Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in [1].
Democratic Training Against Universal Adversarial Perturbations
Authors: Bing Sun, Jun Sun, Wei Zhao
ICLR 2025 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Democratic Training is evaluated with 7 neural networks trained on 5 benchmark datasets and 5 types of state-of-the-art universal adversarial attack methods. The results show that it effectively reduces the attack success rate, improves model robustness and preserves the model accuracy on clean samples. |
| Researcher Affiliation | Academia | Bing Sun Singapore Management University EMAIL Jun Sun Singapore Management University EMAIL Wei Zhao Singapore Management University EMAIL |
| Pseudocode | Yes | Algorithm 1: Remove(I, N, m, ϵ) 1 for n epochs do 2 for each batch b do 3 Ien b Sample Generator(Ib, N, m, ϵ); 4 L(i, ien) = αLcce(ien) + (1 α)Lcce(i); 5 J(θ) = L(.) 6 θ θ γθ SGD(J(θ)); 7 return θ; Algorithm 2: Sample Generator(I, N, m, ϵ) 1 for m iterations do 2 L(i) = H(i); 4 sign( i L(i)); 4 i = Clamp(i, ϵ); 5 return i; |
| Open Source Code | Yes | Our approach has been implemented as a self-contained toolkit in Python and is open-sourced (https://gitlab.com/sunbing7/democratic_training). |
| Open Datasets | Yes | We conduct our experiments with 7 neural network models trained over 5 benchmark datasets: 1) Image Net (Deng et al., 2009), 2) ASL Alphabet (Sau, 2018), 3) Caltech101 (Li et al., 2022), 4) Euro SAT (Helber et al., 2019) and 5) CIFAR-10 (Krizhevsky, 2009). |
| Dataset Splits | Yes | Image Net (Deng et al., 2009): The Image Net 2012 dataset, also known as the ILSVRC 2012 (Image Net Large Scale Visual Recognition Challenge), is a large-scale dataset used for visual object recognition tasks. It contains over 1.2 million images for training, 50,000 for validation, and 100,000 for testing. |
| Hardware Specification | Yes | All experiments are conducted on a machine with 96-Core 1.4GHz CPU and 60GB system memory with an NVIDIA 24GB RTX 4090 GPU. |
| Software Dependencies | No | The paper mentions 'Py Torch (Paszke et al., 2019)' and 'implemented as a self-contained toolkit in Python' but does not provide specific version numbers for these or other critical software components. |
| Experiment Setup | Yes | When applying Democratic Training, we focus on the last pooling or dense layer for the entropy calculation... A small set of clean data ( 5% of the training set) is used during the model enhancement. Algorithm 1 details parameters like 'n epochs' and 'm iterations'. Parameter α (0, 1) controls the trade-off between the effectiveness of UAP removal and performance on unperturbed inputs during the optimization process. In Appendix 8.4, specific ϵ values (5/255, 10/255, 15/255) are used for generating UAPs. |