DAT: Improving Adversarial Robustness via Generative Amplitude Mix-up in Frequency Domain
Authors: Fengpeng Li, Kemou Li, Haiwei Wu, Jinyu Tian, Jiantao Zhou
NeurIPS 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Experiments on various datasets show that our proposed DAT leads to significantly improved robustness against diverse adversarial attacks. |
| Researcher Affiliation | Academia | 1State Key Laboratory of Internet of Things for Smart City, University of Macau 2Department of Computer Science, City University of Hong Kong 3Faculty of Innovation Engineering, Macau University of Science and Technology |
| Pseudocode | Yes | A Pseudocodes of AE Generation and DAT 16 A.1 Pseudocode of the AE Generation Method . . . . . . . . . . . . . . . . . . . . 16 A.2 Pseudocode of DAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 |
| Open Source Code | Yes | The source code is available at https:// github.com/Feng-peng-Li/DAT. |
| Open Datasets | Yes | We select three datasets: CIFAR-10, CIFAR-100, and Tiny Image Net [17]. |
| Dataset Splits | Yes | CIFAR-10 and CIFAR-100 contain 50,000 32 32 training samples and 10,000 32 32 test images, categorized into 10 and 100 classes respectively. Tiny Image Net is a challenge 200-class real-world dataset, where there are 500 training and 50 test images for each category, where the image size is 64 64. Moreover, due to the samples in the test set of Tiny Image Net without labels, we evaluate the robustness of the validation set following [29, 33]. |
| Hardware Specification | Yes | Experiments with Res Net-18 are performed on Ubuntu 20.04.3 LTS GPU server with Intel Xeon 5120 and 5 3090 by Py Torch 2.0, while WRN-34-10 and WRN-28-10 experiments are performed on DGX with a H800 GPU on Py Torch 2.0. |
| Software Dependencies | Yes | Experiments with Res Net-18 are performed on Ubuntu 20.04.3 LTS GPU server with Intel Xeon 5120 and 5 3090 by Py Torch 2.0, while WRN-34-10 and WRN-28-10 experiments are performed on DGX with a H800 GPU on Py Torch 2.0. |
| Experiment Setup | Yes | In the model training procedure, we adopt an SGD optimizer with momentum 0.9 and weight decay 5e-4. For the common experiments, the model is trained for 150 epochs for CIFAR-10 and CIFAR-100 and 100 epochs for Tiny Image Net. Moreover, the learning rate follows the schedule [0.1, 0.01, 0.001] in decay epoch schedule [100, 110] in CIFAR-10 and CIFAR-100 and in decay epoch schedule [75, 80] for Tiny Image Net. ... For hyper-parameters, β and JS weight parameter ω are set as 15 and 2 respectively. During the training procedure, we adopt the basic data augmentation strategies, Random Crop and Random Horizontal Flip, for all selected datasets. For AE generation, the inner step size α is set to 2/255 with K = 5 to generate adversarial perturbation ℓ -bounded with radius ϵ = 8/255 following previous work [29, 37, 33]. |