_1 Adversarial Robustness Certificates: a Randomized Smoothing Approach
Jiaye Teng, Guang-He Lee, Yang Yuan
Unverified — Be the first to reproduce this paper.
ReproduceAbstract
Robustness is an important property to guarantee the security of machine learning models. It has recently been demonstrated that strong robustness certificates can be obtained on ensemble classifiers generated by input randomization. However, tight robustness certificates are only known for symmetric norms including _0 and _2, while for asymmetric norms like _1, the existing techniques do not apply. By converting the likelihood ratio into a one-dimensional mixed random variable, we derive the first tight _1 robustness certificate under isotropic Laplace distributions. Empirically, the deep networks smoothed by Laplace distributions yield the state-of-the-art certified robustness in _1 norm on CIFAR-10 and ImageNet.