Secure, Robust and Reliable Machine Learning

In this project we explore new methods and systems which can reason about AI safety, including deep learning. Concretely, we have introduced new approaches and tools for certifying and training robust and interpretable deep neural networks.

Project: safeai.ethz.ch

Safe Artificial Intelligence
Building safe and robust artifical intelligence systems.

Startups

The world's first platform for building and deploying Trustworthy AI.

Publications

2024

From Principle to Practice: Vertical Data Minimization for Machine Learning
Robin Staab, Nikola Jovanović, Mislav Balunović, Martin Vechev
IEEE S&P 2024

Paper
Code
Self-contradictory Hallucinations of Large Language Models: Evaluation, Detection and Mitigation
Niels Mündler, Jingxuan He, Slobodan Jenko, Martin Vechev
ICLR 2024

Paper
Code
Understanding Certified Training with Interval Bound Propagation
Yuhao Mao, Mark Niklas Müller, Marc Fischer, Martin Vechev
ICLR 2024

Paper
Code
Watermark Stealing in Large Language Models
Nikola Jovanović, Robin Staab, Martin Vechev
Workshop on Reliable and Responsible Foundation Models (R2-FM) -- ICLR 2024 Oral

Paper
Code
Hiding in Plain Sight: Disguising Data Stealing Attacks in Federated Learning
Kostadin Garov, Dimitar I. Dimitrov, Nikola Jovanović, Martin Vechev
ICLR 2024

Paper
Expressivity of ReLU-Networks under Convex Relaxations
Maximilian Baader*, Mark Niklas Müller*, Yuhao Mao, Martin Vechev
ICLR 2024 * Equal contribution

Paper
CuTS: Customizable Tabular Synthetic Data Generation
Mark Vero, Mislav Balunović, Martin Vechev
arXiv 2024

Paper

2023

Automated Classification of Model Errors on ImageNet
Momchil Peychev*, Mark Niklas Müller*, Marc Fischer, Martin Vechev
NeurIPS 2023 * Equal contribution

Poster
Slides
Talk
Paper
Code
Connecting Certified and Adversarial Training
Yuhao Mao, Mark Niklas Müller, Marc Fischer, Martin Vechev
NeuIPS 2023

Paper
Code
Large Language Models for Code: Security Hardening and Adversarial Testing
Jingxuan He, Martin Vechev
ACM CCS 2023 Distinguished Paper Award

Slides
Paper
Code
TabLeak: Tabular Data Leakage in Federated Learning
Mark Vero, Mislav Balunović, Dimitar I. Dimitrov, Martin Vechev
ICML 2023

Paper
Code
FARE: Provably Fair Representation Learning with Practical Certificates
Nikola Jovanović, Mislav Balunović, Dimitar I. Dimitrov, Martin Vechev
ICML 2023

Paper
Code
Abstract Interpretation of Fixpoint Iterators with Applications to Neural Networks
Mark Niklas Müller, Marc Fischer, Robin Staab, Martin Vechev
PLDI 2023

Paper
Efficient Certified Training and Robustness Verification of Neural ODEs
Mustafa Zeqiri, Mark Niklas Müller, Marc Fischer, Martin Vechev
ICLR 2023

Paper
Code
Certified Training: Small Boxes are All You Need
Mark Niklas Müller*, Franziska Eckert*, Marc Fischer, Martin Vechev
ICLR 2023 * Equal contribution Spotlight

Slides
Paper
Code
Human-Guided Fair Classification for Natural Language Processing
Florian E. Dorner, Momchil Peychev, Nikola Konstantinov, Naman Goel, Elliott Ash, Martin Vechev
ICLR 2023 Spotlight

Talk
Paper
Code
First Three Years of the International Verification of Neural Networks Competition (VNN-COMP)
Christopher Brix, Mark Niklas Müller, Stanley Bak, Changliu Liu, Taylor T. Johnson
STTT ExPLAIn 2023

Paper

2022

The Third International Verification of Neural Networks Competition (VNN-COMP 2022): Summary and Results
Mark Niklas Müller*, Christopher Brix*, Stanley Bak, Changliu Liu, Taylor T. Johnson
arXiv 2022 * Equal contribution

