Improving Adversarial Robustness via Channel-wise Activation Suppressing
Authors: Yang Bai, Yuyuan Zeng, Yong Jiang, Shu-Tao Xia, Xingjun Ma, Yisen Wang
ICLR 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We empirically show that our CAS training strategy can consistently improve the robustness of current state-of-the-art adversarial training methods. Code is available at https://github.com/bymavis/CAS_ICLR2021. 5 EXPERIMENTS |
| Researcher Affiliation | Academia | Yang Bai1 Yuyuan Zeng2,5 Yong Jiang1,2,5 Shu-Tao Xia2,5 Xingjun Ma4 Yisen Wang3 1Tsinghua Berkeley Shenzhen Institute, Tsinghua University, China 2Tsinghua Shenzhen International Graduate School, Tsinghua University, China 3Key Lab. of Machine Perception (Mo E), School of EECS, Peking University, Beijing, China 4School of Information Technology, Deakin University, Geelong, VIC, Australia 5PCL Research Center of Networks and Communications, Peng Cheng Laboratory, Shenzhen, China |
| Pseudocode | Yes | A ALGORITHM OF CAS TRAINING Algorithm 1 Robust Training with CAS. |
| Open Source Code | Yes | Code is available at https://github.com/bymavis/CAS_ICLR2021. |
| Open Datasets | Yes | We train Res Net-18 (He et al., 2016) and VGG16 (Simonyan & Zisserman, 2014) on CIFAR-10 (Krizhevsky et al., 2009) using both standard training and adversarial training under typical settings. We evaluate our CAS on CIFAR-10 (Krizhevsky et al., 2009) and SVHN (Netzer et al., 2011) datasets with Res Net-18 (He et al., 2016). |
| Dataset Splits | No | The paper mentions training and testing datasets (CIFAR-10, SVHN) and specifies training parameters, but it does not explicitly define a separate validation dataset split or its usage for hyperparameter tuning. |
| Hardware Specification | No | The paper details experimental setups including models (Res Net-18, VGG16, Wide Res Net-34-10) and datasets (CIFAR-10, SVHN), and training parameters like epochs and learning rates, but does not specify any particular hardware components such as GPU models or CPU types used for running the experiments. |
| Software Dependencies | No | The paper mentions optimization algorithms (SGD), activation functions (Re LU, softmax), and analytical tools (t-SNE), but it does not list specific software versions for programming languages, libraries, or frameworks (e.g., Python version, PyTorch version, CUDA version). |
| Experiment Setup | Yes | Experimental Settings. We adversarially train Res Net-18 for 200 epochs on CIFAR-10 using SGD with momentum 0.9, weight decay 2e-4, and initial learning rate 0.1 which is divided by 10 at 75-th and 90-th epoch. We use PGD-10 (ϵ = 8/255 and step size 2/255) with random start for training. For SVHN, we adversarially train Res Net-18 using SGD with momentum 0.9, weight decay 5e-4, initial learning rate 0.01 which is divided by 10 at 75-th and 90-th epoch, and training attack PGD-10 ( ϵ = 8/255 and step size 1/255) with random start. |