认证的免费对抗鲁棒性

Jun, 2022

(Certified!!) Adversarial Robustness for Free!

Nicholas Carlini, Florian Tramer, Krishnamurthy, Dvijotham, J. Zico Kolter

TL;DR本文介绍了一个基于离线预训练模型，通过组合去噪扩散概率模型和高性能分类器等手段实现了对于2-范数边界扰动的认证敌对鲁棒性，并在ImageNet数据集上得到了71%的分类准确率，显著优于之前的相关研究。

Abstract

In this paper we show how to achieve state-of-the-art certified adversarial robustness to 2-norm bounded perturbations by relying exclusively on off-the-shelf →