Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in [1].
Better Safe Than Sorry: Preventing Delusive Adversaries with Adversarial Training
Authors: Lue Tao, Lei Feng, Jinfeng Yi, Sheng-Jun Huang, Songcan Chen
NeurIPS 2021 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Finally, we complement our theoretical findings with a set of experiments on popular benchmark datasets, which show that the defense withstands six different practical attacks. Both theoretical and empirical results vote for adversarial training when confronted with delusive adversaries. and Extensive experiments on various datasets (CIFAR-10, SVHN, and a subset of Image Net) and tasks (supervised learning, self-supervised learning, and overcoming simplicity bias) demonstrate the effectiveness and versatility of adversarial training, which significantly mitigates the destructiveness of various delusive attacks (Section 5). |
| Researcher Affiliation | Collaboration | 1College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics 2MIIT Key Laboratory of Pattern Analysis and Machine Intelligence 3College of Computer Science, Chongqing University 4JD AI Research |
| Pseudocode | No | The paper does not contain any sections or figures explicitly labeled 'Pseudocode' or 'Algorithm'. |
| Open Source Code | Yes | Our code is available at https://github.com/TLMichael/Delusive-Adversary. |
| Open Datasets | Yes | We conduct experiments on CIFAR-10 [63], SVHN [81], a subset of Image Net [95], and MNIST-CIFAR [104] datasets. |
| Dataset Splits | No | The paper mentions using training and test sets but does not provide specific details on dataset splitting, such as exact percentages for training, validation, and test sets, or methods like cross-validation. |
| Hardware Specification | No | The paper does not provide specific details about the hardware used for running experiments, such as CPU or GPU models, or memory specifications. |
| Software Dependencies | No | The paper does not specify the version numbers for any software dependencies, libraries, or frameworks used in the experiments. |
| Experiment Setup | Yes | We consider the typical ℓ2 threat model with ϵ = 0.5 for CIFAR-10 by following [56]. and Standard data augmentation (i.e., cropping, mirroring) is adopted. and The ℓ -norm bounded threat models with ϵ = 0.032 and ϵ = 0.1 are considered. and We set B(x, ϵ) = {x X : xm x m + xc x c 1}. |