{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,24]],"date-time":"2025-08-24T00:02:27Z","timestamp":1755993747813,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":30,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,11,6]],"date-time":"2024-11-06T00:00:00Z","timestamp":1730851200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nd\/4.0\/"}],"funder":[{"name":"The University of Melbourne?s Research Computing Services and The Petascale Campus Initiative"},{"name":"The Joint CATCH MURI-AUSMURI"},{"name":"The University of Melbourne Research Scholarship"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,11,6]]},"DOI":"10.1145\/3689932.3694761","type":"proceedings-article","created":{"date-parts":[[2024,11,22]],"date-time":"2024-11-22T06:24:01Z","timestamp":1732256641000},"page":"53-64","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Getting a-Round Guarantees: Floating-Point Attacks on Certified Robustness"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-1008-482X","authenticated-orcid":false,"given":"Jiankai","family":"Jin","sequence":"first","affiliation":[{"name":"The University of Melbourne, Melbourne, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9735-0538","authenticated-orcid":false,"given":"Olga","family":"Ohrimenko","sequence":"additional","affiliation":[{"name":"The University of Melbourne, Melbourne, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2947-6980","authenticated-orcid":false,"given":"Benjamin I. P.","family":"Rubinstein","sequence":"additional","affiliation":[{"name":"The University of Melbourne, Melbourne, Australia"}]}],"member":"320","published-online":{"date-parts":[[2024,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.orl.2006.12.010"},{"key":"e_1_3_2_1_2_1","volume-title":"Interval estimation for a binomial proportion. Statistical science","author":"Brown Lawrence D.","year":"2001","unstructured":"Lawrence D. Brown, T. Tony Cai, and Anirban DasGupta. 2001. Interval estimation for a binomial proportion. Statistical science, Vol. 16, 2 (2001), 101--133."},{"key":"e_1_3_2_1_3_1","article-title":"Branch and bound for piecewise linear neural network verification","volume":"21","author":"Bunel Rudy","year":"2020","unstructured":"Rudy Bunel, P Mudigonda, Ilker Turkaslan, Philip Torr, Jingyue Lu, and Pushmeet Kohli. 2020. Branch and bound for piecewise linear neural network verification. Journal of Machine Learning Research, Vol. 21, 2020 (2020).","journal-title":"Journal of Machine Learning Research"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"e_1_3_2_1_5_1","volume-title":"International Conference on Machine Learning (ICML). PMLR, 1310--1320","author":"Cohen Jeremy","year":"2019","unstructured":"Jeremy Cohen, Elan Rosenfeld, and Zico Kolter. 2019. Certified adversarial robustness via randomized smoothing. In International Conference on Machine Learning (ICML). PMLR, 1310--1320."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1023\/B:NUMA.0000049462.70970.b6"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-68167-2_19"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-45237-7_5"},{"key":"e_1_3_2_1_9_1","volume-title":"Explaining and Harnessing Adversarial Examples. In International Conference on Learning Representations (ICLR). http:\/\/arxiv.org\/abs\/1412","author":"Goodfellow Ian","year":"2015","unstructured":"Ian Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In International Conference on Learning Representations (ICLR). http:\/\/arxiv.org\/abs\/1412.6572"},{"key":"e_1_3_2_1_10_1","unstructured":"Gurobi Optimization LLC. 2022. Gurobi Optimizer Reference Manual. https:\/\/www.gurobi.com"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v35i5.16496"},{"volume-title":"Accuracy and stability of numerical algorithms","author":"Higham Nicholas J.","key":"e_1_3_2_1_12_1","unstructured":"Nicholas J. Higham. 2002. Accuracy and stability of numerical algorithms. Society for Industrial and Applied Mathematics (SIAM)."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/0893-6080(91)90009-T"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/IEEESTD.2019.8766229"},{"volume-title":"Applied Interval Analysis","author":"Jaulin Luc","key":"e_1_3_2_1_15_1","unstructured":"Luc Jaulin, Michel Kieffer, Olivier Didrit, and Eric Walter. 2001. Interval analysis. In Applied Interval Analysis. Springer, 11--43."},{"key":"e_1_3_2_1_16_1","volume-title":"Efficient exact verification of binarized neural networks. Advances in neural information processing systems","author":"Jia Kai","year":"2020","unstructured":"Kai Jia and Martin Rinard. 2020. Efficient exact verification of binarized neural networks. Advances in neural information processing systems, Vol. 33 (2020), 1782--1795."