Bridging Mode Connectivity in Loss Landscapes and Adversarial Robustness
Authors: Pu Zhao, Pin-Yu Chen, Payel Das, Karthikeyan Natesan Ramamurthy, Xue Lin
ICLR 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Our experiments cover various types of adversarial attacks applied to different network architectures and datasets. When network models are tampered with backdoor or error-injection attacks, our results demonstrate that the path connection learned using limited amount of bonafide data can effectively mitigate adversarial effects while maintaining the original accuracy on clean data. Therefore, mode connectivity provides users with the power to repair backdoored or error-injected models. |
| Researcher Affiliation | Collaboration | Pu Zhao1, Pin-Yu Chen2 , Payel Das2, Karthikeyan Natesan Ramamurthy2, Xue Lin1 1Northeastern University, Boston, MA 02115 2IBM Research, Yorktown Heights, NY 10598 zhao.pu@husky.neu.edu, pin-yu.chen@ibm.com, daspa@us.ibm.com, knatesa@us.ibm.com, xue.lin@northeastern.edu |
| Pseudocode | No | The paper does not contain structured pseudocode or algorithm blocks. It provides mathematical equations for parametric curves (e.g., Equation 3, 4) but no formatted algorithm steps. |
| Open Source Code | Yes | The code is available at https://github.com/IBM/model-sanitization |
| Open Datasets | Yes | Our experiments were conducted on different network architectures (VGG and Res Net) and datasets (CIFAR-10 and SVHN). |
| Dataset Splits | Yes | We perform additional experiments with the 5-fold cross validation method for CIFAR-10 (VGG) and SVHN (Res Net). |
| Hardware Specification | Yes | All of the experiments are performed on 6 GTX 1080Ti GPUs. |
| Software Dependencies | No | The paper mentions 'Python and Pytorch' but does not provide specific version numbers for these software components. |
| Experiment Setup | Yes | We train a path connecting the two backdoored models with limited amount of bonafide data." and "We train the connection using different number of images as given in Table 2 for 100 epochs" and "The attack perturbation strength is set to ϵ = 8/255 with 10 iterations." and "we perform fine-tuning with different learning rate and the number of total epochs with the bonafide data of 2500 images and 1000 images, respectively. |