Maximum Mean Discrepancy Test is Aware of Adversarial Attacks
Authors: Ruize Gao, Feng Liu, Jingfeng Zhang, Bo Han, Tongliang Liu, Gang Niu, Masashi Sugiyama
ICML 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We verify detection methods on the Res Net-18 and Res Net-34 trained on the CIFAR-10 and the SVHN. We also validate performance of SAMMD on the large network Wide Res Net (WRN-32-10) (Zagoruyko & Komodakis, 2016) and the large dataset Tiny-Imagenet. Configuration of all experiments is in Appendix E. Detailed experimental results are presented in Appendix F. |
| Researcher Affiliation | Academia | 1Department of Computer Science, Hong Kong Baptist University 2Department of Computer Science and Engineering, The Chinese University of Hong Kong 3De SI Lab, AAII, University of Technology Sydney 4RIKEN-AIP 5TML Lab, University of Sydney 6Graduate School of Frontier Sciences, University of Tokyo. |
| Pseudocode | Yes | Algorithm 1 The SAMMD Test |
| Open Source Code | Yes | The code of our SAMMD test is available at github.com/Sjtubrian/SAMMD. |
| Open Datasets | Yes | We verify detection methods on the Res Net-18 and Res Net-34 trained on the CIFAR-10 and the SVHN. We also validate performance of SAMMD on the large network Wide Res Net (WRN-32-10) (Zagoruyko & Komodakis, 2016) and the large dataset Tiny-Imagenet. |
| Dataset Splits | No | The paper mentions using 'CIFAR-10 training set' and 'CIFAR-10 testing set' but does not explicitly provide specific training/validation/test split percentages, sample counts, or explicit mention of a validation set in the main text. |
| Hardware Specification | No | The paper states 'Configuration of all experiments is in Appendix E.' but does not include specific hardware details like GPU/CPU models or memory in the main text. |
| Software Dependencies | No | The paper does not specify software dependencies with version numbers (e.g., 'PyTorch 1.9', 'Python 3.8'). |
| Experiment Setup | Yes | For 6 different attacks, FGSM, BIM, PGD, AA, CW and Square (Non-IID(b)), we report the test power of all tests when SY are adversarial data (L norm ϵ = 0.0314; set size = 500) in Figure 4b. |