ala Al-Fuqaha http://arxiv.org/abs/1906.00001 Functional Adversarial Attacks. Cassidy Laidlaw; Soheil Feizi http://arxiv.org/abs/1905.12282 CopyCAT: Taking Control of Neural Policies with Constant Attacks. Léonard Hussenot; Matthieu Geist; Olivier Pietquin http://arxiv.org/abs/1905.11971 ME-Net: Towards Effective Adversarial Robustness with Matrix Estimation. Yuzhe Yang; Guo Zhang; Dina Katabi; Zhi Xu http://arxiv.org/abs/1905.11831 Adversarial Attacks on Remote User Authentication Using Behavioural Mouse Dynamics. Yi Xiang Marcus Tan; Alfonso Iacovazzi; Ivan Homoliak; Yuval Elovici; Alexander Binder http://arxiv.org/abs/1905.11713 Improving the Robustness of Deep Neural Networks via Adversarial Training with Triplet Loss. Pengcheng Li; Jinfeng Yi; Bowen Zhou; Lijun Zhang http://arxiv.org/abs/1905.11832 Snooping Attacks on Deep Reinforcement Learning. Matthew Inkawhich; Yiran Chen; Hai Li http://arxiv.org/abs/1905.13545 High Frequency Component Helps Explain the Generalization of Convolutional Neural Networks. Haohan Wang; Xindi Wu; Zeyi Huang; Eric P. Xing http://arxiv.org/abs/1905.12418 Expected Tight Bounds for Robust Training. Salman Alsubaihi; Adel Bibi; Modar Alfadly; Abdullah Hamdi; Bernard Ghanem http://arxiv.org/abs/1905.12202 Empirically Measuring Concentration: Fundamental Limits on Intrinsic Robustness. Saeed Mahloujifar; Xiao Zhang; Mohammad Mahmoody; David Evans http://arxiv.org/abs/1905.11736 Cross-Domain Transferability of Adversarial Perturbations. Muzammal Naseer; Salman H. Khan; Harris Khan; Fahad Shahbaz Khan; Fatih Porikli http://arxiv.org/abs/1905.12105 Certifiably Robust Interpretation in Deep Learning. Alexander Levine; Sahil Singla; Soheil Feizi http://arxiv.org/abs/1905.12171 Brain-inspired reverse adversarial examples. Shaokai Ye; Sia Huat Tan; Kaidi Xu; Yanzhi Wang; Chenglong Bao; Kaisheng Ma http://arxiv.org/abs/1905.11544 Label Universal Targeted Attack. Naveed Akhtar; Mohammad A. A. K. Jalwana; Mohammed Bennamoun; Ajmal Mian http://arxiv.org/abs/1905.11026 Fooling Detection Alone is Not Enough: First Adversarial Attack against Multiple Object Tracking. Yunhan Jia; Yantao Lu; Junjie Shen; Qi Alfred Chen; Zhenyu Zhong; Tao Wei http://arxiv.org/abs/1905.11213 Provable robustness against all adversarial $l_p$-perturbations for $p\geq 1$. Francesco Croce; Matthias Hein http://arxiv.org/abs/1905.11468 Scaleable input gradient regularization for adversarial robustness. Chris Finlay; Adam M Oberman http://arxiv.org/abs/1905.11268 Combating Adversarial Misspellings with Robust Word Recognition. Danish Pruthi; Bhuwan Dhingra; Zachary C. Lipton http://arxiv.org/abs/1905.12429 Analyzing the Interpretability Robustness of Self-Explaining Models. Haizhong Zheng; Earlence Fernandes; Atul Prakash http://arxiv.org/abs/1905.11564 Adversarially Robust Learning Could Leverage Computational Hardness. Sanjam Garg; Somesh Jha; Saeed Mahloujifar; Mohammad Mahmoody http://arxiv.org/abs/1905.11015 Unsupervised Euclidean Distance Attack on Network Embedding. Shanqing Yu; Jun Zheng; Jinhuan Wang; Jian Zhang; Lihong Chen; Qi Xuan; Jinyin Chen; Dan Zhang; Qingpeng Zhang http://arxiv.org/abs/1905.11475 GAT: Generative Adversarial Training for Adversarial Example Detection and Robust Classification. Xuwang Yin; Soheil Kolouri; Gustavo K. Rohde http://arxiv.org/abs/1905.11382 State-Reification Networks: Improving Generalization by Modeling the Distribution of Hidden Representations. Alex Lamb; Jonathan Binas; Anirudh Goyal; Sandeep Subramanian; Ioannis Mitliagkas; Denis Kazakov; Yoshua Bengio; Michael C. Mozer http://arxiv.org/abs/1905.10906 Non-Determinism in Neural Networks for Adversarial Robustness. Daanish Ali Khan; Linhong Li; Ninghao Sha; Zhuoran Liu; Abelino Jimenez; Bhiksha Raj; Rita Singh http://arxiv.org/abs/1905.10729 Purifying Adversarial Perturbation with Adversarially Trained Auto-encoders. Hebi Li; Qi Xiao; Shixin Tian; Jin Tian http://arxiv.org/abs/1905.10900 Rearchitecting Classification Frameworks For Increased Robustness. Varun Chandrasekaran; Brian Tang; Nicolas Papernot; Kassem Fawaz; Somesh Jha; Xi Wu http://arxiv.org/abs/1905.10904 Robust Classification using Robust Feature Augmentation. Kevin Eykholt; Swati Gupta; Atul Prakash; Amir Rahmati; Pratik Vaishnavi; Haizhong Zheng http://arxiv.org/abs/1905.10864 Generalizable Adversarial Attacks Using Generative Models. Avishek Joey Bose; Andre Cianflone; William L. Hamilton http://arxiv.org/abs/1905.11381 Trust but Verify: An Information-Theoretic Explanation for the Adversarial Fragility of Machine Learning Systems, and a General Defense against Adversarial Attacks. Jirong Yi; Hui Xie; Leixin Zhou; Xiaodong Wu; Weiyu Xu; Raghuraman Mudumbai http://arxiv.org/abs/1905.10695 Adversarial Distillation for Ordered Top-k Attacks. Zekun Zhang; Tianfu Wu http://arxiv.org/abs/1905.10615 Adversarial Policies: Attacking Deep Reinforcement Learning. Adam Gleave; Michael Dennis; Cody Wild; Neel Kant; Sergey Levine; Stuart Russell http://arxiv.org/abs/1905.10626 Rethinking Softmax Cross-Entropy Loss for Adversarial Robustness. Tianyu Pang; Kun Xu; Yinpeng Dong; Chao Du; Ning Chen; Jun Zhu http://arxiv.org/abs/1905.13021 Robustness to Adversarial Perturbations in Learning from Incomplete Data. Amir Najafi; Shin-ichi Maeda; Masanori Koyama; Takeru Miyato http://arxiv.org/abs/1905.10510 Enhancing Adversarial Defense by k-Winners-Take-All. Chang Xiao; Peilin Zhong; Changxi Zheng http://arxiv.org/abs/1905.10029 Power up! Robust Graph Convolutional Network via Graph Powering. Ming Jin; Heng Chang; Wenwu Zhu; Somayeh Sojoudi http://arxiv.org/abs/1905.09591 A Direct Approach to Robust Deep Learning Using Adversarial Networks. Huaxia Wang; Chun-Nam Yu http://arxiv.org/abs/1905.09894 PHom-GeM: Persistent Homology for Generative Models. Jeremy Charlier; Radu State; Jean Hilger http://arxiv.org/abs/1905.09871 Thwarting finite difference adversarial attacks with output randomization. Haidar Khan; Daniel Park; Azer Khan; Bülent Yener http://arxiv.org/abs/1905.09797 Interpreting Adversarially Trained Convolutional Neural Networks. Tianyuan Zhang; Zhanxing Zhu http://arxiv.org/abs/1905.09747 Adversarially Robust Distillation. Micah Goldblum; Liam Fowl; Soheil Feizi; Tom Goldstein http://arxiv.org/abs/1905.09209 Convergence and Margin of Adversarial Training on Separable Data. Zachary Charles; Shashank Rajput; Stephen Wright; Dimitris Papailiopoulos http://arxiv.org/abs/1905.09186 Detecting Adversarial Examples and Other Misclassifications in Neural Networks by Introspection. Jonathan Aigrain; Marcin Detyniecki http://arxiv.org/abs/1905.08790 DoPa: A Fast and Comprehensive CNN Defense Methodology against Physical Adversarial Attacks. Zirui Xu; Fuxun Yu; Xiang Chen http://arxiv.org/abs/1905.08232 Adversarially robust transfer learning. Ali Shafahi; Parsa Saadatpanah; Chen Zhu; Amin Ghiasi; Christoph Studer; David Jacobs; Tom Goldstein http://arxiv.org/abs/1905.07831 Testing DNN Image Classifiers for Confusion & Bias Errors. Yuchi Tian; Ziyuan Zhong; Vicente Ordonez; Gail Kaiser; Baishakhi Ray http://arxiv.org/abs/1905.07666 What Do Adversarially Robust Models Look At? Takahiro Itazuri; Yoshihiro Fukuhara; Hirokatsu Kataoka; Shigeo Morishima http://arxiv.org/abs/1905.07672 Taking Care of The Discretization Problem:A Black-Box Adversarial Image Attack in Discrete Integer Domain. Yuchao Duan; Zhe Zhao; Lei Bu; Fu Song http://arxiv.org/abs/1905.07387 POPQORN: Quantifying Robustness of Recurrent Neural Networks. Ching-Yun Ko; Zhaoyang Lyu; Tsui-Wei Weng; Luca Daniel; Ngai Wong; Dahua Lin http://arxiv.org/abs/1905.07112 A critique of the DeepSec Platform for Security Analysis of Deep Learning Models. Nicholas Carlini http://arxiv.org/abs/1905.07121 Simple Black-box Adversarial Attacks. Chuan Guo; Jacob R. Gardner; Yurong You; Andrew Gordon Wilson; Kilian Q. Weinberger http://arxiv.org/abs/1905.06635 Parsimonious Black-Box Adversarial Attacks via Efficient Combinatorial Optimization. Seungyong Moon; Gaon An; Hyun Oh Song http://arxiv.org/abs/1905.06455 On Norm-Agnostic Robustness of Adversarial Training. Bai Li; Changyou Chen; Wenlin Wang; Lawrence Carin http://arxiv.org/abs/1905.08614 An Efficient Pre-processing Method to Eliminate Adversarial Effects. Hua Wang; Jie Wang; Zhaoxia Yin http://arxiv.org/abs/1905.05454 Robustification of deep net classifiers by key based diversified aggregation with pre-filtering. Olga Taran; Shideh Rezaeifar; Taras Holotyak; Slava Voloshynovskiy http://arxiv.org/abs/1905.05163 Adversarial Examples for Electrocardiograms. Xintian Han; Yuxuan Hu; Luca Foschini; Larry Chinitz; Lior Jankelson; Rajesh Ranganath http://arxiv.org/abs/1905.05137 Analyzing Adversarial Attacks Against Deep Learning for Intrusion Detection in IoT Networks. Olakunle Ibitoye; Omair Shafiq; Ashraf Matrawy http://arxiv.org/abs/1905.05186 Harnessing the Vulnerability of Latent Layers in Adversarially Trained Models. Mayank Singh; Abhishek Sinha; Nupur Kumari; Harshitha Machiraju; Balaji Krishnamurthy; Vineeth N Balasubramanian http://arxiv.org/abs/1905.13148 Moving Target Defense for Deep Visual Sensing against Adversarial Examples. Qun Song; Zhenyu Yan; Rui Tan http://arxiv.org/abs/1905.04270 Interpreting and Evaluating Neural Network Robustness. Fuxun Yu; Zhuwei Qin; Chenchen Liu; Liang Zhao; Yanzhi Wang; Xiang Chen http://arxiv.org/abs/1905.04172 On the Connection Between Adversarial Robustness and Saliency Map Interpretability. Christian Etmann; Sebastian Lunz; Peter Maass; Carola-Bibiane Schönlieb http://arxiv.org/abs/1905.04016 Exact Adversarial Attack to Image Captioning via Structured Output Learning with Latent Variables. Yan Xu; Baoyuan Wu; Fumin Shen; Yanbo Fan; Yong Zhang; Heng Tao Shen; Wei Liu http://arxiv.org/abs/1905.03679 Adversarial Defense Framework for Graph Neural Network. Shen Wang; Zhengzhang Chen; Jingchao Ni; Xiao Yu; Zhichun Li; Haifeng Chen; Philip S. Yu http://arxiv.org/abs/1905.03517 Mitigating Deep Learning Vulnerabilities from Adversarial Examples Attack in the Cybersecurity Domain. Chris Einar San Agustin http://arxiv.org/abs/1905.03837 Exploring the Hyperparameter Landscape of Adversarial Robustness. Evelyn Duesterwald; Anupama Murthi; Ganesh Venkataraman; Mathieu Sinn; Deepak Vijaykeerthy http://arxiv.org/abs/1905.03767 Learning Interpretable Features via Adversarially Robust Optimization. Ashkan Khakzar; Shadi Albarqouni; Nassir Navab http://arxiv.org/abs/1905.03828 Universal Adversarial Perturbations for Speech Recognition Systems. Paarth Neekhara; Shehzeen Hussain; Prakhar Pandey; Shlomo Dubnov; Julian McAuley; Farinaz Koushanfar http://arxiv.org/abs/1905.03434 ROSA: Robust Salient Object Detection against Adversarial Attacks. Haofeng Li; Guanbin Li; Yizhou Yu http://arxiv.org/abs/1905.03333 Enhancing Cross-task Transferability of Adversarial Examples with Dispersion Reduction. Yunhan Jia; Yantao Lu; Senem Velipasalar; Zhenyu Zhong; Tao Wei http://arxiv.org/abs/1905.03421 Adversarial Image Translation: Unrestricted Adversarial Examples in Face Recognition Systems. Kazuya Kakizaki; Kosuke Yoshida http://arxiv.org/abs/1905.02704 A Comprehensive Analysis on Adversarial Robustness of Spiking Neural Networks. Saima Sharmin; Priyadarshini Panda; Syed Shakib Sarwar; Chankyu Lee; Wachirawit Ponghiran; Kaushik Roy http://arxiv.org/abs/1905.02422 Representation of White- and Black-Box Adversarial Examples in Deep Neural Networks and Humans: A Functional Magnetic Resonance Imaging Study. Chihye Han; Wonjun Yoon; Gihyun Kwon; Seungkyu Nam; Daeshik Kim http://arxiv.org/abs/1905.02675 An Empirical Evaluation of Adversarial Robustness under Transfer Learning. Todor Davchev; Timos Korres; Stathi Fotiadis; Nick Antonopoulos; Subramanian Ramamoorthy http://arxiv.org/abs/1905.02463 Adaptive Generation of Unrestricted Adversarial Inputs. Isaac Dunn; Hadrien Pouget; Tom Melham; Daniel Kroening http://arxiv.org/abs/1905.02161 Batch Normalization is a Cause of Adversarial Vulnerability. Angus Galloway; Anna Golubeva; Thomas Tanay; Medhat Moussa; Graham W. Taylor http://arxiv.org/abs/1905.02175 Adversarial Examples Are Not Bugs, They Are Features. Andrew Ilyas; Shibani Santurkar; Dimitris Tsipras; Logan Engstrom; Brandon Tran; Aleksander Madry http://arxiv.org/abs/1905.01726 Better the Devil you Know: An Analysis of Evasion Attacks using Out-of-Distribution Adversarial Examples. Vikash Sehwag; Arjun Nitin Bhagoji; Liwei Song; Chawin Sitawarin; Daniel Cullina; Mung Chiang; Prateek Mittal http://arxiv.org/abs/1905.01034 Transfer of Adversarial Robustness Between Perturbation Types. Daniel Kang; Yi Sun; Tom Brown; Dan Hendrycks; Jacob Steinhardt http://arxiv.org/abs/1905.01019 Adversarial Training with Voronoi Constraints. Marc Khoury; Dylan Hadfield-Menell http://arxiv.org/abs/1905.00568 Weight Map Layer for Noise and Adversarial Attack Robustness. Mohammed Amer; Tomás Maul http://arxiv.org/abs/1905.00877 You Only Propagate Once: Accelerating Adversarial Training via Maximal Principle. Dinghuai Zhang; Tianyuan Zhang; Yiping Lu; Zhanxing Zhu; Bin Dong http://arxiv.org/abs/1906.03181 POBA-GA: Perturbation Optimized Black-Box Adversarial Attacks via Genetic Algorithm. Jinyin Chen; Mengmeng Su; Shijing Shen; Hui Xiong; Haibin Zheng http://arxiv.org/abs/1905.00180 Dropping Pixels for Adversarial Robustness. Hossein Hosseini; Sreeram Kannan; Radha Poovendran http://arxiv.org/abs/1905.00441 NATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks. Yandong Li; Lijun Li; Liqiang Wang; Tong Zhang; Boqing Gong http://arxiv.org/abs/1904.13195 Test Selection for Deep Learning Systems. Wei Ma; Mike Papadakis; Anestis Tsakmalis; Maxime Cordy; Yves Le Traon http://arxiv.org/abs/1904.13094 Detecting Adversarial Examples through Nonlinear Dimensionality Reduction. Francesco Crecchi; Davide Bacciu; Battista Biggio http://arxiv.org/abs/1904.12843 Adversarial Training for Free! Ali Shafahi; Mahyar Najibi; Amin Ghiasi; Zheng Xu; John Dickerson; Christoph Studer; Larry S. Davis; Gavin Taylor; Tom Goldstein http://arxiv.org/abs/1904.13000 Adversarial Training and Robustness for Multiple Perturbations. Florian Tramèr; Dan Boneh http://arxiv.org/abs/1904.12181 Non-Local Context Encoder: Robust Biomedical Image Segmentation against Adversarial Attacks. Xiang He; Sibei Yang; Guanbin Li?; Haofeng Li; Huiyou Chang; Yizhou Yu http://arxiv.org/abs/1904.11803 Robustness Verification of Support Vector Machines. Francesco Ranzato; Marco Zanella http://arxiv.org/abs/1904.10990 A Robust Approach for Securing Audio Classification Against Adversarial Attacks. Mohammad Esmaeilpour; Patrick Cardinal; Alessandro Lameiras Koerich http://arxiv.org/abs/1904.11042 Physical Adversarial Textures that Fool Visual Object Tracking. Rey Reza Wiyatno; Anqi Xu http://arxiv.org/abs/1904.10390 Minimizing Perceived Image Quality Loss Through Adversarial Attack Scoping. Kostiantyn Khabarlak; Larysa Koriashkina http://arxiv.org/abs/1904.09804 blessing in disguise: Designing Robust Turing Test by Employing Algorithm Unrobustness. Jiaming Zhang; Jitao Sang; Kaiyuan Xu; Shangxi Wu; Yongli Hu; Yanfeng Sun; Jian Yu http://arxiv.org/abs/1904.10076 Using Videos to Evaluate Image Model Robustness. Keren Gu; Brandon Yang; Jiquan Ngiam; Quoc Le; Jonathon Shlens http://arxiv.org/abs/1904.09633 Beyond Explainability: Leveraging Interpretability for Improved Adversarial Learning. Devinder Kumar; Ibrahim Ben-Daya; Kanav Vats; Jeffery Feng; Graham Taylor and; Alexander Wong http://arxiv.org/abs/1904.09433 Can Machine Learning Model with Static Features be Fooled: an Adversarial Machine Learning Approach. Rahim Taheri; Reza Javidan; Mohammad Shojafar; Vinod P; Mauro Conti http://arxiv.org/abs/1904.09146 Salient Object Detection in the Deep Learning Era: An In-Depth Survey. Wenguan Wang; Qiuxia Lai; Huazhu Fu; Jianbing Shen; Haibin Ling; Ruigang Yang http://arxiv.org/abs/1904.08653 Fooling automated surveillance cameras: adversarial patches to attack person detection. Simen Thys; Ranst Wiebe Van; Toon Goedemé http://arxiv.org/abs/1904.08516 ZK-GanDef: A GAN based Zero Knowledge Adversarial Training Defense for Neural Networks. Guanxiong Liu; Issa Khalil; Abdallah Khreishah http://arxiv.org/abs/1904.08444 Defensive Quantization: When Efficiency Meets Robustness. Ji Lin; Chuang Gan; Song Han http://arxiv.org/abs/1904.08279 Interpreting Adversarial Examples with Attributes. Sadaf Gulshad; Jan Hendrik Metzen; Arnold Smeulders; Zeynep Akata http://arxiv.org/abs/1904.08089 Adversarial Defense Through Network Profiling Based Path Extraction. Yuxian Qiu; Jingwen Leng; Cong Guo; Quan Chen; Chao Li; Minyi Guo; Yuhao Zhu http://arxiv.org/abs/1904.08554 Gotta Catch 'Em All: Using Concealed Trapdoors to Detect Adversarial Attacks on Neural Networks. Shawn Shan; Emily Willson; Bolun Wang; Bo Li; Haitao Zheng; Ben Y. Zhao http://arxiv.org/abs/1904.08489 Semantic Adversarial Attacks: Parametric Transformations That Fool Deep Classifiers. Ameya Joshi; Amitangshu Mukherjee; Soumik Sarkar; Chinmay Hegde http://arxiv.org/abs/1904.07980 Reducing Adversarial Example Transferability Using Gradient Regularization. George Adam; Petr Smirnov; Benjamin Haibe-Kains; Anna Goldenberg http://arxiv.org/abs/1904.07793 AT-GAN: An Adversarial Generator Model for Non-constrained Adversarial Examples. Xiaosen Wang; Kun He; Chuanbiao Song; Liwei Wang; John E. Hopcroft http://arxiv.org/abs/1904.07370 Are Self-Driving Cars Secure? Evasion Attacks against Deep Neural Networks for Steering Angle Prediction. Alesia Chernikova; Alina Oprea; Cristina Nita-Rotaru; BaekGyu Kim http://arxiv.org/abs/1904.06964 Influence of Control Parameters and the Size of Biomedical Image Datasets on the Success of Adversarial Attacks. Vassili Kovalev; Dmitry Voynov http://arxiv.org/abs/1904.06606 Exploiting Vulnerabilities of Load Forecasting Through Adversarial Attacks. Yize Chen; Yushi Tan; Baosen Zhang http://arxiv.org/abs/1904.06026 Cycle-Consistent Adversarial GAN: the integration of adversarial attack and defense. Lingyun Jiang; Kai Qiao; Ruoxi Qin; Linyuan Wang; Jian Chen; Haibing Bu; Bin Yan http://arxiv.org/abs/1904.06186 Generating Minimal Adversarial Perturbations with Integrated Adaptive Gradients. Yatie Xiao; Chi-Man Pun http://arxiv.org/abs/1904.06097 Evaluating Robustness of Deep Image Super-Resolution against Adversarial Attacks. Jun-Ho Choi; Huan Zhang; Jun-Hyuk Kim; Cho-Jui Hsieh; Jong-Seok Lee http://arxiv.org/abs/1904.06292 Adversarial Learning in Statistical Classification: A Comprehensive Review of Defenses Against Attacks. David J. Miller; Zhen Xiang; George Kesidis http://arxiv.org/abs/1904.06347 Unrestricted Adversarial Examples via Semantic Manipulation. Anand Bhattad; Min Jin Chong; Kaizhao Liang; Bo Li; D. A. Forsyth http://arxiv.org/abs/1904.05586 Black-Box Decision based Adversarial Attack with Symmetric $\alpha$-stable Distribution. Vignesh Srinivasan; Ercan E. Kuruoglu; Klaus-Robert Müller; Wojciech Samek; Shinichi Nakajima http://arxiv.org/abs/1904.05475 Learning to Generate Synthetic Data via Compositing. Shashank Tripathi; Siddhartha Chandra; Amit Agrawal; Ambrish Tyagi; James M. Rehg; Visesh Chari http://arxiv.org/abs/1904.05181 Black-box Adversarial Attacks on Video Recognition Models. Linxi Jiang; Xingjun Ma; Shaoxiang Chen; James Bailey; Yu-Gang Jiang http://arxiv.org/abs/1904.04802 Generation & Evaluation of Adversarial Examples for Malware Obfuscation. Daniel Park; Haidar Khan; Bülent Yener http://arxiv.org/abs/1904.04433 Efficient Decision-based Black-box Adversarial Attacks on Face Recognition. Yinpeng Dong; Hang Su; Baoyuan Wu; Zhifeng Li; Wei Liu; Tong Zhang; Jun Zhu http://arxiv.org/abs/1904.04334 A Target-Agnostic Attack on Deep Models: Exploiting Security Vulnerabilities of Transfer Learning. Shahbaz Rezaei; Xin Liu http://arxiv.org/abs/1904.03750 JumpReLU: A Retrofit Defense Strategy for Adversarial Attacks. N. Benjamin Erichson; Zhewei Yao; Michael W. Mahoney http://arxiv.org/abs/1904.05747 Malware Evasion Attack and Defense. Yonghong Huang; Utkarsh Verma; Celeste Fralick; Gabriel Infante-Lopez; Brajesh Kumarz; Carl Woodward http://arxiv.org/abs/1904.03542 On Training Robust PDF Malware Classifiers. Yizheng Chen; Shiqi Wang; Dongdong She; Suman Jana http://arxiv.org/abs/1904.02884 Evading Defenses to Transferable Adversarial Examples by Translation-Invariant Attacks. Yinpeng Dong; Tianyu Pang; Hang Su; Jun Zhu http://arxiv.org/abs/1904.02405 White-to-Black: Efficient Distillation of Black-Box Adversarial Attacks. Yotam Gil; Yoav Chai; Or Gorodissky; Jonathan Berant http://arxiv.org/abs/1904.02841 Minimum Uncertainty Based Detection of Adversaries in Deep Neural Networks. Fatemeh Sheikholeslami; Swayambhoo Jain; Georgios B. Giannakis http://arxiv.org/abs/1904.10504 Understanding the efficacy, reliability and resiliency of computer vision techniques for malware detection and future research directions. Li Chen http://arxiv.org/abs/1904.02057 Interpreting Adversarial Examples