{"id":"https://openalex.org/W3213537051","doi":"https://doi.org/10.1145/3460120.3485258","title":"TSS: Transformation-Specific Smoothing for Robustness Certification","display_name":"TSS: Transformation-Specific Smoothing for Robustness Certification","publication_year":2021,"publication_date":"2021-11-12","ids":{"openalex":"https://openalex.org/W3213537051","doi":"https://doi.org/10.1145/3460120.3485258","mag":"3213537051"},"language":"en","primary_location":{"id":"doi:10.1145/3460120.3485258","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3485258","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101915882","display_name":"Linyi Li","orcid":"https://orcid.org/0000-0002-5403-3217"},"institutions":[{"id":"https://openalex.org/I2801919071","display_name":"University of Illinois System","ror":"https://ror.org/05e94g991","country_code":"US","type":"education","lineage":["https://openalex.org/I2801919071"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Linyi Li","raw_affiliation_strings":["University of Illinois, Urbana, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois, Urbana, IL, USA","institution_ids":["https://openalex.org/I2801919071"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065377280","display_name":"Maurice Weber","orcid":"https://orcid.org/0000-0002-4176-8222"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Maurice Weber","raw_affiliation_strings":["ETH Z\u00fcrich, Z\u00fcrich, Switzerland"],"affiliations":[{"raw_affiliation_string":"ETH Z\u00fcrich, Z\u00fcrich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007385062","display_name":"Xiaojun Xu","orcid":"https://orcid.org/0000-0003-4306-7590"},"institutions":[{"id":"https://openalex.org/I2801919071","display_name":"University of Illinois System","ror":"https://ror.org/05e94g991","country_code":"US","type":"education","lineage":["https://openalex.org/I2801919071"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaojun Xu","raw_affiliation_strings":["University of Illinois, Urbana, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois, Urbana, IL, USA","institution_ids":["https://openalex.org/I2801919071"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020051246","display_name":"Luka Rimani\u0107","orcid":null},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Luka Rimanic","raw_affiliation_strings":["ETH Z\u00fcrich, Z\u00fcrich, Switzerland"],"affiliations":[{"raw_affiliation_string":"ETH Z\u00fcrich, Z\u00fcrich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041470575","display_name":"Bhavya Kailkhura","orcid":"https://orcid.org/0000-0002-2819-2919"},"institutions":[{"id":"https://openalex.org/I1282311441","display_name":"Lawrence Livermore National Laboratory","ror":"https://ror.org/041nk4h53","country_code":"US","type":"facility","lineage":["https://openalex.org/I1282311441","https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210138311"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bhavya Kailkhura","raw_affiliation_strings":["Lawrence Livermore National Laboratory, Livermore, CA, USA"],"affiliations":[{"raw_affiliation_string":"Lawrence Livermore National Laboratory, Livermore, CA, USA","institution_ids":["https://openalex.org/I1282311441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048118068","display_name":"Tao Xie","orcid":"https://orcid.org/0000-0002-6731-216X"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tao Xie","raw_affiliation_strings":["Peking University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100383731","display_name":"Ce Zhang","orcid":"https://orcid.org/0000-0002-8105-7505"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Ce Zhang","raw_affiliation_strings":["ETH Z\u00fcrich, Z\u00fcrich, Switzerland"],"affiliations":[{"raw_affiliation_string":"ETH Z\u00fcrich, Z\u00fcrich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100374474","display_name":"Bo Li","orcid":"https://orcid.org/0000-0002-9336-1862"},"institutions":[{"id":"https://openalex.org/I2801919071","display_name":"University of Illinois System","ror":"https://ror.org/05e94g991","country_code":"US","type":"education","lineage":["https://openalex.org/I2801919071"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bo Li","raw_affiliation_strings":["University of Illinois, Urbana, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois, Urbana, IL, USA","institution_ids":["https://openalex.org/I2801919071"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5101915882"],"corresponding_institution_ids":["https://openalex.org/I2801919071"],"apc_list":null,"apc_paid":null,"fwci":2.7194,"has_fulltext":false,"cited_by_count":21,"citation_normalized_percentile":{"value":0.91921167,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"535","last_page":"557"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9739999771118164,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.779143214225769},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.695419430732727},{"id":"https://openalex.org/keywords/smoothing","display_name":"Smoothing","score":0.48052486777305603},{"id":"https://openalex.org/keywords/certification","display_name":"Certification","score":0.4360802173614502},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.40817564725875854},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.38617846369743347},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3405102491378784},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.33994147181510925},{"id":"https://openalex.org/keywords/computer-vision","display_name":"Computer