{"id":"https://openalex.org/W4387389899","doi":"https://doi.org/10.48550/arxiv.2310.02513","title":"A Recipe for Improved Certifiable Robustness","display_name":"A Recipe for Improved Certifiable Robustness","publication_year":2023,"publication_date":"2023-10-04","ids":{"openalex":"https://openalex.org/W4387389899","doi":"https://doi.org/10.48550/arxiv.2310.02513"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2310.02513","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2310.02513","pdf_url":"https://arxiv.org/pdf/2310.02513","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2310.02513","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5048675276","display_name":"Kai Hu","orcid":"https://orcid.org/0000-0001-7181-9935"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Hu, Kai","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077941255","display_name":"K. Rustan M. Leino","orcid":"https://orcid.org/0000-0003-2872-8039"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Leino, Klas","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032942801","display_name":"Zifan Wang","orcid":"https://orcid.org/0000-0003-3394-8060"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Zifan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5057424614","display_name":"Matt Fredrikson","orcid":"https://orcid.org/0000-0003-1820-1698"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Fredrikson, Matt","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5048675276"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12808","display_name":"Ferroelectric and Negative Capacitance Devices","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10502","display_name":"Advanced Memory and Neural Computing","score":0.9933000206947327,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7286300659179688},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.7015275955200195},{"id":"https://openalex.org/keywords/overfitting","display_name":"Overfitting","score":0.6845350861549377},{"id":"https://openalex.org/keywords/lipschitz-continuity","display_name":"Lipschitz continuity","score":0.5384708642959595},{"id":"https://openalex.org/keywords/certification","display_name":"Certification","score":0.5022792816162109},{"id":"https://openalex.org/keywords/residual","display_name":"Residual","score":0.45810815691947937},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.41483473777770996},{"id":"https://openalex.org/keywords/mathematical-optimization","display_name":"Mathematical optimization","score":0.39356186985969543},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3746986389160156},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.3740234375},{"id":"https://openalex.org/keywords/computer-engineering","display_name":"Computer engineering","score":0.33170148730278015},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.22575831413269043},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.20620259642601013}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7286300659179688},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.7015275955200195},{"id":"https://openalex.org/C22019652","wikidata":"https://www.wikidata.org/wiki/Q331309","display_name":"Overfitting","level":3,"score":0.6845350861549377},{"id":"https://openalex.org/C22324862","wikidata":"https://www.wikidata.org/wiki/Q652707","display_name":"Lipschitz continuity","level":2,"score":0.5384708642959595},{"id":"https://openalex.org/C46304622","wikidata":"https://www.wikidata.org/wiki/Q374814","display_name":"Certification","level":2,"score":0.5022792816162109},{"id":"https://openalex.org/C155512373","wikidata":"https://www.wikidata.org/wiki/Q287450","display_name":"Residual","level":2,"score":0.45810815691947937},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.41483473777770996},{"id":"https://openalex.org/C126255220","wikidata":"https://www.wikidata.org/wiki/Q141495","display_name":"Mathematical optimization","level":1,"score":0.39356186985969543},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3746986389160156},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3740234375},{"id":"https://openalex.org/C113775141","wikidata":"https://www.wikidata.org/wiki/Q428691","display_name":"Computer