ME-Net: Towards Effective Adversarial Robustness with Matrix Estimation
Authors: Yuzhe Yang, Guo Zhang, Dina Katabi, Zhi Xu
ICML 2019 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We conduct comprehensive experiments on prevailing benchmarks such as MNIST, CIFAR-10, SVHN, and Tiny-Image Net. |
| Researcher Affiliation | Academia | 1MIT CSAIL, Cambridge, MA, USA. |
| Pseudocode | No | The paper describes the ME-Net training and inference steps in a structured manner but does not present them as a formally labeled 'Pseudocode' or 'Algorithm' block. |
| Open Source Code | Yes | Our implementation is available at: https://github.com/Yyz Harry/ME-Net. |
| Open Datasets | Yes | We conduct comprehensive experiments on prevailing benchmarks such as MNIST, CIFAR-10, SVHN, and Tiny-Image Net. |
| Dataset Splits | No | The paper mentions constructing a 'training set' and testing on a 'reconstructed image' for the test phase, but it does not specify explicit training/validation/test dataset splits (e.g., percentages, sample counts, or explicit standard validation set usage). |
| Hardware Specification | No | The paper does not provide specific details about the hardware (e.g., GPU models, CPU types, memory) used for running the experiments. |
| Software Dependencies | No | The paper does not provide specific version numbers for software dependencies (e.g., programming languages, libraries, or frameworks) used in the experiments. |
| Experiment Setup | Yes | During training, for each image we randomly sample 10 masks with different p values... Unless otherwise specified, we use the Nuclear Norm minimization method... We use the same attack parameters as in (Madry et al., 2017): total perturbation ε of 8/255 (0.031), step size of 2/255 (0.01). For PGD attacks, we use 7, 20 and 40 steps... For MNIST, we use the Le Net model... We also use the same attack parameters as total perturbation scale of 76.5/255 (0.3), and step size 2.55/255 (0.01)... We use standard Res Net-18 for SVHN and CIFAR-10, and Dense Net-121 for Tiny-Image Net, and set attack parameters as follows: total perturbation of 8/255 (0.031), step size of 2/255 (0.01), and with up to 1000 total attack steps. |