In NeurIPS 2024 [Spotlight]
Abstract
We propose Adaptive Randomized Smoothing (ARS) to certify the predictions of test-time models against adversarial examples. ARS extends the analysis of randomized smoothing using f-Differential Privacy to certify the adaptive composition of multiple steps.
Links
[PDF]
[Poster]
[Code]