🛡️

Adversarial Robustness

Understanding and improving the robustness of deep learning models against adversarial attacks, with focus on certifiable defenses, robust generalization measures, and audio security.

Overview

Adversarial robustness is critical for deploying machine learning models in safety-critical applications. Our work spans both theoretical understanding and practical defenses, covering both visual and audio domains.

Key Directions

Robust Generalization: We systematically study which robustness measures (sharpness, spectral norms, margin) best predict robust generalization gap, providing practical guidelines for training (NeurIPS 2023).

Certifiable Robustness: We analyze the loss landscape geometry in certified adversarial training, revealing why standard training fails and how landscape-aware methods improve certified accuracy (NeurIPS 2021).

Audio Adversarial Attacks: We study the transferability of adversarial examples in speech classification systems, demonstrating vulnerabilities in deployed speech recognition models (Pattern Recognition 2023).

Jacobian Regularization: We propose impurity-weighted implicit Jacobian regularization that improves generalization without explicit computation (ICML 2023).

Representative Papers

Fantastic Robustness Measures: The Secrets of Robust Generalization · NeurIPS 2023
Towards Better Understanding of Training Certifiably Robust Models · NeurIPS 2021
Generating Transferable Adversarial Examples for Speech Classification · Pattern Recognition 2023
← Back to Research