Enhancing Certified Robustness of Smoothed Classifiers via Weighted Model Ensembling
Chizhou Liu, **Yunzhen Feng**, Ranran Wang, Bin Dong
Published in Arxiv Preprint, 2020
Randomized smoothing has achieved state-of-the-art certified robustness against l2-norm adversarial attacks. However, it is not wholly resolved on how to find the optimal base classifier for randomized smoothing. In this work, we employ a Smoothed WEighted ENsembling (SWEEN) scheme to improve the performance of randomized smoothed classifiers. We theoretically show how SWEEN can be trained to achieve near-optimal risk in the randomized smoothing regime. We also develop an adaptive prediction algorithm to reduce the prediction and certification cost of SWEEN models. Extensive experiments illustrates the benefits of employing SWEEN.
Chizhou Liu, Yunzhen Feng, Ranran Wang, Bin Dong