{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T23:14:44Z","timestamp":1743030884764,"version":"3.40.3"},"publisher-location":"Cham","reference-count":50,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031546044"},{"type":"electronic","value":"9783031546051"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-54605-1_37","type":"book-chapter","created":{"date-parts":[[2024,3,7]],"date-time":"2024-03-07T11:43:10Z","timestamp":1709811790000},"page":"574-588","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Certified Robust Models with\u00a0Slack Control and\u00a0Large Lipschitz Constants"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6525-4528","authenticated-orcid":false,"given":"Max","family":"Losch","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6286-1805","authenticated-orcid":false,"given":"David","family":"Stutz","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9683-5237","authenticated-orcid":false,"given":"Bernt","family":"Schiele","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8949-9896","authenticated-orcid":false,"given":"Mario","family":"Fritz","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,3,8]]},"reference":[{"key":"37_CR1","unstructured":"Anil, C., Lucas, J., Grosse, R.: Sorting out Lipschitz function approximation. In: ICML (2019)"},{"key":"37_CR2","unstructured":"Araujo, A., Havens, A.J., Delattre, B., Allauzen, A., Hu, B.: A unified algebraic perspective on Lipschitz neural networks. In: ICLR (2023)"},{"key":"37_CR3","unstructured":"Bartlett, P.L., Foster, D.J., Telgarsky, M.J.: Spectrally-normalized margin bounds for neural networks. In: NeurIPS (2017)"},{"key":"37_CR4","doi-asserted-by":"crossref","unstructured":"Bartlett, P.L., Mendelson, S.: Rademacher and gaussian complexities: risk bounds and structural results. In: JMLR (2002)","DOI":"10.1007\/3-540-44581-1_15"},{"key":"37_CR5","unstructured":"Carlini, N., et al.: On evaluating adversarial robustness. In: ICLR (2019)"},{"key":"37_CR6","unstructured":"Carmon, Y., Raghunathan, A., Schmidt, L., Duchi, J.C., Liang, P.S.: Unlabeled data improves adversarial robustness. In: NeurIPS (2019)"},{"key":"37_CR7","unstructured":"Cisse, M., Bojanowski, P., Grave, E., Dauphin, Y., Usunier, N.: Parseval networks: improving robustness to adversarial examples. In: ICML (2017)"},{"key":"37_CR8","unstructured":"Cohen, J., Rosenfeld, E., Kolter, Z.: Certified adversarial robustness via randomized smoothing. In: ICML (2019)"},{"key":"37_CR9","doi-asserted-by":"crossref","unstructured":"Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20, 237\u2013297 (1995)","DOI":"10.1007\/BF00994018"},{"key":"37_CR10","unstructured":"Delattre, B., Barth\u00e9lemy, Q., Araujo, A., Allauzen, A.: Efficient bound of Lipschitz constant for convolutional layers by gram iteration. In: ICML (2023)"},{"key":"37_CR11","unstructured":"Ding, G.W., Sharma, Y., Lui, K.Y.C., Huang, R.: MMA training: direct input space margin maximization through adversarial training. In: ICLR (2019)"},{"key":"37_CR12","unstructured":"Elsayed, G., Krishnan, D., Mobahi, H., Regan, K., Bengio, S.: Large margin deep networks for classification. In: NeurIPS (2018)"},{"key":"37_CR13","unstructured":"Fazlyab, M., Robey, A., Hassani, H., Morari, M., Pappas, G.: Efficient and accurate estimation of Lipschitz constants for deep neural networks. In: NeurIPS (2019)"},{"key":"37_CR14","doi-asserted-by":"crossref","unstructured":"Gowal, S., et al.: Scalable verified training for provably robust image classification. In: ICCV (2019)","DOI":"10.1109\/ICCV.2019.00494"},{"key":"37_CR15","unstructured":"Guo, Y., Zhang, C.: Recent advances in large margin learning. In: PAMI (2021)"},{"key":"37_CR16","unstructured":"Hein, M., Andriushchenko, M.: Formal guarantees