Adversarial Robustness with Semi-Infinite Constrained Learning
Authors: Alexander Robey, Luiz Chamon, George J. Pappas, Hamed Hassani, Alejandro Ribeiro
NeurIPS 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Finally, we show that our approach can mitigate the trade-off between nominal and robust performance, yielding state-of-the-art results on MNIST and CIFAR-10. Our code is available at: https://github.com/arobey1/advbench. In this section, we include an empirical evaluation of the DALE algorithm. In particular, we consider two standard datasets: MNIST and CIFAR-10. For MNIST, we train four-layer CNNs and set = {δ : δ 0.3}; for CIFAR-10, we train Res Net-18 models and set = {δ : δ 8/255}. All hyperparameters and performance metrics are chosen with respect to the robust accuracy of a PGD adversary evaluated on a small hold-out validation set. |
| Researcher Affiliation | Academia | Alexander Robey University of Pennsylvania arobey1@seas.upenn.edu Luiz F. O. Chamon University of California, Berkeley lfochamon@berkeley.edu George J. Pappas University of Pennsylvania pappasg@seas.upenn.edu Hamed Hassani University of Pennsylvania hassani@seas.upenn.edu Alejandro Ribeiro University of Pennsylvania aribeiro@seas.upenn.edu |
| Pseudocode | Yes | Algorithm 1 Semi-Infinite Dual Adversarial Learning (DALE) |
| Open Source Code | Yes | Our code is available at: https://github.com/arobey1/advbench. |
| Open Datasets | Yes | In particular, we consider two standard datasets: MNIST and CIFAR-10. [102] The MNIST database of handwritten digits Home Page. http://yann.lecun.com/exdb/mnist/. [104] Alex Krizhevsky, Geoffrey Hinton, et al. Learning multiple layers of features from tiny images. 2009. |
| Dataset Splits | No | No specific percentages or sample counts for training, validation, or test splits are provided. The paper only mentions using a 'small hold-out validation set' for hyperparameter tuning. |
| Hardware Specification | No | No specific hardware details (e.g., GPU models, CPU types, or memory) used for running experiments are mentioned in the paper. |
| Software Dependencies | No | No specific software dependencies with version numbers (e.g., 'PyTorch 1.9', 'TensorFlow 2.x') are provided. The paper mentions optimizers and model architectures but not the software used to implement them with versions. |
| Experiment Setup | Yes | For MNIST, we train four-layer CNNs and set = {δ : δ 0.3}; for CIFAR-10, we train Res Net-18 models and set = {δ : δ 8/255}. All hyperparameters and performance metrics are chosen with respect to the robust accuracy of a PGD adversary evaluated on a small hold-out validation set. We used a batch size of 128 for both datasets and optimized the parameters using SGD with momentum (0.9) and a weight decay of 5e-4. For MNIST, we trained our model for 100 epochs with an initial learning rate of 0.01 that decayed by 0.1 every 30 epochs. For CIFAR-10, we trained our model for 200 epochs with an initial learning rate of 0.1 that decayed by 0.1 every 75 epochs. |