First DTW-certified robust anomaly detection for time series via randomized smoothing adapted through an l_p-to-DTW lower-bound transformation.
Certified Robustness to Adversarial Examples with Differential Privacy
7 Pith papers cite this work. Polarity classification is still indexing.
abstract
Adversarial examples that fool machine learning models, particularly deep neural networks, have been a topic of intense research interest, with attacks and defenses being developed in a tight back-and-forth. Most past defenses are best effort and have been shown to be vulnerable to sophisticated attacks. Recently a set of certified defenses have been introduced, which provide guarantees of robustness to norm-bounded attacks, but they either do not scale to large datasets or are limited in the types of models they can support. This paper presents the first certified defense that both scales to large networks and datasets (such as Google's Inception network for ImageNet) and applies broadly to arbitrary model types. Our defense, called PixelDP, is based on a novel connection between robustness against adversarial examples and differential privacy, a cryptographically-inspired formalism, that provides a rigorous, generic, and flexible foundation for defense.
citation-role summary
citation-polarity summary
verdicts
UNVERDICTED 7roles
background 1polarities
background 1representative citing papers
High-noise feature drift distinguishes adversarial from clean inputs in CLIP, allowing a plug-in gating mechanism to selectively trigger existing test-time defenses and raise mean clean+adversarial accuracy across 13 datasets.
Defines threshold breakdown point and m-sensitivity for M-estimators, derives their properties, extends to hypothesis testing, and supplies consistency, asymptotic normality, and multiplier bootstrap results.
Robust vision encoders from multimodal adversarial pretraining transfer to MLLMs and deliver large gains in adversarial captioning and VQA performance, while test-time stochastic transformations provide an effective black-box defense.
Two new DP median estimators achieve sub-Gaussian deviations for unbounded variables without moments; DP mean estimators under heavy tails show strictly worse deviations than non-private versions.
A randomized smoothing framework with feature ablation and Wilson score intervals provides formal certificates guaranteeing malware classifier robustness within a perturbation radius.
A survey that proposes a lifecycle-centric framework and the Financial AI Security and Robustness Taxonomy to organize 17 attack subtypes on AI pipelines in finance.
citing papers explorer
-
Fortifying Time Series: DTW-Certified Robust Anomaly Detection
First DTW-certified robust anomaly detection for time series via randomized smoothing adapted through an l_p-to-DTW lower-bound transformation.
-
Beyond False Stability: High-Noise Drift Gating for Test-Time Adversarial Defenses in Vision-Language Models
High-noise feature drift distinguishes adversarial from clean inputs in CLIP, allowing a plug-in gating mechanism to selectively trigger existing test-time defenses and raise mean clean+adversarial accuracy across 13 datasets.
-
The Threshold Breakdown Point
Defines threshold breakdown point and m-sensitivity for M-estimators, derives their properties, extends to hypothesis testing, and supplies consistency, asymptotic normality, and multiplier bootstrap results.
-
Investigating Adversarial Robustness of Multi-modal Large Language Models
Robust vision encoders from multimodal adversarial pretraining transfer to MLLMs and deliver large gains in adversarial captioning and VQA performance, while test-time stochastic transformations provide an effective black-box defense.
-
Differentially private sub-Gaussian location estimators
Two new DP median estimators achieve sub-Gaussian deviations for unbounded variables without moments; DP mean estimators under heavy tails show strictly worse deviations than non-private versions.
-
Towards Certified Malware Detection: Provable Guarantees Against Evasion Attacks
A randomized smoothing framework with feature ablation and Wilson score intervals provides formal certificates guaranteeing malware classifier robustness within a perturbation radius.
-
When AI Meets Wall Street: A Survey on Trustworthy AI in Fintech
A survey that proposes a lifecycle-centric framework and the Financial AI Security and Robustness Taxonomy to organize 17 attack subtypes on AI pipelines in finance.