{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:37:27Z","timestamp":1773513447777,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,11,11]],"date-time":"2019-11-11T00:00:00Z","timestamp":1573430400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,11,11]]},"DOI":"10.1145\/3338501.3357369","type":"proceedings-article","created":{"date-parts":[[2019,11,8]],"date-time":"2019-11-08T13:40:33Z","timestamp":1573220433000},"page":"95-103","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":39,"title":["Interpolated Adversarial Training"],"prefix":"10.1145","author":[{"given":"Alex","family":"Lamb","sequence":"first","affiliation":[{"name":"Montr\u00e9al Institute for Learning Algorithmss, Montr\u00e9al, PQ, Canada"}]},{"given":"Vikas","family":"Verma","sequence":"additional","affiliation":[{"name":"Aalto University &amp; Montr\u00e9al Institute for Learning Algorithms, Espoo, Finland"}]},{"given":"Juho","family":"Kannala","sequence":"additional","affiliation":[{"name":"Aalto University, Espoo, Finland"}]},{"given":"Yoshua","family":"Bengio","sequence":"additional","affiliation":[{"name":"Montr\u00e9al Institute for Learning Algorithms, Montr\u00e9al, PQ, Canada"}]}],"member":"320","published-online":{"date-parts":[[2019,11,11]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"A. Athalye N. Carlini and D. Wagner. 2018. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. ArXiv e-prints (Feb. 2018). arxiv: cs.LG\/1802.00420  A. Athalye N. Carlini and D. Wagner. 2018. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. ArXiv e-prints (Feb. 2018). arxiv: cs.LG\/1802.00420"},{"key":"e_1_3_2_1_2_1","volume-title":"Synthesizing Robust Adversarial Examples. CoRR","author":"Athalye Anish","year":"2017","unstructured":"Anish Athalye , Logan Engstrom , Andrew Ilyas , and Kevin Kwok . 2017. Synthesizing Robust Adversarial Examples. CoRR , Vol. abs\/ 1707 .07397 ( 2017 ). arxiv: 1707.07397 http:\/\/arxiv.org\/abs\/1707.07397 Anish Athalye, Logan Engstrom, Andrew Ilyas, and Kevin Kwok. 2017. Synthesizing Robust Adversarial Examples. CoRR, Vol. abs\/1707.07397 (2017). arxiv: 1707.07397 http:\/\/arxiv.org\/abs\/1707.07397"},{"key":"e_1_3_2_1_3_1","volume-title":"Spectrally-normalized margin bounds for neural networks. CoRR","author":"Bartlett Peter L.","year":"2017","unstructured":"Peter L. Bartlett , Dylan J. Foster , and Matus Telgarsky . 2017. Spectrally-normalized margin bounds for neural networks. CoRR , Vol. abs\/ 1706 .08498 ( 2017 ). arxiv: 1706.08498 http:\/\/arxiv.org\/abs\/1706.08498 Peter L. Bartlett, Dylan J. Foster, and Matus Telgarsky. 2017. Spectrally-normalized margin bounds for neural networks. CoRR, Vol. abs\/1706.08498 (2017). arxiv: 1706.08498 http:\/\/arxiv.org\/abs\/1706.08498"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"crossref","unstructured":"A. Ben-Tal L. El Ghaoui and A.S. Nemirovski. 2009. Robust Optimization. Princeton University Press.  A. Ben-Tal L. El Ghaoui and A.S. Nemirovski. 