Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Phase and Amplitude-aware Prompting for Enhancing Adversarial Robustness
Authors: Yibo Xu, Dawei Zhou, Decheng Liu, Nannan Wang
ICML 2025 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Experimental results demonstrate the effectiveness of our method. We evaluate the effectiveness of our method for both naturally and adversarially pre-trained models against general attacks and adaptive attacks. Experimental results reveal that our method outperforms state-of-the-art methods and achieves superior transferability. |
| Researcher Affiliation | Academia | 1Xidian University, Xi an, Shaanxi, China. Correspondence to: Nannan Wang <EMAIL>, Dawei Zhou <EMAIL>. |
| Pseudocode | Yes | Algorithm 1 Phase and Amplitude-aware Prompting (PAP). |
| Open Source Code | Yes | Our code is available at https://github.com/yeebox/PAP. |
| Open Datasets | Yes | We use two popular benchmark datasets CIFAR-10 (Krizhevsky et al., 2009) and Tiny Image Net (Le & Yang, 2015) for defense evaluations. |
| Dataset Splits | Yes | CIFAR-10 has 10 classes with 50,000 training images and 10,000 testing images, and Tiny-Image Net has 200 classes with 100,000 training images, 10,000 validation images and 10,000 testing images. |
| Hardware Specification | No | We do not perform evaluations on Image Net due to the limited computational resources. No specific hardware details such as GPU models, CPU types, or memory specifications are provided. |
| Software Dependencies | No | We train them using SGD (Andrew & Gao, 2007) for 100 epochs. No specific software versions for frameworks (e.g., PyTorch, TensorFlow) or programming languages are mentioned. |
| Experiment Setup | Yes | We train prompts by SGD (Andrew & Gao, 2007) for 100 epochs, where the initial learning rate is 0.1 and is divided by 10 at the 75-th epoch. The batch size is 512 for CIFAR-10, and 256 for Tiny-Image Net. We set λ1 = 3, λ2=400, λ3 = 4 for naturally pre-trained models, and λ1 =1, λ2 =5000, λ3 =4 for adversarially pre-trained models. The threshold τ is set as 0.1, and we adjust the weights of amplitude-level prompts every 5 epochs. |