DC Field | Value | Language |
---|---|---|
dc.contributor.author | Jeong, Jongheon | ko |
dc.contributor.author | Park, Sejun | ko |
dc.contributor.author | Kim, Minkyu | ko |
dc.contributor.author | Lee, Heung-Chang | ko |
dc.contributor.author | Kim, Doguk | ko |
dc.contributor.author | Shin, Jinwoo | ko |
dc.date.accessioned | 2021-12-09T06:48:03Z | - |
dc.date.available | 2021-12-09T06:48:03Z | - |
dc.date.created | 2021-12-02 | - |
dc.date.issued | 2021-12-07 | - |
dc.identifier.citation | 35th Conference on Neural Information Processing Systems, NeurIPS 2021 | - |
dc.identifier.uri | http://hdl.handle.net/10203/290292 | - |
dc.description.abstract | Randomized smoothing is currently a state-of-the-art method to construct a certifiably robust classifier from neural networks against ℓ2-adversarial perturbations. Under the paradigm, the robustness of a classifier is aligned with the prediction confidence, i.e., the higher confidence from a smoothed classifier implies the better robustness. This motivates us to rethink the fundamental trade-off between accuracy and robustness in terms of calibrating confidences of a smoothed classifier. In this paper, we propose a simple training scheme, coined SmoothMix, to control the robustness of smoothed classifiers via self-mixup: it trains on convex combinations of samples along the direction of adversarial perturbation for each input. The proposed procedure effectively identifies over-confident, near off-class samples as a cause of limited robustness in case of smoothed classifiers, and offers an intuitive way to adaptively set a new decision boundary between these samples for better robustness. Our experimental results demonstrate that the proposed method can significantly improve the certified ℓ2-robustness of smoothed classifiers compared to existing state-of-the-art robust training methods. | - |
dc.language | English | - |
dc.publisher | Neural Information Processing Systems | - |
dc.title | SmoothMix: Training Confidence-calibrated Smoothed Classifiers for Certified Robustness | - |
dc.type | Conference | - |
dc.type.rims | CONF | - |
dc.citation.publicationname | 35th Conference on Neural Information Processing Systems, NeurIPS 2021 | - |
dc.identifier.conferencecountry | US | - |
dc.identifier.conferencelocation | Virtual | - |
dc.contributor.localauthor | Shin, Jinwoo | - |
dc.contributor.nonIdAuthor | Park, Sejun | - |
dc.contributor.nonIdAuthor | Lee, Heung-Chang | - |
dc.contributor.nonIdAuthor | Kim, Doguk | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.