2009. Robust Optimization. Princeton University Press.","DOI":"10.1515\/9781400831050"},{"key":"e_1_3_2_1_5_1","volume-title":"MixMatch: A Holistic Approach to Semi-Supervised Learning. CoRR","author":"Berthelot David","year":"2019","unstructured":"David Berthelot , Nicholas Carlini , Ian J. Goodfellow , Nicolas Papernot , Avital Oliver , and Colin Raffel . 2019. MixMatch: A Holistic Approach to Semi-Supervised Learning. CoRR , Vol. abs\/ 1905 .02249 ( 2019 ). arxiv: 1905.02249 http:\/\/arxiv.org\/abs\/1905.02249 David Berthelot, Nicholas Carlini, Ian J. Goodfellow, Nicolas Papernot, Avital Oliver, and Colin Raffel. 2019. MixMatch: A Holistic Approach to Semi-Supervised Learning. CoRR, Vol. abs\/1905.02249 (2019). arxiv: 1905.02249 http:\/\/arxiv.org\/abs\/1905.02249"},{"key":"e_1_3_2_1_6_1","volume-title":"Davide Del Testa","author":"Bojarski Mariusz","year":"2016","unstructured":"Mariusz Bojarski , Davide Del Testa , Daniel Dworakowski, Bernhard Firner , Beat Flepp, Prasoon Goyal, Lawrence D Jackel, Mathew Monfort, Urs Muller, Jiakai Zhang, et almbox. 2016 . End to end learning for self-driving cars. arXiv preprint arXiv:1604.07316 (2016). Mariusz Bojarski, Davide Del Testa, Daniel Dworakowski, Bernhard Firner, Beat Flepp, Prasoon Goyal, Lawrence D Jackel, Mathew Monfort, Urs Muller, Jiakai Zhang, et almbox. 2016. End to end learning for self-driving cars. arXiv preprint arXiv:1604.07316 (2016)."},{"key":"e_1_3_2_1_7_1","volume-title":"Duchi","author":"Carmon Yair","year":"2019","unstructured":"Yair Carmon , Aditi Raghunathan , Ludwig Schmidt , Percy Liang , and John C . Duchi . 2019 . Unlabeled Data Improves Adversarial Robustness. arXiv e-prints, Article arXiv:1905.13736 (May 2019), pages arXiv:1905.13736 pages.arxiv: stat.ML\/1905.13736 Yair Carmon, Aditi Raghunathan, Ludwig Schmidt, Percy Liang, and John C. Duchi. 2019. Unlabeled Data Improves Adversarial Robustness. arXiv e-prints, Article arXiv:1905.13736 (May 2019), pages arXiv:1905.13736 pages.arxiv: stat.ML\/1905.13736"},{"key":"e_1_3_2_1_8_1","volume-title":"Samuel Stern Schoenholz, and Quoc V. Le","author":"Cubuk Ekin Dogus","year":"2018","unstructured":"Ekin Dogus Cubuk , Barret Zoph , Samuel Stern Schoenholz, and Quoc V. Le . 2018 . Intriguing Properties of Adversarial Examples . https:\/\/openreview.net\/forum?id=rk6H0ZbRb Ekin Dogus Cubuk, Barret Zoph, Samuel Stern Schoenholz, and Quoc V. Le. 2018. Intriguing Properties of Adversarial Examples. https:\/\/openreview.net\/forum?id=rk6H0ZbRb"},{"key":"e_1_3_2_1_9_1","volume-title":"Evaluating and understanding the robustness of adversarial logit pairing. arXiv preprint arXiv:1807.10272","author":"Engstrom Logan","year":"2018","unstructured":"Logan Engstrom , Andrew Ilyas , and Anish Athalye . 2018. Evaluating and understanding the robustness of adversarial logit pairing. arXiv preprint arXiv:1807.10272 ( 2018 ). Logan Engstrom, Andrew Ilyas, and Anish Athalye. 2018. Evaluating and understanding the robustness of adversarial logit pairing. arXiv preprint arXiv:1807.10272 (2018)."},{"key":"e_1_3_2_1_10_1","unstructured":"I. J. Goodfellow J. Shlens and C. Szegedy. 2014. Explaining and Harnessing Adversarial Examples. ArXiv e-prints (Dec. 2014). arxiv: stat.ML\/1412.6572  I. J. Goodfellow J. Shlens and C. Szegedy. 