Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
On the Convergence and Robustness of Adversarial Training
Authors: Yisen Wang, Xingjun Ma, James Bailey, Jinfeng Yi, Bowen Zhou, Quanquan Gu
ICML 2019 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | In this section, we evaluate the robustness of our proposed training strategy (Dynamic) compared with several state-of-the-art defense models, in both the white-box and blackbox settings on benchmark datasets MNIST and CIFAR-10. The white-box results are reported in Table 1. |
| Researcher Affiliation | Collaboration | 1JD.com 2The University of Melbourne 3The University of California, Los Angeles. |
| Pseudocode | Yes | Algorithm 1 Dynamic Adversarial Training |
| Open Source Code | No | The paper does not provide concrete access to source code for the methodology described in this paper. |
| Open Datasets | Yes | benchmarks datasets MNIST and CIFAR-10. |
| Dataset Splits | No | The paper references MNIST and CIFAR-10 datasets but does not explicitly provide training/validation/test dataset splits with percentages or absolute counts. It uses "test set images" without defining its size relative to training or validation data. |
| Hardware Specification | No | The paper does not provide specific hardware details (e.g., GPU/CPU models, memory) used for running its experiments, only mentioning network architectures like 'CNN' and 'Wide Res Net'. |
| Software Dependencies | No | The paper mentions common deep learning components like 'Batch Norm' and 'SGD' but does not specify any software libraries or frameworks with version numbers (e.g., TensorFlow, PyTorch, scikit-learn versions). |
| Experiment Setup | Yes | Defense models for both MNIST and CIFAR-10 are trained using Stochastic Gradient Descent (SGD) with momentum 0.9, weight decay 10−4 and an initial learning rate of 0.01. The learning rate is divided by 10 at the 20-th and 40-th epoch for MNIST (50 epochs in total), and at the 60-th and 100-th epoch for CIFAR-10 (120 epochs in total). All images are normalized into [0, 1]. Except the Unsecured model, other defense models including our proposed Dynamic model are all trained under the same PGD adversarial training scheme: 10-step PGD attack with random start (adding an initial random perturbation of [ ϵ, ϵ] to the normal examples before the PGD perturbation) and step size ϵ/4. The maximum perturbation is set to ϵ = 0.3 for MNIST, and ϵ = 8/255 for CIFAR-10, which is a standard setting for adversarial defense (Athalye et al., 2018; Madry et al., 2018). |