Black-Box Certification with Randomized Smoothing: A Functional Optimization Based Framework

Authors: Dinghuai Zhang, Mao Ye, Chengyue Gong, Zhanxing Zhu, Qiang Liu
Published: 2020-02-21 | Updated: 2020-10-20

Source: https://arxiv.org/abs/2002.09169

PDF: https://arxiv.org/pdf/2002.09169

Labels Predicted by AI

ロバスト性評価 最適化問題 防御手法

Please note that these labels were automatically added by AI. Therefore, they may not be entirely accurate.
For more details, please see the About the Literature Database page.

Abstract

Randomized classifiers have been shown to provide a promising approach for achieving certified robustness against adversarial attacks in deep learning. However, most existing methods only leverage Gaussian smoothing noise and only work for ℓ₂ perturbation. We propose a general framework of adversarial certification with non-Gaussian noise and for more general types of attacks, from a unified functional optimization perspective. Our new framework allows us to identify a key trade-off between accuracy and robustness via designing smoothing distributions, helping to design new families of non-Gaussian smoothing distributions that work more efficiently for different ℓ_p settings, including ℓ₁, ℓ₂ and ℓ_∞ attacks. Our proposed methods achieve better certification results than previous works and provide a new perspective on randomized smoothing certification.