by Activation Promotion and Suppression. Kaidi Xu; Sijia Liu; Gaoyuan Zhang; Mengshu Sun; Pu Zhao; Quanfu Fan; Chuang Gan; Xue Lin http://arxiv.org/abs/1904.02144 HopSkipJumpAttack: A Query-Efficient Decision-Based Attack. Jianbo Chen; Michael I. Jordan; Martin J. Wainwright http://arxiv.org/abs/1904.02323 Summit: Scaling Deep Learning Interpretability by Visualizing Activation and Attribution Summarizations. Fred Hohman; Haekyu Park; Caleb Robinson; Duen Horng Chau http://arxiv.org/abs/1904.01231 Adversarial Attacks against Deep Saliency Models. Zhaohui Che; Ali Borji; Guangtao Zhai; Suiyi Ling; Guodong Guo; Patrick Le Callet http://arxiv.org/abs/1904.01160 Curls & Whey: Boosting Black-Box Adversarial Attacks. Yucheng Shi; Siyu Wang; Yahong Han http://arxiv.org/abs/1904.00923 Robustness of 3D Deep Learning in an Adversarial Setting. Matthew Wicker; Marta Kwiatkowska http://arxiv.org/abs/1904.00689 Defending against adversarial attacks by randomized diversification. Olga Taran; Shideh Rezaeifar; Taras Holotyak; Slava Voloshynovskiy http://arxiv.org/abs/1904.00887 Adversarial Defense by Restricting the Hidden Space of Deep Neural Networks. Aamir Mustafa; Salman Khan; Munawar Hayat; Roland Goecke; Jianbing Shen; Ling Shao http://arxiv.org/abs/1904.00979 Regional Homogeneity: Towards Learning Transferable Universal Adversarial Perturbations Against Defenses. Yingwei Li; Song Bai; Cihang Xie; Zhenyu Liao; Xiaohui Shen; Alan L. Yuille http://arxiv.org/abs/1904.01002 On the Vulnerability of CNN Classifiers in EEG-Based BCIs. Xiao Zhang; Dongrui Wu http://arxiv.org/abs/1903.12561 Adversarial Robustness vs Model Compression, or Both? Shaokai Ye; Kaidi Xu; Sijia Liu; Hao Cheng; Jan-Henrik Lambrechts; Huan Zhang; Aojun Zhou; Kaisheng Ma; Yanzhi Wang; Xue Lin http://arxiv.org/abs/1903.12261 Benchmarking Neural Network Robustness to Common Corruptions and Perturbations. Dan Hendrycks; Thomas Dietterich http://arxiv.org/abs/1903.11862 Smooth Adversarial Examples. Hanwei Zhang; Yannis Avrithis; Teddy Furon; Laurent Amsaleg http://arxiv.org/abs/1903.11626 Bridging Adversarial Robustness and Gradient Interpretability. Beomsu Kim; Junghoon Seo; Taegyun Jeon http://arxiv.org/abs/1903.11359 Scaling up the randomized gradient-free adversarial attack reveals overestimation of robustness using established attacks. Francesco Croce; Jonas Rauber; Matthias Hein http://arxiv.org/abs/1903.11688 Rallying Adversarial Techniques against Deep Learning for Network Security. Joseph Clements; Yuzhe Yang; Ankur Sharma; Hongxin Hu; Yingjie Lao http://arxiv.org/abs/1903.11508 Text Processing Like Humans Do: Visually Attacking and Shielding NLP Systems. Steffen Eger; Gözde Gül Şahin; Andreas Rücklé; Ji-Ung Lee; Claudia Schulz; Mohsen Mesgar; Krishnkant Swarnkar; Edwin Simpson; Iryna Gurevych http://arxiv.org/abs/1903.11220 On the Adversarial Robustness of Multivariate Robust Estimation. Erhan Bayraktar; Lifeng Lai http://arxiv.org/abs/1903.10826 A geometry-inspired decision-based attack. Yujia Liu; Seyed-Mohsen Moosavi-Dezfooli; Pascal Frossard http://arxiv.org/abs/1903.10586 Defending against Whitebox Adversarial Attacks via Randomized Discretization. Yuchen Zhang; Percy Liang http://arxiv.org/abs/1903.10484 Exploiting Excessive Invariance caused by Norm-Bounded Adversarial Robustness. Jörn-Henrik Jacobsen; Jens Behrmannn; Nicholas Carlini; Florian Tramèr; Nicolas Papernot http://arxiv.org/abs/1903.10396 The LogBarrier adversarial attack: making effective use of decision boundary information. Chris Finlay; Aram-Alexandre Pooladian; Adam M. Oberman http://arxiv.org/abs/1903.10219 Robust Neural Networks using Randomized Adversarial Training. Alexandre Araujo; Laurent Meunier; Rafael Pinot; Benjamin Negrevergne http://arxiv.org/abs/1903.10033 A Formalization of Robustness for Deep Neural Networks. Tommaso Dreossi; Shromona Ghosh; Alberto Sangiovanni-Vincentelli; Sanjit A. Seshia http://arxiv.org/abs/1903.09940 Variational Inference with Latent Space Quantization for Adversarial Resilience. Vinay Kyatham; Mayank Mishra; Tarun Kumar Yadav; Deepak Mishra; Prathosh AP http://arxiv.org/abs/1903.09799 Improving Adversarial Robustness via Guided Complement Entropy. Hao-Yun Chen; Jhao-Hong Liang; Shih-Chieh Chang; Jia-Yu Pan; Yu-Ting Chen; Wei Wei; Da-Cheng Juan http://arxiv.org/abs/1903.10346 Imperceptible, Robust, and Targeted Adversarial Examples for Automatic Speech Recognition. Yao Qin; Nicholas Carlini; Ian Goodfellow; Garrison Cottrell; Colin Raffel http://arxiv.org/abs/1903.09410 Fast Bayesian Uncertainty Estimation and Reduction of Batch Normalized Single Image Super-Resolution Network. (45%) Aupendu Kar; Prabir Kumar Biswas http://arxiv.org/abs/1904.00759 Adversarial camera stickers: A physical camera-based attack on deep learning systems. Juncheng Li; Frank R. Schmidt; J. Zico Kolter http://arxiv.org/abs/1903.08778 Provable Certificates for Adversarial Examples: Fitting a Ball in the Union of Polytopes. Matt Jordan; Justin Lewis; Alexandros G. Dimakis http://arxiv.org/abs/1903.08333 On the Robustness of Deep K-Nearest Neighbors. Chawin Sitawarin; David Wagner http://arxiv.org/abs/1903.07282 Generating Adversarial Examples With Conditional Generative Adversarial Net. Ping Yu; Kaitao Song; Jianfeng Lu http://arxiv.org/abs/1904.05734 Practical Hidden Voice Attacks against Speech and Speaker Recognition Systems. Hadi Abdullah; Washington Garcia; Christian Peeters; Patrick Traynor; Kevin R. B. Butler; Joseph Wilson http://arxiv.org/abs/1903.07054 Adversarial Attacks on Deep Neural Networks for Time Series Classification. Hassan Ismail Fawaz; Germain Forestier; Jonathan Weber; Lhassane Idoumghar; Pierre-Alain Muller http://arxiv.org/abs/1903.06620 On Evaluation of Adversarial Perturbations for Sequence-to-Sequence Models. Paul Michel; Xian Li; Graham Neubig; Juan Miguel Pino http://arxiv.org/abs/1903.06603 On Certifying Non-uniform Bound against Adversarial Attacks. Chen Liu; Ryota Tomioka; Volkan Cevher http://arxiv.org/abs/1903.06293 A Research Agenda: Dynamic Models to Defend Against Correlated Attacks. Ian Goodfellow http://arxiv.org/abs/1903.05821 Attribution-driven Causal Analysis for Detection of Adversarial Examples. Susmit Jha; Sunny Raj; Steven Lawrence Fernandes; Sumit Kumar Jha; Somesh Jha; Gunjan Verma; Brian Jalaian; Ananthram Swami http://arxiv.org/abs/1903.05543 Adversarial attacks against Fact Extraction and VERification. James Thorne; Andreas Vlachos http://arxiv.org/abs/1903.05157 Simple Physical Adversarial Examples against End-to-End Autonomous Driving Models. Adith Boloor; Xin He; Christopher Gill; Yevgeniy Vorobeychik; Xuan Zhang http://arxiv.org/abs/1903.05994 Can Adversarial Network Attack be Defended? Jinyin Chen; Yangyang Wu; Xiang Lin; Qi Xuan http://arxiv.org/abs/1903.03905 Manifold Preserving Adversarial Learning. Ousmane Amadou Dia; Elnaz Barshan; Reza Babanezhad http://arxiv.org/abs/1903.03029 Attack Type Agnostic Perceptual Enhancement of Adversarial Images. Bilgin Aksoy; Alptekin Temizel http://arxiv.org/abs/1903.02926 Out-domain examples for generative models. Dario Pasquini; Marco Mingione; Massimo Bernaschi http://arxiv.org/abs/1903.02585 GanDef: A GAN based Adversarial Training Defense for Neural Network Classifier. Guanxiong Liu; Issa Khalil; Abdallah Khreishah http://arxiv.org/abs/1903.01980 Statistical Guarantees for the Robustness of Bayesian Neural Networks. Luca Cardelli; Marta Kwiatkowska; Luca Laurenti; Nicola Paoletti; Andrea Patane; Matthew Wicker http://arxiv.org/abs/1903.01715 L 1-norm double backpropagation adversarial defense. Ismaïla LIMOS, LITIS Seck; Gaëlle LIMOS Loosli; Stephane LITIS Canu http://arxiv.org/abs/1903.01612 Defense Against Adversarial Images using Web-Scale Nearest-Neighbor Search. Abhimanyu Dubey; der Maaten Laurens van; Zeki Yalniz; Yixuan Li; Dhruv Mahajan http://arxiv.org/abs/1903.01610 The Vulnerabilities of Graph Convolutional Networks: Stronger Attacks and Defensive Techniques. Huijun Wu; Chen Wang; Yuriy Tyshetskiy; Andrew Dotcherty; Kai Lu; Liming Zhu http://arxiv.org/abs/1903.01182 Complement Objective Training. Hao-Yun Chen; Pei-Hsin Wang; Chun-Hao Liu; Shih-Chieh Chang; Jia-Yu Pan; Yu-Ting Chen; Wei Wei; Da-Cheng Juan http://arxiv.org/abs/1903.01287 Safety Verification and Robustness Analysis of Neural Networks via Quadratic Constraints and Semidefinite Programming. Mahyar Fazlyab; Manfred Morari; George J. Pappas http://arxiv.org/abs/1903.01015 A Kernelized Manifold Mapping to Diminish the Effect of Adversarial Perturbations. Saeid Asgari Taghanaki; Kumar Abhishek; Shekoofeh Azizi; Ghassan Hamarneh http://arxiv.org/abs/1903.01563 Evaluating Adversarial Evasion Attacks in the Context of Wireless Communications. Bryse Flowers; R. Michael Buehrer; William C. Headley http://arxiv.org/abs/1903.00585 PuVAE: A Variational Autoencoder to Purify Adversarial Examples. Uiwon Hwang; Jaewoo Park; Hyemi Jang; Sungroh Yoon; Nam Ik Cho http://arxiv.org/abs/1903.00553 Attacking Graph-based Classification via Manipulating the Graph Structure. Binghui Wang; Neil Zhenqiang Gong http://arxiv.org/abs/1903.00073 On the Effectiveness of Low Frequency Perturbations. Yash Sharma; Gavin Weiguang Ding; Marcus Brubaker http://arxiv.org/abs/1902.11029 Enhancing the Robustness of Deep Neural Networks by Boundary Conditional GAN. Ke Sun; Zhanxing Zhu; Zhouchen Lin http://arxiv.org/abs/1902.11019 Towards Understanding Adversarial Examples Systematically: Exploring Data Size, Task and Model Factors. Ke Sun; Zhanxing Zhu; Zhouchen Lin http://arxiv.org/abs/1902.10899 Adversarial Attack and Defense on Point Sets. Qiang Zhang; Jiancheng Yang; Rongyao Fang; Bingbing Ni; Jinxian Liu; Qi Tian http://arxiv.org/abs/1902.10755 Adversarial Attacks on Time Series. Fazle Karim; Somshubra Majumdar; Houshang Darabi http://arxiv.org/abs/1902.10660 Robust Decision Trees Against Adversarial Examples. Hongge Chen; Huan Zhang; Duane Boning; Cho-Jui Hsieh http://arxiv.org/abs/1902.10758 Tensor Dropout for Robust Learning. Arinbjörn Kolbeinsson; Jean Kossaifi; Yannis Panagakis; Adrian Bulat; Anima Anandkumar; Ioanna Tzoulaki; Paul Matthews http://arxiv.org/abs/1902.10674 The Best Defense Is a Good Offense: Adversarial Attacks to Avoid Modulation Detection. Muhammad Zaid Hameed; Andras Gyorgy; Deniz Gunduz http://arxiv.org/abs/1902.10365 A Distributionally Robust Optimization Method for Adversarial Multiple Kernel Learning. (76%) Masoud Badiei Khuzani; Hongyi Ren; Md Tauhidul Islam; Lei Xing http://arxiv.org/abs/1902.10799 AutoGAN-based Dimension Reduction for Privacy Preservation. (1%) Hung Nguyen; Di Zhuang; Pei-Yuan Wu; Morris Chang http://arxiv.org/abs/1902.11134 Disentangled Deep Autoencoding Regularization for Robust Image Classification. Zhenyu Duan; Martin Renqiang Min; Li Erran Li; Mingbo Cai; Yi Xu; Bingbing Ni http://arxiv.org/abs/1902.09866 Analyzing Deep Neural Networks with Symbolic Propagation: Towards Higher Precision and Faster Verification. Jianlin Li; Pengfei Yang; Jiangchao Liu; Liqian Chen; Xiaowei Huang; Lijun Zhang http://arxiv.org/abs/1902.09592 Verification of Non-Linear Specifications for Neural Networks. Chongli Dj Qin; Dj Krishnamurthy; Dvijotham; Brendan O'Donoghue; Rudy Bunel; Robert Stanforth; Sven Gowal; Jonathan Uesato; Grzegorz Swirszcz; Pushmeet Kohli http://arxiv.org/abs/1902.09286 Adversarial attacks hidden in plain sight. Jan Philip Göpfert; André Artelt; Heiko Wersing; Barbara Hammer http://arxiv.org/abs/1902.08909 MaskDGA: A Black-box Evasion Technique Against DGA Classifiers and Adversarial Defenses. Lior Sidi; Asaf Nadler; Asaf Shabtai http://arxiv.org/abs/1902.09062 Adversarial Reinforcement Learning under Partial Observability in Software-Defined Networking. Yi Han; David Hubczenko; Paul Montague; Vel Olivier De; Tamas Abraham; Benjamin I. P. Rubinstein; Christopher Leckie; Tansu Alpcan; Sarah Erfani http://arxiv.org/abs/1902.08832 Re-evaluating ADEM: A Deeper Look at Scoring Dialogue Responses. Ananya B. Sai; Mithun Das Gupta; Mitesh M. Khapra; Mukundhan Srinivasan http://arxiv.org/abs/1902.08785 A Deep, Information-theoretic Framework for Robust Biometric Recognition. Renjie Xie; Yanzhi Chen; Yan Wo; Qiao Wang http://arxiv.org/abs/1902.08391 Physical Adversarial Attacks Against End-to-End Autoencoder Communication Systems. Meysam Sadeghi; Erik G. Larsson http://arxiv.org/abs/1902.08722 A Convex Relaxation Barrier to Tight Robustness Verification of Neural Networks. Hadi Salman; Greg Yang; Huan Zhang; Cho-Jui Hsieh; Pengchuan Zhang http://arxiv.org/abs/1902.08412 Adversarial Attacks on Graph Neural Networks via Meta Learning. Daniel Zügner; Stephan Günnemann http://arxiv.org/abs/1902.08336 On the Sensitivity of Adversarial Robustness to Input Data Distributions. Gavin Weiguang Ding; Kry Yik Chau Lui; Xiaomeng Jin; Luyu Wang; Ruitong Huang http://arxiv.org/abs/1902.08265 Quantifying Perceptual Distortion of Adversarial Examples. Matt Jordan; Naren Manoj; Surbhi Goel; Alexandros G. Dimakis http://arxiv.org/abs/1902.07906 Wasserstein Adversarial Examples via Projected Sinkhorn Iterations. Eric Wong; Frank R. Schmidt; J. Zico Kolter http://arxiv.org/abs/1902.07623 advertorch v0.1: An Adversarial Robustness Toolbox based on PyTorch. Gavin Weiguang Ding; Luyu Wang; Xiaomeng Jin http://arxiv.org/abs/1902.07776 Perceptual Quality-preserving Black-Box Attack against Deep Learning Image Classifiers. Diego Gragnaniello; Francesco Marra; Giovanni Poggi; Luisa Verdoliva http://arxiv.org/abs/1902.08226 Graph Adversarial Training: Dynamically Regularizing Based on Graph Structure. Fuli Feng; Xiangnan He; Jie Tang; Tat-Seng Chua http://arxiv.org/abs/1902.06894 There are No Bit Parts for Sign Bits in Black-Box Attacks. Abdullah Al-Dujaili; Una-May O'Reilly http://arxiv.org/abs/1902.06705 On Evaluating Adversarial Robustness. Nicholas Carlini; Anish Athalye; Nicolas Papernot; Wieland Brendel; Jonas Rauber; Dimitris Tsipras; Ian Goodfellow; Aleksander Madry; Alexey Kurakin http://arxiv.org/abs/1902.06415 AuxBlocks: Defense Adversarial Example via Auxiliary Blocks. Yueyao Yu; Pengfei Yu; Wenye Li http://arxiv.org/abs/1902.06626 Mockingbird: Defending Against Deep-Learning-Based Website Fingerprinting Attacks with Adversarial Traces. Mohsen Imani; Mohammad Saidur Rahman; Nate Mathews; Matthew Wright http://arxiv.org/abs/1902.08034 Mitigation of Adversarial Examples in RF Deep Classifiers Utilizing AutoEncoder Pre-training. Silvija Kokalj-Filipovic; Rob Miller; Nicholas Chang; Chi Leung Lau http://arxiv.org/abs/1902.06044 Adversarial Examples in RF Deep Learning: Detection of the Attack and its Physical Robustness. Silvija Kokalj-Filipovic; Rob Miller http://arxiv.org/abs/1902.05974 DeepFault: Fault Localization for Deep Neural Networks. Hasan Ferit Eniser; Simos Gerasimou; Alper Sen http://arxiv.org/abs/1902.05586 Can Intelligent Hyperparameter Selection Improve Resistance to Adversarial Examples? Cody Burkard; Brent Lagesse http://arxiv.org/abs/1902.04818 The Odds are Odd: A Statistical Test for Detecting Adversarial Examples. Kevin Roth; Yannic Kilcher; Thomas Hofmann http://arxiv.org/abs/1902.04416 Examining Adversarial Learning against Graph-based IoT Malware Detection Systems. Ahmed Abusnaina; Aminollah Khormali; Hisham Alasmary; Jeman Park; Afsah Anwar; Ulku Meteriz; Aziz Mohaisen http://arxiv.org/abs/1902.04238 Adversarial Samples on Android Malware Detection Systems for IoT Systems. Xiaolei Liu; Xiaojiang Du; Xiaosong Zhang; Qingxin Zhu; Mohsen Guizani http://arxiv.org/abs/1902.07285 A Survey: Towards a Robust Deep Neural Network in Text Domain. Wenqi Wang; Lina Wang; Benxiao Tang; Run Wang; Aoshuang Ye http://arxiv.org/abs/1902.03538 Model Compression with Adversarial Robustness: A Unified Optimization Framework. Shupeng University of Rochester Gui; Haotao Texas A&M University Wang; Chen University of Rochester Yu; Haichuan University of Rochester Yang; Zhangyang Texas A&M University Wang; Ji Ytech Seattle AI lab, FeDA lab, AI platform, Kwai Inc Liu http://arxiv.org/abs/1902.03380 When Causal Intervention Meets Adversarial Examples and Image Masking for Deep Neural Networks. Chao-Han Huck Yang; Yi-Chieh Liu; Pin-Yu Chen; Xiaoli Ma; Yi-Chang James Tsai http://arxiv.org/abs/1902.03227 Minimal Images in Deep Neural Networks: Fragile Object Recognition in Natural Images. Sanjana Srivastava; Guy Ben-Yosef; Xavier Boix http://arxiv.org/abs/1902.02947 Understanding the One-Pixel Attack: Propagation Maps and Locality Analysis. Danilo Vasconcellos Vargas; Jiawei Su http://arxiv.org/abs/1902.03151 Discretization based Solutions for Secure Machine Learning against Adversarial Attacks. Priyadarshini Panda; Indranil Chakraborty; Kaushik Roy http://arxiv.org/abs/1902.02826 Robustness Of Saak Transform Against Adversarial Attacks. Thiyagarajan Ramanathan; Abinaya Manimaran; Suya You; C-C Jay Kuo http://arxiv.org/abs/1902.02918 Certified Adversarial Robustness via Randomized Smoothing. Jeremy M Cohen; Elan Rosenfeld; J. Zico Kolter http://arxiv.org/abs/1902.02041 Fooling Neural Network Interpretations via Adversarial Model Manipulation. Juyeon Heo; Sunghwan Joo; Taesup Moon http://arxiv.org/abs/1902.02067 Daedalus: Breaking Non-Maximum Suppression in Object Detection via Adversarial Examples. Derui Wang; Chaoran Li; Sheng Wen; Xiaojun Chang; Surya Nepal; Yang Xiang http://arxiv.org/abs/1902.01686 Fatal Brain Damage. El Mahdi El Mhamdi; Rachid Guerraoui; Sergei Volodin http://arxiv.org/abs/1902.01148 Theoretical evidence for adversarial robustness through randomization. Rafael Pinot; Laurent Meunier; Alexandre Araujo; Hisashi Kashima; Florian Yger; Cédric Gouy-Pailler; Jamal Atif http://arxiv.org/abs/1902.01080 Predictive Uncertainty Quantification with Compound Density Networks. Agustinus Kristiadi; Sina Däubener; Asja Fischer http://arxiv.org/abs/1902.01147 Is Spiking Secure? A Comparative Study on the Security Vulnerabilities of Spiking and Deep Neural Networks. Alberto Marchisio; Giorgio Nanfa; Faiq Khalid; Muhammad Abdullah Hanif; Maurizio Martina; Muhammad Shafique http://arxiv.org/abs/1902.01235 Robustness Certificates Against Adversarial Examples for ReLU Networks. Sahil Singla; Soheil Feizi http://arxiv.org/abs/1902.00236 Natural and Adversarial Error Detection using Invariance to Image Transformations. Yuval Bahat; Michal Irani; Gregory Shakhnarovich http://arxiv.org/abs/1902.01220 Adaptive Gradient for Adversarial Perturbations Generation. Yatie Xiao; Chi-Man Pun http://arxiv.org/abs/1902.00577 Robustness of Generalized Learning Vector Quantization Models against Adversarial Attacks. Sascha Saralajew; Lars Holdijk; Maike Rees; Thomas Villmann http://arxiv.org/abs/1902.00541 The Efficacy of SHIELD under Different Threat Models. Cory Cornelius; Nilaksh Das; Shang-Tse Chen; Li Chen; Michael E. Kounavis; Duen Horng Chau http://arxiv.org/abs/1902.01208 A New Family of Neural Networks Provably Resistant to Adversarial Attacks. Rakshit Agrawal; Alfaro Luca de; David Helmbold http://arxiv.org/abs/1902.00358 Training Artificial Neural Networks by Generalized Likelihood Ratio Method: Exploring Brain-like Learning to Improve Robustness. Li Xiao; Yijie Peng; Jeff Hong; Zewu Ke; Shuhuai Yang http://arxiv.org/abs/1901.10861 A Simple Explanation for the Existence of Adversarial Examples with Small Hamming Distance. Adi Shamir; Itay Safran; Eyal Ronen; Orr Dunkelman http://arxiv.org/abs/1901.11188 Augmenting Model Robustness with Transformation-Invariant Attacks. Houpu Yao; Zhe Wang; Guangyu Nie; Yassine Mazboudi; Yezhou Yang; Yi Ren http://arxiv.org/abs/1901.10513 Adversarial Examples Are a Natural Consequence of Test Error in Noise. Nic Ford; Justin Gilmer; Nicolas Carlini; Dogus Cubuk http://arxiv.org/abs/1901.10258 RED-Attack: Resource Efficient Decision based Attack for Machine Learning. Faiq Khalid; Hassan Ali; Muhammad Abdullah Hanif; Semeen Rehman; Rehan Ahmed; Muhammad Shafique http://arxiv.org/abs/1901.10622 Reliable Smart Road Signs. Muhammed O. Sayin; Chung-Wei Lin; Eunsuk Kang; Shinichi Shiraishi; Tamer Basar http://arxiv.org/abs/1901.10371 On the Effect of Low-Rank Weights on Adversarial Robustness of Neural Networks. Peter Langenberg; Emilio Rafael Balda; Arash Behboodi; Rudolf Mathar http://arxiv.org/abs/1901.10650 Adversarial Metric Attack and Defense for Person Re-identification. Song Bai; Yingwei Li; Yuyin Zhou; Qizhu Li; Philip H. S. Torr http://arxiv.org/abs/1901.09981 Improving Adversarial Robustness of Ensembles with Diversity Training. Sanjay Kariyappa; Moinuddin K. Qureshi http://arxiv.org/abs/1901.09878 CapsAttacks: Robust and Imperceptible Adversarial Attacks on Capsule Networks. Alberto Marchisio; Giorgio Nanfa; Faiq Khalid; Muhammad Abdullah Hanif; Maurizio Martina; Muhammad Shafique http://arxiv.org/abs/1901.09963 Defense Methods Against Adversarial Examples for Recurrent Neural Networks. Ishai Rosenberg; Asaf Shabtai; Yuval Elovici; Lior Rokach http://arxiv.org/abs/1901.09960 Using Pre-Training