# [C4/W] Consistency Regularization for Certified Robustness of Smoothed Classifiers

Published in Neural Information Processing Systems (NeurIPS), 2020

tl;dr: Consistency controls robustness in the world of randomized smoothing, like TRADES in adversarial training. 

• Also appeared at ICML UDL Workshop 2020
• Won Qualcomm Innovation Fellowship Korea 2020

#### Abstract

A recent technique of randomized smoothing has shown that the worst-case (adversarial) $\ell_2$-robustness can be transformed into the average-case Gaussian-robustness by "smoothing" a classifier, i.e., by considering the averaged prediction over Gaussian noise. In this paradigm, one should rethink the notion of adversarial robustness in terms of generalization ability of a classifier under noisy observations. We found that the trade-off between accuracy and certified robustness of smoothed classifiers can be greatly controlled by simply regularizing the prediction consistency over noise. This relationship allows us to design a robust training objective without approximating a non-existing smoothed classifier, e.g., via soft smoothing. Our experiments under various deep neural network architectures and datasets show that the "certified" $\ell_2$-robustness can be dramatically improved with the proposed regularization, even achieving better or comparable results to the state-of-the-art approaches with significantly less training costs and hyperparameters.

#### BibTeX

@inproceedings{jeong2020consistency,
author = {Jeong, Jongheon and Shin, Jinwoo},
booktitle = {Advances in Neural Information Processing Systems},
editor = {H. Larochelle and M. Ranzato and R. Hadsell and M.F. Balcan and H. Lin},
pages = {10558--10570},
publisher = {Curran Associates, Inc.},
title = {Consistency Regularization for Certified Robustness of Smoothed Classifiers},
url = {https://proceedings.neurips.cc/paper/2020/file/77330e1330ae2b086e5bfcae50d9ffae-Paper.pdf},
volume = {33},
year = {2020}
}


Updated: