On Adversarial Training without Perturbing all Examples
Authors: Max Losch, Mohamed Omran, David Stutz, Mario Fritz, Bernt Schiele
ICLR 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We evaluate our subset analysis on a wide variety of image datasets like CIFAR-10, CIFAR-100, Image Net-200 and show transfer to SVHN, Oxford Flowers-102 and Caltech-256. |
| Researcher Affiliation | Academia | Max Losch1, Mohamed Omran1, David Stutz1, Mario Fritz2, Bernt Schiele1 1 Max Planck Institute for Informatics, Saarland Informatics Campus, 2 CISPA Helmholtz Center for Information Security, Saarbrücken {mlosch, mohomran, dstutz, schiele}@mpi-inf.mpg.de, fritz@cispa.de |
| Pseudocode | No | The paper does not contain structured pseudocode or algorithm blocks. |
| Open Source Code | Yes | Code is available at http://github.com/mlosch/SAT. |
| Open Datasets | Yes | We evaluate our subset analysis on a wide variety of image datasets like CIFAR-10, CIFAR-100, Image Net-200 and show transfer to SVHN, Oxford Flowers-102 and Caltech-256. Image Net: a large-scale hierarchical image database. CVPR, 2009. |
| Dataset Splits | Yes | Throughout the course of the training, we evaluate AA after each learning rate decay on 10% of validation data Dval and perform a final evaluation with the model providing the highest robust accuracy. This evaluation is performed on the remaining 90% of validation data. |
| Hardware Specification | No | The paper does not provide specific hardware details (e.g., exact GPU/CPU models, processor types, or memory amounts) used for running its experiments. |
| Software Dependencies | No | The paper mentions software components like 'SGD' and 'PGD-7' and references a 'robustness (python library)' but does not provide specific version numbers for any software dependencies. |
| Experiment Setup | Yes | For all training setups listed in table 2, we train our models from scratch using SGD with a momentum of 0.9. Adversarial training for the L2 norm is performed with 7 steps of projected gradient descent (PGD-7) within an ϵ2 = 0.5 for CIFAR and SVHN and ϵ = 3.0 for Image Net-200, Caltech-256 and Flowers-102. For each step, we use a step size of 0.1 and 0.5 respectively. |