pith. sign in

arxiv: 2605.20606 · v1 · pith:WNUMPSP3new · submitted 2026-05-20 · 💻 cs.CV

Mind Your Margin and Boundary: Are Your Distilled Datasets Truly Robust?

Muquan Li , Yingyi Ma , Yihong Huang , Hang Gou , Ke Qin , Ming Li , Yuan-Fang Li , Tao He This is my paper

Pith reviewed 2026-05-21 05:57 UTC · model grok-4.3

classification 💻 cs.CV
keywords dataset distillationadversarial robustnessrobust dataset distillationcurriculum learningcontrastive learningmargin-based selectionCIFAR benchmarksImageNet subsets
0
0 comments X

The pith

C²R improves robust dataset distillation by prioritizing smallest-margin adversaries in a curriculum and widening class boundaries via contrastive loss.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

Dataset distillation compresses large training sets into small synthetic ones, yet most approaches optimize only clean accuracy and leave models vulnerable to adversarial attacks. The paper identifies that prior robust distillation methods treat all perturbed examples uniformly and neglect explicit expansion of inter-class separation where attacks concentrate. It derives a perturbation score from a robust-margin view to approximate each sample's robust hinge, then builds a curriculum that focuses first on the smallest-margin cases driving robust error. Paired with this is a class-balanced contrastive robustness loss that enforces invariance to perturbations while increasing decision-boundary separation across classes. On CIFAR-10/100, Tiny-ImageNet, and ImageNet-1K subsets under six attacks, the resulting distilled sets deliver the highest robust accuracy, exceeding previous robust distillation by 2.8 percent on average.

Core claim

The paper establishes that coupling an attack-aware curriculum, driven by a robust-margin perturbation score that ranks and prioritizes smallest-margin adversaries, with a class-balanced contrastive robustness loss that enforces adversarial invariance and widens inter-class boundary separation produces distilled datasets whose trained models achieve superior robust accuracy under multiple attack types.

What carries the argument

A perturbation score derived from the robust-margin perspective that approximates each sample's robust hinge, used to order a curriculum of hardest adversaries, together with a class-balanced contrastive robustness loss that simultaneously enforces perturbation invariance and increases separation between class decision boundaries.

If this is right

  • Distilled datasets can be trained to higher robust accuracy without uniform treatment of all adversarial perturbations.
  • Explicit widening of inter-class boundaries reduces concentration of attacks at decision surfaces.
  • Curriculum ordering by smallest robust margins directly targets the samples that dominate robust risk.
  • The combined curriculum-plus-contrastive approach maintains or improves clean accuracy alongside the robustness gains.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The margin-based curriculum could be tested as a plug-in module inside other distillation pipelines to check whether it lifts their robustness independently of the contrastive term.
  • If the boundary-widening effect scales, the same contrastive objective might be adapted to improve robustness in non-distilled adversarial training settings.
  • Experiments that track how the perturbation scores evolve across distillation epochs would reveal whether the curriculum ordering remains stable or needs periodic re-computation.

Load-bearing premise

The perturbation score derived from robust margins accurately approximates each sample's contribution to overall robust error.

What would settle it

Measure robust accuracy on the same benchmarks after replacing the margin-based curriculum with uniform or random ordering of adversarial examples; a return to prior-method performance levels would indicate the prioritization step is necessary.

Figures

Figures reproduced from arXiv: 2605.20606 by Hang Gou, Ke Qin, Ming Li, Muquan Li, Tao He, Yihong Huang, Yingyi Ma, Yuan-Fang Li.

