HYDRA: Pruning Adversarially Robust Neural Networks
Authors: Vikash Sehwag, Shiqi Wang, Prateek Mittal, Suman Jana
NeurIPS 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We conduct extensive experiments across three datasets, namely CIFAR-10, SVHN, and Image Net. We first establish strong baselines and then show that our method outperforms them significantly and achieves state-of-the-art accuracy and robustness simultaneously for compressed networks. |
| Researcher Affiliation | Academia | Vikash Sehwag , Shiqi Wang B, Prateek Mittal , Suman Jana B Princeton University, USA BColumbia University, USA |
| Pseudocode | Yes | Algorithm 1 End-to-end compression pipeline. |
| Open Source Code | Yes | Our code and compressed networks are publicly available2. 2https://github.com/inspire-group/compactness-robustness |
| Open Datasets | Yes | We conduct extensive experiments across three datasets, namely CIFAR-10, SVHN, and Image Net. |
| Dataset Splits | No | The paper mentions using training data for empirical risk minimization and experiments on CIFAR-10, SVHN, and Image Net datasets. However, it does not explicitly state the specific training, validation, and test dataset splits (e.g., percentages or sample counts) within the main text. |
| Hardware Specification | No | The paper describes its experimental setup and results but does not specify any particular hardware details such as GPU models, CPU types, or memory used for running the experiments. |
| Software Dependencies | No | The paper describes various robust training techniques and network architectures used in experiments but does not specify the version numbers for any software dependencies (e.g., deep learning frameworks like PyTorch or TensorFlow, or CUDA versions) required for replication. |
| Experiment Setup | Yes | The l perturbation budget for adversarial training is 8/255 for CIFAR-10, SVHN and 4/255 for Image Net. For verifiable robust training, we choose an l perturbation budget of 2/255 in all experiments. These design choices are consistent with previous work [7, 38, 47]. We used PGD attacks with 50 steps and 10 restarts to measure era. We use state-of-the-art adversarial training approach from Carmon et al. [7]. We use only 20 epochs in the pruning step (with 100 epochs in both pre-training and fine-tuning). |