skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


  • Home
  • Search Results
  • Page 1 of 2

Search for: All records

Award ID contains: 1804603

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. ; ; (, Transactions on machine learning research)
    Free, publicly-accessible full text available December 27, 2025
  2. ; ; ; ; ; (, IEEE)
    Full Text Available 
  3. ; ; ; ; ; (, IEEE)
    Full Text Available 
  4. ; ; ; (, Curran Associates, Inc.)
    Accepted Manuscript Full Text Available
  5. ; ; ; (, Advances in neural information processing systems)
    We study indiscriminate poisoning for linear learners where an adversary injects a few crafted examples into the training data with the goal of forcing the induced model to incur higher test error. Inspired by the observation that linear learners on some datasets are able to resist the best known attacks even without any defenses, we further investigate whether datasets can be inherently robust to indiscriminate poisoning attacks for linear learners. For theoretical Gaussian distributions, we rigorously characterize the behavior of an optimal poisoning attack, defined as the poisoning strategy that attains the maximum risk of the induced model at a given poisoning budget. Our results prove that linear learners can indeed be robust to indiscriminate poisoning if the class-wise data distributions are well-separated with low variance and the size of the constraint set containing all permissible poisoning points is also small. These findings largely explain the drastic variation in empirical attack performance of the state-of-the-art poisoning attacks on linear learners across benchmark datasets, making an important initial step towards understanding the underlying reasons some learning tasks are vulnerable to data poisoning attacks. 
    more » « less
    Accepted Manuscript Full Text Available
  6. ; ; ; ; (, IEEE Conference on Computer Vision and Pattern Recognition)
    Full Text Available 
  7. ; ; ; ; ; ; ; (, Proceedings IEEE Symposium on Security and Privacy)
    Full Text Available 
  8. ; ; ; (, IEEE Conference on Secure and Trustworthy Machine Learning (SaTML))
    Full Text Available 
  9. ; (, International Conference on Learning Representations (ICLR))
    A fundamental question in adversarial machine learning is whether a robust classifier exists for a given task. A line of research has made some progress towards this goal by studying the concentration of measure, but we argue standard concentration fails to fully characterize the intrinsic robustness of a classification problem since it ignores data labels which are essential to any classification task. Building on a novel definition of label uncertainty, we empirically demonstrate that error regions induced by state-of-the-art models tend to have much higher label uncertainty than randomly-selected subsets. This observation motivates us to adapt a concentration estimation algorithm to account for label uncertainty, resulting in more accurate intrinsic robustness measures for benchmark image classification problems. 
    more » « less
    Accepted Manuscript Full Text Available
  10. ; ; ; (, IEEE Transactions on Information Forensics and Security)
    Full Text Available