2014. Explaining and Harnessing Adversarial Examples. ArXiv e-prints (Dec. 2014). arxiv: stat.ML\/1412.6572"},{"key":"e_1_3_2_1_11_1","volume-title":"Deep Residual Learning for Image Recognition. CoRR","author":"He Kaiming","year":"2015","unstructured":"Kaiming He , Xiangyu Zhang , Shaoqing Ren , and Jian Sun . 2015. Deep Residual Learning for Image Recognition. CoRR , Vol. abs\/ 1512 .03385 ( 2015 ). arxiv: 1512.03385 http:\/\/arxiv.org\/abs\/1512.03385 Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2015. Deep Residual Learning for Image Recognition. CoRR, Vol. abs\/1512.03385 (2015). arxiv: 1512.03385 http:\/\/arxiv.org\/abs\/1512.03385"},{"key":"e_1_3_2_1_12_1","volume-title":"Provable defenses against adversarial examples via the convex outer adversarial polytope. CoRR","author":"Zico Kolter J.","year":"2017","unstructured":"J. Zico Kolter and Eric Wong . 2017. Provable defenses against adversarial examples via the convex outer adversarial polytope. CoRR , Vol. abs\/ 1711 .00851 ( 2017 ). arxiv: 1711.00851 http:\/\/arxiv.org\/abs\/1711.00851 J. Zico Kolter and Eric Wong. 2017. Provable defenses against adversarial examples via the convex outer adversarial polytope. CoRR, Vol. abs\/1711.00851 (2017). arxiv: 1711.00851 http:\/\/arxiv.org\/abs\/1711.00851"},{"key":"e_1_3_2_1_13_1","volume-title":"Adversarial examples in the physical world. CoRR","author":"Kurakin Alexey","year":"2016","unstructured":"Alexey Kurakin , Ian J. Goodfellow , and Samy Bengio . 2016a. Adversarial examples in the physical world. CoRR , Vol. abs\/ 1607 .02533 ( 2016 ). arxiv: 1607.02533 http:\/\/arxiv.org\/abs\/1607.02533 Alexey Kurakin, Ian J. Goodfellow, and Samy Bengio. 2016a. Adversarial examples in the physical world. CoRR, Vol. abs\/1607.02533 (2016). arxiv: 1607.02533 http:\/\/arxiv.org\/abs\/1607.02533"},{"key":"e_1_3_2_1_14_1","volume-title":"Adversarial Machine Learning at Scale. CoRR","author":"Kurakin Alexey","year":"2016","unstructured":"Alexey Kurakin , Ian J. Goodfellow , and Samy Bengio . 2016b. Adversarial Machine Learning at Scale. CoRR , Vol. abs\/ 1611 .01236 ( 2016 ). arxiv: 1611.01236 http:\/\/arxiv.org\/abs\/1611.01236 Alexey Kurakin, Ian J. Goodfellow, and Samy Bengio. 2016b. Adversarial Machine Learning at Scale. CoRR, Vol. abs\/1611.01236 (2016). arxiv: 1611.01236 http:\/\/arxiv.org\/abs\/1611.01236"},{"key":"e_1_3_2_1_15_1","volume-title":"Deep learning. nature","author":"LeCun Yann","year":"2015","unstructured":"Yann LeCun , Yoshua Bengio , and Geoffrey Hinton . 2015. Deep learning. nature , Vol. 521 , 7553 ( 2015 ), 436. Yann LeCun, Yoshua Bengio, and Geoffrey Hinton. 2015. Deep learning. nature, Vol. 521, 7553 (2015), 436."},{"key":"e_1_3_2_1_16_1","unstructured":"A. Madry A. Makelov L. Schmidt D. Tsipras and A. Vladu. 2017. Towards Deep Learning Models Resistant to Adversarial Attacks. ArXiv e-prints (June 2017). arxiv: stat.ML\/1706.06083  A. Madry A. Makelov L. Schmidt D. Tsipras and A. Vladu. 