What does "Certifiable Robustness" mean?

Table of Contents

Certifiable robustness is a concept in machine learning that ensures small changes to an input do not affect the output of a classifier, which is a system that makes predictions. This means that if someone tries to trick the model by slightly altering the input, the model will still make the same prediction.

There are two main ways to achieve certifiable robustness. One method involves training the classifier to be less sensitive to changes by using a specific property called a small Lipschitz constant. The other method is called randomized smoothing, which adds random noise to the input data. This noise helps create a more stable classifier that can handle minor alterations.

A new approach combines both methods. It divides a classifier into two parts: one part is trained to be less sensitive to changes, while the other part uses the random noise technique. This combined approach helps take advantage of the strengths of both methods, resulting in improved performance.

Overall, certifiable robustness is important because it helps make machine learning systems more reliable against attempts to deceive them with tricky inputs.