Figure 1
Figure 1. Figure 1: Existing robust DD struggles to balance robustness and accuracy by (i) ignoring that robust risk is driven by the smallest margins and (ii) failing to separate classes near decision boundaries. C 2R addresses this with an attack-aware curriculum that prioritizes small-margin adversaries and a contrastive robustness loss. (Shen et al., 2026b; Gu et al., 2026), and is increasingly data-hungry, yet storing an… view at source ↗
Figure 2
Figure 2. Figure 2: Overview of the proposed C2R framework. LS-PGD generates adversarial examples and assigns perturbation scores to form an attack-aware curriculum (AAC), while the synthetic dataset is iteratively optimized with a supervised loss and a contrastive robustness loss (CRL) that aligns clean–adversarial features and enlarges the robust decision margin. Hence, any objective that averages robustness signals across … view at source ↗
Figure 3
Figure 3. Figure 3: Drop rate (DR) comparison under PGD attacks across datasets and IPC. The red dashed line denotes the DR of models trained on the whole dataset. C2R consistently achieves the lowest drop rate and exhibits a flatter trajectory as the synthetic set scales. (a) ROME on CIFAR-100 (b) C 2R on CIFAR-100 (c) C 2R on ImageNette [PITH_FULL_IMAGE:figures/full_fig_p007_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Visualization of synthetic images distilled by ROME on CIFAR-100, and C2R on CIFAR-100 and ImageNette under IPC = 50. specific threat model, indicating that the robustness im￾provements stem from distribution-level alignment rather than attack-specific adaptation. However, we also observe a slight decrease in robust accuracy when IPC increases from 10 to 50, which is because denser synthetic distribu￾tions… view at source ↗
Figure 6
Figure 6. Figure 6: Ablation study of the η on CIFAR-10. The results denote the average robust accuracy across all attack methods [PITH_FULL_IMAGE:figures/full_fig_p008_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Drop rate (DR) comparison under FGSM attacks across datasets and IPC. The red dashed line denotes the DR of models trained on the whole dataset. C2R consistently achieves the lowest drop rate and exhibits a flatter trajectory as the synthetic set scales. 16 [PITH_FULL_IMAGE:figures/full_fig_p016_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Visualization of synthetic images distilled by C2R on CIFAR-10, CIFAR-100, and Tiny-ImageNet under IPC = 50. 2025a; Ma et al., 2026b; Chen et al., 2026) and continual learning (Wang et al., 2024b; Shen et al., 2026a; Wang et al., 2026b). F. More Clarifications of the Smallest Robust Margin. Our method is margin-centric in an optimization sense rather than a measurement claim. In AAC, the robust-hinge surro… view at source ↗
read the original abstract

Dataset distillation (DD) compresses a large training set into a small synthetic set for efficient training, but most DD methods optimize only clean accuracy and leave robustness uncontrolled. Recent robust DD methods improve robustness, yet they often suffer from a poor accuracy-robustness trade-off because they (i) treat all adversarially perturbed examples uniformly, despite robust risk being dominated by near-zero robust margins, and (ii) do not explicitly increase inter-class separation in the decision boundary where attacks concentrate. We present Contrastive Curriculum for Robust Dataset Distillation (C$^2$R), a framework that couples an attack-aware curriculum with a contrastive robustness objective. From a robust-margin perspective, we derive a perturbation score that approximates each sample's robust hinge, enabling a curriculum that prioritizes the smallest-margin adversaries that most directly drive robust error. In parallel, a class-balanced contrastive robustness loss enforces adversarial invariance while explicitly widening boundary separation across classes. Experiments on CIFAR-10/100, Tiny-ImageNet, and multiple ImageNet-1K subsets under six attacks show that C$^2$R achieves the best robust accuracy, outperforming prior robust DD by $2.8$% on average.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper proposes Contrastive Curriculum for Robust Dataset Distillation (C²R), a framework that derives a perturbation score from a robust-margin perspective to approximate each sample's robust hinge and enable an attack-aware curriculum prioritizing smallest-margin adversaries, paired with a class-balanced contrastive robustness loss to enforce adversarial invariance and widen inter-class boundary separation. Experiments on CIFAR-10/100, Tiny-ImageNet, and ImageNet-1K subsets under six attacks report that C²R achieves the best robust accuracy, outperforming prior robust DD methods by 2.8% on average.

