Black-Box Certification with Randomized Smoothing: A Functional Optimization Based Framework

by   Dinghuai Zhang, et al.

Randomized classifiers have been shown to provide a promising approach for achieving certified robustness against adversarial attacks in deep learning. However, most existing methods only leverage Gaussian smoothing noise and only work for ℓ_2 perturbation. We propose a general framework of adversarial certification with non-Gaussian noise and for more general types of attacks, from a unified functional optimization perspective. Our new framework allows us to identify a key trade-off between accuracy and robustness via designing smoothing distributions, helping to design new families of non-Gaussian smoothing distributions that work more efficiently for different ℓ_p settings, including ℓ_1, ℓ_2 and ℓ_∞ attacks. Our proposed methods achieve better certification results than previous works and provide a new perspective on randomized smoothing certification.


page 1

page 2

page 3

page 4


Randomized Smoothing under Attack: How Good is it in Pratice?

Randomized smoothing is a recent and celebrated solution to certify the ...

Certified Robustness via Randomized Smoothing over Multiplicative Parameters

We propose a novel approach of randomized smoothing over multiplicative ...

Consistency Regularization for Certified Robustness of Smoothed Classifiers

A recent technique of randomized smoothing has shown that the worst-case...

Higher-Order Certification for Randomized Smoothing

Randomized smoothing is a recently proposed defense against adversarial ...

DeepTag: A General Framework for Fiducial Marker Design and Detection

A fiducial marker system usually consists of markers, a detection algori...

CROP: Certifying Robust Policies for Reinforcement Learning through Functional Smoothing

We present the first framework of Certifying Robust Policies for reinfor...

Smoothing and Interpolating Noisy GPS Data with Smoothing Splines

A comprehensive methodology is provided for smoothing noisy, irregularly...