Certifying Ensembles: A General Certification Theory with S-Lipschitzness
Keywords: certification, robustness, s-lipschitzness, lipschitz, ensembles
TL;DR: We theoretically analyze conditions under which 1) ensembles improve over the robustness of constitute classifiers, 2) derive the maximum margin of improvement, 3) and settings where ensembling hurts robustness.
Abstract: Improving and guaranteeing the robustness of deep learning models has been a topic of intense research. Ensembling, which combines several classifiers to provide a better model, has been shown to be beneficial for generalisation, uncertainty estimation, calibration, and mitigating the effects of concept drift. However, the impact of ensembling on certified robustness is less well understood. In this work, we generalise Lipschitz continuity by introducing S-Lipschitz classifiers, which we use to analyse the theoretical robustness of ensembles. Our results are precise conditions when ensembles of robust classifiers are more robust than any constituent classifier, as well as conditions when they are less robust.
Submission Number: 20
Loading