-
Notifications
You must be signed in to change notification settings - Fork 0
/
project_proposal.bib
529 lines (468 loc) · 21.1 KB
/
project_proposal.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
@article{singh2018fast,
title={Fast and effective robustness certification},
author={Singh, Gagandeep and Gehr, Timon and Mirman, Matthew and P{\"u}schel, Markus and Vechev, Martin},
journal={Advances in neural information processing systems},
volume={31},
year={2018}
}
@article{singh2019abstract,
title={An abstract domain for certifying neural networks},
author={Singh, Gagandeep and Gehr, Timon and P{\"u}schel, Markus and Vechev, Martin},
journal={Proceedings of the ACM on Programming Languages},
volume={3},
number={POPL},
pages={1--30},
year={2019},
publisher={ACM New York, NY, USA}
}
@inproceedings{singh2018boosting,
title={Boosting robustness certification of neural networks},
author={Singh, Gagandeep and Gehr, Timon and P{\"u}schel, Markus and Vechev, Martin},
booktitle={International conference on learning representations},
year={2018}
}
@article{singh2019beyond,
title={Beyond the single neuron convex barrier for neural network certification},
author={Singh, Gagandeep and Ganvir, Rupanshu and P{\"u}schel, Markus and Vechev, Martin},
journal={Advances in Neural Information Processing Systems},
volume={32},
year={2019}
}
@article{balunovic2019certifying,
title={Certifying geometric robustness of neural networks},
author={Balunovic, Mislav and Baader, Maximilian and Singh, Gagandeep and Gehr, Timon and Vechev, Martin},
journal={Advances in Neural Information Processing Systems},
volume={32},
year={2019}
}
@article{ruoss2020efficient,
title={Efficient certification of spatial robustness},
author={Ruoss, Anian and Baader, Maximilian and Balunovi{\'c}, Mislav and Vechev, Martin},
journal={arXiv preprint arXiv:2009.09318},
year={2020}
}
@article{muller2021scaling,
title={Scaling polyhedral neural network verification on GPUs},
author={M{\"u}ller, Christoph and Serre, Fran{\c{c}}ois and Singh, Gagandeep and P{\"u}schel, Markus and Vechev, Martin},
journal={Proceedings of Machine Learning and Systems},
volume={3},
pages={733--746},
year={2021}
}
@article{muller2022prima,
title={PRIMA: general and precise neural network certification via scalable convex hull approximations},
author={M{\"u}ller, Mark Niklas and Makarchuk, Gleb and Singh, Gagandeep and P{\"u}schel, Markus and Vechev, Martin},
journal={Proceedings of the ACM on Programming Languages},
volume={6},
number={POPL},
pages={1--33},
year={2022},
publisher={ACM New York, NY, USA}
}
@software{ERAN,
author = {M{\"u}ller, Mark Niklas and Singh, Gagandeep and Balunovic, Mislav and Makarchuk, Gleb and Ruoss, Anian and Serre, Fran{\c{c}}ois and Baader, Maximilian and Cohen, Dana Drachsler and Gehr, Timon and Hoffman, Adrian and Maurer, Jonathan and Mirman, Matthew and M{\"u}ller, Cristoph and P{\"u}schel, Markus and Tsankov, Petar and Vechev, Martin},
title = {{ETH Robustness Analyzer for Neural Networks (ERAN)}},
url = {https://github.com/eth-sri/eran}
}
@software{ELINA,
author = {Singh, Gagandeep and He, Jingxuan and M{\"u}ller, Cristoph and Serre, Fran{\c{c}}ois and Ruoss, Anian and Makarchuk, Gleb and P{\"u}schel, Markus and Vechev, Martin},
title = {{ETH LIbrary for Numerical Analysis (ELINA)}},
url = {https://github.com/eth-sri/ELINA}
}
@inproceedings{ehlers2017formal,
title={Formal verification of piece-wise linear feed-forward neural networks},
author={Ehlers, Ruediger},
booktitle={International Symposium on Automated Technology for Verification and Analysis},
pages={269--286},
year={2017},
organization={Springer}
}
@inproceedings{huang2017safety,
title={Safety verification of deep neural networks},
author={Huang, Xiaowei and Kwiatkowska, Marta and Wang, Sen and Wu, Min},
booktitle={International conference on computer aided verification},
pages={3--29},
year={2017},
organization={Springer}
}
@inproceedings{katz2017reluplex,
title={Reluplex: An efficient SMT solver for verifying deep neural networks},
author={Katz, Guy and Barrett, Clark and Dill, David L and Julian, Kyle and Kochenderfer, Mykel J},
booktitle={International conference on computer aided verification},
