Certifying Ensembles: A General Certification Theory with S-Lipschitzness
This work addresses the theoretical robustness of ensembles for deep learning models, providing foundational insights that could impact certification methods in adversarial machine learning.
The authors tackled the problem of understanding when ensembles of robust classifiers improve or degrade certified robustness, introducing S-Lipschitz classifiers to generalize Lipschitz continuity and deriving precise theoretical conditions for these effects.
Improving and guaranteeing the robustness of deep learning models has been a topic of intense research. Ensembling, which combines several classifiers to provide a better model, has shown to be beneficial for generalisation, uncertainty estimation, calibration, and mitigating the effects of concept drift. However, the impact of ensembling on certified robustness is less well understood. In this work, we generalise Lipschitz continuity by introducing S-Lipschitz classifiers, which we use to analyse the theoretical robustness of ensembles. Our results are precise conditions when ensembles of robust classifiers are more robust than any constituent classifier, as well as conditions when they are less robust.