Paper
(De-)Randomized Smoothing for Decision Stump Ensembles
Miklós Z. Horváth*, Mark Niklas Müller*, Marc Fischer, Martin Vechev
NeurIPS 2022 * Equal contribution

Paper
Code
LAMP: Extracting Text from Gradients with Language Model Priors
Mislav Balunović*, Dimitar I. Dimitrov*, Nikola Jovanović, Martin Vechev
NeurIPS 2022 * Equal contribution

Blog
Paper
Code
Private and Reliable Neural Network Inference
Nikola Jovanović, Marc Fischer, Samuel Steffen, Martin Vechev
ACM CCS 2022

Blog
Slides
Paper
Code
Latent Space Smoothing for Individually Fair Representations
Momchil Peychev, Anian Ruoss, Mislav Balunović, Maximilian Baader, Martin Vechev
ECCV 2022

Poster
Slides
Paper
Code
On the Paradox of Certified Training
Nikola Jovanović*, Mislav Balunović*, Maximilian Baader, Martin Vechev
TMLR 2022 * Equal contribution

Blog
Paper
Code
Data Leakage in Federated Averaging
Dimitar I. Dimitrov, Mislav Balunović, Nikola Konstantinov, Martin Vechev
TMLR 2022

Paper
Code
Shared Certificates for Neural Network Verification
Marc Fischer*, Christian Sprecher*, Dimitar I. Dimitrov, Gagandeep Singh, Martin Vechev
CAV 2022 * Equal contribution

Paper
Code
Robust and Accurate - Compositional Architectures for Randomized Smoothing
Miklós Z. Horváth, Mark Niklas Müller, Marc Fischer, Martin Vechev
SRML@ICLR 2022

Paper
Code
Boosting Randomized Smoothing with Variance Reduced Classifiers
Miklós Z. Horváth, Mark Niklas Müller, Marc Fischer, Martin Vechev
ICLR 2022 Spotlight

Blog
Paper
Code
Complete Verification via Multi-Neuron Relaxation Guided Branch-and-Bound
Claudio Ferrari, Mark Niklas Müller, Nikola Jovanović, Martin Vechev
ICLR 2022

Blog
Paper
Code
Provably Robust Adversarial Examples
Dimitar I. Dimitrov, Gagandeep Singh, Timon Gehr, Martin Vechev
ICLR 2022

Blog
Slides
Paper
Fair Normalizing Flows
Mislav Balunović, Anian Ruoss, Martin Vechev
ICLR 2022

Blog
Paper
Code
Bayesian Framework for Gradient Leakage
Mislav Balunović, Dimitar I. Dimitrov, Robin Staab, Martin Vechev
ICLR 2022

Blog
Paper
Code
PRIMA: General and Precise Neural Network Certification via Scalable Convex Hull Approximations
Mark Niklas Müller*, Gleb Makarchuk*, Gagandeep Singh, Markus Püschel, Martin Vechev
POPL 2022 * Equal contribution

Slides
Talk
Paper

2021

Automated Discovery of Adaptive Attacks on Adversarial Defenses
Chengyuan Yao, Pavol Bielik, Petar Tsankov, Martin Vechev
NeurIPS 2021

Paper
Robustness Certification for Point Cloud Models
Tobias Lorenz, Anian Ruoss, Mislav Balunović, Gagandeep Singh, Martin Vechev
ICCV 2021

Paper
Scalable Polyhedral Verification of Recurrent Neural Networks
Wonryong Ryou, Jiayu Chen, Mislav Balunović, Gagandeep Singh, Andrei Dan, Martin Vechev
CAV 2021

Paper
Scalable Certified Segmentation via Randomized Smoothing
Marc Fischer, Maximilian Baader, Martin Vechev
ICML 2021

Poster
Paper
Automated Discovery of Adaptive Attacks on Adversarial Defenses
Chengyuan Yao, Pavol Bielik, Petar Tsankov, Martin Vechev
AutoML@ICML 2021 Oral

Talk
Paper
Fast and Precise Certification of Transformers
Gregory Bonaert, Dimitar I. Dimitrov, Maximilian Baader, Martin Vechev
PLDI 2021