2017. Towards Deep Learning Models Resistant to Adversarial Attacks. ArXiv e-prints (June 2017). arxiv: stat.ML\/1706.06083"},{"key":"e_1_3_2_1_17_1","volume-title":"Wellman","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot , Patrick D. McDaniel , Arunesh Sinha , and Michael P . Wellman . 2016 . Towards the Science of Security and Privacy in Machine Learning. CoRR , Vol. abs\/ 1611 .03814 (2016). arxiv: 1611.03814 http:\/\/arxiv.org\/abs\/1611.03814 Nicolas Papernot, Patrick D. McDaniel, Arunesh Sinha, and Michael P. Wellman. 2016. Towards the Science of Security and Privacy in Machine Learning. CoRR, Vol. abs\/1611.03814 (2016). arxiv: 1611.03814 http:\/\/arxiv.org\/abs\/1611.03814"},{"key":"e_1_3_2_1_18_1","volume-title":"Fanny Yang, John C. Duchi, and Percy Liang.","author":"Raghunathan Aditi","year":"2019","unstructured":"Aditi Raghunathan , Sang Michael Xie , Fanny Yang, John C. Duchi, and Percy Liang. 2019 . Adversarial Training Can Hurt Generalization. arXiv e-prints, Article arXiv:1906.06032 (Jun 2019), pages arXiv:1906.06032 pages.arxiv: cs.LG\/1906.06032 Aditi Raghunathan, Sang Michael Xie, Fanny Yang, John C. Duchi, and Percy Liang. 2019. Adversarial Training Can Hurt Generalization. arXiv e-prints, Article arXiv:1906.06032 (Jun 2019), pages arXiv:1906.06032 pages.arxiv: cs.LG\/1906.06032"},{"key":"e_1_3_2_1_19_1","volume-title":"Adversarially Robust Generalization Requires More Data. CoRR","author":"Schmidt Ludwig","year":"2018","unstructured":"Ludwig Schmidt , Shibani Santurkar , Dimitris Tsipras , Kunal Talwar , and Aleksander Madry . 2018. Adversarially Robust Generalization Requires More Data. CoRR , Vol. abs\/ 1804 .11285 ( 2018 ). arxiv: 1804.11285 http:\/\/arxiv.org\/abs\/1804.11285 Ludwig Schmidt, Shibani Santurkar, Dimitris Tsipras, Kunal Talwar, and Aleksander Madry. 2018. Adversarially Robust Generalization Requires More Data. CoRR, Vol. abs\/1804.11285 (2018). arxiv: 1804.11285 http:\/\/arxiv.org\/abs\/1804.11285"},{"key":"e_1_3_2_1_20_1","volume-title":"Adversarial Generative Nets: Neural Network Attacks on State-of-the-Art Face Recognition. arXiv preprint arXiv:1801.00349","author":"Sharif Mahmood","year":"2017","unstructured":"Mahmood Sharif , Sruti Bhagavatula , Lujo Bauer , and Michael K Reiter . 2017. Adversarial Generative Nets: Neural Network Attacks on State-of-the-Art Face Recognition. arXiv preprint arXiv:1801.00349 ( 2017 ). Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, and Michael K Reiter. 2017. Adversarial Generative Nets: Neural Network Attacks on State-of-the-Art Face Recognition. arXiv preprint arXiv:1801.00349 (2017)."},{"key":"e_1_3_2_1_21_1","volume-title":"Opening the Black Box of Deep Neural Networks via Information. CoRR","author":"Shwartz-Ziv Ravid","year":"2017","unstructured":"Ravid Shwartz-Ziv and Naftali Tishby . 2017. Opening the Black Box of Deep Neural Networks via Information. CoRR , Vol. abs\/ 1703 .00810 ( 2017 ). arxiv: 1703.00810 http:\/\/arxiv.org\/abs\/1703.00810 Ravid Shwartz-Ziv and Naftali Tishby. 2017. Opening the Black Box of Deep Neural Networks via Information. CoRR, Vol. abs\/1703.00810 (2017). arxiv: 1703.00810 http:\/\/arxiv.org\/abs\/1703.00810"},{"key":"e_1_3_2_1_22_1","unstructured":"C. Szegedy W. Zaremba I. Sutskever J. Bruna D. Erhan I. Goodfellow and R. Fergus. 