pith. sign in

Certified Robustness to Adversarial Examples with Differential Privacy

7 Pith papers cite this work. Polarity classification is still indexing.

7 Pith papers citing it
abstract

Adversarial examples that fool machine learning models, particularly deep neural networks, have been a topic of intense research interest, with attacks and defenses being developed in a tight back-and-forth. Most past defenses are best effort and have been shown to be vulnerable to sophisticated attacks. Recently a set of certified defenses have been introduced, which provide guarantees of robustness to norm-bounded attacks, but they either do not scale to large datasets or are limited in the types of models they can support. This paper presents the first certified defense that both scales to large networks and datasets (such as Google's Inception network for ImageNet) and applies broadly to arbitrary model types. Our defense, called PixelDP, is based on a novel connection between robustness against adversarial examples and differential privacy, a cryptographically-inspired formalism, that provides a rigorous, generic, and flexible foundation for defense.

citation-role summary

background 1

citation-polarity summary

years

2026 6 2019 1

verdicts

UNVERDICTED 7

roles

background 1

polarities

background 1

representative citing papers

The Threshold Breakdown Point

math.ST · 2026-05-05 · unverdicted · novelty 7.0 · 2 refs

Defines threshold breakdown point and m-sensitivity for M-estimators, derives their properties, extends to hypothesis testing, and supplies consistency, asymptotic normality, and multiplier bootstrap results.

Differentially private sub-Gaussian location estimators

math.ST · 2019-06-27 · unverdicted · novelty 6.0

Two new DP median estimators achieve sub-Gaussian deviations for unbounded variables without moments; DP mean estimators under heavy tails show strictly worse deviations than non-private versions.

citing papers explorer

Showing 7 of 7 citing papers.