Matthias Hein

papers

1,809

total citations

papers (18)

Revisiting Adversarial Training for ImageNet: Architectures, Training and Generalization across Threat Models

NEURIPS 2023arXiv

citations

Robust CLIP: Unsupervised Adversarial Fine-Tuning of Vision Embeddings for Robust Large Vision-Language Models

ICML 2024arXiv

citations

Relating Adversarially Robust Generalization to Flat Minima

ICCV 2021arXiv

citations

Spurious Features Everywhere - Large-Scale Detection of Harmful Spurious Features in ImageNet

ICCV 2023arXiv

citations

Normalization Layers Are All That Sharpness-Aware Minimization Needs

NEURIPS 2023arXiv

citations

Meta-Learning the Search Distribution of Black-Box Random Search Based Adversarial Attacks

NEURIPS 2021arXiv

citations

Towards Reliable Evaluation and Fast Training of Robust Semantic Segmentation Models

ECCV 2024arXiv

citations

An Interpretable N-gram Perplexity Threat Model for Large Language Model Jailbreaks

ICML 2025arXiv

citations

Certifiably Adversarially Robust Detection of Out-of-Distribution Data

NEURIPS 2020arXiv

citations

An Infinite-Feature Extension for Bayesian ReLU Nets That Fixes Their Asymptotic Overconfidence

NEURIPS 2021arXiv

citations

DiG-IN: Diffusion Guidance for Investigating Networks - Uncovering Classifier Differences Neuron Visualisations and Visual Counterfactual Explanations

CVPR 2024arXiv

citations

DASH: Detection and Assessment of Systematic Hallucinations of VLMs

ICCV 2025arXiv

citations

Advancing Compositional Awareness in CLIP with Efficient Fine-Tuning

NEURIPS 2025arXiv

citations

Bias of Stochastic Gradient Descent or the Architecture: Disentangling the Effects of Overparameterization of Neural Networks

ICML 2024arXiv

citations

Provably Adversarially Robust Detection of Out-of-Distribution Data (Almost) for Free

NEURIPS 2022

citations

Matthias Hein

papers (18)

Square Attack: a query-efficient black-box adversarial attack via random search

Adversarial Robustness on In- and Out-Distribution Improves Explainability

Diffusion Visual Counterfactual Explanations

Revisiting Adversarial Training for ImageNet: Architectures, Training and Generalization across Threat Models

Robust CLIP: Unsupervised Adversarial Fine-Tuning of Vision Embeddings for Robust Large Vision-Language Models

Relating Adversarially Robust Generalization to Flat Minima

Spurious Features Everywhere - Large-Scale Detection of Harmful Spurious Features in ImageNet

Normalization Layers Are All That Sharpness-Aware Minimization Needs

Meta-Learning the Search Distribution of Black-Box Random Search Based Adversarial Attacks

Towards Reliable Evaluation and Fast Training of Robust Semantic Segmentation Models

An Interpretable N-gram Perplexity Threat Model for Large Language Model Jailbreaks

Certifiably Adversarially Robust Detection of Out-of-Distribution Data

An Infinite-Feature Extension for Bayesian ReLU Nets That Fixes Their Asymptotic Overconfidence

DiG-IN: Diffusion Guidance for Investigating Networks - Uncovering Classifier Differences Neuron Visualisations and Visual Counterfactual Explanations

DASH: Detection and Assessment of Systematic Hallucinations of VLMs

Advancing Compositional Awareness in CLIP with Efficient Fine-Tuning

Bias of Stochastic Gradient Descent or the Architecture: Disentangling the Effects of Overparameterization of Neural Networks

Provably Adversarially Robust Detection of Out-of-Distribution Data (Almost) for Free

papers (18)

Square Attack: a query-efficient black-box adversarial attack via random search

Adversarial Robustness on In- and Out-Distribution Improves Explainability

Diffusion Visual Counterfactual Explanations

Revisiting Adversarial Training for ImageNet: Architectures, Training and Generalization across Threat Models

Robust CLIP: Unsupervised Adversarial Fine-Tuning of Vision Embeddings for Robust Large Vision-Language Models

Relating Adversarially Robust Generalization to Flat Minima

Spurious Features Everywhere - Large-Scale Detection of Harmful Spurious Features in ImageNet

Normalization Layers Are All That Sharpness-Aware Minimization Needs

Meta-Learning the Search Distribution of Black-Box Random Search Based Adversarial Attacks

Towards Reliable Evaluation and Fast Training of Robust Semantic Segmentation Models

An Interpretable N-gram Perplexity Threat Model for Large Language Model Jailbreaks

Certifiably Adversarially Robust Detection of Out-of-Distribution Data

An Infinite-Feature Extension for Bayesian ReLU Nets That Fixes Their Asymptotic Overconfidence

DiG-IN: Diffusion Guidance for Investigating Networks - Uncovering Classifier Differences Neuron Visualisations and Visual Counterfactual Explanations

DASH: Detection and Assessment of Systematic Hallucinations of VLMs

Advancing Compositional Awareness in CLIP with Efficient Fine-Tuning

Bias of Stochastic Gradient Descent or the Architecture: Disentangling the Effects of Overparameterization of Neural Networks

Provably Adversarially Robust Detection of Out-of-Distribution Data (Almost) for Free