{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,23]],"date-time":"2026-01-23T20:14:20Z","timestamp":1769199260171,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":36,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,15]],"date-time":"2021-11-15T00:00:00Z","timestamp":1636934400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100014236","name":"Center for Long-Term Cybersecurity, University of California Berkeley","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100014236","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Google Cloud Research Credits Program","award":["CP19980904"],"award-info":[{"award-number":["CP19980904"]}]},{"name":"Combat Capabilities Development Command Army Research Laboratory","award":["W911NF-13-2-0045"],"award-info":[{"award-number":["W911NF-13-2-0045"]}]},{"DOI":"10.13039\/100014895","name":"Open Philanthropy Project","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100014895","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,15]]},"DOI":"10.1145\/3474369.3486878","type":"proceedings-article","created":{"date-parts":[[2021,10,28]],"date-time":"2021-10-28T11:13:28Z","timestamp":1635419608000},"page":"25-36","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":18,"title":["SAT"],"prefix":"10.1145","author":[{"given":"Chawin","family":"Sitawarin","sequence":"first","affiliation":[{"name":"University of California, Berkeley, Berkeley, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Supriyo","family":"Chakraborty","sequence":"additional","affiliation":[{"name":"IBM T. J. Watson Research Center, Yorktown Heights, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Wagner","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, Berkeley, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,11,15]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"Proceedings of the 35th International Conference on Machine Learning (Proceedings of Machine Learning Research","volume":"283","author":"Athalye Anish","year":"2018","unstructured":"Anish Athalye , Nicholas Carlini , and David Wagner . 2018 . Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples . In Proceedings of the 35th International Conference on Machine Learning (Proceedings of Machine Learning Research , Vol. 80),, Jennifer Dy and Andreas Krause (Eds.). PMLR, Stockholmsm\u00e4ssan, Stockholm Sweden, 274-- 283 . Anish Athalye, Nicholas Carlini, and David Wagner. 2018. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. In Proceedings of the 35th International Conference on Machine Learning (Proceedings of Machine Learning Research, Vol. 80),, Jennifer Dy and Andreas Krause (Eds.). PMLR, Stockholmsm\u00e4ssan, Stockholm Sweden, 274--283."},{"key":"e_1_3_2_2_2_1","volume-title":"Instance Adaptive Adversarial Training: Improved Accuracy Tradeoffs in Neural Nets. arXiv:1910.08051 [cs, stat] (Oct","author":"Balaji Yogesh","year":"2019","unstructured":"Yogesh Balaji , Tom Goldstein , and Judy Hoffman . 2019. Instance Adaptive Adversarial Training: Improved Accuracy Tradeoffs in Neural Nets. arXiv:1910.08051 [cs, stat] (Oct . 2019 ). arxiv: 1910.08051 [cs, stat] Yogesh Balaji, Tom Goldstein, and Judy Hoffman. 2019. Instance Adaptive Adversarial Training: Improved Accuracy Tradeoffs in Neural Nets. arXiv:1910.08051 [cs, stat] (Oct. 2019). arxiv: 1910.08051 [cs, stat]"},{"key":"e_1_3_2_2_3_1","volume-title":"Curriculum Learning. In Proceedings of the 26th Annual International Conference on Machine Learning - ICML '09. ACM Press","author":"Bengio Yoshua","year":"2009","unstructured":"Yoshua Bengio , J\u00e9r\u00f4me Louradour , Ronan Collobert , and Jason Weston . 