随机平滑在受攻击环境下的实际效果如何？

Apr, 2022

随机平滑在受攻击环境下的实际效果如何？

Randomized Smoothing under Attack: How Good is it in Pratice?

Thibault Maho, Teddy Furon, Erwan Le Merrer

TL;DR本研究发现随机平滑在理论认证与实践中保护分类器免受黑盒攻击的设置存在差异，对RS进行攻击会导致认证的鲁棒性下降且分类器准确度降低。

Abstract

randomized smoothing is a recent and celebrated solution to certify the robustness of any classifier. While it indeed provides a theoretical robustness against adversarial attacks, the dimensionality of current c