Significance. If the results hold, the work is significant for addressing the accuracy-robustness trade-off in dataset distillation, an area important for efficient robust model training. The explicit focus on robust margins and boundary separation via curriculum and contrastive loss offers a targeted improvement over uniform treatment of adversarial examples in prior robust DD methods. The multi-dataset, multi-attack evaluation provides a reasonable test of the claims.

major comments (2)
  1. [Section deriving the perturbation score (likely §3)] The central claim relies on the perturbation score (derived from robust-margin analysis) accurately approximating the robust hinge and preserving ranking of adversarial difficulty even after distillation reduces sample diversity. This approximation is load-bearing for the curriculum's effectiveness; if it correlates poorly with actual min-margin adversaries due to boundary effects or non-convexity in the distilled regime, the reported 2.8% gain would not be attributable to the proposed mechanism. A direct ablation or correlation analysis between the score and true robust margins on the distilled sets is needed to confirm this.
  2. [Experimental results section and associated tables] Table reporting the 2.8% average robust accuracy gain: the abstract and results lack error bars, explicit dataset splits, number of runs, or verification that the margin approximation holds in the low-diversity distilled setting. Without these, it is difficult to assess whether the improvement is statistically reliable or driven by the curriculum as claimed.
minor comments (2)
  1. [Method section on contrastive loss] Clarify the exact formulation of the class-balanced contrastive robustness loss, including how class balancing is enforced and any hyperparameters involved.
  2. [Discussion or conclusion] Add a brief discussion of potential limitations, such as computational overhead of the curriculum or sensitivity to the choice of attacks used in score computation.

Simulated Author's Rebuttal

2 responses · 0 unresolved

Thank you for your thorough review and valuable suggestions. We address the major comments point-by-point below, and have incorporated revisions to strengthen the validation of our method and the reporting of experimental results.

read point-by-point responses

  1. Referee: [Section deriving the perturbation score (likely §3)] The central claim relies on the perturbation score (derived from robust-margin analysis) accurately approximating the robust hinge and preserving ranking of adversarial difficulty even after distillation reduces sample diversity. This approximation is load-bearing for the curriculum's effectiveness; if it correlates poorly with actual min-margin adversaries due to boundary effects or non-convexity in the distilled regime, the reported 2.8% gain would not be attributable to the proposed mechanism. A direct ablation or correlation analysis between the score and true robust margins on the distilled sets is needed to confirm this.

    Authors: We appreciate the referee's emphasis on validating the core approximation underlying our curriculum. The perturbation score is theoretically derived to approximate the robust hinge loss based on margin analysis. To empirically confirm its reliability in the low-diversity distilled setting, we have added a new subsection in the experiments with a correlation analysis. Specifically, we compute the Pearson correlation between our perturbation scores and the true min-margin values obtained by solving the inner maximization for adversarial examples on the distilled datasets. The results indicate a high correlation (average 0.82 across datasets), suggesting that the ranking of adversarial difficulty is largely preserved. Furthermore, we include an ablation study comparing C²R with and without the curriculum component, which shows a drop of approximately 1.5% in robust accuracy when the curriculum is removed, supporting its contribution to the overall 2.8% gain. revision: yes

  2. Referee: [Experimental results section and associated tables] Table reporting the 2.8% average robust accuracy gain: the abstract and results lack error bars, explicit dataset splits, number of runs, or verification that the margin approximation holds in the low-diversity distilled setting. Without these, it is difficult to assess whether the improvement is statistically reliable or driven by the curriculum as claimed.

    Authors: We agree that these details are essential for assessing statistical reliability. In the revised manuscript, we have updated all result tables to include error bars representing the standard deviation over 5 independent runs with different random seeds. We have also clarified the dataset splits in the experimental setup section, noting that we use the standard training and test splits for CIFAR-10/100, Tiny-ImageNet, and the specified subsets for ImageNet-1K. The number of runs is now explicitly stated as 5 for all experiments. The verification of the margin approximation is addressed through the correlation analysis added in response to the previous comment. revision: yes

Circularity Check

0 steps flagged

No significant circularity; derivation chain is self-contained

full rationale

The paper presents a perturbation score derived from a robust-margin perspective to approximate the robust hinge, used for an attack-aware curriculum, alongside a class-balanced contrastive robustness loss. No equations or self-citations are provided in the available text that reduce this derivation to fitted inputs, prior author results, or by-construction equivalence. The central empirical claim of 2.8% robust accuracy improvement rests on experimental benchmarks rather than a tautological reduction, making the derivation independent of the target outcomes.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

Review uses only the abstract; no explicit free parameters, axioms, or invented entities are detailed beyond the high-level description of the perturbation score and contrastive loss.

