We focus on learning adversarially robust classifiers under a cost-sensitive scenario, where the potential harm of different classwise adversarial transformations is encoded in a binary cost matrix. Existing methods are either empirical that cannot certify robustness or suffer from inherent scalability issues. In this work, we study whether randomized smoothing, a more scalable robustness certification framework, can be leveraged to certify cost-sensitive robustness. Built upon a notion of cost-sensitive certified radius, we show how to adapt the standard randomized smoothing certification pipeline to produce tight robustness guarantees for any cost matrix. In addition, with fine-grained certified radius optimization schemes specifically designed for different data subgroups, we propose an algorithm to train smoothed classifiers that are optimized for cost-sensitive robustness. Extensive experiments on image benchmarks and a real-world medical dataset demonstrate the superiority of our method in achieving significantly improved performance of certified cost-sensitive robustness while having a negligible impact on overall accuracy.

翻译：我们聚焦于成本敏感场景下的对抗鲁棒分类器学习，其中不同类别的对抗性变换的潜在危害被编码为二元成本矩阵。现有方法要么基于经验性验证而无法提供鲁棒性证明，要么存在固有的可扩展性问题。本研究探讨随机平滑（一种更具可扩展性的鲁棒性认证框架）能否用于认证成本敏感鲁棒性。基于成本敏感认证半径的概念，我们展示了如何调整标准随机平滑认证流程，以针对任意成本矩阵生成紧凑的鲁棒性保证。此外，通过针对不同数据子群设计的细粒度认证半径优化方案，我们提出了一种训练算法来优化平滑分类器的成本敏感鲁棒性。在图像基准测试和真实医学数据集上的大量实验表明，我们的方法在显著提升认证成本敏感鲁棒性的同时，对整体准确率的影响可忽略不计。