Confidence-Aware Training of Smoothed Classifiers for Certified Robustness
DOI:
https://doi.org/10.1609/aaai.v37i7.25968Keywords:
ML: Adversarial Learning & Robustness, CV: Adversarial Attacks & Robustness, PEAI: Safety, Robustness & TrustworthinessAbstract
Any classifier can be "smoothed out" under Gaussian noise to build a new classifier that is provably robust to l2-adversarial perturbations, viz., by averaging its predictions over the noise via randomized smoothing. Under the smoothed classifiers, the fundamental trade-off between accuracy and (adversarial) robustness has been well evidenced in the literature: i.e., increasing the robustness of a classifier for an input can be at the expense of decreased accuracy for some other inputs. In this paper, we propose a simple training method leveraging this trade-off to obtain robust smoothed classifiers, in particular, through a sample-wise control of robustness over the training samples. We make this control feasible by using "accuracy under Gaussian noise" as an easy-to-compute proxy of adversarial robustness for an input. Specifically, we differentiate the training objective depending on this proxy to filter out samples that are unlikely to benefit from the worst-case (adversarial) objective. Our experiments show that the proposed method, despite its simplicity, consistently exhibits improved certified robustness upon state-of-the-art training methods. Somewhat surprisingly, we find these improvements persist even for other notions of robustness, e.g., to various types of common corruptions. Code is available at https://github.com/alinlab/smoothing-catrs.
Downloads
Published
2023-06-26
How to Cite
Jeong, J., Kim, S., & Shin, J. (2023). Confidence-Aware Training of Smoothed Classifiers for Certified Robustness. Proceedings of the AAAI Conference on Artificial Intelligence, 37(7), 8005-8013. https://doi.org/10.1609/aaai.v37i7.25968
Issue
Section
AAAI Technical Track on Machine Learning II
