Data-driven network intrusion detection (NID) has a tendency towards minority attack
classes compared to normal traffic. Many datasets are collected in simulated environments …

We introduce four new real-world distribution shift datasets consisting of changes in image
style, image blurriness, geographic location, camera operation, and more. With our new …

Recent work on automated augmentation strategies has led to state-of-the-art results in
image classification and object detection. An obstacle to a large-scale adoption of these …

Test-time domain adaptation aims to adapt a source pre-trained model to a target domain
without using any source data. Existing works mainly consider the case where the target …

Machine learning (ML) systems often exhibit unexpectedly poor behavior when they are
deployed in real-world domains. We identify underspecification in ML pipelines as a key …

Modern deep neural networks can achieve high accuracy when the training distribution and
test distribution are identically distributed, but this assumption is frequently violated in …

Abstract We propose the Square Attack, a score-based black-box l_2 l 2-and l_ ∞ l∞-
adversarial attack that does not rely on local gradient information and thus is not affected by …

We introduce two challenging datasets that reliably cause machine learning model
performance to substantially degrade. The datasets are collected with a simple adversarial …

We study how robust current ImageNet models are to distribution shifts arising from natural
variations in datasets. Most research on robustness focuses on synthetic image …

Recent studies show that transformer has strong capability of building long-range
dependencies, yet is incompetent in capturing high frequencies that predominantly convey …