Multi-head ensemble of smoothed classifiers for certified robustness

IF 6 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Neural Networks Pub Date : 2025-03-28 DOI:10.1016/j.neunet.2025.107426

Kun Fang , Qinghua Tao , Yingwen Wu , Tao Li , Xiaolin Huang , Jie Yang

{"title":"Multi-head ensemble of smoothed classifiers for certified robustness","authors":"Kun Fang , Qinghua Tao , Yingwen Wu , Tao Li , Xiaolin Huang , Jie Yang","doi":"10.1016/j.neunet.2025.107426","DOIUrl":null,"url":null,"abstract":"<div><div>Randomized Smoothing (RS) is a promising technique for certified robustness, and recently in RS the ensemble of multiple Deep Neural Networks (DNNs) has shown state-of-the-art performances due to its variance reduction effect over Gaussian noises. However, such an ensemble brings heavy computation burdens in both training and certification, and yet under-exploits individual DNNs and their mutual effects, as the communication between these classifiers is commonly ignored in optimization. In this work, we consider a novel <em>ensemble</em>-based training way for a <em>single</em> DNN with multiple augmented heads, named as SmOothed Multi-head Ensemble (SOME). In SOME, similar to the pursuit of variance reduction via ensemble, an ensemble of multiple heads imposed with a cosine constraint inside a single DNN is employed with much cheaper training and certification computation overloads in RS. In such network structure, an associated training strategy is designed by introducing a circular communication flow among those augmented heads. That is, each head teaches its neighbor with the self-paced learning strategy using smoothed losses, which are specifically designed in relation to certified robustness. The deployed multi-head structure and the circular-teaching scheme in SOME jointly contribute to the diversities among multiple heads and benefit their ensemble, leading to a competitively stronger certifiably-robust RS-based defense than ensembling multiple DNNs (effectiveness) at the cost of much less computational expenses (efficiency), verified by extensive experiments and discussions.</div></div>","PeriodicalId":49763,"journal":{"name":"Neural Networks","volume":"188 ","pages":"Article 107426"},"PeriodicalIF":6.0000,"publicationDate":"2025-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Neural Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0893608025003053","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Randomized Smoothing (RS) is a promising technique for certified robustness, and recently in RS the ensemble of multiple Deep Neural Networks (DNNs) has shown state-of-the-art performances due to its variance reduction effect over Gaussian noises. However, such an ensemble brings heavy computation burdens in both training and certification, and yet under-exploits individual DNNs and their mutual effects, as the communication between these classifiers is commonly ignored in optimization. In this work, we consider a novel ensemble-based training way for a single DNN with multiple augmented heads, named as SmOothed Multi-head Ensemble (SOME). In SOME, similar to the pursuit of variance reduction via ensemble, an ensemble of multiple heads imposed with a cosine constraint inside a single DNN is employed with much cheaper training and certification computation overloads in RS. In such network structure, an associated training strategy is designed by introducing a circular communication flow among those augmented heads. That is, each head teaches its neighbor with the self-paced learning strategy using smoothed losses, which are specifically designed in relation to certified robustness. The deployed multi-head structure and the circular-teaching scheme in SOME jointly contribute to the diversities among multiple heads and benefit their ensemble, leading to a competitively stronger certifiably-robust RS-based defense than ensembling multiple DNNs (effectiveness) at the cost of much less computational expenses (efficiency), verified by extensive experiments and discussions.

查看原文本刊更多论文

证明鲁棒性的光滑分类器多头集成

随机平滑（RS）是一种很有前途的鲁棒性认证技术，最近在随机平滑中，多个深度神经网络（dnn）的集成由于其对高斯噪声的方差减小效果而表现出了最先进的性能。然而，这种集成在训练和认证中都带来了沉重的计算负担，并且由于这些分类器之间的通信通常在优化中被忽略，因此未充分利用单个dnn及其相互影响。在这项工作中，我们考虑了一种新的基于集成的训练方法，用于具有多个增强头的单个DNN，称为平滑多头集成（SOME）。在SOME中，类似于通过集成来追求方差减少，在单个DNN中使用带有余弦约束的多个头部的集成，在RS中使用更便宜的训练和认证计算过载。在这种网络结构中，通过在这些增强头部之间引入循环通信流来设计相关的训练策略。也就是说，每个头部使用平滑损失的自定节奏学习策略来教导它的邻居，这是专门设计的，与认证的鲁棒性有关。在SOME中，部署的多头结构和循环教学方案共同促进了多头之间的多样性，并有利于它们的集成，导致比集成多个dnn（有效性）更具竞争力的可认证鲁棒性RS-based防御，其代价是更少的计算费用（效率），通过广泛的实验和讨论验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Neural Networks 工程技术-计算机：人工智能

CiteScore

13.90

自引率

7.70%

发文量

425

审稿时长

67 days

期刊介绍： Neural Networks is a platform that aims to foster an international community of scholars and practitioners interested in neural networks, deep learning, and other approaches to artificial intelligence and machine learning. Our journal invites submissions covering various aspects of neural networks research, from computational neuroscience and cognitive modeling to mathematical analyses and engineering applications. By providing a forum for interdisciplinary discussions between biology and technology, we aim to encourage the development of biologically-inspired artificial intelligence.