equation

index.html

@@ -420,15 +420,15 @@
       <div class="column has-text-justified">
         <p>
           Attackers can design adaptive attacks to try to bypass BEYOND when the attacker knows all the parameters of the model 
-          and the detection strategy. For an SSL model with a feature extractor $$f$$, a projector $$h$$, and a classification head $$g$$, 
-          the classification branch can be formulated as $$\mathbb{C} = f\circ g$$ and the representation branch as $$\mathbb{R} = f\circ h$$. 
+          and the detection strategy. For an SSL model with a feature extractor $f$, a projector $h$, and a classification head $g$, 
+          the classification branch can be formulated as $\mathbb{C} = f\circ g$ and the representation branch as $\mathbb{R} = f\circ h$. 
           To attack effectively, the adversary must deceive the target model while guaranteeing the label consistency and representation similarity of the SSL model. 
 
-          where $$\mathcal{S}$$ represents cosine similarity, $$k$$ represents the number of generated neighbors, 
-          and the linear augmentation function $$W(x)=W(x,p);~p\sim P$$ randomly samples $$p$$ from the parameter distribution $$P$$ to generate different neighbors. 
+          where $\mathcal{S}$ represents cosine similarity, $k$ represents the number of generated neighbors, 
+          and the linear augmentation function $W(x)=W(x,p);~p\sim P$ randomly samples $p$ from the parameter distribution $P$ to generate different neighbors. 
           Note that we guarantee the generated neighbors are fixed each time by fixing the random seed. The adaptive adversaries perform attacks on the following objective function:
 
-          where $$\mathcal{L}_C$$ indicates classifier's loss function, $$y_t$$ is the targeted class, and $$\alpha$$ refers to a hyperparameter.
+          where $\mathcal{L}_C$ indicates classifier's loss function, $y_t$ is the targeted class, and $\alpha$ refers to a hyperparameter.
       </div>
     </div>