| Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks F Croce, M Hein ICML 2020, 2020 | 1167 | 2020 |
| Square Attack: a query-efficient black-box adversarial attack via random search M Andriushchenko*, F Croce*, N Flammarion, M Hein ECCV 2020, 2019 | 665 | 2019 |
| Robustbench: a standardized adversarial robustness benchmark F Croce*, M Andriushchenko*, V Sehwag*, E Debenedetti*, N Flammarion, ... NeurIPS 2021 Datasets and Benchmarks Track, 2020 | 359 | 2020 |
| Minimally distorted Adversarial Examples with a Fast Adaptive Boundary Attack F Croce, M Hein ICML 2020, 2019 | 344 | 2019 |
| Provable robustness of ReLU networks via maximization of linear regions F Croce*, M Andriushchenko*, M Hein AISTATS 2019, 2018 | 170 | 2018 |
| Sparse and Imperceivable Adversarial Attacks F Croce, M Hein ICCV 2019, 2019 | 168 | 2019 |
| Provable robustness against all adversarial lp-perturbations for p≥1 F Croce, M Hein ICLR 2020, 2019 | 67* | 2019 |
| Sparse-RS: a versatile framework for query-efficient sparse black-box adversarial attacks F Croce, M Andriushchenko, ND Singh, N Flammarion, M Hein AAAI 2022, 2020 | 57 | 2020 |
| Evaluating the Adversarial Robustness of Adaptive Test-time Defenses F Croce*, S Gowal*, T Brunner*, E Shelhamer*, M Hein, T Cemgil ICML 2022, 2022 | 36 | 2022 |
| Mind the box: -APGD for sparse adversarial attacks on image classifiers F Croce, M Hein ICML 2021, 2021 | 36 | 2021 |
| Scaling up the randomized gradient-free adversarial attack reveals overestimation of robustness using established attacks F Croce*, J Rauber*, M Hein International Journal of Computer Vision, 2019 | 28 | 2019 |
| A randomized gradient-free attack on ReLU networks F Croce, M Hein GCPR 2018, 2018 | 27 | 2018 |
| Diffusion Visual Counterfactual Explanations M Augustin, V Boreiko, F Croce, M Hein arXiv preprint arXiv:2210.11841, 2022 | 15 | 2022 |
| Adversarial Robustness against Multiple and Single -Threat Models via Quick Fine-Tuning of Robust Classifiers F Croce, M Hein ICML 2022, 2022 | 12* | 2022 |
| Sparse Visual Counterfactual Explanations in Image Space V Boreiko, M Augustin, F Croce, P Berens, M Hein GCPR 2022, 2022 | 10 | 2022 |
| Revisiting Adversarial Training for ImageNet: Architectures, Training and Generalization across Threat Models ND Singh, F Croce, M Hein arXiv preprint arXiv:2303.01870, 2023 | 5 | 2023 |
| A modern look at the relationship between sharpness and generalization M Andriushchenko, F Croce, M Müller, M Hein, N Flammarion arXiv preprint arXiv:2302.07011, 2023 | 5 | 2023 |
| On the interplay of adversarial robustness and architecture components: patches, convolution and attention F Croce, M Hein arXiv preprint arXiv:2209.06953, 2022 | 4 | 2022 |
| Seasoning Model Soups for Robustness to Adversarial and Natural Distribution Shifts F Croce, SA Rebuffi, E Shelhamer, S Gowal arXiv preprint arXiv:2302.10164, 2023 | 3 | 2023 |
| Revisiting adapters with adversarial training SA Rebuffi, F Croce, S Gowal arXiv preprint arXiv:2210.04886, 2022 | 1 | 2022 |
Matthias HeinProfessor of Computer Science, University of TübingenVerified email at uni-tuebingen.de
