Reconcile Certified Robustness and Accuracy for DNN-based Smoothed Majority Vote Classifier

Within the PAC-Bayesian framework, the Gibbs classifier (defined on a posterior $Q$) and the corresponding $Q$-weighted majority vote classifier are commonly used to analyze the generalization performance. However, there exists a notable lack in theoretical research exploring the certified robustness of majority vote classifier and its interplay with generalization. In this study, we develop a generalization error bound that possesses a certified robust radius for the smoothed majority vote classifier (i.e., the $Q$-weighted majority vote classifier with smoothed inputs); In other words, the generalization bound holds under any data perturbation within the certified robust radius. As a byproduct, we find that the underpinnings of both the generalization bound and the certified robust radius draw, in part, upon weight spectral norm, which thereby inspires the adoption of spectral regularization in smooth training to boost certified robustness. Utilizing the dimension-independent property of spherical Gaussian inputs in smooth training, we propose a novel and inexpensive spectral regularizer to enhance the smoothed majority vote classifier. In addition to the theoretical contribution, a set of empirical results is provided to substantiate the effectiveness of our proposed method.

Key Contributions

• Margin-based generalization error bound with embedded certified robust radius for the smoothed Q-weighted majority vote classifier under the PAC-Bayesian framework
• Theoretical finding that both generalization bound and certified robust radius share dependence on weight spectral norm, motivating spectral regularization in smooth training
• Novel, computationally inexpensive spectral regularizer exploiting the dimension-independent property of spherical Gaussian inputs in randomized smoothing

🛡️ Threat Analysis

Details

Similar Papers