[Re] Double Sampling Randomized Smoothing
This work addresses the reproducibility challenge in machine learning by improving robustness certification for neural networks, though it appears incremental as it builds on existing smoothing methods.
The paper tackles the problem of certifying neural network robustness against adversarial perturbations by proposing the Double Sampling Randomized Smoothing (DSRS) framework, which consistently certifies larger robust radii on MNIST and CIFAR-10 compared to existing methods.
This paper is a contribution to the reproducibility challenge in the field of machine learning, specifically addressing the issue of certifying the robustness of neural networks (NNs) against adversarial perturbations. The proposed Double Sampling Randomized Smoothing (DSRS) framework overcomes the limitations of existing methods by using an additional smoothing distribution to improve the robustness certification. The paper provides a clear manifestation of DSRS for a generalized family of Gaussian smoothing and a computationally efficient method for implementation. The experiments on MNIST and CIFAR-10 demonstrate the effectiveness of DSRS, consistently certifying larger robust radii compared to other methods. Also various ablations studies are conducted to further analyze the hyperparameters and effect of adversarial training methods on the certified radius by the proposed framework.