Provably Robust Deep Learning via Adversarially Trained Smoothed Classifiers
Microsoft: Hadi Salman, Greg Yang, Jerry Li, Pengchuan Zhang, Huan Zhang, Ilya Razenshteyn, Sébastien Bubeck
Contribution:
- employ adversarial training to improve the performance of randomized smoothing.
- state-of-the-art results for l2 norm
- a more concise proof of tight robustness guarantee by casting this as a non-linear Lipschitz property
Not a new certification method, the improvement are due to the better base classifiers as a result of adversarial training
Author’s blog: https://decentdescent.org/smoothadv.html
Author’s video:
Code: https://github.com/Hadisalman/smoothing-adversarial
-
Previous
Certified Adversarial Robustness via Randomized Smoothing -
Next
Attacks Which Do Not Kill Training Make Adversarial Learning Stronger
