Clarifying the Behavior and the Difficulty of Adversarial Training
Authors: Xu Cheng, Hao Zhang, Yue Xin, Wen Shen, Quanshi Zhang
AAAI 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Despite the simplicity of our theory, it still reveals verifiable predictions about various phenomena in adversarial training under real-world settings. Experimental verification 1 of Theorem 2. Although Theorem 2 was derived on a simple two-layer network, we tested whether our theory could predict the dynamics of adversarial perturbations on deep networks. That is, we checked whether ˆδ derived in Theorem 2 fitted well with the real perturbation δ . |
| Researcher Affiliation | Academia | Xu Cheng1,2, Hao Zhang2, Yue Xin2, Wen Shen2, Quanshi Zhang2* 1Nanjing University of Science and Technology, 2Shanghai Jiao Tong University |
| Pseudocode | No | The paper presents mathematical formulations and theorems but does not include any pseudocode or algorithm blocks. |
| Open Source Code | No | The paper does not contain any explicit statements about releasing source code or provide links to a code repository. |
| Open Datasets | Yes | To this end, we crafted perturbations δ on different Re LU networks with more than two linear layers for the MNIST dataset (Le Cun et al. 1998). |
| Dataset Splits | No | The paper mentions using the MNIST dataset but does not provide specific details on how the dataset was split into training, validation, and test sets, or reference standard splits. |
| Hardware Specification | No | The paper does not specify any hardware details (e.g., specific GPU/CPU models, memory, or cloud instances) used for running the experiments. |
| Software Dependencies | No | The paper mentions using various deep learning models (e.g., VGG11, Alex Net, Res Net-18) but does not list specific software dependencies with version numbers (e.g., PyTorch 1.9, Python 3.8). |
| Experiment Setup | Yes | Please see Appendix L for the hyper-parameters of the attack. |