Can Improve Model Robustness and Uncertainty. Dan Hendrycks; Kimin Lee; Mantas Mazeika http://arxiv.org/abs/1901.09863 Efficient Multiparty Interactive Coding for Insertions, Deletions and Substitutions. (1%) Ran Gelles; Yael T. Kalai; Govind Ramnarayan http://arxiv.org/abs/1901.09413 An Information-Theoretic Explanation for the Adversarial Fragility of AI Classifiers. Hui Xie; Jirong Yi; Weiyu Xu; Raghu Mudumbai http://arxiv.org/abs/1901.09496 Characterizing the Shape of Activation Space in Deep Neural Networks. Thomas Gebhart; Paul Schrater; Alan Hylton http://arxiv.org/abs/1901.09493 Strong Black-box Adversarial Attacks on Unsupervised Machine Learning Models. Anshuman Chhabra; Abhishek Roy; Prasant Mohapatra http://arxiv.org/abs/1901.09892 A Black-box Attack on Neural Networks Based on Swarm Evolutionary Algorithm. Xiaolei Liu; Yuheng Luo; Xiaosong Zhang; Qingxin Zhu http://arxiv.org/abs/1901.10300 Weighted-Sampling Audio Adversarial Example Attack. Xiaolei Liu; Xiaosong Zhang; Kun Wan; Qingxin Zhu; Yufei Ding http://arxiv.org/abs/1901.09113 Generative Adversarial Networks for Black-Box API Attacks with Limited Training Data. Yi Shi; Yalin E. Sagduyu; Kemal Davaslioglu; Jason H. Li http://arxiv.org/abs/1901.08846 Improving Adversarial Robustness via Promoting Ensemble Diversity. Tianyu Pang; Kun Xu; Chao Du; Ning Chen; Jun Zhu http://arxiv.org/abs/1901.08873 Chapter: Vulnerability of Quantum Information Systems to Collective Manipulation. (1%) Fernando J. Gómez-Ruiz; Ferney J. Rodríguez; Luis Quiroga; Neil F. Johnson http://arxiv.org/abs/1901.09035 Towards Interpretable Deep Neural Networks by Leveraging Adversarial Examples. Yinpeng Dong; Fan Bao; Hang Su; Jun Zhu http://arxiv.org/abs/1901.08360 Cross-Entropy Loss and Low-Rank Features Have Responsibility for Adversarial Examples. Kamil Nar; Orhan Ocal; S. Shankar Sastry; Kannan Ramchandran http://arxiv.org/abs/1901.08573 Theoretically Principled Trade-off between Robustness and Accuracy. Hongyang Zhang; Yaodong Yu; Jiantao Jiao; Eric P. Xing; Laurent El Ghaoui; Michael I. Jordan http://arxiv.org/abs/1901.07846 SirenAttack: Generating Adversarial Audio for End-to-End Acoustic Systems. Tianyu Du; Shouling Ji; Jinfeng Li; Qinchen Gu; Ting Wang; Raheem Beyah http://arxiv.org/abs/1901.08121 Sitatapatra: Blocking the Transfer of Adversarial Samples. Ilia Shumailov; Xitong Gao; Yiren Zhao; Robert Mullins; Ross Anderson; Cheng-Zhong Xu http://arxiv.org/abs/1901.07132 Universal Rules for Fooling Deep Neural Networks based Text Classification. Di Li; Danilo Vasconcellos Vargas; Sakurai Kouichi http://arxiv.org/abs/1901.06796 Adversarial Attacks on Deep Learning Models in Natural Language Processing: A Survey. Wei Emma Zhang; Quan Z. Sheng; Ahoud Alhazmi; Chenliang Li http://arxiv.org/abs/1901.07152 Sensitivity Analysis of Deep Neural Networks. Hai Shu; Hongtu Zhu http://arxiv.org/abs/1901.06834 Perception-in-the-Loop Adversarial Examples. Mahmoud Salamati; Sadegh Soudjani; Rupak Majumdar http://arxiv.org/abs/1901.05674 Easy to Fool? Testing the Anti-evasion Capabilities of PDF Malware Scanners. Saeed TU Darmstadt Ehteshamifar; Antonio xorlab Barresi; Thomas R. ETH Zurich Gross; Michael TU Darmstadt Pradel http://arxiv.org/abs/1901.04684 The Limitations of Adversarial Training and the Blind-Spot Attack. Huan Zhang; Hongge Chen; Zhao Song; Duane Boning; Inderjit S. Dhillon; Cho-Jui Hsieh http://arxiv.org/abs/1901.03706 Generating Adversarial Perturbation with Root Mean Square Gradient. Yatie Xiao; Chi-Man Pun; Jizhe Zhou http://arxiv.org/abs/1901.03808 ECGadv: Generating Adversarial Electrocardiogram to Misguide Arrhythmia Classification System. Huangxun Chen; Chenyu Huang; Qianyi Huang; Qian Zhang; Wei Wang http://arxiv.org/abs/1901.03583 Explaining Vulnerabilities of Deep Learning to Adversarial Malware Binaries. Luca Demetrio; Battista Biggio; Giovanni Lagorio; Fabio Roli; Alessandro Armando http://arxiv.org/abs/1901.03398 Characterizing and evaluating adversarial examples for Offline Handwritten Signature Verification. Luiz G. Hafemann; Robert Sabourin; Luiz S. Oliveira http://arxiv.org/abs/1901.03037 Image Transformation can make Neural Networks more robust against Adversarial Examples. Dang Duy Thang; Toshihiro Matsui http://arxiv.org/abs/1901.03006 Extending Adversarial Attacks and Defenses to Deep 3D Point Cloud Classifiers. Daniel Liu; Ronald Yu; Hao Su http://arxiv.org/abs/1901.02229 Interpretable BoW Networks for Adversarial Example Detection. Krishna Kanth Nakka; Mathieu Salzmann http://arxiv.org/abs/1901.01677 Image Super-Resolution as a Defense Against Adversarial Attacks. Aamir Mustafa; Salman H. Khan; Munawar Hayat; Jianbing Shen; Ling Shao http://arxiv.org/abs/1901.09657 Fake News Detection via NLP is Vulnerable to Adversarial Attacks. Zhixuan Zhou; Huankang Guan; Meghana Moorthy Bhat; Justin Hsu http://arxiv.org/abs/1901.01223 Adversarial Examples Versus Cloud-based Detectors: A Black-box Empirical Study. Xurong Li; Shouling Ji; Meng Han; Juntao Ji; Zhenyu Ren; Yushan Liu; Chunming Wu http://arxiv.org/abs/1901.00546 Multi-Label Adversarial Perturbations. Qingquan Song; Haifeng Jin; Xiao Huang; Xia Hu http://arxiv.org/abs/1901.00532 Adversarial Robustness May Be at Odds With Simplicity. Preetum Nakkiran http://arxiv.org/abs/1901.00054 A Noise-Sensitivity-Analysis-Based Test Prioritization Technique for Deep Neural Networks. Long Zhang; Xuechao Sun; Yong Li; Zhenyu Zhang http://arxiv.org/abs/1812.10812 DeepBillboard: Systematic Physical-World Testing of Autonomous Driving Systems. Husheng Zhou; Wei Li; Yuankun Zhu; Yuqun Zhang; Bei Yu; Lingming Zhang; Cong Liu http://arxiv.org/abs/1812.10528 Adversarial Attack and Defense on Graph Data: A Survey. Lichao Sun; Yingtong Dou; Carl Yang; Ji Wang; Yixin Liu; Philip S. Yu; Lifang He; Bo Li http://arxiv.org/abs/1812.10061 Noise Flooding for Detecting Audio Adversarial Examples Against Automatic Speech Recognition. Krishan Rajaratnam; Jugal Kalita http://arxiv.org/abs/1812.10049 PPD: Permutation Phase Defense Against Adversarial Examples in Deep Learning. Mehdi Jafarnia-Jahromi; Tasmin Chowdhury; Hsin-Tai Wu; Sayandev Mukherjee http://arxiv.org/abs/1812.10199 A Multiversion Programming Inspired Approach to Detecting Audio Adversarial Examples. Qiang Zeng; Jianhai Su; Chenglong Fu; Golam Kayas; Lannan Luo http://arxiv.org/abs/1812.10085 A Data-driven Adversarial Examples Recognition Framework via Adversarial Feature Genome. Li Chen; Qi Li; Weiye Chen; Zeyu Wang; Haifeng Li http://arxiv.org/abs/1812.10217 Seeing isn't Believing: Practical Adversarial Attack Against Object Detectors. Yue Zhao; Hong Zhu; Ruigang Liang; Qintao Shen; Shengzhi Zhang; Kai Chen http://arxiv.org/abs/1812.11017 DUP-Net: Denoiser and Upsampler Network for 3D Adversarial Point Clouds Defense. Hang Zhou; Kejiang Chen; Weiming Zhang; Han Fang; Wenbo Zhou; Nenghai Yu http://arxiv.org/abs/1812.09660 Markov Game Modeling of Moving Target Defense for Strategic Detection of Threats in Cloud Networks. Ankur Chowdhary; Sailik Sengupta; Dijiang Huang; Subbarao Kambhampati http://arxiv.org/abs/1812.09803 Guessing Smart: Biased Sampling for Efficient Black-Box Adversarial Attacks. Thomas Brunner; Frederik Diehl; Michael Truong Le; Alois Knoll http://arxiv.org/abs/1812.09638 Exploiting the Inherent Limitation of L0 Adversarial Examples. Fei Zuo; Bokai Yang; Xiaopeng Li; Lannan Luo; Qiang Zeng http://arxiv.org/abs/1812.09431 Dissociable neural representations of adversarially perturbed images in convolutional neural networks and the human brain. Chi Zhang; Xiaohan Duan; Linyuan Wang; Yongli Li; Bin Yan; Guoen Hu; Ruyuan Zhang; Li Tong http://arxiv.org/abs/1812.08108 Enhancing Robustness of Deep Neural Networks Against Adversarial Malware Samples: Principles, Framework, and AICS'2019 Challenge. Deqiang Li; Qianmu Li; Yanfang Ye; Shouhuai Xu http://arxiv.org/abs/1812.08329 PROVEN: Certifying Robustness of Neural Networks with a Probabilistic Approach. Tsui-Wei Weng; Pin-Yu Chen; Lam M. Nguyen; Mark S. Squillante; Ivan Oseledets; Luca Daniel http://arxiv.org/abs/1812.06815 Spartan Networks: Self-Feature-Squeezing Neural Networks for increased robustness in adversarial settings. François Menet; Paul Berthier; José M. Fernandez; Michel Gagnon http://arxiv.org/abs/1812.06626 Designing Adversarially Resilient Classifiers using Resilient Feature Engineering. Kevin Eykholt; Atul Prakash http://arxiv.org/abs/1812.08342 A Survey of Safety and Trustworthiness of Deep Neural Networks. Xiaowei Huang; Daniel Kroening; Wenjie Ruan; James Sharp; Youcheng Sun; Emese Thamo; Min Wu; Xinping Yi http://arxiv.org/abs/1812.06570 Defense-VAE: A Fast and Accurate Defense against Adversarial Attacks. Xiang Li; Shihao Ji http://arxiv.org/abs/1812.07385 Perturbation Analysis of Learning Algorithms: A Unifying Perspective on Generation of Adversarial Examples. Emilio Rafael Balda; Arash Behboodi; Rudolf Mathar http://arxiv.org/abs/1812.06371 Trust Region Based Adversarial Attack on Neural Networks. Zhewei Yao; Amir Gholami; Peng Xu; Kurt Keutzer; Michael Mahoney http://arxiv.org/abs/1812.05793 Adversarial Sample Detection for Deep Neural Network through Model Mutation Testing. Jingyi Wang; Guoliang Dong; Jun Sun; Xinyu Wang; Peixin Zhang http://arxiv.org/abs/1812.05271 TextBugger: Generating Adversarial Text Against Real-world Applications. Jinfeng Li; Shouling Ji; Tianyu Du; Bo Li; Ting Wang http://arxiv.org/abs/1812.05720 Why ReLU networks yield high-confidence predictions far away from the training data and how to mitigate the problem. Matthias Hein; Maksym Andriushchenko; Julian Bitterwolf http://arxiv.org/abs/1812.05447 Generating Hard Examples for Pixel-wise Classification. (4%) Hyungtae Lee; Heesung Kwon; Wonkook Kim http://arxiv.org/abs/1812.05013 Thwarting Adversarial Examples: An $L_0$-RobustSparse Fourier Transform. Mitali Bafna; Jack Murtagh; Nikhil Vyas http://arxiv.org/abs/1812.04293 On the Security of Randomized Defenses Against Adversarial Samples. Kumar Sharad; Giorgia Azzurra Marson; Hien Thi Thu Truong; Ghassan Karame http://arxiv.org/abs/1812.04599 Adversarial Framing for Image and Video Classification. Konrad Zolna; Michal Zajac; Negar Rostamzadeh; Pedro O. Pinheiro http://arxiv.org/abs/1812.03705 Defending Against Universal Perturbations With Shared Adversarial Training. Chaithanya Kumar Mummadi; Thomas Brox; Jan Hendrik Metzen http://arxiv.org/abs/1812.03411 Feature Denoising for Improving Adversarial Robustness. Cihang Xie; Yuxin Wu; der Maaten Laurens van; Alan Yuille; Kaiming He http://arxiv.org/abs/1812.03405 AutoGAN: Robust Classifier Against Adversarial Attacks. Blerta Lindqvist; Shridatt Sugrim; Rauf Izmailov http://arxiv.org/abs/1812.03303 Detecting Adversarial Examples in Convolutional Neural Networks. Stefanos Pertigkiozoglou; Petros Maragos http://arxiv.org/abs/1812.03413 Learning Transferable Adversarial Examples via Ghost Networks. Yingwei Li; Song Bai; Yuyin Zhou; Cihang Xie; Zhishuai Zhang; Alan Yuille http://arxiv.org/abs/1812.03190 Deep-RBF Networks Revisited: Robust Classification with Rejection. Pourya Habib Zadeh; Reshad Hosseini; Suvrit Sra http://arxiv.org/abs/1812.03087 Combatting Adversarial Attacks through Denoising and Dimensionality Reduction: A Cascaded Autoencoder Approach. Rajeev Sahay; Rehana Mahfuz; Aly El Gamal http://arxiv.org/abs/1812.02891 Adversarial Defense of Image Classification Using a Variational Auto-Encoder. Yi Luo; Henry Pfister http://arxiv.org/abs/1812.02885 Adversarial Attacks, Regression, and Numerical Stability Regularization. Andre T. Nguyen; Edward Raff http://arxiv.org/abs/1812.02575 Prior Networks for Detection of Adversarial Attacks. Andrey Malinin; Mark Gales http://arxiv.org/abs/1812.02524 Towards Leveraging the Information of Gradients in Optimization-based Adversarial Attack. Jingyang Zhang; Hsin-Pai Cheng; Chunpeng Wu; Hai Li; Yiran Chen http://arxiv.org/abs/1812.02843 Fooling Network Interpretation in Image Classification. Akshayvarun Subramanya; Vipin Pillai; Hamed Pirsiavash http://arxiv.org/abs/1812.02606 The Limitations of Model Uncertainty in Adversarial Settings. Kathrin Grosse; David Pfaff; Michael Thomas Smith; Michael Backes http://arxiv.org/abs/1812.02637 MMA Training: Direct Input Space Margin Maximization through Adversarial Training. Gavin Weiguang Ding; Yash Sharma; Kry Yik Chau Lui; Ruitong Huang http://arxiv.org/abs/1812.02737 On Configurable Defense against Adversarial Example Attacks. Bo Luo; Min Li; Yu Li; Qiang Xu http://arxiv.org/abs/1812.01821 Regularized Ensembles and Transferability in Adversarial Learning. Yifan Chen; Yevgeniy Vorobeychik http://arxiv.org/abs/1812.02132 SADA: Semantic Adversarial Diagnostic Attacks for Autonomous Applications. Abdullah Hamdi; Matthias Müller; Bernard Ghanem http://arxiv.org/abs/1812.01647 Rigorous Agent Evaluation: An Adversarial Approach to Uncover Catastrophic Failures. Jonathan Dj Uesato; Ananya Dj Kumar; Csaba Dj Szepesvari; Tom Dj Erez; Avraham Dj Ruderman; Keith Dj Anderson; Dj Krishmamurthy; Dvijotham; Nicolas Heess; Pushmeet Kohli http://arxiv.org/abs/1812.01804 Random Spiking and Systematic Evaluation of Defenses Against Adversarial Examples. Huangyi Ge; Sze Yiu Chau; Bruno Ribeiro; Ninghui Li http://arxiv.org/abs/1812.00740 Disentangling Adversarial Robustness and Generalization. David Stutz; Matthias Hein; Bernt Schiele http://arxiv.org/abs/1812.00891 Interpretable Deep Learning under Fire. Xinyang Zhang; Ningfei Wang; Hua Shen; Shouling Ji; Xiapu Luo; Ting Wang http://arxiv.org/abs/1812.01198 Adversarial Example Decomposition. Horace He; Aaron Lou; Qingxuan Jiang; Isay Katsman; Serge Belongie; Ser-Nam Lim http://arxiv.org/abs/1812.00483 Model-Reuse Attacks on Deep Learning Systems. Yujie Ji; Xinyang Zhang; Shouling Ji; Xiapu Luo; Ting Wang http://arxiv.org/abs/1812.00552 Universal Perturbation Attack Against Image Retrieval. Jie Li; Rongrong Ji; Hong Liu; Xiaopeng Hong; Yue Gao; Qi Tian http://arxiv.org/abs/1812.01713 FineFool: Fine Object Contour Attack via Attention. Jinyin Chen; Haibin Zheng; Hui Xiong; Mengmeng Su http://arxiv.org/abs/1812.00239 Building robust classifiers through generation of confident out of distribution examples. Kumar Sricharan; Ashok Srivastava http://arxiv.org/abs/1812.00151 Discrete Adversarial Attacks and Submodular Optimization with Applications to Text Classification. Qi Lei; Lingfei Wu; Pin-Yu Chen; Alexandros G. Dimakis; Inderjit S. Dhillon; Michael Witbrock http://arxiv.org/abs/1812.00181 Effects of Loss Functions And Target Representations on Adversarial Robustness. Sean Saito; Sujoy Roy http://arxiv.org/abs/1812.00292 SentiNet: Detecting Localized Universal Attacks Against Deep Learning Systems. Edward Chou; Florian Tramèr; Giancarlo Pellegrino http://arxiv.org/abs/1811.12641 Transferable Adversarial Attacks for Image and Video Object Detection. Xingxing Wei; Siyuan Liang; Xiaochun Cao; Jun Zhu http://arxiv.org/abs/1811.12673 ComDefend: An Efficient Image Compression Model to Defend Adversarial Examples. Xiaojun Jia; Xingxing Wei; Xiaochun Cao; Hassan Foroosh http://arxiv.org/abs/1812.00037 Adversarial Defense by Stratified Convolutional Sparse Coding. Bo Sun; Nian-hsuan Tsai; Fangchen Liu; Ronald Yu; Hao Su http://arxiv.org/abs/1811.12395 CNN-Cert: An Efficient Framework for Certifying Robustness of Convolutional Neural Networks. Akhilan Boopathy; Tsui-Wei Weng; Pin-Yu Chen; Sijia Liu; Luca Daniel http://arxiv.org/abs/1811.12335 Bayesian Adversarial Spheres: Bayesian Inference and Adversarial Examples in a Noiseless Setting. Artur Bekasov; Iain Murray http://arxiv.org/abs/1811.12601 Adversarial Examples as an Input-Fault Tolerance Problem. Angus Galloway; Anna Golubeva; Graham W. Taylor http://arxiv.org/abs/1811.12470 Analyzing Federated Learning through an Adversarial Lens. Arjun Nitin Bhagoji; Supriyo Chakraborty; Prateek Mittal; Seraphin Calo http://arxiv.org/abs/1811.11875 Adversarial Attacks for Optical Flow-Based Action Recognition Classifiers. Nathan Inkawhich; Matthew Inkawhich; Yiran Chen; Hai Li http://arxiv.org/abs/1811.11553 Strike (with) a Pose: Neural Networks Are Easily Fooled by Strange Poses of Familiar Objects. Michael A. Alcorn; Qi Li; Zhitao Gong; Chengfei Wang; Long Mai; Wei-Shinn Ku; Anh Nguyen http://arxiv.org/abs/1811.11493 A randomized gradient-free attack on ReLU networks. Francesco Croce; Matthias Hein http://arxiv.org/abs/1811.11402 Adversarial Machine Learning And Speech Emotion Recognition: Utilizing Generative Adversarial Networks For Robustness. Siddique Latif; Rajib Rana; Junaid Qadir http://arxiv.org/abs/1811.11079 Robust Classification of Financial Risk. Suproteem K. Sarkar; Kojin Oshiba; Daniel Giebisch; Yaron Singer http://arxiv.org/abs/1811.11304 Universal Adversarial Training. Ali Shafahi; Mahyar Najibi; Zheng Xu; John Dickerson; Larry S. Davis; Tom Goldstein http://arxiv.org/abs/1811.11310 Using Attribution to Decode Dataset Bias in Neural Network Models for Chemistry. Kevin McCloskey; Ankur Taly; Federico Monti; Michael P. Brenner; Lucy Colwell http://arxiv.org/abs/1811.10828 A Frank-Wolfe Framework for Efficient and Effective Adversarial Attacks. Jinghui Chen; Dongruo Zhou; Jinfeng Yi; Quanquan Gu http://arxiv.org/abs/1811.10745 ResNets Ensemble via the Feynman-Kac Formalism to Improve Natural and Robust Accuracies. Bao Wang; Binjie Yuan; Zuoqiang Shi; Stanley J. Osher http://arxiv.org/abs/1811.10716 Bilateral Adversarial Training: Towards Fast Training of More Robust Models Against Adversarial Attacks. Jianyu Wang; Haichao Zhang http://arxiv.org/abs/1811.09982 Is Data Clustering in Adversarial Settings Secure? Battista Biggio; Ignazio Pillai; Samuel Rota Bulò; Davide Ariu; Marcello Pelillo; Fabio Roli http://arxiv.org/abs/1811.09831 Attention, Please! Adversarial Defense via Activation Rectification and Preservation. Shangxi Wu; Jitao Sang; Kaiyuan Xu; Jiaming Zhang; Yanfeng Sun; Liping Jing; Jian Yu http://arxiv.org/abs/1811.09716 Robustness via curvature regularization, and vice versa. Seyed-Mohsen Moosavi-Dezfooli; Alhussein Fawzi; Jonathan Uesato; Pascal Frossard http://arxiv.org/abs/1811.09600 Decoupling Direction and Norm for Efficient Gradient-Based L2 Adversarial Attacks and Defenses. Jérôme Rony; Luiz G. Hafemann; Luiz S. Oliveira; Ismail Ben Ayed; Robert Sabourin; Eric Granger http://arxiv.org/abs/1811.09310 Parametric Noise Injection: Trainable Randomness to Improve Deep Neural Network Robustness against Adversarial Attack. Adnan Siraj Rakin; Zhezhi He; Deliang Fan http://arxiv.org/abs/1811.09300 Strength in Numbers: Trading-off Robustness and Computation via Adversarially-Trained Ensembles. Edward Grefenstette; Robert Stanforth; Brendan O'Donoghue; Jonathan Uesato; Grzegorz Swirszcz; Pushmeet Kohli http://arxiv.org/abs/1811.09043 Detecting Adversarial Perturbations Through Spatial Behavior in Activation Spaces. Ziv Katzir; Yuval Elovici http://arxiv.org/abs/1811.09020 Task-generalizable Adversarial Attack based on Perceptual Metric. Muzammal Naseer; Salman H. Khan; Shafin Rahman; Fatih Porikli http://arxiv.org/abs/1811.09008 Towards Robust Neural Networks with Lipschitz Continuity. Muhammad Usama; Dong Eui Chang http://arxiv.org/abs/1811.08577 How the Softmax Output is Misleading for Evaluating the Strength of Adversarial Examples. Utku Ozbulak; Neve Wesley De; Messem Arnout Van http://arxiv.org/abs/1811.08484 MimicGAN: Corruption-Mimicking for Blind Image Recovery & Adversarial Defense. Rushil Anirudh; Jayaraman J. Thiagarajan; Bhavya Kailkhura; Timo Bremer http://arxiv.org/abs/1811.08458 Intermediate Level Adversarial Attack for Enhanced Transferability. Qian Huang; Zeqi Gu; Isay Katsman; Horace He; Pian Pawakapan; Zhiqiu Lin; Serge Belongie; Ser-Nam Lim http://arxiv.org/abs/1811.08080 Lightweight Lipschitz Margin Training for Certified Defense against Adversarial Examples. Hajime Ono; Tsubasa Takahashi; Kazuya Kakizaki http://arxiv.org/abs/1812.02622 Convolutional Neural Networks with Transformed Input based on Robust Tensor Network Decomposition. Jenn-Bing Ong; Wee-Keong Ng; C. -C. Jay Kuo http://arxiv.org/abs/1811.07950 Optimal Transport Classifier: Defending Against Adversarial Attacks by Regularized Deep Embedding. Yao Li; Martin Renqiang Min; Wenchao Yu; Cho-Jui Hsieh; Thomas C. M. Lee; Erik Kruus http://arxiv.org/abs/1811.07457 Generalizable Adversarial Training via Spectral Normalization. Farzan Farnia; Jesse M. Zhang; David Tse http://arxiv.org/abs/1811.07311 Regularized adversarial examples for model interpretability. Yoel Shoshan; Vadim Ratner http://arxiv.org/abs/1811.07375 The Taboo Trap: Behavioural Detection of Adversarial Samples. Ilia Shumailov; Yiren Zhao; Robert Mullins; Ross Anderson http://arxiv.org/abs/1811.07266 DeepConsensus: using the consensus of features from multiple layers to attain robust image classification. Yuchen Li; Safwan Hossain; Kiarash Jamali; Frank Rudzicz http://arxiv.org/abs/1811.07211 Classifiers Based on