MSc Thesis presentation - Shadab Shaikh

Name: Shadab Shaikh
Date: 12th April, 2024
Time: 11am PT
Location: ICICS X836 and Zoom (https://ubc.zoom.us/j/517560312?pwd=Und6RjFXK2N0TkRKVUxjcTd0Y0w4UT09)

Supervisor: Mathias Lécuyer

Title: Adaptive Randomized Smoothing: Certifying Multi-Step Defences against Adversarial Examples

Abstract: 

We propose Adaptive Randomized Smoothing (ARS), a technique to certify the predictions of test-time adaptive models against adversarial examples. ARS builds on an analysis of Randomized Smoothing using f-Differential Privacy, which we leverage to certify the adaptive composition of several mechanisms. We instantiate ARS in a deep learning architecture for image classification, and provide certified predictions against adversarial examples of bounded L-infinity size. We show that adaptivity improves accuracy by up to 17% on a CIFAR-10 benchmark.