engineering","level":1,"score":0.33170148730278015},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.22575831413269043},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.20620259642601013},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C13280743","wikidata":"https://www.wikidata.org/wiki/Q131089","display_name":"Geodesy","level":1,"score":0.0},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2310.02513","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2310.02513","pdf_url":"https://arxiv.org/pdf/2310.02513","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"doi:10.48550/arxiv.2310.02513","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2310.02513","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2310.02513","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2310.02513","pdf_url":"https://arxiv.org/pdf/2310.02513","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.49000000953674316,"id":"https://metadata.un.org/sdg/9"}],"awards":[{"id":"https://openalex.org/G2144278397","display_name":null,"funder_award_id":"FA8702-15-D-0002","funder_id":"https://openalex.org/F4320306078","funder_display_name":"U.S. Department of Defense"},{"id":"https://openalex.org/G2926940343","display_name":null,"funder_award_id":"FA8750-15-2-027","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G4713059963","display_name":null,"funder_award_id":"FA8750","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G6399177790","display_name":null,"funder_award_id":"FA8750-15-2-0277","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"}],"funders":[{"id":"https://openalex.org/F4320306078","display_name":"U.S. Department of Defense","ror":"https://ror.org/0447fe631"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4387389899.pdf"},"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4362597605","https://openalex.org/W1574414179","https://openalex.org/W3009056573","https://openalex.org/W4297676672","https://openalex.org/W2922073769","https://openalex.org/W4281702477","https://openalex.org/W4295815739","https://openalex.org/W2915512385","https://openalex.org/W4301867275","https://openalex.org/W2790610275"],"abstract_inverted_index":{"Recent":[0],"studies":[1],"have":[2],"highlighted":[3],"the":[4,57,78,90,104,129,154,163,190,193],"potential":[5,86,105],"of":[6,74,77,106,113,120,138,145,156,165,192],"Lipschitz-based":[7,107],"methods":[8],"for":[9,81,132,174],"training":[10],"certifiably":[11],"robust":[12],"neural":[13],"networks":[14],"against":[15],"adversarial":[16],"attacks.":[17],"A":[18],"key":[19],"challenge,":[20],"supported":[21],"both":[22],"theoretically":[23],"and":[24,33,118,141,178],"empirically,":[25],"is":[26,171,203],"that":[27,59,71,153],"robustness":[28],"demands":[29],"greater":[30],"network":[31,176],"capacity":[32,42,177],"more":[34,49,63,98],"data":[35,184],"than":[36,51,66],"standard":[37],"training.":[38],"However,":[39],"effectively":[40],"adding":[41],"under":[43],"stringent":[44],"Lipschitz":[45],"constraints":[46],"has":[47,84],"proven":[48],"difficult":[50],"it":[52],"may":[53],"seem,":[54],"evident":[55],"by":[56,197],"fact":[58],"state-of-the-art":[60,130,167],"approach":[61],"tend":[62],"towards":[64],"\\emph{underfitting}":[65],"overfitting.":[67],"Moreover,":[68],"we":[69,95,123,151],"posit":[70],"a":[72,97,111,136,143],"lack":[73],"careful":[75],"exploration":[76],"design":[79,116],"space":[80],"Lipshitz-based":[82],"approaches":[83],"left":[85],"performance":[87],"gains":[88],"on":[89,135],"table.":[91],"In":[92],"this":[93],"work,":[94,122],"provide":[96],"comprehensive":[99],"evaluation":[100],"to":[101,126,162,199],"better":[102],"uncover":[103],"certification":[108,134],"methods.":[109],"Using":[110],"combination":[112],"novel":[114],"techniques,":[115],"optimizations,":[117],"synthesis":[119],"prior":[121],"are":[124],"able":[125],"significantly":[127],"improve":[128],"VRA":[131,196],"deterministic":[133,195],"variety":[137],"benchmark":[139],"datasets,":[140],"over":[142],"range":[144],"perturbation":[146],"sizes.":[147],"Of":[148],"particular":[149],"note,":[150],"discover":[152],"addition":[155],"large":[157],"``Cholesky-orthogonalized":[158],"residual":[159],"dense''":[160],"layers":[161],"end":[164],"existing":[166],"Lipschitz-controlled":[168],"ResNet":[169],"architectures":[170],"especially":[172],"effective":[173],"increasing":[175],"performance.":[179],"Combined":[180],"with":[181],"filtered":[182],"generative":[183],"augmentation,":[185],"our":[186],"final":[187],"results":[188],"further":[189],"state":[191],"art":[194],"up":[198],"8.5":[200],"percentage":[201],"points\\footnote{Code":[202],"available":[204],"at":[205],"\\url{https://github.com/hukkai/liresnet}}.":[206]},"counts_by_year":[{"year":2024,"cited_by_count":1}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2023-10-06T00:00:00"}