Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Preprint |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2402.07498 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866912301407272960 |
|---|---|
| author | Bhardwaj, Devansh Kaushik, Kshitiz Gupta, Sarthak |
| author_facet | Bhardwaj, Devansh Kaushik, Kshitiz Gupta, Sarthak |
| contents | Randomized smoothing has emerged as a potent certifiable defense against adversarial attacks by employing smoothing noises from specific distributions to ensure the robustness of a smoothed classifier. However, the utilization of Monte Carlo sampling in this process introduces a compute-intensive element, which constrains the practicality of randomized smoothing on a larger scale. To address this limitation, we propose a novel approach that replaces Monte Carlo sampling with the training of a surrogate neural network. Through extensive experimentation in various settings, we demonstrate the efficacy of our approach in approximating the smoothed classifier with remarkable precision. Furthermore, we demonstrate that our approach significantly accelerates the robust radius certification process, providing nearly $600$X improvement in computation time, overcoming the computational bottlenecks associated with traditional randomized smoothing. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2402_07498 |
| institution | arXiv |
| publishDate | 2024 |
| record_format | arxiv |
| spellingShingle | Accelerated Smoothing: A Scalable Approach to Randomized Smoothing Bhardwaj, Devansh Kaushik, Kshitiz Gupta, Sarthak Machine Learning Randomized smoothing has emerged as a potent certifiable defense against adversarial attacks by employing smoothing noises from specific distributions to ensure the robustness of a smoothed classifier. However, the utilization of Monte Carlo sampling in this process introduces a compute-intensive element, which constrains the practicality of randomized smoothing on a larger scale. To address this limitation, we propose a novel approach that replaces Monte Carlo sampling with the training of a surrogate neural network. Through extensive experimentation in various settings, we demonstrate the efficacy of our approach in approximating the smoothed classifier with remarkable precision. Furthermore, we demonstrate that our approach significantly accelerates the robust radius certification process, providing nearly $600$X improvement in computation time, overcoming the computational bottlenecks associated with traditional randomized smoothing. |
| title | Accelerated Smoothing: A Scalable Approach to Randomized Smoothing |
| topic | Machine Learning |
| url | https://arxiv.org/abs/2402.07498 |