2009 . Curriculum Learning. In Proceedings of the 26th Annual International Conference on Machine Learning - ICML '09. ACM Press , Montreal, Quebec, Canada, 1--8. https:\/\/doi.org\/10.1145\/1553374.1553380 10.1145\/1553374.1553380 Yoshua Bengio, J\u00e9r\u00f4me Louradour, Ronan Collobert, and Jason Weston. 2009. Curriculum Learning. In Proceedings of the 26th Annual International Conference on Machine Learning - ICML '09. ACM Press, Montreal, Quebec, Canada, 1--8. https:\/\/doi.org\/10.1145\/1553374.1553380"},{"key":"e_1_3_2_2_4_1","volume-title":"Pavel Laskov, Giorgio Giacinto, and Fabio Roli.","author":"Biggio Battista","year":"2013","unstructured":"Battista Biggio , Igino Corona , Davide Maiorca , Blaine Nelson , Nedim v Srndi\u0107 , Pavel Laskov, Giorgio Giacinto, and Fabio Roli. 2013 . Evasion Attacks against Machine Learning at Test Time. In Machine Learning and Knowledge Discovery in Databases, Hendrik Blockeel, Kristian Kersting, Siegfried Nijssen, and Filip \u017delezn\u00fd (Eds.). Springer Berlin Heidelberg , Berlin, Heidelberg, 387--402. Battista Biggio, Igino Corona, Davide Maiorca, Blaine Nelson, Nedim v Srndi\u0107, Pavel Laskov, Giorgio Giacinto, and Fabio Roli. 2013. Evasion Attacks against Machine Learning at Test Time. In Machine Learning and Knowledge Discovery in Databases, Hendrik Blockeel, Kristian Kersting, Siegfried Nijssen, and Filip \u017delezn\u00fd (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 387--402."},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2018\/520"},{"key":"e_1_3_2_2_6_1","volume-title":"5th International Conference on Learning Representations, ICLR 2017 - Conference Track Proceedings","author":"Chaudhari Pratik","year":"2017","unstructured":"Pratik Chaudhari , Anna Choromanska , Stefano Soatto , Yann LeCun , Carlo Baldassi , Christian Borgs , Jennifer Chayes , Levent Sagun , and Riccardo Zecchina . 2017 . Entropy-SGD: Biasing Gradient Descent into Wide Valleys . 5th International Conference on Learning Representations, ICLR 2017 - Conference Track Proceedings (2017), 1--19. Pratik Chaudhari, Anna Choromanska, Stefano Soatto, Yann LeCun, Carlo Baldassi, Christian Borgs, Jennifer Chayes, Levent Sagun, and Riccardo Zecchina. 2017. Entropy-SGD: Biasing Gradient Descent into Wide Valleys. 5th International Conference on Learning Representations, ICLR 2017 - Conference Track Proceedings (2017), 1--19."},{"key":"e_1_3_2_2_7_1","volume-title":"CAT: Customized Adversarial Training for Improved Robustness. arXiv:2002.06789 [cs, stat] (Feb.","author":"Cheng Minhao","year":"2020","unstructured":"Minhao Cheng , Qi Lei , Pin-Yu Chen , Inderjit Dhillon , and Cho-Jui Hsieh . 2020 . CAT: Customized Adversarial Training for Improved Robustness. arXiv:2002.06789 [cs, stat] (Feb. 2020). arxiv: 2002.06789 [cs, stat] Minhao Cheng, Qi Lei, Pin-Yu Chen, Inderjit Dhillon, and Cho-Jui Hsieh. 2020. CAT: Customized Adversarial Training for Improved Robustness. arXiv:2002.06789 [cs, stat] (Feb. 2020). arxiv: 2002.06789 [cs, stat]"},{"key":"e_1_3_2_2_8_1","volume-title":"Proceedings of the 37th International Conference on Machine Learning (Proceedings of Machine Learning Research","author":"Croce Francesco","year":"2020","unstructured":"Francesco Croce and Matthias Hein . 2020 . Reliable Evaluation of Adversarial Robustness with an Ensemble of Diverse Parameter-Free Attacks . In Proceedings of the 37th International Conference on Machine Learning (Proceedings of Machine Learning Research , Vol. 119),, Hal Daum\u00e9 III and Aarti Singh (Eds.). PMLR, 2206--2216. Francesco Croce and Matthias Hein. 2020. Reliable Evaluation of Adversarial Robustness with an Ensemble of Diverse Parameter-Free Attacks. In Proceedings of the 37th International Conference on Machine Learning (Proceedings of Machine Learning Research, Vol. 119),, Hal Daum\u00e9 III and Aarti Singh (Eds.). PMLR, 2206--2216."