Randomized Smoothing of All Shapes and Sizes
Authors: Greg Yang, Tony Duan, J. Edward Hu, Hadi Salman, Ilya Razenshteyn, Jerry Li
ICML 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We propose a novel framework for devising and analyzing randomized smoothing schemes, and validate its effectiveness in practice. Our theoretical contributions are: (1) we show that for an appropriate notion of optimal , the optimal smoothing distributions for any nice norms have level sets given by the norm s Wulff Crystal; (2) we propose two novel and complementary methods for deriving provably robust radii for any smoothing distribution; and, (3) we show fundamental limits to current randomized smoothing techniques via the theory of Banach space cotypes. By combining (1) and (2), we significantly improve the state-of-the-art certified accuracy in ℓ1 on standard datasets. and 6. Experiments We empirically study the performance of different smoothing distributions on image classification datasets, using the bounds derived via the level set or the differential method, and verify predictions made by the Wulff Crystal theory. We follow the experimental procedure in Cohen et al. (2019) and further works on randomized smoothing (Salman et al., 2019a; Li et al., 2019; Zhai et al., 2020) using Image Net (Deng et al., 2009) and CIFAR-10 (Krizhevsky, 2009). |
| Researcher Affiliation | Industry | Greg Yang * 1 Tony Duan * 1 2 J. Edward Hu 1 2 Hadi Salman 1 Ilya Razenshteyn 1 Jerry Li 1 *Equal contribution 1Microsoft Research AI 2Work done as part of the Microsoft AI Residency Program. Correspondence to: Greg Yang <gregyang@microsoft.com>, Tony Duan <tony.duan@microsoft.com>, Jerry Li <jerrl@microsoft.com>. |
| Pseudocode | Yes | Algorithm 1 Pre-Computing Robust Radius Table via Level Set Method for Spherical Distributions Againt ℓ2 Adversary and Algorithm 2 Certification with Table |
| Open Source Code | Yes | We provide code in github.com/tonyduan/rs4a. |
| Open Datasets | Yes | We follow the experimental procedure in Cohen et al. (2019) and further works on randomized smoothing (Salman et al., 2019a; Li et al., 2019; Zhai et al., 2020) using Image Net (Deng et al., 2009) and CIFAR-10 (Krizhevsky, 2009). |
| Dataset Splits | No | The paper mentions using ImageNet and CIFAR-10, but does not provide specific training/validation/test dataset splits (percentages, counts, or explicit standard split references) to reproduce the data partitioning. |
| Hardware Specification | No | The paper does not provide specific hardware details (exact GPU/CPU models, processor types with speeds, memory amounts, or detailed computer specifications) used for running its experiments. |
| Software Dependencies | No | The paper does not provide specific ancillary software details, such as library or solver names with version numbers, needed to replicate the experiment. |
| Experiment Setup | Yes | For each distribution q, we train models across a range of scale parameter λ (see Table A.1), corresponding to the same range of noise variances σ2 def = Eδ q[ 1 d δ 2 2] across different distributions. Then we calculate for each model the certified accuracies across the range of considered ϵ. Finally, in our plots, we present, for each distribution, the upper envelopes of certified accuracies attained over the range of considered σ. Further details of experimental procedures are described in Appendix D. All results were certified with N = 100, 000 samples and failure probability α = 0.001. |