evaluating-adversarial-robustness/adv-eval-paper

Issues

• How frequently to update the arXiv submission?

  #8 opened 6 years ago by anishathalye
  2

• Do not report evaluation metrics from a single run

  #30 opened 4 years ago by yrahul3910
  0

• Amending papers after attack

  #26 opened 4 years ago by ftramer
  7

• Recommend evaluating over just 100-1000 examples

  #28 opened 4 years ago by carlini
  0

• Don't recommend transfer attacks (controversial)

  #27 opened 4 years ago by carlini
  1

• Decomposing improvements in accuracy

  #24 opened 5 years ago by yaoshiang
  1

• Impact and remaining misconceptions

  #22 opened 5 years ago by ftramer
  5

• Clarify white/grey/black-box is orthogonal to adaptive

  #23 opened 5 years ago by carlini
  1

• Studying robustness wrt. other attacks, distal adversarial examples, details of success rate computation, evaluation of detection methods

  #15 opened 6 years ago by davidstutz
  1

• Do not use number of iterations of attack required as a measure of robustness

  #18 opened 6 years ago by anishathalye
  2

• Emphasize Random Restarts in Evaluation

  #19 opened 6 years ago by hendrycks
  1

• road signs threat model

  #4 opened 6 years ago by earlenceferns
  12

• Don't optimize one thing but measure another

  #17 opened 6 years ago by anishathalye
  0

• References missing in PDF on GitHub

  #6 opened 6 years ago by jonasrauber
  4

• Examples of or recommendations for good adaptive evaluations

  #11 opened 6 years ago by ftramer
  7

• Misclassification as malware is fun

  #12 opened 6 years ago by adamshostack
  2

• Third property of secrets

  #2 opened 6 years ago by dxoigmn
  6