Neural Tangent Generalization Attacks
Authors: Chia-Hung Yuan, Shan-Hung Wu
ICML 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We conduct extensive experiments, and the empirical results demonstrate the effectiveness of NTGA. Our code and perturbed datasets are available at: https://github. com/lionelmessi6410/ntga. ... We conduct experiments to evaluate the performance of NTGA using the following default settings. Datasets. We aim to poison the MNIST (Le Cun et al., 2010), CIFAR-10 (Krizhevsky, 2009), and a subset of Image Net (Deng et al., 2009) datasets. ... The results are shown in Table 1, where NTGA( ) denotes an attack generated by NTGA with a specific hyperparameter t (see Eq. (3)). |
| Researcher Affiliation | Academia | Chia-Hung Yuan 1 Shan-Hung Wu 1 ... 1Department of Computer Science, National Tsing Hua University, Taiwan, R.O.C.. Correspondence to: Shan-Hung Wu <shwu@cs.nthu.edu.tw>. |
| Pseudocode | Yes | Algorithm 1 Neural Tangent Generalization Attack Input: D = (Xn, Y n), V = (Xm, Y m), f( ; k( , ), t), L, r, η, T (ϵ) Output: P to be added to Xn 1 Initialize P T (ϵ) 2 for i 1 to r do 3 G P L( f(Xm; ˆK m,n, ˆK n,n, Y n, t), Y m) 4 P Project(P + η sign(G); T (ϵ)) |
| Open Source Code | Yes | Our code and perturbed datasets are available at: https://github. com/lionelmessi6410/ntga. |
| Open Datasets | Yes | We aim to poison the MNIST (Le Cun et al., 2010), CIFAR-10 (Krizhevsky, 2009), and a subset of Image Net (Deng et al., 2009) datasets. |
| Dataset Splits | Yes | On each dataset, we randomly split 15% examples from the training set as V and use the rests as D for Eq. (1). |
| Hardware Specification | Yes | Table 3 also shows the trade-off between the performance and time required to solve Eq. (4) on a machine with NVIDIA Tesla V100 GPU. |
| Software Dependencies | No | The paper mentions 'Neural Tangents library', 'JAX', and 'TensorFlow' but does not specify their exact version numbers required for reproducibility. |
| Experiment Setup | Yes | We update P for r = 10 iterations. The maximum allowable perturbation ϵ is set to 0.3 on MNIST, 8/255 on CIFAR-10, and 0.1 on Image Net measured by the l distance, respectively. ... We randomly initialize FNN and CNN and use a Stochastic Gradient Descent (SGD) optimizer to minimize their MSE losses on the clean and poisoned training data. We use early stopping to prevent the networks from overfitting. ... We also enable learning rate scheduling and data augmentation when training Res Net18 and Dense Net121. |