Excessive Invariance Causes Adversarial Vulnerability
Authors: Joern-Henrik Jacobsen, Jens Behrmann, Richard Zemel, Matthias Bethge
ICLR 2019 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | On MNIST and Image Net one can manipulate the class-specific content of almost any image without changing the hidden activations. We show deep networks are not only too sensitive to task-irrelevant changes of their input... but are also too invariant... We show such excessive invariance occurs across various tasks and architecture types. For classification errors see Table 2 in appendix D. |
| Researcher Affiliation | Collaboration | J orn-Henrik Jacobsen 1 , Jens Behrmann1,2, Richard Zemel1, Matthias Bethge3 1Vector Institute and University of Toronto 2University of Bremen, Center for Industrial Mathematics 3University of T ubingen |
| Pseudocode | No | The paper does not contain structured pseudocode or algorithm blocks. |
| Open Source Code | Yes | 1Link to code and dataset: https://github.com/jhjacobsen/fully-invertible-revnet |
| Open Datasets | Yes | On MNIST and Image Net one can manipulate the class-specific content of almost any image without changing the hidden activations. ILSVRC2012 Val Top1 in Table 1. 1Link to code and dataset: https://github.com/jhjacobsen/fully-invertible-revnet. |
| Dataset Splits | Yes | ILSVRC2012 Val Top1 29.50 in Table 1. train on 500k samples for 10 epochs and then validate on another 100k holdout set. |
| Hardware Specification | No | We train the network with momentum SGD for 128 epochs, a batch size of 480 (distributed to 6 GPUs). This states a quantity but not specific models or other hardware details. |
| Software Dependencies | No | For the spheres experiment we used Pytorch (Paszke et al., 2017) and for MNIST, as well as Imagenet Tensorflow (Abadi et al., 2016). These references only cite the initial papers, not specific version numbers for reproducibility. |
| Experiment Setup | Yes | We train it via cross-entropy and use the Adam optimizer (Kingma & Ba, 2014) with a learning rate of 0.0001 and otherwise default Pytorch settings. The network is trained via Adamax (Kingma & Ba, 2014) with a base learning rate of 0.001 for 100 epochs and we multiply the it with a factor of 0.2 every 30 epochs and use a batch size of 64 and l2 weight decay of 1e-4. |