vision","score":0.1197269856929779}],"concepts":[{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.779143214225769},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.695419430732727},{"id":"https://openalex.org/C3770464","wikidata":"https://www.wikidata.org/wiki/Q775963","display_name":"Smoothing","level":2,"score":0.48052486777305603},{"id":"https://openalex.org/C46304622","wikidata":"https://www.wikidata.org/wiki/Q374814","display_name":"Certification","level":2,"score":0.4360802173614502},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.40817564725875854},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.38617846369743347},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3405102491378784},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.33994147181510925},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.1197269856929779},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3460120.3485258","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3485258","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.8299999833106995}],"awards":[{"id":"https://openalex.org/G4003042124","display_name":null,"funder_award_id":"No.1910100,CNS 20-46726 CAR","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W1677182931","https://openalex.org/W2616028256","https://openalex.org/W2900153411","https://openalex.org/W2963327228","https://openalex.org/W2963952467","https://openalex.org/W2965677914","https://openalex.org/W2996921661","https://openalex.org/W3005089002","https://openalex.org/W3039677769","https://openalex.org/W3044129898","https://openalex.org/W3105518781","https://openalex.org/W3108907903","https://openalex.org/W6600281463","https://openalex.org/W6600756316","https://openalex.org/W6601222452","https://openalex.org/W6702878494"],"related_works":["https://openalex.org/W2066052364","https://openalex.org/W1978572805","https://openalex.org/W2383807498","https://openalex.org/W4243365217","https://openalex.org/W1997992934","https://openalex.org/W2224296908","https://openalex.org/W2023743128","https://openalex.org/W3109981693","https://openalex.org/W1987225439","https://openalex.org/W4238188170"],"abstract_inverted_index":{"As":[0],"machine":[1],"learning":[2],"(ML)":[3],"systems":[4,26],"become":[5],"pervasive,":[6],"safeguarding":[7],"their":[8],"security":[9],"is":[10,190,231],"critical.":[11],"However,":[12],"recently":[13],"it":[14],"has":[15],"been":[16],"demonstrated":[17],"that":[18,123,173,194],"motivated":[19],"adversaries":[20],"are":[21],"able":[22],"to":[23,137,153,183,221],"mislead":[24],"ML":[25,47,71],"by":[27],"perturbing":[28],"test":[29],"data":[30],"using":[31],"semantic":[32,56,76,169],"transformations.":[33,77,103],"While":[34],"there":[35],"exists":[36],"a":[37,130,223],"rich":[38],"body":[39],"of":[40,83,157,167,179,186,226],"research":[41],"providing":[42],"provable":[43],"robustness":[44,72,116,198],"guarantees":[45,54],"for":[46,69],"models":[48],"against":[49,55,73,213,234],"Lp":[50],"bounded":[51],"adversarial":[52,75],"perturbations,":[53],"perturbations":[57],"remain":[58],"largely":[59],"underexplored.":[60],"In":[61],"this":[62],"paper,":[63],"we":[64,86,107,128,228],"provide":[65,154],"TSS-a":[66],"unified":[67],"framework":[68,142,207],"certifying":[70],"general":[74],"First,":[78],"depending":[79],"on":[80,134,163,199,218],"the":[81,105,139,177,180,184,191,200],"properties":[82],"each":[84],"transformation,":[85],"divide":[87],"common":[88],"transformations":[89,122,170],"into":[90],"two":[91],"categories,":[92],"namely":[93],"resolvable":[94,100],"(e.g.,":[95,101],"Gaussian":[96],"blur)":[97],"and":[98,113,127,148,171,237,244],"differentially":[99],"rotation)":[102],"For":[104,204],"former,":[106],"propose":[108,129],"transformation-specific":[109],"randomized":[110],"smoothing":[111],"strategies":[112,147],"obtain":[114],"strong":[115],"certification.":[117],"The":[118],"latter":[119],"category":[120],"covers":[121],"involve":[124],"interpolation":[125],"errors,":[126],"novel":[131],"approach":[132,193],"based":[133],"stratified":[135],"sampling":[136],"certify":[138],"robustness.":[140,158],"Our":[141],"TSS":[143,174,189,230],"leverages":[144],"these":[145],"certification":[146,156],"combines":[149],"with":[150],"consistency-enhanced":[151],"training":[152],"rigorous":[155],"We":[159],"conduct":[160],"extensive":[161],"experiments":[162],"over":[164],"ten":[165],"types":[166],"challenging":[168],"show":[172,229],"significantly":[175],"outperforms":[176],"state":[178],"art.":[181],"Moreover,":[182,220],"best":[185],"our":[187,206],"knowledge,":[188],"first":[192],"achieves":[195,208],"nontrivial":[196],"certified":[197,210],"large-scale":[201],"ImageNet":[202],"dataset.":[203],"instance,":[205],"30.4%":[209],"robust":[211,233],"accuracy":[212],"rotation":[214],"attack":[215],"(within":[216],"\u00b130\u00b0)":[217],"ImageNet.":[219],"consider":[222],"broader":[224],"range":[225],"transformations,":[227],"also":[232],"adaptive":[235],"attacks":[236],"unforeseen":[238],"image":[239],"corruptions":[240],"such":[241],"as":[242],"CIFAR-10-C":[243],"ImageNet-C.":[245]},"counts_by_year":[{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":13},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}