This paper is a contribution to the reproducibility challenge in the field of machine learning, specifically addressing the issue of certifying the robustness of neural networks (NNs) against adversarial perturbations. The proposed Double Sampling Randomized Smoothing (DSRS) framework overcomes the limitations of existing methods by using an additional smoothing distribution to improve the robustness certification. The paper provides a clear manifestation of DSRS for a generalized family of Gaussian smoothing and a computationally efficient method for implementation. The experiments on MNIST and CIFAR-10 demonstrate the effectiveness of DSRS, consistently certifying larger robust radii compared to other methods. Also various ablations studies are conducted to further analyze the hyperparameters and effect of adversarial training methods on the certified radius by the proposed framework.

翻译：本文是对机器学习领域中可复现性挑战的贡献，专门解决神经网络（NNs）对抗性扰动鲁棒性认证的问题。所提出的双重采样随机平滑（DSRS）框架通过引入额外的平滑分布来提升鲁棒性认证，克服了现有方法的局限性。本文为广义高斯平滑族给出了DSRS的清晰表述，并提供了一种计算高效的实现方法。在MNIST和CIFAR-10上的实验表明，DSRS始终能认证比其他方法更大的鲁棒半径，从而证明了其有效性。此外，本文还进行了多项消融研究，进一步分析超参数以及对抗训练方法对所提框架认证半径的影响。