pages={97--117},
year={2017},
organization={Springer}
}
@inproceedings{katz2019marabou,
title={The marabou framework for verification and analysis of deep neural networks},
author={Katz, Guy and Huang, Derek A and Ibeling, Duligur and Julian, Kyle and Lazarus, Christopher and Lim, Rachel and Shah, Parth and Thakoor, Shantanu and Wu, Haoze and Zelji{\'c}, Aleksandar and others},
booktitle={International Conference on Computer Aided Verification},
pages={443--452},
year={2019},
organization={Springer}
}
@article{anderson2020strong,
title={Strong mixed-integer programming formulations for trained neural networks},
author={Anderson, Ross and Huchette, Joey and Ma, Will and Tjandraatmadja, Christian and Vielma, Juan Pablo},
journal={Mathematical Programming},
volume={183},
number={1},
pages={3--39},
year={2020},
publisher={Springer}
}
@inproceedings{botoeva2020efficient,
title={Efficient verification of relu-based neural networks via dependency analysis},
author={Botoeva, Elena and Kouvaros, Panagiotis and Kronqvist, Jan and Lomuscio, Alessio and Misener, Ruth},
booktitle={Proceedings of the AAAI Conference on Artificial Intelligence},
volume={34},
number={04},
pages={3291--3299},
year={2020}
}
@article{bunel2020branch,
title={Branch and bound for piecewise linear neural network verification},
author={Bunel, Rudy and Mudigonda, P and Turkaslan, Ilker and Torr, P and Lu, Jingyue and Kohli, Pushmeet},
journal={Journal of Machine Learning Research},
volume={21},
number={2020},
year={2020},
publisher={Journal of Machine Learning Research}
}
@article{lu2019neural,
title={Neural network branching for neural network verification},
author={Lu, Jingyue and Kumar, M Pawan},
journal={arXiv preprint arXiv:1912.01329},
year={2019}
}
@inproceedings{de2021scaling,
title={Scaling the convex barrier with active sets},
author={De Palma, Alessandro and Behl, Harkirat Singh and Bunel, Rudy and Torr, Philip and Kumar, M Pawan},
booktitle={Proceedings of the ICLR 2021 Conference},
year={2021},
organization={Open Review}
}
@article{tjeng2017evaluating,
title={Evaluating robustness of neural networks with mixed integer programming},
author={Tjeng, Vincent and Xiao, Kai and Tedrake, Russ},
journal={arXiv preprint arXiv:1711.07356},
year={2017}
}
@article{wang2021beta,
title={Beta-crown: Efficient bound propagation with per-neuron split constraints for complete and incomplete neural network verification},
author={Wang, Shiqi and Zhang, Huan and Xu, Kaidi and Lin, Xue and Jana, Suman and Hsieh, Cho-Jui and Kolter, J Zico},
journal={arXiv preprint arXiv:2103.06624},
year={2021}
}
@article{xu2020fast,
title={Fast and complete: Enabling complete neural network verification with rapid and massively parallel incomplete verifiers},
author={Xu, Kaidi and Zhang, Huan and Wang, Shiqi and Wang, Yihan and Jana, Suman and Lin, Xue and Hsieh, Cho-Jui},
journal={arXiv preprint arXiv:2011.13824},
year={2020}
}
@inproceedings{gowal2019scalable,
title={Scalable verified training for provably robust image classification},
author={Gowal, Sven and Dvijotham, Krishnamurthy Dj and Stanforth, Robert and Bunel, Rudy and Qin, Chongli and Uesato, Jonathan and Arandjelovic, Relja and Mann, Timothy and Kohli, Pushmeet},
booktitle={Proceedings of the IEEE/CVF International Conference on Computer Vision},
pages={4842--4851},
year={2019}
}
@inproceedings{mirman2018differentiable,
title={Differentiable abstract interpretation for provably robust neural networks},
author={Mirman, Matthew and Gehr, Timon and Vechev, Martin},
booktitle={International Conference on Machine Learning},
pages={3578--3586},
year={2018},
organization={PMLR}
}
@article{muller2020neural,
title={Neural network robustness verification on gpus},
author={M{\"u}ller, Christoph and Singh, Gagandeep and P{\"u}schel, Markus and Vechev, Martin T},
journal={CoRR, abs/2007.10868},
year={2020}
}
@inproceedings{weng2018towards,
title={Towards fast computation of certified robustness for relu networks},
author={Weng, Lily and Zhang, Huan and Chen, Hongge and Song, Zhao and Hsieh, Cho-Jui and Daniel, Luca and Boning, Duane and Dhillon, Inderjit},
booktitle={International Conference on Machine Learning},
