Probabilistic Categorical Adversarial Attack and Adversarial Training
Authors: Han Xu, Pengfei He, Jie Ren, Yuxuan Wan, Zitao Liu, Hui Liu, Jiliang Tang
ICML 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | More importantly, through extensive empirical studies, we demonstrate that the well-established defenses for continuous data, such as adversarial training and TRADES, can be easily accommodated to defend DNNs for categorical data. In this section, we conduct experiments to validate the effectiveness and efficiency of PCAA and PADVT . In Section 5.1, we demonstrate that PCAA achieves a better balance between attack success rate and time efficiency. In Section 5.2, we empirically validate that PADVT achieves good robustness against categorical attacks. |
| Researcher Affiliation | Academia | 1Department of Computer Science and Engineering, Michigan State University, East Lansing, MI, USA 2Guangdong Institute of Smart Education, Jinan University, Guangzhou, China. |
| Pseudocode | Yes | Algorithm 1 Probabilistic Categorical Adversarial Attack and Algorithm 2 Probabilistic Adversarial Training (PADVT ) |
| Open Source Code | Yes | Our code is available at https://anonymous.4open.science/r/ categorical-attack-0B9B. |
| Open Datasets | Yes | In this evaluation, we focus on three categorical datasets for various applications.(1) Intrusion Prevention System (IPS) (Wang et al., 2020). (2) AG s News corpus (Zhang et al., 2015). (3) Splice-junction Gene Sequences (Splice) (Noordewier et al., 1990). ... (2) IMDB reviews dataset (Maas et al., 2011). |
| Dataset Splits | No | The paper mentions using specific datasets (IPS, AG's News, Splice, IMDB) and implies the use of training and test sets by discussing model training and evaluation, but it does not explicitly provide the specific percentages or sample counts for training, validation, or test splits for any of these datasets in the main text. |
| Hardware Specification | No | The paper does not provide any specific details about the hardware used for running the experiments, such as GPU models, CPU types, or memory specifications. |
| Software Dependencies | No | The paper mentions software components like 'LSTM', 'CNN', and 'Adam', but it does not specify any version numbers for programming languages, libraries, or frameworks used (e.g., Python, PyTorch, TensorFlow versions). |
| Experiment Setup | Yes | Implementation details. For each dataset, we evaluate the performance in terms of the attack success rate (SR.) and the average running time (T.) under various budget sizes ϵ ranging from 1 to 5. Remind that in PCAA in Eq.(3), the threshold ζ significantly influences the effectiveness of our method. Therefore, in Table 2, we iteratively conduct PCAA with different choices of ζ from a pre-defined set. Given each ζ, we make 100 samplings from the probabilistic distribution. Algorithm 1 Probabilistic Categorical Adversarial Attack input Data D, budget ϵ, number of samples ng, penalty coefficient λ, max iteration I, learning rate γ. Algorithm 2 Probabilistic Adversarial Training (PADVT ) input data D, parameters of clean model θ, budget ϵ, parameters of Algorithm 1, nadv, initial penalty coefficient λ0, penalty coefficient step size α, parameters of Adam optimizer, number of iterations I. |