Adversarial Boot Camp: label free certified robustness in one epoch
This addresses the problem of adversarial robustness for machine learning practitioners by providing a more efficient and deterministic alternative to stochastic certification methods.
The paper tackles the vulnerability of machine learning models to adversarial attacks by introducing a deterministic certification approach that achieves certified robustness on ImageNet-1k with one epoch of retraining without labels, resulting in a certifiably robust model.
Machine learning models are vulnerable to adversarial attacks. One approach to addressing this vulnerability is certification, which focuses on models that are guaranteed to be robust for a given perturbation size. A drawback of recent certified models is that they are stochastic: they require multiple computationally expensive model evaluations with random noise added to a given input. In our work, we present a deterministic certification approach which results in a certifiably robust model. This approach is based on an equivalence between training with a particular regularized loss, and the expected values of Gaussian averages. We achieve certified models on ImageNet-1k by retraining a model with this loss for one epoch without the use of label information.