| Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks F Croce, M Hein ICML 2020, 2020 | 2150 | 2020 |
| Square Attack: a query-efficient black-box adversarial attack via random search M Andriushchenko*, F Croce*, N Flammarion, M Hein ECCV 2020, 2019 | 1181 | 2019 |
| Robustbench: a standardized adversarial robustness benchmark F Croce*, M Andriushchenko*, V Sehwag*, E Debenedetti*, N Flammarion, ... NeurIPS 2021 Datasets and Benchmarks Track, 2020 | 819 | 2020 |
| Minimally distorted Adversarial Examples with a Fast Adaptive Boundary Attack F Croce, M Hein ICML 2020, 2019 | 577 | 2019 |
| Sparse and Imperceivable Adversarial Attacks F Croce, M Hein ICCV 2019, 2019 | 255 | 2019 |
| Provable robustness of ReLU networks via maximization of linear regions F Croce*, M Andriushchenko*, M Hein AISTATS 2019, 2018 | 194 | 2018 |
| Jailbreaking Leading Safety-Aligned LLMs with Simple Adaptive Attacks M Andriushchenko, F Croce, N Flammarion arXiv preprint arXiv:2404.02151, 2024 | 140 | 2024 |
| Jailbreakbench: An open robustness benchmark for jailbreaking large language models P Chao, E Debenedetti, A Robey, M Andriushchenko, F Croce, V Sehwag, ... Advances in Neural Information Processing Systems 37, 55005-55029, 2024 | 131 | 2024 |
| Sparse-RS: a versatile framework for query-efficient sparse black-box adversarial attacks F Croce, M Andriushchenko, ND Singh, N Flammarion, M Hein AAAI 2022, 2020 | 122 | 2020 |
| Provable robustness against all adversarial lp-perturbations for p≥1 F Croce, M Hein ICLR 2020, 2019 | 84 | 2019 |
| Evaluating the Adversarial Robustness of Adaptive Test-time Defenses F Croce*, S Gowal*, T Brunner*, E Shelhamer*, M Hein, T Cemgil ICML 2022, 2022 | 83 | 2022 |
| Diffusion visual counterfactual explanations M Augustin, V Boreiko, F Croce, M Hein Advances in Neural Information Processing Systems 35, 364-377, 2022 | 78 | 2022 |
| Mind the box: -APGD for sparse adversarial attacks on image classifiers F Croce, M Hein ICML 2021, 2021 | 75 | 2021 |
| A modern look at the relationship between sharpness and generalization M Andriushchenko, F Croce, M Müller, M Hein, N Flammarion arXiv preprint arXiv:2302.07011, 2023 | 70 | 2023 |
| Revisiting adversarial training for imagenet: Architectures, training and generalization across threat models ND Singh, F Croce, M Hein Advances in Neural Information Processing Systems 36, 13931-13955, 2023 | 62 | 2023 |
| Robust CLIP: Unsupervised Adversarial Fine-Tuning of Vision Embeddings for Robust Large Vision-Language Models C Schlarmann, ND Singh, F Croce, M Hein arXiv preprint arXiv:2402.12336, 2024 | 40 | 2024 |
| Scaling up the randomized gradient-free adversarial attack reveals overestimation of robustness using established attacks F Croce*, J Rauber*, M Hein International Journal of Computer Vision, 2019 | 38 | 2019 |
| Long Is More for Alignment: A Simple but Tough-to-Beat Baseline for Instruction Fine-Tuning H Zhao, M Andriushchenko, F Croce, N Flammarion arXiv preprint arXiv:2402.04833, 2024 | 36 | 2024 |
| Sparse Visual Counterfactual Explanations in Image Space V Boreiko, M Augustin, F Croce, P Berens, M Hein GCPR 2022, 2022 | 32 | 2022 |
| A randomized gradient-free attack on ReLU networks F Croce, M Hein GCPR 2018, 2018 | 32 | 2018 |
Matthias HeinProfessor of Computer Science, University of TübingenVerified email at uni-tuebingen.de
