{"id":"https://openalex.org/W4385679845","doi":"https://doi.org/10.1109/sp46215.2023.10179451","title":"RAB: Provable Robustness Against Backdoor Attacks","display_name":"RAB: Provable Robustness Against Backdoor Attacks","publication_year":2023,"publication_date":"2023-05-01","ids":{"openalex":"https://openalex.org/W4385679845","doi":"https://doi.org/10.1109/sp46215.2023.10179451"},"language":"en","primary_location":{"id":"doi:10.1109/sp46215.2023.10179451","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179451","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5065377280","display_name":"Maurice Weber","orcid":"https://orcid.org/0000-0002-4176-8222"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":true,"raw_author_name":"Maurice Weber","raw_affiliation_strings":["ETH Zurich,Switzerland","ETH Zurich, Switzerland"],"affiliations":[{"raw_affiliation_string":"ETH Zurich,Switzerland","institution_ids":["https://openalex.org/I35440088"]},{"raw_affiliation_string":"ETH Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007385062","display_name":"Xiaojun Xu","orcid":"https://orcid.org/0000-0003-4306-7590"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaojun Xu","raw_affiliation_strings":["University of Illinois at Urbana-Champaign,USA","University of Illinois at Urbana-Champaign, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois at Urbana-Champaign,USA","institution_ids":["https://openalex.org/I157725225"]},{"raw_affiliation_string":"University of Illinois at Urbana-Champaign, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025073517","display_name":"Bojan Karla\u0161","orcid":"https://orcid.org/0000-0002-6462-3579"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Bojan Karla\u0161","raw_affiliation_strings":["ETH Zurich,Switzerland","ETH Zurich, Switzerland"],"affiliations":[{"raw_affiliation_string":"ETH Zurich,Switzerland","institution_ids":["https://openalex.org/I35440088"]},{"raw_affiliation_string":"ETH Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100383731","display_name":"Ce Zhang","orcid":"https://orcid.org/0000-0002-8105-7505"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Ce Zhang","raw_affiliation_strings":["ETH Zurich,Switzerland","ETH Zurich, Switzerland"],"affiliations":[{"raw_affiliation_string":"ETH Zurich,Switzerland","institution_ids":["https://openalex.org/I35440088"]},{"raw_affiliation_string":"ETH Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100677409","display_name":"Bo Li","orcid":"https://orcid.org/0000-0003-4883-7267"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bo Li","raw_affiliation_strings":["University of Illinois at Urbana-Champaign,USA","University of Illinois at Urbana-Champaign, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois at Urbana-Champaign,USA","institution_ids":["https://openalex.org/I157725225"]},{"raw_affiliation_string":"University of Illinois at Urbana-Champaign, USA","institution_ids":["https://openalex.org/I157725225"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5065377280"],"corresponding_institution_ids":["https://openalex.org/I35440088"],"apc_list":null,"apc_paid":null,"fwci":12.0541,"has_fulltext":false,"cited_by_count":79,"citation_normalized_percentile":{"value":0.99011052,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1311","last_page":"1328"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9754999876022339,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10645","display_name":"Cardiac Arrest and Resuscitation","score":0.9664000272750854,"subfield":{"id":"https://openalex.org/subfields/2711","display_name":"Emergency Medicine"},"field":{"id":"https://openalex.org/fields/27","display_name":"Medicine"},"domain":{"id":"https://openalex.org/domains/4","display_name":"Health Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9773148894309998},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.8142069578170776},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7100945711135864},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5897424221038818},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5810821056365967},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.16549625992774963}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9773148894309998},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.8142069578170776},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7100945711135864},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5897424221038818},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5810821056365967},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.16549625992774963},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp46215.2023.10179451","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179451","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5600000023841858,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320306151","display_name":"Alfred P. Sloan Foundation","ror":"https://ror.org/052csg198"},{"id":"https://openalex.org/F4320334678","display_name":"European Research