Deep Sparse Coding Architectures are Robust to Deep Learning Transferable Examples. Jacob M. Springer; Charles S. Strauss; Austin M. Thresher; Edward Kim; Garrett T. Kenyon http://arxiv.org/abs/1811.07108 Boosting the Robustness Verification of DNN by Identifying the Achilles's Heel. Chengdong Feng; Zhenbang Chen; Weijiang Hong; Hengbiao Yu; Wei Dong; Ji Wang http://arxiv.org/abs/1811.07018 Protecting Voice Controlled Systems Using Sound Source Identification Based on Acoustic Cues. Yuan Gong; Christian Poellabauer http://arxiv.org/abs/1811.06969 DARCCC: Detecting Adversaries by Reconstruction from Class Conditional Capsules. Nicholas Frosst; Sara Sabour; Geoffrey Hinton http://arxiv.org/abs/1811.06609 A Spectral View of Adversarially Robust Features. Shivam Garg; Vatsal Sharan; Brian Hu Zhang; Gregory Valiant http://arxiv.org/abs/1811.06539 A note on hyperparameters in black-box adversarial examples. Jamie Hayes http://arxiv.org/abs/1811.06492 Mathematical Analysis of Adversarial Attacks. Zehao Dou; Stanley J. Osher; Bao Wang http://arxiv.org/abs/1811.06418 Adversarial Examples from Cryptographic Pseudo-Random Generators. Sébastien Bubeck; Yin Tat Lee; Eric Price; Ilya Razenshteyn http://arxiv.org/abs/1811.06029 Verification of Recurrent Neural Networks Through Rule Extraction. Qinglong Wang; Kaixuan Zhang; Xue Liu; C. Lee Giles http://arxiv.org/abs/1811.05808 Robustness of spectral methods for community detection. Ludovic Stephan; Laurent Massoulié http://arxiv.org/abs/1811.05521 Deep Q learning for fooling neural networks. Mandar Kulkarni http://arxiv.org/abs/1811.03733 Universal Decision-Based Black-Box Perturbations: Breaking Security-Through-Obscurity Defenses. Thomas A. Hogan; Bhavya Kailkhura http://arxiv.org/abs/1811.03685 New CleverHans Feature: Better Adversarial Robustness Evaluations with Attack Bundling. Ian Goodfellow http://arxiv.org/abs/1811.03531 A Geometric Perspective on the Transferability of Adversarial Directions. Zachary Charles; Harrison Rosenberg; Dimitris Papailiopoulos http://arxiv.org/abs/1811.03456 CAAD 2018: Iterative Ensemble Adversarial Attack. Jiayang Liu; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/1811.03194 AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning. Florian Tramèr; Pascal Dupré; Gili Rusak; Giancarlo Pellegrino; Dan Boneh http://arxiv.org/abs/1811.02625 MixTrain: Scalable Training of Verifiably Robust Neural Networks. Shiqi Wang; Yizheng Chen; Ahmed Abdou; Suman Jana http://arxiv.org/abs/1811.02248 SparseFool: a few pixels make a big difference. Apostolos Modas; Seyed-Mohsen Moosavi-Dezfooli; Pascal Frossard http://arxiv.org/abs/1811.01811 Active Deep Learning Attacks under Strict Rate Limitations for Online API Calls. Yi Shi; Yalin E. Sagduyu; Kemal Davaslioglu; Jason H. Li http://arxiv.org/abs/1811.01749 FUNN: Flexible Unsupervised Neural Network. David Vigouroux; Sylvain Picard http://arxiv.org/abs/1811.01629 On the Transferability of Adversarial Examples Against CNN-Based Image Forensics. Mauro Barni; Kassem Kallas; Ehsan Nowroozi; Benedetta Tondi http://arxiv.org/abs/1811.01444 FAdeML: Understanding the Impact of Pre-Processing Noise Filtering on Adversarial Machine Learning. Faiq Khalid; Muhammmad Abdullah Hanif; Semeen Rehman; Junaid Qadir; Muhammad Shafique http://arxiv.org/abs/1811.01437 QuSecNets: Quantization-based Defense Mechanism for Securing Deep Neural Network against Adversarial Attacks. Faiq Khalid; Hassan Ali; Hammad Tariq; Muhammad Abdullah Hanif; Semeen Rehman; Rehan Ahmed; Muhammad Shafique http://arxiv.org/abs/1811.01443 SSCNets: Robustifying DNNs using Secure Selective Convolutional Filters. Hassan Ali; Faiq Khalid; Hammad Tariq; Muhammad Abdullah Hanif; Semeen Rehman; Rehan Ahmed; Muhammad Shafique http://arxiv.org/abs/1811.01302 Adversarial Gain. Peter Henderson; Koustuv Sinha; Rosemary Nan Ke; Joelle Pineau http://arxiv.org/abs/1811.01225 CAAD 2018: Powerful None-Access Black-Box Attack Based on Adversarial Transformation Network. Xiaoyi Dong; Weiming Zhang; Nenghai Yu http://arxiv.org/abs/1811.01312 Adversarial Black-Box Attacks on Automatic Speech Recognition Systems using Multi-Objective Evolutionary Optimization. Shreya Khare; Rahul Aralikatte; Senthil Mani http://arxiv.org/abs/1811.01213 Learning to Defense by Learning to Attack. Haoming Jiang; Zhehui Chen; Yuyang Shi; Bo Dai; Tuo Zhao http://arxiv.org/abs/1811.01134 A Marauder's Map of Security and Privacy in Machine Learning. Nicolas Papernot http://arxiv.org/abs/1811.01057 Semidefinite relaxations for certifying robustness to adversarial examples. Aditi Raghunathan; Jacob Steinhardt; Percy Liang http://arxiv.org/abs/1811.00866 Efficient Neural Network Robustness Certification with General Activation Functions. Huan Zhang; Tsui-Wei Weng; Pin-Yu Chen; Cho-Jui Hsieh; Luca Daniel http://arxiv.org/abs/1811.00830 Towards Adversarial Malware Detection: Lessons Learned from PDF-based Attacks. Davide Maiorca; Battista Biggio; Giorgio Giacinto http://arxiv.org/abs/1811.01031 TrISec: Training Data-Unaware Imperceptible Security Attacks on Deep Neural Networks. Faiq Khalid; Muhammad Abdullah Hanif; Semeen Rehman; Rehan Ahmed; Muhammad Shafique http://arxiv.org/abs/1811.00621 Improving Adversarial Robustness by Encouraging Discriminative Features. Chirag Agarwal; Anh Nguyen; Dan Schonfeld http://arxiv.org/abs/1811.00525 On the Geometry of Adversarial Examples. Marc Khoury; Dylan Hadfield-Menell http://arxiv.org/abs/1811.00401 Excessive Invariance Causes Adversarial Vulnerability. Jörn-Henrik Jacobsen; Jens Behrmann; Richard Zemel; Matthias Bethge http://arxiv.org/abs/1811.02658 When Not to Classify: Detection of Reverse Engineering Attacks on DNN Image Classifiers. Yujia Wang; David J. Miller; George Kesidis http://arxiv.org/abs/1811.00189 Unauthorized AI cannot Recognize Me: Reversible Adversarial Example. Jiayang Liu; Weiming Zhang; Kazuto Fukuchi; Youhei Akimoto; Jun Sakuma http://arxiv.org/abs/1810.12576 Improved Network Robustness with Adversary Critic. Alexander Matyasko; Lap-Pui Chau http://arxiv.org/abs/1810.12715 On the Effectiveness of Interval Bound Propagation for Training Verifiably Robust Models. Sven Gowal; Krishnamurthy Dvijotham; Robert Stanforth; Rudy Bunel; Chongli Qin; Jonathan Uesato; Relja Arandjelovic; Timothy Mann; Pushmeet Kohli http://arxiv.org/abs/1810.12272 Adversarial Risk and Robustness: General Definitions and Implications for the Uniform Distribution. Dimitrios I. Diochnos; Saeed Mahloujifar; Mohammad Mahmoody http://arxiv.org/abs/1810.12042 Logit Pairing Methods Can Fool Gradient-Based Attacks. Marius Mosbach; Maksym Andriushchenko; Thomas Trost; Matthias Hein; Dietrich Klakow http://arxiv.org/abs/1810.11783 RecurJac: An Efficient Recursive Algorithm for Bounding Jacobian Matrix of Neural Networks and Its Applications. Huan Zhang; Pengchuan Zhang; Cho-Jui Hsieh http://arxiv.org/abs/1810.11914 Rademacher Complexity for Adversarially Robust Generalization. Dong Yin; Kannan Ramchandran; Peter Bartlett http://arxiv.org/abs/1810.11793 Robust Audio Adversarial Example for a Physical Attack. Hiromu Yakura; Jun Sakuma http://arxiv.org/abs/1810.11726 Towards Robust Deep Neural Networks. Timothy E. Wang; Yiming Gu; Dhagash Mehta; Xiaojun Zhao; Edgar A. Bernal http://arxiv.org/abs/1810.11711 Regularization Effect of Fast Gradient Sign Method and its Generalization. Chandler Zuo http://arxiv.org/abs/1810.11580 Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples. Guanhong Tao; Shiqing Ma; Yingqi Liu; Xiangyu Zhang http://arxiv.org/abs/1810.10731 Law and Adversarial Machine Learning. Ram Shankar Siva Kumar; David R. O'Brien; Kendra Albert; Salome Vilojen http://arxiv.org/abs/1810.10751 Attack Graph Convolutional Networks by Adding Fake Nodes. Xiaoyun Wang; Minhao Cheng; Joe Eaton; Cho-Jui Hsieh; Felix Wu http://arxiv.org/abs/1810.10939 Evading classifiers in discrete domains with provable optimality guarantees. Bogdan Kulynych; Jamie Hayes; Nikita Samarin; Carmela Troncoso http://arxiv.org/abs/1810.10625 Robust Adversarial Learning via Sparsifying Front Ends. Soorya Gopalakrishnan; Zhinus Marzi; Metehan Cekic; Upamanyu Madhow; Ramtin Pedarsani http://arxiv.org/abs/1810.10031 Stochastic Substitute Training: A Gray-box Approach to Craft Adversarial Examples Against Gradient Obfuscation Defenses. Mohammad Hashemi; Greg Cusack; Eric Keller http://arxiv.org/abs/1810.09650 One Bit Matters: Understanding Adversarial Examples as the Abuse of Redundancy. Jingkang Wang; Ruoxi Jia; Gerald Friedland; Bo Li; Costas Spanos http://arxiv.org/abs/1810.10109 Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors. Yanzi Zhu; Zhujun Xiao; Yuxin Chen; Zhijing Li; Max Liu; Ben Y. Zhao; Haitao Zheng http://arxiv.org/abs/1810.09519 Adversarial Risk Bounds via Function Transformation. Justin Khim; Po-Ling Loh http://arxiv.org/abs/1810.09225 Cost-Sensitive Robustness against Adversarial Examples. Xiao Zhang; David Evans http://arxiv.org/abs/1810.09619 Sparse DNNs with Improved Adversarial Robustness. Yiwen Guo; Chao Zhang; Changshui Zhang; Yurong Chen http://arxiv.org/abs/1810.08640 On Extensions of CLEVER: A Neural Network Robustness Evaluation Algorithm. Tsui-Wei Weng; Huan Zhang; Pin-Yu Chen; Aurelie Lozano; Cho-Jui Hsieh; Luca Daniel http://arxiv.org/abs/1810.08280 Exploring Adversarial Examples in Malware Detection. Octavian Suciu; Scott E. Coull; Jeffrey Johns http://arxiv.org/abs/1810.08070 A Training-based Identification Approach to VIN Adversarial Examples. Yingdi Wang; Wenjia Niu; Tong Chen; Yingxiao Xiang; Jingjing Liu; Gang Li; Jiqiang Liu http://arxiv.org/abs/1810.07481 Provable Robustness of ReLU networks via Maximization of Linear Regions. Francesco University of Tübingen Croce; Maksym Saarland University Andriushchenko; Matthias University of Tübingen Hein http://arxiv.org/abs/1810.10337 Projecting Trouble: Light Based Adversarial Attacks on Deep Learning Classifiers. Nicole Nichols; Robert Jasper http://arxiv.org/abs/1810.07339 Security Matters: A Survey on Adversarial Machine Learning. Guofu Li; Pengjia Zhu; Jin Li; Zhemin Yang; Ning Cao; Zhiyi Chen http://arxiv.org/abs/1810.06583 Concise Explanations of Neural Networks using Adversarial Training. Prasad Chalasani; Jiefeng Chen; Amrita Roy Chowdhury; Somesh Jha; Xi Wu http://arxiv.org/abs/1810.05162 Characterizing Adversarial Examples Based on Spatial Consistency Information for Semantic Segmentation. Chaowei Xiao; Ruizhi Deng; Bo Li; Fisher Yu; Mingyan Liu; Dawn Song http://arxiv.org/abs/1810.05206 MeshAdv: Adversarial Meshes for Visual Recognition. Chaowei Xiao; Dawei Yang; Bo Li; Jia Deng; Mingyan Liu http://arxiv.org/abs/1810.05665 Is PGD-Adversarial Training Necessary? Alternative Training via a Soft-Quantization Network with Noisy-Natural Samples Only. Tianhang Zheng; Changyou Chen; Kui Ren http://arxiv.org/abs/1810.03913 Analyzing the Noise Robustness of Deep Neural Networks. Mengchen Liu; Shixia Liu; Hang Su; Kelei Cao; Jun Zhu http://arxiv.org/abs/1810.03806 The Adversarial Attack and Detection under the Fisher Information Metric. Chenxiao Zhao; P. Thomas Fletcher; Mixue Yu; Yaxin Peng; Guixu Zhang; Chaomin Shen http://arxiv.org/abs/1810.04065 Limitations of adversarial robustness: strong No Free Lunch Theorem. Elvis Dohmatob http://arxiv.org/abs/1810.03739 Efficient Two-Step Adversarial Defense for Deep Neural Networks. Ting-Jui Chang; Yukun He; Peng Li http://arxiv.org/abs/1810.03538 Combinatorial Attacks on Binarized Neural Networks. Elias B. Khalil; Amrita Gupta; Bistra Dilkina http://arxiv.org/abs/1810.03773 Average Margin Regularization for Classifiers. Matt Olfat; Anil Aswani http://arxiv.org/abs/1810.02424 Feature Prioritization and Regularization Improve Standard Accuracy and Adversarial Robustness. Chihuang Liu; Joseph JaJa http://arxiv.org/abs/1810.02180 Improved Generalization Bounds for Robust Learning. Idan Attias; Aryeh Kontorovich; Yishay Mansour http://arxiv.org/abs/1810.01407 Can Adversarially Robust Learning Leverage Computational Hardness? Saeed Mahloujifar; Mohammad Mahmoody http://arxiv.org/abs/1810.01185 Adversarial Examples - A Complete Characterisation of the Phenomenon. Alexandru Constantin Serban; Erik Poll; Joost Visser http://arxiv.org/abs/1810.01110 Link Prediction Adversarial Attack. Jinyin Chen; Ziqiang Shi; Yangyang Wu; Xuanheng Xu; Haibin Zheng http://arxiv.org/abs/1810.01279 Adv-BNN: Improved Adversarial Defense through Robust Bayesian Neural Network. Xuanqing Liu; Yao Li; Chongruo Wu; Cho-Jui Hsieh http://arxiv.org/abs/1810.00740 Improving the Generalization of Adversarial Training with Domain Adaptation. Chuanbiao Song; Kun He; Liwei Wang; John E. Hopcroft http://arxiv.org/abs/1810.01021 Large batch size training of neural networks with adversarial training and second-order information. Zhewei Yao; Amir Gholami; Daiyaan Arfeen; Richard Liaw; Joseph Gonzalez; Kurt Keutzer; Michael Mahoney http://arxiv.org/abs/1810.00953 Improved robustness to adversarial examples using Lipschitz regularization of the loss. Chris Finlay; Adam Oberman; Bilal Abbasi http://arxiv.org/abs/1810.00470 Procedural Noise Adversarial Examples for Black-Box Attacks on Deep Convolutional Networks. Kenneth T. Co; Luis Muñoz-González; Maupeou Sixte de; Emil C. Lupu http://arxiv.org/abs/1810.01268 CAAD 2018: Generating Transferable Adversarial Examples. Yash Sharma; Tien-Dung Le; Moustafa Alzantot http://arxiv.org/abs/1810.00144 Interpreting Adversarial Robustness: A View from Decision Surface in Input Space. Fuxun Yu; Chenchen Liu; Yanzhi Wang; Liang Zhao; Xiang Chen http://arxiv.org/abs/1810.00208 To compress or not to compress: Understanding the Interactions between Adversarial Attacks and Neural Network Compression. Yiren Zhao; Ilia Shumailov; Robert Mullins; Ross Anderson http://arxiv.org/abs/1809.10875 Characterizing Audio Adversarial Examples Using Temporal Dependency. Zhuolin Yang; Bo Li; Pin-Yu Chen; Dawn Song http://arxiv.org/abs/1810.00069 Adversarial Attacks and Defences: A Survey. Anirban Chakraborty; Manaar Alam; Vishal Dey; Anupam Chattopadhyay; Debdeep Mukhopadhyay http://arxiv.org/abs/1810.00024 Explainable Black-Box Attacks Against Model-based Authentication. Washington Garcia; Joseph I. Choi; Suman K. Adari; Somesh Jha; Kevin R. B. Butler http://arxiv.org/abs/1810.07242 Adversarial Attacks on Cognitive Self-Organizing Networks: The Challenge and the Way Forward. Muhammad Usama; Junaid Qadir; Ala Al-Fuqaha http://arxiv.org/abs/1809.09262 Neural Networks with Structural Resistance to Adversarial Attacks. Alfaro Luca de http://arxiv.org/abs/1809.08999 Fast Geometrically-Perturbed Adversarial Faces. Ali Dabouei; Sobhan Soleymani; Jeremy Dawson; Nasser M. Nasrabadi http://arxiv.org/abs/1809.08986 On The Utility of Conditional Generation Based Mutual Information for Characterizing Adversarial Subspaces. Chia-Yi Hsu; Pei-Hsuan Lu; Pin-Yu Chen; Chia-Mu Yu http://arxiv.org/abs/1809.08758 Low Frequency Adversarial Perturbation. Chuan Guo; Jared S. Frank; Kilian Q. Weinberger http://arxiv.org/abs/1809.08706 Is Ordered Weighted $\ell_1$ Regularized Regression Robust to Adversarial Perturbation? A Case Study on OSCAR. Pin-Yu Chen; Bhanukiran Vinzamuri; Sijia Liu http://arxiv.org/abs/1809.08516 Adversarial Defense via Data Dependent Activation Function and Total Variation Minimization. Bao Wang; Alex T. Lin; Wei Zhu; Penghang Yin; Andrea L. Bertozzi; Stanley J. Osher http://arxiv.org/abs/1809.08352 Unrestricted Adversarial Examples. Tom B. Brown; Nicholas Carlini; Chiyuan Zhang; Catherine Olsson; Paul Christiano; Ian Goodfellow http://arxiv.org/abs/1809.08316 Adversarial Binaries for Authorship Identification. Xiaozhu Meng; Barton P. Miller; Somesh Jha http://arxiv.org/abs/1809.07802 Playing the Game of Universal Adversarial Perturbations. Julien Perolat; Mateusz Malinowski; Bilal Piot; Olivier Pietquin http://arxiv.org/abs/1809.08098 Efficient Formal Safety Analysis of Neural Networks. Shiqi Wang; Kexin Pei; Justin Whitehouse; Junfeng Yang; Suman Jana http://arxiv.org/abs/1809.07062 Adversarial Training Towards Robust Multimedia Recommender System. Jinhui Tang; Xiaoyu Du; Xiangnan He; Fajie Yuan; Qi Tian; Tat-Seng Chua http://arxiv.org/abs/1809.07016 Generating 3D Adversarial Point Clouds. Chong Xiang; Charles R. Qi; Bo Li http://arxiv.org/abs/1809.06498 HashTran-DNN: A Framework for Enhancing Robustness of Deep Neural Networks against Adversarial Malware Samples. Deqiang Li; Ramesh Baral; Tao Li; Han Wang; Qianmu Li; Shouhuai Xu http://arxiv.org/abs/1809.06452 Robustness Guarantees for Bayesian Inference with Gaussian Processes. Luca Cardelli; Marta Kwiatkowska; Luca Laurenti; Andrea Patane http://arxiv.org/abs/1809.05966 Exploring the Vulnerability of Single Shot Module in Object Detectors via Imperceptible Background Patches. Yuezun Li; Xiao Bian; Ming-ching Chang; Siwei Lyu http://arxiv.org/abs/1809.05962 Robust Adversarial Perturbation on Deep Proposal-based Models. Yuezun Li; Daniel Tian; Ming-Ching Chang; Xiao Bian; Siwei Lyu http://arxiv.org/abs/1809.05165 Defensive Dropout for Hardening Deep Neural Networks under Adversarial Attacks. Siyue Wang; Xiao Wang; Pu Zhao; Wujie Wen; David Kaeli; Peter Chin; Xue Lin http://arxiv.org/abs/1809.04913 Query-Efficient Black-Box Attack by Active Learning. Pengcheng Li; Jinfeng Yi; Lijun Zhang http://arxiv.org/abs/1809.04790 Adversarial Examples: Opportunities and Challenges. Jiliang Zhang; Chen Li http://arxiv.org/abs/1809.04098 On the Structural Sensitivity of Deep Convolutional Networks to the Directions of Fourier Basis Functions. Yusuke Tsuzuku; Issei Sato http://arxiv.org/abs/1809.04397 Isolated and Ensemble Audio Preprocessing Methods for Detecting Adversarial Examples against Automatic Speech Recognition. Krishan Rajaratnam; Kunal Shah; Jugal Kalita http://arxiv.org/abs/1809.04120 Humans can decipher adversarial images. Zhenglong Zhou; Chaz Firestone http://arxiv.org/abs/1809.03740 Does it care what you asked? Understanding Importance of Verbs in Deep Learning QA System. (22%) Barbara Rychalska; Dominika Basaj; Przemyslaw Biecek; Anna Wroblewska http://arxiv.org/abs/1809.03063 The Curse of Concentration in Robust Learning: Evasion and Poisoning Attacks from Concentration of Measure. Saeed Mahloujifar; Dimitrios I. Diochnos; Mohammad Mahmoody http://arxiv.org/abs/1809.03008 Training for Faster Adversarial Robustness Verification via Inducing ReLU Stability. Kai Y. Xiao; Vincent Tjeng; Nur Muhammad Shafiullah; Aleksander Madry http://arxiv.org/abs/1809.03113 Certified Adversarial Robustness with Additive Noise. Bai Li; Changyou Chen; Wenlin Wang; Lawrence Carin http://arxiv.org/abs/1809.02918 Towards Query Efficient Black-box Attacks: An Input-free Perspective. Yali Du; Meng Fang; Jinfeng Yi; Jun Cheng; Dacheng Tao http://arxiv.org/abs/1809.02797 Fast Gradient Attack on Network Embedding. Jinyin Chen; Yangyang Wu; Xuanheng Xu; Yixian Chen; Haibin Zheng; Qi Xuan http://arxiv.org/abs/1809.02786 Structure-Preserving Transformation: Generating Diverse and Transferable Adversarial Examples. Dan Peng; Zizhan Zheng; Xiaofeng Zhang http://arxiv.org/abs/1809.02861 Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks. Ambra Demontis; Marco Melis; Maura Pintor; Matthew Jagielski; Battista Biggio; Alina Oprea; Cristina Nita-Rotaru; Fabio Roli http://arxiv.org/abs/1809.02560 A Deeper Look at 3D Shape Classifiers. Jong-Chyi Su; Matheus Gadelha; Rui Wang; Subhransu Maji http://arxiv.org/abs/1809.02444 Metamorphic Relation Based Adversarial Attacks on Differentiable Neural Computer. Alvin Chan; Lei Ma; Felix Juefei-Xu; Xiaofei Xie; Yang Liu; Yew Soon Ong http://arxiv.org/abs/1809.02701 Trick Me If You Can: Human-in-the-loop Generation of Adversarial Examples for Question Answering. Eric Wallace; Pedro Rodriguez; Shi Feng; Ikuya Yamada; Jordan Boyd-Graber http://arxiv.org/abs/1809.02681 Query Attack via Opposite-Direction Feature:Towards Robust Image Retrieval. Zhedong Zheng; Liang Zheng; Yi Yang; Fei Wu http://arxiv.org/abs/1809.02079 Adversarial Over-Sensitivity and Over-Stability Strategies for Dialogue Models. Tong Niu; Mohit Bansal http://arxiv.org/abs/1809.02104 Are adversarial examples inevitable? Ali Shafahi; W. Ronny Huang; Christoph Studer; Soheil Feizi; Tom Goldstein http://arxiv.org/abs/1809.02077 IDSGAN: Generative Adversarial Networks for Attack Generation against Intrusion Detection. Zilong Lin; Yong Shi; Zhi Xue http://arxiv.org/abs/1809.01829 Adversarial Reprogramming of Text Classification Neural Networks. Paarth Neekhara; Shehzeen Hussain; Shlomo Dubnov; Farinaz Koushanfar http://arxiv.org/abs/1809.01715 Bridging machine learning and cryptography in defence against adversarial attacks. Olga Taran; Shideh Rezaeifar; Slava Voloshynovskiy http://arxiv.org/abs/1809.01093 Adversarial Attacks on Node Embeddings. Aleksandar Bojchevski; Stephan Günnemann http://arxiv.org/abs/1809.01697 HASP: A High-Performance Adaptive Mobile Security Enhancement Against