Update index.html

index.html

@@ -3,10 +3,11 @@
 <head>
   <meta charset="utf-8">
   <meta name="description"
-        content="Demo Page of BEYOND ICML 2024.">
-  <meta name="keywords" content="BEYOND, Adversarial Examples, Adversarial Detection">
+        content="Demo Page of GREAT Score  Neurips 2024.">
+  <meta name="keywords" content="GREAT Score, Adversarial robustness, Generative models">
   <meta name="viewport" content="width=device-width, initial-scale=1">
-  <title>Be Your Own Neighborhood: Detecting Adversarial Examples by the Neighborhood Relations Built on Self-Supervised Learning</title>
+  <title>GREAT Score: Global Robustness Evaluation of
+    Adversarial Perturbation using Generative Models</title>
 
   <link href="https://fonts.googleapis.com/css?family=Google+Sans|Noto+Sans|Castoro"
         rel="stylesheet">
@@ -84,22 +85,16 @@
           <h1 class="title is-1 publication-title">Be Your Own Neighborhood: Detecting Adversarial Examples by the Neighborhood Relations Built on Self-Supervised Learning</h1>
           <div class="is-size-5 publication-authors">
             <span class="author-block">
-              <a href="#" target="_blank">Zhiyuan He</a><sup>1*</sup>,</span>
-            <span class="author-block">
-              <a href="https://yangyijune.github.io/" target="_blank">Yijun Yang</a><sup>1*</sup>,</span>
+              <a href="#" target="_blank">ZAITANG LI</a><sup>1</sup>,</span>
             <span class="author-block">
               <a href="https://sites.google.com/site/pinyuchenpage/home" target="_blank">Pin-Yu Chen</a><sup>2</sup>,
             </span>
-            <span class="author-block">
-              <a href="https://cure-lab.github.io/" target="_blank">Qiang Xu</a><sup>1</sup>,
-            </span>
             <span class="author-block">
               <a href="https://tsungyiho.github.io/" target="_blank">Tsung-Yi Ho</a><sup>1</sup>,
             </span>
           </div>
 
           <div class="is-size-5 publication-authors">
-            <span class="author-block"><sup>*</sup>Equal contribution,</span>
             <span class="author-block"><sup>1</sup>The Chinese University of Hong Kong,</span>
             <span class="author-block"><sup>2</sup>IBM Research</span>
           </div>
@@ -108,7 +103,7 @@
             <div class="publication-links">
               <!-- PDF Link. -->
               <span class="link-block">
-                <a href="https://arxiv.org/abs/2209.00005" target="_blank"
+                <a href="https://arxiv.org/abs/2304.09875" target="_blank"
                    class="external-link button is-normal is-rounded is-dark">
                   <span class="icon">
                       <i class="fas fa-file-pdf"></i>
@@ -117,7 +112,7 @@
                 </a>
               </span>
               <span class="link-block">
-                <a href="https://arxiv.org/abs/2209.00005" target="_blank"
+                <a href="https://arxiv.org/abs/2304.09875" target="_blank"
                    class="external-link button is-normal is-rounded is-dark">
                   <span class="icon">
                       <i class="ai ai-arxiv"></i>
@@ -180,19 +175,14 @@
         <h2 class="title is-3">Abstract</h2>
         <div class="content has-text-justified">
           <p>
-            Deep Neural Networks (DNNs) have achieved excellent performance in various fields. However, DNNs’ vulnerability to 
-            Adversarial Examples (AE) hinders their deployments to safety-critical applications. In this paper, we present <strong>BEYOND</strong>, 
-            an innovative AE detection frameworkdesigned for reliable predictions. BEYOND identifies AEs by distinguishing the AE’s 
-            abnormal relation with its augmented versions, i.e. neighbors, from two prospects: representation similarity and label 
-            consistency. An off-the-shelf Self-Supervised Learning (SSL) model is used to extract the representation and predict the 
-            label for its highly informative representation capacity compared to supervised learning models. We found clean samples 
-            maintain a high degree of representation similarity and label consistency relative to their neighbors, in contrast to AEs 
-            which exhibit significant discrepancies. We explain this obser vation and show that leveraging this discrepancy BEYOND can 
-            accurately detect AEs. Additionally, we develop a rigorous justification for the effectiveness of BEYOND. Furthermore, as a 
-            plug-and-play model, BEYOND can easily cooperate with the Adversarial Trained Classifier (ATC), achieving state-of-the-art 
-            (SOTA) robustness accuracy. Experimental results show that BEYOND outperforms baselines by a large margin, especially under 
-            adaptive attacks. Empowered by the robust relationship built on SSL, we found that BEYOND outperforms baselines in terms 
-            of both detection ability and speed.
+            Current studies on adversarial robustness mainly focus on aggregating <i>local</i> robustness results from a set of data samples to evaluate and rank different models. However, the local statistics may not well represent the true <i>global</i> robustness of the underlying unknown data distribution. To address this challenge, this paper makes the first attempt to present a new framework, called <strong>GREAT Score</strong>, for global robustness evaluation of adversarial perturbation using generative models. Formally, GREAT Score carries the physical meaning of a global statistic capturing a mean certified attack-proof perturbation level over all samples drawn from a generative model. For finite-sample evaluation, we also derive a probabilistic guarantee on the sample complexity and the difference between the sample mean and the true mean. GREAT Score has several advantages: (1) Robustness evaluations using GREAT Score are efficient and scalable to large models, by sparing the need of running adversarial attacks. In particular, we show high correlation and significantly reduced computation cost of GREAT Score when compared to the attack-based model ranking on RobustBench<sup>1</sup>. (2) The use of generative models facilitates the approximation of the unknown data distribution. In our ablation study with different generative adversarial networks (GANs), we observe consistency between global robustness evaluation and the quality of GANs. (3) GREAT Score can be used for remote auditing of privacy-sensitive black-box models, as demonstrated by our robustness evaluation on several online facial recognition services.
+          </p>
+        </div>
+
+        <!-- References -->
+        <div class="content">
+          <p>
+            <sup>1</sup> Croce, F., Andriushchenko, M., Sehwag, V., Debenedetti, E., Flammarion, N., Chiang, M., Mittal, P., & Hein, M. (2021). RobustBench: a standardized adversarial robustness benchmark. In <i>Thirty-fifth Conference on Neural Information Processing Systems Datasets and Benchmarks Track (Round 2)</i>. <a href="https://openreview.net/forum?id=SSKZPJCt7B" target="_blank">https://openreview.net/forum?id=SSKZPJCt7B</a>
           </p>
         </div>
       </div>
@@ -492,10 +482,10 @@
 <section class="section" id="BibTeX">
   <div class="container is-max-desktop content">
     <h2 class="title">BibTeX</h2>
-    <pre><code>@article{he2024beyond,
-  author    = {Zhiyuan, He and Yijun, Yang and Pin-Yu, Chen and Qiang, Xu and Tsung-Yi, Ho},
-  title     = {Be your own neighborhood: Detecting adversarial example by the neighborhood relations built on self-supervised learning},
-  journal   = {ICML},
+    <pre><code>@article{li2024greatscore,
+  title     = {GREAT Score: Global Robustness Evaluation of Adversarial Perturbation using Generative Models},
+  author    = {Zaitang, Li and Pin-Yu, Chen and Tsung-Yi, Ho},
+  journal   = {NeurIPS},
   year      = {2024},
 }</code></pre>
   </div>
@@ -535,4 +525,4 @@
 </footer>
 
 </body>
-</html>
+</html>