Attacks Which Do Not Kill Training Make Adversarial Learning Stronger
Authors: Jingfeng Zhang, Xilie Xu, Bo Han, Gang Niu, Lizhen Cui, Masashi Sugiyama, Mohan Kankanhalli
ICML 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | To evaluate the efficacy of FAT, we firstly use CIFAR-10 (Krizhevsky, 2009) and SVHN (Netzer et al., 2011) datasets to verify that FAT can help achieve a larger perturbation bound εtrain. Then, we train Wide Res Net (Zagoruyko & Komodakis, 2016) on the CIFAR-10 dataset to achieve state-of-the-art results. |
| Researcher Affiliation | Collaboration | 1School of Computing, National University of Singapore, Singapore 2Taishan College, Shandong University, Jinan, China 3Department of Computer Science, Hong Kong Baptist University, Hong Kong, China 4RIKEN Center for Advanced Intelligence Project (AIP), Tokyo, Japan 5School of Software & Joint SDU-NTU Centre for Artificial Intelligence Research (C-FAIR), Shandong University, Jinan, China 6Graduate School of Frontier Sciences, The University of Tokyo, Tokyo, Japan. |
| Pseudocode | Yes | Algorithm 1 PGD-K-τ |
| Open Source Code | No | The paper does not contain an explicit statement about releasing source code, nor does it provide a link to a code repository. |
| Open Datasets | Yes | We first use CIFAR-10 (Krizhevsky, 2009) and SVHN (Netzer et al., 2011) datasets to verify that FAT can help achieve a larger perturbation bound εtrain. |
| Dataset Splits | No | The paper mentions using CIFAR-10 and SVHN datasets for training and testing, but does not explicitly state the training, validation, and test splits (e.g., percentages or sample counts) used for reproduction. |
| Hardware Specification | No | The paper does not provide specific hardware details such as GPU models, CPU types, or memory used for running the experiments. |
| Software Dependencies | No | The paper does not provide specific version numbers for any software dependencies or libraries used in the experiments. |
| Experiment Setup | Yes | The maximum PGD step K = 10, step size α = ε/10. DNNs were trained using SGD with 0.9 momentum for 80 epochs with the initial learning rate of 0.01 divided by 10 at epoch 60. |