{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2018:OU6FS2BQLMNOMHT3WQKYKRH2BN","short_pith_number":"pith:OU6FS2BQ","schema_version":"1.0","canonical_sha256":"753c5968305b1ae61e7bb4158544fa0b69172e34ea0c6b362b1faeba994f7ba6","source":{"kind":"arxiv","id":"1802.05666","version":2},"attestation_state":"computed","paper":{"title":"Adversarial Risk and the Dangers of Evaluating Against Weak Attacks","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.CR","stat.ML"],"primary_cat":"cs.LG","authors_text":"Aaron van den Oord, Brendan O'Donoghue, Jonathan Uesato, Pushmeet Kohli","submitted_at":"2018-02-15T17:13:18Z","abstract_excerpt":"This paper investigates recently proposed approaches for defending against adversarial examples and evaluating adversarial robustness. We motivate 'adversarial risk' as an objective for achieving models robust to worst-case inputs. We then frame commonly used attacks and evaluation metrics as defining a tractable surrogate objective to the true adversarial risk. This suggests that models may optimize this surrogate rather than the true adversarial risk. We formalize this notion as 'obscurity to an adversary,' and develop tools and heuristics for identifying obscured models and designing transp"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"1802.05666","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.LG","submitted_at":"2018-02-15T17:13:18Z","cross_cats_sorted":["cs.CR","stat.ML"],"title_canon_sha256":"eebd173e401259d678be07ae31d4dc9761acd6fabef056c83c10d756afad11b3","abstract_canon_sha256":"547d39cb303d76806853eded74c3f42653db69ecd7f1f4b6bfa348fe1d148169"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:13:37.250528Z","signature_b64":"YBMg0uGlJGyfn9vcDy7Q/Orc4uYBvv/8duXu5N152F6ou+Is5mM47Z90UTPEZ+F3bKp8RsyDSlJoAjIEA1i5Ag==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"753c5968305b1ae61e7bb4158544fa0b69172e34ea0c6b362b1faeba994f7ba6","last_reissued_at":"2026-05-18T00:13:37.249977Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:13:37.249977Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Adversarial Risk and the Dangers of Evaluating Against Weak Attacks","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.CR","stat.ML"],"primary_cat":"cs.LG","authors_text":"Aaron van den Oord, Brendan O'Donoghue, Jonathan Uesato, Pushmeet Kohli","submitted_at":"2018-02-15T17:13:18Z","abstract_excerpt":"This paper investigates recently proposed approaches for defending against adversarial examples and evaluating adversarial robustness. We motivate 'adversarial risk' as an objective for achieving models robust to worst-case inputs. We then frame commonly used attacks and evaluation metrics as defining a tractable surrogate objective to the true adversarial risk. This suggests that models may optimize this surrogate rather than the true adversarial risk. We formalize this notion as 'obscurity to an adversary,' and develop tools and heuristics for identifying obscured models and designing transp"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1802.05666","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"1802.05666","created_at":"2026-05-18T00:13:37.250048+00:00"},{"alias_kind":"arxiv_version","alias_value":"1802.05666v2","created_at":"2026-05-18T00:13:37.250048+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1802.05666","created_at":"2026-05-18T00:13:37.250048+00:00"},{"alias_kind":"pith_short_12","alias_value":"OU6FS2BQLMNO","created_at":"2026-05-18T12:32:43.782077+00:00"},{"alias_kind":"pith_short_16","alias_value":"OU6FS2BQLMNOMHT3","created_at":"2026-05-18T12:32:43.782077+00:00"},{"alias_kind":"pith_short_8","alias_value":"OU6FS2BQ","created_at":"2026-05-18T12:32:43.782077+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":1,"internal_anchor_count":0,"sample":[{"citing_arxiv_id":"2604.14457","citing_title":"NeuroTrace: Inference Provenance-Based Detection of Adversarial Examples","ref_index":15,"is_internal_anchor":false}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/OU6FS2BQLMNOMHT3WQKYKRH2BN","json":"https://pith.science/pith/OU6FS2BQLMNOMHT3WQKYKRH2BN.json","graph_json":"https://pith.science/api/pith-number/OU6FS2BQLMNOMHT3WQKYKRH2BN/graph.json","events_json":"https://pith.science/api/pith-number/OU6FS2BQLMNOMHT3WQKYKRH2BN/events.json","paper":"https://pith.science/paper/OU6FS2BQ"},"agent_actions":{"view_html":"https://pith.science/pith/OU6FS2BQLMNOMHT3WQKYKRH2BN","download_json":"https://pith.science/pith/OU6FS2BQLMNOMHT3WQKYKRH2BN.json","view_paper":"https://pith.science/paper/OU6FS2BQ","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=1802.05666&json=true","fetch_graph":"https://pith.science/api/pith-number/OU6FS2BQLMNOMHT3WQKYKRH2BN/graph.json","fetch_events":"https://pith.science/api/pith-number/OU6FS2BQLMNOMHT3WQKYKRH2BN/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/OU6FS2BQLMNOMHT3WQKYKRH2BN/action/timestamp_anchor","attest_storage":"https://pith.science/pith/OU6FS2BQLMNOMHT3WQKYKRH2BN/action/storage_attestation","attest_author":"https://pith.science/pith/OU6FS2BQLMNOMHT3WQKYKRH2BN/action/author_attestation","sign_citation":"https://pith.science/pith/OU6FS2BQLMNOMHT3WQKYKRH2BN/action/citation_signature","submit_replication":"https://pith.science/pith/OU6FS2BQLMNOMHT3WQKYKRH2BN/action/replication_record"}},"created_at":"2026-05-18T00:13:37.250048+00:00","updated_at":"2026-05-18T00:13:37.250048+00:00"}