Malicious Speech Recognition. Zirui Xu; Fuxun Yu; Chenchen Liu; Xiang Chen http://arxiv.org/abs/1809.00594 Adversarial Attack Type I: Cheat Classifiers by Significant Changes. Sanli Tang; Xiaolin Huang; Mingjian Chen; Chengjin Sun; Jie Yang http://arxiv.org/abs/1809.00065 MULDEF: Multi-model-based Defense Against Adversarial Examples for Neural Networks. Siwakorn Srisakaokul; Yuhao Zhang; Zexuan Zhong; Wei Yang; Tao Xie; Bo Li http://arxiv.org/abs/1808.09413 DLFuzz: Differential Fuzzing Testing of Deep Learning Systems. Jianmin Guo; Yu Jiang; Yue Zhao; Quan Chen; Jiaguang Sun http://arxiv.org/abs/1808.09115 All You Need is "Love": Evading Hate-speech Detection. Tommi Gröndahl; Luca Pajola; Mika Juuti; Mauro Conti; N. Asokan http://arxiv.org/abs/1808.09540 Lipschitz regularized Deep Neural Networks generalize and are adversarially robust. Chris Finlay; Jeff Calder; Bilal Abbasi; Adam Oberman http://arxiv.org/abs/1809.00958 Targeted Nonlinear Adversarial Perturbations in Images and Videos. Roberto Rey-de-Castro; Herschel Rabitz http://arxiv.org/abs/1808.08750 Generalisation in humans and deep neural networks. Robert Geirhos; Carlos R. Medina Temme; Jonas Rauber; Heiko H. Schütt; Matthias Bethge; Felix A. Wichmann http://arxiv.org/abs/1808.08609 Adversarially Regularising Neural NLI Models to Integrate Logical Background Knowledge. Pasquale Minervini; Sebastian Riedel http://arxiv.org/abs/1808.08426 Analysis of adversarial attacks against CNN-based image forgery detectors. Diego Gragnaniello; Francesco Marra; Giovanni Poggi; Luisa Verdoliva http://arxiv.org/abs/1808.08444 Guiding Deep Learning System Testing using Surprise Adequacy. Jinhan Kim; Robert Feldt; Shin Yoo http://arxiv.org/abs/1808.08197 Is Machine Learning in Power Systems Vulnerable? Yize Chen; Yushi Tan; Deepjyoti Deka http://arxiv.org/abs/1808.07945 Maximal Jacobian-based Saliency Map Attack. Rey Wiyatno; Anqi Xu http://arxiv.org/abs/1808.07713 Adversarial Attacks on Deep-Learning Based Radio Signal Classification. Meysam Sadeghi; Erik G. Larsson http://arxiv.org/abs/1808.08282 Controlling Over-generalization and its Effect on Adversarial Examples Generation and Detection. Mahdieh Abbasi; Arezoo Rajabi; Azadeh Sadat Mozafari; Rakesh B. Bobba; Christian Gagne http://arxiv.org/abs/1808.06645 Stochastic Combinatorial Ensembles for Defending Against Adversarial Examples. George A. Adam; Petr Smirnov; David Duvenaud; Benjamin Haibe-Kains; Anna Goldenberg http://arxiv.org/abs/1808.05770 Reinforcement Learning for Autonomous Defence in Software-Defined Networking. Yi Han; Benjamin I. P. Rubinstein; Tamas Abraham; Tansu Alpcan; Vel Olivier De; Sarah Erfani; David Hubczenko; Christopher Leckie; Paul Montague http://arxiv.org/abs/1808.05705 Mitigation of Adversarial Attacks through Embedded Feature Selection. Ziyi Bao; Luis Muñoz-González; Emil C. Lupu http://arxiv.org/abs/1808.05665 Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding. Lea Schönherr; Katharina Kohls; Steffen Zeiler; Thorsten Holz; Dorothea Kolossa http://arxiv.org/abs/1808.05537 Distributionally Adversarial Attack. Tianhang Zheng; Changyou Chen; Kui Ren http://arxiv.org/abs/1808.03601 Using Randomness to Improve Robustness of Machine-Learning Models Against Evasion Attacks. Fan Yang; Zhiyuan Chen http://arxiv.org/abs/1808.04218 Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection. Xiao Chen; Chaoran Li; Derui Wang; Sheng Wen; Jun Zhang; Surya Nepal; Yang Xiang; Kui Ren http://arxiv.org/abs/1808.02651 Beyond Pixel Norm-Balls: Parametric Adversaries using an Analytically Differentiable Renderer. Hsueh-Ti Derek Liu; Michael Tao; Chun-Liang Li; Derek Nowrouzezahrai; Alec Jacobson http://arxiv.org/abs/1808.02455 Data augmentation using synthetic data for time series classification with deep residual networks. Hassan Ismail Fawaz; Germain Forestier; Jonathan Weber; Lhassane Idoumghar; Pierre-Alain Muller http://arxiv.org/abs/1808.01976 Adversarial Vision Challenge. Wieland Brendel; Jonas Rauber; Alexey Kurakin; Nicolas Papernot; Behar Veliqi; Marcel Salathé; Sharada P. Mohanty; Matthias Bethge http://arxiv.org/abs/1808.01785 Defense Against Adversarial Attacks with Saak Transform. Sibo Song; Yueru Chen; Ngai-Man Cheung; C. -C. Jay Kuo http://arxiv.org/abs/1808.01753 Gray-box Adversarial Training. Vivek B. S.; Konda Reddy Mopuri; R. Venkatesh Babu http://arxiv.org/abs/1808.01688 Is Robustness the Cost of Accuracy? -- A Comprehensive Study on the Robustness of 18 Deep Image Classification Models. Dong Su; Huan Zhang; Hongge Chen; Jinfeng Yi; Pin-Yu Chen; Yupeng Gao http://arxiv.org/abs/1808.01664 Structured Adversarial Attack: Towards General Implementation and Better Interpretability. Kaidi Xu; Sijia Liu; Pu Zhao; Pin-Yu Chen; Huan Zhang; Quanfu Fan; Deniz Erdogmus; Yanzhi Wang; Xue Lin http://arxiv.org/abs/1808.01452 Traits & Transferability of Adversarial Examples against Instance Segmentation & Object Detection. Raghav Gurbaxani; Shivank Mishra http://arxiv.org/abs/1808.01546 ATMPA: Attacking Machine Learning-based Malware Visualization Detection Methods via Adversarial Examples. Xinbo Liu; Jiliang Zhang; Yaping Lin; He Li http://arxiv.org/abs/1808.01153 Ask, Acquire, and Attack: Data-free UAP Generation using Class Impressions. Konda Reddy Mopuri; Phani Krishna Uppala; R. Venkatesh Babu http://arxiv.org/abs/1808.01352 DeepCloak: Adversarial Crafting As a Defensive Measure to Cloak Processes. Mehmet Sinan Inci; Thomas Eisenbarth; Berk Sunar http://arxiv.org/abs/1808.00123 EagleEye: Attack-Agnostic Defense against Adversarial Inputs (Technical Report). Yujie Ji; Xinyang Zhang; Ting Wang http://arxiv.org/abs/1807.10454 Rob-GAN: Generator, Discriminator, and Adversarial Attacker. Xuanqing Liu; Cho-Jui Hsieh http://arxiv.org/abs/1807.10335 A general metric for identifying adversarial images. Siddharth Krishna Kumar http://arxiv.org/abs/1807.10272 Evaluating and Understanding the Robustness of Adversarial Logit Pairing. Logan Engstrom; Andrew Ilyas; Anish Athalye http://arxiv.org/abs/1807.09937 HiDDeN: Hiding Data With Deep Networks. Jiren Zhu; Russell Kaplan; Justin Johnson; Li Fei-Fei http://arxiv.org/abs/1807.09705 Limitations of the Lipschitz constant as a defense against adversarial examples. Todd Huster; Cho-Yu Jason Chiang; Ritu Chadha http://arxiv.org/abs/1807.09443 Unbounded Output Networks for Classification. Stefan Elfwing; Eiji Uchibe; Kenji Doya http://arxiv.org/abs/1807.09380 Contrastive Video Representation Learning via Adversarial Perturbations. Jue Wang; Anoop Cherian http://arxiv.org/abs/1807.08108 Simultaneous Adversarial Training - Learn from Others Mistakes. Zukang Liao http://arxiv.org/abs/1807.07978 Prior Convictions: Black-Box Adversarial Attacks with Bandits and Priors. Andrew Ilyas; Logan Engstrom; Aleksander Madry http://arxiv.org/abs/1807.07769 Physical Adversarial Examples for Object Detectors. Kevin Eykholt; Ivan Evtimov; Earlence Fernandes; Bo Li; Amir Rahmati; Florian Tramer; Atul Prakash; Tadayoshi Kohno; Dawn Song http://arxiv.org/abs/1807.10590 Harmonic Adversarial Attack Method. Wen Heng; Shuchang Zhou; Tingting Jiang http://arxiv.org/abs/1807.06752 Gradient Band-based Adversarial Training for Generalized Attack Immunity of A3C Path Finding. Tong Chen; Wenjia Niu; Yingxiao Xiang; Xiaoxuan Bai; Jiqiang Liu; Zhen Han; Gang Li http://arxiv.org/abs/1807.06732 Motivating the Rules of the Game for Adversarial Example Research. Justin Gilmer; Ryan P. Adams; Ian Goodfellow; David Andersen; George E. Dahl http://arxiv.org/abs/1807.06714 Defend Deep Neural Networks Against Adversarial Examples via Fixed and Dynamic Quantized Activation Functions. Adnan Siraj Rakin; Jinfeng Yi; Boqing Gong; Deliang Fan http://arxiv.org/abs/1807.06064 Online Robust Policy Learning in the Presence of Unknown Adversaries. Aaron J. Havens; Zhanhong Jiang; Soumik Sarkar http://arxiv.org/abs/1807.05832 Manifold Adversarial Learning. Shufei Zhang; Kaizhu Huang; Jianke Zhu; Yang Liu http://arxiv.org/abs/1807.04457 Query-Efficient Hard-label Black-box Attack:An Optimization-based Approach. Minhao Cheng; Thong Le; Pin-Yu Chen; Jinfeng Yi; Huan Zhang; Cho-Jui Hsieh http://arxiv.org/abs/1807.04200 With Friends Like These, Who Needs Adversaries? Saumya Jetley; Nicholas A. Lord; Philip H. S. Torr http://arxiv.org/abs/1807.03888 A Simple Unified Framework for Detecting Out-of-Distribution Samples and Adversarial Attacks. Kimin Lee; Kibok Lee; Honglak Lee; Jinwoo Shin http://arxiv.org/abs/1807.03571 A Game-Based Approximate Verification of Deep Neural Networks with Provable Guarantees. Min Wu; Matthew Wicker; Wenjie Ruan; Xiaowei Huang; Marta Kwiatkowska http://arxiv.org/abs/1807.04270 Attack and defence in cellular decision-making: lessons from machine learning. Thomas J. Rademaker; Emmanuel Bengio; Paul François http://arxiv.org/abs/1807.03326 Adaptive Adversarial Attack on Scene Text Recognition. Xiaoyong Yuan; Pan He; Xiaolin Andy Li; Dapeng Oliver Wu http://arxiv.org/abs/1807.02905 Vulnerability Analysis of Chest X-Ray Image Classification Against Adversarial Attacks. Saeid Asgari Taghanaki; Arkadeep Das; Ghassan Hamarneh http://arxiv.org/abs/1807.02188 Implicit Generative Modeling of Random Noise during Training for Adversarial Robustness. Priyadarshini Panda; Kaushik Roy http://arxiv.org/abs/1807.01697 Benchmarking Neural Network Robustness to Common Corruptions and Surface Variations. Dan Hendrycks; Thomas G. Dietterich http://arxiv.org/abs/1807.01216 Local Gradients Smoothing: Defense against localized adversarial attacks. Muzammal Naseer; Salman H. Khan; Fatih Porikli http://arxiv.org/abs/1807.01069 Adversarial Robustness Toolbox v1.0.0. Maria-Irina Nicolae; Mathieu Sinn; Minh Ngoc Tran; Beat Buesser; Ambrish Rawat; Martin Wistuba; Valentina Zantedeschi; Nathalie Baracaldo; Bryant Chen; Heiko Ludwig; Ian M. Molloy; Ben Edwards http://arxiv.org/abs/1807.00458 Adversarial Perturbations Against Real-Time Video Classification Systems. Shasha Li; Ajaya Neupane; Sujoy Paul; Chengyu Song; Srikanth V. Krishnamurthy; Amit K. Roy Chowdhury; Ananthram Swami http://arxiv.org/abs/1807.00340 Towards Adversarial Training with Moderate Performance Improvement for Neural Network Classification. Xinhan Di; Pengqian Yu; Meng Tian http://arxiv.org/abs/1807.00051 Adversarial Examples in Deep Learning: Characterization and Divergence. Wenqi Wei; Ling Liu; Margaret Loper; Stacey Truex; Lei Yu; Mehmet Emre Gursoy; Yanzhao Wu http://arxiv.org/abs/1806.11146 Adversarial Reprogramming of Neural Networks. Gamaleldin F. Elsayed; Ian Goodfellow; Jascha Sohl-Dickstein http://arxiv.org/abs/1806.10707 Gradient Similarity: An Explainable Approach to Detect Adversarial Attacks against Deep Learning. Jasjeet Dhaliwal; Saurabh Shintre http://arxiv.org/abs/1806.10496 Customizing an Adversarial Example Generator with Class-Conditional GANs. Shih-hong Tsai http://arxiv.org/abs/1806.09410 Exploring Adversarial Examples: Patterns of One-Pixel Attacks. David Kügler; Alexander Distergoft; Arjan Kuijper; Anirban Mukhopadhyay http://arxiv.org/abs/1806.09035 Defending Malware Classification Networks Against Adversarial Perturbations with Non-Negative Weight Restrictions. Alex Kouzemtchenko http://arxiv.org/abs/1806.09030 On Adversarial Examples for Character-Level Neural Machine Translation. Javid Ebrahimi; Daniel Lowd; Dejing Dou http://arxiv.org/abs/1806.08970 Evaluation of Momentum Diverse Input Iterative Fast Gradient Sign Method (M-DI2-FGSM) Based Attack Method on MCS 2018 Adversarial Attacks on Black Box Face Recognition System. Md Ashraful Alam Milton http://arxiv.org/abs/1806.09186 Detection based Defense against Adversarial Examples from the Steganalysis Point of View. Jiayang Liu; Weiming Zhang; Yiwei Zhang; Dongdong Hou; Yujia Liu; Hongyue Zha; Nenghai Yu http://arxiv.org/abs/1806.08028 Gradient Adversarial Training of Neural Networks. Ayan Sinha; Zhao Chen; Vijay Badrinarayanan; Andrew Rabinovich http://arxiv.org/abs/1806.07723 Combinatorial Testing for Deep Learning Systems. Lei Ma; Fuyuan Zhang; Minhui Xue; Bo Li; Yang Liu; Jianjun Zhao; Yadong Wang http://arxiv.org/abs/1806.07492 On the Learning of Deep Local Features for Robust Face Spoofing Detection. Souza Gustavo Botelho de; João Paulo Papa; Aparecido Nilceu Marana http://arxiv.org/abs/1806.07409 Built-in Vulnerabilities to Imperceptible Adversarial Perturbations. Thomas Tanay; Jerone T. A. Andrews; Lewis D. Griffin http://arxiv.org/abs/1806.06108 Non-Negative Networks Against Adversarial Attacks. William Fleshman; Edward Raff; Jared Sylvester; Steven Forsyth; Mark McLean http://arxiv.org/abs/1806.05476 Copycat CNN: Stealing Knowledge by Persuading Confession with Random Non-Labeled Data. Jacson Rodrigues Correia-Silva; Rodrigo F. Berriel; Claudine Badue; Souza Alberto F. de; Thiago Oliveira-Santos http://arxiv.org/abs/1806.05337 Hierarchical interpretations for neural network predictions. Chandan Singh; W. James Murdoch; Bin Yu http://arxiv.org/abs/1806.05236 Manifold Mixup: Better Representations by Interpolating Hidden States. Vikas Verma; Alex Lamb; Christopher Beckham; Amir Najafi; Ioannis Mitliagkas; Aaron Courville; David Lopez-Paz; Yoshua Bengio http://arxiv.org/abs/1806.04646 Adversarial Attacks on Variational Autoencoders. George Gondim-Ribeiro; Pedro Tabacof; Eduardo Valle http://arxiv.org/abs/1806.04425 Ranking Robustness Under Adversarial Document Manipulations. Gregory Goren; Oren Kurland; Moshe Tennenholtz; Fiana Raiber http://arxiv.org/abs/1806.04169 Defense Against the Dark Arts: An overview of adversarial example security research and future research directions. Ian Goodfellow http://arxiv.org/abs/1806.02977 Monge blunts Bayes: Hardness Results for Adversarial Training. Zac Cranko; Aditya Krishna Menon; Richard Nock; Cheng Soon Ong; Zhan Shi; Christian Walder http://arxiv.org/abs/1806.02924 Revisiting Adversarial Risk. Arun Sai Suggala; Adarsh Prasad; Vaishnavh Nagarajan; Pradeep Ravikumar http://arxiv.org/abs/1806.02782 Training Augmentation with Adversarial Examples for Robust Speech Recognition. Sining Sun; Ching-Feng Yeh; Mari Ostendorf; Mei-Yuh Hwang; Lei Xie http://arxiv.org/abs/1806.02371 Adversarial Attack on Graph Structured Data. Hanjun Dai; Hui Li; Tian Tian; Xin Huang; Lin Wang; Jun Zhu; Le Song http://arxiv.org/abs/1806.02256 Adversarial Regression with Multiple Learners. Liang Tong; Sixie Yu; Scott Alfeld; Yevgeniy Vorobeychik http://arxiv.org/abs/1806.02032 Killing four birds with one Gaussian process: the relation between different test-time attacks. Kathrin Grosse; Michael T. Smith; Michael Backes http://arxiv.org/abs/1806.02299 DPatch: An Adversarial Patch Attack on Object Detectors. Xin Liu; Huanrui Yang; Ziwei Liu; Linghao Song; Hai Li; Yiran Chen http://arxiv.org/abs/1806.02190 Mitigation of Policy Manipulation Attacks on Deep Q-Networks with Parameter-Space Noise. Vahid Behzadan; Arslan Munir http://arxiv.org/abs/1806.01477 An Explainable Adversarial Robustness Metric for Deep Learning Neural Networks. Chirag Agarwal; Bo Dong; Dan Schonfeld; Anthony Hoogs http://arxiv.org/abs/1806.01471 PAC-learning in the presence of evasion adversaries. Daniel Cullina; Arjun Nitin Bhagoji; Prateek Mittal http://arxiv.org/abs/1806.00667 Sufficient Conditions for Idealised Models to Have No Adversarial Examples: a Theoretical and Empirical Study with Bayesian Neural Networks. Yarin Gal; Lewis Smith http://arxiv.org/abs/1806.00580 Detecting Adversarial Examples via Key-based Network. Pinlong Zhao; Zhouyu Fu; Ou wu; Qinghua Hu; Jun Wang http://arxiv.org/abs/1806.00088 PeerNets: Exploiting Peer Wisdom Against Adversarial Attacks. Jan Svoboda; Jonathan Masci; Federico Monti; Michael M. Bronstein; Leonidas Guibas http://arxiv.org/abs/1806.00081 Resisting Adversarial Attacks using Gaussian Mixture Variational Autoencoders. Partha Ghosh; Arpan Losalka; Michael J Black http://arxiv.org/abs/1805.12514 Scaling provable adversarial defenses. Eric Wong; Frank R. Schmidt; Jan Hendrik Metzen; J. Zico Kolter http://arxiv.org/abs/1805.12487 Sequential Attacks on Agents for Long-Term Adversarial Goals. Edgar Tretschk; Seong Joon Oh; Mario Fritz http://arxiv.org/abs/1805.12316 Greedy Attack and Gumbel Attack: Generating Adversarial Examples for Discrete Data. Puyudi Yang; Jianbo Chen; Cho-Jui Hsieh; Jane-Ling Wang; Michael I. Jordan http://arxiv.org/abs/1805.12302 Adversarial Attacks on Face Detectors using Neural Net based Constrained Optimization. Avishek Joey Bose; Parham Aarabi http://arxiv.org/abs/1805.11852 ADAGIO: Interactive Experimentation with Adversarial Attack and Defense for Audio. Nilaksh Das; Madhuri Shanbhogue; Shang-Tse Chen; Li Chen; Michael E. Kounavis; Duen Horng Chau http://arxiv.org/abs/1805.12017 Robustifying Models Against Adversarial Attacks by Langevin Dynamics. Vignesh Srinivasan; Arturo Marban; Klaus-Robert Müller; Wojciech Samek; Shinichi Nakajima http://arxiv.org/abs/1805.12152 Robustness May Be at Odds with Accuracy. Dimitris Tsipras; Shibani Santurkar; Logan Engstrom; Alexander Turner; Aleksander Madry http://arxiv.org/abs/1805.11770 AutoZOOM: Autoencoder-based Zeroth Order Optimization Method for Attacking Black-box Neural Networks. Chun-Chen Tu; Paishun Ting; Pin-Yu Chen; Sijia Liu; Huan Zhang; Jinfeng Yi; Cho-Jui Hsieh; Shin-Ming Cheng http://arxiv.org/abs/1805.11596 Adversarial Noise Attacks of Deep Learning Architectures -- Stability Analysis via Sparse Modeled Signals. Yaniv Romano; Aviad Aberdam; Jeremias Sulam; Michael Elad http://arxiv.org/abs/1805.11666 Why Botnets Work: Distributed Brute-Force Attacks Need No Synchronization. Salman Salamatian; Wasim Huleihel; Ahmad Beirami; Asaf Cohen; Muriel Médard http://arxiv.org/abs/1805.10997 Adversarial Examples in Remote Sensing. Wojciech Czaja; Neil Fendley; Michael Pekala; Christopher Ratto; I-Jeng Wang http://arxiv.org/abs/1805.11090 GenAttack: Practical Black-box Attacks with Gradient-Free Optimization. Moustafa Alzantot; Yash Sharma; Supriyo Chakraborty; Huan Zhang; Cho-Jui Hsieh; Mani Srivastava http://arxiv.org/abs/1805.10652 Defending Against Adversarial Attacks by Leveraging an Entire GAN. Gokula Krishnan Santhanam; Paulina Grnarova http://arxiv.org/abs/1805.10265 Training verified learners with learned verifiers. Krishnamurthy Dvijotham; Sven Gowal; Robert Stanforth; Relja Arandjelovic; Brendan O'Donoghue; Jonathan Uesato; Pushmeet Kohli http://arxiv.org/abs/1805.10204 Adversarial examples from computational constraints. Sébastien Bubeck; Eric Price; Ilya Razenshteyn http://arxiv.org/abs/1805.10133 Laplacian Networks: Bounding Indicator Function Smoothness for Neural Network Robustness. Carlos Eduardo Rosar Kos Lassance; Vincent Gripon; Antonio Ortega http://arxiv.org/abs/1805.09380 Anonymizing k-Facial Attributes via Adversarial Perturbations. Saheb Chhabra; Richa Singh; Mayank Vatsa; Gaurav Gupta http://arxiv.org/abs/1805.09370 Towards Robust Training of Neural Networks by Regularizing Adversarial Gradients. Fuxun Yu; Zirui Xu; Yanzhi Wang; Chenchen Liu; Xiang Chen http://arxiv.org/abs/1805.09190 Towards the first adversarially robust neural network model on MNIST. Lukas Schott; Jonas Rauber; Matthias Bethge; Wieland Brendel http://arxiv.org/abs/1805.08736 Adversarially Robust Training through Structured Gradient Regularization. Kevin Roth; Aurelien Lucchi; Sebastian Nowozin; Thomas Hofmann http://arxiv.org/abs/1805.08000 Adversarial Noise Layer: Regularize Neural Network By Adding Noise. Zhonghui You; Jinmian Ye; Kunming Li; Zenglin Xu; Ping Wang http://arxiv.org/abs/1805.07894 Constructing Unrestricted Adversarial Examples with Generative Models. Yang Song; Rui Shu; Nate Kushman; Stefano Ermon http://arxiv.org/abs/1805.08006 Bidirectional Learning for Robust Neural Networks. Sidney Pontes-Filho; Marcus Liwicki http://arxiv.org/abs/1805.07984 Adversarial Attacks on Neural Networks for Graph Data. Daniel Zügner; Amir Akbarnejad; Stephan Günnemann http://arxiv.org/abs/1805.07862 Featurized Bidirectional GAN: Adversarial Defense via Adversarially Learned Semantic Inference. Ruying Bao; Sihang Liang; Qingcan Wang http://arxiv.org/abs/1805.07816 Towards Understanding Limitations of Pixel Discretization Against Adversarial Attacks. Jiefeng Chen; Xi Wu; Vaibhav Rastogi; Yingyu Liang; Somesh Jha http://arxiv.org/abs/1805.07820 Targeted Adversarial Examples for Black Box Audio Systems. Rohan Taori; Amog Kamsetty; Brenton Chu; Nikita Vemuri http://arxiv.org/abs/1805.06605 Defense-GAN: Protecting Classifiers Against Adversarial Attacks Using Generative Models. Pouya Samangouei; Maya Kabkab; Rama Chellappa http://arxiv.org/abs/1805.06130 Towards Robust Neural Machine Translation. Yong Cheng; Zhaopeng Tu; Fandong Meng; Junjie Zhai; Yang Liu http://arxiv.org/abs/1805.05010 Detecting Adversarial Samples for Deep Neural Networks through Mutation Testing. Jingyi Wang; Jun Sun; Peixin Zhang; Xinyu Wang http://arxiv.org/abs/1805.04807 Curriculum Adversarial Training. Qi-Zhi Cai; Min Du; Chang