Combining Adversaries with Anti-adversaries in Training
Authors: Xiaoling Zhou, Nan Yang, Ou Wu
AAAI 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Experiments on benchmark datasets under different learning scenarios verify our theoretical findings and the effectiveness of the proposed methodology. Experiments are conducted to verify our theoretical findings and the effectiveness of the proposed CAAT in improving the accuracy, robustness, and fairness of the robust models. |
| Researcher Affiliation | Academia | Xiaoling Zhou, Nan Yang, Ou Wu * Center for Applied Mathematics, Tianjin University, China {xiaolingzhou, yny, wuou}@tju.edu.cn |
| Pseudocode | Yes | Algorithm 1: CAAT |
| Open Source Code | No | The paper does not provide an explicit statement or link indicating that the source code for the described methodology is publicly available. |
| Open Datasets | Yes | Benchmark adversarial learning datasets: CIFAR10 (Krizhevsky 2009) and SVHN (Netzer et al. 2011) are adopted in our experiments, including the noisy and imbalanced versions of the CIFAR data (Shu et al. 2019). For the two datasets, Pre Act-Res Net18 (He et al. 2016) and Wide-Res Net28-10 (WRN28-10) (Zagoruyko and Komodakis 2016) are adopted as the backbone network. |
| Dataset Splits | Yes | Following Xu et al. (2021), 300 samples in each class with clean labels are selected as the meta dataset, which helps us tune the hyperparameters and train the weighting network. The training and testing configurations used in Ref. Xu et al. (2021) are followed. |
| Hardware Specification | No | The paper does not provide specific details about the hardware (e.g., GPU/CPU models, memory) used for running the experiments. |
| Software Dependencies | No | The paper does not provide specific software dependencies, such as programming language versions, deep learning framework versions, or other library versions, needed to replicate the experiment. |
| Experiment Setup | Yes | The number of iterations in an adversarial attack is set to 10. Following Xu et al. (2021), 300 samples in each class with clean labels are selected as the meta dataset, which helps us tune the hyperparameters and train the weighting network. Adversarial training is trained on PGD attack setting ϵ = 8/255 with cross-entropy loss. For our method and FRL (Re Margin), the predefined perturbation bound is also set to 8/255. All the models are trained by using SGD with momentum 0.9 and weight decay 5 10 4. The value of λ is selected in {2/3, 1, 1.5, 6}. |