This web page contains materials to accompany the NeurIPS 2018 tutorial, “Adversarial Robustness: Theory and Practice”, by Zico Kolter and Aleksander Madry. The notes are in very early draft form, and we will be updating them (organizing material more, writing them in a more consistent form with the relevant citations, etc) for an official release in early 2019. Until then, however, we hope they are still a useful reference that can be used to explore some of the key ideas and methodology behind adversarial robustness, from standpoints of both generating adversarial attacks on classifiers and training classifiers that are inherently robust.
- Chapter 1 – Introduction
- Chapter 2 – Linear models
- Chapter 3 – Adversarial examples: solving the inner maximization
- Chapter 4 – Adversarial training: solving the outer minimization
- Chapter 5 – Beyond adversaries [coming soon]