Summary of Adaptive Randomized Smoothing: Certified Adversarial Robustness For Multi-step Defences, by Saiyue Lyu et al.
Adaptive Randomized Smoothing: Certified Adversarial Robustness for Multi-Step Defences
by Saiyue Lyu, Shadab Shaikh, Frederick Shpilevskiy, Evan Shelhamer, Mathias Lécuyer
First submitted to arxiv on: 14 Jun 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The proposed Adaptive Randomized Smoothing (ARS) technique aims to certify the predictions of adaptive models against adversarial examples. Building upon f-Differential Privacy, ARS extends the analysis of randomized smoothing to cover the adaptive composition of multiple steps for high-dimensional functions with noisy inputs. The method is instantiated on deep image classification and enables flexible adaptation through input-dependent masking in the L∞ threat model. Evaluation benchmarks are designed based on CIFAR-10, CelebA, and ImageNet, showing ARS improves test accuracy by 1-15% points without adaptivity. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Adaptive Randomized Smoothing (ARS) is a new way to make sure computer models are accurate even when they’re faced with tricky questions. Right now, these models can get fooled by fake images or words that look real. ARS helps fix this problem by looking at how well the model does on lots of different pictures and faces. It’s like testing a car on different roads to see if it can handle different conditions. The results show that ARS can make models more accurate, especially when they’re dealing with fake images. |
Keywords
» Artificial intelligence » Image classification
