Randomized Smoothing (RS) is currently a scalable certified defense method providing robustness certification against adversarial examples. Although significant progress has been achieved in providing defenses against $\ell_p$ adversaries, the interaction between the smoothing distribution and the robustness certification still remains vague. In this work, we comprehensively study the effect of two families of distributions, named Exponential Standard Gaussian (ESG) and Exponential General Gaussian (EGG) distributions, on Randomized Smoothing and Double Sampling Randomized Smoothing (DSRS). We derive an analytic formula for ESG's certified radius, which converges to the origin formula of RS as the dimension $d$ increases. Additionally, we prove that EGG can provide tighter constant factors than DSRS in providing $\Omega(\sqrt{d})$ lower bounds of $\ell_2$ certified radius, and thus further addresses the curse of dimensionality in RS. Our experiments on real-world datasets confirm our theoretical analysis of the ESG distributions, that they provide almost the same certification under different exponents $\eta$ for both RS and DSRS. In addition, EGG brings a significant improvement to the DSRS certification, but the mechanism can be different when the classifier properties are different. Compared to the primitive DSRS, the increase in certified accuracy provided by EGG is prominent, up to 6.4% on ImageNet.

翻译：随机平滑（RS）是目前一种可扩展的认证防御方法，能够提供针对对抗样本的鲁棒性认证。尽管在防御$\ell_p$攻击者方面已取得显著进展，但平滑分布与鲁棒性认证之间的相互作用仍不明确。本文系统研究了指数标准高斯（ESG）和指数广义高斯（EGG）两类分布对随机平滑及双重采样随机平滑（DSRS）的影响。我们推导出ESG认证半径的解析公式，该公式随维度$d$增加收敛于RS的原始公式。此外，我们证明EGG在提供$\ell_2$认证半径的$\Omega(\sqrt{d})$下界时，能给出比DSRS更紧的常数因子，从而进一步缓解RS中的维度灾难问题。在真实数据集上的实验证实了我们对ESG分布的理论分析：对于不同指数$\eta$，ESG在RS和DSRS中均能提供几乎相同的认证效果。同时，EGG为DSRS认证带来显著提升，但其作用机制会因分类器特性不同而产生差异。与原始DSRS相比，EGG带来的认证准确率提升效果显著，在ImageNet上最高可达6.4%。