Certified Robustness for Deep Equilibrium Models via Serialized Random Smoothing
Authors: Weizhi Gao, Zhichao Hou, Han Xu, Xiaorui Liu
NeurIPS 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments and ablation studies on image recognition demonstrate that our algorithm can significantly accelerate the certification of DEQs by up to 7x almost without sacrificing the certified accuracy. |
| Researcher Affiliation | Academia | Weizhi Gao1 wgao23@ncsu.edu Zhichao Hou1 zhou4@ncsu.edu Han Xu2 xuhan2@arizona.edu Xiaorui Liu1* xliu96@ncsu.edu 1North Carolina State University, 2The University of Arizona *corresponding author |
| Pseudocode | Yes | Algorithm 1 Certified Radius with SRS-DEQ |
| Open Source Code | Yes | Our code is available at https://github.com/Weizhi Gao/Serialized-Randomized-Smoothing. |
| Open Datasets | Yes | Datasets. We use two classical datasets in image recognition, CIFAR-10 (Krizhevsky et al., 2009) and Image Net (Russakovsky et al., 2015), to evaluate the certified robustness. |
| Dataset Splits | No | The paper mentions training data and test data. It does not explicitly specify a validation split size or methodology. It discusses results based on different noise levels and number of layers, but not a validation set specifically. |
| Hardware Specification | Yes | All the experiments are conducted on one A100 GPU. |
| Software Dependencies | No | The paper does not list specific version numbers for software dependencies such as Python, PyTorch, or CUDA. |
| Experiment Setup | Yes | For the standard MDEQ on CIFAR10, we use the Anderson solver with the step of {1, 5, 30}. For the standard MDEQ on Image Net, we use the Broyden solver with the step of {1, 5, 14}. We apply Anderson and Naive solvers on CIFAR-10 and Broyden solver on Image Net for the proposed SRS-MDEQ with the step of {1, 3}. We adopt a warm-up technique, where we use multi-steps to solve the fixed-point problem for the first batch in Algorithm 1. The warm-up steps for our SRS-MDEQ are set as 30 and 14 steps for CIFAR-10 and Image Net, respectively. The failure rate as α = 0.001 and the sampling number as N = 10,000 in the Monte Carlo method, unless specified otherwise. |