On the trade-off between robustness and accuracy in smoothed classifiers평탄화된 분류기의 견고성과 정확성 간 상충관계에 대하여
Notwithstanding the recent successes of deep learning towards artificial intelligence (AI), real-world deployment of AI systems has been impeded by their fragility in worst-case (or essentially adversarial) behaviors. Randomized smoothing is currently one of a few tangible approaches that provides adversarial robustness in such scenarios, with a benefit of being applicable to models at scale, e.g., those of large pre-trained models: specifically, any classifier can be "smoothed out" to make it provably robust against adversarial inputs, by taking a majority vote of its predictions over random Gaussian noise. This dissertation aims to make randomized smoothing more practical, with a particular focus on mitigating the current trade-off between certified robustness and accuracy in randomized smoothing. We observe that "calibrating" the confidence of smoothed classifiers can be a peculiar proxy to this end, and develop various methods based on this to obtain robust smoothed classifiers with less degradation in accuracy. The proposed solutions cover not only efficient training methods for smoothed classifiers, but also inference and fine-tuning schemes for large-scale randomized smoothing on pre-trained models.
- Advisors
- 신진우researcher
- Description
- 한국과학기술원 :전기및전자공학부,
- Publisher
- 한국과학기술원
- Issue Date
- 2023
- Identifier
- 325007
- Language
- eng
- Description
학위논문(박사) - 한국과학기술원 : 전기및전자공학부, 2023.8,[vi, 102 p. :]
- Keywords
딥러닝▼a머신러닝▼a적대적 견고성▼a증명가능한 견고성▼a무작위 평활화▼a신뢰성 기반 학습▼a일관성 정규화▼a인공지능 안전성; Deep learning▼aMachine learning▼aAdversarial robustness▼aCertified robustness▼aRandomized smoothing▼aConfidence-aware training▼aConsistency regularization▼aAI safety
- Appears in Collection
- EE-Theses_Ph.D.(박사논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.