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-88806-0_9"},{"key":"e_1_3_2_1_18_1","volume-title":"Burges","author":"LeCun Yann","year":"2010","unstructured":"Yann LeCun, Corinna Cortes, and Christopher J.C. Burges. 2010. MNIST handwritten digit database. ATT Labs [Online]. Available: http:\/\/yann.lecun.com\/exdb\/mnist, Vol. 2 (2010)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00044"},{"key":"e_1_3_2_1_20_1","volume-title":"Advances in Neural Information Processing Systems (NeurIPS)","volume":"32","author":"Li Bai","year":"2019","unstructured":"Bai Li, Changyou Chen, Wenlin Wang, and Lawrence Carin. 2019. Certified adversarial robustness with additive noise. In Advances in Neural Information Processing Systems (NeurIPS), Vol. 32."},{"key":"e_1_3_2_1_21_1","volume-title":"International Conference on Learning Representations (ICLR).","author":"Madry Aleksander","year":"2018","unstructured":"Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2018. Towards deep learning models resistant to adversarial attacks. In International Conference on Learning Representations (ICLR)."},{"key":"e_1_3_2_1_22_1","volume-title":"Fast and effective robustness certification. Advances in neural information processing systems","author":"Singh Gagandeep","year":"2018","unstructured":"Gagandeep Singh, Timon Gehr, Matthew Mirman, Markus P\u00fcschel, and Martin Vechev. 2018. Fast and effective robustness certification. Advances in neural information processing systems, Vol. 31 (2018)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290354"},{"key":"e_1_3_2_1_24_1","volume-title":"International Conference on Learning Representations (ICLR). http:\/\/arxiv.org\/abs\/1312","author":"Szegedy Christian","year":"2014","unstructured":"Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2014. Intriguing properties of neural networks. In International Conference on Learning Representations (ICLR). http:\/\/arxiv.org\/abs\/1312.6199"},{"key":"e_1_3_2_1_25_1","unstructured":"Stefano Taschini. 2008. PyInterval interval arithmetic in Python. https:\/\/pypi.org\/project\/pyinterval\/ version 1.2.0 released 2017-03-05."},{"key":"e_1_3_2_1_26_1","volume-title":"Evaluating Robustness of Neural Networks with Mixed Integer Programming. In International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=HyGIdiRqtm","author":"Tjeng Vincent","year":"2019","unstructured":"Vincent Tjeng, Kai Y. Xiao, and Russ Tedrake. 2019. Evaluating Robustness of Neural Networks with Mixed Integer Programming. In International Conference on Learning Representations. https:\/\/openreview.net\/forum?id=HyGIdiRqtm"},{"key":"e_1_3_2_1_27_1","volume-title":"Sound randomized smoothing in floating-point arithmetics. arXiv preprint arXiv:2207.07209","author":"Vor\u00e1vcek V\u00e1clav","year":"2022","unstructured":"V\u00e1clav Vor\u00e1vcek and Matthias Hein. 2022. Sound randomized smoothing in floating-point arithmetics. arXiv preprint arXiv:2207.07209 (2022)."},{"key":"e_1_3_2_1_28_1","unstructured":"Shiqi Wang Huan Zhang Kaidi Xu Xue Lin Suman Jana Cho-Jui Hsieh and J Zico Kolter. 2021. Beta-CROWN: Efficient bound propagation with per-neuron split constraints for complete and incomplete neural network verification. In Advances in Neural Information Processing Systems (NeurIPS)."},{"key":"e_1_3_2_1_29_1","volume-title":"Advances in Neural Information Processing Systems (NeurIPS)","volume":"31","author":"Zhang Huan","year":"2018","unstructured":"Huan Zhang, Tsui-Wei Weng, Pin-Yu Chen, Cho-Jui Hsieh, and Luca Daniel. 2018. Efficient neural network robustness certification with general activation functions. In Advances in Neural Information Processing Systems (NeurIPS), Vol. 31."},{"key":"e_1_3_2_1_30_1","volume-title":"International Conference on Learning Representations (ICLR).","author":"Zombori D\u00e1niel","year":"2020","unstructured":"D\u00e1niel Zombori, Bal\u00e1zs B\u00e1nhelyi, Tibor Csendes, Istv\u00e1n Megyeri, and M\u00e1rk Jelasity. 2020. Fooling a complete neural network verifier. In International Conference on Learning Representations (ICLR)."}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Salt Lake City UT USA","acronym":"CCS '24"},"container-title":["Proceedings of the 2024 Workshop on Artificial Intelligence and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689932.3694761","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3689932.3694761","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T02:09:08Z","timestamp":1755914948000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689932.3694761"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,6]]},"references-count":30,"alternative-id":["10.1145\/3689932.3694761","10.1145\/3689932"],"URL":"https:\/\/doi.org\/10.1145\/3689932.3694761","relation":{},"subject":[],"published":{"date-parts":[[2024,11,6]]},"assertion":[{"value":"2024-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}