Liu; Dawn Song http://arxiv.org/abs/1805.04810 AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning. Jinyuan Jia; Neil Zhenqiang Gong http://arxiv.org/abs/1805.04613 Breaking Transferability of Adversarial Samples with Randomness. Yan Zhou; Murat Kantarcioglu; Bowei Xi http://arxiv.org/abs/1805.03553 On Visual Hallmarks of Robustness to Adversarial Malware. Alex Huang; Abdullah Al-Dujaili; Erik Hemberg; Una-May O'Reilly http://arxiv.org/abs/1805.03438 Robust Classification with Convolutional Prototype Learning. Hong-Ming Yang; Xu-Yao Zhang; Fei Yin; Cheng-Lin Liu http://arxiv.org/abs/1805.02917 Interpretable Adversarial Perturbation in Input Embedding Space for Text. Motoki Sato; Jun Suzuki; Hiroyuki Shindo; Yuji Matsumoto http://arxiv.org/abs/1805.02131 A Counter-Forensic Method for CNN-Based Camera Model Identification. David Güera; Yu Wang; Luca Bondi; Paolo Bestagini; Stefano Tubaro; Edward J. Delp http://arxiv.org/abs/1805.01431 Siamese networks for generating adversarial examples. Mandar Kulkarni; Aria Abubakar http://arxiv.org/abs/1805.00089 Concolic Testing for Deep Neural Networks. Youcheng Sun; Min Wu; Wenjie Ruan; Xiaowei Huang; Marta Kwiatkowska; Daniel Kroening http://arxiv.org/abs/1804.11313 How Robust are Deep Neural Networks? Biswa Sengupta; Karl J. Friston http://arxiv.org/abs/1804.11285 Adversarially Robust Generalization Requires More Data. Ludwig Schmidt; Shibani Santurkar; Dimitris Tsipras; Kunal Talwar; Aleksander Mądry http://arxiv.org/abs/1804.11022 Adversarial Regression for Detecting Attacks in Cyber-Physical Systems. Amin Ghafouri; Yevgeniy Vorobeychik; Xenofon Koutsoukos http://arxiv.org/abs/1804.10829 Formal Security Analysis of Neural Networks using Symbolic Intervals. Shiqi Wang; Kexin Pei; Justin Whitehouse; Junfeng Yang; Suman Jana http://arxiv.org/abs/1804.09699 Towards Fast Computation of Certified Robustness for ReLU Networks. Tsui-Wei Weng; Huan Zhang; Hongge Chen; Zhao Song; Cho-Jui Hsieh; Duane Boning; Inderjit S. Dhillon; Luca Daniel http://arxiv.org/abs/1804.08794 Towards Dependable Deep Convolutional Neural Networks (CNNs) with Out-distribution Learning. Mahdieh Abbasi; Arezoo Rajabi; Christian Gagné; Rakesh B. Bobba http://arxiv.org/abs/1804.08757 Siamese Generative Adversarial Privatizer for Biometric Data. Witold Oleszkiewicz; Peter Kairouz; Karol Piczak; Ram Rajagopal; Tomasz Trzcinski http://arxiv.org/abs/1804.08598 Black-box Adversarial Attacks with Limited Queries and Information. Andrew Ilyas; Logan Engstrom; Anish Athalye; Jessy Lin http://arxiv.org/abs/1804.08529 VectorDefense: Vectorization as a Defense to Adversarial Examples. Vishaal Munusamy Kabilan; Brandon Morris; Anh Nguyen http://arxiv.org/abs/1804.08778 Query-Efficient Black-Box Attack Against Sequence-Based Malware Classifiers. Ishai Rosenberg; Asaf Shabtai; Yuval Elovici; Lior Rokach http://arxiv.org/abs/1804.07998 Generating Natural Language Adversarial Examples. Moustafa Alzantot; Yash Sharma; Ahmed Elgohary; Bo-Jhang Ho; Mani Srivastava; Kai-Wei Chang http://arxiv.org/abs/1804.07870 Gradient Masking Causes CLEVER to Overestimate Adversarial Perturbation Size. Ian Goodfellow http://arxiv.org/abs/1804.07757 Learning More Robust Features with Adversarial Training. Shuangtao Li; Yuanke Chen; Yanlin Peng; Lin Bai http://arxiv.org/abs/1804.07729 ADef: an Iterative Algorithm to Construct Adversarial Deformations. Rima Alaifari; Giovanni S. Alberti; Tandri Gauksson http://arxiv.org/abs/1804.07062 Attacking Convolutional Neural Network using Differential Evolution. Jiawei Su; Danilo Vasconcellos Vargas; Kouichi Sakurai http://arxiv.org/abs/1804.07045 Semantic Adversarial Deep Learning. Tommaso Dreossi; Somesh Jha; Sanjit A. Seshia http://arxiv.org/abs/1804.06760 Simulation-based Adversarial Test Generation for Autonomous Vehicles with Machine Learning Components. Cumhur Erkan Tuncali; Georgios Fainekos; Hisahiro Ito; James Kapinski http://arxiv.org/abs/1804.06898 Neural Automated Essay Scoring and Coherence Modeling for Adversarially Crafted Input. Youmna Farag; Helen Yannakoudakis; Ted Briscoe http://arxiv.org/abs/1804.06473 Robust Machine Comprehension Models via Adversarial Training. Yicheng Wang; Mohit Bansal http://arxiv.org/abs/1804.06059 Adversarial Example Generation with Syntactically Controlled Paraphrase Networks. Mohit Iyyer; John Wieting; Kevin Gimpel; Luke Zettlemoyer http://arxiv.org/abs/1804.05805 Global Robustness Evaluation of Deep Neural Networks with Provable Guarantees for the $L_0$ Norm. Wenjie Ruan; Min Wu; Youcheng Sun; Xiaowei Huang; Daniel Kroening; Marta Kwiatkowska http://arxiv.org/abs/1804.05810 ShapeShifter: Robust Physical Adversarial Attack on Faster R-CNN Object Detector. Shang-Tse Chen; Cory Cornelius; Jason Martin; Duen Horng Chau http://arxiv.org/abs/1805.00310 On the Limitation of MagNet Defense against $L_1$-based Adversarial Examples. Pei-Hsuan Lu; Pin-Yu Chen; Kang-Cheng Chen; Chia-Mu Yu http://arxiv.org/abs/1804.05296 Adversarial Attacks Against Medical Deep Learning Systems. Samuel G. Finlayson; Hyung Won Chung; Isaac S. Kohane; Andrew L. Beam http://arxiv.org/abs/1804.04177 Detecting Malicious PowerShell Commands using Deep Neural Networks. Danny Hendler; Shay Kels; Amir Rubin http://arxiv.org/abs/1804.03286 On the Robustness of the CVPR 2018 White-Box Adversarial Example Defenses. Anish Athalye; Nicholas Carlini http://arxiv.org/abs/1804.03308 Adversarial Training Versus Weight Decay. Angus Galloway; Thomas Tanay; Graham W. Taylor http://arxiv.org/abs/1804.03193 An ADMM-Based Universal Framework for Adversarial Attacks on Deep Neural Networks. Pu Zhao; Sijia Liu; Yanzhi Wang; Xue Lin http://arxiv.org/abs/1804.02691 Adaptive Spatial Steganography Based on Probability-Controlled Adversarial Examples. Sai Ma; Qingxiao Guan; Xianfeng Zhao; Yaqi Liu http://arxiv.org/abs/1804.02485 Fortified Networks: Improving the Robustness of Deep Networks by Modeling the Manifold of Hidden Representations. Alex Lamb; Jonathan Binas; Anirudh Goyal; Dmitriy Serdyuk; Sandeep Subramanian; Ioannis Mitliagkas; Yoshua Bengio http://arxiv.org/abs/1804.01635 Unifying Bilateral Filtering and Adversarial Training for Robust Neural Networks. Neale Ratzlaff; Li Fuxin http://arxiv.org/abs/1804.00097 Adversarial Attacks and Defences Competition. Alexey Kurakin; Ian Goodfellow; Samy Bengio; Yinpeng Dong; Fangzhou Liao; Ming Liang; Tianyu Pang; Jun Zhu; Xiaolin Hu; Cihang Xie; Jianyu Wang; Zhishuai Zhang; Zhou Ren; Alan Yuille; Sangxia Huang; Yao Zhao; Yuzhe Zhao; Zhonglin Han; Junjiajia Long; Yerkebulan Berdibekov; Takuya Akiba; Seiya Tokui; Motoki Abe http://arxiv.org/abs/1803.11157 Security Consideration For Deep Learning-Based Image Forensics. Wei Zhao; Pengpeng Yang; Rongrong Ni; Yao Zhao; Haorui Wu http://arxiv.org/abs/1803.10840 Defending against Adversarial Images using Basis Functions Transformations. Uri Shaham; James Garritano; Yutaro Yamada; Ethan Weinberger; Alex Cloninger; Xiuyuan Cheng; Kelly Stanton; Yuval Kluger http://arxiv.org/abs/1803.10418 The Effects of JPEG and JPEG2000 Compression on Attacks using Adversarial Examples. Ayse Elvan Aydemir; Alptekin Temizel; Tugba Taskaya Temizel http://arxiv.org/abs/1803.09868 Bypassing Feature Squeezing by Increasing Adversary Strength. Yash Sharma; Pin-Yu Chen http://arxiv.org/abs/1803.09638 On the Limitation of Local Intrinsic Dimensionality for Characterizing the Subspaces of Adversarial Examples. Pei-Hsuan Lu; Pin-Yu Chen; Chia-Mu Yu http://arxiv.org/abs/1803.09468 Clipping free attacks against artificial neural networks. Boussad Addad; Jerome Kodjabachian; Christophe Meyer http://arxiv.org/abs/1803.09163 Security Theater: On the Vulnerability of Classifiers to Exploratory Attacks. Tegjyot Singh Sethi; Mehmed Kantardzic; Joung Woo Ryu http://arxiv.org/abs/1803.09162 A Dynamic-Adversarial Mining Approach to the Security of Machine Learning. Tegjyot Singh Sethi; Mehmed Kantardzic; Lingyu Lyua; Jiashun Chen http://arxiv.org/abs/1803.09156 An Overview of Vulnerabilities of Voice Controlled Systems. Yuan Gong; Christian Poellabauer http://arxiv.org/abs/1804.00504 Generalizability vs. Robustness: Adversarial Examples for Medical Imaging. Magdalini Paschali; Sailesh Conjeti; Fernando Navarro; Nassir Navab http://arxiv.org/abs/1803.09043 CNN Based Adversarial Embedding with Minimum Alteration for Image Steganography. Weixuan Tang; Bin Li; Shunquan Tan; Mauro Barni; Jiwu Huang http://arxiv.org/abs/1803.08773 Detecting Adversarial Perturbations with Saliency. Chiliang Zhang; Zhimou Yang; Zuochang Ye http://arxiv.org/abs/1803.08680 Improving DNN Robustness to Adversarial Attacks using Jacobian Regularization. Daniel Jakubovitz; Raja Giryes http://arxiv.org/abs/1803.08533 Understanding Measures of Uncertainty for Adversarial Example Detection. Lewis Smith; Yarin Gal http://arxiv.org/abs/1803.07994 Adversarial Defense based on Structure-to-Signal Autoencoders. Joachim Folz; Sebastian Palacio; Joern Hees; Damian Borth; Andreas Dengel http://arxiv.org/abs/1803.08134 Task dependent Deep LDA pruning of neural networks. Qing Tian; Tal Arbel; James J. Clark http://arxiv.org/abs/1803.07519 DeepGauge: Multi-Granularity Testing Criteria for Deep Learning Systems. Lei Ma; Felix Juefei-Xu; Fuyuan Zhang; Jiyuan Sun; Minhui Xue; Bo Li; Chunyang Chen; Ting Su; Li Li; Yang Liu; Jianjun Zhao; Yadong Wang http://arxiv.org/abs/1803.06975 Technical Report: When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks. Octavian Suciu; Radu Mărginean; Yiğitcan Kaya; Hal III Daumé; Tudor Dumitraş http://arxiv.org/abs/1803.06978 Improving Transferability of Adversarial Examples with Input Diversity. Cihang Xie; Zhishuai Zhang; Yuyin Zhou; Song Bai; Jianyu Wang; Zhou Ren; Alan Yuille http://arxiv.org/abs/1803.06567 A Dual Approach to Scalable Verification of Deep Networks. Dj Krishnamurthy; Dvijotham; Robert Stanforth; Sven Gowal; Timothy Mann; Pushmeet Kohli http://arxiv.org/abs/1803.06373 Adversarial Logit Pairing. Harini Kannan; Alexey Kurakin; Ian Goodfellow http://arxiv.org/abs/1804.00499 Semantic Adversarial Examples. Hossein Hosseini; Radha Poovendran http://arxiv.org/abs/1803.05598 Large Margin Deep Networks for Classification. Gamaleldin F. Elsayed; Dilip Krishnan; Hossein Mobahi; Kevin Regan; Samy Bengio http://arxiv.org/abs/1803.05787 Feature Distillation: DNN-Oriented JPEG Compression Against Adversarial Examples. Zihao Liu; Qi Liu; Tao Liu; Nuo Xu; Xue Lin; Yanzhi Wang; Wujie Wen http://arxiv.org/abs/1803.04765 Deep k-Nearest Neighbors: Towards Confident, Interpretable and Robust Deep Learning. Nicolas Papernot; Patrick McDaniel http://arxiv.org/abs/1803.04683 Invisible Mask: Practical Attacks on Face Recognition with Infrared. Zhe Zhou; Di Tang; Xiaofeng Wang; Weili Han; Xiangyu Liu; Kehuan Zhang http://arxiv.org/abs/1803.05123 Defending against Adversarial Attack towards Deep Neural Networks via Collaborative Multi-task Training. Derek Wang; Chaoran Li; Sheng Wen; Surya Nepal; Yang Xiang http://arxiv.org/abs/1803.04173 Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables. Bojan Kolosnjaji; Ambra Demontis; Battista Biggio; Davide Maiorca; Giorgio Giacinto; Claudia Eckert; Fabio Roli http://arxiv.org/abs/1803.03880 Combating Adversarial Attacks Using Sparse Representations. Soorya Gopalakrishnan; Zhinus Marzi; Upamanyu Madhow; Ramtin Pedarsani http://arxiv.org/abs/1803.03870 Detecting Adversarial Examples via Neural Fingerprinting. Sumanth Dathathri; Stephan Zheng; Tianwei Yin; Richard M. Murray; Yisong Yue http://arxiv.org/abs/1803.03613 Detecting Adversarial Examples - A Lesson from Multimedia Forensics. Pascal Schöttle; Alexander Schlögl; Cecilia Pasquini; Rainer Böhme http://arxiv.org/abs/1803.03607 On Generation of Adversarial Examples using Convex Programming. Emilio Rafael Balda; Arash Behboodi; Rudolf Mathar http://arxiv.org/abs/1803.03544 Explaining Black-box Android Malware Detection. Marco Melis; Davide Maiorca; Battista Biggio; Giorgio Giacinto; Fabio Roli http://arxiv.org/abs/1803.02988 Rethinking Feature Distribution for Loss Functions in Image Classification. Weitao Wan; Yuanyi Zhong; Tianpeng Li; Jiansheng Chen http://arxiv.org/abs/1803.02536 Sparse Adversarial Perturbations for Videos. Xingxing Wei; Jun Zhu; Hang Su http://arxiv.org/abs/1803.01442 Stochastic Activation Pruning for Robust Adversarial Defense. Guneet S. Dhillon; Kamyar Azizzadenesheli; Zachary C. Lipton; Jeremy Bernstein; Jean Kossaifi; Aran Khanna; Anima Anandkumar http://arxiv.org/abs/1803.01128 Seq2Sick: Evaluating the Robustness of Sequence-to-Sequence Models with Adversarial Examples. Minhao Cheng; Jinfeng Yi; Pin-Yu Chen; Huan Zhang; Cho-Jui Hsieh http://arxiv.org/abs/1803.00940 Protecting JPEG Images Against Adversarial Attacks. Aaditya Prakash; Nick Moran; Solomon Garber; Antonella DiLillo; James Storer http://arxiv.org/abs/1802.09707 Understanding and Enhancing the Transferability of Adversarial Examples. Lei Wu; Zhanxing Zhu; Cheng Tai; Weinan E http://arxiv.org/abs/1802.09653 On the Suitability of $L_p$-norms for Creating and Preventing Adversarial Examples. Mahmood Sharif; Lujo Bauer; Michael K. Reiter http://arxiv.org/abs/1802.09502 Retrieval-Augmented Convolutional Neural Networks for Improved Robustness against Adversarial Examples. Jake Zhao; Kyunghyun Cho http://arxiv.org/abs/1802.09308 Max-Mahalanobis Linear Discriminant Analysis Networks. Tianyu Pang; Chao Du; Jun Zhu http://arxiv.org/abs/1803.00404 Deep Defense: Training DNNs with Improved Adversarial Robustness. Ziang Yan; Yiwen Guo; Changshui Zhang http://arxiv.org/abs/1802.08760 Sensitivity and Generalization in Neural Networks: an Empirical Study. Roman Novak; Yasaman Bahri; Daniel A. Abolafia; Jeffrey Pennington; Jascha Sohl-Dickstein http://arxiv.org/abs/1802.08686 Adversarial vulnerability for any classifier. Alhussein Fawzi; Hamza Fawzi; Omar Fawzi http://arxiv.org/abs/1802.08678 Verifying Controllers Against Adversarial Examples with Bayesian Optimization. Shromona Ghosh; Felix Berkenkamp; Gireeja Ranade; Shaz Qadeer; Ashish Kapoor http://arxiv.org/abs/1803.00401 Unravelling Robustness of Deep Learning based Face Recognition Against Adversarial Attacks. Gaurav Goswami; Nalini Ratha; Akshay Agarwal; Richa Singh; Mayank Vatsa http://arxiv.org/abs/1802.08241 Hessian-based Analysis of Large Batch Training and Robustness to Adversaries. Zhewei Yao; Amir Gholami; Qi Lei; Kurt Keutzer; Michael W. Mahoney http://arxiv.org/abs/1802.08195 Adversarial Examples that Fool both Computer Vision and Time-Limited Humans. Gamaleldin F. Elsayed; Shreya Shankar; Brian Cheung; Nicolas Papernot; Alex Kurakin; Ian Goodfellow; Jascha Sohl-Dickstein http://arxiv.org/abs/1802.08567 Adversarial Training for Probabilistic Spiking Neural Networks. Alireza Bagheri; Osvaldo Simeone; Bipin Rajendran http://arxiv.org/abs/1802.07896 L2-Nonexpansive Neural Networks. Haifeng Qian; Mark N. Wegman http://arxiv.org/abs/1802.07770 Generalizable Adversarial Examples Detection Based on Bi-model Decision Mismatch. João Monteiro; Isabela Albuquerque; Zahid Akhtar; Tiago H. Falk http://arxiv.org/abs/1802.07295 Attack Strength vs. Detectability Dilemma in Adversarial Machine Learning. Christopher Frederickson; Michael Moore; Glenn Dawson; Robi Polikar http://arxiv.org/abs/1802.07124 Out-distribution training confers robustness to deep neural networks. Mahdieh Abbasi; Christian Gagné http://arxiv.org/abs/1802.06927 On Lyapunov exponents and adversarial perturbation. Vinay Uday Prabhu; Nishant Desai; John Whaley http://arxiv.org/abs/1802.06816 Shield: Fast, Practical Defense and Vaccination for Deep Learning using JPEG Compression. Nilaksh Das; Madhuri Shanbhogue; Shang-Tse Chen; Fred Hohman; Siwei Li; Li Chen; Michael E. Kounavis; Duen Horng Chau http://arxiv.org/abs/1802.06806 Divide, Denoise, and Defend against Adversarial Attacks. Seyed-Mohsen Moosavi-Dezfooli; Ashish Shrivastava; Oncel Tuzel http://arxiv.org/abs/1802.06627 Robustness of Rotation-Equivariant Networks to Adversarial Perturbations. Beranger Dumont; Simona Maggio; Pablo Montalvo http://arxiv.org/abs/1802.06552 Are Generative Classifiers More Robust to Adversarial Attacks? Yingzhen Li; John Bradshaw; Yash Sharma http://arxiv.org/abs/1802.06430 DARTS: Deceiving Autonomous Cars with Toxic Signs. Chawin Sitawarin; Arjun Nitin Bhagoji; Arsalan Mosenia; Mung Chiang; Prateek Mittal http://arxiv.org/abs/1802.05763 ASP:A Fast Adversarial Attack Example Generation Framework based on Adversarial Saliency Prediction. Fuxun Yu; Qide Dong; Xiang Chen http://arxiv.org/abs/1802.05666 Adversarial Risk and the Dangers of Evaluating Against Weak Attacks. Jonathan Uesato; Brendan O'Donoghue; Aaron van den Oord; Pushmeet Kohli http://arxiv.org/abs/1802.05385 Fooling OCR Systems with Adversarial Text Images. Congzheng Song; Vitaly Shmatikov http://arxiv.org/abs/1802.05193 Security Analysis and Enhancement of Model Compressed Deep Learning Systems under Adversarial Attacks. Qi Liu; Tao Liu; Zihao Liu; Yanzhi Wang; Yier Jin; Wujie Wen http://arxiv.org/abs/1802.09900 Query-Free Attacks on Industry-Grade Face Recognition Systems under Resource Constraints. Di Tang; XiaoFeng Wang; Kehuan Zhang http://arxiv.org/abs/1802.04822 Identify Susceptible Locations in Medical Records via Adversarial Attacks on Deep Predictive Models. Mengying Sun; Fengyi Tang; Jinfeng Yi; Fei Wang; Jiayu Zhou http://arxiv.org/abs/1802.04528 Deceiving End-to-End Deep Learning Malware Detectors using Adversarial Examples. Felix Kreuk; Assi Barak; Shir Aviv-Reuven; Moran Baruch; Benny Pinkas; Joseph Keshet http://arxiv.org/abs/1802.04034 Lipschitz-Margin Training: Scalable Certification of Perturbation Invariance for Deep Neural Networks. Yusuke Tsuzuku; Issei Sato; Masashi Sugiyama http://arxiv.org/abs/1802.04457 Predicting Adversarial Examples with High Confidence. Angus Galloway; Graham W. Taylor; Medhat Moussa http://arxiv.org/abs/1802.03471 Certified Robustness to Adversarial Examples with Differential Privacy. Mathias Lecuyer; Vaggelis Atlidakis; Roxana Geambasu; Daniel Hsu; Suman Jana http://arxiv.org/abs/1802.03041 Detection of Adversarial Training Examples in Poisoning Attacks through Anomaly Detection. Andrea Paudice; Luis Muñoz-González; Andras Gyorgy; Emil C. Lupu http://arxiv.org/abs/1802.01549 Blind Pre-Processing: A Robust Defense Method Against Adversarial Examples. Adnan Siraj Rakin; Zhezhi He; Boqing Gong; Deliang Fan http://arxiv.org/abs/1802.01421 First-order Adversarial Vulnerability of Neural Networks and Input Dimension. Carl-Johann Simon-Gabriel; Yann Ollivier; Léon Bottou; Bernhard Schölkopf; David Lopez-Paz http://arxiv.org/abs/1802.00573 Secure Detection of Image Manipulation by means of Random Feature Selection. Zhipeng Chen; Benedetta Tondi; Xiaolong Li; Rongrong Ni; Yao Zhao; Mauro Barni http://arxiv.org/abs/1802.01448 Hardening Deep Neural Networks via Adversarial Model Cascades. Deepak Vijaykeerthy; Anshuman Suri; Sameep Mehta; Ponnurangam Kumaraguru http://arxiv.org/abs/1802.00420 Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. Anish Athalye; Nicholas Carlini; David Wagner http://arxiv.org/abs/1801.10578 Evaluating the Robustness of Neural Networks: An Extreme Value Theory Approach. Tsui-Wei Weng; Huan Zhang; Pin-Yu Chen; Jinfeng Yi; Dong Su; Yupeng Gao; Cho-Jui Hsieh; Luca Daniel http://arxiv.org/abs/1801.09827 Robustness of classification ability of spiking neural networks. Jie Yang; Pingping Zhang; Yan Liu http://arxiv.org/abs/1801.09344 Certified Defenses against Adversarial Examples. Aditi Raghunathan; Jacob Steinhardt; Percy Liang http://arxiv.org/abs/1801.09097 Towards an Understanding of Neural Networks in Natural-Image Spaces. Yifei Fan; Anthony Yezzi http://arxiv.org/abs/1801.08926 Deflecting Adversarial Attacks with Pixel Deflection. Aaditya Prakash; Nick Moran; Solomon Garber; Antonella DiLillo; James Storer http://arxiv.org/abs/1801.08917 Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning. Hyrum S. Anderson; Anant Kharkar; Bobby Filar; David Evans; Phil Roth http://arxiv.org/abs/1801.08535 CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition. Xuejing Yuan; Yuxuan Chen; Yue Zhao; Yunhui Long; Xiaokang Liu; Kai Chen; Shengzhi Zhang; Heqing Huang; Xiaofeng Wang; Carl A. Gunter http://arxiv.org/abs/1801.08092 Generalizable Data-free Objective for Crafting Universal Adversarial Perturbations. Konda Reddy Mopuri; Aditya Ganeshan; R. Venkatesh Babu http://arxiv.org/abs/1801.07175 Adversarial Texts with Gradient Methods. Zhitao Gong; Wenlu Wang; Bo Li; Dawn Song; Wei-Shinn Ku http://arxiv.org/abs/1801.05420 A Comparative Study of Rule Extraction for Recurrent Neural Networks. Qinglong Wang; Kaixuan Zhang; Alexander G. II Ororbia; Xinyu Xing; Xue Liu; C. Lee Giles http://arxiv.org/abs/1801.04695 Sparsity-based Defense against Adversarial Attacks on Linear Classifiers. Zhinus Marzi; Soorya Gopalakrishnan; Upamanyu Madhow; Ramtin Pedarsani http://arxiv.org/abs/1801.04693 Towards