Enhanced Estimation Techniques for Certified Radii in Randomized Smoothing
This work addresses the need for more accurate certification of neural network robustness against adversarial perturbations, representing an incremental improvement over existing randomized smoothing techniques.
This paper tackles the problem of estimating certified radii in randomized smoothing for neural network robustness, introducing novel methods that significantly improve certified test-set accuracy by providing tighter bounds on certified radii, with demonstrated effectiveness on CIFAR-10 and ImageNet datasets.
This paper presents novel methods for estimating certified radii in randomized smoothing, a technique crucial for certifying the robustness of neural networks against adversarial perturbations. Our proposed techniques significantly improve the accuracy of certified test-set accuracy by providing tighter bounds on the certified radii. We introduce advanced algorithms for both discrete and continuous domains, demonstrating their effectiveness on CIFAR-10 and ImageNet datasets. The new methods show considerable improvements over existing approaches, particularly in reducing discrepancies in certified radii estimates. We also explore the impact of various hyperparameters, including sample size, standard deviation, and temperature, on the performance of these methods. Our findings highlight the potential for more efficient certification processes and pave the way for future research on tighter confidence sequences and improved theoretical frameworks. The study concludes with a discussion of potential future directions, including enhanced estimation techniques for discrete domains and further theoretical advancements to bridge the gap between empirical and theoretical performance in randomized smoothing.