Hierarchical Verification for Adversarial Robustness
Authors: Cong Han Lim, Raquel Urtasun, Ersin Yumer
ICML 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Experimental results demonstrate that Layer Cert can significantly reduce both the number of convex programs solved and the running time over the state-of-the-art. |
| Researcher Affiliation | Collaboration | 1Uber Advanced Technologies Group, Toronto ON, Canada 2Department of Computer Science, University of Toronto, Toronto ON, Canada. |
| Pseudocode | Yes | Algorithm 1 Geo Cert; Algorithm 2 Layer Cert-Basic; Algorithm 3 Layer Cert Framework |
| Open Source Code | No | The paper mentions that the original Geo Cert code (a baseline) is available, but does not explicitly state that their own 'Layer Cert' code is open-source or provide a link to it. 'Our implementation of Geo Cert (Jordan et al., 2019) starts with the original code provided by the authors at https://github.com/revbucket/geometric-certificates and modifies it... We implemented Layer Cert in Python...' |
| Open Datasets | Yes | We train our networks to classify the digits 1 and 7 in the MNIST dataset and used the same training parameters. |
| Dataset Splits | No | The paper uses the MNIST dataset for training and testing but does not specify any explicit validation splits or percentages, nor does it provide details on how the data was partitioned beyond selecting 100 1s and 7s for evaluation. |
| Hardware Specification | Yes | Our experiments were performed on an Ubuntu 18.04 server on an Intel Xeon Gold 6136 CPU with 12 cores. |
| Software Dependencies | Yes | We use CVXPY (Diamond & Boyd, 2016) to model the convex programs and the open-source ECOS solver (Domahidi et al., 2013) as the main solver. Since ECOS can occasionally fail, we also use OSQP (Stellato et al., 2017) and SCS (O donoghue et al., 2016) as backup solvers. ... We implemented Layer Cert in Python using the packages numpy, Py Torch, numba (for the lower bounding methods)... |
| Experiment Setup | Yes | We initialize each algorithm with a target verification radius of 0.3. Each method terminates when we have exactly computed the answer to (1) or when it has determined that the lower bound is at least the radius. ... We restricted the algorithms to use only a single core and do not allow the use of the GPU. |