pages={5276--5285},
year={2018},
organization={PMLR}
}
@article{zhang2018efficient,
title={Efficient neural network robustness certification with general activation functions},
author={Zhang, Huan and Weng, Tsui-Wei and Chen, Pin-Yu and Hsieh, Cho-Jui and Daniel, Luca},
journal={Advances in neural information processing systems},
volume={31},
year={2018}
}
@article{bunel2020efficient,
title={An efficient nonconvex reformulation of stagewise convex optimization problems},
author={Bunel, Rudy R and Hinder, Oliver and Bhojanapalli, Srinadh and Dvijotham, Krishnamurthy},
journal={Advances in Neural Information Processing Systems},
volume={33},
pages={8247--8258},
year={2020}
}
@article{dathathri2020enabling,
title={Enabling certification of verification-agnostic networks via memory-efficient semidefinite programming},
author={Dathathri, Sumanth and Dvijotham, Krishnamurthy and Kurakin, Alexey and Raghunathan, Aditi and Uesato, Jonathan and Bunel, Rudy R and Shankar, Shreya and Steinhardt, Jacob and Goodfellow, Ian and Liang, Percy S and others},
journal={Advances in Neural Information Processing Systems},
volume={33},
pages={5318--5331},
year={2020}
}
@inproceedings{lyu2020fastened,
title={Fastened crown: Tightened neural network robustness certificates},
author={Lyu, Zhaoyang and Ko, Ching-Yun and Kong, Zhifeng and Wong, Ngai and Lin, Dahua and Daniel, Luca},
booktitle={Proceedings of the AAAI Conference on Artificial Intelligence},
volume={34},
number={04},
pages={5037--5044},
year={2020}
}
@article{raghunathan2018semidefinite,
title={Semidefinite relaxations for certifying robustness to adversarial examples},
author={Raghunathan, Aditi and Steinhardt, Jacob and Liang, Percy S},
journal={Advances in Neural Information Processing Systems},
volume={31},
year={2018}
}
@article{tjandraatmadja2020convex,
title={The convex relaxation barrier, revisited: Tightened single-neuron relaxations for neural network verification},
author={Tjandraatmadja, Christian and Anderson, Ross and Huchette, Joey and Ma, Will and PATEL, KRUNAL KISHOR and Vielma, Juan Pablo},
journal={Advances in Neural Information Processing Systems},
volume={33},
pages={21675--21686},
year={2020}
}
@article{xiang2018output,
title={Output reachable set estimation and verification for multilayer neural networks},
author={Xiang, Weiming and Tran, Hoang-Dung and Johnson, Taylor T},
journal={IEEE transactions on neural networks and learning systems},
volume={29},
number={11},
pages={5777--5783},
year={2018},
publisher={IEEE}
}
@inproceedings{cohen2019certified,
title={Certified adversarial robustness via randomized smoothing},
author={Cohen, Jeremy and Rosenfeld, Elan and Kolter, Zico},
booktitle={International Conference on Machine Learning},
pages={1310--1320},
year={2019},
organization={PMLR}
}
@inproceedings{lecuyer2019certified,
title={Certified robustness to adversarial examples with differential privacy},
author={Lecuyer, Mathias and Atlidakis, Vaggelis and Geambasu, Roxana and Hsu, Daniel and Jana, Suman},
booktitle={2019 IEEE Symposium on Security and Privacy (SP)},
pages={656--672},
year={2019},
organization={IEEE}
}
@article{salman2019provably,
title={Provably robust deep learning via adversarially trained smoothed classifiers},
author={Salman, Hadi and Li, Jerry and Razenshteyn, Ilya and Zhang, Pengchuan and Zhang, Huan and Bubeck, Sebastien and Yang, Greg},
journal={Advances in Neural Information Processing Systems},
volume={32},
year={2019}
}
@inproceedings{pulina2010abstraction,
title={An abstraction-refinement approach to verification of artificial neural networks},
author={Pulina, Luca and Tacchella, Armando},
booktitle={International Conference on Computer Aided Verification},
pages={243--257},
year={2010},
organization={Springer}
}
@inproceedings{cheng2017maximum,
title={Maximum resilience of artificial neural networks},
author={Cheng, Chih-Hong and N{\"u}hrenberg, Georg and Ruess, Harald},
booktitle={International Symposium on Automated Technology for Verification and Analysis},
pages={251--268},
year={2017},
organization={Springer}
}
@article{fischetti2018deep,
title={Deep neural networks and mixed integer linear optimization},
