Machine learning models have demonstrated remarkable success across diverse
domains but remain vulnerable to adversarial attacks. Empirical defence
mechanisms often fall short, as new attacks constantly emerge, rendering
existing defences obsolete. A paradigm shift from empirical defences to
certification-based defences has been observed in response. Randomized
smoothing has emerged as a promising technique among notable advancements. This
study reviews the theoretical foundations, empirical effectiveness, and
applications of randomized smoothing in verifying machine learning classifiers.
We provide an in-depth exploration of the fundamental concepts underlying
randomized smoothing, highlighting its theoretical guarantees in certifying
robustness against adversarial perturbations. Additionally, we discuss the
challenges of existing methodologies and offer insightful perspectives on
potential solutions. This paper is novel in its attempt to systemise the
existing knowledge in the context of randomized smoothing.

机器学习模型容易受到对抗攻击，通过随机平滑技术进行认证防御可以提高分类器的鲁棒性。该研究探讨了随机平滑的理论基础、实证有效性和应用，系统化总结了现有知识并提出潜在解决方案。