2013. Intriguing properties of neural networks. ArXiv e-prints (Dec. 2013). arxiv: cs.CV\/1312.6199  C. Szegedy W. Zaremba I. Sutskever J. Bruna D. Erhan I. Goodfellow and R. Fergus. 2013. Intriguing properties of neural networks. ArXiv e-prints (Dec. 2013). arxiv: cs.CV\/1312.6199"},{"key":"e_1_3_2_1_23_1","volume-title":"Deep Learning and the Information Bottleneck Principle. CoRR","author":"Tishby Naftali","year":"2015","unstructured":"Naftali Tishby and Noga Zaslavsky . 2015. Deep Learning and the Information Bottleneck Principle. CoRR , Vol. abs\/ 1503 .02406 ( 2015 ). arxiv: 1503.02406 http:\/\/arxiv.org\/abs\/1503.02406 Naftali Tishby and Noga Zaslavsky. 2015. Deep Learning and the Information Bottleneck Principle. CoRR, Vol. abs\/1503.02406 (2015). arxiv: 1503.02406 http:\/\/arxiv.org\/abs\/1503.02406"},{"key":"e_1_3_2_1_24_1","volume-title":"Article arXiv:1805.12152 (May","author":"Tsipras Dimitris","year":"2018","unstructured":"Dimitris Tsipras , Shibani Santurkar , Logan Engstrom , Alexander Turner , and Aleksander Madry . 2018. Robustness May Be at Odds with Accuracy. arXiv e-prints , Article arXiv:1805.12152 (May 2018 ), pages arXiv:1805.12152 pages.arxiv: stat.ML\/1805.12152 Dimitris Tsipras, Shibani Santurkar, Logan Engstrom, Alexander Turner, and Aleksander Madry. 2018. Robustness May Be at Odds with Accuracy. arXiv e-prints, Article arXiv:1805.12152 (May 2018), pages arXiv:1805.12152 pages.arxiv: stat.ML\/1805.12152"},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the 36th International Conference on Machine Learning (Proceedings of Machine Learning Research),, Kamalika Chaudhuri and Ruslan Salakhutdinov (Eds.)","volume":"97","author":"Verma Vikas","year":"2019","unstructured":"Vikas Verma , Alex Lamb , Christopher Beckham , Amir Najafi , Ioannis Mitliagkas , David Lopez-Paz , and Yoshua Bengio . 2019 . Manifold Mixup: Better Representations by Interpolating Hidden States . In Proceedings of the 36th International Conference on Machine Learning (Proceedings of Machine Learning Research),, Kamalika Chaudhuri and Ruslan Salakhutdinov (Eds.) , Vol. 97 . PMLR, Long Beach, California, USA, 6438--6447. http:\/\/proceedings.mlr.press\/v97\/verma19a.html Vikas Verma, Alex Lamb, Christopher Beckham, Amir Najafi, Ioannis Mitliagkas, David Lopez-Paz, and Yoshua Bengio. 2019. Manifold Mixup: Better Representations by Interpolating Hidden States. In Proceedings of the 36th International Conference on Machine Learning (Proceedings of Machine Learning Research),, Kamalika Chaudhuri and Ruslan Salakhutdinov (Eds.), Vol. 97. PMLR, Long Beach, California, USA, 6438--6447. http:\/\/proceedings.mlr.press\/v97\/verma19a.html"},{"key":"e_1_3_2_1_26_1","volume-title":"Article arXiv:1903.03825 (Mar","author":"Verma Vikas","year":"2019","unstructured":"Vikas Verma , Alex Lamb , Juho Kannala , Yoshua Bengio , and David Lopez-Paz . 