Towards Large Certified Radius in Randomized Smoothing using Quasiconcave Optimization
This work addresses the need for improved certified robustness in AI security, offering a more efficient and effective method for real-world datasets, though it is incremental as it builds on existing input-specific approaches.
The paper tackled the problem of achieving larger certified radii in randomized smoothing for deep neural networks by exploiting quasiconvex optimization, resulting in significant enhancements in certified radii on CIFAR-10 and ImageNet with low computational overhead.
Randomized smoothing is currently the state-of-the-art method that provides certified robustness for deep neural networks. However, due to its excessively conservative nature, this method of incomplete verification often cannot achieve an adequate certified radius on real-world datasets. One way to obtain a larger certified radius is to use an input-specific algorithm instead of using a fixed Gaussian filter for all data points. Several methods based on this idea have been proposed, but they either suffer from high computational costs or gain marginal improvement in certified radius. In this work, we show that by exploiting the quasiconvex problem structure, we can find the optimal certified radii for most data points with slight computational overhead. This observation leads to an efficient and effective input-specific randomized smoothing algorithm. We conduct extensive experiments and empirical analysis on CIFAR-10 and ImageNet. The results show that the proposed method significantly enhances the certified radii with low computational overhead.