},{"key":"e_1_3_2_2_9_1","volume-title":"International Conference on Learning Representations.","author":"Ding Gavin Weiguang","year":"2020","unstructured":"Gavin Weiguang Ding , Yash Sharma , Kry Yik Chau Lui , and Ruitong Huang . 2020 . MMA Training: Direct Input Space Margin Maximization through Adversarial Training . In International Conference on Learning Representations. Gavin Weiguang Ding, Yash Sharma, Kry Yik Chau Lui, and Ruitong Huang. 2020. MMA Training: Direct Input Space Margin Maximization through Adversarial Training. In International Conference on Learning Representations."},{"key":"e_1_3_2_2_10_1","volume-title":"Explaining and Harnessing Adversarial Examples. In International Conference on Learning Representations.","author":"Goodfellow Ian","year":"2015","unstructured":"Ian Goodfellow , Jonathon Shlens , and Christian Szegedy . 2015 . Explaining and Harnessing Adversarial Examples. In International Conference on Learning Representations. Ian Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In International Conference on Learning Representations."},{"key":"e_1_3_2_2_11_1","volume-title":"Uncovering the Limits of Adversarial Training against Norm-Bounded Adversarial Examples. arXiv:2010.03593 [cs, stat] (March","author":"Gowal Sven","year":"2021","unstructured":"Sven Gowal , Chongli Qin , Jonathan Uesato , Timothy Mann , and Pushmeet Kohli . 2021. Uncovering the Limits of Adversarial Training against Norm-Bounded Adversarial Examples. arXiv:2010.03593 [cs, stat] (March 2021 ). arxiv: 2010.03593 [cs, stat] Sven Gowal, Chongli Qin, Jonathan Uesato, Timothy Mann, and Pushmeet Kohli. 2021. Uncovering the Limits of Adversarial Training against Norm-Bounded Adversarial Examples. arXiv:2010.03593 [cs, stat] (March 2021). arxiv: 2010.03593 [cs, stat]"},{"key":"e_1_3_2_2_12_1","volume-title":"Proceedings of the 36th International Conference on Machine Learning (Proceedings of Machine Learning Research","volume":"2544","author":"Hacohen Guy","year":"2019","unstructured":"Guy Hacohen and Daphna Weinshall . 2019 . On the Power of Curriculum Learning in Training Deep Networks . In Proceedings of the 36th International Conference on Machine Learning (Proceedings of Machine Learning Research , Vol. 97), Kamalika Chaudhuri and Ruslan Salakhutdinov (Eds.). PMLR, 2535-- 2544 . Guy Hacohen and Daphna Weinshall. 2019. On the Power of Curriculum Learning in Training Deep Networks. In Proceedings of the 36th International Conference on Machine Learning (Proceedings of Machine Learning Research, Vol. 97), Kamalika Chaudhuri and Ruslan Salakhutdinov (Eds.). PMLR, 2535--2544."},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1162\/neco.1997.9.1.1"},{"key":"e_1_3_2_2_14_1","unstructured":"Jeremy Howard. 2021. Fastai\/Imagenette. fast.ai.  Jeremy Howard. 2021. Fastai\/Imagenette. fast.ai."},{"key":"e_1_3_2_2_15_1","volume-title":"34th Conference on Uncertainty in Artificial Intelligence","author":"Izmailov Pavel","year":"2018","unstructured":"Pavel Izmailov , Dmitrii Podoprikhin , Timur Garipov , Dmitry Vetrov , and Andrew Gordon Wilson . 2018. Averaging weights leads to wider optima and better generalization . In 34th Conference on Uncertainty in Artificial Intelligence 2018 , UAI 2018 (34th Conference on Uncertainty in Artificial Intelligence 2018, UAI 2018), Ricardo Silva, Amir Globerson, and Amir Globerson (Eds.). Association For Uncertainty in Artificial Intelligence (AUAI), 876--885. Pavel Izmailov, Dmitrii Podoprikhin, Timur Garipov, Dmitry Vetrov, and Andrew Gordon Wilson. 