RS-Reg: Probabilistic and Robust Certified Regression Through Randomized Smoothing
This work addresses the need for robust regression models against adversarial attacks, though it is incremental as it adapts existing randomized smoothing techniques to a new task.
The paper tackles the problem of extending certified robustness from classification to regression tasks by defining robustness through probabilities and deriving upper bounds on input perturbations for valid outputs, with simulations verifying theoretical results and showing advantages and limitations of averaging functions.
Randomized smoothing has shown promising certified robustness against adversaries in classification tasks. Despite such success with only zeroth-order access to base models, randomized smoothing has not been extended to a general form of regression. By defining robustness in regression tasks flexibly through probabilities, we demonstrate how to establish upper bounds on input data point perturbation (using the $\ell_2$ norm) for a user-specified probability of observing valid outputs. Furthermore, we showcase the asymptotic property of a basic averaging function in scenarios where the regression model operates without any constraint. We then derive a certified upper bound of the input perturbations when dealing with a family of regression models where the outputs are bounded. Our simulations verify the validity of the theoretical results and reveal the advantages and limitations of simple smoothing functions, i.e., averaging, in regression tasks. The code is publicly available at \url{https://github.com/arekavandi/Certified_Robust_Regression}.