Certified Defenses against Adversarial Examples
Authors: Aditi Raghunathan, Jacob Steinhardt, Percy Liang
ICLR 2018 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We evaluated our method on the MNIST dataset of handwritten digits, where the task is to classify images into one of ten classes. Our results can be summarized as follows: First, in Section 6.1, we show that our certificates of robustness are tighter than those based on simpler methods such as Frobenius and spectral bounds (Section 5), but our bounds are still too high to be meaningful for general networks. Then in Section 6.2, we show that by training on the certificates, we obtain networks with much better bounds and hence meaningful robustness. |
| Researcher Affiliation | Academia | Aditi Raghunathan, Jacob Steinhardt & Percy Liang Department of Computer Science Stanford University {aditir,jsteinhardt,pliang}@cs.stanford.edu |
| Pseudocode | No | The paper describes the proposed methods in narrative text and mathematical formulations but does not include any explicit pseudocode or algorithm blocks. |
| Open Source Code | Yes | All code, data and experiments for this paper are available on the Codalab platform at https://worksheets.codalab.org/worksheets/ 0xa21e794020bb474d8804ec7bc0543f52/. |
| Open Datasets | Yes | We evaluated our method on the MNIST dataset of handwritten digits, where the task is to classify images into one of ten classes. |
| Dataset Splits | No | The paper states it evaluates on "10,000 test examples" and mentions "training examples," but does not explicitly provide the specific percentages or counts for training, validation, and test splits. |
| Hardware Specification | No | The paper mentions using TensorFlow as the optimizer but does not provide any specific details about the hardware used for experiments, such as GPU or CPU models. |
| Software Dependencies | No | The paper mentions using "Tensor Flow's implementation of Adam", "Sci Py s implementation of the Lanczos algorithm", "the modeling toolbox YALMIP", and "Sedumi as a backend", but does not provide specific version numbers for any of these software dependencies. |
| Experiment Setup | Yes | In all our experiments, we used neural networks with m = 500 hidden units, and Tensor Flow s implementation of Adam as the optimizer; ... All hyperparameters (including the choice of loss function) were tuned based on the error of the Projected Gradient Descent (PGD) attack ... We used hinge loss as the classification loss, and decayed the learning rate in steps from 10 3 to 10 5, decreasing by a factor of 10 every 30 epochs. ... For the regularization parameters λij, ... We tuned λ to 0.05 ... We updated the values of these weights every 20 epochs. |