Randomized smoothing is a defensive technique to achieve enhanced robustness against adversarial examples which are small input perturbations that degrade the performance of neural network models. Conventional randomized smoothing adds random noise with a fixed noise level for every input sample to smooth out adversarial perturbations. This paper proposes a new variational framework that uses a per-sample noise level suitable for each input by introducing a noise level selector. Our experimental results demonstrate enhancement of empirical robustness against adversarial attacks. We also provide and analyze the certified robustness for our sample-wise smoothing method.

翻译：随机平滑是一种防御技术，旨在提升神经网络模型对对抗样本的鲁棒性。对抗样本是指能导致模型性能下降的微小输入扰动。传统的随机平滑方法对所有输入样本添加固定噪声水平的随机噪声以平滑对抗扰动。本文提出一种新的变分框架，通过引入噪声水平选择器，为每个输入样本使用适合其特性的样本级噪声水平。实验结果表明，该方法能有效提升模型在对抗攻击下的经验鲁棒性。我们同时为所提出的样本级平滑方法提供了可验证的鲁棒性证明并进行了理论分析。