Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in [1].
Phase and Amplitude-aware Prompting for Enhancing Adversarial Robustness
Authors: Yibo Xu, Dawei Zhou, Decheng Liu, Nannan Wang
ICML 2025 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Experimental results demonstrate the effectiveness of our method. We evaluate the effectiveness of our method for both naturally and adversarially pre-trained models against general attacks and adaptive attacks. Experimental results reveal that our method outperforms state-of-the-art methods and achieves superior transferability. |
| Researcher Affiliation | Academia | 1Xidian University, Xi an, Shaanxi, China. Correspondence to: Nannan Wang <EMAIL>, Dawei Zhou <EMAIL>. |
| Pseudocode | Yes | Algorithm 1 Phase and Amplitude-aware Prompting (PAP). |
| Open Source Code | Yes | Our code is available at https://github.com/yeebox/PAP. |
| Open Datasets | Yes | We use two popular benchmark datasets CIFAR-10 (Krizhevsky et al., 2009) and Tiny Image Net (Le & Yang, 2015) for defense evaluations. |
| Dataset Splits | Yes | CIFAR-10 has 10 classes with 50,000 training images and 10,000 testing images, and Tiny-Image Net has 200 classes with 100,000 training images, 10,000 validation images and 10,000 testing images. |
| Hardware Specification | No | We do not perform evaluations on Image Net due to the limited computational resources. No specific hardware details such as GPU models, CPU types, or memory specifications are provided. |
| Software Dependencies | No | We train them using SGD (Andrew & Gao, 2007) for 100 epochs. No specific software versions for frameworks (e.g., PyTorch, TensorFlow) or programming languages are mentioned. |
| Experiment Setup | Yes | We train prompts by SGD (Andrew & Gao, 2007) for 100 epochs, where the initial learning rate is 0.1 and is divided by 10 at the 75-th epoch. The batch size is 512 for CIFAR-10, and 256 for Tiny-Image Net. We set λ1 = 3, λ2=400, λ3 = 4 for naturally pre-trained models, and λ1 =1, λ2 =5000, λ3 =4 for adversarially pre-trained models. The threshold τ is set as 0.1, and we adjust the weights of amplitude-level prompts every 5 epochs. |