{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,19]],"date-time":"2025-08-19T10:56:16Z","timestamp":1755600976402,"version":"3.40.3"},"publisher-location":"Cham","reference-count":66,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031726453"},{"type":"electronic","value":"9783031726460"}],"license":[{"start":{"date-parts":[[2024,10,28]],"date-time":"2024-10-28T00:00:00Z","timestamp":1730073600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,10,28]],"date-time":"2024-10-28T00:00:00Z","timestamp":1730073600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-72646-0_26","type":"book-chapter","created":{"date-parts":[[2024,10,28]],"date-time":"2024-10-28T08:45:29Z","timestamp":1730105129000},"page":"451-468","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Shedding More Light on\u00a0Robust Classifiers Under the\u00a0Lens of\u00a0Energy-Based Models"],"prefix":"10.1007","author":[{"given":"Mujtaba Hussain","family":"Mirza","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maria Rosaria","family":"Briglia","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Senad","family":"Beadini","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0444-7646","authenticated-orcid":false,"given":"Iacopo","family":"Masi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,10,28]]},"reference":[{"key":"26_CR1","doi-asserted-by":"publisher","first-page":"484","DOI":"10.1007\/978-3-030-58592-1_29","volume-title":"Computer Vision \u2013 ECCV 2020: 16th European Conference, Glasgow, UK, August 23\u201328, 2020, Proceedings, Part XXIII","author":"M Andriushchenko","year":"2020","unstructured":"Andriushchenko, M., Croce, F., Flammarion, N., Hein, M.: Square attack: a query-efficient black-box adversarial attack via random search. In: Vedaldi, A., Bischof, H., Brox, T., Frahm, J.-M. (eds.) Computer Vision \u2013 ECCV 2020: 16th European Conference, Glasgow, UK, August 23\u201328, 2020, Proceedings, Part XXIII, pp. 484\u2013501. Springer International Publishing, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-58592-1_29"},{"key":"26_CR2","unstructured":"Beadini, S., Masi, I.: Exploring the connection between robust and generative models. In: Italian Conference on AI - Ital-IA - Workshop on AI for Cybersecurity (2023)"},{"key":"26_CR3","unstructured":"Binkowski, M., Sutherland, D.J., Arbel, M., Gretton, A.: Demystifying MMD GANs. In: ICLR (2018)"},{"key":"26_CR4","doi-asserted-by":"crossref","unstructured":"Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: IEEE Symposium on Security and Privacy (SP) (2017)","DOI":"10.1109\/SP.2017.49"},{"key":"26_CR5","unstructured":"Carmon, Y., Raghunathan, A., Schmidt, L., Liang, P., Duchi, J.: Unlabeled data improves adversarial robustness. In: NeurIPS (2019)"},{"key":"26_CR6","unstructured":"Chen, T., Zhang, Z., Liu, S., Chang, S., Wang, Z.: Robust overfitting may be mitigated by properly learned smoothening. In: ICLR (2020)"},{"key":"26_CR7","unstructured":"Chen, T., et al.: Sparsity Winning Twice: better robust generaliztion from more efficient training. arXiv preprint arXiv:2202.09844 (2022)"},{"key":"26_CR8","unstructured":"Cohen, J., Rosenfeld, E., Kolter, Z.: Certified adversarial robustness via randomized smoothing. In: ICML, pp. 1310\u20131320. PMLR (2019)"},{"key":"26_CR9","unstructured":"Croce, F., et al.: RobustBench: a standardized adversarial robustness benchmark. In: ICLR Workshops 2021 - Workshop on Security and Safety in Machine Learning Systems (2021)"},{"key":"26_CR10","unstructured":"Croce, F., Hein, M.: Minimally distorted adversarial examples with a fast adaptive boundary attack. In: ICML (2020)"},{"key":"26_CR11","unstructured":"Croce, F., Hein, M.: Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In: ICML (2020)"},{"key":"26_CR12","unstructured":"Cui, J., Tian, Z., Zhong, Z., Qi, X., Yu, B., Zhang, H.: