Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Is Adversarial Training Really a Silver Bullet for Mitigating Data Poisoning?
Authors: Rui Wen, Zhengyu Zhao, Zhuoran Liu, Michael Backes, Tianhao Wang, Yang Zhang
ICLR 2023 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We conduct extensive experiments to demonstrate the effectiveness of Ent F against AT in the reasonable setting with ϵadv = ϵpoi and also its generalizability to a variety of more challenging settings, such as AT with higher budgets, partial poisoning, unseen model architectures, and stronger (ensemble or adaptive) defenses. We use three image classification benchmark datasets: CIFAR-10 (CIF), CIFAR-100 (CIF), and Tiny Image Net (Tin). |
| Researcher Affiliation | Academia | Rui Wen1, Zhengyu Zhao1, Zhuoran Liu2, Michael Backes1, Tianhao Wang3, Yang Zhang1 1CISPA Helmholtz Center for Information Security, 2Radboud University, 3University of Virginia |
| Pseudocode | No | The paper does not contain any structured pseudocode or algorithm blocks. |
| Open Source Code | Yes | Our code is available at https://github.com/ Wen Rui USTC/Ent F. |
| Open Datasets | Yes | We use three image classification benchmark datasets: CIFAR-10 (CIF), CIFAR-100 (CIF), and Tiny Image Net (Tin). These datasets have been commonly used in the poisoning literature. |
| Dataset Splits | No | The paper mentions using CIFAR-10, CIFAR-100, and Tiny Image Net datasets, but does not explicitly provide information on how the data was split into training, validation, and test sets (e.g., percentages or sample counts). |
| Hardware Specification | Yes | All experiments are performed on an NVIDIA DGX-A100 server. |
| Software Dependencies | No | The paper mentions using SGD optimizer and PGD, but does not provide specific version numbers for any software libraries, frameworks (like PyTorch or TensorFlow), or other dependencies. |
| Experiment Setup | Yes | All reference and target models are trained for 100 epochs using SGD optimizer with an initial learning rate of 0.1 that is decayed by a factor of 0.1 at the 75-th and 90-th training epochs. The optimizer is set with momentum 0.9 and weight decay 5 10 4. The inner maximization (i.e., generation of adversarial examples) of the adversarial training is solved by 10-step PGD with a step size of 2/255. |