GSmooth: Certified Robustness against Semantic Transformations via Generalized Randomized Smoothing
Keywords: Randomized Smoothing, Adversarial Robustness, Semantic Transformations, Machine Learning
Abstract: The vulnerability of deep learning models to adversarial examples and semantic transformations has limited the applications in risk-sensitive areas. The recent development of certified defense approaches like randomized smoothing provides a promising direction towards building reliable machine learning systems. However, current certified defenses cannot handle complex semantic transformations like rotational blur and defocus blur which are common in practical applications. In this paper, we propose a generalized randomized smoothing framework (GSmooth) for certified robustness against semantic transformations. We provide both a unified and rigorous theoretical framework and scalable algorithms for certified robustness on complex semantic transformations. Specifically, our key idea is to use a surrogate image-to-image neural network to approximate a transformation which provides a powerful tool for studying the properties of semantic transformations and certify the transformation based on this neural network. Experiments on multiple types of semantic perturbations and corruptions using multiple datasets demonstrate the effectiveness of our approach.
One-sentence Summary: We proposed generalized randomized smoothing (GSmooth) for certifying robustness against diverse semantic transformations.
Supplementary Material: zip
23 Replies
Loading