{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T11:17:40Z","timestamp":1768994260167,"version":"3.49.0"},"reference-count":36,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National Key R&#x0026;D Program of China","award":["2021ZD0112801"],"award-info":[{"award-number":["2021ZD0112801"]}]},{"name":"NSF China","award":["62272306"],"award-info":[{"award-number":["62272306"]}]},{"name":"NSF China","award":["62032020"],"award-info":[{"award-number":["62032020"]}]},{"name":"NSF China","award":["62136006"],"award-info":[{"award-number":["62136006"]}]},{"name":"NSF China","award":["42050105"],"award-info":[{"award-number":["42050105"]}]},{"name":"NSF China","award":["62020106005"],"award-info":[{"award-number":["62020106005"]}]},{"name":"NSF China","award":["62061146002"],"award-info":[{"award-number":["62061146002"]}]},{"name":"NSF China","award":["61960206002"],"award-info":[{"award-number":["61960206002"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2024,3]]},"DOI":"10.1109\/tdsc.2023.3264850","type":"journal-article","created":{"date-parts":[[2023,4,5]],"date-time":"2023-04-05T18:01:20Z","timestamp":1680717680000},"page":"876-888","source":"Crossref","is-referenced-by-count":2,"title":["Certified Distributional Robustness on Smoothed Classifiers"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5416-9547","authenticated-orcid":false,"given":"Jungang","family":"Yang","sequence":"first","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0165-4930","authenticated-orcid":false,"given":"Liyao","family":"Xiang","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-7768-811X","authenticated-orcid":false,"given":"Pengzhi","family":"Chu","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0357-8356","authenticated-orcid":false,"given":"Xinbing","family":"Wang","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3331-2302","authenticated-orcid":false,"given":"Chenghu","family":"Zhou","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences, Beijing, China"}]}],"member":"263","reference":[{"key":"ref1","first-page":"1310","article-title":"Certified adversarial robustness via randomized smoothing","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Cohen"},{"key":"ref2","first-page":"11838","article-title":"Theoretical evidence for adversarial robustness through randomization","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Pinot"},{"key":"ref3","first-page":"9464","article-title":"Certified adversarial robustness with additive noise","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Li"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00044"},{"key":"ref5","article-title":"Towards deep learning models resistant to adversarial attacks","author":"Madry","year":"2018","journal-title":"Proc. Int. Conf. Learn. Representations"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2019\/660"},{"key":"ref7","first-page":"8270","article-title":"Adversarial distributional training for robust deep learning","volume":"33","author":"Deng","year":"2020","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref8","first-page":"4910","article-title":"Tight certificates of adversarial robustness for randomly smoothed classifiers","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Lee"},{"key":"ref9","first-page":"11292","article-title":"Provably robust deep learning via adversarially trained smoothed classifiers","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Salman"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.485"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140449"},{"key":"ref12","article-title":"Adversarial machine learning at scale","author":"Kurakin","year":"2017","journal-title":"Proc. Int. Conf. Learn. Representations"},{"key":"ref13","first-page":"7472","article-title":"Theoretically principled trade-off between robustness and accuracy","volume":"97","author":"Zhang","year":"2019","journal-title":"Proc. 36th Int. Conf. Mach. Learn."},{"key":"ref14","article-title":"Improving adversarial robustness requires revisiting misclassified examples","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Wang"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63387-9_1"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63387-9_5"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-68167-2_19"},{"key":"ref18","article-title":"Ground-truth adversarial examples","author":"Carlini","year":"2017"},{"key":"ref19","first-page":"5286","article-title":"Provable defenses against adversarial examples via the convex outer adversarial polytope","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Wong"},{"key":"ref20","article-title":"Evaluating robustness of neural networks with mixed integer programming","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Tjeng"},{"key":"ref21","first-page":"10877","article-title":"Semidefinite relaxations for certifying robustness to adversarial examples","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Raghunathan"},{"key":"ref22","first-page":"2971","article-title":"Variance-based regularization with convex objectives","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Namkoong"},{"key":"ref23","first-page":"8400","article-title":"Scaling provable adversarial defenses","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Wong"},{"key":"ref24","first-page":"9835","article-title":"A convex relaxation barrier to tight robustness verification of neural networks","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Salman"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00058"},{"key":"ref26","first-page":"10825","article-title":"Fast and effective robustness certification","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"31","author":"Singh"},{"key":"ref27","first-page":"4072","article-title":"On certifying non-uniform bounds against adversarial attacks","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Liu"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3116105"},{"key":"ref29","article-title":"Certifying some distributional robustness with principled adversarial training","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Sinha"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1287\/educ.2019.0198"},{"key":"ref31","first-page":"7683","article-title":"Scalable differential privacy with certified robustness in adversarial learning","volume":"119","author":"Phan","year":"2019","journal-title":"Proc. Int. Conf. Mach. Learn."},{"key":"ref32","article-title":"Improved, deterministic smoothing for L1 certified robustness","author":"Levine","year":"2021"},{"key":"ref33","first-page":"4033","article-title":"Hidden cost of randomized smoothing","volume-title":"Proc. Int. Conf. Artif. Intell. Statist.","author":"Mohapatra"},{"key":"ref34","article-title":"Certified robustness for top-K predictions against adversarial perturbations via randomized smoothing","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Jia"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1287\/10-SSY011"},{"key":"ref36","article-title":"On evaluating adversarial robustness","author":"Carlini","year":"2019"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10472294\/10093123.pdf?arnumber=10093123","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,24]],"date-time":"2024-05-24T05:29:35Z","timestamp":1716528575000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10093123\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3]]},"references-count":36,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2023.3264850","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3]]}}}