{"id":"https://openalex.org/W4404644669","doi":"https://doi.org/10.1145/3689932.3694761","title":"Getting a-Round Guarantees: Floating-Point Attacks on Certified Robustness","display_name":"Getting a-Round Guarantees: Floating-Point Attacks on Certified Robustness","publication_year":2024,"publication_date":"2024-11-06","ids":{"openalex":"https://openalex.org/W4404644669","doi":"https://doi.org/10.1145/3689932.3694761"},"language":"en","primary_location":{"id":"doi:10.1145/3689932.3694761","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3689932.3694761","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5047825364","display_name":"Jiankai Jin","orcid":null},"institutions":[{"id":"https://openalex.org/I165779595","display_name":"The University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Jiankai Jin","raw_affiliation_strings":["The University of Melbourne, Melbourne, Australia"],"raw_orcid":"https://orcid.org/0009-0009-1008-482X","affiliations":[{"raw_affiliation_string":"The University of Melbourne, Melbourne, Australia","institution_ids":["https://openalex.org/I165779595"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011082117","display_name":"Olga Ohrimenko","orcid":"https://orcid.org/0000-0002-9735-0538"},"institutions":[{"id":"https://openalex.org/I165779595","display_name":"The University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Olga Ohrimenko","raw_affiliation_strings":["The University of Melbourne, Melbourne, Australia"],"raw_orcid":"https://orcid.org/0000-0002-9735-0538","affiliations":[{"raw_affiliation_string":"The University of Melbourne, Melbourne, Australia","institution_ids":["https://openalex.org/I165779595"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5078824132","display_name":"Benjamin I. P. Rubinstein","orcid":"https://orcid.org/0000-0002-2947-6980"},"institutions":[{"id":"https://openalex.org/I165779595","display_name":"The University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Benjamin I. P. Rubinstein","raw_affiliation_strings":["The University of Melbourne, Melbourne, Australia"],"raw_orcid":"https://orcid.org/0000-0002-2947-6980","affiliations":[{"raw_affiliation_string":"The University of Melbourne, Melbourne, Australia","institution_ids":["https://openalex.org/I165779595"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5047825364"],"corresponding_institution_ids":["https://openalex.org/I165779595"],"apc_list":null,"apc_paid":null,"fwci":0.6623,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.76281794,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"53","last_page":"64"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10142","display_name":"Formal Methods in Verification","score":0.9901000261306763,"subfield":{"id":"https://openalex.org/subfields/1703","display_name":"Computational Theory and Mathematics"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9789999723434448,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.7394387722015381},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6805424094200134},{"id":"https://openalex.org/keywords/certification","display_name":"Certification","score":0.5663734078407288},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.520366370677948},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3310849070549011}],"concepts":[{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.7394387722015381},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6805424094200134},{"id":"https://openalex.org/C46304622","wikidata":"https://www.wikidata.org/wiki/Q374814","display_name":"Certification","level":2,"score":0.5663734078407288},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.520366370677948},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3310849070549011},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3689932.3694761","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3689932.3694761","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W569478347","https://openalex.org/W1988115241","https://openalex.org/W2109742527","https://openalex.org/W2131798279","https://openalex.org/W2483775066","https://openalex.org/W2900153411","https://openalex.org/W2946149952","https://openalex.org/W2963054787","https://openalex.org/W2963857521","https://openalex.org/W2963952467","https://openalex.org/W2972713160","https://openalex.org/W3012981624","https://openalex.org/W3022909171","https://openalex.org/W3176862352","https://openalex.org/W3210373155","https://openalex.org/W4233996382","https://openalex.org/W4310895557"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2066052364","https://openalex.org/W4243365217","https://openalex.org/W2224296908","https://openalex.org/W2023743128","https://openalex.org/W3109981693","https://openalex.org/W2381980429","https://openalex.org/W2384206113"],"abstract_inverted_index":{"Adversarial":[0],"examples":[1,97],"pose":[2],"a":[3,12,26,33,36,39,44,84,173,225],"security":[4],"risk":[5],"as":[6,25],"they":[7],"can":[8,69,89,121,195,211],"alter":[9,57],"decisions":[10],"of":[11,75,111,237,244],"machine":[13],"learning":[14],"classifier":[15,34],"through":[16],"slight":[17],"input":[18,31],"perturbations.":[19],"Certified":[20],"robustness":[21,238],"has":[22],"been":[23],"proposed":[24],"mitigation":[27,227],"where":[28],"given":[29],"an":[30],"x,":[32],"returns":[35],"prediction":[37],"and":[38,133,168],"certified":[40,220],"radius":[41],"R":[42],"with":[43,52],"provable":[45],"guarantee":[46],"that":[47,66,78,88,105,118,128,137,207],"any":[48],"perturbation":[49,113],"to":[50,73,94,159,170,199,203,215,240,248],"x":[51],"R-bounded":[53],"norm":[54,110],"will":[55],"not":[56],"the":[58,109,112,119,142,162,177,181],"classifier's":[59],"prediction.":[60],"In":[61,141,176],"this":[62,92],"work,":[63],"we":[64,223],"show":[65,117],"these":[67],"guarantees":[68,132,217],"be":[70,122,212],"invalidated":[71],"due":[72],"limitations":[74,243],"floating-point":[76,189],"representation":[77],"cause":[79],"rounding":[80,85],"errors.":[81],"We":[82,116],"design":[83],"search":[86],"method":[87],"efficiently":[90],"exploit":[91],"vulnerability":[93],"find":[95],"adversarial":[96],"against":[98,125,134],"state-of-the-art":[99],"certifications":[100],"in":[101,107],"two":[102],"threat":[103,144,179],"models,":[104],"differ":[106],"how":[108],"is":[114],"computed.":[115],"attack":[120,149],"carried":[123],"out":[124],"linear":[126,156,166],"classifiers":[127],"have":[129,138],"exact":[130],"certifiable":[131,251],"neural":[135,174],"networks":[136],"conservative":[139],"certifications.":[140],"weak":[143],"model,":[145,180],"our":[146,193],"experiments":[147],"demonstrate":[148],"success":[150,182],"rates":[151,183],"over":[152],"50%":[153],"on":[154,161,230],"random":[155],"classifiers,":[157],"up":[158,169],"23%":[160],"MNIST":[163],"dataset":[164],"for":[165,172,242],"SVM,":[167],"15%":[171],"network.":[175],"strong":[178],"are":[184],"lower":[185],"but":[186],"positive.":[187],"The":[188],"errors":[190,210],"exploited":[191,214],"by":[192,219],"attacks":[194],"range":[196],"from":[197],"small":[198],"large":[200],"(e.g.,":[201],"10-13":[202],"103)":[204],"-":[205],"showing":[206],"even":[208],"negligible":[209],"systematically":[213],"invalidate":[216],"provided":[218],"robustness.":[221],"Finally,":[222],"propose":[224],"formal":[226],"approach":[228],"based":[229],"rounded":[231],"interval":[232],"arithmetic,":[233],"encouraging":[234],"future":[235],"implementations":[236],"certificates":[239],"account":[241],"modern":[245],"computing":[246],"architecture":[247],"provide":[249],"sound":[250],"guarantees.":[252]},"counts_by_year":[{"year":2025,"cited_by_count":2}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}