Go to ICML 2025 Conference homepageProvably Cost-Sensitive Adversarial Defense via Randomized Smoothing
Abstract: As machine learning models are deployed in critical applications, robustness against adversarial perturbations is crucial. While numerous defensive algorithms have been proposed to counter such attacks, they typically assume that all adversarial transformations are equally important, an assumption that rarely aligns with real-world applications. To address this, we study the problem of robust learning against adversarial perturbations under cost-sensitive scenarios, where the potential harm of different types of misclassifications is encoded in a cost matrix. Our solution introduces a provably robust learning algorithm to certify and optimize for cost-sensitive robustness, building on the scalable certification framework of randomized smoothing. Specifically, we formalize the definition of cost-sensitive certified radius and propose our novel adaptation of the standard certification algorithm to generate tight robustness certificates tailored to any cost matrix. In addition, we design a robust training method that improves certified cost-sensitive robustness without compromising model accuracy. Extensive experiments on benchmark datasets, including challenging ones unsolvable by existing methods, demonstrate the effectiveness of our certification algorithm and training method across various cost-sensitive scenarios.
Lay Summary: Adversarial robustness is essential as machine learning models are increasingly deployed in critical settings. However, existing robust learning methods typically assume all adversarial perturbations and misclassifications are equally costly, which rarely matches real-world needs. To address this, we study robust learning under cost-sensitive scenarios, where the varying potential harm of different misclassifications is described by a cost matrix. We propose a provably robust learning algorithm that certifies and optimizes cost-sensitive robustness, building on the scalable framework of randomized smoothing. Specifically, we formalize the concept of a cost-sensitive certified radius and adapt the standard certification algorithm to generate tight robustness certificates tailored for any given cost matrix. Furthermore, we design a robust training method that directly improves certified cost-sensitive robustness while maintaining model accuracy. Our experiments on benchmark datasets—including challenging cases unsolvable by prior approaches—demonstrate that our certification and training methods consistently achieve higher cost-sensitive robustness across a range of realistic scenarios.
Primary Area: Social Aspects->Robustness
Keywords: Certification, cost-sensitive learning
Submission Number: 11792
Loading