Viet-Anh on Software Logo

What is: Denoised Smoothing?

SourceDenoised Smoothing: A Provable Defense for Pretrained Classifiers
Year2000
Data SourceCC BY-SA - https://paperswithcode.com

Denoised Smoothing is a method for obtaining a provably robust classifier from a fixed pretrained one, without any additional training or fine-tuning of the latter. The basic idea is to prepend a custom-trained denoiser before the pretrained classifier, and then apply randomized smoothing. Randomized smoothing is a certified defense that converts any given classifier ff into a new smoothed classifier gg that is characterized by a non-linear Lipschitz property. When queried at a point xx, the smoothed classifier gg outputs the class that is most likely to be returned by ff under isotropic Gaussian perturbations of its inputs. Unfortunately, randomized smoothing requires that the underlying classifier ff is robust to relatively large random Gaussian perturbations of the input, which is not the case for off-the-shelf pretrained models. By applying our custom-trained denoiser to the classifier ff, we can effectively make ff robust to such Gaussian perturbations, thereby making it “suitable” for randomized smoothing.