Abstract
As ML models are increasingly deployed in critical applications, robustnessagainst adversarial perturbations is crucial. While numerous defenses have beenproposed to counter such attacks, they typically assume that all adversarialtransformations are equally important, an assumption that rarely aligns withreal-world applications. To address this, we study the problem of robustlearning against adversarial perturbations under cost-sensitive scenarios,where the potential harm of different types of misclassifications is encoded ina cost matrix. Our solution introduces a provably robust learning algorithm tocertify and optimize for cost-sensitive robustness, building on the scalablecertification framework of randomized smoothing. Specifically, we formalize thedefinition of cost-sensitive certified radius and propose our novel adaptationof the standard certification algorithm to generate tight robustnesscertificates tailored to any cost matrix. In addition, we design a robusttraining method that improves certified cost-sensitive robustness withoutcompromising model accuracy. Extensive experiments on benchmark datasets,including challenging ones unsolvable by existing methods, demonstrate theeffectiveness of our certification algorithm and training method across variouscost-sensitive scenarios.