Defense Through Diverse Directions
Authors: Christopher Bender, Yang Li, Yifeng Shi, Michael K. Reiter, Junier Oliva
ICML 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We demonstrate that by encouraging the network to distribute evenly across inputs, the network becomes less susceptible to localized, brittle features which imparts a natural robustness to targeted perturbations. We show empirical robustness on several benchmark datasets. |
| Researcher Affiliation | Academia | 1The University of North Carolina, North Carolina, USA. Correspondence to: Christopher M. Bender <bender@cs.unc.edu>. |
| Pseudocode | No | The paper describes mathematical formulations and processes but does not include any pseudocode or algorithm blocks. |
| Open Source Code | No | The paper mentions accessing 'examples from an open repository' (https://github.com/MadryLab/mnist_challenge and https://github.com/MadryLab/cifar10_challenge) for black-box attacks, which are third-party resources. However, it does not state that the authors' own source code for the methodology described in the paper is available or provide a link to it. |
| Open Datasets | Yes | We test our diversity induced models on MNIST (Le Cun & Cortes, 2010). ... In this section, we evaluate our proposed diversity inducing penalties on the CIFAR-10 dataset (Krizhevsky et al.). |
| Dataset Splits | No | The paper mentions using 'test set' and 'training process' but does not explicitly state specific training, validation, and test dataset splits (e.g., percentages or exact counts), nor does it explicitly mention a 'validation' set for their experiments. |
| Hardware Specification | No | The paper does not provide specific details about the hardware used to run the experiments, such as GPU/CPU models or memory specifications. |
| Software Dependencies | No | We utilize Tensor Flow (Abadi et al., 2015) and Tensorflow Probability (Dillon et al., 2017) to implement the general and probabilistic components of our models, respectively. While software is mentioned, specific version numbers are not provided for reproducibility (e.g., 'TensorFlow 2.x' or 'TensorFlow Probability 0.x'). |
| Experiment Setup | Yes | When the corresponding penalty is used, the loss hyperparameters are: λM = 20, λV = 40, and λS = 40. ... We chose to train for 100 epochs... When training with our proposed penalties, we use the hyparameters: λM = 10 and λS = 20. ... PGD attack perform 40 gradient updates with a step size 0.001. |