Randomized smoothing (RS) is an effective and scalable technique for constructing neural network classifiers that are certifiably robust to adversarial perturbations. Most RS works focus on training a good base model that boosts the certified robustness of the smoothed model. However, existing RS techniques treat every data point the same, i.e., the variance of the Gaussian noise used to form the smoothed model is preset and universal for all training and test data. This preset and universal Gaussian noise variance is suboptimal since different data points have different margins and the local properties of the base model vary across the input examples. In this paper, we examine the impact of customized handling of examples and propose Instance-wise Randomized Smoothing (Insta-RS) -- a multiple-start search algorithm that assigns customized Gaussian variances to test examples. We also design Insta-RS Train -- a novel two-stage training algorithm that adaptively adjusts and customizes the noise level of each training example for training a base model that boosts the certified robustness of the instance-wise Gaussian smoothed model. Through extensive experiments on CIFAR-10 and ImageNet, we show that our method significantly enhances the average certified radius (ACR) as well as the clean data accuracy compared to existing state-of-the-art provably robust classifiers.

翻译：随机滑动(RS)是构建神经网络分类的有效且可扩缩的技术,对于对抗性扰动而言,这种网络分类的预设性和通用性噪声差异是非最佳的,因为不同的数据点有不同的边距,基础模型的本地特性在输入实例中各异。在本文件中,我们审查了定制处理实例的影响,并提出了随机随机调整的平滑模式(Insta-RS) -- -- 一种多动性搜索算法,为测试示例指定了定制的高斯语差异。我们还设计了Insta-RS TRA -- -- 一种新型的两阶段培训算法,以适应性调整和定制每种培训的噪声水平,用于培训一个基础模型,以提升经认证的直观模型的稳健性强度,并提议随机随机随机调整的平滑动(Insta-RS) -- -- 一种多动式搜索算法,将定制的高斯差异用于测试模型;我们还设计了Insta-RS TRA -- -- -- 一种新型的两阶段培训算法,以适应性地调整和定制的每个培训范例,用于培训基准模型,以提升实例模型的经认证的准确性强度,将提高实例的实度,将测试的图像-图像-图像-直观的准确度,以显示我们现有的平流的平整的图像-直径的图像-直观的平流模型,以显示的清晰度测试的平流模型。