2018. Averaging weights leads to wider optima and better generalization. In 34th Conference on Uncertainty in Artificial Intelligence 2018, UAI 2018 (34th Conference on Uncertainty in Artificial Intelligence 2018, UAI 2018), Ricardo Silva, Amir Globerson, and Amir Globerson (Eds.). Association For Uncertainty in Artificial Intelligence (AUAI), 876--885."},{"key":"e_1_3_2_2_16_1","volume-title":"Three Factors Influencing Minima in SGD. arXiv:1711.04623 [cs, stat] (Sept","author":"Stanis\u0142aw Jastrzke","year":"2018","unstructured":"Stanis\u0142aw Jastrzke bski, Zachary Kenton , Devansh Arpit , Nicolas Ballas , Asja Fischer , Yoshua Bengio , and Amos Storkey . 2018. Three Factors Influencing Minima in SGD. arXiv:1711.04623 [cs, stat] (Sept . 2018 ). arxiv: 1711.04623 [cs, stat] Stanis\u0142aw Jastrzke bski, Zachary Kenton, Devansh Arpit, Nicolas Ballas, Asja Fischer, Yoshua Bengio, and Amos Storkey. 2018. Three Factors Influencing Minima in SGD. arXiv:1711.04623 [cs, stat] (Sept. 2018). arxiv: 1711.04623 [cs, stat]"},{"key":"e_1_3_2_2_17_1","volume-title":"On Large-Batch Training for Deep Learning: Generalization Gap and Sharp Minima. arXiv:1609.04836 [cs, math] (Feb","author":"Keskar Nitish Shirish","year":"2017","unstructured":"Nitish Shirish Keskar , Dheevatsa Mudigere , Jorge Nocedal , Mikhail Smelyanskiy , and Ping Tak Peter Tang . 2017. On Large-Batch Training for Deep Learning: Generalization Gap and Sharp Minima. arXiv:1609.04836 [cs, math] (Feb . 2017 ). arxiv: 1609.04836 [cs, math] Nitish Shirish Keskar, Dheevatsa Mudigere, Jorge Nocedal, Mikhail Smelyanskiy, and Ping Tak Peter Tang. 2017. On Large-Batch Training for Deep Learning: Generalization Gap and Sharp Minima. arXiv:1609.04836 [cs, math] (Feb. 2017). arxiv: 1609.04836 [cs, math]"},{"key":"e_1_3_2_2_18_1","first-page":"1","article-title":"Convergence Guarantees for a Class of Non-Convex and Non-Smooth Optimization Problems","volume":"20","author":"Khamaru Koulik","year":"2019","unstructured":"Koulik Khamaru and Martin J. Wainwright . 2019 . Convergence Guarantees for a Class of Non-Convex and Non-Smooth Optimization Problems . Journal of Machine Learning Research , Vol. 20 , 154 (2019), 1 -- 52 . Koulik Khamaru and Martin J. Wainwright. 2019. Convergence Guarantees for a Class of Non-Convex and Non-Smooth Optimization Problems. Journal of Machine Learning Research, Vol. 20, 154 (2019), 1--52.","journal-title":"Journal of Machine Learning Research"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/2987061.2987081"},{"key":"e_1_3_2_2_20_1","volume-title":"29th Annual Conference on Learning Theory (Proceedings of Machine Learning Research","volume":"1257","author":"Lee Jason D.","year":"2016","unstructured":"Jason D. Lee , Max Simchowitz , Michael I. Jordan , and Benjamin Recht . 2016 . Gradient Descent Only Converges to Minimizers . In 29th Annual Conference on Learning Theory (Proceedings of Machine Learning Research , Vol. 49), Vitaly Feldman, Alexander Rakhlin, and Ohad Shamir (Eds.). PMLR, Columbia University, New York, New York, USA, 1246-- 1257 . Jason D. Lee, Max Simchowitz, Michael I. Jordan, and Benjamin Recht. 2016. Gradient Descent Only Converges to Minimizers. In 29th Annual Conference on Learning Theory (Proceedings of Machine Learning Research, Vol. 49), Vitaly Feldman, Alexander Rakhlin, and Ohad Shamir (Eds.). PMLR, Columbia University, New York, New York, USA, 1246--1257."},{"key":"e_1_3_2_2_22_1","unstructured":"Chen Liu Mathieu Salzmann Tao Lin Ryota Tomioka and Sabine S\u00fcsstrunk. 