equation

index.html

@@ -421,15 +421,9 @@
       <div class="column">
         <p>
           Attackers can design adaptive attacks to try to bypass BEYOND when the attacker knows all the parameters of the model 
-          and the detection strategy. For an SSL model with a feature extractor $f$, a projector $h$, and a classification head $g$, 
-          the classification branch can be formulated as $\mathbb{C} = f\circ g$ and the representation branch as $\mathbb{R} = f\circ h$. 
+          and the detection strategy. For an SSL model with a feature extractor $\displaystyle f$, a projector $\displaystyle h$, and a classification head $\displaystyle g$, 
+          the classification branch can be formulated as $\displaystyle \mathbb{C} = f\circ g$ and the representation branch as $\displaystyle \mathbb{R} = f\circ h$. 
           To attack effectively, the adversary must deceive the target model while guaranteeing the label consistency and representation similarity of the SSL model. 
-
-          <!-- where $\mathcal{S}$ represents cosine similarity, $k$ represents the number of generated neighbors, 
-          and the linear augmentation function $W(x)=W(x,p);~p\sim P$ randomly samples $p$ from the parameter distribution $P$ to generate different neighbors. 
-          Note that we guarantee the generated neighbors are fixed each time by fixing the random seed. The adaptive adversaries perform attacks on the following objective function:
-
-          where $\mathcal{L}_C$ indicates classifier's loss function, $y_t$ is the targeted class, and $\alpha$ refers to a hyperparameter. -->
       </div>
     </div>
 
@@ -465,19 +459,14 @@
       <div class="columns is-centered">
         <div class="column">
           <p class="eq-des label-loss">
-            Attackers can design adaptive attacks to try to bypass BEYOND when the attacker knows all the parameters of the model 
-            and the detection strategy. For an SSL model with a feature extractor $f$, a projector $h$, and a classification head $g$, 
-            the classification branch can be formulated as $\mathbb{C} = f\circ g$ and the representation branch as $\mathbb{R} = f\circ h$. 
-            To attack effectively, the adversary must deceive the target model while guaranteeing the label consistency and representation similarity of the SSL model. 
+            where $\displaystyle k$ represents the number of generated neighbors, $\displaystyle y_t$ is the target class, and $\displaystyle \mathcal{L} is the cross entropy loss function$
           </p>
           <p class="eq-des representation-loss" style="display: none">
-            where $\mathcal{S}$ represents cosine similarity, $k$ represents the number of generated neighbors, 
-            and the linear augmentation function $W(x)=W(x,p);~p\sim P$ randomly samples $p$ from the parameter distribution $P$ to generate different neighbors. 
-            Note that we guarantee the generated neighbors are fixed each time by fixing the random seed. The adaptive adversaries perform attacks on the following objective function:
+            where $\displaystyle \mathcal{S}$ is the cosine similarity.
           </p>
             
           <p class="eq-des total-loss" style="display: none;">
-            where $\mathcal{L}_C$ indicates classifier's loss function, $y_t$ is the targeted class, and $\alpha$ refers to a hyperparameter.
+            where $\displaystyle \mathcal{L}_C$ indicates classifier's loss function, $\displaystyle y_t$ is the targeted class, and $\displaystyle \alpha$ refers to a hyperparameter.
           </p>
         </div>
       </div>