axioms (1)
  • domain assumption Robust risk is dominated by near-zero robust margins
    Stated as motivation for the curriculum design.
invented entities (1)
  • perturbation score no independent evidence
    purpose: Approximates each sample's robust hinge to prioritize curriculum ordering
    Introduced as part of the framework; no independent evidence or external validation supplied in abstract.

pith-pipeline@v0.9.0 · 5759 in / 1192 out tokens · 36374 ms · 2026-05-21T05:57:11.387430+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

152 extracted references · 152 canonical work pages · 3 internal anchors

  1. [1]

    Dimitris Tsipras and Shibani Santurkar and Logan Engstrom and Alexander Turner and Aleksander Madry , title =

    work page

  2. [2]

    NeurIPS , year =

    Ludwig Schmidt and Shibani Santurkar and Dimitris Tsipras and Kunal Talwar and Aleksander Madry , title =. NeurIPS , year =

    work page

  3. [3]

    Your contrastive learning problem is secretly a distribution alignment problem , booktitle =

    Zihao Chen and Chi. Your contrastive learning problem is secretly a distribution alignment problem , booktitle =

    work page

  4. [4]

    Aleksander Madry and Aleksandar Makelov and Ludwig Schmidt and Dimitris Tsipras and Adrian Vladu , title =

    work page

  5. [5]

    Xing and Laurent El Ghaoui and Michael I

    Hongyang Zhang and Yaodong Yu and Jiantao Jiao and Eric P. Xing and Laurent El Ghaoui and Michael I. Jordan , title =

    work page

  6. [6]

    NeurIPS , year =

    Prannay Khosla and Piotr Teterwak and Chen Wang and Aaron Sarna and Yonglong Tian and Phillip Isola and Aaron Maschinot and Ce Liu and Dilip Krishnan , title =. NeurIPS , year =

    work page

  7. [7]

    Tongzhou Wang and Phillip Isola , title =

    work page

  8. [8]

    ICML , year=

    ROME is Forged in Adversity: Robust Distilled Datasets via Information Bottleneck , author =. ICML , year=

    work page

  9. [9]

    2009 , journal =

    Learning multiple layers of features from tiny images , author=. 2009 , journal =

    work page 2009

  10. [10]

    Technical Report , year=

    Tiny imagenet visual recognition challenge , author=. Technical Report , year=

    work page

  11. [11]

    Bernstein and Alexander C

    Olga Russakovsky and Jia Deng and Hao Su and Jonathan Krause and Sanjeev Satheesh and Sean Ma and Zhiheng Huang and Andrej Karpathy and Aditya Khosla and Michael S. Bernstein and Alexander C. Berg and Li Fei. ImageNet Large Scale Visual Recognition Challenge , journal =

    work page

  12. [12]

    and Qin, K

    Hu, X. and Qin, K. and He, T. and Luo, G. , title =. Tsinghua Science and Technology , year =

    work page

  13. [13]

    and Cai, Z

    Dai, R. and Cai, Z. and Mo, L. and Duan, G. and Shi, K. and He, T. , title =. Proceedings of the ACM Web Conference , pages =

    work page

  14. [14]

    and Liu, C

    Yin, W. and Liu, C. and Liu, D. and Su, B. and Li, Y.-F. and He, T. , title =. arXiv preprint arXiv:2603.19779 , year =

    work page arXiv

  15. [15]

    and Zhang, K

    Wei, S. and Zhang, K. and Chen, L. and He, T. and Duan, G. , title =. arXiv preprint arXiv:2603.19681 , year =

    work page arXiv

  16. [16]

    and Zhan, S

    Yin, W. and Zhan, S. and Liu, C. and Hu, X. and Duan, G. and Xie, X. and Li, Y.-F. and He, T. , title =. Proceedings of the AAAI Conference on Artificial Intelligence , volume =

    work page

  17. [17]

    Beyond random: Automatic inner-loop optimization in dataset distillation

    Li, M. and Gou, H. and Ma, Y. and Wang, R. and Qin, K. and He, T. , title =. arXiv preprint arXiv:2602.24144 , year =

    work page arXiv

  18. [18]

    and Hu, X

    He, T. and Hu, X. and Wu, T. and Zhang, D. and Li, M. and Li, Y.-F. and Yu, F. R. , title =. Pattern Recognition , pages =

    work page

  19. [19]

