Adversarial Robustness through Local Linearization
Authors: Chongli Qin, James Martens, Sven Gowal, Dilip Krishnan, Krishnamurthy Dvijotham, Alhussein Fawzi, Soham De, Robert Stanforth, Pushmeet Kohli
NeurIPS 2019 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We show via extensive experiments on CIFAR-10 and Image Net, that models trained with our regularizer avoid gradient obfuscation and can be trained significantly faster than adversarial training. |
| Researcher Affiliation | Industry | Chongli Qin Deep Mind James Martens Deep Mind Sven Gowal Deep Mind Dilip Krishnan Google Krishnamurthy (Dj) Dvijotham Deep Mind Alhussein Fawzi Deep Mind Soham De Deep Mind Robert Stanforth Deep Mind Pushmeet Kohli Deep Mind |
| Pseudocode | Yes | Pseudo-code for training with this regularizer is given in Appendix E. |
| Open Source Code | No | The paper does not contain an explicit statement or link indicating that the source code for the described methodology is publicly available. |
| Open Datasets | Yes | We perform experiments using LLR on both CIFAR-10 [13] and Image Net [5] datasets. |
| Dataset Splits | No | The paper discusses training and testing, but it does not specify a separate validation dataset split or percentages for it. It mentions evaluation on test sets (e.g., 'evaluation is done on the full test set of 10K images'), but not a distinct validation split. |
| Hardware Specification | Yes | For Image Net, we trained on 128 TPUv3 cores [9], the total training wall time for the LLR network (4/255) is 7 hours for 110 epochs. |
| Software Dependencies | No | The paper does not specify particular software dependencies with version numbers (e.g., specific Python, PyTorch, or TensorFlow versions). |
| Experiment Setup | Yes | CIFAR-10: The perturbation radius we examine is ϵ = 8/255 and the model architectures we use are Wide-Res Net-28-8, Wide-Res Net-40-8 [26]. Since the validity of our regularizer requires ℓ(x) to be smooth, the activation function we use is softplus function log(1 + exp(x)), which is a smooth version of Re LU. ... Image Net: The perturbation radii considered are ϵ = 4/255 and ϵ = 16/255. The architecture used for this is from [11] which is Res Net-152. We use softplus as activation function. ... For Image Net, we trained on 128 TPUv3 cores [9], the total training wall time for the LLR network (4/255) is 7 hours for 110 epochs. |