Deep Defense: Training DNNs with Improved Adversarial Robustness
Authors: Ziang Yan, Yiwen Guo, Changshui Zhang
NeurIPS 2018 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Experimental results demonstrate that our method outperforms training with adversarial/Parseval regularizations by large margins on various datasets (including MNIST, CIFAR-10 and Image Net) and different DNN architectures. |
| Researcher Affiliation | Collaboration | Ziang Yan1* Yiwen Guo2,1* Changshui Zhang1 1Institute for Artificial Intelligence, Tsinghua University (THUAI), State Key Lab of Intelligent Technologies and Systems, Beijing National Research Center for Information Science and Technology (BNRist), Department of Automation,Tsinghua University, Beijing, China 2 Intel Labs China yza18@mails.tsinghua.edu.cn yiwen.guo@intel.com zcs@mail.tsinghua.edu.cn |
| Pseudocode | No | The paper does not contain any structured pseudocode or algorithm blocks. |
| Open Source Code | Yes | Code and models for reproducing our results are available at https://github.com/Ziang Yan/deepdefense.pytorch. |
| Open Datasets | Yes | Extensive experiments on MNIST, CIFAR-10 and Image Net show that our method significantly improves the robustness of different DNNs under advanced adversarial attacks, in the meanwhile no accuracy degradation is observed. |
| Dataset Splits | Yes | It consists of 70,000 grayscale images, in which 60,000 of them are used for training and the remaining are used for test. ... To verify the efficacy and scalability of our method, we collect well-trained Alex Net [17] and Res Net-18 [13] model from the Caffe and Py Torch model zoo respectively, fine-tune them on the ILSVRC-2012 training set using our Deep Defense and test it on the validation set. |
| Hardware Specification | Yes | All our experiments are conducted on an NVIDIA GTX 1080 GPU. |
| Software Dependencies | No | The paper mentions using Caffe and PyTorch model zoos but does not provide specific version numbers for software dependencies or libraries. |
| Experiment Setup | Yes | There are three hyper-parameters in our method: λ, c and d. As previously explained in Section 3.4, they balance the importance of the model robustness and benign-set accuracy. We fix λ = 15, c = 25, d = 5 for MNIST and CIFAR-10 major experiments (except for NIN, c = 70), and uniformly set λ = 5, c = 500, d = 5 for all Image Net experiments. Fine-tuning hyper-parameters can be found in the supplementary materials. All our experiments are conducted on an NVIDIA GTX 1080 GPU. ... We cut the learning rate by 2 after four epochs of training because it can be beneficial for convergence. |