{"ID":2896313,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2507.08163","arxiv_id":"2507.08163","title":"Adaptive Diffusion Denoised Smoothing : Certified Robustness via Randomized Smoothing with Differentially Private Guided Denoising Diffusion","abstract":"We propose Adaptive Diffusion Denoised Smoothing, a method for certifying the predictions of a vision model against adversarial examples, while adapting to the input. Our key insight is to reinterpret a guided denoising diffusion model as a long sequence of adaptive Gaussian Differentially Private (GDP) mechanisms refining a pure noise sample into an image. We show that these adaptive mechanisms can be composed through a GDP privacy filter to analyze the end-to-end robustness of the guided denoising process, yielding a provable certification that extends the adaptive randomized smoothing analysis. We demonstrate that our design, under a specific guiding strategy, can improve both certified accuracy and standard accuracy on ImageNet for an $\\ell_2$ threat model.","short_abstract":"We propose Adaptive Diffusion Denoised Smoothing, a method for certifying the predictions of a vision model against adversarial examples, while adapting to the input. Our key insight is to reinterpret a guided denoising diffusion model as a long sequence of adaptive Gaussian Differentially Private (GDP) mechanisms refi...","url_abs":"https://arxiv.org/abs/2507.08163","url_pdf":"https://arxiv.org/pdf/2507.08163v1","authors":"[\"Frederick Shpilevskiy\",\"Saiyue Lyu\",\"Krishnamurthy Dj Dvijotham\",\"Mathias Lécuyer\",\"Pierre-André Noël\"]","published":"2025-07-10T20:52:22Z","proceeding":"cs.CV","tasks":"[\"cs.CV\",\"cs.CR\",\"cs.LG\"]","methods":"[\"Diffusion Model\"]","has_code":false}