Slides
Paper
Certify or Predict: Boosting Certified Robustness with Compositional Architectures
Mark Niklas Müller, Mislav Balunović, Martin Vechev
ICLR 2021

Slides
Talk
Paper
Scaling Polyhedral Neural Network Verification on GPUs
Christoph Müller*, François Serre*, Gagandeep Singh, Markus Püschel, Martin Vechev
MLSys 2021 * Equal contribution

Talk
Paper
Robustness Certification with Generative Models
Matthew Mirman, Alexander Hägele, Timon Gehr, Pavol Bielik, Martin Vechev
PLDI 2021

Paper
Efficient Certification of Spatial Robustness
Anian Ruoss, Maximilian Baader, Mislav Balunović, Martin Vechev
AAAI 2021

Paper

2020

Learning Certified Individually Fair Representations
Anian Ruoss, Mislav Balunović, Marc Fischer, Martin Vechev
NeurIPS 2020

Slides
Paper
Code
Certified Defense to Image Transformations via Randomized Smoothing
Marc Fischer, Maximilian Baader, Martin Vechev
NeurIPS 2020

Poster
Paper
Adversarial Attacks on Probabilistic Autoregressive Forecasting Models
Raphaël Dang-Nhu, Gagandeep Singh, Pavol Bielik, Martin Vechev
ICML 2020

Slides
Talk
Paper
Adversarial Training and Provable Defenses: Bridging the Gap
Mislav Balunović, Martin Vechev
ICLR 2020 Oral

Slides
Talk
Paper
Universal Approximation with Certified Networks
Maximilian Baader, Matthew Mirman, Martin Vechev
ICLR 2020

Slides
Paper
Robustness Certification of Generative Models
Mathew Mirman, Timon Gehr, Martin Vechev
arXiv 2020

Paper

2019

Beyond the Single Neuron Convex Barrier for Neural Network Certification
Gagandeep Singh, Rupanshu Ganvir, Markus Püschel, Martin Vechev
NeurIPS 2019

Poster
Paper
Certifying Geometric Robustness of Neural Networks
Mislav Balunović, Maximilian Baader, Gagandeep Singh, Timon Gehr, Martin Vechev
NeurIPS 2019

Poster
Paper
Online Robustness Training for Deep Reinforcement Learning
Marc Fischer, Matthew Mirman, Steven Stalder, Martin Vechev
arXiv 2019

Paper
DL2: Training and Querying Neural Networks with Logic
Marc Fischer, Mislav Balunović, Dana Drachsler-Cohen, Timon Gehr, Ce Zhang, Martin Vechev
ICML 2019

Poster
Talk
Paper
Boosting Robustness Certification of Neural Networks
Gagandeep Singh, Timon Gehr, Markus Püschel, Martin Vechev
ICLR 2019

Poster
Paper
A Provable Defense for Deep Residual Networks
Matthew Mirman, Gagandeep Singh, Martin Vechev
ArXiv 2019

Paper
An Abstract Domain for Certifying Neural Networks
Gagandeep Singh, Timon Gehr, Markus Püschel, Martin Vechev
ACM POPL 2019

Slides
Paper

2018

Fast and Effective Robustness Certification
Gagandeep Singh, Timon Gehr, Matthew Mirman, Markus Püschel, Martin Vechev
NIPS 2018

Poster
Paper
Differentiable Abstract Interpretation for Provably Robust Neural Networks
Matthew Mirman, Timon Gehr, Martin Vechev
ICML 2018

Slides
Paper
AI2: Safety and Robustness Certification of Neural Networks with Abstract Interpretation
Timon Gehr, Matthew Mirman, Dana Drachsler-Cohen, Petar Tsankov, Swarat Chaudhuri, Martin Vechev
IEEE S&P 2018

Slides
Talk
Paper

Talks

Safe and Robust Deep Learning
Waterloo ML + Security + Verification Workshop

Slides
Safe and Robust Deep Learning
University of Edinburgh, Robust Artificial Intelligence for Neurorobotics 2019

Slides
AI2: AI Safety and Robustness with Abstract Interpretation
Machine Learning meets Formal Methods, FLOC 2018

Slides