On the Robustness of Randomized Ensembles to Adversarial Perturbations
Authors: Hassan Dbouk, Naresh Shanbhag
ICML 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | In this work, we first demystify RECs as we derive fundamental results regarding their theoretical limits, necessary and sufficient conditions for them to be useful, and more. Leveraging this new understanding, we propose a new boosting algorithm (BARRE) for training robust RECs, and empirically demonstrate its effectiveness at defending against strong ℓ normbounded adversaries across various network architectures and datasets. |
| Researcher Affiliation | Academia | 1Department of Electrical and Computer Engineering, University of Illinois at Urbana-Champaign, Urbana, USA. Correspondence to: Hassan Dbouk <hdbouk2@illinois.edu>. |
| Pseudocode | Yes | Algorithm 1 The Optimal Sampling Probability (OSP) Algorithm for Randomized Ensembles ... Algorithm 2 The Boosting Algorithm for Robust Randomized Ensembles (BARRE) |
| Open Source Code | Yes | Our code can be found at https://github.com/hsndbk4/BARRE. |
| Open Datasets | Yes | We report results for three network architectures with different complexities: Res Net-20 (He et al., 2016), Mobile Net V1 (Howard et al., 2017), and Res Net-18, across CIFAR-10 and CIFAR-100 datasets (Krizhevsky et al., 2009). |
| Dataset Splits | No | The paper mentions 'training set' but does not specify the explicit percentages or sample counts for training, validation, and test splits. |
| Hardware Specification | No | The paper mentions network architectures (e.g., Res Net-20, Mobile Net V1, Res Net-18) and computational complexity in FLOPs, but does not specify the actual hardware (e.g., specific GPU or CPU models, memory) used for running the experiments. |
| Software Dependencies | No | The paper mentions SGD, margin-maximizing cross-entropy (MCE) loss, PGD, and ARC algorithm, but does not provide version numbers for any software libraries or frameworks (e.g., PyTorch, TensorFlow, scikit-learn, CUDA). |
| Experiment Setup | Yes | All models are trained for 100 epochs via SGD with a batch size of 256 and 0.1 initial learning rate, decayed by 0.1 first at the 50th epoch and twice at the 75th epoch. We employ the recently proposed margin-maximizing cross-entropy (MCE) loss from (Zhang et al., 2022) with 0.9 momentum and a weight decay factor of 5 × 10^−4. We use 10 attack iterations during training with ϵ = 8/255 and a step size β = 2/255. |