Variational Randomized Smoothing for Sample-Wise Adversarial Robustness
Ryo Hase, Ye Wang, Toshiaki Koike-Akino, Jing Liu, Kieran Parsons
TL;DR
This paper introduces a variational approach to randomized smoothing that adaptively selects noise levels for each input, improving adversarial robustness and certified guarantees over fixed-noise methods.
Contribution
It proposes a novel variational framework with a per-sample noise level selector, advancing randomized smoothing techniques for better robustness.
Findings
Enhanced empirical robustness against adversarial attacks.
Provides and analyzes certified robustness for the sample-wise smoothing method.
Demonstrates superiority over fixed-noise smoothing approaches.
Abstract
Randomized smoothing is a defensive technique to achieve enhanced robustness against adversarial examples which are small input perturbations that degrade the performance of neural network models. Conventional randomized smoothing adds random noise with a fixed noise level for every input sample to smooth out adversarial perturbations. This paper proposes a new variational framework that uses a per-sample noise level suitable for each input by introducing a noise level selector. Our experimental results demonstrate enhancement of empirical robustness against adversarial attacks. We also provide and analyze the certified robustness for our sample-wise smoothing method.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Fault Detection and Control Systems
MethodsRandomized Smoothing