author={Fischetti, Matteo and Jo, Jason},
journal={Constraints},
volume={23},
number={3},
pages={296--309},
year={2018},
publisher={Springer}
}
@article{bunel2018unified,
title={A unified view of piecewise linear neural network verification},
author={Bunel, Rudy R and Turkaslan, Ilker and Torr, Philip and Kohli, Pushmeet and Mudigonda, Pawan K},
journal={Advances in Neural Information Processing Systems},
volume={31},
year={2018}
}
@inproceedings{dutta2018output,
title={Output range analysis for deep feedforward neural networks},
author={Dutta, Souradeep and Jha, Susmit and Sankaranarayanan, Sriram and Tiwari, Ashish},
booktitle={NASA Formal Methods Symposium},
pages={121--138},
year={2018},
organization={Springer}
}
@article{ruan2018reachability,
title={Reachability analysis of deep neural networks with provable guarantees},
author={Ruan, Wenjie and Huang, Xiaowei and Kwiatkowska, Marta},
journal={arXiv preprint arXiv:1805.02242},
year={2018}
}
@inproceedings{li2019analyzing,
title={Analyzing deep neural networks with symbolic propagation: Towards higher precision and faster verification},
author={Li, Jianlin and Liu, Jiangchao and Yang, Pengfei and Chen, Liqian and Huang, Xiaowei and Zhang, Lijun},
booktitle={International Static Analysis Symposium},
pages={296--319},
year={2019},
organization={Springer}
}
@inproceedings{ko2019popqorn,
title={POPQORN: Quantifying robustness of recurrent neural networks},
author={Ko, Ching-Yun and Lyu, Zhaoyang and Weng, Lily and Daniel, Luca and Wong, Ngai and Lin, Dahua},
booktitle={International Conference on Machine Learning},
pages={3468--3477},
year={2019},
organization={PMLR}
}
@incollection{zhang2020verification,
title={Verification of recurrent neural networks for cognitive tasks via reachability analysis},
author={Zhang, Hongce and Shinn, Maxwell and Gupta, Aarti and Gurfinkel, Arie and Le, Nham and Narodytska, Nina},
booktitle={ECAI 2020},
pages={1690--1697},
year={2020},
publisher={IOS Press}
}
@inproceedings{gehr2018ai2,
title={Ai2: Safety and robustness certification of neural networks with abstract interpretation},
author={Gehr, Timon and Mirman, Matthew and Drachsler-Cohen, Dana and Tsankov, Petar and Chaudhuri, Swarat and Vechev, Martin},
booktitle={2018 IEEE Symposium on Security and Privacy (SP)},
pages={3--18},
year={2018},
organization={IEEE}
}
@article{urban2020perfectly,
title={Perfectly parallel fairness certification of neural networks},
author={Urban, Caterina and Christakis, Maria and W{\"u}stholz, Valentin and Zhang, Fuyuan},
journal={Proceedings of the ACM on Programming Languages},
volume={4},
number={OOPSLA},
pages={1--30},
year={2020},
publisher={ACM New York, NY, USA}
}
@inproceedings{wong2018provable,
title={Provable defenses against adversarial examples via the convex outer adversarial polytope},
author={Wong, Eric and Kolter, Zico},
booktitle={International Conference on Machine Learning},
pages={5286--5295},
year={2018},
organization={PMLR}
}
@inproceedings{dvijotham2018dual,
title={A Dual Approach to Scalable Verification of Deep Networks.},
author={Dvijotham, Krishnamurthy and Stanforth, Robert and Gowal, Sven and Mann, Timothy A and Kohli, Pushmeet},
booktitle={UAI},
volume={1},
number={2},
pages={3},
year={2018}
}
@article{raghunathan2018certified,
title={Certified defenses against adversarial examples},
author={Raghunathan, Aditi and Steinhardt, Jacob and Liang, Percy},
journal={arXiv preprint arXiv:1801.09344},
year={2018}
}
@article{GELU,
title={Gaussian error linear units (gelus)},
author={Hendrycks, Dan and Gimpel, Kevin},
journal={arXiv preprint arXiv:1606.08415},
year={2016}
}
@article{ELU,
title={Fast and accurate deep network learning by exponential linear units (elus)},
author={Clevert, Djork-Arn{\'e} and Unterthiner, Thomas and Hochreiter, Sepp},
journal={arXiv preprint arXiv:1511.07289},
year={2015}
}
@inproceedings{LXMERT,
title = "{LXMERT}: Learning Cross-Modality Encoder Representations from Transformers",
author = "Tan, Hao and
Bansal, Mohit",
booktitle = "Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP)",
month = nov,
year = "2019",
address = "Hong Kong, China",
publisher = "Association for Computational Linguistics",