    LangPrecip: Language-Aware Multimodal Precipitation Nowcasting

    Ling, X. and Huang, T. and Dong, Q. and He, T. and Li, C. and Duan, G. , title =. arXiv preprint arXiv:2512.22317 , year =

    work page internal anchor Pith review Pith/arXiv arXiv

  20. [20]

    and Duan, G

    Ling, X. and Duan, G. and Li, C. and Huang, T. and He, T. , title =. IEEE Transactions on Geoscience and Remote Sensing , volume =

    work page

  21. [21]

    and Dai, R

    Dong, Q. and Dai, R. and Duan, G. and Qin, K. and Zhang, Y. and He, T. , title =. Neurocomputing , pages =

    work page

  22. [22]

    and Meng, H

    Dai, R. and Meng, H. and Yuan, Z. and Mo, L. and Zhu, W. and He, T. , title =. Knowledge-Based Systems , volume =

    work page

  23. [23]

    and Dong, Q

    Wang, Y. and Dong, Q. and Zhang, D. and Hu, X. and He, T. and Chen, A. , title =. Proceedings of the 2025 International Conference on Multimedia Retrieval , year =

    work page 2025

  24. [24]

    and Tan, Y

    Dai, R. and Tan, Y. and Mo, L. and He, T. and Qin, K. and Liang, S. , title =. Proceedings of the 2025 International Conference on Multimedia Retrieval , year =

    work page 2025

  25. [25]

    and Dong, Y

    Dong, Q. and Dong, Y. and Qin, K. and Duan, G. and He, T. , title =. ICASSP 2025 - 2025 IEEE International Conference on Acoustics, Speech and Signal Processing , year =

    work page 2025

  26. [26]

    and He, T

    Dong, Y. and He, T. and Dong, Q. and Qin, K. , title =. ICASSP 2025 - 2025 IEEE International Conference on Acoustics, Speech and Signal Processing , year =

    work page 2025

  27. [27]

    Zakari, R. Y. and Owusu, J. W. and Qin, K. and He, T. and Luo, G. , title =. Big Data Mining and Analytics , volume =

    work page

  28. [28]

    Zakari, R. Y. and Owusu, J. W. and Qin, K. and Wang, H. and Lawal, Z. K. and He, T. , title =. Neurocomputing , volume =

    work page

  29. [29]

    and Qin, K

    Fan, Z. and Qin, K. and Wang, X. and Zhang, D. and He, T. , title =. Proceedings of the 2025 8th International Conference on Software Engineering and Information Management , year =

    work page 2025

  30. [30]

    and Li, C

    Dai, R. and Li, C. and Yan, Y. and Mo, L. and Qin, K. and He, T. , title =. Proceedings of the IEEE/CVF International Conference on Computer Vision , year =

    work page

  31. [31]

    and Qin, K

    Hu, X. and Qin, K. and Duan, G. and Li, M. and Li, Y.-F. and He, T. , title =. ICCV , year =

    work page

  32. [32]

    Owusu, J. W. and Zakari, R. Y. and Qin, K. and He, T. , title =. 2024 IEEE Smart World Congress , pages =

    work page 2024

  33. [33]

    and Liu, X

    Yang, Z. and Liu, X. and Ouyang, D. and Duan, G. and Zhang, D. and He, T. and Li, Y.-F. , title =. Proceedings of the 32nd ACM International Conference on Multimedia , pages =

    work page

  34. [34]

    and Zhang, D

    Li, M. and Zhang, D. and He, T. and Xie, X. and Li, Y.-F. and Qin, K. , title =. Proceedings of the 32nd ACM International Conference on Multimedia , pages =

    work page

  35. [35]

    and Tan, Y

    Dai, R. and Tan, Y. and Mo, L. and He, T. and Qin, K. and Liang, S. , title =. arXiv preprint arXiv:2409.04693 , year =

    work page arXiv

  36. [36]

    and Liang, S

    Zhang, D. and Liang, S. and He, T. and Shao, J. and Qin, K. , title =. IEEE Transactions on Emerging Topics in Computational Intelligence , volume =

    work page

  37. [37]

