Biologically Inspired Mechanisms for Adversarial Robustness
Authors: Manish Reddy Vuyyuru, Andrzej Banburski, Nishka Pant, Tomaso Poggio
NeurIPS 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | In this work, we investigate the role of two biologically plausible mechanisms in adversarial robustness. We demonstrate that the nonuniform sampling performed by the primate retina and the presence of multiple receptive fields with a range of receptive field sizes at each eccentricity improve the robustness of neural networks to small adversarial perturbations. We verify that these two mechanisms do not suffer from gradient obfuscation and study their contribution to adversarial robustness through ablation studies. |
| Researcher Affiliation | Academia | Manish Reddy Vuyyuru Institute for Applied Computational Science Harvard University Cambridge, MA 02139 mvuyyuru@g.harvard.edu Andrzej Banburski Center for Brains, Minds and Machines Massachusetts Institute of Technology Cambridge, MA 02139 kappa666@mit.edu Nishka Pant Center for Brains, Minds and Machines Massachusetts Institute of Technology Cambridge, MA 02139 npant@mit.edu Tomaso Poggio Center for Brains, Minds and Machines Massachusetts Institute of Technology Cambridge, MA 02139 tp@ai.mit.edu |
| Pseudocode | No | The paper describes algorithms such as PGD textually but does not include structured pseudocode or algorithm blocks. |
| Open Source Code | No | The paper does not include an explicit statement or a link indicating that the source code for the described methodology is publicly available. |
| Open Datasets | Yes | The experiments were spread across 4 datasets. CIFAR10 is a small, standard dataset [32] and was used to benchmark results against other published results on adversarial robustness. ... The Image Net dataset [33] offers high resolution images split into 1000 classes... |
| Dataset Splits | No | The paper mentions training on 'the full training set' and performing 'robustness evaluations' on a 'test set', but does not explicitly specify a separate validation dataset split with percentages or counts for model development or hyperparameter tuning. The term 'validation' is used in the context of evaluating results, not a data split. |
| Hardware Specification | No | The paper does not provide specific details about the hardware used for the experiments, such as GPU models (e.g., NVIDIA A100), CPU types, or cloud instance specifications. |
| Software Dependencies | No | The paper mentions 'The adversarial attacks used were as implemented in the Python package Foolbox [36]' but does not provide specific version numbers for Foolbox or any other software dependencies. |
| Experiment Setup | Yes | Models for the CIFAR10 and Image Net datasets were based off the standard CIFAR Res Net20 and Image Net Res Net-18 architectures [35]. ... Models for CIFAR10 and Image Net10 were both trained with an ADAM optimizer with 1 = 0.9, 2 = 0.999 and an initial learning rate of 0.001. CIFAR10 Models were trained for 200 epochs with a batch size of 180 and a fixed learning schedule (decay from initial by 0.1, 0.01, 0.001, 0.0005 at epoch 80, 120, 160, 180). Models for Image Net10 were trained for 400 epochs with a batch size of 64 and a fixed learning schedule (decay from initial by 0.1, 0.01, 0.001, 0.0005 at epoch 160, 240, 320, 360). Models for Image Net100 and Imagenet used an SGD optimizer with weight decay of 0.0001, momentum 0.9, initial learning rate of 0.1, and a batch size 256. Models for Image Net100 were trained for 130 epochs with a fixed learning schedule (decay from initial by 0.1, 0.01, 0.001, 0.0005 at epoch 30, 70, 90, 120). Models for Image Net were trained for 90 epochs with a fixed learning schedule (decay from initial by 0.1, 0.01, 0.001 at epoch 30, 60, 80). ... In most of the experiments, we set the step size to /3 and ran 5 iterations. |