Adversarial training for free!
Authors: Ali Shafahi, Mahyar Najibi, Mohammad Amin Ghiasi, Zheng Xu, John Dickerson, Christoph Studer, Larry S. Davis, Gavin Taylor, Tom Goldstein
NeurIPS 2019 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Our free adversarial training algorithm achieves comparable robustness to PGD adversarial training on the CIFAR-10 and CIFAR-100 datasets at negligible additional cost compared to natural training, and can be 7 to 30 times faster than other strong adversarial training methods. Using a single workstation with 4 P100 GPUs and 2 days of runtime, we can train a robust model for the large-scale Image Net classification task that maintains 40% accuracy against PGD attacks. |
| Researcher Affiliation | Academia | Ali Shafahi University of Maryland ashafahi@cs.umd.edu Mahyar Najibi University of Maryland najibi@cs.umd.edu Amin Ghiasi University of Maryland amin@cs.umd.edu Zheng Xu University of Maryland xuzh@cs.umd.edu John Dickerson University of Maryland john@cs.umd.edu Christoph Studer Cornell University studer@cornell.edu Larry S. Davis University of Maryland lsd@umiacs.umd.edu Gavin Taylor United States Naval Academy taylor@usna.edu Tom Goldstein University of Maryland tomg@cs.umd.edu |
| Pseudocode | Yes | Algorithm 1 Free Adversarial Training (Free-m) |
| Open Source Code | Yes | Adversarial Training for Free code for CIFAR-10 in TensorFlow can be found here: https://github. com/ashafahi/free_adv_train/ Image Net Adversarial Training for Free code in Pytorch can be found here: https://github.com/ mahyarnajibi/Free Adversarial Training |
| Open Datasets | Yes | Our free adversarial training algorithm achieves comparable robustness to PGD adversarial training on the CIFAR-10 and CIFAR-100 datasets at negligible additional cost compared to natural training... Image Net is a large image classification dataset of over 1 million high-res images and 1000 classes (Russakovsky et al. [2015]). |
| Dataset Splits | Yes | We train various CIFAR-10 models using the Wide-Resnet 32-10 model and standard hyperparameters used by Madry et al. [2017]. ...CIFAR-10 and CIFAR-100 models that are 7-PGD adversarially trained have natural accuracies of 87.25% and 59.87%, respectively. ...Image Net is a large image classification dataset of over 1 million high-res images and 1000 classes (Russakovsky et al. [2015]). |
| Hardware Specification | Yes | Using a single workstation with 4 P100 GPUs and 2 days of runtime, we can train a robust model for the large-scale Image Net classification task... Free training on Res Net-101 and Res Net-152 each take roughly 1.7 and 2.4 more time than Res Net-50 on the same machine, respectively. |
| Software Dependencies | No | The paper mentions the use of 'TensorFlow' for CIFAR-10 code and 'Pytorch' for ImageNet code in footnotes. However, it does not specify any version numbers for these frameworks or any other software dependencies, which are required for reproducibility. |
| Experiment Setup | Yes | In the proposed method (alg. 1), we repeat (i.e. replay) each minibatch m times before switching to the next minibatch. ...In all experiments, the training batch size was 256. ...To craft attacks, we used a step-size of 1 and the corresponding ϵ used during training. |