TY - GEN
T1 - Data-Dependent Randomized Smoothing
AU - Alfarra, Motasem
AU - Bibi, Adel
AU - Torr, Philip H.S.
AU - Ghanem, Bernard
N1 - KAUST Repository Item: Exported on 2023-07-17
Acknowledged KAUST grant number(s): ORA-CRG10-2021-4648
Acknowledgements: This publication is based upon work supported by King Abdullah University of Science and Technology (KAUST) under Award No. ORA-CRG10-2021-4648. We thank Francisco Girbal Eiras for the help in the memory based certification and the discussions.
PY - 2022/1/1
Y1 - 2022/1/1
N2 - Randomized smoothing is a recent technique that achieves state-of-art performance in training certifiably robust deep neural networks. While the smoothing family of distributions is often connected to the choice of the norm used for certification, the parameters of these distributions are always set as global hyper parameters independent from the input data on which a network is certified. In this work, we revisit Gaussian randomized smoothing and show that the variance of the Gaussian distribution can be optimized at each input so as to maximize the certification radius for the construction of the smooth classifier. Since the data dependent classifier does not directly enjoy sound certification with existing approaches, we propose a memory-enhanced data dependent smooth classifier that is certifiable by construction. This new approach is generic, parameter-free, and easy to implement. In fact, we show that our data dependent framework can be seamlessly incorporated into 3 randomized smoothing approaches, leading to consistent improved certified accuracy. When this framework is used in the training routine of these approaches followed by a data dependent certification, we achieve 9% and 6% improvement over the certified accuracy of the strongest baseline for a radius of 0.5 on CIFAR10 and ImageNet.
AB - Randomized smoothing is a recent technique that achieves state-of-art performance in training certifiably robust deep neural networks. While the smoothing family of distributions is often connected to the choice of the norm used for certification, the parameters of these distributions are always set as global hyper parameters independent from the input data on which a network is certified. In this work, we revisit Gaussian randomized smoothing and show that the variance of the Gaussian distribution can be optimized at each input so as to maximize the certification radius for the construction of the smooth classifier. Since the data dependent classifier does not directly enjoy sound certification with existing approaches, we propose a memory-enhanced data dependent smooth classifier that is certifiable by construction. This new approach is generic, parameter-free, and easy to implement. In fact, we show that our data dependent framework can be seamlessly incorporated into 3 randomized smoothing approaches, leading to consistent improved certified accuracy. When this framework is used in the training routine of these approaches followed by a data dependent certification, we achieve 9% and 6% improvement over the certified accuracy of the strongest baseline for a radius of 0.5 on CIFAR10 and ImageNet.
UR - http://hdl.handle.net/10754/666414
UR - https://proceedings.mlr.press/v180/alfarra22a
UR - http://www.scopus.com/inward/record.url?scp=85163377727&partnerID=8YFLogxK
M3 - Conference contribution
SP - 64
EP - 74
BT - 38th Conference on Uncertainty in Artificial Intelligence, UAI 2022
PB - ML Research Press
ER -