Certified Adversarial Robustness via Randomized \alpha -Smoothing for Regression Models

Certified adversarial robustness of large-scale deep networks has progressed substantially after the introduction of randomized smoothing. Deep net classifiers are now provably robust in their predictions against a large class of threat models, including \ell_1, \ell_2, and \ell_\infty norm-bounded attacks. Certified robustness analysis by randomized smoothing has not been performed for deep regression networks where the output variable is continuous and unbounded. In this paper, we extend the existing results for randomized smoothing into regression models using powerful tools from robust statistics, in particular, \alpha -trimming filter as the smoothing function. Adjusting the hyperparameter \alpha achieves a smooth trade-off between desired certified robustness and utility.