ANCER: Anisotropic Certification via Sample-wise Volume Maximization

Francisco Eiras; Motasem Alfarra; Philip Torr; M. Pawan Kumar; Puneet K. Dokania; Bernard Ghanem; Adel Bibi

ANCER: Anisotropic Certification via Sample-wise Volume Maximization

Francisco Eiras, Motasem Alfarra, Philip Torr, M. Pawan Kumar, Puneet K. Dokania, Bernard Ghanem, Adel Bibi

Published: 08 Sept 2022, Last Modified: 28 Feb 2023Accepted by TMLREveryoneRevisionsBibTeX

Abstract: Randomized smoothing has recently emerged as an effective tool that enables certification of deep neural network classifiers at scale. All prior art on randomized smoothing has focused on isotropic $\ell_p$ certification, which has the advantage of yielding certificates that can be easily compared among isotropic methods via $\ell_p$-norm radius. However, isotropic certification limits the region that can be certified around an input to worst-case adversaries, i.e., it cannot reason about other "close", potentially large, constant prediction safe regions. To alleviate this issue, (i) we theoretically extend the isotropic randomized smoothing $\ell_1$ and $\ell_2$ certificates to their generalized anisotropic counterparts following a simplified analysis. Moreover, (ii) we propose evaluation metrics allowing for the comparison of general certificates - a certificate is superior to another if it certifies a superset region - with the quantification of each certificate through the volume of the certified region. We introduce ANCER, a framework for obtaining anisotropic certificates for a given test set sample via volume maximization. We achieve it by generalizing memory-based certification of data-dependent classifiers. Our empirical results demonstrate that ANCER achieves state-of-the-art $\ell_1$ and $\ell_2$ certified accuracy on CIFAR-10 and ImageNet in the data-dependence setting, while certifying larger regions in terms of volume, highlighting the benefits of moving away from isotropic analysis.

Submission Length: Regular submission (no more than 12 pages of main content)

Previous TMLR Submission Url: https://openreview.net/forum?id=1U7m4W9P1i

Changes Since Last Submission: We mistakenly forgot to include one of the authors as part of the authors’ list in the original submission, so at the request of the AE we withdrew and are re-submitting the paper with the correct author list.

Code: https://github.com/MotasemAlfarra/ANCER

Assigned Action Editor: ~Yair_Carmon1

License: Creative Commons Attribution 4.0 International (CC BY 4.0)

Submission Number: 233

Loading