Robust and Accurate - Compositional Architectures for Randomized Smoothing
OPEN ACCESS
Loading...
Author / Producer
Date
2022-04-29
Publication Type
Conference Paper
ETH Bibliography
yes
Citations
Altmetric
OPEN ACCESS
Data
Rights / License
Abstract
Randomized Smoothing (RS) is considered the state-of-the-art approach to obtain certifiably robust models for challenging tasks. However, current RS approaches drastically decrease standard accuracy on unperturbed data, severely limiting their real-world utility. To address this limitation, we propose a compositional architecture, ACES, which certifiably decides on a per-sample basis whether to use a smoothed model yielding predictions with guarantees or a more accurate standard model without guarantees. This, in contrast to prior approaches, enables both high standard accuracies and significant provable robustness. On challenging tasks such as ImageNet, we obtain, e.g., 80.0% natural accuracy and 28.2% certifiable accuracy against l2 perturbations with r = 1.0. We release our code and models at https://github.com/eth-sri/aces.
Permanent link
Publication status
published
Editor
Book title
Journal / series
Volume
Pages / Article No.
2204.00487
Publisher
Cornell University
Event
Workshop on Socially Responsible Machine Learning (SRML 2022), co-located with ICRL 2022
Edition / version
Methods
Software
Geographic location
Date collected
Date created
Subject
Adversarial Robustness; Certified Robustness; Randomized Smoothing
Organisational unit
03948 - Vechev, Martin / Vechev, Martin
Notes
Poster presentation on April 29, 2022.
Funding
Related publications and datasets
Is part of: https://iclrsrml.github.io/paper.html