| Square attack: a query-efficient black-box adversarial attack via random search M Andriushchenko, F Croce, N Flammarion, M Hein ECCV 2020, 2020 | 665 | 2020 |
| Formal guarantees on the robustness of a classifier against adversarial manipulation M Hein, M Andriushchenko NeurIPS 2017, 2017 | 520 | 2017 |
| Why ReLU networks yield high-confidence predictions far away from the training data and how to mitigate the problem M Hein, M Andriushchenko, J Bitterwolf CVPR 2019 (oral), 2019 | 454 | 2019 |
| RobustBench: a standardized adversarial robustness benchmark F Croce*, M Andriushchenko*, V Sehwag*, E Debenedetti*, N Flammarion, ... NeurIPS 2021 Datasets and Benchmarks Track, Best Paper Honorable Mention …, 2021 | 359 | 2021 |
| On the Stability of Fine-tuning BERT: Misconceptions, Explanations, and Strong Baselines M Mosbach, M Andriushchenko, D Klakow ICLR 2021, 2021 | 285 | 2021 |
| Understanding and Improving Fast Adversarial Training M Andriushchenko, N Flammarion NeurIPS 2020, 2020 | 212 | 2020 |
| Provable Robustness of ReLU Networks via Maximization of Linear Regions F Croce*, M Andriushchenko*, M Hein AISTATS 2019, 2019 | 170 | 2019 |
| On the effectiveness of adversarial training against common corruptions K Kireev*, M Andriushchenko*, N Flammarion UAI 2022, 2021 | 70 | 2021 |
| Logit Pairing Methods Can Fool Gradient-Based Attacks M Mosbach*, M Andriushchenko*, T Trost, M Hein, D Klakow NeurIPS 2018 Workshop on Security in Machine Learning, 2018 | 65 | 2018 |
| Provably Robust Boosted Decision Stumps and Trees against Adversarial Attacks M Andriushchenko, M Hein NeurIPS 2019, 2019 | 60 | 2019 |
| Towards Understanding Sharpness-Aware Minimization M Andriushchenko, N Flammarion ICML 2022, 2022 | 59 | 2022 |
| Sparse-RS: a versatile framework for query-efficient sparse black-box adversarial attacks F Croce, M Andriushchenko, ND Singh, N Flammarion, M Hein AAAI 2022, 2022 | 57 | 2022 |
| SGD with Large Step Sizes Learns Sparse Features M Andriushchenko, A Varre, L Pillaud-Vivien, N Flammarion ICML 2023, 2022 | 15 | 2022 |
| A Modern Look at the Relationship between Sharpness and Generalization M Andriushchenko, F Croce, M Müller, M Hein, N Flammarion ICML 2023, 2023 | 5 | 2023 |
| #ScienceForUkraine: an Initiative to Support the Ukrainian Academic Community. “3 Months Since Russia’s Invasion in Ukraine”, February 26 – May 31, 2022 M Rose, S Reinsone, M Andriushchenko, M Bartosiak, A Bobak, L Drury, ... Available at SSRN: https://ssrn.com/abstract=4139263, 2022 | 4 | 2022 |
| Sharpness-Aware Minimization Leads to Low-Rank Features M Andriushchenko, D Bahri, H Mobahi, N Flammarion NeurIPS 2023, 2023 | 1 | 2023 |
| Adversarially robust visual fingerprinting and image provenance models M Andriushchenko, J Collomosse, X Li, G Oxholm US Patent App. 17/573,041, 2023 | | 2023 |
| Transferable Adversarial Robustness for Categorical Data via Universal Robust Embeddings K Kireev, M Andriushchenko, C Troncoso, N Flammarion NeurIPS 2023, 2023 | | 2023 |
| ARIA: Adversarially Robust Image Attribution for Content Provenance M Andriushchenko, XR Li, G Oxholm, T Gittings, T Bui, N Flammarion, ... CVPR 2022 Workshop on Media Forensics, 2022 | | 2022 |
| Beacon-aug: A cross-library image augmentation toolbox XR Li, Y Hold-Geoffroy, G Oxholm, KK Singh, Z Zhang, R Zhang, ... https://github.com/adobe-research/beacon-aug, 2021 | | 2021 |
Matthias HeinProfessor of Computer Science, University of TübingenVerified email at uni-tuebingen.de