on the robustness of a classifier against adversarial manipulation. In: NeurIPS (2017)"},{"key":"37_CR17","unstructured":"Hoffman, J., Roberts, D.A., Yaida, S.: Robust learning with Jacobian regularization. arXiv preprint (2019)"},{"key":"37_CR18","unstructured":"Huang, Y., Zhang, H., Shi, Y., Kolter, J.Z., Anandkumar, A.: Training certifiably robust neural networks with efficient local Lipschitz bounds. In: NeurIPS (2021)"},{"key":"37_CR19","doi-asserted-by":"publisher","unstructured":"Huster, T., Chiang, C.Y.J., Chadha, R.: Limitations of the Lipschitz constant as a defense against adversarial examples. In: Alzate, C., et al. ECML PKDD 2018 Workshops. ECML PKDD 2018. LNCS, vol. 11329, pp. 16\u201329. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-13453-2_2","DOI":"10.1007\/978-3-030-13453-2_2"},{"key":"37_CR20","doi-asserted-by":"crossref","unstructured":"Jakubovitz, D., Giryes, R.: Improving DNN robustness to adversarial attacks using Jacobian regularization. In: ECCV (2018)","DOI":"10.1007\/978-3-030-01258-8_32"},{"key":"37_CR21","unstructured":"Jordan, M., Dimakis, A.G.: Exactly computing the local Lipschitz constant of Relu networks. In: NeurIPS (2020)"},{"key":"37_CR22","unstructured":"Krizhevsky, A., Hinton, G.: Learning multiple layers of features from tiny images. Technical report (2009)"},{"key":"37_CR23","unstructured":"Le, Y., Yang, X.: Tiny ImageNet visual recognition challenge. Technical report (2014)"},{"key":"37_CR24","unstructured":"Lee, S., Lee, J., Park, S.: Lipschitz-certifiable training with a tight outer bound. In: NeurIPS (2020)"},{"key":"37_CR25","unstructured":"Leino, K., Wang, Z., Fredrikson, M.: Globally-robust neural networks. In: ICML (2021)"},{"key":"37_CR26","doi-asserted-by":"crossref","unstructured":"Li, L., Xie, T., Li, B.: SoK: certified robustness for deep neural networks. In: SP (2023)","DOI":"10.1109\/SP46215.2023.10179303"},{"key":"37_CR27","unstructured":"Li, Q., Haque, S., Anil, C., Lucas, J., Grosse, R.B., Jacobsen, J.H.: Preventing gradient attenuation in Lipschitz constrained convolutional networks. In: NeurIPS (2019)"},{"key":"37_CR28","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. In: ICLR (2018)"},{"key":"37_CR29","unstructured":"Meunier, L., Delattre, B.J., Araujo, A., Allauzen, A.: A dynamical system perspective for Lipschitz neural networks. In: ICML (2022)"},{"key":"37_CR30","doi-asserted-by":"publisher","unstructured":"Prach, B., Lampert, C.H.: Almost-orthogonal layers for efficient general-purpose Lipschitz networks. In: Avidan, S., Brostow, G., Ciss\u00e9, M., Farinella, G.M., Hassner, T. (eds.) Computer Vision \u2013 ECCV 2022. ECCV 2022. LNCS, vol. 13681, pp. 350\u2013365. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-19803-8_21","DOI":"10.1007\/978-3-031-19803-8_21"},{"key":"37_CR31","unstructured":"Rosca, M., Weber, T., Gretton, A., Mohamed, S.: A case for new neural networks smoothness constraints. \u201cI Can\u2019t Believe It\u2019s Not Better!\u201d. In: NeurIPS workshop (2020)"},{"key":"37_CR32","unstructured":"Singla, S., Singla, S., Feizi, S.: Improved deterministic l2 robustness on CIFAR-10 and CIFAR-100. In: ICLR (2021)"},{"key":"37_CR33","doi-asserted-by":"crossref","unstructured":"Sokoli\u0107, J., Giryes, R., Sapiro, G., Rodrigues, M.R.: Robust large margin deep neural networks. IEEE Trans. Sig. Proces. 