Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Imperceptible Adversarial Attack via Invertible Neural Networks
Authors: Zihan Chen, Ziyue Wang, Jun-Jie Huang, Wentao Zhao, Xiao Liu, Dejian Guan
AAAI 2023 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments on CIFAR-10, CIFAR-100, and Image Net-1K demonstrate that the proposed Adv INN method can produce less imperceptible adversarial images than the state-of-the-art methods and Adv INN yields more robust adversarial examples with high confidence compared to other adversarial attacks. |
| Researcher Affiliation | Academia | College of Computer Science, National University of Defense Technology, Changsha, Hunan, China EMAIL |
| Pseudocode | No | No pseudocode or clearly labeled algorithm blocks were found in the paper. |
| Open Source Code | Yes | Code is available at https://github.com/jjhuangcs/Adv INN. |
| Open Datasets | Yes | We evaluate the performance of the comparison methods on Image Net-1K dataset which contains 1000 images sampled from the Image Net-1K validation set (Russakovsky et al. 2015). We have also evaluated the performance of all comparison methods on the testing set of CIFAR-10 and CIFAR100. |
| Dataset Splits | Yes | We evaluate the performance of the comparison methods on Image Net-1K dataset which contains 1000 images sampled from the Image Net-1K validation set (Russakovsky et al. 2015). |
| Hardware Specification | Yes | All experiments were performed on a computer with a NVIDIA RTX 3090 GPU with 24 GB memory. |
| Software Dependencies | No | No specific version numbers for software dependencies (e.g., Python 3.x, PyTorch 1.x) were found in the paper, only mentions of models like VGG16. |
| Experiment Setup | Yes | The optimizer for optimizing the learning objective of Adv INN in (1) is set to Adam (Kingma and Ba 2014) optimizer with initial learning rate 1e 4 which is decayed every 200 iterations with decay rate 0.9 and is lower bounded by 1e 5. We empirically set the regularization parameters λadv = 3, wll = 2, wlh,hl,hh = 1 and λperp = 0.001. All methods use ϵ = 8/255 as the adversarial budget. |