{"id":"https://openalex.org/W4387723545","doi":"https://doi.org/10.48550/arxiv.2310.09361","title":"Is Certifying $\\ell_p$ Robustness Still Worthwhile?","display_name":"Is Certifying $\\ell_p$ Robustness Still Worthwhile?","publication_year":2023,"publication_date":"2023-10-13","ids":{"openalex":"https://openalex.org/W4387723545","doi":"https://doi.org/10.48550/arxiv.2310.09361"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2310.09361","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2310.09361","pdf_url":"https://arxiv.org/pdf/2310.09361","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2310.09361","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5002052018","display_name":"Ravi Mangal","orcid":"https://orcid.org/0000-0001-6267-6995"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Mangal, Ravi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077941255","display_name":"K. Rustan M. Leino","orcid":"https://orcid.org/0000-0003-2872-8039"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Leino, Klas","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101622957","display_name":"Zifan Wang","orcid":"https://orcid.org/0000-0002-8961-4302"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Zifan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048675276","display_name":"Kai Hu","orcid":"https://orcid.org/0000-0001-7181-9935"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hu, Kai","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008869138","display_name":"Weicheng Yu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yu, Weicheng","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053134485","display_name":"Corina S. P\u0103s\u0103reanu","orcid":"https://orcid.org/0000-0002-5579-6961"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pasareanu, Corina","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111177928","display_name":"Anupam Datta","orcid":"https://orcid.org/0009-0006-5125-7588"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Datta, Anupam","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5057424614","display_name":"Matt Fredrikson","orcid":"https://orcid.org/0000-0003-1820-1698"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Fredrikson, Matt","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5002052018"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.8193657398223877},{"id":"https://openalex.org/keywords/certification","display_name":"Certification","score":0.6548559069633484},{"id":"https://openalex.org/keywords/bounded-function","display_name":"Bounded function","score":0.6401935815811157},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6278132796287537},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5492475032806396},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5313746333122253},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5114156603813171},{"id":"https://openalex.org/keywords/guard","display_name":"Guard (computer science)","score":0.4264088273048401},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3024667203426361},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.22020652890205383},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.19901791214942932},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.11028236150741577},{"id":"https://openalex.org/keywords/biology","display_name":"Biology","score":0.09974956512451172}],"concepts":[{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.8193657398223877},{"id":"https://openalex.org/C46304622","wikidata":"https://www.wikidata.org/wiki/Q374814","display_name":"Certification","level":2,"score":0.6548559069633484},{"id":"https://openalex.org/C34388435","wikidata":"https://www.wikidata.org/wiki/Q2267362","display_name":"Bounded function","level":2,"score":0.6401935815811157},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6278132796287537},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5492475032806396},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5313746333122253},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5114156603813171},{"id":"https://openalex.org/C141141315","wikidata":"https://www.wikidata.org/wiki/Q2379942","display_name":"Guard (computer science)","level":2,"score":0.4264088273048401},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3024667203426361},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.22020652890205383},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.19901791214942932},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.11028236150741577},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.09974956512451172},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2310.09361","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2310.09361","pdf_url":"https://arxiv.org/pdf/2310.09361","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"doi:10.48550/arxiv.2310.09361","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2310.09361","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2310.09361","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2310.09361","pdf_url":"https://arxiv.org/pdf/2310.09361","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4387723545.pdf"},"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W1590307681","https://openalex.org/W2536018345","https://openalex.org/W4312814274","https://openalex.org/W4285370786","https://openalex.org/W2296488620","https://openalex.org/W2502115930","https://openalex.org/W2358353312"],"abstract_inverted_index":{"Over":[0],"the":[1,10,24,44,78,95,130,151,162,171,180,183,188,207,230,241],"years,":[2],"researchers":[3],"have":[4,51],"developed":[5],"myriad":[6],"attacks":[7],"that":[8,19,39,153,187,214,234,249],"exploit":[9],"ubiquity":[11],"of":[12,46,101,164,182,200,244],"adversarial":[13,245],"examples,":[14],"as":[15,17,77,142,193],"well":[16],"defenses":[18,38,50],"aim":[20],"to":[21,34,63,93,107,144,161,179,219,226,240,253],"guard":[22],"against":[23,43],"security":[25],"vulnerabilities":[26],"posed":[27],"by":[28],"such":[29],"attacks.":[30,48],"Of":[31],"particular":[32],"interest":[33],"this":[35,70,99,108,114],"paper":[36],"are":[37,104],"provide":[40],"provable":[41],"guarantees":[42],"class":[45],"$\\ell_p$-bounded":[47,131,189],"Certified":[49],"made":[52],"significant":[53],"progress,":[54],"taking":[55],"robustness":[56,122,155,216],"certification":[57,141,156,236],"from":[58,175],"toy":[59],"models":[60,201],"and":[61,247,266],"datasets":[62],"large-scale":[64],"problems":[65],"like":[66],"ImageNet":[67],"classification.":[68],"While":[69],"is":[71],"undoubtedly":[72],"an":[73],"interesting":[74],"academic":[75],"problem,":[76],"field":[79,163],"has":[80,211],"matured,":[81],"its":[82],"impact":[83],"in":[84,113,202],"practice":[85],"remains":[86],"unclear,":[87],"thus":[88],"we":[89,111,119,127,138,149,185,232],"find":[90],"it":[91],"useful":[92],"revisit":[94],"motivation":[96],"for":[97,197,229,278],"continuing":[98],"line":[100],"research.":[102],"There":[103],"three":[105],"layers":[106],"inquiry,":[109],"which":[110],"address":[112],"paper:":[115],"(1)":[116],"why":[117,125,136],"do":[118,126,137],"care":[120,128,139],"about":[121,129,140],"research?":[123],"(2)":[124],"threat":[132,190],"model?":[133],"And":[134],"(3)":[135],"opposed":[143],"empirical":[145],"defenses?":[146],"In":[147],"brief,":[148],"take":[150],"position":[152],"local":[154,215],"indeed":[157],"confers":[158],"practical":[159],"value":[160],"machine":[165],"learning.":[166],"We":[167],"focus":[168],"especially":[169],"on":[170],"latter":[172],"two":[173],"questions":[174],"above.":[176],"With":[177],"respect":[178],"first":[181],"two,":[184],"argue":[186,233],"model":[191],"acts":[192],"a":[194,238,260,274],"minimal":[195],"requirement":[196],"safe":[198],"application":[199],"security-critical":[203],"domains,":[204],"while":[205,268],"at":[206],"same":[208],"time,":[209],"evidence":[210],"mounted":[212],"suggesting":[213],"may":[217,257],"lead":[218],"downstream":[220],"external":[221],"benefits":[222],"not":[223,258],"immediately":[224],"related":[225],"robustness.":[227],"As":[228],"second,":[231],"(i)":[235],"provides":[237],"resolution":[239],"cat-and-mouse":[242],"game":[243],"attacks;":[246],"furthermore,":[248],"(ii)":[250],"perhaps":[251],"contrary":[252],"popular":[254],"belief,":[255],"there":[256],"exist":[259],"fundamental":[261],"trade-off":[262],"between":[263],"accuracy,":[264],"robustness,":[265],"certifiability,":[267],"moreover,":[269],"certified":[270],"training":[271],"techniques":[272],"constitute":[273],"particularly":[275],"promising":[276],"way":[277],"learning":[279],"robust":[280],"models.":[281]},"counts_by_year":[],"updated_date":"2026-03-11T14:59:36.786465","created_date":"2025-10-10T00:00:00"}