pith. sign in

arxiv: 2001.02378 · v4 · pith:335FXF3Jnew · submitted 2020-01-08 · 💻 cs.LG · cs.CR· stat.ML

MACER: Attack-free and Scalable Robust Training via Maximizing Certified Radius

classification 💻 cs.LG cs.CRstat.ML
keywords macertrainingcertifiedradiusrobustadversarialmodelsalgorithm
0
0 comments X
read the original abstract

Adversarial training is one of the most popular ways to learn robust models but is usually attack-dependent and time costly. In this paper, we propose the MACER algorithm, which learns robust models without using adversarial training but performs better than all existing provable l2-defenses. Recent work shows that randomized smoothing can be used to provide a certified l2 radius to smoothed classifiers, and our algorithm trains provably robust smoothed classifiers via MAximizing the CErtified Radius (MACER). The attack-free characteristic makes MACER faster to train and easier to optimize. In our experiments, we show that our method can be applied to modern deep neural networks on a wide range of datasets, including Cifar-10, ImageNet, MNIST, and SVHN. For all tasks, MACER spends less training time than state-of-the-art adversarial training algorithms, and the learned models achieve larger average certified radius.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Provable Robustness against Backdoor Attacks via the Primal-Dual Perspective on Differential Privacy

    cs.LG 2026-05 unverdicted novelty 7.0

    A new framework is introduced for end-to-end provable robustness against backdoor attacks by composing randomized smoothing with differentially private training via privacy profiles.