Title: CEAR: Certified Ensemble Adversarial Robustness in DNNs

Abstract:

Deep Neural Networks (DNNs) exhibit significant vulnerability to adversarial perturbations, prompting extensive research into robustness frameworks for safety-critical systems. While state-of-the-art empirical defenses enhance DNN resilience during training, they often remain ineffective against adaptive white-box attacks. Conversely, certified defenses provide provable robustness guarantees within defined perturbation limits, ensuring security even when attackers possess complete model knowledge. This paper introduces CEAR, an ensemble-based approach that integrates empirical and certified defense strategies. CEAR employs varying Gaussian noise and temperature settings to train individual networks within the ensemble, thereby obscuring gradients and logits to bolster resistance against potent gradient-based assaults. Additionally, we leverage noisy logits alongside two distinct voting mechanisms to further enhance robustness. The study also extends randomized smoothing techniques to validate the robustness of ensemble-based classifiers. Experimental results across MNIST, CIFAR10, and TinyImageNet datasets indicate that CEAR achieves higher average certified accuracy, a larger robustness radius, and reduced transferability relative to baseline methods.

Source: arXiv Generated at: 2026-06-02 00:00:00 UTC