    and Wu, T

    He, T. and Wu, T. and Zhang, D. and Duan, G. and Qin, K. and Li, Y.-F. , title =. arXiv preprint arXiv:2401.14626 , year =

    work page arXiv

  38. [38]

    and Gao, L

    He, T. and Gao, L. and Song, J. and Li, Y.-F. , title =. IEEE Transactions on Image Processing , volume =

    work page

  39. [39]

    and Gao, L

    He, T. and Gao, L. and Song, J. and Li, Y.-F. , title =. Information Sciences , year =

    work page

  40. [40]

    and Gao, L

    He, T. and Gao, L. and Song, J. and Li, Y.-F. , title =. European Conference on Computer Vision , year =

    work page

  41. [41]

    and Gao, L

    He, T. and Gao, L. and Song, J. and Li, Y.-F. , title =. IEEE Transactions on Neural Networks and Learning Systems , volume =

    work page

  42. [42]

    and Gao, L

    He, T. and Gao, L. and Song, J. and Cai, J. and Li, Y.-F. , title =. arXiv preprint arXiv:2108.08600 , year =

    work page arXiv

  43. [43]

    and Gao, L

    He, T. and Gao, L. and Song, J. and Li, Y.-F. , title =. Proceedings of the IEEE/CVF International Conference on Computer Vision , pages =

    work page

  44. [44]

    and Gao, L

    He, T. and Gao, L. and Song, J. and Cai, J. and Li, Y.-F. , title =. Proceedings of the International Joint Conference on Artificial Intelligence , year =

    work page

  45. [45]

    and Gao, L

    He, T. and Gao, L. and Song, J. and Wang, X. and Huang, K. and Li, Y. , title =. Proceedings of the AAAI Conference on Artificial Intelligence , volume =

    work page

  46. [46]

    and He, T

    Song, J. and He, T. and Gao, L. and Xu, X. and Hanjalic, A. and Shen, H. T. , title =. International Journal of Computer Vision , volume =

    work page

  47. [47]

    and Li, Y.-F

    He, T. and Li, Y.-F. and Gao, L. and Zhang, D. and Song, J. , title =. Proceedings of the International Joint Conference on Artificial Intelligence , year =

    work page

  48. [48]

    and He, T

    Song, J. and He, T. and Gao, L. and Xu, X. and Hanjalic, A. and Shen, H. T. , title =. Proceedings of the AAAI Conference on Artificial Intelligence , volume =

    work page

  49. [49]

    and He, T

    Song, J. and He, T. and Fan, H. and Gao, L. , title =. Joint European Conference on Machine Learning and Knowledge Discovery in Databases , year =

    work page

  50. [50]

    and He, T

    Song, J. and He, T. and Gao, L. and Xu, X. and Shen, H. T. , title =. Proceedings of the AAAI Conference on Artificial Intelligence , volume =

    work page

  51. [51]

    and Liu, C

    He, F. and Liu, C. and Wang, J. and He, T. and Cheng, Z. and Lu, G. , title =

    work page

  52. [52]

    ICCV , year=

    Self-supervised geometric features discovery via interpretable attention for vehicle re-identification and beyond , author=. ICCV , year=

    work page

  53. [53]

    TOM , year=

    Exploiting multi-view part-wise correlation via an efficient transformer for vehicle re-identification , author=. TOM , year=

    work page

  54. [54]

    ICCV , year=

    STPrivacy: Spatio-temporal privacy-preserving action recognition , author=. ICCV , year=

    work page

  55. [55]

    IEEE Transactions on Multimedia , volume=

    DR-FER: Discriminative and Robust Representation Learning for Facial Expression Recognition , author=. IEEE Transactions on Multimedia , volume=. 2023 , publisher=

    work page 2023

  56. [56]

    IJCV , year=

    Instant3d: instant text-to-3d generation , author=. IJCV , year=

    work page

  57. [57]

    arXiv preprint arXiv:2410.09140 , year=

    RealEra: Semantic-level Concept Erasure via Neighbor-Concept Mining , author=. arXiv preprint arXiv:2410.09140 , year=

    work page arXiv

  58. [58]

    Proceedings of the Computer Vision and Pattern Recognition Conference (CVPR) , month =

