| Towards evaluating the robustness of neural networks N Carlini, D Wagner 2017 IEEE Symposium on Security and Privacy (SP), 39-57, 2017 | 10619 | 2017 |
| FixMatch: Simplifying Semi-Supervised Learning with Consistency and Confidence K Sohn, D Berthelot, CL Li, Z Zhang, N Carlini, ED Cubuk, A Kurakin, ... arXiv preprint arXiv:2001.07685, 2020 | 4130 | 2020 |
| Mixmatch: A holistic approach to semi-supervised learning D Berthelot, N Carlini, I Goodfellow, N Papernot, A Oliver, CA Raffel Advances in Neural Information Processing Systems, 5050-5060, 2019 | 3904 | 2019 |
| Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples A Athalye, N Carlini, D Wagner ICML 2018, 2018 | 3717 | 2018 |
| Adversarial examples are not easily detected: Bypassing ten detection methods N Carlini, D Wagner Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security …, 2017 | 2130 | 2017 |
| Extracting training data from large language models N Carlini, F Tramer, E Wallace, M Jagielski, A Herbert-Voss, K Lee, ... 30th USENIX Security Symposium (USENIX Security 21), 2633-2650, 2021 | 1942 | 2021 |
| The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks N Carlini, C Liu, J Kos, Ú Erlingsson, D Song | 1504* | 2019 |
| Audio adversarial examples: Targeted attacks on speech-to-text N Carlini, D Wagner 2018 IEEE Security and Privacy Workshops (SPW), 1-7, 2018 | 1386 | 2018 |
| ReMixMatch: Semi-Supervised Learning with Distribution Alignment and Augmentation Anchoring D Berthelot, N Carlini, ED Cubuk, A Kurakin, K Sohn, H Zhang, C Raffel arXiv preprint arXiv:1911.09785, 2019 | 1317 | 2019 |
| Universal and transferable adversarial attacks on aligned language models A Zou, Z Wang, N Carlini, M Nasr, JZ Kolter, M Fredrikson arXiv preprint arXiv:2307.15043, 2023 | 1070 | 2023 |
| On Evaluating Adversarial Robustness N Carlini, A Athalye, N Papernot, W Brendel, J Rauber, D Tsipras, ... arXiv preprint arXiv:1902.06705, 2019 | 1058 | 2019 |
| On adaptive attacks to adversarial example defenses F Tramer, N Carlini, W Brendel, A Madry Advances in Neural Information Processing Systems 33, 1633-1645, 2020 | 951 | 2020 |
| Hidden Voice Commands. N Carlini, P Mishra, T Vaidya, Y Zhang, M Sherr, C Shields, D Wagner, ... USENIX Security Symposium, 513-530, 2016 | 812 | 2016 |
| cleverhans v2. 0.0: an adversarial machine learning library N Papernot, N Carlini, I Goodfellow, R Feinman, F Faghri, A Matyasko, ... arXiv preprint arXiv:1610.00768, 2016 | 769* | 2016 |
| Membership inference attacks from first principles N Carlini, S Chien, M Nasr, S Song, A Terzis, F Tramer 2022 IEEE Symposium on Security and Privacy (SP), 1897-1914, 2022 | 714 | 2022 |
| Quantifying memorization across neural language models N Carlini, D Ippolito, M Jagielski, K Lee, F Tramer, C Zhang arXiv preprint arXiv:2202.07646, 2022 | 696 | 2022 |
| Measuring Robustness to Natural Distribution Shifts in Image Classification R Taori, A Dave, V Shankar, N Carlini, B Recht, L Schmidt arXiv preprint arXiv:2007.00644, 2020 | 623 | 2020 |
| Extracting Training Data from Diffusion Models N Carlini, J Hayes, M Nasr, M Jagielski, V Sehwag, F Tramèr, B Balle, ... arXiv preprint arXiv:2301.13188, 2023 | 603 | 2023 |
| Control-flow bending: On the effectiveness of control-flow integrity N Carlini, A Barresi, M Payer, D Wagner, TR Gross 24th {USENIX} Security Symposium ({USENIX} Security 15), 161-176, 2015 | 600 | 2015 |
| Deduplicating Training Data Makes Language Models Better K Lee, D Ippolito, A Nystrom, C Zhang, D Eck, C Callison-Burch, N Carlini arXiv preprint arXiv:2107.06499, 2021 | 588 | 2021 |
Florian TramèrAssistant Professor of Computer Science, ETH Zurich確認したメール アドレス: inf.ethz.ch