| A Game Theoretic Approach to Class-wise Selective Rationalization | Shiyu Chang · Yang Zhang · Mo Yu · Tommi Jaakkola |
| A Little Is Enough: Circumventing Defenses For Distributed Learning | Moran Baruch · Gilad Baruch · Yoav Goldberg |
| A New Defense Against Adversarial Images: Turning a Weakness into a Strength | Shengyuan Hu · Tao Yu · Chuan Guo · Wei-Lun Chao · Kilian Weinberger |
| Tight Certificates of Adversarial Robustness for Randomly Smoothed Classifiers | Guang-He Lee · Yang Yuan · Shiyu Chang · Tommi Jaakkola |
| Adversarial training for free! | Ali Shafahi · Mahyar Najibi · Mohammad Amin Ghiasi · Zheng Xu · John Dickerson · Christoph Studer · Larry Davis · Gavin Taylor · Tom Goldstein |
| Certifiable Robustness to Graph Perturbations | Aleksandar Bojchevski · Stephan Günnemann |
| Certified Adversarial Robustness with Additive Noise | Bai Li · Changyou Chen · Wenlin Wang · Lawrence Carin |
| Defense Against Adversarial Attacks Using Feature Scattering-based Adversarial Training | Haichao Zhang · Jianyu Wang |
| Efficient online learning with kernels for adversarial large scale problems | Rémi Jézéquel · Pierre Gaillard · Alessandro Rudi |
| Empirically Measuring Concentration: Fundamental Limits on Intrinsic Robustness | Saeed Mahloujifar · Xiao Zhang · Mohammad Mahmoody · David Evans |
| Error Correcting Output Codes Improve Probability Estimation and Adversarial Robustness of Deep Neural Networks | Gunjan Verma · Ananthram Swami |
| Learning from Bad Data via Generation | Tianyu Guo · Chang Xu · Boxin Shi · Chao Xu · Dacheng Tao |
| Multi-marginal Wasserstein GAN | Jiezhang Cao · Langyuan Mo · Yifan Zhang · Kui Jia · Chunhua Shen · Mingkui Tan |
| ResNets Ensemble via the Feynman-Kac Formalism to Improve Natural and Robust Accuracies | Bao Wang · Zuoqiang Shi · Stanley Osher |
| Subspace Attack: Exploiting Promising Subspaces for Query-Efficient Black-box Attacks | Yiwen Guo · Ziang Yan · Changshui Zhang |
| ZO-AdaMM: Zeroth-Order Adaptive Momentum Method for Black-Box Optimization | Xiangyi Chen · Sijia Liu · Kaidi Xu · Xingguo Li · Xue Lin · Mingyi Hong · David Cox |
| Adversarial Music: Real world Audio Adversary against Wake-word Detection System | Juncheng Li · Shuhui Qu · Xinjian Li · Joseph Szurley · J. Zico Kolter · Florian Metze |
| Adversarial Robustness through Local Linearization | Chongli Qin · James Martens · Sven Gowal · Dilip Krishnan · Krishnamurthy Dvijotham · Alhussein Fawzi · Soham De · Robert Stanforth · Pushmeet Kohli |
| Are Labels Required for Improving Adversarial Robustness? | Jean-Baptiste Alayrac · Jonathan Uesato · Po-Sen Huang · Alhussein Fawzi · Robert Stanforth · Pushmeet Kohli |
| Certifying Geometric Robustness of Neural Networks | Mislav Balunovic · Maximilian Baader · Gagandeep Singh · Timon Gehr · Martin Vechev |
| Cross-Domain Transferability of Adversarial Perturbations | Muhammad Muzammal Naseer · Salman H Khan · Muhammad Haris Khan · Fahad Shahbaz Khan · Fatih Porikli |
| Functional Adversarial Attacks | Cassidy Laidlaw · Soheil Feizi |
| Improving Black-box Adversarial Attacks with a Transfer-based Prior | Shuyu Cheng · Yinpeng Dong · Tianyu Pang · Hang Su · Jun Zhu |
| Invariance-inducing regularization using worst-case transformations suffices to boost accuracy and spatial robustness | Fanny Yang · Zuowen Wang · Christina Heinze-Deml |
| Learning to Confuse: Generating Training Time Adversarial Data with Auto-Encoder | Ji Feng · Qi-Zhi Cai · Zhi-Hua Zhou |
| On Robustness to Adversarial Examples and Polynomial Optimization | Pranjal Awasthi · Abhratanu Dutta · Aravindan Vijayaraghavan |
| Outlier-robust estimation of a sparse linear model using \ell_1-penalized Huber's M-estimator | Arnak Dalalyan · Philip Thompson |
| Policy Poisoning in Batch Reinforcement Learning and Control | Yuzhe Ma · Xuezhou Zhang · Wen Sun · Jerry Zhu |
| Provable Certificates for Adversarial Examples: Fitting a Ball in the Union of Polytopes | Matt Jordan · Justin Lewis · Alexandros Dimakis |
| Provably robust boosted decision stumps and trees against adversarial attacks | Maksym Andriushchenko · Matthias Hein |
| Provably Robust Deep Learning via Adversarially Trained Smoothed Classifiers | Hadi Salman · Jerry Li · Ilya Razenshteyn · Pengchuan Zhang · Huan Zhang · Sebastien Bubeck · Greg Yang |
| Robust Attribution Regularization | Jiefeng Chen · Xi Wu · Vaibhav Rastogi · Yingyu Liang · Somesh Jha |
| Robustness Verification of Tree-based Models | Hongge Chen · Huan Zhang · Si Si · Yang Li · Duane Boning · Cho-Jui Hsieh |