We study the problem of robust learning against adversarial perturbations under cost-sensitive scenarios, where the potential harm of different types of misclassifications is encoded in a cost matrix. Existing approaches are either empirical and cannot certify robustness or suffer from inherent scalability issues. In this work, we investigate whether randomized smoothing, a scalable framework for robustness certification, can be leveraged to certify and train for cost-sensitive robustness. Built upon the notion of cost-sensitive certified radius, we first illustrate how to adapt the standard certification algorithm of randomized smoothing to produce tight robustness certificates for any binary cost matrix, and then develop a robust training method to promote certified cost-sensitive robustness while maintaining the model's overall accuracy. Through extensive experiments on image benchmarks, we demonstrate the superiority of our proposed certification algorithm and training method under various cost-sensitive scenarios. Our implementation is available as open source code at: https://github.com/TrustMLRG/CS-RS.

翻译：本研究探讨在成本敏感场景下对抗扰动的鲁棒学习问题，其中不同类型误分类的潜在危害通过成本矩阵进行编码。现有方法要么缺乏理论保证而无法验证鲁棒性，要么存在固有的可扩展性问题。本文研究是否可利用随机平滑——一种可扩展的鲁棒性验证框架——来实现成本敏感鲁棒性的验证与训练。基于成本敏感认证半径的概念，我们首先阐明如何改进标准随机平滑验证算法，使其能为任意二元成本矩阵生成严格的鲁棒性证明；随后提出一种鲁棒训练方法，在保持模型整体准确率的同时提升可验证的成本敏感鲁棒性。通过在图像基准数据集上的大量实验，我们证明了所提验证算法与训练方法在多种成本敏感场景下的优越性。实现代码已开源：https://github.com/TrustMLRG/CS-RS。