This paper presents novel methods for estimating certified radii in randomized smoothing, a technique crucial for certifying the robustness of neural networks against adversarial perturbations. Our proposed techniques significantly improve the accuracy of certified test-set accuracy by providing tighter bounds on the certified radii. We introduce advanced algorithms for both discrete and continuous domains, demonstrating their effectiveness on CIFAR-10 and ImageNet datasets. The new methods show considerable improvements over existing approaches, particularly in reducing discrepancies in certified radii estimates. We also explore the impact of various hyperparameters, including sample size, standard deviation, and temperature, on the performance of these methods. Our findings highlight the potential for more efficient certification processes and pave the way for future research on tighter confidence sequences and improved theoretical frameworks. The study concludes with a discussion of potential future directions, including enhanced estimation techniques for discrete domains and further theoretical advancements to bridge the gap between empirical and theoretical performance in randomized smoothing.
翻译:本文提出了用于估计随机平滑认证半径的新方法,该技术对于认证神经网络对抗扰动的鲁棒性至关重要。我们提出的技术通过提供更严格的认证半径边界,显著提高了认证测试集准确率的精度。我们针对离散和连续域引入了先进算法,并在CIFAR-10和ImageNet数据集上验证了其有效性。新方法相较于现有方法展现出显著改进,特别是在减少认证半径估计差异方面。我们还探讨了包括样本量、标准差和温度在内的各种超参数对这些方法性能的影响。我们的研究结果突显了更高效认证流程的潜力,并为未来研究更严格的置信序列和改进的理论框架铺平了道路。研究最后讨论了潜在未来方向,包括针对离散域的增强估计技术,以及弥合随机平滑中经验性能与理论性能差距的进一步理论进展。