English

Multi-scale Diffusion Denoised Smoothing

Machine Learning 2023-10-30 v3 Artificial Intelligence Machine Learning

Abstract

Along with recent diffusion models, randomized smoothing has become one of a few tangible approaches that offers adversarial robustness to models at scale, e.g., those of large pre-trained models. Specifically, one can perform randomized smoothing on any classifier via a simple "denoise-and-classify" pipeline, so-called denoised smoothing, given that an accurate denoiser is available - such as diffusion model. In this paper, we present scalable methods to address the current trade-off between certified robustness and accuracy in denoised smoothing. Our key idea is to "selectively" apply smoothing among multiple noise scales, coined multi-scale smoothing, which can be efficiently implemented with a single diffusion model. This approach also suggests a new objective to compare the collective robustness of multi-scale smoothed classifiers, and questions which representation of diffusion model would maximize the objective. To address this, we propose to further fine-tune diffusion model (a) to perform consistent denoising whenever the original image is recoverable, but (b) to generate rather diverse outputs otherwise. Our experiments show that the proposed multi-scale smoothing scheme combined with diffusion fine-tuning enables strong certified robustness available with high noise level while maintaining its accuracy close to non-smoothed classifiers.

Keywords

Cite

@article{arxiv.2310.16779,
  title  = {Multi-scale Diffusion Denoised Smoothing},
  author = {Jongheon Jeong and Jinwoo Shin},
  journal= {arXiv preprint arXiv:2310.16779},
  year   = {2023}
}

Comments

Published as a conference paper at NeurIPS 2023; Code is available at https://github.com/jh-jeong/smoothing-multiscale

R2 v1 2026-06-28T13:01:48.972Z