Decoupled kullback-leibler divergence loss. arXiv preprint arXiv:2305.13948 (2023)"},{"key":"26_CR13","doi-asserted-by":"crossref","unstructured":"Deng, J., Dong, W., Socher, R., Li, L.J., Li, K., Fei-Fei, L.: ImageNet: a large-scale hierarchical image database. In: CVPR (2009)","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"26_CR14","unstructured":"Dhariwal, P., Nichol, A.: Diffusion models beat GANs on image synthesis. In: NeurIPS (2021)"},{"key":"26_CR15","unstructured":"Ding, G.W., Sharma, Y., Lui, K.Y.C., Huang, R.: MMA training: direct input space margin maximization through adversarial training. In: ICLR (2020)"},{"key":"26_CR16","unstructured":"Dong, Y., et al.: Exploring memorization in adversarial training. In: ICLR (2021)"},{"key":"26_CR17","unstructured":"Foret, P., Kleiner, A., Mobahi, H., Neyshabur, B.: Sharpness-aware minimization for efficiently improving generalization. In: ICLR (2021)"},{"key":"26_CR18","unstructured":"Ganz, R., Kawar, B., Elad, M.: Do perceptually aligned gradients imply robustness? In: ICML (2023)"},{"key":"26_CR19","unstructured":"Gao, R., Song, Y., Poole, B., Wu, Y.N., Kingma, D.P.: Learning energy-based models by diffusion recovery likelihood. In: ICLR (2021)"},{"key":"26_CR20","unstructured":"Goodfellow, I., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: ICLR (2015)"},{"key":"26_CR21","unstructured":"Gowal, S., Qin, C., Uesato, J., Mann, T., Kohli, P.: Uncovering the limits of adversarial training against norm-bounded adversarial examples. arXiv preprint arXiv:2010.03593 (2020)"},{"key":"26_CR22","unstructured":"Gowal, S., Rebuffi, S.A., Wiles, O., Stimberg, F., Calian, D.A., Mann, T.A.: Improving robustness using generated data. In: NeurIPS (2021)"},{"key":"26_CR23","unstructured":"Grathwohl, W., Wang, K.C., Jacobsen, J.H., Duvenaud, D., Norouzi, M., Swersky, K.: Your classifier is secretly an energy based model and you should treat it like one. In: ICLR (2020)"},{"key":"26_CR24","unstructured":"Heusel, M., Ramsauer, H., Unterthiner, T., Nessler, B., Hochreiter, S.: GANs trained by a two time-scale update rule converge to a local nash equilibrium. In: NeurIPS. vol.\u00a030 (2017)"},{"key":"26_CR25","unstructured":"Hitaj, D., Pagnotta, G., Masi, I., Mancini, L.V.: Evaluating the robustness of geometry-aware instance-reweighted adversarial training. arXiv preprint arXiv:2103.01914 (2021)"},{"key":"26_CR26","unstructured":"Ho, J., Jain, A., Abbeel, P.: Denoising diffusion probabilistic models. In: NeurIPS. vol.\u00a033 (2020)"},{"key":"26_CR27","doi-asserted-by":"crossref","unstructured":"Huang, T., et al.: Enhancing adversarial training via reweighting optimization trajectory. In: Joint European Conference on Machine Learning and Knowledge Discovery in Databases (2023)","DOI":"10.1007\/978-3-031-43412-9_7"},{"key":"26_CR28","unstructured":"Kim, M., Tack, J., Shin, J., Hwang, S.J.: Entropy weighted adversarial training. In: ICML Workshop on Adversarial Machine Learning (2021)"},{"key":"26_CR29","unstructured":"Kollovieh, M., Gosch, L., Scholten, Y., Lienen, M., G\u00fcnnemann, S.: Assessing robustness via score-based adversarial image generation. In: ICLR (2024)"},{"key":"26_CR30","volume-title":"Learning multiple layers of features from tiny images","author":"A Krizhevsky","year":"2009","unstructured":"Krizhevsky, A., Hinton, G., et al.: Learning multiple layers of features from tiny images. Tech. rep, Citeseer (2009)"},{"key":"26_CR31","doi-asserted-by":"crossref","unstructured":"LeCun, Y., Chopra, S., Hadsell, R., Ranzato, M., Huang, F.: A tutorial on energy-based learning. Predicting structured data 1(0) (2006)","DOI":"10.7551\/mitpress\/7443.003.0014"},{"key":"26_CR32","doi-asserted-by":"crossref","unstructured":"Lecuyer, M., Atlidakis, V., Geambasu, R., Hsu, D., Jana, S.: