Randomized smoothing has become essential for achieving certified adversarial robustness in machine learning models. However, current methods primarily use isotropic noise distributions that are uniform across all data dimensions, such as image pixels, limiting the effectiveness of robustness certification by ignoring the heterogeneity of inputs and data dimensions. To address this limitation, we propose UCAN: a novel technique that \underline{U}niversally \underline{C}ertifies adversarial robustness with \underline{A}nisotropic \underline{N}oise. UCAN is designed to enhance any existing randomized smoothing method, transforming it from symmetric (isotropic) to asymmetric (anisotropic) noise distributions, thereby offering a more tailored defense against adversarial attacks. Our theoretical framework is versatile, supporting a wide array of noise distributions for certified robustness in different $\ell_p$-norms and applicable to any arbitrary classifier by guaranteeing the classifier's prediction over perturbed inputs with provable robustness bounds through tailored noise injection. Additionally, we develop a novel framework equipped with three exemplary noise parameter generators (NPGs) to optimally fine-tune the anisotropic noise parameters for different data dimensions, allowing for pursuing different levels of robustness enhancements in practice.Empirical evaluations underscore the significant leap in UCAN's performance over existing state-of-the-art methods, demonstrating up to $182.6\%$ improvement in certified accuracy at large certified radii on MNIST, CIFAR10, and ImageNet datasets.\footnote{Code is anonymously available at \href{https://github.com/youbin2014/UCAN/}{https://github.com/youbin2014/UCAN/}}

翻译：随机平滑已成为实现机器学习模型认证对抗鲁棒性的关键技术。然而，现有方法主要采用各向同性的噪声分布（例如在图像像素等所有数据维度上均匀分布），忽略了输入与数据维度的异质性，从而限制了鲁棒性认证的有效性。为克服这一局限，我们提出UCAN：一种利用非各向同性噪声实现通用认证对抗鲁棒性的新技术。UCAN旨在增强现有随机平滑方法，将其从对称（各向同性）噪声分布转换为非对称（各向异性）噪声分布，从而提供更具针对性的对抗攻击防御。我们的理论框架具有普适性，支持多种噪声分布以实现不同$\ell_p$范数下的认证鲁棒性，并适用于任意分类器——通过定制化的噪声注入，保证分类器对扰动输入的预测具有可证明的鲁棒性边界。此外，我们开发了一个配备三种示例性噪声参数生成器的新型框架，以针对不同数据维度优化微调非各向同性噪声参数，从而在实践中实现不同层级的鲁棒性提升。实证评估表明，UCAN在MNIST、CIFAR10和ImageNet数据集上，于较大认证半径下的认证准确率相比现有最先进方法取得显著突破，最高提升达$182.6\%$。\footnote{代码匿名发布于 \href{https://github.com/youbin2014/UCAN/}{https://github.com/youbin2014/UCAN/}}