Adversarial Training and Provable Defenses: Bridging the Gap
Authors: Mislav Balunovic, Martin Vechev
ICLR 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We experimentally show that this training method, named convex layerwise adversarial training (COLT), is promising and achieves the best of both worlds it produces a state-of-the-art neural network with certified robustness of 60.5% and accuracy of 78.4% on the challenging CIFAR-10 dataset with a 2/255 L perturbation. |
| Researcher Affiliation | Academia | Mislav Balunovi c, Martin Vechev Department of Computer Science ETH Zurich, Switzerland {mislav.balunovic, martin.vechev}@inf.ethz.ch |
| Pseudocode | Yes | Algorithm 1: Convex layerwise adversarial training via convex relaxations |
| Open Source Code | Yes | Complete implementation of our training and certification methods in a system which we release at https://github.com/eth-sri/colt. |
| Open Datasets | Yes | We now present an evaluation of our training method on the challenging CIFAR-10 dataset. |
| Dataset Splits | Yes | To find the best performing hyperparameters for training, we created a validation set consisting of random 5000 images from the training set and used it to tune the hyperparameters with Sig Opt (Martinez-Cantin et al., 2018). |
| Hardware Specification | Yes | We perform all experiments on a desktop PC using a single Ge Force RTX 2080 Ti GPU and 16-core Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz. |
| Software Dependencies | Yes | We implemented training and certification in Py Torch (Paszke et al., 2017) and used Gurobi 9.0 as a MILP solver. |
| Experiment Setup | Yes | In each stage of the training, we train for 200 epochs, starting from the same loss as in the previous stage and gradually annealing it to the loss of the current stage during first 60 epochs. We optimize using SGD with the initial learning rate 0.03 and after the initial 60 epochs we multiply the learning rate by 0.5 every 10 epochs. We tuned batch size, initial ϵ, factor to decrease ϵ after each layer, L1 regularization and Re LU stability factors. |