Corpus ID: 210064343

MACER: Attack-free and Scalable Robust Training via Maximizing Certified Radius

@article{Zhai2020MACERAA,
  title={MACER: Attack-free and Scalable Robust Training via Maximizing Certified Radius},
  author={Runtian Zhai and Chen Dan and Di He and Huan Zhang and Boqing Gong and Pradeep Ravikumar and Cho-Jui Hsieh and Liwei Wang},
  journal={ArXiv},
  year={2020},
  volume={abs/2001.02378}
}
  • Runtian Zhai, Chen Dan, +5 authors Liwei Wang
  • Published 2020
  • Computer Science, Mathematics
  • ArXiv
  • Adversarial training is one of the most popular ways to learn robust models but is usually attack-dependent and time costly. In this paper, we propose the MACER algorithm, which learns robust models without using adversarial training but performs better than all existing provable l2-defenses. Recent work shows that randomized smoothing can be used to provide certified l2 radius to smoothed classifiers, and our algorithm trains provably robust smoothed classifiers via MAximizing the CErtified… CONTINUE READING

    Citations

    Publications citing this paper.
    SHOWING 1-10 OF 11 CITATIONS

    Certification of Semantic Perturbations via Randomized Smoothing

    VIEW 2 EXCERPTS
    CITES BACKGROUND

    Consistency Regularization for Certified Robustness of Smoothed Classifiers

    VIEW 15 EXCERPTS
    CITES METHODS & BACKGROUND
    HIGHLY INFLUENCED

    Enhancing Certified Robustness of Smoothed Classifiers via Weighted Model Ensembling

    VIEW 6 EXCERPTS
    CITES BACKGROUND & METHODS
    HIGHLY INFLUENCED

    Randomized Smoothing of All Shapes and Sizes

    VIEW 3 EXCERPTS
    HIGHLY INFLUENCED

    Adversarial Feature Desensitization

    VIEW 1 EXCERPT
    CITES BACKGROUND

    Label-Leaks: Membership Inference Attack with Label

    VIEW 1 EXCERPT
    CITES BACKGROUND

    References

    Publications referenced by this paper.
    SHOWING 1-10 OF 42 REFERENCES

    Adversarial Training for Free!

    Certified Adversarial Robustness via Randomized Smoothing

    VIEW 18 EXCERPTS
    HIGHLY INFLUENTIAL

    Certified Robustness to Adversarial Examples with Differential Privacy

    VIEW 1 EXCERPT