Certified Robustness against Sparse Adversarial Perturbations via Data
Localization
Certified Robustness against Sparse Adversarial Perturbations via Data
Localization
Recent work in adversarial robustness suggests that natural data distributions are localized, i.e., they place high probability in small volume regions of the input space, and that this property can be utilized for designing classifiers with improved robustness guarantees for $\ell_2$-bounded perturbations. Yet, it is still unclear if this observation …