Better Safe Than Sorry: Preventing Delusive Adversaries with Adversarial Training
Authors: Lue Tao, Lei Feng, Jinfeng Yi, Sheng-Jun Huang, Songcan Chen
NeurIPS 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Finally, we complement our theoretical findings with a set of experiments on popular benchmark datasets, which show that the defense withstands six different practical attacks. Both theoretical and empirical results vote for adversarial training when confronted with delusive adversaries. and Extensive experiments on various datasets (CIFAR-10, SVHN, and a subset of Image Net) and tasks (supervised learning, self-supervised learning, and overcoming simplicity bias) demonstrate the effectiveness and versatility of adversarial training, which significantly mitigates the destructiveness of various delusive attacks (Section 5). |
| Researcher Affiliation | Collaboration | 1College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics 2MIIT Key Laboratory of Pattern Analysis and Machine Intelligence 3College of Computer Science, Chongqing University 4JD AI Research |
| Pseudocode | No | The paper does not contain any sections or figures explicitly labeled 'Pseudocode' or 'Algorithm'. |
| Open Source Code | Yes | Our code is available at https://github.com/TLMichael/Delusive-Adversary. |
| Open Datasets | Yes | We conduct experiments on CIFAR-10 [63], SVHN [81], a subset of Image Net [95], and MNIST-CIFAR [104] datasets. |
| Dataset Splits | No | The paper mentions using training and test sets but does not provide specific details on dataset splitting, such as exact percentages for training, validation, and test sets, or methods like cross-validation. |
| Hardware Specification | No | The paper does not provide specific details about the hardware used for running experiments, such as CPU or GPU models, or memory specifications. |
| Software Dependencies | No | The paper does not specify the version numbers for any software dependencies, libraries, or frameworks used in the experiments. |
| Experiment Setup | Yes | We consider the typical ℓ2 threat model with ϵ = 0.5 for CIFAR-10 by following [56]. and Standard data augmentation (i.e., cropping, mirroring) is adopted. and The ℓ -norm bounded threat models with ϵ = 0.032 and ϵ = 0.1 are considered. and We set B(x, ϵ) = {x X : xm x m + xc x c 1}. |