Cascade Adversarial Machine Learning Regularized with a Unified Embedding
Authors: Taesik Na, Jong Hwan Ko, Saibal Mukhopadhyay
ICLR 2018 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Experimental results show that cascade adversarial training together with our proposed low-level similarity learning efficiently enhances the robustness against iterative attacks, but at the expense of decreased robustness against one-step attacks. We show that combining those two techniques can also improve robustness under the worst case black box attack scenario. |
| Researcher Affiliation | Academia | Taesik Na, Jong Hwan Ko & Saibal Mukhopadhyay School of Electrical and Computer Engineering Georgia Institute of Technology Atlanta, GA 30332, USA {taesik.na, jonghwan.ko, smukhopadhyay6}@gatech.edu |
| Pseudocode | No | The paper does not contain structured pseudocode or algorithm blocks. |
| Open Source Code | No | The paper does not provide any statement or link indicating that the source code for the methodology is openly available. |
| Open Datasets | Yes | We train Res Net models (He et al., 2016) on MNIST (Le Cun & Cortes, 2010) and CIFAR10 dataset (Krizhevsky, 2009) using the proposed adversarial training. |
| Dataset Splits | No | The paper describes training parameters and details of data augmentation but does not explicitly state the dataset splits for training, validation, and testing. It mentions a test set but no explicit validation split. |
| Hardware Specification | No | The paper does not specify the hardware (e.g., CPU, GPU models, memory) used for running the experiments. |
| Software Dependencies | No | The paper does not provide specific version numbers for any software dependencies or libraries used. |
| Experiment Setup | Yes | We use stochastic gradient descent (SGD) optimizer with momentum of 0.9, weight decay of 0.0001 and mini batch size of 128. For adversarial training, we generate k = 64 adversarial examples among 128 images in one mini-batch. We start with a learning rate of 0.1, divide it by 10 at 4k and 6k iterations, and terminate training at 8k iterations for MNIST, and 48k and 72k iterations, and terminate training at 94k iterations for CIFAR10. |