SmoothMix: Training Confidence-calibrated Smoothed Classifiers for Certified Robustness

11/17/2021
by   Jongheon Jeong, et al.
0

Randomized smoothing is currently a state-of-the-art method to construct a certifiably robust classifier from neural networks against ℓ_2-adversarial perturbations. Under the paradigm, the robustness of a classifier is aligned with the prediction confidence, i.e., the higher confidence from a smoothed classifier implies the better robustness. This motivates us to rethink the fundamental trade-off between accuracy and robustness in terms of calibrating confidences of a smoothed classifier. In this paper, we propose a simple training scheme, coined SmoothMix, to control the robustness of smoothed classifiers via self-mixup: it trains on convex combinations of samples along the direction of adversarial perturbation for each input. The proposed procedure effectively identifies over-confident, near off-class samples as a cause of limited robustness in case of smoothed classifiers, and offers an intuitive way to adaptively set a new decision boundary between these samples for better robustness. Our experimental results demonstrate that the proposed method can significantly improve the certified ℓ_2-robustness of smoothed classifiers compared to existing state-of-the-art robust training methods.

READ FULL TEXT
research
12/18/2022

Confidence-aware Training of Smoothed Classifiers for Certified Robustness

Any classifier can be "smoothed out" under Gaussian noise to build a new...
research
06/09/2020

Towards an Intrinsic Definition of Robustness for a Classifier

The robustness of classifiers has become a question of paramount importa...
research
06/07/2020

Consistency Regularization for Certified Robustness of Smoothed Classifiers

A recent technique of randomized smoothing has shown that the worst-case...
research
02/17/2020

Regularized Training and Tight Certification for Randomized Smoothed Classifier with Provable Robustness

Recently smoothing deep neural network based classifiers via isotropic G...
research
06/10/2023

Boosting Adversarial Robustness using Feature Level Stochastic Smoothing

Advances in adversarial defenses have led to a significant improvement i...
research
05/23/2017

Formal Guarantees on the Robustness of a Classifier against Adversarial Manipulation

Recent work has shown that state-of-the-art classifiers are quite brittl...
research
07/06/2023

When Does Confidence-Based Cascade Deferral Suffice?

Cascades are a classical strategy to enable inference cost to vary adapt...

Please sign up or login with your details

Forgot password? Click here to reset