A Closer Look at the Adversarial Robustness of Deep Equilibrium Models
Authors: Zonghan Yang, Tianyu Pang, Yang Liu
NeurIPS 2022 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments on CIFAR-10 validate the adversarial robustness of DEQs competitive with deep networks of similar sizes. We use PGD-AT to train large-sized and XL-sized DEQs on CIFAR-10. To benchmark their robustness [12], the parameter sizes of the DEQs are set to be comparable with Res Net-18 [18] and Wide Res Net34-10 [41], respectively. |
| Researcher Affiliation | Collaboration | Zonghan Yang1, Tianyu Pang2, Yang Liu1,3,4 1Department of Computer Science and Technology, Tsinghua University, Beijing, China 2Sea AI Lab, Singapore 3Institute for AI Industry Research (AIR), Tsinghua University, Beijing, China 4Beijing Academy of Artificial Intelligence, Beijing, China |
| Pseudocode | No | The paper describes methods using mathematical equations and text, but does not include structured pseudocode or algorithm blocks. |
| Open Source Code | No | The paper's checklist indicates code is included ('Did you include the code, data, and instructions needed to reproduce the main experimental results (either in the supplemental material or as a URL)? [Yes]'), but no specific URL or explicit statement of code release for the methodology is provided in the main text. |
| Open Datasets | Yes | Extensive experiments on CIFAR-10 validate the adversarial robustness of DEQs competitive with deep networks of similar sizes. We first train DEQs on CIFAR-10 [21] with the PGD-AT framework [25], then test the adaptive attacks and defense strategies proposed in Sec. 5 on the adversarially-trained DEQs. |
| Dataset Splits | No | The paper mentions using a 'development set' for hyperparameter tuning: 'We determine the optimal timing for early exit by selecting the top robustness performance of all zn s on the development set under the ready-made PGD-10 attack.' However, it does not explicitly provide specific dataset split percentages (e.g., 80/10/10) or sample counts for training, validation, and test sets. |
| Hardware Specification | No | No specific hardware details (e.g., GPU/CPU models, memory) used for running the experiments were explicitly mentioned in the paper's main sections or general appendices. |
| Software Dependencies | Yes | Internal cluster, CUDA 11.1, PyTorch 1.10.2. (from the checklist) |
| Experiment Setup | Yes | During training, we use 10-step PGD with the step size of 2/255 to generate adversaries within the range of ℓ = 8/255. For the specific type of attacks, we use PGD and Auto Attack (AA) [13] to instantiate the white-box attacks in Sec. 5.1. The detailed experimental settings are listed in Appendix A. |