| Robust physical-world attacks on deep learning visual classification K Eykholt, I Evtimov, E Fernandes, B Li, A Rahmati, C Xiao, A Prakash, ... Proceedings of the IEEE conference on computer vision and pattern …, 2018 | 1886* | 2018 |
| Physical adversarial examples for object detectors D Song, K Eykholt, I Evtimov, E Fernandes, B Li, A Rahmati, F Tramer, ... 12th USENIX workshop on offensive technologies (WOOT 18), 2018 | 295* | 2018 |
| Is tricking a robot hacking? I Evtimov, D O'Hair, E Fernandes, R Calo, T Kobno Berkeley Tech. LJ 34, 891, 2019 | 19* | 2019 |
| FoggySight: A Scheme for Facial Lookup Privacy I Evtimov, P Sturmfels, T Kohno Proceedings on Privacy Enhancing Technologies 2021 (3), 204-226, 2021 | 14 | 2021 |
| Security and machine learning in the real world I Evtimov, W Cui, E Kamar, E Kiciman, T Kohno, J Li arXiv preprint arXiv:2007.07205, 2020 | 10 | 2020 |
| Disrupting model training with adversarial shortcuts I Evtimov, I Covert, A Kusupati, T Kohno arXiv preprint arXiv:2106.06654, 2021 | 5 | 2021 |
| Adversarial Evaluation of Multimodal Models under Realistic Gray Box Assumption I Evtimov, R Howes, B Dolhansky, H Firooz, CC Ferrer arXiv preprint arXiv:2011.12902, 2020 | 1 | 2020 |
| Adversarial Text Normalization J Bitton, M Pavlova, I Evtimov arXiv preprint arXiv:2206.04137, 2022 | | 2022 |
| Disrupting Machine Learning: Emerging Threats and Applications for Privacy and Dataset Ownership I Evtimov University of Washington, 2021 | | 2021 |
