Adversarial Training on Purification (AToP): Advancing Both Robustness and Generalization
Authors: Guang Lin, Chao Li, Jianhai Zhang, Toshihisa Tanaka, Qibin Zhao
ICLR 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | To evaluate our method in an efficient and scalable way, we conduct extensive experiments on CIFAR-10, CIFAR-100, and Image Nette to demonstrate that our method achieves optimal robustness and exhibits generalization ability against unseen attacks. |
| Researcher Affiliation | Academia | 1Tokyo University of Agriculture and Technology 2RIKEN Center for Advanced Intelligence Project (RIKEN AIP) 3Hangzhou Dianzi University |
| Pseudocode | Yes | Algorithm 1 Adversarial Training on Purification method (ATo P) Require: Training examples x, ground truth y, parameters of classifier model θf, parameters of purifier model θg, training epoch Nep 1: Initialize θf and θg with pre-trained classifier model and pre-trained purifier model. 2: for epoch = 1...Nep do 3: Build adversarial examples x with perturbations δ: x x + δ 4: Freeze θf and update θg with gradient descent based on loss in Eq. (9). 5: θg θg θg 6: end for 7: return purifier model with θg |
| Open Source Code | No | The paper does not provide a direct link or explicit statement about the public availability of its source code. |
| Open Datasets | Yes | We conduct extensive experiments on CIFAR-10, CIFAR-100 (Krizhevsky et al., 2009) and Image Nette (a subset of 10 classified classes from Image Net) (Howard, 2021) to empirically validate the effectiveness of the proposed methods against adversarial attacks. |
| Dataset Splits | No | The paper mentions using CIFAR-10, CIFAR-100, and Image Nette and that 'we randomly select 512 images from the test set for robust evaluation', but does not explicitly state the training, validation, and test dataset splits or percentages used for training and validation, nor does it confirm the use of standard predefined splits for all sets. |
| Hardware Specification | Yes | All experiments presented in the paper are conducted under these hyperparameters and performed by NVIDIA RTX A5000 Graphics Card with 24GB GDDR6 GPU memory, CUDA v11.7 and cu DNN v8.5.0 in Py Torch v1.13.11 (Paszke et al., 2019). |
| Software Dependencies | Yes | All experiments presented in the paper are conducted under these hyperparameters and performed by NVIDIA RTX A5000 Graphics Card with 24GB GDDR6 GPU memory, CUDA v11.7 and cu DNN v8.5.0 in Py Torch v1.13.11 (Paszke et al., 2019). |
| Experiment Setup | Yes | Training details: After experimental testing, we have determined the hyperparameters: Gaussian standard deviation σ = 0.25, mask size p = P/8 (P is side length of input x), mask number N = 4, missing rate r = 0.25 and weight λ = 0.1. |