Imperceptible and Robust Adversarial Example Attacks against Neural Networks. Bo Luo; Yannan Liu; Lingxiao Wei; Qiang Xu http://arxiv.org/abs/1801.04354 Black-box Generation of Adversarial Text Sequences to Evade Deep Learning Classifiers. Ji Gao; Jack Lanchantin; Mary Lou Soffa; Yanjun Qi http://arxiv.org/abs/1801.04055 A3T: Adversarially Augmented Adversarial Training. Akram Erraqabi; Aristide Baratin; Yoshua Bengio; Simon Lacoste-Julien http://arxiv.org/abs/1801.03339 Fooling End-to-end Speaker Verification by Adversarial Examples. Felix Kreuk; Yossi Adi; Moustapha Cisse; Joseph Keshet http://arxiv.org/abs/1801.02950 Adversarial Deep Learning for Robust Detection of Binary Encoded Malware. Abdullah Al-Dujaili; Alex Huang; Erik Hemberg; Una-May O'Reilly http://arxiv.org/abs/1801.02850 Less is More: Culling the Training Set to Improve Robustness of Deep Neural Networks. Yongshuai Liu; Jiyu Chen; Hao Chen http://arxiv.org/abs/1801.02780 Rogue Signs: Deceiving Traffic Sign Recognition with Malicious Ads and Logos. Chawin Sitawarin; Arjun Nitin Bhagoji; Arsalan Mosenia; Prateek Mittal; Mung Chiang http://arxiv.org/abs/1801.02774 Adversarial Spheres. Justin Gilmer; Luke Metz; Fartash Faghri; Samuel S. Schoenholz; Maithra Raghu; Martin Wattenberg; Ian Goodfellow http://arxiv.org/abs/1801.02613 Characterizing Adversarial Subspaces Using Local Intrinsic Dimensionality. Xingjun Ma; Bo Li; Yisen Wang; Sarah M. Erfani; Sudanthi Wijewickrema; Grant Schoenebeck; Dawn Song; Michael E. Houle; James Bailey http://arxiv.org/abs/1801.02612 Spatially Transformed Adversarial Examples. Chaowei Xiao; Jun-Yan Zhu; Bo Li; Warren He; Mingyan Liu; Dawn Song http://arxiv.org/abs/1801.02610 Generating Adversarial Examples with Adversarial Networks. Chaowei Xiao; Bo Li; Jun-Yan Zhu; Warren He; Mingyan Liu; Dawn Song http://arxiv.org/abs/1801.02608 LaVAN: Localized and Visible Adversarial Noise. Danny Karmon; Daniel Zoran; Yoav Goldberg http://arxiv.org/abs/1801.02384 Attacking Speaker Recognition With Deep Generative Models. Wilson Cai; Anish Doshi; Rafael Valle http://arxiv.org/abs/1801.02318 HeNet: A Deep Learning Approach on Intel$^\circledR$ Processor Trace for Effective Exploit Detection. Li Chen; Salmin Sultana; Ravi Sahita http://arxiv.org/abs/1801.02257 Denoising Dictionary Learning Against Adversarial Perturbations. John Mitro; Derek Bridge; Steven Prestwich http://arxiv.org/abs/1801.01953 Adversarial Perturbation Intensity Achieving Chosen Intra-Technique Transferability Level for Logistic Regression. Martin Gubri http://arxiv.org/abs/1801.01944 Audio Adversarial Examples: Targeted Attacks on Speech-to-Text. Nicholas Carlini; David Wagner http://arxiv.org/abs/1801.01828 Shielding Google's language toxicity model against adversarial attacks. Nestor Rodriguez; Sergio Rojas-Galeano http://arxiv.org/abs/1801.02480 Facial Attributes: Accuracy and Adversarial Robustness. Andras Rozsa; Manuel Günther; Ethan M. Rudd; Terrance E. Boult http://arxiv.org/abs/1801.00905 Neural Networks in Adversarial Setting and Ill-Conditioned Weight Space. Mayank Singh; Abhishek Sinha; Balaji Krishnamurthy http://arxiv.org/abs/1801.00634 High Dimensional Spaces, Deep Learning and Adversarial Examples. Simant Dube http://arxiv.org/abs/1801.00554 Did you hear that? Adversarial Examples Against Automatic Speech Recognition. Moustafa Alzantot; Bharathan Balaji; Mani Srivastava http://arxiv.org/abs/1801.00553 Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey. Naveed Akhtar; Ajmal Mian http://arxiv.org/abs/1801.00349 A General Framework for Adversarial Examples with Objectives. Mahmood Sharif; Sruti Bhagavatula; Lujo Bauer; Michael K. Reiter http://arxiv.org/abs/1712.09936 Gradient Regularization Improves Accuracy of Discriminative Models. Dániel Varga; Adrián Csiszárik; Zsolt Zombori http://arxiv.org/abs/1712.09665 Adversarial Patch. Tom B. Brown; Dandelion Mané; Aurko Roy; Martín Abadi; Justin Gilmer http://arxiv.org/abs/1712.09491 Exploring the Space of Black-box Attacks on Deep Neural Networks. Arjun Nitin Bhagoji; Warren He; Bo Li; Dawn Song http://arxiv.org/abs/1712.09327 Building Robust Deep Neural Networks for Road Sign Detection. Arkar Min Aung; Yousef Fadila; Radian Gondokaryono; Luis Gonzalez http://arxiv.org/abs/1712.09196 The Robust Manifold Defense: Adversarial Training using Generative Models. Ajil Jalal; Andrew Ilyas; Constantinos Daskalakis; Alexandros G. Dimakis http://arxiv.org/abs/1712.08996 Android Malware Detection using Deep Learning on API Method Sequences. ElMouatez Billah Karbab; Mourad Debbabi; Abdelouahid Derhab; Djedjiga Mouheb http://arxiv.org/abs/1712.09344 Whatever Does Not Kill Deep Reinforcement Learning, Makes It Stronger. Vahid Behzadan; Arslan Munir http://arxiv.org/abs/1712.08713 Query-limited Black-box Attacks to Classifiers. Fnu Suya; Yuan Tian; David Evans; Paolo Papotti http://arxiv.org/abs/1712.08263 Using LIP to Gloss Over Faces in Single-Stage Face Detection Networks. Siqi Yang; Arnold Wiliem; Shaokang Chen; Brian C. Lovell http://arxiv.org/abs/1712.08250 ReabsNet: Detecting and Revising Adversarial Examples. Jiefeng Chen; Zihang Meng; Changtian Sun; Wei Tang; Yinglun Zhu http://arxiv.org/abs/1712.08062 Note on Attacking Object Detectors with Adversarial Stickers. Kevin Eykholt; Ivan Evtimov; Earlence Fernandes; Bo Li; Dawn Song; Tadayoshi Kohno; Amir Rahmati; Atul Prakash; Florian Tramer http://arxiv.org/abs/1712.07805 Wolf in Sheep's Clothing - The Downscaling Attack Against Deep Learning Applications. Qixue Xiao; Kang Li; Deyue Zhang; Yier Jin http://arxiv.org/abs/1712.07113 Query-Efficient Black-box Adversarial Examples (superceded). Andrew Ilyas; Logan Engstrom; Anish Athalye; Jessy Lin http://arxiv.org/abs/1712.07107 Adversarial Examples: Attacks and Defenses for Deep Learning. Xiaoyong Yuan; Pan He; Qile Zhu; Xiaolin Li http://arxiv.org/abs/1712.06751 HotFlip: White-Box Adversarial Examples for Text Classification. Javid Ebrahimi; Anyi Rao; Daniel Lowd; Dejing Dou http://arxiv.org/abs/1712.06646 When Not to Classify: Anomaly Detection of Attacks (ADA) on DNN Classifiers at Test Time. David J. Miller; Yulia Wang; George Kesidis http://arxiv.org/abs/1712.06174 Deep Neural Networks as 0-1 Mixed Integer Linear Programs: A Feasibility Study. Matteo Fischetti; Jason Jo http://arxiv.org/abs/1712.06131 Super-sparse Learning in Similarity Spaces. Ambra Demontis; Marco Melis; Battista Biggio; Giorgio Fumera; Fabio Roli http://arxiv.org/abs/1712.05919 Attack and Defense of Dynamic Analysis-Based, Adversarial Neural Malware Classification Models. Jack W. Stokes; De Wang; Mady Marinescu; Marc Marino; Brian Bussone http://arxiv.org/abs/1712.05419 DANCin SEQ2SEQ: Fooling Text Classifiers with Adversarial Text Example Generation. Catherine Wong http://arxiv.org/abs/1712.04248 Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models. Wieland Brendel; Jonas Rauber; Matthias Bethge http://arxiv.org/abs/1712.04006 Training Ensembles to Detect Adversarial Examples. Alexander Bagnall; Razvan Bunescu; Gordon Stewart http://arxiv.org/abs/1712.03632 Robust Deep Reinforcement Learning with Adversarial Attacks. Anay Pattanaik; Zhenyi Tang; Shuijing Liu; Gautham Bommannan; Girish Chowdhary http://arxiv.org/abs/1712.03390 NAG: Network for Adversary Generation. Konda Reddy Mopuri; Utkarsh Ojha; Utsav Garg; R. Venkatesh Babu http://arxiv.org/abs/1712.03141 Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning. Battista Biggio; Fabio Roli http://arxiv.org/abs/1712.02976 Defense against Adversarial Attacks Using High-Level Representation Guided Denoiser. Fangzhou Liao; Ming Liang; Yinpeng Dong; Tianyu Pang; Xiaolin Hu; Jun Zhu http://arxiv.org/abs/1712.02494 Adversarial Examples that Fool Detectors. Jiajun Lu; Hussein Sibai; Evan Fabry http://arxiv.org/abs/1712.02779 Exploring the Landscape of Spatial Robustness. Logan Engstrom; Brandon Tran; Dimitris Tsipras; Ludwig Schmidt; Aleksander Madry http://arxiv.org/abs/1712.02328 Generative Adversarial Perturbations. Omid Poursaeed; Isay Katsman; Bicheng Gao; Serge Belongie http://arxiv.org/abs/1712.02051 Attacking Visual Language Grounding with Adversarial Examples: A Case Study on Neural Image Captioning. Hongge Chen; Huan Zhang; Pin-Yu Chen; Jinfeng Yi; Cho-Jui Hsieh http://arxiv.org/abs/1712.01785 Towards Practical Verification of Machine Learning: The Case of Computer Vision Systems. Kexin Pei; Linjie Zhu; Yinzhi Cao; Junfeng Yang; Carl Vondrick; Suman Jana http://arxiv.org/abs/1712.00699 Improving Network Robustness against Adversarial Attacks with Compact Convolution. Rajeev Ranjan; Swami Sankaranarayanan; Carlos D. Castillo; Rama Chellappa http://arxiv.org/abs/1712.00673 Towards Robust Neural Networks via Random Self-ensemble. Xuanqing Liu; Minhao Cheng; Huan Zhang; Cho-Jui Hsieh http://arxiv.org/abs/1712.00558 Where Classification Fails, Interpretation Rises. Chanh Nguyen; Georgi Georgiev; Yujie Ji; Ting Wang http://arxiv.org/abs/1711.11561 Measuring the tendency of CNNs to Learn Surface Statistical Regularities. Jason Jo; Yoshua Bengio http://arxiv.org/abs/1711.10056 Adversary Detection in Neural Networks via Persistent Homology. Thomas Gebhart; Paul Schrater http://arxiv.org/abs/1711.09856 On the Robustness of Semantic Segmentation Models to Adversarial Attacks. Anurag Arnab; Ondrej Miksik; Philip H. S. Torr http://arxiv.org/abs/1711.09681 Butterfly Effect: Bidirectional Control of Classification Performance by Small Additive Perturbation. YoungJoon Yoo; Seonguk Park; Junyoung Choi; Sangdoo Yun; Nojun Kwak http://arxiv.org/abs/1711.09404 Improving the Adversarial Robustness and Interpretability of Deep Neural Networks by Regularizing their Input Gradients. Andrew Slavin Ross; Finale Doshi-Velez http://arxiv.org/abs/1711.09115 Geometric robustness of deep networks: analysis and improvement. Can Kanbak; Seyed-Mohsen Moosavi-Dezfooli; Pascal Frossard http://arxiv.org/abs/1711.08534 Safer Classification by Synthesis. William Wang; Angelina Wang; Aviv Tamar; Xi Chen; Pieter Abbeel http://arxiv.org/abs/1711.08478 MagNet and "Efficient Defenses Against Adversarial Attacks" are Not Robust to Adversarial Examples. Nicholas Carlini; David Wagner http://arxiv.org/abs/1711.08244 Adversarial Phenomenon in the Eyes of Bayesian Deep Learning. Ambrish Rawat; Martin Wistuba; Maria-Irina Nicolae http://arxiv.org/abs/1711.08001 Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training. Xi Wu; Uyeong Jang; Jiefeng Chen; Lingjiao Chen; Somesh Jha http://arxiv.org/abs/1711.07356 Evaluating Robustness of Neural Networks with Mixed Integer Programming. Vincent Tjeng; Kai Xiao; Russ Tedrake http://arxiv.org/abs/1711.07183 Adversarial Attacks Beyond the Image Space. Xiaohui Zeng; Chenxi Liu; Yu-Siang Wang; Weichao Qiu; Lingxi Xie; Yu-Wing Tai; Chi Keung Tang; Alan L. Yuille http://arxiv.org/abs/1711.06598 How Wrong Am I? - Studying Adversarial Examples and their Impact on Uncertainty in Gaussian Process Machine Learning Models. Kathrin Grosse; David Pfaff; Michael Thomas Smith; Michael Backes http://arxiv.org/abs/1711.05934 Enhanced Attacks on Defensively Distilled Deep Neural Networks. Yujia Liu; Weiming Zhang; Shaohua Li; Nenghai Yu http://arxiv.org/abs/1711.05929 Defense against Universal Adversarial Perturbations. Naveed Akhtar; Jian Liu; Ajmal Mian http://arxiv.org/abs/1711.05475 The best defense is a good offense: Countering black box attacks by predicting slightly wrong labels. Yannic Kilcher; Thomas Hofmann http://arxiv.org/abs/1711.04368 Machine vs Machine: Minimax-Optimal Defense Against Adversarial Examples. Jihun Hamm; Akshay Mehra http://arxiv.org/abs/1711.03280 Crafting Adversarial Examples For Speech Paralinguistics Applications. Yuan Gong; Christian Poellabauer http://arxiv.org/abs/1711.02846 Intriguing Properties of Adversarial Examples. Ekin D. Cubuk; Barret Zoph; Samuel S. Schoenholz; Quoc V. Le http://arxiv.org/abs/1711.01991 Mitigating Adversarial Effects Through Randomization. Cihang Xie; Jianyu Wang; Zhishuai Zhang; Zhou Ren; Alan Yuille http://arxiv.org/abs/1711.01791 HyperNetworks with statistical filtering for defending adversarial examples. Zhun Sun; Mete Ozay; Takayuki Okatani http://arxiv.org/abs/1711.01768 Towards Reverse-Engineering Black-Box Neural Networks. Seong Joon Oh; Max Augustin; Bernt Schiele; Mario Fritz http://arxiv.org/abs/1711.00867 The (Un)reliability of saliency methods. Pieter-Jan Kindermans; Sara Hooker; Julius Adebayo; Maximilian Alber; Kristof T. Schütt; Sven Dähne; Dumitru Erhan; Been Kim http://arxiv.org/abs/1711.00851 Provable defenses against adversarial examples via the convex outer adversarial polytope. Eric Wong; J. Zico Kolter http://arxiv.org/abs/1711.00449 Attacking Binarized Neural Networks. Angus Galloway; Graham W. Taylor; Medhat Moussa http://arxiv.org/abs/1711.00117 Countering Adversarial Images using Input Transformations. Chuan Guo; Mayank Rana; Moustapha Cisse; der Maaten Laurens van http://arxiv.org/abs/1710.11469 Conditional Variance Penalties and Domain Shift Robustness. Christina Heinze-Deml; Nicolai Meinshausen http://arxiv.org/abs/1710.11342 Generating Natural Adversarial Examples. Zhengli Zhao; Dheeru Dua; Sameer Singh http://arxiv.org/abs/1710.10766 PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples. Yang Song; Taesup Kim; Sebastian Nowozin; Stefano Ermon; Nate Kushman http://arxiv.org/abs/1710.10733 Attacking the Madry Defense Model with $L_1$-based Adversarial Examples. Yash Sharma; Pin-Yu Chen http://arxiv.org/abs/1710.10571 Certifying Some Distributional Robustness with Principled Adversarial Training. Aman Sinha; Hongseok Namkoong; Riccardo Volpi; John Duchi http://arxiv.org/abs/1710.10547 Interpretation of Neural Networks is Fragile. Amirata Ghorbani; Abubakar Abid; James Zou http://arxiv.org/abs/1710.10225 Adversarial Detection of Flash Malware: Limitations and Open Issues. Davide Maiorca; Ambra Demontis; Battista Biggio; Fabio Roli; Giorgio Giacinto http://arxiv.org/abs/1710.09412 mixup: Beyond Empirical Risk Minimization. Hongyi Zhang; Moustapha Cisse; Yann N. Dauphin; David Lopez-Paz http://arxiv.org/abs/1710.08864 One pixel attack for fooling deep neural networks. Jiawei Su; Danilo Vasconcellos Vargas; Sakurai Kouichi http://arxiv.org/abs/1710.07859 Feature-Guided Black-Box Safety Testing of Deep Neural Networks. Matthew Wicker; Xiaowei Huang; Marta Kwiatkowska http://arxiv.org/abs/1710.06081 Boosting Adversarial Attacks with Momentum. Yinpeng Dong; Fangzhou Liao; Tianyu Pang; Hang Su; Jun Zhu; Xiaolin Hu; Jianguo Li http://arxiv.org/abs/1710.04677 Game-Theoretic Design of Secure and Resilient Distributed Support Vector Machines with Adversaries. Rui Zhang; Quanyan Zhu http://arxiv.org/abs/1710.03337 Standard detectors aren't (currently) fooled by physical adversarial stop signs. Jiajun Lu; Hussein Sibai; Evan Fabry; David Forsyth http://arxiv.org/abs/1710.03107 Verification of Binarized Neural Networks via Inter-Neuron Factoring. Chih-Hong Cheng; Georg Nührenberg; Chung-Hao Huang; Harald Ruess http://arxiv.org/abs/1710.00814 Detecting Adversarial Attacks on Neural Network Policies with Visual Foresight. Yen-Chen Lin; Ming-Yu Liu; Min Sun; Jia-Bin Huang http://arxiv.org/abs/1710.00486 DeepSafe: A Data-driven Approach for Checking Adversarial Robustness in Neural Networks. Divya Gopinath; Guy Katz; Corina S. Pasareanu; Clark Barrett http://arxiv.org/abs/1709.10207 Provably Minimally-Distorted Adversarial Examples. Nicholas Carlini; Guy Katz; Clark Barrett; David L. Dill http://arxiv.org/abs/1709.09917 DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization. Ferdinand Technische Universität Darmstadt, Germany Brasser; Srdjan ETH Zurich, Switzerland Capkun; Alexandra University of Würzburg Dmitrienko; Tommaso Technische Universität Darmstadt, Germany Frassetto; Kari ETH Zurich, Switzerland Kostiainen; Ahmad-Reza Technische Universität Darmstadt, Germany Sadeghi http://arxiv.org/abs/1709.09130 Output Range Analysis for Deep Neural Networks. Souradeep Dutta; Susmit Jha; Sriram Sanakaranarayanan; Ashish Tiwari http://arxiv.org/abs/1709.08693 Fooling Vision and Language Models Despite Localization and Attention Mechanism. Xiaojun Xu; Xinyun Chen; Chang Liu; Anna Rohrbach; Trevor Darrell; Dawn Song http://arxiv.org/abs/1709.06662 Verifying Properties of Binarized Deep Neural Networks. Nina Narodytska; Shiva Prasad Kasiviswanathan; Leonid Ryzhyk; Mooly Sagiv; Toby Walsh http://arxiv.org/abs/1709.05583 Mitigating Evasion Attacks to Deep Neural Networks via Region-based Classification. Xiaoyu Cao; Neil Zhenqiang Gong http://arxiv.org/abs/1709.04447 A Learning and Masking Approach to Secure Learning. Linh Nguyen; Sky Wang; Arunesh Sinha http://arxiv.org/abs/1709.04137 Models and Framework for Adversarial Attacks on Complex Adaptive Systems. Vahid Behzadan; Arslan Munir http://arxiv.org/abs/1709.04114 EAD: Elastic-Net Attacks to Deep Neural Networks via Adversarial Examples. Pin-Yu Chen; Yash Sharma; Huan Zhang; Jinfeng Yi; Cho-Jui Hsieh http://arxiv.org/abs/1709.03582 Art of singular vectors and universal adversarial perturbations. Valentin Khrulkov; Ivan Oseledets http://arxiv.org/abs/1709.03423 Ensemble Methods as a Defense to Adversarial Perturbations Against Deep Neural Networks. Thilo Strauss; Markus Hanselmann; Andrej Junginger; Holger Ulmer http://arxiv.org/abs/1709.02802 Towards Proving the Adversarial Robustness of Deep Neural Networks. Guy Stanford University Katz; Clark Stanford University Barrett; David L. Stanford University Dill; Kyle Stanford University Julian; Mykel J. Stanford University Kochenderfer http://arxiv.org/abs/1709.02538 DeepFense: Online Accelerated Defense Against Adversarial Deep Learning. Bita Darvish Rouhani; Mohammad Samragh; Mojan Javaheripi; Tara Javidi; Farinaz Koushanfar http://arxiv.org/abs/1709.00609 Security Evaluation of Pattern Classifiers under Attack. Battista Biggio; Giorgio Fumera; Fabio Roli http://arxiv.org/abs/1709.00045 On Security and Sparsity of Linear Classifiers for Adversarial Settings. Ambra Demontis; Paolo Russu; Battista Biggio; Giorgio Fumera; Fabio Roli http://arxiv.org/abs/1708.09790 Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin. Yujin Kwon; Dohyun Kim; Yunmok Son; Eugene Vasserman; Yongdae Kim http://arxiv.org/abs/1708.09056 Practical Attacks Against Graph-based Clustering. Yizheng Chen; Yacin Nadji; Athanasios Kountouras; Fabian Monrose; Roberto Perdisci; Manos Antonakakis; Nikolaos Vasiloglou http://arxiv.org/abs/1708.08559 DeepTest: Automated Testing of Deep-Neural-Network-driven Autonomous Cars. Yuchi Tian; Kexin Pei; Suman Jana; Baishakhi Ray http://arxiv.org/abs/1708.08327 Improving Robustness of ML Classifiers against Realizable Evasion Attacks Using Conserved Features. Liang Tong; Bo Li; Chen Hajaj; Chaowei Xiao; Ning Zhang; Yevgeniy Vorobeychik http://arxiv.org/abs/1708.06939 Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub Humanoid. Marco Melis; Ambra Demontis; Battista Biggio; Gavin Brown; Giorgio Fumera; Fabio Roli http://arxiv.org/abs/1708.06670 CNN Fixations: An unraveling approach to visualize the discriminative image regions. Konda Reddy Mopuri; Utsav Garg; R. Venkatesh Babu http://arxiv.org/abs/1708.06131 Evasion Attacks against Machine Learning at Test Time. Battista Biggio; Igino Corona; Davide Maiorca; Blaine Nelson; Nedim Srndic; Pavel Laskov; Giorgio Giacinto; Fabio Roli http://arxiv.org/abs/1708.05493 Towards Interpretable Deep Neural Networks by Leveraging Adversarial Examples. Yinpeng Dong; Hang Su; Jun Zhu; Fan Bao http://arxiv.org/abs/1708.05207 Learning Universal Adversarial Perturbations with Generative Models. Jamie Hayes; George Danezis http://arxiv.org/abs/1708.04301 Attacking Automatic Video Analysis Algorithms: A Case Study of Google Cloud Video Intelligence API. Hossein Hosseini; Baicen Xiao; Andrew Clark; Radha Poovendran http://arxiv.org/abs/1708.03999 ZOO: Zeroth Order Optimization based Black-box Attacks to Deep Neural Networks without Training Substitute Models. Pin-Yu Chen; Huan Zhang; Yash Sharma; Jinfeng Yi; Cho-Jui Hsieh http://arxiv.org/abs/1708.02582 Cascade Adversarial Machine Learning Regularized with a Unified Embedding. Taesik Na; Jong Hwan Ko; Saibal Mukhopadhyay http://arxiv.org/abs/1708.01697 Adversarial Robustness: Softmax versus Openmax. Andras Rozsa; Manuel Günther; Terrance E. Boult http://arxiv.org/abs/1708.00807 Adversarial-Playground: A Visualization Suite Showing How Adversarial Examples Fool Deep Learning. Andrew P. Norton; Yanjun Qi http://arxiv.org/abs/1707.08945 Robust Physical-World Attacks on Deep Learning Models. Kevin Eykholt; Ivan Evtimov; Earlence Fernandes; Bo Li; Amir Rahmati; Chaowei Xiao; Atul Prakash; Tadayoshi Kohno; Dawn Song http://arxiv.org/abs/1707.07397 Synthesizing Robust Adversarial Examples. Anish Athalye; Logan Engstrom; Andrew Ilyas; Kevin Kwok http://arxiv.org/abs/1707.07328 Adversarial Examples for Evaluating Reading Comprehension Systems. Robin Jia; Percy Liang