2020. On the Loss Landscape of Adversarial Training: Identifying Challenges and How to Overcome Them. In Advances in Neural Information Processing Systems.  Chen Liu Mathieu Salzmann Tao Lin Ryota Tomioka and Sabine S\u00fcsstrunk. 2020. On the Loss Landscape of Adversarial Training: Identifying Challenges and How to Overcome Them. In Advances in Neural Information Processing Systems."},{"key":"e_1_3_2_2_23_1","volume-title":"International Conference on Learning Representations.","author":"Madry Aleksander","year":"2018","unstructured":"Aleksander Madry , Aleksandar Makelov , Ludwig Schmidt , Dimitris Tsipras , and Adrian Vladu . 2018 . Towards Deep Learning Models Resistant to Adversarial Attacks . In International Conference on Learning Representations. Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2018. Towards Deep Learning Models Resistant to Adversarial Attacks. In International Conference on Learning Representations."},{"key":"e_1_3_2_2_24_1","volume-title":"Proceedings of the 37th International Conference on Machine Learning (Proceedings of Machine Learning Research","author":"Mulayoff Rotem","year":"2020","unstructured":"Rotem Mulayoff and Tomer Michaeli . 2020 . Unique Properties of Flat Minima in Deep Networks . In Proceedings of the 37th International Conference on Machine Learning (Proceedings of Machine Learning Research , Vol. 119),, Hal Daum\u00e9 III and Aarti Singh (Eds.). PMLR, 7108--7118. Rotem Mulayoff and Tomer Michaeli. 2020. Unique Properties of Flat Minima in Deep Networks. In Proceedings of the 37th International Conference on Machine Learning (Proceedings of Machine Learning Research, Vol. 119),, Hal Daum\u00e9 III and Aarti Singh (Eds.). PMLR, 7108--7118."},{"key":"e_1_3_2_2_25_1","volume-title":"Proceedings of the 37th International Conference on Machine Learning (Proceedings of Machine Learning Research","author":"Rice Leslie","year":"2020","unstructured":"Leslie Rice , Eric Wong , and Zico Kolter . 2020 . Over fitting in Adversarially Robust Deep Learning . In Proceedings of the 37th International Conference on Machine Learning (Proceedings of Machine Learning Research , Vol. 119),, Hal Daum\u00e9 III and Aarti Singh (Eds.). PMLR, 8093--8104. Leslie Rice, Eric Wong, and Zico Kolter. 2020. Over fitting in Adversarially Robust Deep Learning. In Proceedings of the 37th International Conference on Machine Learning (Proceedings of Machine Learning Research, Vol. 119),, Hal Daum\u00e9 III and Aarti Singh (Eds.). PMLR, 8093--8104."},{"key":"e_1_3_2_2_26_1","volume-title":"Garnett (Eds.)","volume":"32","author":"Shafahi Ali","year":"2019","unstructured":"Ali Shafahi , Mahyar Najibi , Mohammad Amin Ghiasi , Zheng Xu , John Dickerson , Christoph Studer , Larry S Davis , Gavin Taylor , and Tom Goldstein . 2019 . Adversarial Training for Free!. In Advances in Neural Information Processing Systems, H. Wallach, H. Larochelle, A. Beygelzimer, F. dAlch\u00e9-Buc, E. Fox, and R . Garnett (Eds.) , Vol. 32 . Curran Associates, Inc. Ali Shafahi, Mahyar Najibi, Mohammad Amin Ghiasi, Zheng Xu, John Dickerson, Christoph Studer, Larry S Davis, Gavin Taylor, and Tom Goldstein. 2019. Adversarial Training for Free!. In Advances in Neural Information Processing Systems, H. Wallach, H. Larochelle, A. Beygelzimer, F. dAlch\u00e9-Buc, E. Fox, and R. Garnett (Eds.), Vol. 32. Curran Associates, Inc."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1287\/moor.10.2.207"},{"key":"e_1_3_2_2_28_1","volume-title":"Intriguing Properties of Neural Networks. In International Conference on Learning Representations.","author":"Szegedy Christian","year":"2014","unstructured":"Christian Szegedy , Wojciech Zaremba , Ilya Sutskever , Joan Bruna , Dumitru Erhan , Ian Goodfellow , and Rob Fergus . 