Add to ORKGRecent work has shown that state-of-the-art classifiers are quite brittle, in the sense that a small adversarial change of an originally with high confidence correctly classified input leads to a wrong classification again with high confidence. This raises concerns that such classifiers are vulnerable to attacks and calls into question their usage in safety-critical systems. We show in this paper for the first time formal guarantees on the robustness of a classifier by giving instance-specific lower bounds on the norm of the input manipulation required to change the classifier decision. Based on this analysis we propose the Cross-Lipschitz regularization functional. We show that using this form of regularization in kernel methods resp. neur...
Universal Adversarial Perturbations (UAPs) are input perturbations that can fool a neural network on...
Deep learning has seen tremendous growth, largely fueled by more powerful computers, the availabilit...
State-of-the-art classifiers have been shown to be largely vulnerable to adversarial perturbations. ...
International audienceThis paper investigates the theory of robustness against adversarial attacks. ...
Deep neural networks have proven remarkably effective at solving many classification problems, but h...
Recently smoothing deep neural network based classifiers via isotropic Gaussian perturbation is show...
In this thesis we explore adversarial examples for simple model families and simple data distributio...
The input-output mappings learned by state-of-the-art neural networks are significantly discontinuou...
It has been shown that neural network classifiers are not robust. This raises concerns about their u...
Adversarial training (AT) is currently one of the most successful methods to obtain the adversarial ...
Machine-learning techniques are widely used in securityrelated applications, like spam and malware d...
International audienceDespite achieving impressive performance, state-of-the-art classifiers remain ...
Since the Lipschitz properties of convolutional neural networks (CNNs) are widely considered to be r...
Risse N, Göpfert C, Göpfert JP. How to Compare Adversarial Robustness of Classifiers from a Global P...
Recent studies on the adversarial vulnerability of neural networks have shown that models trained wi...
Universal Adversarial Perturbations (UAPs) are input perturbations that can fool a neural network on...
Deep learning has seen tremendous growth, largely fueled by more powerful computers, the availabilit...
State-of-the-art classifiers have been shown to be largely vulnerable to adversarial perturbations. ...
International audienceThis paper investigates the theory of robustness against adversarial attacks. ...
Deep neural networks have proven remarkably effective at solving many classification problems, but h...
Recently smoothing deep neural network based classifiers via isotropic Gaussian perturbation is show...
In this thesis we explore adversarial examples for simple model families and simple data distributio...
The input-output mappings learned by state-of-the-art neural networks are significantly discontinuou...
It has been shown that neural network classifiers are not robust. This raises concerns about their u...
Adversarial training (AT) is currently one of the most successful methods to obtain the adversarial ...
Machine-learning techniques are widely used in securityrelated applications, like spam and malware d...
International audienceDespite achieving impressive performance, state-of-the-art classifiers remain ...
Since the Lipschitz properties of convolutional neural networks (CNNs) are widely considered to be r...
Risse N, Göpfert C, Göpfert JP. How to Compare Adversarial Robustness of Classifiers from a Global P...
Recent studies on the adversarial vulnerability of neural networks have shown that models trained wi...
Universal Adversarial Perturbations (UAPs) are input perturbations that can fool a neural network on...
Deep learning has seen tremendous growth, largely fueled by more powerful computers, the availabilit...
State-of-the-art classifiers have been shown to be largely vulnerable to adversarial perturbations. ...