On Detecting Adversarial Perturbations
Authors: Jan Hendrik Metzen, Tim Genewein, Volker Fischer, Bastian Bischoff
ICLR 2017 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | In this section, we present results on the detectability of adversarial perturbations on the CIFAR10 dataset (Krizhevsky, 2009), both for static and dynamic adversaries. Moreover, we investigate whether adversarial perturbations are also detectable in higher-resolution images based on a subset of the Image Net dataset (Russakovsky et al., 2015). |
| Researcher Affiliation | Industry | Jan Hendrik Metzen & Tim Genewein & Volker Fischer & Bastian Bischoff Bosch Center for Artificial Intelligence, Robert Bosch Gmb H Robert-Bosch-Campus 1, 71272 Renningen, Germany |
| Pseudocode | No | The paper includes mathematical formulas and descriptions of procedures (e.g., for generating adversarial examples), but it does not present these in a structured pseudocode or algorithm block. |
| Open Source Code | No | The paper acknowledges the use of open-source libraries like Theano and Keras, but it does not state that the authors' own implementation code for the described methodology is publicly available or provide a link to it. |
| Open Datasets | Yes | In this section, we present results on the detectability of adversarial perturbations on the CIFAR10 dataset (Krizhevsky, 2009), both for static and dynamic adversaries. Moreover, we investigate whether adversarial perturbations are also detectable in higher-resolution images based on a subset of the Image Net dataset (Russakovsky et al., 2015). |
| Dataset Splits | Yes | The network has been trained for 100 epochs with stochastic gradient descent and momentum on 45000 data points from the train set. The momentum term was set to 0.9 and the initial learning rate was set to 0.1, reduced to 0.01 after 41 epochs, and further reduced to 0.001 after 61 epochs. After each epoch, the network s performance on the validation data (the remaining 5000 data points from the train set) was determined. |
| Hardware Specification | No | The paper does not specify the hardware used for running the experiments (e.g., specific GPU models, CPU types, or cloud computing instances). |
| Software Dependencies | No | The paper mentions software like Theano, Keras, and seaborn in the acknowledgments but does not provide specific version numbers for these or any other key software components used in the experiments. |
| Experiment Setup | Yes | The network has been trained for 100 epochs with stochastic gradient descent and momentum on 45000 data points from the train set. The momentum term was set to 0.9 and the initial learning rate was set to 0.1, reduced to 0.01 after 41 epochs, and further reduced to 0.001 after 61 epochs. The detector was trained for 20 epochs on 45000 data points from the train set and their corresponding adversarial examples using the Adam optimizer (Kingma & Ba, 2015) with a learning rate of 0.0001 and β1 = 0.99, β2 = 0.999. |