Certified robustness circumvents the fragility of defences against adversarial attacks, by endowing model predictions with guarantees of class invariance for attacks up to a calculated size. While there is value in these certifications, the techniques through which we assess their performance do not present a proper accounting of their strengths and weaknesses, as their analysis has eschewed consideration of performance over individual samples in favour of aggregated measures. By considering the potential output space of certified models, this work presents two distinct approaches to improve the analysis of certification mechanisms, that allow for both dataset-independent and dataset-dependent measures of certification performance. Embracing such a perspective uncovers new certification approaches, which have the potential to more than double the achievable radius of certification, relative to current state-of-the-art. Empirical evaluation verifies that our new approach can certify $9\%$ more samples at noise scale $\sigma = 1$, with greater relative improvements observed as the difficulty of the predictive task increases.

通过考虑认证模型的潜在输出空间，本研究提出了两种改进认证机制分析的独特方法，可以提供数据集独立和数据集相关的认证性能度量，从而使认证半径相对于现有技术能够提高一倍以上。经验证，我们的新方法能够在噪声尺度$σ = 1$下认证比以往多9％的样本，并且随着预测任务的难度增加，观察到更大的相对改进。

提高认证鲁棒性的简化分解测量