1

We study how to certify and train for cost-sensitive robustness using randomized smoothing.

We highlight the importance of using dynamic FR strategies to evaluate AFR methods, and propose DivTrackee as a promising countermeasure.

We propose DiffPAD, a novel framework that harnesses the power of diffusion models for adversarial patch decontamination.

Understand the inherent vulnerabilities to indiscriminate data poisoning attacks for linear learners by studying the optimal poisoning strategy from the perspective of data distribution.

Built upon on a novel definition of label uncertainty, we develop an empirical method to estimate a more realistic intirnsic robustness limit for image classification tasks.

We show that concentration of measure does not prohibit the existence of adversarially robust classifiers using a novel method of empirical concentration estimation.

We propose a way to characterize the intrinsic robustness of image distributions under L2 perturbations using conditional generative models.

We propose an unsupervised learning method for obtaining robust representations based on a notion of representation vulnerability.

We develop a method to measure the concentration of image benchmarks using empirical samples and show that concentration of measure does not prohibit the existence of adversarially robust classifiers.

We propose a notion of cost-sensitive robustness for measuring classifier’s performance when adversarial transformations are not equally important, and provide a certified robust training method to optimize for it.