{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T04:55:50Z","timestamp":1773377750352,"version":"3.50.1"},"reference-count":50,"publisher":"IEEE","license":[{"start":{"date-parts":[[2021,7,12]],"date-time":"2021-07-12T00:00:00Z","timestamp":1626048000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,7,12]],"date-time":"2021-07-12T00:00:00Z","timestamp":1626048000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,7,12]]},"DOI":"10.1109\/isit45174.2021.9517751","type":"proceedings-article","created":{"date-parts":[[2021,9,1]],"date-time":"2021-09-01T16:52:42Z","timestamp":1630515162000},"page":"1320-1325","source":"Crossref","is-referenced-by-count":2,"title":["Robust Machine Learning via Privacy\/ Rate-Distortion Theory"],"prefix":"10.1109","author":[{"given":"Ye","family":"Wang","sequence":"first","affiliation":[{"name":"Mitsubishi Electric Research Laboratories"}]},{"given":"Shuchin","family":"Aeron","sequence":"additional","affiliation":[{"name":"Tufts University"}]},{"given":"Adnan Siraj","family":"Rakin","sequence":"additional","affiliation":[{"name":"Arizona State University"}]},{"given":"Toshiaki","family":"Koike-Akino","sequence":"additional","affiliation":[{"name":"Mitsubishi Electric Research Laboratories"}]},{"given":"Pierre","family":"Moulin","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-71050-9"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20828-2"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/ITA.2016.7888175"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/JSTSP.2015.2442227"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/ITW.2014.6970882"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2013.2253320"},{"key":"ref37","first-page":"7472","article-title":"Theoretically principled trade-off between robustness and accuracy","author":"zhang","year":"0","journal-title":"International Conference on Machine Learning"},{"key":"ref36","article-title":"Robustness may be at odds with accuracy","author":"tsipras","year":"0","journal-title":"International Conference on Learning Representations"},{"key":"ref35","article-title":"Machine vs machine: Minimax-optimal defense against adversarial examples","author":"hamm","year":"2017","journal-title":"ArXiv Preprint"},{"key":"ref34","first-page":"4240","article-title":"A minimax approach to supervised learning","author":"farnia","year":"2016","journal-title":"Advances in neural information processing systems"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2009.190"},{"key":"ref27","article-title":"Ro-bust machine learning via privacy\/rate-distortion theory","author":"wang","year":"2020","journal-title":"ArXiv Preprint"},{"key":"ref29","first-page":"1401","article-title":"Privacy against statistical inference","author":"calmon","year":"0","journal-title":"2012 50th Annual Allerton Conference on Communication Control and Computing (Allerton)"},{"key":"ref2","article-title":"Explaining and harnessing adversarial examples","author":"goodfellow","year":"0","journal-title":"International Conference on Learning Representations"},{"key":"ref1","article-title":"Intriguing properties of neural networks","author":"szegedy","year":"0","journal-title":"International Conference on Learning Representations"},{"key":"ref20","first-page":"8400","article-title":"Scaling provable adversarial defenses","author":"wong","year":"2018","journal-title":"Advances in neural information processing systems"},{"key":"ref22","first-page":"10 877","article-title":"Semidefinite relaxations for certifying robustness to adversarial examples","author":"raghunathan","year":"2018","journal-title":"Advances in neural information processing systems"},{"key":"ref21","article-title":"Certified defenses against adversarial examples","author":"raghunathan","year":"0","journal-title":"International Conference on Machine Learning"},{"key":"ref24","article-title":"Certified robustness to adversarial examples with differential privacy","author":"lecuyer","year":"2018","journal-title":"ArXiv Preprint"},{"key":"ref23","article-title":"Wasserstein adversarial examples via projected sinkhorn iterations","author":"wong","year":"2019","journal-title":"ArXiv Preprint"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.29007\/3b2l"},{"key":"ref25","article-title":"Second-order adversarial attack and certifiable robustness","author":"li","year":"2018","journal-title":"ArXiv Preprint"},{"key":"ref50","author":"rudin","year":"1964","journal-title":"Principles of Mathematical Analysis"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140444"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1561\/2200000073"},{"key":"ref12","first-page":"274","article-title":"Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples","author":"athalye","year":"0","journal-title":"International Conference on Machine Learning"},{"key":"ref13","article-title":"Towards deep learning models resistant to adversarial attacks","author":"madry","year":"0","journal-title":"International Conference on Learning Representations (ICLR)"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63387-9_1"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63387-9_5"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-68167-2_19"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-68167-2_18"},{"key":"ref18","article-title":"Evaluating robustness of neural networks with mixed integer programming","author":"tjeng","year":"0","journal-title":"International Conference on Learning Representations"},{"key":"ref19","first-page":"5283","article-title":"Provable defenses against adversarial examples via the convex outer adversarial polytope","author":"wong","year":"0","journal-title":"International Conference on Machine Learning"},{"key":"ref4","article-title":"Adversarial examples in the physical world","author":"kurakin","year":"0","journal-title":"ICLR Workshop"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978392"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00175"},{"key":"ref5","first-page":"1765","article-title":"Univer-sal adversarial perturbations","author":"moosavi-dezfooli","year":"0","journal-title":"Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition"},{"key":"ref8","article-title":"Fooling automated surveillance cameras: adversarial patches to attack person detection","author":"van ranst","year":"0","journal-title":"CVPR Workshop on the Bright and Dark Sides of Computer Vision Challenges and Opportunities for Privacy and Security"},{"key":"ref7","first-page":"284","article-title":"Synthesizing robust adversarial examples","author":"athalye","year":"0","journal-title":"International Conference on Machine Learning"},{"key":"ref49","author":"pollard","year":"0","journal-title":"Unpublished manuscript"},{"key":"ref9","article-title":"Adversarial camera stickers: A physical camera attack on deep learning classifier","author":"li","year":"2019","journal-title":"ArXiv Preprint"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1214\/aoms\/1177728594"},{"key":"ref45","volume":"7","author":"strasser","year":"2011","journal-title":"Mathematical Theory of Statistics Statistical Experiments and Asymptotic Decision Theory"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1214\/aos\/1028674836"},{"key":"ref47","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4612-4946-7","author":"cam","year":"1986","journal-title":"asymptotic methods in statistical decision theory ser springer series in statistics"},{"key":"ref42","article-title":"Distributionally Robust Stochastic Optimization with Wasserstein Distance","author":"gao","year":"2016","journal-title":"ArXiv Preprint"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.2759640"},{"key":"ref44","article-title":"Gener-alised Lipschitz Regularisation Equals Distributional Robustness","author":"cranko","year":"2020","journal-title":"ArXiv Preprint"},{"key":"ref43","article-title":"Wasserstein distributional robustness and regularization in statistical learning","volume":"abs 1712 6050","author":"gao","year":"2017","journal-title":"CoRR"}],"event":{"name":"2021 IEEE International Symposium on Information Theory (ISIT)","location":"Melbourne, Australia","start":{"date-parts":[[2021,7,12]]},"end":{"date-parts":[[2021,7,20]]}},"container-title":["2021 IEEE International Symposium on Information Theory (ISIT)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9517708\/9517709\/09517751.pdf?arnumber=9517751","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T20:35:03Z","timestamp":1773347703000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9517751\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,12]]},"references-count":50,"URL":"https:\/\/doi.org\/10.1109\/isit45174.2021.9517751","relation":{},"subject":[],"published":{"date-parts":[[2021,7,12]]}}}