65, 4265\u20134280 (2017)","DOI":"10.1109\/TSP.2017.2708039"},{"key":"37_CR34","unstructured":"Sun, S., Chen, W., Wang, L., Liu, T.Y.: Large margin deep neural networks: theory and algorithms. arXiv preprint (2015)"},{"key":"37_CR35","unstructured":"Sun, Y., Chen, Y., Wang, X., Tang, X.: Deep learning face representation by joint identification-verification. In: NeurIPS (2014)"},{"key":"37_CR36","unstructured":"Szegedy, C., et al.: Intriguing properties of neural networks. In: ICLR (2014)"},{"key":"37_CR37","unstructured":"Trockman, A., Kolter, J.Z.: Orthogonalizing convolutional layers with the Cayley transform. In: ICLR (2020)"},{"key":"37_CR38","unstructured":"Tsuzuku, Y., Sato, I., Sugiyama, M.: Lipschitz-margin training: scalable certification of perturbation invariance for deep neural networks. In: NeurIPS (2018)"},{"key":"37_CR39","doi-asserted-by":"publisher","unstructured":"Vapnik, V.: Estimation of Dependences Based on Empirical Data. Springer, New York (1982). https:\/\/doi.org\/10.1007\/0-387-34239-7","DOI":"10.1007\/0-387-34239-7"},{"key":"37_CR40","doi-asserted-by":"crossref","unstructured":"Vapnik, V.N.: An overview of statistical learning theory. IEEE Trans. Neural Netw. 10, 988\u2013999 (1999)","DOI":"10.1109\/72.788640"},{"key":"37_CR41","unstructured":"Virmaux, A., Scaman, K.: Lipschitz regularity of deep neural networks: analysis and efficient estimation. In: NeurIPS (2018)"},{"key":"37_CR42","unstructured":"Wang, R., Manchester, I.: Direct parameterization of Lipschitz-bounded deep networks. In: ICML (2023)"},{"key":"37_CR43","unstructured":"Wei, C., Ma, T.: Improved sample complexities for deep neural networks and robust classification via an all-layer margin. In: ICLR (2019)"},{"key":"37_CR44","unstructured":"Wong, E., Schmidt, F., Metzen, J.H., Kolter, J.Z.: Scaling provable adversarial defenses. In: NeurIPS (2018)"},{"key":"37_CR45","unstructured":"Wu, D., Xia, S.T., Wang, Y.: Adversarial weight perturbation helps robust generalization. In: NeurIPS (2020)"},{"key":"37_CR46","unstructured":"Xu, X., Li, L., Li, B.: Lot: Layer-wise orthogonal training on improving l2 certified robustness. In: NeurIPS (2022)"},{"key":"37_CR47","unstructured":"Zhang, B., Cai, T., Lu, Z., He, D., Wang, L.: Towards certifying L-infinity robustness using neural networks with L-inf-dist neurons. In: ICML (2021)"},{"key":"37_CR48","unstructured":"Zhang, B., Jiang, D., He, D., Wang, L.: Boosting the certified robustness of L-infinity distance nets. In: ICLR (2022)"},{"key":"37_CR49","unstructured":"Zhang, H., Yu, Y., Jiao, J., Xing, E., El Ghaoui, L., Jordan, M.: Theoretically principled trade-off between robustness and accuracy. In: ICML (2019)"},{"key":"37_CR50","unstructured":"Zhang, H., et al.: Towards stable and efficient training of verifiably robust neural networks. In: ICLR (2020)"}],"container-title":["Lecture Notes in Computer Science","Pattern Recognition"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-54605-1_37","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,7]],"date-time":"2024-03-07T12:13:34Z","timestamp":1709813614000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-54605-1_37"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031546044","9783031546051"],"references-count":50,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-54605-1_37","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"8 March 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DAGM GCPR","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"DAGM German Conference on Pattern Recognition","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Heidelberg","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 September 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"45","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dagm2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.dagm-gcpr.de\/year\/2023","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"CMT","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"76","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"40","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"53% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}