Adversarial Feature Desensitization
Authors: Pouya Bashivan, Reza Bayat, Adam Ibrahim, Kartik Ahuja, Mojtaba Faramarzi, Touraj Laleh, Blake Richards, Irina Rish
NeurIPS 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Empirical results on several benchmarks demonstrate the effectiveness of the proposed approach against a wide range of attack types and attack strengths. |
| Researcher Affiliation | Academia | 1 Mc Gill University, Montreal, Canada 2 MILA, Université de Montréal, Montreal, Canada *Correspondence to: {bashivap,irina.rish}@mila.quebec |
| Pseudocode | Yes | Algorithm 1: AFD training procedure |
| Open Source Code | Yes | Our code is available at https://github.com/Bashivan Lab/afd. |
| Open Datasets | Yes | Datasets. We validated our proposed method on several common datasets including MNIST [30], CIFAR10, CIFAR100 [29], and tiny-Imagenet [26]. |
| Dataset Splits | Yes | To find the best learning rates, we randomly split the CIFAR10 train set into a train and validation sets (45000 and 5000 images in train and validation sets respectively). |
| Hardware Specification | Yes | All experiments were run on NVIDIA V100 GPUs. We used one GPU for experiments on MNIST and 2 GPUs for other datasets. |
| Software Dependencies | No | The paper mentions using "Foolbox [42] and Advertorch [12] Python packages" but does not specify their version numbers or any other software dependencies with version information. |
| Experiment Setup | Yes | We used ϵ = 0.3, 0.031, and 0.016 for MNIST, CIFAR, and Tiny-Imagenet datasets respectively. ... Based on this analysis, we selected the learning rate γ = 0.5 for tuning the feature extractor Fθ, and α = β = 0.1 for tuning the parameters in domain discriminator Dψ, and the task classifier Cφ. |