DRF: Improving Certified Robustness via Distributional Robustness Framework
Authors: Zekai Wang, Zhengyu Zhou, Weiwei Liu
AAAI 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Our experiments demonstrate that DRF can substantially improve the certified robustness of AT-based RS. Empirically, we evaluate DRF against various robust training methods for RS. The results consistently show that our framework significantly improves the certified robustness compared to existing methods. |
| Researcher Affiliation | Academia | School of Computer Science, Institute of Artificial Intelligence, National Engineering Research Center for Multimedia Software, Hubei Key Laboratory of Multimedia and Network Communication Engineering, Wuhan University, China |
| Pseudocode | Yes | Algorithm 1: DRF training |
| Open Source Code | No | The paper does not contain any explicit statements about making the source code available, nor does it provide a link to a code repository. |
| Open Datasets | Yes | we evaluate the effectiveness of our framework on well-established image classification datasets to measure robustness, including MNIST (Le Cun et al. 1998) and CIFAR-10 (Appendix) (Krizhevsky and Hinton 2009). |
| Dataset Splits | Yes | For the MNIST (Le Cun et al. 1998) experiments, we train every method on Le Net (Le Cun et al. 1998) for 90 epochs, then report the certified accuracy and ACR of smoothed classifiers using the full MNIST test dataset. We train every model via stochastic gradient descent (SGD) using Nesterov momentum of weight 0.9 without dampening. The weight decay and batch size are set to 10 4 and 256 for all the models. The different training schedules for each dataset are provided below: (a) MNIST: The initial learning rate is set to 0.01. We train Le Net (Le Cun et al. 1998) model for 90 epochs. (b) CIFAR10: The initial learning rate is set to 0.1; We train Res Net110 (He et al. 2016) model for 150 epochs, and the learning rate is decayed by 0.1 at 50-th and 100-th epoch. |
| Hardware Specification | No | The paper states: “Details of the experimental setup (e.g., datasets, computing resources, hyperparameters for the baseline methods, etc.) are provided in Appendix.” However, the Appendix is not provided, and the main body of the paper does not specify any hardware details like CPU/GPU models or memory. |
| Software Dependencies | No | The paper mentions “PyTorch” in passing (“RENORM in Py Torch”) but does not provide a specific version number. No other software dependencies are listed with version numbers. |
| Experiment Setup | Yes | We train every model via stochastic gradient descent (SGD) using Nesterov momentum of weight 0.9 without dampening. The weight decay and batch size are set to 10 4 and 256 for all the models. The different training schedules for each dataset are provided below: (a) MNIST: The initial learning rate is set to 0.01. We train Le Net (Le Cun et al. 1998) model for 90 epochs. (b) CIFAR10: The initial learning rate is set to 0.1; We train Res Net110 (He et al. 2016) model for 150 epochs, and the learning rate is decayed by 0.1 at 50-th and 100-th epoch. When DRF is used, we employ fixed hyperparameter values of ζλ = 0.02 and κ = 100 in this subsection, while λ0 = 1.0, 2.0 for Smooth Adv and Consistency, respectively. |