Certified robustness to adversarial examples with differential privacy. In: IEEE Symposium on Security and Privacy (SP) (2019)","DOI":"10.1109\/SP.2019.00044"},{"key":"26_CR33","unstructured":"Li, B., Chen, C., Wang, W., Carin, L.: Second-order adversarial attack and certifiable robustness. arXiv preprint arXiv:1809.03113 (2018)"},{"key":"26_CR34","unstructured":"Liu, F., et\u00a0al.: Probabilistic margins for instance reweighting in adversarial training. In: NeurIPS (2021)"},{"key":"26_CR35","unstructured":"Losch, M., Omran, M., Stutz, D., Fritz, M., Schiele, B.: On adversarial training without perturbing all examples. In: ICLR (2024)"},{"key":"26_CR36","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. In: ICLR (2018)"},{"key":"26_CR37","unstructured":"Pang, T., Lin, M., Yang, X., Zhu, J., Yan, S.: Robustness and accuracy could be reconcilable by (proper) definition. In: ICML, pp. 17258\u201317277. PMLR (2022)"},{"key":"26_CR38","unstructured":"Peng, S., et al.: Robust principles: architectural design principles for adversarially robust CNNs. In: BMVC (2023)"},{"key":"26_CR39","unstructured":"Rice, L., Wong, E., Kolter, Z.: Overfitting in adversarially robust deep learning. In: ICML (2020)"},{"key":"26_CR40","unstructured":"Rojas-Gomez, R.A., Yeh, R.A., Do, M.N., Nguyen, A.: Inverting adversarially robust networks for image synthesis. arXiv preprint arXiv:2106.06927 (2021)"},{"key":"26_CR41","doi-asserted-by":"crossref","unstructured":"Rouhsedaghat, M., Monajatipoor, M., Kuo, C.C.J., Masi, I.: MAGIC: mask-guided image synthesis by inverting a quasi-robust classifier. In: AAAI Conference on Artificial Intelligence (2023)","DOI":"10.1609\/aaai.v37i2.25311"},{"key":"26_CR42","unstructured":"Salimans, T., et al.: Improved techniques for training GANs. In: NeurIPS (2016)"},{"key":"26_CR43","unstructured":"Santurkar, S., Tsipras, D., Tran, B., Ilyas, A., Engstrom, L., Madry, A.: Image synthesis with a single (robust) classifier. In: NeurIPS (2019)"},{"key":"26_CR44","unstructured":"Schmidt, L., Santurkar, S., Tsipras, D., Talwar, K., Madry, A.: Adversarially robust generalization requires more data. In: NeurIPS (2018)"},{"key":"26_CR45","unstructured":"Shafahi, A., et al.: Adversarial training for free! In: NeurIPS (2019)"},{"key":"26_CR46","doi-asserted-by":"crossref","unstructured":"Singla, V., Singla, S., Feizi, S., Jacobs, D.: Low curvature activations reduce overfitting in adversarial training. In: ICCV (2021)","DOI":"10.1109\/ICCV48922.2021.01611"},{"key":"26_CR47","unstructured":"Song, Y., Ermon, S.: Generative modeling by estimating gradients of the data distribution. In: NeurIPS (2019)"},{"key":"26_CR48","doi-asserted-by":"crossref","unstructured":"Stutz, D., Hein, M., Schiele, B.: Disentangling adversarial robustness and generalization. In: CVPR. IEEE Computer Society (2019)","DOI":"10.1109\/CVPR.2019.00714"},{"key":"26_CR49","doi-asserted-by":"crossref","unstructured":"Stutz, D., Hein, M., Schiele, B.: Relating adversarially robust generalization to flat minima. In: ICCV (2021)","DOI":"10.1109\/ICCV48922.2021.00771"},{"key":"26_CR50","unstructured":"Szegedy, C., et al.: Intriguing properties of neural networks. In: ICLR (2014)"},{"key":"26_CR51","unstructured":"Wang, Y., Wang, Y., Yang, J., Lin, Z.: A unified contrastive energy-based model for understanding the generative ability of adversarial training. In: ICLR (2022)"},{"key":"26_CR52","unstructured":"Wang, Y., Zou, D., Yi, J., Bailey, J., Ma, X., Gu, Q.: Improving adversarial robustness requires revisiting misclassified examples. In: ICLR (2020)"},{"key":"26_CR53","unstructured":"Wang, Z., Pang, T., Du, C., Lin, M., Liu, W., Yan, S.: Better diffusion models further improve adversarial training. In: ICML (2023)"},{"key":"26_CR54","unstructured":"Wu, D., Xia, S.T., Wang, Y.: Adversarial weight perturbation helps robust generalization. In: NeurIPS (2020)"},{"key":"26_CR55","unstructured":"Xu, Y., Sun, Y., Goldblum, M., Goldstein, T., Huang, F.: Exploring and exploiting decision boundary dynamics for adversarial robustness. In: ICLR (2022)"},{"key":"26_CR56","unstructured":"Xue, H., Araujo, A., Hu, B., Chen, Y.: Diffusion-based adversarial sample generation for improved stealthiness and controllability. In: NeurIPS (2023)"},{"key":"26_CR57","doi-asserted-by":"crossref","unstructured":"Yang, X., Ji, S.: JEM++: improved techniques for training JEM. In: ICCV, pp. 6494\u20136503 (2021)","DOI":"10.1109\/ICCV48922.2021.00643"},{"key":"26_CR58","doi-asserted-by":"publisher","unstructured":"Yang, X., Ji, S.: M-EBM: towards understanding the manifolds of energy-based models. In: Kashima, H., Ide, T., Peng, W.C. (eds.) Advances in Knowledge Discovery and Data Mining. PAKDD 2023. LNCS(), vol. 13935, pp. 291\u2013302. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-33374-3_23","DOI":"10.1007\/978-3-031-33374-3_23"},{"key":"26_CR59","doi-asserted-by":"crossref","unstructured":"Yang, X., Su, Q., Ji, S.: Towards bridging the performance gaps of joint energy-based models. In: CVPR, pp. 15732\u201315741 (2023)","DOI":"10.1109\/CVPR52729.2023.01510"},{"key":"26_CR60","unstructured":"Yu, C., et al.: Understanding robust overfitting of adversarial training and beyond. In: ICML (2022)"},{"key":"26_CR61","unstructured":"Yuval, N.: Reading digits in natural images with unsupervised feature learning. In: NIPS Workshop on Deep Learning and Unsupervised Feature Learning (2011)"},{"key":"26_CR62","unstructured":"Zhang, H., Yu, Y., Jiao, J., Xing, E.P., Ghaoui, L.E., Jordan, M.I.: Theoretically principled trade-off between robustness and accuracy. In: ICML (2019)"},{"key":"26_CR63","unstructured":"Zhang, J., et al.: Attacks which do not kill training make adversarial learning stronger. In: ICML, pp. 11278\u201311287. PMLR (2020)"},{"key":"26_CR64","unstructured":"Zhang, J., Zhu, J., Niu, G., Han, B., Sugiyama, M., Kankanhalli, M.: Geometry-aware instance-reweighted adversarial training. In: ICLR (2020)"},{"key":"26_CR65","doi-asserted-by":"crossref","unstructured":"Zhang, R., Isola, P., Efros, A.A., Shechtman, E., Wang, O.: The unreasonable effectiveness of deep features as a perceptual metric. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 586\u2013595 (2018)","DOI":"10.1109\/CVPR.2018.00068"},{"key":"26_CR66","doi-asserted-by":"crossref","unstructured":"Zhu, Y., et al.: Towards understanding the generative capability of adversarially robust classifiers. In: ICCV (2021)","DOI":"10.1109\/ICCV48922.2021.00763"}],"container-title":["Lecture Notes in Computer Science","Computer Vision \u2013 ECCV 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-72646-0_26","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,28]],"date-time":"2024-10-28T08:56:31Z","timestamp":1730105791000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-72646-0_26"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,28]]},"ISBN":["9783031726453","9783031726460"],"references-count":66,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-72646-0_26","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,10,28]]},"assertion":[{"value":"28 October 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ECCV","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Conference on Computer Vision","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Milan","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 October 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eccv2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eccv2024.ecva.net\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}