The robustness of deep neural networks (DNNs) against adversarial example
attacks has raised wide attention. For smoothed classifiers, we propose the
worst-case adversarial loss over input distributions as a robustness
certificate. Compared with previous certificates, our certificate better
describes the empirical performance of the smoothed classifiers. By exploiting
duality and the smoothness property, we provide an easy-to-compute upper bound
as a surrogate for the certificate. We adopt a noisy adversarial learning
procedure to minimize the surrogate loss to improve model robustness. We show
that our training method provides a theoretically tighter bound over the
distributional robust base classifiers. Experiments on a variety of datasets
further demonstrate superior robustness performance of our method over the
state-of-the-art certified or heuristic methods.

By admin