SupplementaryMaterial

Feb-7-2026, 12:56:25 GMT–Neural Information Processing Systems

Using targeted attack strategy allows us to include the randomness of the target label sampling. We choose Jester dataset as it generally takes few queries to attack Jester dataset, thussavingtesting time. GEO-TRAP can employ different kinds of geometric transformations in theTRANS-WARP function. Thisisdemonstrated bythefactthatGEO-TRAP'sgradients generally have larger cosine similarity with the ground truth gradients. Wedenote the probability score associated with this label aspy(x).

artificial intelligence, geo-trap, max, (16 more...)

Neural Information Processing Systems

Feb-7-2026, 12:56:25 GMT

Conferences PDF

Add feedback

Country:
- North America > United States > California > Riverside County > Riverside (0.05)

Industry:
- Government > Military (0.35)
- Information Technology > Security & Privacy (0.35)

Technology:
- Information Technology > Artificial Intelligence > Vision (0.47)

Duplicate Docs Excel Report

Title
103303dd56a731e377d01f6a37badae3-Supplemental.pdf

Similar Docs Excel Report more

Title	Similarity	Source
None found