Council","ror":"https://ror.org/0472cxd90"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":74,"referenced_works":["https://openalex.org/W1583837637","https://openalex.org/W2101234009","https://openalex.org/W2108598243","https://openalex.org/W2112796928","https://openalex.org/W2194775991","https://openalex.org/W2509109313","https://openalex.org/W2591602089","https://openalex.org/W2607219512","https://openalex.org/W2748789698","https://openalex.org/W2752929869","https://openalex.org/W2754049786","https://openalex.org/W2774423163","https://openalex.org/W2898759955","https://openalex.org/W2902931196","https://openalex.org/W2911495555","https://openalex.org/W2912083425","https://openalex.org/W2934843808","https://openalex.org/W2942091739","https://openalex.org/W2962710014","https://openalex.org/W2963448658","https://openalex.org/W2963564844","https://openalex.org/W2963952467","https://openalex.org/W2964043980","https://openalex.org/W2965721472","https://openalex.org/W2966689772","https://openalex.org/W2983044655","https://openalex.org/W2990270730","https://openalex.org/W3008901592","https://openalex.org/W3012113073","https://openalex.org/W3048759177","https://openalex.org/W3083878034","https://openalex.org/W3092753701","https://openalex.org/W3102720581","https://openalex.org/W3114686421","https://openalex.org/W3118608800","https://openalex.org/W3120740533","https://openalex.org/W3152758407","https://openalex.org/W3162804012","https://openalex.org/W3195614649","https://openalex.org/W3206431085","https://openalex.org/W3213537051","https://openalex.org/W3215171287","https://openalex.org/W4243565423","https://openalex.org/W4289300166","https://openalex.org/W4293846201","https://openalex.org/W4382448866","https://openalex.org/W6640425456","https://openalex.org/W6676935882","https://openalex.org/W6681673350","https://openalex.org/W6684320684","https://openalex.org/W6725794477","https://openalex.org/W6734354522","https://openalex.org/W6739088070","https://openalex.org/W6743581629","https://openalex.org/W6746897123","https://openalex.org/W6747819456","https://openalex.org/W6748475379","https://openalex.org/W6750462152","https://openalex.org/W6752654261","https://openalex.org/W6754602573","https://openalex.org/W6756074407","https://openalex.org/W6756333562","https://openalex.org/W6758684365","https://openalex.org/W6766336336","https://openalex.org/W6768126957","https://openalex.org/W6773640337","https://openalex.org/W6774126473","https://openalex.org/W6774685073","https://openalex.org/W6779272815","https://openalex.org/W6784055631","https://openalex.org/W6787972765","https://openalex.org/W6789206308","https://openalex.org/W6794566239","https://openalex.org/W6799246147"],"related_works":["https://openalex.org/W2961085424","https://openalex.org/W4306674287","https://openalex.org/W3046775127","https://openalex.org/W4394896187","https://openalex.org/W3170094116","https://openalex.org/W4386462264","https://openalex.org/W3107602296","https://openalex.org/W4364306694","https://openalex.org/W4312192474","https://openalex.org/W4283697347"],"abstract_inverted_index":{"Recent":[0],"studies":[1],"have":[2,25],"shown":[3],"that":[4,132,143,169],"deep":[5],"neural":[6],"net-works":[7],"(DNNs)":[8],"are":[9],"vulnerable":[10],"to":[11,86,105,147,173,230],"adversarial":[12],"attacks,":[13],"including":[14],"evasion":[15,37,92],"and":[16,33,79,93,110,130,162,199,205,208,243,251],"backdoor":[17,44,67,94,115,217],"(poisoning)":[18],"attacks.":[19,68,95,116,218,264],"On":[20],"the":[21,40,57,88,99,107,120,149,171,210,232,235,240,244],"defense":[22],"side,":[23],"there":[24],"been":[26],"intensive":[27],"efforts":[28],"on":[29,55,202,225,247,255],"improving":[30],"both":[31,91],"empirical":[32],"provable":[34,41],"robustness":[35,42,61,89,113,121,134,215],"against":[36,43,62,90,114,216,260],"attacks;":[38],"however,":[39],"attacks":[45],"still":[46],"remains":[47],"largely":[48],"unexplored.":[49],"In":[50,138,219],"this":[51],"paper,":[52],"we":[53,140,163,183,221],"focus":[54],"certifying":[56],"machine":[58,124,189],"learning":[59,125,190,258],"model":[60,109],"general":[63,261],"threat":[64],"models,":[65],"especially":[66],"We":[69,96,117],"first":[70,100,211],"provide":[71,209],"a":[72,176,226],"unified":[73],"framework":[74],"via":[75],"randomized":[76],"smoothing":[77],"techniques":[78],"show":[80,142],"how":[81],"it":[82,144],"can":[83],"be":[84],"instantiated":[85],"certify":[87,111],"then":[97],"propose":[98,164],"robust":[101,150,257],"training":[102,262],"process,":[103],"RAB,":[104],"smooth":[106],"trained":[108,127],"its":[112],"theoretically":[118,141],"prove":[119,131],"bound":[122,135],"for":[123,154,179,187,213],"models":[126,152,156,192,201,224,250],"with":[128],"RAB":[129],"our":[133],"is":[136,145],"tight.":[137],"addition,":[139,220],"possible":[146],"train":[148],"smoothed":[151],"efficiently":[153],"simple":[155],"such":[157,180,193],"as":[158,194],"K-nearest":[159],"neighbor":[160],"classifiers,":[161],"an":[165],"exact":[166,237],"smooth-training":[167],"algorithm":[168],"eliminates":[170],"need":[172],"sample":[174],"from":[175],"noise":[177],"distribution":[178],"models.":[181],"Empirically,":[182],"conduct":[184],"comprehensive":[185,245],"experiments":[186],"different":[188],"(ML)":[191],"DNNs,":[195],"support":[196],"vector":[197],"machines,":[198],"K-NN":[200,223],"MNIST,":[203],"CIFAR-10,":[204],"ImageNette":[206],"datasets":[207,252],"benchmark":[212],"certified":[214],"evaluate":[222],"spambase":[227],"tabular":[228],"dataset":[229],"demonstrate":[231],"advantages":[233],"of":[234],"proposed":[236],"algorithm.":[238],"Both":[239],"theoretic":[241],"analysis":[242],"evaluation":[246],"diverse":[248],"ML":[249],"shed":[253],"light":[254],"further":[256],"strategies":[259],"time":[263]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":24},{"year":2024,"cited_by_count":30},{"year":2023,"cited_by_count":15},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1}],"updated_date":"2026-04-14T08:04:32.555800","created_date":"2025-10-10T00:00:00"}