Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Lower Bounds on Adversarial Robustness from Optimal Transport
Authors: Arjun Nitin Bhagoji, Daniel Cullina, Prateek Mittal
NeurIPS 2019 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Finally, we use our framework to study the gap between the optimal classification performance possible and that currently achieved by state-of-the-art robustly trained neural networks for datasets of interest, namely, MNIST, Fashion MNIST and CIFAR-10. In this section, we use Theorem 1 to find lower bounds on adversarial robustness for empirical datasets of interest. We also compare these bounds to the performance of robustly trained classifiers |
| Researcher Affiliation | Academia | Arjun Nitin Bhagoji Department of Electrical Engineering Princeton University EMAIL Daniel Cullina , Department of Electrical Engineering Pennsylvania State University EMAIL Prateek Mittal Department of Electrical Engineering Princeton University EMAIL |
| Pseudocode | No | The paper does not contain any pseudocode or algorithm blocks. |
| Open Source Code | Yes | For reproducibility purposes, our code is available at https://github.com/inspire-group/robustness-via-transport. |
| Open Datasets | Yes | We consider the adversarial classification problem on three widely used image datasets, namely MNIST [50], Fashion-MNIST [82] and CIFAR-10 [47] |
| Dataset Splits | No | The paper mentions using '2000 images from the training set' but does not specify a training/validation/test split or provide absolute sample counts for each split or reference predefined splits for validation. |
| Hardware Specification | No | The paper does not explicitly describe the hardware used to run its experiments. |
| Software Dependencies | No | The paper mentions 'Adam optimizer [43]' and 'Linear Sum Assignment module from Scipy [41]' but does not provide specific version numbers for these or other software dependencies. |
| Experiment Setup | Yes | For the MNIST and Fashion MNIST dataset, we compare the lower bound with the performance of a 3-layer Convolutional Neural Network (CNN) that is robustly trained using iterative adversarial training [54] with the Adam optimizer [43] for 12 epochs. For the CIFAR-10 dataset, we use a Res Net-18 [36] trained for 200 epochs... To generate adversarial examples both during the training process and to test robustness, we use Projected Gradient Descent (PGD) with an ℓ2 constraint, random initialization and a minimum of 10 iterations. |