Improving Accuracy-robustness Trade-off via Pixel Reweighted Adversarial Training
Authors: Jiacheng Zhang, Feng Liu, Dawei Zhou, Jingfeng Zhang, Tongliang Liu
ICML 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Through extensive evaluations on benchmark image datasets such as CIFAR-10 (Krizhevsky et al., 2009), SVHN (Netzer et al., 2011) and Tiny Imagenet-200 (Wu, 2017), we demonstrate the effectiveness of PART in Section 4.1. We demonstrate the main experiment results in this section. More experiment details can be found in Appendix G and more experiment results can be found in Appendix H. |
| Researcher Affiliation | Academia | 1School of Computing and Information Systems, The University of Melbourne 2State Key Laboratory of Integrated Services Networks, Xidian University 3School of Computer Science, The University of Auckland / RIKEN AIP 4Sydney AI Centre, The University of Sydney. Correspondence to: Feng Liu <fengliu.ml@gmail.com>, Tongliang Liu <tliang.liu@gmail.com>. |
| Pseudocode | Yes | Algorithm 1 Mask Generation, Algorithm 2 Pixel-reweighted AE Generation (Pixel-AG), Algorithm 3 Pixel-reweighted Adversarial Training (PART) |
| Open Source Code | Yes | The code can be found in https://github.com/tmlr-group/PART. |
| Open Datasets | Yes | We evaluate the effectiveness of PART mainly on three benchmark datasets, i.e., CIFAR-10 (Krizhevsky et al., 2009), SVHN (Netzer et al., 2011) and Tiny Imagenet-200 (Wu, 2017). |
| Dataset Splits | Yes | CIFAR-10 comprises 50,000 training and 10,000 test images, distributed across 10 classes. SVHN has 10 classes but consists of 73,257 training and 26,032 test images. ... Tiny Imagenet-200, which extends the complexity by offering 200 classes, containing 100,000 training, 10,000 validation, and 10,000 test images. |
| Hardware Specification | Yes | 2*NVIDIA A100 (Table 9) |
| Software Dependencies | No | The paper does not list specific software dependencies with version numbers (e.g., Python 3.x, PyTorch 1.x, CUDA version). |
| Experiment Setup | Yes | We set λ = 6 for both TRADES and MART. For all baseline methods, we use the ℓ -norm non-targeted PGD-10 with random start to craft AEs in the training stage. We set ϵ = 8/255 for all datasets, and ϵlow = 7/255 for our method. All the defense models are trained using SGD with a momentum of 0.9. We set the initial learning rate to 0.01 with batch size 128 for CIFAR-10 and SVHN. To save time, we set the initial learning rate to 0.02 with batch size 512 for Tiny Imagenet-200 (Gao et al., 2022; Zhou et al., 2023). The step size α is set to 2/255 for CIFAR-10 and Tiny Imagenet-200, and is set to 1/255 for SVHN. The weight decay is 0.0002 for CIFAR-10, 0.0035 for SVHN and 0.0005 for Tiny Imagenet-200. We run all the methods for 80 epochs and divide the learning rate by 10 at epoch 60 to avoid robust overfitting (Rice et al., 2020). For PART, we set the initial 20 epochs to be the burn-in period. |