url = "https://aclanthology.org/D19-1514",
doi = "10.18653/v1/D19-1514",
pages = "5100--5111",
abstract = "Vision-and-language reasoning requires an understanding of visual concepts, language semantics, and, most importantly, the alignment and relationships between these two modalities. We thus propose the LXMERT (Learning Cross-Modality Encoder Representations from Transformers) framework to learn these vision-and-language connections. In LXMERT, we build a large-scale Transformer model that consists of three encoders: an object relationship encoder, a language encoder, and a cross-modality encoder. Next, to endow our model with the capability of connecting vision and language semantics, we pre-train the model with large amounts of image-and-sentence pairs, via five diverse representative pre-training tasks: masked language modeling, masked object prediction (feature regression and label classification), cross-modality matching, and image question answering. These tasks help in learning both intra-modality and cross-modality relationships. After fine-tuning from our pre-trained parameters, our model achieves the state-of-the-art results on two visual question answering datasets (i.e., VQA and GQA). We also show the generalizability of our pre-trained cross-modality model by adapting it to a challenging visual-reasoning task, NLVR2, and improve the previous best result by 22{\%} absolute (54{\%} to 76{\%}). Lastly, we demonstrate detailed ablation studies to prove that both our novel model components and pre-training strategies significantly contribute to our strong results. Code and pre-trained models publicly available at: https://github.com/airsplay/lxmert",
}
@article{szegedy2013intriguing,
title={Intriguing properties of neural networks},
author={Szegedy, Christian and Zaremba, Wojciech and Sutskever, Ilya and Bruna, Joan and Erhan, Dumitru and Goodfellow, Ian and Fergus, Rob},
journal={arXiv preprint arXiv:1312.6199},
year={2013}
}
@article{goodfellow2014explaining,
title={Explaining and harnessing adversarial examples},
author={Goodfellow, Ian J and Shlens, Jonathon and Szegedy, Christian},
journal={arXiv preprint arXiv:1412.6572},
year={2014}
}
@misc{kurakin2016adversarial,
title={Adversarial examples in the physical world},
author={Kurakin, Alexey and Goodfellow, Ian and Bengio, Samy and others},
year={2016}
}
@inproceedings{carlini2017towards,
title={Towards evaluating the robustness of neural networks},
author={Carlini, Nicholas and Wagner, David},
booktitle={2017 ieee symposium on security and privacy (sp)},
pages={39--57},
year={2017},
organization={IEEE}
}
@inproceedings{athalye2018synthesizing,
title={Synthesizing robust adversarial examples},
author={Athalye, Anish and Engstrom, Logan and Ilyas, Andrew and Kwok, Kevin},
booktitle={International conference on machine learning},
pages={284--293},
year={2018},
organization={PMLR}
}
@inproceedings{eykholt2018robust,
title={Robust physical-world attacks on deep learning visual classification},
author={Eykholt, Kevin and Evtimov, Ivan and Fernandes, Earlence and Li, Bo and Rahmati, Amir and Xiao, Chaowei and Prakash, Atul and Kohno, Tadayoshi and Song, Dawn},
booktitle={Proceedings of the IEEE conference on computer vision and pattern recognition},
pages={1625--1634},
year={2018}
}
@inproceedings{papernot2017practical,
title={Practical black-box attacks against machine learning},
author={Papernot, Nicolas and McDaniel, Patrick and Goodfellow, Ian and Jha, Somesh and Celik, Z Berkay and Swami, Ananthram},
booktitle={Proceedings of the 2017 ACM on Asia conference on computer and communications security},
pages={506--519},
year={2017}
}
@article{papernot2016transferability,
title={Transferability in machine learning: from phenomena to black-box attacks using adversarial samples},
author={Papernot, Nicolas and McDaniel, Patrick and Goodfellow, Ian},
journal={arXiv preprint arXiv:1605.07277},
year={2016}
}
@article{madry2017towards,
title={Towards deep learning models resistant to adversarial attacks},
author={Madry, Aleksander and Makelov, Aleksandar and Schmidt, Ludwig and Tsipras, Dimitris and Vladu, Adrian},
journal={arXiv preprint arXiv:1706.06083},
year={2017}
}