Adversarially Robust Generalization Requires More Data
Authors: Ludwig Schmidt, Shibani Santurkar, Dimitris Tsipras, Kunal Talwar, Aleksander Madry
NeurIPS 2018 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We complement our theoretical results with experiments on popular image classification datasets and show that a similar gap exists here as well. To complement our theoretical results, we conduct a range of experiments on MNIST, CIFAR10, and SVHN. |
| Researcher Affiliation | Collaboration | Ludwig Schmidt UC Berkeley ludwig@berkeley.edu Shibani Santurkar MIT shibani@mit.edu Dimitris Tsipras MIT tsipras@mit.edu Kunal Talwar Google Brain kunal@google.com Aleksander M adry MIT madry@mit.edu |
| Pseudocode | No | The paper contains mathematical definitions, theorems, and experimental descriptions, but no structured pseudocode or algorithm blocks are present. |
| Open Source Code | No | The paper does not contain any statement about releasing source code for its methodology, nor does it provide any links to a code repository. |
| Open Datasets | Yes | We consider standard convolutional neural networks and train models on datasets of varying complexity. Specifically, we study the MNIST [34], CIFAR-10 [33], and SVHN [40] datasets. |
| Dataset Splits | No | The paper mentions generating training subsets by 'randomly sub-sampling the complete dataset' and evaluating performance on 'test accuracy', but it does not provide specific percentages or counts for training, validation, or test splits. |
| Hardware Specification | No | The paper does not provide specific details about the hardware used for running experiments, such as GPU or CPU models, or memory specifications. |
| Software Dependencies | No | The paper does not provide specific software dependency details with version numbers (e.g., library names with versions). |
| Experiment Setup | Yes | We perform robust optimization to train our classifiers on perturbations generated by projected gradient descent. [...] For each choice of training set size N and fixed attack εtest, we select the best performance achieved across all hyperparameters settings (training perturbations εtrain and model size). |