Skip to content

Integration of Certified Defense Methods (Randomized Smoothing) #86

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
henba1 wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Integration of Certified Defense Methods (Randomized Smoothing) #86

henba1 wants to merge 2 commits into from

Conversation

@henba1
Copy link
Collaborator

@henba1 henba1 commented Sep 24, 2025
edited
Loading

Integration of Certified Defense Methods (Randomized Smoothing) - Addresses #85

Overview

This PR implements the first iteration of probabilistic certified defense methods, specifically Randomized Smoothing, into VERONA as outlined in issue #85. The implementation extends VERONA's EpsilonValueEstimator and VerificationModule abstract classes to support certification with configurable sampling rates, smoothing levels, and confidence parameters.

Changes Made

New Components

1. ProbabilisticCertificationResult (robustness_experiment_box/database/verification_result.py)

  • New data structure for probabilistic certification results
  • Includes to_dict() and from_dict() methods for serialization
  • Stores certified radius, predicted class, and confidence information

2. RandomizedSmoothingModule (robustness_experiment_box/verification_module/randomized_smoothing_module.py)

  • Extends VerificationModule abstract base class
  • Implements verify_probabilistic() → returns ProbabilisticCertificationResult
  • Core method _perform_randomized_smoothing() orchestrates the certification process:
    • _sample_noise() - generates Gaussian noise samples
    • _apply_diffusion_denoising() - placeholder for DDS integration (TODO)
    • _lower_confidence_bound() - computes statistical confidence bounds
  • Configurable parameters: σ (noise level), N₀ (prediction samples), N (certification samples), α (confidence)

3. RandomizedSmoothingEstimator (robustness_experiment_box/epsilon_value_estimator/randomized_smoothing_estimator.py)

  • Extends EpsilonValueEstimator abstract base class
  • compute_epsilon_value() - bridges to classical EpsilonValueResult format
  • get_probabilistic_result() - returns ProbabilisticCertificationResult using RandomizedSmoothingModule
  • Maintains compatibility with existing VERONA experiment framework

4. Extended VerificationModule Interface (robustness_experiment_box/verification_module/verification_module.py)

  • Added new abstract method to base VerificationModule class
  • Enables probabilistic verification across all verification modules

5. Example Script (scripts/randomized_smoothing_example.py)

  • Demonstrates usage of the new randomized smoothing functionality
  • Shows integration with VERONA's robustness experiment framework
  • Provides practical example of parameter configuration

Implementation Details

This implementation follows Option A: Full Integration as discussed in #85, providing:

  • end-to-end certification pipeline with Monte Carlo sampling
  • Direct integration with VERONA's existing architecture
  • Backward compatibility - no changes needed to epsilon_value_result.py
  • Framework preparation for diffusion-enhanced smoothing (DDS placeholder implemented)

Algorithm Support

Randomized Smoothing (Cohen et al.)

  • Monte Carlo sampling with Gaussian noise
  • Statistical bounds for probabilistic certification
  • Configurable sampling parameters (σ, N₀, N, α)

Diffusion Denoised Smoothing (Carlini et al.)

  • Framework prepared with _apply_diffusion_denoising() placeholder
  • TBD DDS integration

Notes on Integration with VERONA

  • integration with existing EpsilonValueEstimator and VerificationModule interfaces
  • No breaking changes to existing result structures

Testing

  • Added comprehensive example script demonstrating the new functionality
  • Integration with existing VERONA robustness experiment framework
  • Maintains backward compatibility with existing verification modules

Future Work

This is the first iteration of the Randomized Smoothing integration. Future iterations include:

  • Implementation of Diffusion Denoised Smoothing (DDS)
  • Performance optimizations

References

Files Changed

  • robustness_experiment_box/epsilon_value_estimator/randomized_smoothing_estimator.py (new)
  • robustness_experiment_box/verification_module/randomized_smoothing_module.py (new)
  • robustness_experiment_box/verification_module/verification_module.py (extended)
  • robustness_experiment_box/database/verification_result.py (new)
  • scripts/randomized_smoothing_example.py (new)

Addresses #85 (First iteration - issue remains open for future updates)

@henba1 henba1 added the enhancement New feature or request label Sep 24, 2025
@henba1 henba1 assigned henba1 and AWbosman and unassigned AWbosman and Aaron99B Sep 24, 2025
@henba1 henba1 requested review from AWbosman and Aaron99B September 24, 2025 13:40
@henba1 henba1 marked this pull request as draft September 24, 2025 13:41
@henba1
refactor: align RandomizedSmoothingModule with VERONA architecture
d96bf55 
- Remove base_classifier parameter, load model from verification_context.network
- Update RandomizedSmoothingExample to use ExperimentRepository networks
- Fix RandomizedSmoothingEstimator field name (certification_time)
- Follow established pattern from formal verification flow
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Aaron99B Aaron99B Awaiting requested review from Aaron99B

@AWbosman AWbosman Awaiting requested review from AWbosman

At least 1 approving review is required to merge this pull request.

Assignees

@henba1 henba1

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@henba1 @Aaron99B @AWbosman