Timezone: »
Oral
Certified Adversarial Robustness via Randomized Smoothing
Jeremy Cohen · Elan Rosenfeld · Zico Kolter
Recent work has used randomization to create classifiers that are provably robust to adversarial perturbations with small L2 norm. However, existing guarantees for such classifiers are unnecessarily loose. In this work we provide the first tight analysis for these "randomized smoothing" classifiers. We then use the method to train an ImageNet classifier with e.g. a provable top-1 accuracy of 59% under adversarial perturbations with L2 norm less than 57/255. No other provable adversarial defense has been shown to be feasible on ImageNet. On the smaller-scale datasets where alternative approaches are viable, randomized smoothing outperforms all alternatives by a large margin. While our specific method can only certify robustness in L2 norm, the empirical success of the approach suggests that provable methods based on randomization are a promising direction for future research into adversarially robust classification.
Author Information
Jeremy Cohen (Carnegie Mellon University)
Elan Rosenfeld (Carnegie Mellon University)
Zico Kolter (Carnegie Mellon University / Bosch Center for AI)
Related Events (a corresponding poster, oral, or spotlight)
-
2019 Poster: Certified Adversarial Robustness via Randomized Smoothing »
Thu Jun 13th 01:30 -- 04:00 AM Room Pacific Ballroom
More from the Same Authors
-
2021 Workshop: A Blessing in Disguise: The Prospects and Perils of Adversarial Machine Learning »
Hang Su · Yinpeng Dong · Tianyu Pang · Eric Wong · Zico Kolter · Shuo Feng · Bo Li · Henry Liu · Dan Hendrycks · Francesco Croce · Leslie Rice · Tian Tian -
2021 Poster: DORO: Distributional and Outlier Robust Optimization »
Runtian Zhai · Chen Dan · Zico Kolter · Pradeep Ravikumar -
2021 Poster: RATT: Leveraging Unlabeled Data to Guarantee Generalization »
Saurabh Garg · Sivaraman Balakrishnan · Zico Kolter · Zachary Lipton -
2021 Spotlight: DORO: Distributional and Outlier Robust Optimization »
Runtian Zhai · Chen Dan · Zico Kolter · Pradeep Ravikumar -
2021 Oral: RATT: Leveraging Unlabeled Data to Guarantee Generalization »
Saurabh Garg · Sivaraman Balakrishnan · Zico Kolter · Zachary Lipton -
2021 Poster: On Proximal Policy Optimization's Heavy-tailed Gradients »
Saurabh Garg · Joshua Zhanson · Emilio Parisotto · Adarsh Prasad · Zico Kolter · Zachary Lipton · Sivaraman Balakrishnan · Ruslan Salakhutdinov · Pradeep Ravikumar -
2021 Poster: Stabilizing Equilibrium Models by Jacobian Regularization »
Shaojie Bai · Vladlen Koltun · Zico Kolter -
2021 Spotlight: On Proximal Policy Optimization's Heavy-tailed Gradients »
Saurabh Garg · Joshua Zhanson · Emilio Parisotto · Adarsh Prasad · Zico Kolter · Zachary Lipton · Sivaraman Balakrishnan · Ruslan Salakhutdinov · Pradeep Ravikumar -
2021 Spotlight: Stabilizing Equilibrium Models by Jacobian Regularization »
Shaojie Bai · Vladlen Koltun · Zico Kolter -
2020 Poster: Adversarial Robustness Against the Union of Multiple Perturbation Models »
Pratyush Maini · Eric Wong · Zico Kolter -
2020 Poster: Combining Differentiable PDE Solvers and Graph Neural Networks for Fluid Flow Prediction »
Filipe de Avila Belbute-Peres · Thomas Economon · Zico Kolter -
2020 Poster: Certified Robustness to Label-Flipping Attacks via Randomized Smoothing »
Elan Rosenfeld · Ezra Winston · Pradeep Ravikumar · Zico Kolter -
2020 Poster: Overfitting in adversarially robust deep learning »
Leslie Rice · Eric Wong · Zico Kolter -
2019 Poster: Wasserstein Adversarial Examples via Projected Sinkhorn Iterations »
Eric Wong · Frank R. Schmidt · Zico Kolter -
2019 Oral: Wasserstein Adversarial Examples via Projected Sinkhorn Iterations »
Eric Wong · Frank R. Schmidt · Zico Kolter -
2019 Poster: SATNet: Bridging deep learning and logical reasoning using a differentiable satisfiability solver »
Po-Wei Wang · Priya Donti · Bryan Wilder · Zico Kolter -
2019 Poster: Adversarial camera stickers: A physical camera-based attack on deep learning systems »
Juncheng Li · Frank R. Schmidt · Zico Kolter -
2019 Oral: SATNet: Bridging deep learning and logical reasoning using a differentiable satisfiability solver »
Po-Wei Wang · Priya Donti · Bryan Wilder · Zico Kolter -
2019 Oral: Adversarial camera stickers: A physical camera-based attack on deep learning systems »
Juncheng Li · Frank R. Schmidt · Zico Kolter -
2018 Poster: Provable Defenses against Adversarial Examples via the Convex Outer Adversarial Polytope »
Eric Wong · Zico Kolter -
2018 Oral: Provable Defenses against Adversarial Examples via the Convex Outer Adversarial Polytope »
Eric Wong · Zico Kolter -
2017 Poster: Input Convex Neural Networks »
Brandon Amos · Lei Xu · Zico Kolter -
2017 Poster: OptNet: Differentiable Optimization as a Layer in Neural Networks »
Brandon Amos · Zico Kolter -
2017 Poster: A Semismooth Newton Method for Fast, Generic Convex Programming »
Alnur Ali · Eric Wong · Zico Kolter -
2017 Talk: OptNet: Differentiable Optimization as a Layer in Neural Networks »
Brandon Amos · Zico Kolter -
2017 Talk: Input Convex Neural Networks »
Brandon Amos · Lei Xu · Zico Kolter -
2017 Talk: A Semismooth Newton Method for Fast, Generic Convex Programming »
Alnur Ali · Eric Wong · Zico Kolter