2014 . Intriguing Properties of Neural Networks. In International Conference on Learning Representations. Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2014. Intriguing Properties of Neural Networks. In International Conference on Learning Representations."},{"key":"e_1_3_2_2_29_1","volume-title":"Residual Attention Network for Image Classification. arXiv:1704.06904 [cs] (April","author":"Wang Fei","year":"2017","unstructured":"Fei Wang , Mengqing Jiang , Chen Qian , Shuo Yang , Cheng Li , Honggang Zhang , Xiaogang Wang , and Xiaoou Tang . 2017. Residual Attention Network for Image Classification. arXiv:1704.06904 [cs] (April 2017 ). arxiv: 1704.06904 [cs] Fei Wang, Mengqing Jiang, Chen Qian, Shuo Yang, Cheng Li, Honggang Zhang, Xiaogang Wang, and Xiaoou Tang. 2017. Residual Attention Network for Image Classification. arXiv:1704.06904 [cs] (April 2017). arxiv: 1704.06904 [cs]"},{"key":"e_1_3_2_2_30_1","volume-title":"Proceedings of the 36th International Conference on Machine Learning (Proceedings of Machine Learning Research","volume":"6595","author":"Wang Yisen","year":"2019","unstructured":"Yisen Wang , Xingjun Ma , James Bailey , Jinfeng Yi , Bowen Zhou , and Quanquan Gu . 2019 . On the Convergence and Robustness of Adversarial Training . In Proceedings of the 36th International Conference on Machine Learning (Proceedings of Machine Learning Research , Vol. 97), Kamalika Chaudhuri and Ruslan Salakhutdinov (Eds.). PMLR, Long Beach, California, USA, 6586-- 6595 . Yisen Wang, Xingjun Ma, James Bailey, Jinfeng Yi, Bowen Zhou, and Quanquan Gu. 2019. On the Convergence and Robustness of Adversarial Training. In Proceedings of the 36th International Conference on Machine Learning (Proceedings of Machine Learning Research, Vol. 97), Kamalika Chaudhuri and Ruslan Salakhutdinov (Eds.). PMLR, Long Beach, California, USA, 6586--6595."},{"key":"e_1_3_2_2_31_1","volume-title":"Improving Adversarial Robustness Requires Revisiting Misclassified Examples. In International Conference on Learning Representations.","author":"Wang Yisen","year":"2020","unstructured":"Yisen Wang , Difan Zou , Jinfeng Yi , James Bailey , Xingjun Ma , and Quanquan Gu . 2020 . Improving Adversarial Robustness Requires Revisiting Misclassified Examples. In International Conference on Learning Representations. Yisen Wang, Difan Zou, Jinfeng Yi, James Bailey, Xingjun Ma, and Quanquan Gu. 2020. Improving Adversarial Robustness Requires Revisiting Misclassified Examples. In International Conference on Learning Representations."},{"key":"e_1_3_2_2_33_1","volume-title":"International Conference on Learning Representations.","author":"Wong Eric","unstructured":"Eric Wong , Leslie Rice , and J. Zico Kolter . 2020. Fast Is Better than Free: Revisiting Adversarial Training . In International Conference on Learning Representations. Eric Wong, Leslie Rice, and J. Zico Kolter. 2020. Fast Is Better than Free: Revisiting Adversarial Training. In International Conference on Learning Representations."},{"key":"e_1_3_2_2_34_1","volume-title":"Lin (Eds.)","volume":"33","author":"Wu Dongxian","year":"2020","unstructured":"Dongxian Wu , Shu-Tao Xia , and Yisen Wang . 2020 . Adversarial Weight Perturbation Helps Robust Generalization. In Advances in Neural Information Processing Systems, H. Larochelle, M. Ranzato, R. Hadsell, M. F. Balcan, and H . Lin (Eds.) , Vol. 33 . Curran Associates, Inc., 2958--2969. Dongxian Wu, Shu-Tao Xia, and Yisen Wang. 2020. Adversarial Weight Perturbation Helps Robust Generalization. In Advances in Neural Information Processing Systems, H. Larochelle, M. Ranzato, R. Hadsell, M. F. Balcan, and H. Lin (Eds.), Vol. 33. Curran Associates, Inc., 2958--2969."