2019. Interpolation Consistency Training for Semi-Supervised Learning. arXiv e-prints , Article arXiv:1903.03825 (Mar 2019 ), pages arXiv:1903.03825 pages.arxiv: stat.ML\/1903.03825 Vikas Verma, Alex Lamb, Juho Kannala, Yoshua Bengio, and David Lopez-Paz. 2019. Interpolation Consistency Training for Semi-Supervised Learning. arXiv e-prints, Article arXiv:1903.03825 (Mar 2019), pages arXiv:1903.03825 pages.arxiv: stat.ML\/1903.03825"},{"key":"e_1_3_2_1_27_1","volume":"201","author":"Wong Eric","unstructured":"Eric Wong , Frank Schmidt , Jan Hendrik Metzen , and J. Zico Kolter. 201 8. Scaling provable adversarial defenses. CoRR, Vol. abs\/1805.12514 (2018). arxiv: 1805.12514 http:\/\/arxiv.org\/abs\/1805.12514 Eric Wong, Frank Schmidt, Jan Hendrik Metzen, and J. Zico Kolter. 2018. Scaling provable adversarial defenses. CoRR, Vol. abs\/1805.12514 (2018). arxiv: 1805.12514 http:\/\/arxiv.org\/abs\/1805.12514","journal-title":"J. Zico Kolter."},{"key":"e_1_3_2_1_28_1","volume-title":"Rademacher Complexity for Adversarially Robust Generalization. CoRR","author":"Yin Dong","year":"1914","unstructured":"Dong Yin , Kannan Ramchandran , and Peter Bartlett . 2018. Rademacher Complexity for Adversarially Robust Generalization. CoRR , Vol. abs\/ 1810 .1 1914 (2018). arxiv: 1810.11914 http:\/\/arxiv.org\/abs\/1810.11914 Dong Yin, Kannan Ramchandran, and Peter Bartlett. 2018. Rademacher Complexity for Adversarially Robust Generalization. CoRR, Vol. abs\/1810.11914 (2018). arxiv: 1810.11914 http:\/\/arxiv.org\/abs\/1810.11914"},{"key":"e_1_3_2_1_29_1","volume-title":"Wide Residual Networks. CoRR","author":"Zagoruyko Sergey","year":"2016","unstructured":"Sergey Zagoruyko and Nikos Komodakis . 2016. Wide Residual Networks. CoRR , Vol. abs\/ 1605 .07146 ( 2016 ). arxiv: 1605.07146 http:\/\/arxiv.org\/abs\/1605.07146 Sergey Zagoruyko and Nikos Komodakis. 2016. Wide Residual Networks. CoRR, Vol. abs\/1605.07146 (2016). arxiv: 1605.07146 http:\/\/arxiv.org\/abs\/1605.07146"},{"key":"e_1_3_2_1_30_1","volume-title":"Article arXiv:1906.00555 (Jun","author":"Zhai Runtian","year":"2019","unstructured":"Runtian Zhai , Tianle Cai , Di He , Chen Dan , Kun He , John Hopcroft , and Liwei Wang . 2019. Adversarially Robust Generalization Just Requires More Unlabeled Data. arXiv e-prints , Article arXiv:1906.00555 (Jun 2019 ), pages arXiv:1906.00555 pages.arxiv: cs.LG\/1906.00555 Runtian Zhai, Tianle Cai, Di He, Chen Dan, Kun He, John Hopcroft, and Liwei Wang. 2019. Adversarially Robust Generalization Just Requires More Unlabeled Data. arXiv e-prints, Article arXiv:1906.00555 (Jun 2019), pages arXiv:1906.00555 pages.arxiv: cs.LG\/1906.00555"},{"key":"e_1_3_2_1_31_1","volume-title":"Generalization Bounds for Vicinal Risk Minimization Principle. CoRR","author":"Zhang Chao","year":"2018","unstructured":"Chao Zhang , Min-Hsiu Hsieh , and Dacheng Tao . 2018. Generalization Bounds for Vicinal Risk Minimization Principle. CoRR , Vol. abs\/ 1811 .04351 ( 2018 ). arxiv: 1811.04351 http:\/\/arxiv.org\/abs\/1811.04351 Chao Zhang, Min-Hsiu Hsieh, and Dacheng Tao. 2018. Generalization Bounds for Vicinal Risk Minimization Principle. CoRR, Vol. abs\/1811.04351 (2018). arxiv: 1811.04351 http:\/\/arxiv.org\/abs\/1811.04351"},{"key":"e_1_3_2_1_32_1","volume-title":"mixup: Beyond Empirical Risk Minimization. CoRR","author":"Zhang Hongyi","year":"2017","unstructured":"Hongyi Zhang , Moustapha Ciss\u00e9 , Yann N. Dauphin , and David Lopez-Paz . 