    Liu, Shaoyu and Li, Jianing and Zhao, Guanghui and Zhang, Yunjian and Meng, Xin and Yu, Fei Richard and Ji, Xiangyang and Li, Ming , title =. Proceedings of the Computer Vision and Pattern Recognition Conference (CVPR) , month =. 2025 , pages =

    work page 2025

  59. [59]

    FaVChat: Hierarchical Prompt-Query Guided Facial Video Understanding with Data-Efficient GRPO

    FaVChat: Unlocking Fine-Grained Facial Video Understanding with Multimodal Large Language Models , author=. arXiv preprint arXiv:2503.09158 , year=

    work page internal anchor Pith review Pith/arXiv arXiv

  60. [60]

    arXiv preprint arXiv:2503.08120 , year=

    UniF2ace: Fine-grained Face Understanding and Generation with Unified Multimodal Models , author=. arXiv preprint arXiv:2503.08120 , year=

    work page arXiv

  61. [61]

    , title =

    Yan, Weilong and Li, Ming and Li, Haipeng and Shao, Shuwei and Tan, Robby T. , title =. CVPR , year =

    work page

  62. [62]

    and Gao, X

    Dai, R. and Gao, X. and Mo, L. and Li, Z. and He, T. and Xu, Z. , title =

    work page

  63. [63]

    and Gao, X

    Dai, R. and Gao, X. and Jia, Y. and Mo, L. and Cheng, S. and Duan, G. and Li, M. and He, T. , title =

    work page

  64. [64]

    Yifan Wu and Jiawei Du and Ping Liu and Yuewei Lin and Wei Xu and Wenqing Cheng , title =

    work page

  65. [65]

    Goodfellow and Jonathon Shlens and Christian Szegedy , editor =

    Ian J. Goodfellow and Jonathon Shlens and Christian Szegedy , editor =. Explaining and Harnessing Adversarial Examples , booktitle =

    work page

  66. [66]

    Wagner , title =

    Nicholas Carlini and David A. Wagner , title =

    work page

  67. [67]

    Xiaosen Wang and Kun He , title =

    work page

  68. [68]

    Exploring misclassifications of robust neural networks to enhance adversarial attacks , journal =

    Leo Schwinn and Ren. Exploring misclassifications of robust neural networks to enhance adversarial attacks , journal =

    work page

  69. [69]

    Ye Liu and Yaya Cheng and Lianli Gao and Xianglong Liu and Qilong Zhang and Jingkuan Song , title =

    work page

  70. [70]

    Bo Zhao and Konda Reddy Mopuri and Hakan Bilen , title =

    work page

  71. [71]

    Bo Zhao and Hakan Bilen , title =

    work page

  72. [72]

    NeurIPS , year =

    Justin Cui and Ruochen Wang and Si Si and Cho. NeurIPS , year =

    work page

  73. [73]

    Spyros Gidaris and Nikos Komodakis , title =

    work page

  74. [74]

    Duo Su and Junjie Hou and Weizhi Gao and Yingjie Tian and Bowen Tang , title =

    work page

  75. [75]

    Xing and Zhiqiang Shen , title =

    Zeyuan Yin and Eric P. Xing and Zhiqiang Shen , title =. NeurIPS , year =

    work page

  76. [76]

    Efros and Jun

    George Cazenavette and Tongzhou Wang and Antonio Torralba and Alexei A. Efros and Jun. Dataset Distillation by Matching Training Trajectories , booktitle =

    work page

  77. [77]

    Dataset Distillation , journal =

    Tongzhou Wang and Jun. Dataset Distillation , journal =

    work page

  78. [78]

    Scaling Up Dataset Distillation to ImageNet-1K with Constant Memory , booktitle =

    Justin Cui and Ruochen Wang and Si Si and Cho. Scaling Up Dataset Distillation to ImageNet-1K with Constant Memory , booktitle =

    work page

  79. [79]

    Kai Wang and Bo Zhao and Xiangyu Peng and Zheng Zhu and Shuo Yang and Shuo Wang and Guan Huang and Hakan Bilen and Xinchao Wang and Yang You , title =

    work page

  80. [80]

    NeurIPS , year =

    Yongchao Zhou and Ehsan Nezhadarya and Jimmy Ba , title =. NeurIPS , year =

    work page

Showing first 80 references.