Mitigating Adversarial Effects Through Randomization
Authors: Cihang Xie, Jianyu Wang, Zhishuai Zhang, Zhou Ren, Alan Yuille
ICLR 2018 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments demonstrate that the proposed randomization method is very effective at defending against both single-step and iterative attacks. |
| Researcher Affiliation | Collaboration | Cihang Xie, Zhishuai Zhang & Alan L. Yuille Department of Computer Science The Johns Hopkins University Baltimore, MD 21218 USA {cihangxie306, zhshuai.zhang, alan.l.yuille}@gmail.com Jianyu Wang Baidu Research USA Sunnyvale, CA 94089 USA wjyouch@gmail.com Zhou Ren Snap Inc. Venice, CA 90291 USA zhou.ren}@snapchat.com |
| Pseudocode | No | The paper includes a pipeline diagram (Figure 2) but does not provide any pseudocode or clearly labeled algorithm blocks. |
| Open Source Code | Yes | The code is public available at https: //github.com/cihangxie/NIPS2017_adv_challenge_defense. |
| Open Datasets | Yes | Dataset: It is less meaningful to attack the images that are already classified wrongly. Therefore, we randomly choose 5000 images from the Image Net validation set that are classified correctly by all the considered networks to form our test dataset. |
| Dataset Splits | No | The paper uses pre-trained models and defines a test dataset from the ImageNet validation set, but does not provide details on training/validation/test splits of a dataset for reproduction of their own model training. |
| Hardware Specification | No | The paper does not provide any specific hardware details such as GPU or CPU models, or cloud computing instance types used for running the experiments. |
| Software Dependencies | No | The paper mentions using the 'cleverhans library' and 'TensorFlow' but does not specify any version numbers for these software components. |
| Experiment Setup | Yes | For the random resizing layer, it changes the input shape from 299 299 3 to rnd rnd 3, where rnd is a integer randomly sampled from the range [299, 331). For the random padding layer, it pads the resized image to the shape of 331 331 3 in a random manner. In the experiment, we choose ϵ = {2, 5, 10}. |