1. Robustness Verification with Non-Uniform Randomized Smoothing
- Author
-
Tecot, Lucas Matthew
- Subjects
Computer science - Abstract
Formal verification via randomized smoothing has become an effective method for verifying the robustness of machine learning models to adversarial attacks. In this work, I extend randomized smoothing by allowing noises with independent variances on each input element of a smoothed classifier, enabling the flexibility of using non-uniform perturbations rather than the standard l-p norm perturbations. Furthermore, I provide practical optimization methods to find the optimal variance matrix through gradient descent. I evaluate my method on MNIST, Fashion-MNIST, CIFAR-10, ImageNet, and KITTI datasets and show that my optimized non-uniform smoothing noises can certify a region with guaranteed robustness magnitudes larger in volume than previous works. Additionally, my method can be used to evaluate the sensitivity of input features and identify non-robust and robust features.
- Published
- 2021