The robustness of image segmentation has been an important research topic in the past few years as segmentation models have reached production-level accuracy. However, like classification models, segmentation models can be vulnerable to adversarial perturbations, which hinders their use in critical-decision systems like healthcare or autonomous driving. Recently, randomized smoothing has been proposed to certify segmentation predictions by adding Gaussian noise to the input to obtain theoretical guarantees. However, this method exhibits a trade-off between the amount of added noise and the level of certification achieved. In this paper, we address the problem of certifying segmentation prediction using a combination of randomized smoothing and diffusion models. Our experiments show that combining randomized smoothing and diffusion models significantly improves certified robustness, with results indicating a mean improvement of 21 points in accuracy compared to previous state-of-the-art methods on Pascal-Context and Cityscapes public datasets. Our method is independent of the selected segmentation model and does not need any additional specialized training procedure.

翻译：图像分割的鲁棒性近年来一直是重要研究课题，因为分割模型已达到生产级精度。然而，与分类模型类似，分割模型易受对抗性扰动影响，这阻碍了其在医疗或自动驾驶等关键决策系统中的应用。近期，研究者提出通过向输入添加高斯噪声以获得理论保证的随机平滑认证分割预测方法，但该方法在噪声强度与认证水平之间存在权衡。本文通过结合随机平滑与扩散模型来解决分割预测的认证问题。实验表明，将随机平滑与扩散模型相结合能显著提升认证鲁棒性，在Pascal-Context和Cityscapes公开数据集上的平均准确率较先前最先进方法提高21个点。本方法与所选分割模型无关，且无需任何额外专门训练步骤。