As ML models are increasingly deployed in crit- ical applications, robustness against adversarial perturbations is crucial. While numerous defenses have been proposed to counter such attacks, they typically assume that all adversarial transforma- tions are equally important, an assumption that rarely aligns with real-world applications. To ad- dress this, we study the problem of robust learn- ing against adversarial perturbations under cost- sensitive scenarios, where the potential harm of different types of misclassifications is encoded in a cost matrix. Our solution introduces a prov- ably robust learning algorithm to certify and opti- mize for cost-sensitive robustness, building on the scalable certification framework of randomized smoothing. Specifically, we formalize the defini- tion of cost-sensitive certified radius and propose our novel adaptation of the standard certification algorithm to generate tight robustness certificates tailored to any cost matrix. In addition, we design a robust training method that improves certified cost-sensitive robustness without compromising model accuracy. Extensive experiments on bench- mark datasets, including challenging ones unsolv- able by existing methods, demonstrate the effec- tiveness of our certification algorithm and training method across various cost-sensitive scenarios.
The short version of this work was presented at workshops on AdvML-Frontiers at ICML 2023. The workshop paper can be found on Openreview.