2017. mixup: Beyond Empirical Risk Minimization. CoRR , Vol. abs\/ 1710 .09412 ( 2017 ). arxiv: 1710.09412 http:\/\/arxiv.org\/abs\/1710.09412 Hongyi Zhang, Moustapha Ciss\u00e9, Yann N. Dauphin, and David Lopez-Paz. 2017. mixup: Beyond Empirical Risk Minimization. CoRR, Vol. abs\/1710.09412 (2017). arxiv: 1710.09412 http:\/\/arxiv.org\/abs\/1710.09412"},{"key":"e_1_3_2_1_33_1","volume-title":"Proceedings of the 36th International Conference on Machine Learning (Proceedings of Machine Learning Research),, Kamalika Chaudhuri and Ruslan Salakhutdinov (Eds.)","volume":"97","author":"Zhang Hongyang","year":"2019","unstructured":"Hongyang Zhang , Yaodong Yu , Jiantao Jiao , Eric Xing , Laurent El Ghaoui , and Michael Jordan . 2019 . Theoretically Principled Trade-off between Robustness and Accuracy . In Proceedings of the 36th International Conference on Machine Learning (Proceedings of Machine Learning Research),, Kamalika Chaudhuri and Ruslan Salakhutdinov (Eds.) , Vol. 97 . PMLR, Long Beach, California, USA, 7472--7482. http:\/\/proceedings.mlr.press\/v97\/zhang19p.html Hongyang Zhang, Yaodong Yu, Jiantao Jiao, Eric Xing, Laurent El Ghaoui, and Michael Jordan. 2019. Theoretically Principled Trade-off between Robustness and Accuracy. In Proceedings of the 36th International Conference on Machine Learning (Proceedings of Machine Learning Research),, Kamalika Chaudhuri and Ruslan Salakhutdinov (Eds.), Vol. 97. PMLR, Long Beach, California, USA, 7472--7482. http:\/\/proceedings.mlr.press\/v97\/zhang19p.html"},{"key":"e_1_3_2_1_34_1","volume-title":"Le","author":"Zoph Barret","year":"2016","unstructured":"Barret Zoph and Quoc V . Le . 2016 . Neural Architecture Search with Reinforcement Learning. CoRR , Vol. abs\/ 1611 .01578 (2016). arxiv: 1611.01578 http:\/\/arxiv.org\/abs\/1611.01578 Barret Zoph and Quoc V. Le. 2016. Neural Architecture Search with Reinforcement Learning. CoRR, Vol. abs\/1611.01578 (2016). arxiv: 1611.01578 http:\/\/arxiv.org\/abs\/1611.01578"}],"event":{"name":"CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security","location":"London United Kingdom","acronym":"CCS '19","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3338501.3357369","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3338501.3357369","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:12:49Z","timestamp":1750201969000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3338501.3357369"}},"subtitle":["Achieving Robust Neural Networks Without Sacrificing Too Much Accuracy"],"short-title":[],"issued":{"date-parts":[[2019,11,11]]},"references-count":34,"alternative-id":["10.1145\/3338501.3357369","10.1145\/3338501"],"URL":"https:\/\/doi.org\/10.1145\/3338501.3357369","relation":{},"subject":[],"published":{"date-parts":[[2019,11,11]]},"assertion":[{"value":"2019-11-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}