},{"key":"e_1_3_2_2_35_1","volume-title":"Wide Residual Networks. arXiv:1605.07146 [cs] (June","author":"Zagoruyko Sergey","year":"2017","unstructured":"Sergey Zagoruyko and Nikos Komodakis . 2017. Wide Residual Networks. arXiv:1605.07146 [cs] (June 2017 ). arxiv: 1605.07146 [cs] Sergey Zagoruyko and Nikos Komodakis. 2017. Wide Residual Networks. arXiv:1605.07146 [cs] (June 2017). arxiv: 1605.07146 [cs]"},{"key":"e_1_3_2_2_36_1","volume-title":"IJCAI International Joint Conference on Artificial Intelligence","volume":"7540","author":"Zhan Yusen","year":"2016","unstructured":"Yusen Zhan , Haitham Bou Ammar , and Matthew E. Taylor . 2016. Theoretically-Grounded Policy Advice from Multiple Teachers in Reinforcement Learning Settings with Applications to Negative Transfer . IJCAI International Joint Conference on Artificial Intelligence , Vol. 2016-Janua, 7540 ( 2016 ), 2315--2321. https:\/\/doi.org\/10.1038\/nature14236 10.1038\/nature14236 Yusen Zhan, Haitham Bou Ammar, and Matthew E. Taylor. 2016. Theoretically-Grounded Policy Advice from Multiple Teachers in Reinforcement Learning Settings with Applications to Negative Transfer. IJCAI International Joint Conference on Artificial Intelligence, Vol. 2016-Janua, 7540 (2016), 2315--2321. https:\/\/doi.org\/10.1038\/nature14236"},{"key":"e_1_3_2_2_37_1","volume-title":"International Conference on Machine Learning.","author":"Zhang Hongyang","unstructured":"Hongyang Zhang , Yaodong Yu , Jiantao Jiao , Eric P. Xing , Laurent El Ghaoui , and Michael I. Jordan . 2019. Theoretically Principled Trade-off between Robustness and Accuracy . In International Conference on Machine Learning. Hongyang Zhang, Yaodong Yu, Jiantao Jiao, Eric P. Xing, Laurent El Ghaoui, and Michael I. Jordan. 2019. Theoretically Principled Trade-off between Robustness and Accuracy. In International Conference on Machine Learning."},{"key":"e_1_3_2_2_38_1","volume-title":"Proceedings of the 37th International Conference on Machine Learning (Proceedings of Machine Learning Research","author":"Zhang Jingfeng","year":"2020","unstructured":"Jingfeng Zhang , Xilie Xu , Bo Han , Gang Niu , Lizhen Cui , Masashi Sugiyama , and Mohan Kankanhalli . 2020 . Attacks Which Do Not Kill Training Make Adversarial Learning Stronger . In Proceedings of the 37th International Conference on Machine Learning (Proceedings of Machine Learning Research , Vol. 119),, Hal Daum\u00e9 III and Aarti Singh (Eds.). PMLR, 11278--11287. Jingfeng Zhang, Xilie Xu, Bo Han, Gang Niu, Lizhen Cui, Masashi Sugiyama, and Mohan Kankanhalli. 2020. Attacks Which Do Not Kill Training Make Adversarial Learning Stronger. In Proceedings of the 37th International Conference on Machine Learning (Proceedings of Machine Learning Research, Vol. 119),, Hal Daum\u00e9 III and Aarti Singh (Eds.). PMLR, 11278--11287."}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3474369.3486878","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3474369.3486878","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:26Z","timestamp":1750188626000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3474369.3486878"}},"subtitle":["Improving Adversarial Training via Curriculum-Based Loss Smoothing"],"short-title":[],"issued":{"date-parts":[[2021,11,15]]},"references-count":36,"alternative-id":["10.1145\/3474369.3486878","10.1145\/3474369"],"URL":"https:\/\/doi.org\/10.1145\/3474369.3486878","relation":{},"subject":[],"published":{"date-parts":[[2021,11,15]]},"assertion":[{"value":"2021-11-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}