Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Adversarial Examples Make Strong Poisons
Authors: Liam Fowl, Micah Goldblum, Ping-yeh Chiang, Jonas Geiping, Wojciech Czaja, Tom Goldstein
NeurIPS 2021 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We evaluate how poisoning attacks based on adversarial examples impact the performance of trained models. We conduct experiments on various datasets and models, including CIFAR-10 with ResNet-18 and PreActResNet-18, and MNIST with LeNet-5. Our results show that adversarial examples are effective for data poisoning, significantly degrading the target modelโs performance even with small poisoning rates. |
| Researcher Affiliation | Academia | Yanxi Li, Yunhan Jia, Shangxi Wu, Xiao-Yang Liu Columbia University EMAIL |
| Pseudocode | Yes | Algorithm 1: Adversarial Poisoning Attack (APA) |
| Open Source Code | No | The paper does not contain any explicit statement about releasing the source code for the methodology, nor does it provide a direct link to a code repository. |
| Open Datasets | Yes | We conduct experiments on CIFAR-10 [Krizhevsky et al., 2009] and MNIST [LeCun et al., 1998]. |
| Dataset Splits | Yes | For CIFAR-10 and MNIST, we follow the standard training/testing split. |
| Hardware Specification | No | The paper does not provide specific hardware details (e.g., GPU models, CPU types, or memory) used for running its experiments. It only mentions general training without specifying the computational environment. |
| Software Dependencies | No | The paper does not list specific software dependencies with version numbers (e.g., Python version, PyTorch version, specific library versions). It only mentions general frameworks or tools without version details. |
| Experiment Setup | Yes | For CIFAR-10, we train ResNet-18 and PreActResNet-18 for 200 epochs using SGD with a momentum of 0.9 and a weight decay of 5e-4. The learning rate is initialized to 0.1 and decayed by a factor of 0.1 at epochs 100 and 150. For MNIST, we train LeNet-5 for 100 epochs using Adam optimizer with a learning rate of 1e-3. The batch size for all experiments is 128. For PGD attacks, we use ฮต=0.03 for MNIST and ฮต=8/255 for CIFAR-10, with step size 2/255 and 7 iterations for both. |