Improving the Accuracy-Robustness Trade-Off of Classifiers via Adaptive Smoothing

Overview

• Proposed a method to significantly improve the trade-off between clean accuracy and adversarial robustness in neural classifiers


• Mixing output probabilities of a standard (high clean accuracy) and robust classifier, leveraging the robust classifier's confidence difference for correct and incorrect examples


• Theoretically certified the robustness of the mixed classifier under realistic assumptions


• Adapted an adversarial input detector to create a mixing network that adjusts the mixture adaptively, further reducing the accuracy penalty


• Empirically evaluated on CIFAR-100, achieving high clean accuracy …

accuracy adversarial classifier classifiers confidence difference examples improving mixed overview robust robustness standard trade trade-off via