http://arxiv.org/abs/1707.07013 Confidence estimation in Deep Neural networks via density modelling. Akshayvarun Subramanya; Suraj Srinivas; R. Venkatesh Babu http://arxiv.org/abs/1707.06728 Efficient Defenses Against Adversarial Attacks. Valentina Zantedeschi; Maria-Irina Nicolae; Ambrish Rawat http://arxiv.org/abs/1707.05970 Generic Black-Box End-to-End Attack Against State of the Art API Call Based Malware Classifiers. Ishai Rosenberg; Asaf Shabtai; Lior Rokach; Yuval Elovici http://arxiv.org/abs/1707.05572 Fast Feature Fool: A data independent approach to universal adversarial perturbations. Konda Reddy Mopuri; Utsav Garg; R. Venkatesh Babu http://arxiv.org/abs/1707.05474 APE-GAN: Adversarial Perturbation Elimination with GAN. Shiwei Shen; Guoqing Jin; Ke Gao; Yongdong Zhang http://arxiv.org/abs/1707.05373 Houdini: Fooling Deep Structured Prediction Models. Moustapha Cisse; Yossi Adi; Natalia Neverova; Joseph Keshet http://arxiv.org/abs/1707.04131 Foolbox: A Python toolbox to benchmark the robustness of machine learning models. Jonas Rauber; Wieland Brendel; Matthias Bethge http://arxiv.org/abs/1707.03501 NO Need to Worry about Adversarial Examples in Object Detection in Autonomous Vehicles. Jiajun Lu; Hussein Sibai; Evan Fabry; David Forsyth http://arxiv.org/abs/1707.03184 A Survey on Resilient Machine Learning. Atul Kumar; Sameep Mehta http://arxiv.org/abs/1707.02812 Towards Crafting Text Adversarial Samples. Suranjana Samanta; Sameep Mehta http://arxiv.org/abs/1707.01159 UPSET and ANGRI : Breaking High Performance Image Classifiers. Sayantan Sarkar; Ankan Bansal; Upal Mahbub; Rama Chellappa http://arxiv.org/abs/1706.06969 Comparing deep neural networks against humans: object recognition when the signal gets weaker. Robert Geirhos; David H. J. Janssen; Heiko H. Schütt; Jonas Rauber; Matthias Bethge; Felix A. Wichmann http://arxiv.org/abs/1706.06083 Towards Deep Learning Models Resistant to Adversarial Attacks. Aleksander Madry; Aleksandar Makelov; Ludwig Schmidt; Dimitris Tsipras; Adrian Vladu http://arxiv.org/abs/1706.04701 Adversarial Example Defenses: Ensembles of Weak Defenses are not Strong. Warren He; James Wei; Xinyun Chen; Nicholas Carlini; Dawn Song http://arxiv.org/abs/1706.03922 Analyzing the Robustness of Nearest Neighbors to Adversarial Examples. Yizhen Wang; Somesh Jha; Kamalika Chaudhuri http://arxiv.org/abs/1706.01763 Adversarial-Playground: A Visualization Suite for Adversarial Sample Generation. Andrew Norton; Yanjun Qi http://arxiv.org/abs/1706.00633 Towards Robust Detection of Adversarial Examples. Tianyu Pang; Chao Du; Yinpeng Dong; Jun Zhu http://arxiv.org/abs/1705.10686 Feature Squeezing Mitigates and Detects Carlini/Wagner Adversarial Examples. Weilin Xu; David Evans; Yanjun Qi http://arxiv.org/abs/1705.09764 MAT: A Multi-strength Adversarial Training Method to Mitigate Adversarial Attacks. Chang Song; Hsin-Pai Cheng; Huanrui Yang; Sicheng Li; Chunpeng Wu; Qing Wu; Hai Li; Yiran Chen http://arxiv.org/abs/1705.09552 Classification regions of deep neural networks. Alhussein Fawzi; Seyed-Mohsen Moosavi-Dezfooli; Pascal Frossard; Stefano Soatto http://arxiv.org/abs/1705.09554 Robustness of classifiers to universal perturbations: a geometric perspective. Seyed-Mohsen Moosavi-Dezfooli; Alhussein Fawzi; Omar Fawzi; Pascal Frossard; Stefano Soatto http://arxiv.org/abs/1705.09064 MagNet: a Two-Pronged Defense against Adversarial Examples. Dongyu Meng; Hao Chen http://arxiv.org/abs/1705.08475 Formal Guarantees on the Robustness of a Classifier against Adversarial Manipulation. Matthias Hein; Maksym Andriushchenko http://arxiv.org/abs/1705.08378 Detecting Adversarial Image Examples in Deep Networks with Adaptive Noise Reduction. Bin Liang; Hongcheng Li; Miaoqiang Su; Xirong Li; Wenchang Shi; Xiaofeng Wang http://arxiv.org/abs/1705.08131 Black-Box Attacks against RNN based Malware Detection Algorithms. Weiwei Hu; Ying Tan http://arxiv.org/abs/1705.07819 Regularizing deep networks using efficient layerwise adversarial training. Swami Sankaranarayanan; Arpit Jain; Rama Chellappa; Ser Nam Lim http://arxiv.org/abs/1705.07535 Evading Classifiers by Morphing in the Dark. Hung Dang; Yue Huang; Ee-Chien Chang http://arxiv.org/abs/1705.07263 Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods. Nicholas Carlini; David Wagner http://arxiv.org/abs/1705.07204 Ensemble Adversarial Training: Attacks and Defenses. Florian Tramèr; Alexey Kurakin; Nicolas Papernot; Ian Goodfellow; Dan Boneh; Patrick McDaniel http://arxiv.org/abs/1705.07213 MTDeep: Boosting the Security of Deep Neural Nets Against Adversarial Attacks with Moving Target Defense. Sailik Sengupta; Tathagata Chakraborti; Subbarao Kambhampati http://arxiv.org/abs/1705.06640 DeepXplore: Automated Whitebox Testing of Deep Learning Systems. Kexin Pei; Yinzhi Cao; Junfeng Yang; Suman Jana http://arxiv.org/abs/1705.06452 Delving into adversarial attacks on deep policies. Jernej Kos; Dawn Song http://arxiv.org/abs/1705.05264 Extending Defensive Distillation. Nicolas Papernot; Patrick McDaniel http://arxiv.org/abs/1705.03387 Generative Adversarial Trainer: Defense to Adversarial Perturbations with GAN. Hyeungill Lee; Sungyeob Han; Jungwoo Lee http://arxiv.org/abs/1705.02900 Keeping the Bad Guys Out: Protecting and Vaccinating Deep Learning with JPEG Compression. Nilaksh Das; Madhuri Shanbhogue; Shang-Tse Chen; Fred Hohman; Li Chen; Michael E. Kounavis; Duen Horng Chau http://arxiv.org/abs/1705.02224 Detecting Adversarial Samples Using Density Ratio Estimates. Lovedeep Gondara http://arxiv.org/abs/1704.08996 Yes, Machine Learning Can Be More Secure! A Case Study on Android Malware Detection. Ambra Demontis; Marco Melis; Battista Biggio; Davide Maiorca; Daniel Arp; Konrad Rieck; Igino Corona; Giorgio Giacinto; Fabio Roli http://arxiv.org/abs/1704.08847 Parseval Networks: Improving Robustness to Adversarial Examples. Moustapha Cisse; Piotr Bojanowski; Edouard Grave; Yann Dauphin; Nicolas Usunier http://arxiv.org/abs/1704.08006 Deep Text Classification Can be Fooled. Bin Liang; Hongcheng Li; Miaoqiang Su; Pan Bian; Xirong Li; Wenchang Shi http://arxiv.org/abs/1704.05712 Universal Adversarial Perturbations Against Semantic Image Segmentation. Jan Hendrik Metzen; Mummadi Chaithanya Kumar; Thomas Brox; Volker Fischer http://arxiv.org/abs/1704.04960 Adversarial and Clean Data Are Not Twins. Zhitao Gong; Wenlu Wang; Wei-Shinn Ku http://arxiv.org/abs/1704.05051 Google's Cloud Vision API Is Not Robust To Noise. Hossein Hosseini; Baicen Xiao; Radha Poovendran http://arxiv.org/abs/1704.03453 The Space of Transferable Adversarial Examples. Florian Tramèr; Nicolas Papernot; Ian Goodfellow; Dan Boneh; Patrick McDaniel http://arxiv.org/abs/1704.03296 Interpretable Explanations of Black Boxes by Meaningful Perturbation. (1%) Ruth Fong; Andrea Vedaldi http://arxiv.org/abs/1704.02654 Enhancing Robustness of Machine Learning Systems via Data Transformations. Arjun Nitin Bhagoji; Daniel Cullina; Chawin Sitawarin; Prateek Mittal http://arxiv.org/abs/1704.01704 Adequacy of the Gradient-Descent Method for Classifier Evasion Attacks. Yi Han; Benjamin I. P. Rubinstein http://arxiv.org/abs/1704.01547 Comment on "Biologically inspired protection of deep networks from adversarial attacks". Wieland Brendel; Matthias Bethge http://arxiv.org/abs/1704.01155 Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. Weilin Xu; David Evans; Yanjun Qi http://arxiv.org/abs/1704.00103 SafetyNet: Detecting and Rejecting Adversarial Examples Robustly. Jiajun Lu; Theerasit Issaranon; David Forsyth http://arxiv.org/abs/1703.09387 Adversarial Transformation Networks: Learning to Generate Adversarial Examples. Shumeet Baluja; Ian Fischer http://arxiv.org/abs/1703.09202 Biologically inspired protection of deep networks from adversarial attacks. Aran Nayebi; Surya Ganguli http://arxiv.org/abs/1703.09793 Deceiving Google's Cloud Video Intelligence API Built for Summarizing Videos. Hossein Hosseini; Baicen Xiao; Radha Poovendran http://arxiv.org/abs/1703.08603 Adversarial Examples for Semantic Segmentation and Object Detection. Cihang Xie; Jianyu Wang; Zhishuai Zhang; Yuyin Zhou; Lingxi Xie; Alan Yuille http://arxiv.org/abs/1703.07928 Self corrective Perturbations for Semantic Segmentation and Classification. Swami Sankaranarayanan; Arpit Jain; Ser Nam Lim http://arxiv.org/abs/1703.07909 Data Driven Exploratory Attacks on Black Box Classifiers in Adversarial Domains. Tegjyot Singh Sethi; Mehmed Kantardzic http://arxiv.org/abs/1703.06857 On the Limitation of Convolutional Neural Networks in Recognizing Negative Images. Hossein Hosseini; Baicen Xiao; Mayoore Jaiswal; Radha Poovendran http://arxiv.org/abs/1703.05561 Fraternal Twins: Unifying Attacks on Machine Learning and Digital Watermarking. Erwin Quiring; Daniel Arp; Konrad Rieck http://arxiv.org/abs/1703.04318 Blocking Transferability of Adversarial Examples in Black-Box Learning Systems. Hossein Hosseini; Yize Chen; Sreeram Kannan; Baosen Zhang; Radha Poovendran http://arxiv.org/abs/1703.06748 Tactics of Adversarial Attack on Deep Reinforcement Learning Agents. Yen-Chen Lin; Zhang-Wei Hong; Yuan-Hong Liao; Meng-Li Shih; Ming-Yu Liu; Min Sun http://arxiv.org/abs/1703.01101 Adversarial Examples for Semantic Image Segmentation. Volker Fischer; Mummadi Chaithanya Kumar; Jan Hendrik Metzen; Thomas Brox http://arxiv.org/abs/1703.00978 Compositional Falsification of Cyber-Physical Systems with Machine Learning Components. Tommaso Dreossi; Alexandre Donzé; Sanjit A. Seshia http://arxiv.org/abs/1703.00410 Detecting Adversarial Samples from Artifacts. Reuben Feinman; Ryan R. Curtin; Saurabh Shintre; Andrew B. Gardner http://arxiv.org/abs/1702.08138 Deceiving Google's Perspective API Built for Detecting Toxic Comments. Hossein Hosseini; Sreeram Kannan; Baosen Zhang; Radha Poovendran http://arxiv.org/abs/1702.06856 Robustness to Adversarial Examples through an Ensemble of Specialists. Mahdieh Abbasi; Christian Gagné http://arxiv.org/abs/1702.06832 Adversarial examples for generative models. Jernej Kos; Ian Fischer; Dawn Song http://arxiv.org/abs/1702.06763 DeepCloak: Masking Deep Neural Network Models for Robustness Against Adversarial Samples. Ji Gao; Beilun Wang; Zeming Lin; Weilin Xu; Yanjun Qi http://arxiv.org/abs/1702.06280 On the (Statistical) Detection of Adversarial Examples. Kathrin Grosse; Praveen Manoharan; Nicolas Papernot; Michael Backes; Patrick McDaniel http://arxiv.org/abs/1702.05983 Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN. Weiwei Hu; Ying Tan http://arxiv.org/abs/1702.04267 On Detecting Adversarial Perturbations. Jan Hendrik Metzen; Tim Genewein; Volker Fischer; Bastian Bischoff http://arxiv.org/abs/1702.02284 Adversarial Attacks on Neural Network Policies. Sandy Huang; Nicolas Papernot; Ian Goodfellow; Yan Duan; Pieter Abbeel http://arxiv.org/abs/1702.01135 Reluplex: An Efficient SMT Solver for Verifying Deep Neural Networks. Guy Katz; Clark Barrett; David Dill; Kyle Julian; Mykel Kochenderfer http://arxiv.org/abs/1701.04143 Vulnerability of Deep Reinforcement Learning to Policy Induction Attacks. Vahid Behzadan; Arslan Munir http://arxiv.org/abs/1701.00939 Dense Associative Memory is Robust to Adversarial Inputs. Dmitry Krotov; John J Hopfield http://arxiv.org/abs/1612.07767 Adversarial Examples Detection in Deep Networks with Convolutional Filter Statistics. Xin Li; Fuxin Li http://arxiv.org/abs/1612.06299 Simple Black-Box Adversarial Perturbations for Deep Networks. Nina Narodytska; Shiva Prasad Kasiviswanathan http://arxiv.org/abs/1612.01401 Learning Adversary-Resistant Deep Neural Networks. Qinglong Wang; Wenbo Guo; Kaixuan Zhang; Alexander G. II Ororbia; Xinyu Xing; Xue Liu; C. Lee Giles http://arxiv.org/abs/1612.00334 A Theoretical Framework for Robustness of (Deep) Classifiers against Adversarial Examples. Beilun Wang; Ji Gao; Yanjun Qi http://arxiv.org/abs/1612.00155 Adversarial Images for Variational Autoencoders. Pedro Tabacof; Julia Tavares; Eduardo Valle http://arxiv.org/abs/1612.00410 Deep Variational Information Bottleneck. Alexander A. Alemi; Ian Fischer; Joshua V. Dillon; Kevin Murphy http://arxiv.org/abs/1612.00138 Towards Robust Deep Neural Networks with BANG. Andras Rozsa; Manuel Gunther; Terrance E. Boult http://arxiv.org/abs/1611.06179 LOTS about Attacking Deep Features. Andras Rozsa; Manuel Günther; Terrance E. Boult http://arxiv.org/abs/1611.04786 AdversariaLib: An Open-source Library for the Security Evaluation of Machine Learning Algorithms Under Attack. Igino Corona; Battista Biggio; Davide Maiorca http://arxiv.org/abs/1611.03814 Towards the Science of Security and Privacy in Machine Learning. Nicolas Papernot; Patrick McDaniel; Arunesh Sinha; Michael Wellman http://arxiv.org/abs/1611.02770 Delving into Transferable Adversarial Examples and Black-box Attacks. Yanpei Liu; Xinyun Chen; Chang Liu; Dawn Song http://arxiv.org/abs/1611.01236 Adversarial Machine Learning at Scale. Alexey Kurakin; Ian Goodfellow; Samy Bengio http://arxiv.org/abs/1610.08401 Universal adversarial perturbations. Seyed-Mohsen Moosavi-Dezfooli; Alhussein Fawzi; Omar Fawzi; Pascal Frossard http://arxiv.org/abs/1610.06940 Safety Verification of Deep Neural Networks. Xiaowei Huang; Marta Kwiatkowska; Sen Wang; Min Wu http://arxiv.org/abs/1610.04563 Are Accuracy and Robustness Correlated? Andras Rozsa; Manuel Günther; Terrance E. Boult http://arxiv.org/abs/1610.04256 Assessing Threat of Adversarial Examples on Deep Neural Networks. Abigail Graese; Andras Rozsa; Terrance E. Boult http://arxiv.org/abs/1610.01934 Using Non-invertible Data Transformations to Build Adversarial-Robust Neural Networks. Qinglong Wang; Wenbo Guo; Alexander G. II Ororbia; Xinyu Xing; Lin Lin; C. Lee Giles; Xue Liu; Peng Liu; Gang Xiong http://arxiv.org/abs/1610.01239 Adversary Resistant Deep Neural Networks with an Application to Malware Detection. Qinglong Wang; Wenbo Guo; Kaixuan Zhang; Alexander G. II Ororbia; Xinyu Xing; C. Lee Giles; Xue Liu http://arxiv.org/abs/1610.00768 Technical Report on the CleverHans v2.1.0 Adversarial Examples Library. Nicolas Papernot; Fartash Faghri; Nicholas Carlini; Ian Goodfellow; Reuben Feinman; Alexey Kurakin; Cihang Xie; Yash Sharma; Tom Brown; Aurko Roy; Alexander Matyasko; Vahid Behzadan; Karen Hambardzumyan; Zhishuai Zhang; Yi-Lin Juang; Zhi Li; Ryan Sheatsley; Abhibhav Garg; Jonathan Uesato; Willi Gierke; Yinpeng Dong; David Berthelot; Paul Hendricks; Jonas Rauber; Rujun Long; Patrick McDaniel http://arxiv.org/abs/1609.01461 Statistical Meta-Analysis of Presentation Attacks for Secure Multibiometric Systems. Battista Biggio; Giorgio Fumera; Gian Luca Marcialis; Fabio Roli http://arxiv.org/abs/1609.00804 Randomized Prediction Games for Adversarial Machine Learning. Samuel Rota Bulò; Battista Biggio; Ignazio Pillai; Marcello Pelillo; Fabio Roli http://arxiv.org/abs/1608.08967 Robustness of classifiers: from adversarial to random noise. Alhussein Fawzi; Seyed-Mohsen Moosavi-Dezfooli; Pascal Frossard http://arxiv.org/abs/1608.07690 A Boundary Tilting Persepective on the Phenomenon of Adversarial Examples. Thomas Tanay; Lewis Griffin http://arxiv.org/abs/1608.04644 Towards Evaluating the Robustness of Neural Networks. Nicholas Carlini; David Wagner http://arxiv.org/abs/1608.00853 A study of the effect of JPG compression on adversarial images. Gintare Karolina Dziugaite; Zoubin Ghahramani; Daniel M. Roy http://arxiv.org/abs/1608.00530 Early Methods for Detecting Adversarial Images. Dan Hendrycks; Kevin Gimpel http://arxiv.org/abs/1607.05113 On the Effectiveness of Defensive Distillation. Nicolas Papernot; Patrick McDaniel http://arxiv.org/abs/1607.04311 Defensive Distillation is Not Robust to Adversarial Examples. Nicholas Carlini; David Wagner http://arxiv.org/abs/1607.02533 Adversarial examples in the physical world. Alexey Kurakin; Ian Goodfellow; Samy Bengio http://arxiv.org/abs/1606.04435 Adversarial Perturbations Against Deep Neural Networks for Malware Classification. Kathrin Grosse; Nicolas Papernot; Praveen Manoharan; Michael Backes; Patrick McDaniel http://arxiv.org/abs/1605.07277 Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples. Nicolas Papernot; Patrick McDaniel; Ian Goodfellow http://arxiv.org/abs/1605.07262 Measuring Neural Net Robustness with Constraints. Osbert Bastani; Yani Ioannou; Leonidas Lampropoulos; Dimitrios Vytiniotis; Aditya Nori; Antonio Criminisi http://arxiv.org/abs/1605.05411 Are Facial Attributes Adversarially Robust? Andras Rozsa; Manuel Günther; Ethan M. Rudd; Terrance E. Boult http://arxiv.org/abs/1605.01775 Adversarial Diversity and Hard Positive Generation. Andras Rozsa; Ethan M. Rudd; Terrance E. Boult http://arxiv.org/abs/1604.08275 Crafting Adversarial Input Sequences for Recurrent Neural Networks. Nicolas Papernot; Patrick McDaniel; Ananthram Swami; Richard Harang http://arxiv.org/abs/1604.04326 Improving the Robustness of Deep Neural Networks via Stability Training. Stephan Zheng; Yang Song; Thomas Leung; Ian Goodfellow http://arxiv.org/abs/1604.02606 A General Retraining Framework for Scalable Adversarial Classification. Bo Li; Yevgeniy Vorobeychik; Xinyun Chen http://arxiv.org/abs/1603.05145 Suppressing the Unusual: towards Robust CNNs using Symmetric Activation Functions. Qiyang Zhao; Lewis D Griffin http://arxiv.org/abs/1602.05973 Breaking Symmetric Cryptosystems using Quantum Period Finding. (1%) Marc Kaplan; Gaëtan Leurent; Anthony Leverrier; María Naya-Plasencia http://arxiv.org/abs/1602.02697 Practical Black-Box Attacks against Machine Learning. Nicolas Papernot; Patrick McDaniel; Ian Goodfellow; Somesh Jha; Z. Berkay Celik; Ananthram Swami http://arxiv.org/abs/1602.02389 Ensemble Robustness and Generalization of Stochastic Deep Learning Algorithms. Tom Zahavy; Bingyi Kang; Alex Sivak; Jiashi Feng; Huan Xu; Shie Mannor http://arxiv.org/abs/1601.07213 Unifying Adversarial Training Algorithms with Flexible Deep Data Gradient Regularization. Alexander G. II Ororbia; C. Lee Giles; Daniel Kifer http://arxiv.org/abs/1511.07528 The Limitations of Deep Learning in Adversarial Settings. Nicolas Papernot; Patrick McDaniel; Somesh Jha; Matt Fredrikson; Z. Berkay Celik; Ananthram Swami http://arxiv.org/abs/1511.06385 A Unified Gradient Regularization Family for Adversarial Examples. Chunchuan Lyu; Kaizhu Huang; Hai-Ning Liang http://arxiv.org/abs/1511.06381 Manifold Regularized Deep Neural Networks using Adversarial Examples. Taehoon Lee; Minsuk Choi; Sungroh Yoon http://arxiv.org/abs/1511.06306 Robust Convolutional Neural Networks under Adversarial Noise. Jonghoon Jin; Aysegul Dundar; Eugenio Culurciello http://arxiv.org/abs/1511.06292 Foveation-based Mechanisms Alleviate Adversarial Examples. Yan Luo; Xavier Boix; Gemma Roig; Tomaso Poggio; Qi Zhao http://arxiv.org/abs/1511.06233 Towards Open Set Deep Networks. Abhijit Bendale; Terrance Boult http://arxiv.org/abs/1511.05432 Understanding Adversarial Training: Increasing Local Stability of Neural Nets through Robust Optimization. Uri Shaham; Yutaro Yamada; Sahand Negahban http://arxiv.org/abs/1511.05122 Adversarial Manipulation of Deep Representations. Sara Sabour; Yanshuai Cao; Fartash Faghri; David J. Fleet http://arxiv.org/abs/1511.04599 DeepFool: a simple and accurate method to fool deep neural networks. Seyed-Mohsen Moosavi-Dezfooli; Alhussein Fawzi; Pascal Frossard http://arxiv.org/abs/1511.04508 Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks. Nicolas Papernot; Patrick McDaniel; Xi Wu; Somesh Jha; Ananthram Swami http://arxiv.org/abs/1511.03034 Learning with a Strong Adversary. Ruitong Huang; Bing Xu; Dale Schuurmans; Csaba Szepesvari http://arxiv.org/abs/1510.05328 Exploring the Space of Adversarial Images. Pedro Tabacof; Eduardo Valle http://arxiv.org/abs/1510.04189 Improving Back-Propagation by Adding an Adversarial Gradient. Arild Nøkland http://arxiv.org/abs/1507.04761 Deep Learning and Music Adversaries. Corey Kereliuk; Bob L. Sturm; Jan Larsen http://arxiv.org/abs/1502.02590 Analysis of classifiers' robustness to adversarial perturbations. Alhussein Fawzi; Omar Fawzi; Pascal Frossard http://arxiv.org/abs/1412.6572 Explaining and Harnessing Adversarial Examples. Ian J. Goodfellow; Jonathon Shlens; Christian Szegedy http://arxiv.org/abs/1412.5068 Towards Deep Neural Network Architectures Robust to Adversarial Examples. Shixiang Gu; Luca Rigazio http://arxiv.org/abs/1412.1897 Deep Neural Networks are Easily Fooled: High Confidence Predictions for Unrecognizable Images. Anh Nguyen; Jason Yosinski; Jeff Clune http://arxiv.org/abs/1401.7727 Security Evaluation of Support Vector Machines in Adversarial Environments. Battista Biggio; Igino Corona; Blaine Nelson; Benjamin I. P. Rubinstein; Davide Maiorca; Giorgio Fumera; Giorgio Giacinto; and Fabio Roli http://arxiv.org/abs/1312.6199 Intriguing properties of neural networks. Christian Szegedy; Wojciech Zaremba; Ilya Sutskever; Joan Bruna; Dumitru Erhan; Ian Goodfellow; Rob Fergus