Multi-scale Diffusion Denoised Smoothing
Dec 10, 2023
Speakers
Jongheon Jeong
Speaker · 1 follower
Jinwoo Shin
Speaker · 2 followers
About
Along with recent diffusion models, randomized smoothing has become one of a few tangible approaches that offers adversarial robustness to models at scale, e.g., those of large pre-trained models. Specifically, one can perform randomized smoothing on any classifier via a simple "denoise-and-classify" pipeline, so-called denoised smoothing, given that an accurate denoiser is available - such as diffusion models. In this paper, we investigate the trade-off between accuracy and certified robustness of denoised smoothing: for example, we question on which representation of diffusion model would maximize the certified robustness of denoised smoothing. We consider a new objective that aims collective robustness of smoothed classifiers across multiple noise levels at a shared diffusion model, which also suggests a new way to compensate the cost of accuracy in randomized smoothing for its certified robustness. This objective motivates us to fine-tune diffusion model (a) to perform consistent denoising whenever the original image is recoverable, but (b) to generate rather diverse outputs otherwise. Our experiments show that this fine-tuning scheme of diffusion models combined with the multi-scale smoothing enables a strong certified robustness possible at highest noise level while maintaining the accuracy closer to non-smoothed classifiers.Along with recent diffusion models, randomized smoothing has become one of a few tangible approaches that offers adversarial robustness to models at scale, e.g., those of large pre-trained models. Specifically, one can perform randomized smoothing on any classifier via a simple "denoise-and-classify" pipeline, so-called denoised smoothing, given that an accurate denoiser is available - such as diffusion models. In this paper, we investigate the trade-off between accuracy and certified robustness…
Organizer
NeurIPS 2023
Account · 623 followers
Like the format? Trust SlidesLive to capture your next event!
Professional recording and live streaming, delivered globally.
Sharing
Recommended Videos
Presentations on similar topic, category or speaker
ForecastPFN: Synthetically-Trained Zero-Shot Forecasting
Watch later
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
Utilitarian Algorithm Configuration
Watch later
Devon Graham, …
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
EMBERSim: A Large-Scale Databank for Boosting Similarity Search in Malware Analysis
Watch later
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
Hypothesis Selection with Memory Constraints
Watch later
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
Multi-resolution Spectral Coherence for Graph Generation with Score-based Diffusion
Watch later
Hyuna Cho, …
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
A Unified Framework for Rank-based Loss Minimization
Watch later
Rufeng Xiao, …
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%