Boosting Randomized Smoothing with Variance Reduced Classifiers

06/13/2021
by   Miklós Z. Horváth, et al.
0

Randomized Smoothing (RS) is a promising method for obtaining robustness certificates by evaluating a base model under noise. In this work we: (i) theoretically motivate why ensembles are a particularly suitable choice as base models for RS, and (ii) empirically confirm this choice, obtaining state of the art results in multiple settings. The key insight of our work is that the reduced variance of ensembles over the perturbations introduced in RS leads to significantly more consistent classifications for a given input, in turn leading to substantially increased certifiable radii for difficult samples. We also introduce key optimizations which enable an up to 50-fold decrease in sample complexity of RS, thus drastically reducing its computational overhead. Experimentally, we show that ensembles of only 3 to 10 classifiers consistently improve on the strongest single model with respect to their average certified radius (ACR) by 5 achieve a state-of-the-art ACR of 1.11. We release all code and models required to reproduce our results upon publication.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

08/01/2021

Certified Defense via Latent Space Randomized Smoothing with Orthogonal Encoders

Randomized Smoothing (RS), being one of few provable defenses, has been ...
12/08/2020

Data Dependent Randomized Smoothing

Randomized smoothing is a recent technique that achieves state-of-art pe...
05/19/2020

Enhancing Certified Robustness of Smoothed Classifiers via Weighted Model Ensembling

Randomized smoothing has achieved state-of-the-art certified robustness ...
07/09/2021

ANCER: Anisotropic Certification via Sample-wise Volume Maximization

Randomized smoothing has recently emerged as an effective tool that enab...
12/21/2021

Input-Specific Robustness Certification for Randomized Smoothing

Although randomized smoothing has demonstrated high certified robustness...
02/14/2020

Random Smoothing Might be Unable to Certify $\ell_\infty$ Robustness for High-Dimensional Images

We show a hardness result for random smoothing to achieve certified adve...
05/02/2016

Computing Real Roots of Real Polynomials ... and now For Real!

Very recent work introduces an asymptotically fast subdivision algorithm...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.