Measuring Neural Net Robustness with Constraints
Authors: Osbert Bastani, Yani Ioannou, Leonidas Lampropoulos, Dimitrios Vytiniotis, Aditya Nori, Antonio Criminisi
NeurIPS 2016 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We show how our metrics can be used to evaluate the robustness of deep neural nets with experiments on the MNIST and CIFAR-10 datasets. Our algorithm generates more informative estimates of robustness metrics compared to estimates based on existing algorithms. Furthermore, we show how existing approaches to improving robustness overfit to adversarial examples generated using a specific algorithm. Finally, we show that our techniques can be used to additionally improve neural net robustness both according to the metrics that we propose, but also according to previously proposed metrics. |
| Researcher Affiliation | Collaboration | Osbert Bastani Stanford University obastani@cs.stanford.edu Yani Ioannou University of Cambridge yai20@cam.ac.uk Leonidas Lampropoulos University of Pennsylvania llamp@seas.upenn.edu Dimitrios Vytiniotis Microsoft Research dimitris@microsoft.com Aditya V. Nori Microsoft Research adityan@microsoft.com Antonio Criminisi Microsoft Research antcrim@microsoft.com |
| Pseudocode | No | The paper describes the algorithm in prose within Section 4 but does not provide a structured pseudocode block or algorithm listing. |
| Open Source Code | No | The paper does not provide a statement or link indicating that the source code for their methodology is publicly available. |
| Open Datasets | Yes | We evaluate our approach on a deep convolutional neural network f for MNIST... and for the network-in-network (Ni N) neural net [13] trained to classify CIFAR-10 [9]. |
| Dataset Splits | No | The paper mentions 'training set' and 'test set' but does not specify explicit training/validation/test dataset splits (e.g., percentages, exact counts, or cross-validation details). |
| Hardware Specification | Yes | Computing ˆρ(f, x ) for a single input on Ni N takes about 10-15 seconds on an 8-core CPU. |
| Software Dependencies | No | The paper mentions 'Both neural nets are trained using Caffe [8]' but does not provide a version number for Caffe or any other software dependency. |
| Experiment Setup | Yes | In our experiments, we fix α = 3.0. We choose α = 0.15, since larger α causes the baseline to find significantly fewer adversarial examples, and small α results in smaller improvement in robustness. |