Provable robustness against all adversarial $l_p$-perturbations for $p\geq 1$
Authors: Francesco Croce, Matthias Hein
ICLR 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We compare the models obtained via our MMR-Universal regularizer1 to state-of-the-art methods for provable robustness and adversarial training. As evaluation criterion we use the robust test error, defined as the largest classification error when every image of the test set can be perturbed within a fixed set (e.g. an lp-ball of radius ϵp). We focus on the lp-balls with p {1, 2, }. Since computing the robust test error is in general an NP-hard problem, we evaluate lower and upper bounds on it. |
| Researcher Affiliation | Academia | Francesco Croce University of Tübingen, Germany Matthias Hein University of Tübingen, Germany |
| Pseudocode | No | The paper does not contain any structured pseudocode or algorithm blocks. |
| Open Source Code | Yes | Code available at https://github.com/fra31/mmr-universal. |
| Open Datasets | Yes | We train CNNs on MNIST, Fashion-MNIST (Xiao et al. (2017)), German Traffic Sign (GTS) (Stallkamp et al. (2012)) and CIFAR-10 (Krizhevsky et al. (2014)). |
| Dataset Splits | No | The paper does not specify explicit validation dataset splits (e.g., percentages or sample counts for a validation set used during training or hyperparameter tuning). While it mentions statistics computed on a subset of the test set for robustness evaluation, this is not a traditional validation split. |
| Hardware Specification | No | The paper does not provide specific hardware details (e.g., GPU/CPU models, memory amounts, or detailed computer specifications) used for running its experiments. |
| Software Dependencies | No | The paper mentions 'Adam optimizer of Kingma & Ba (2014)' but does not list specific software dependencies with version numbers (e.g., Python, PyTorch, or CUDA versions). |
| Experiment Setup | Yes | For all experiments with MMR-Universal we use batch size 128 and we train the models for 100 epochs. Moreover, we use Adam optimizer of Kingma & Ba (2014) with learning rate of 5 10 4 for MNIST and F-MNIST, 0.001 for the other datasets. We also reduce the learning rate by a factor of 10 for the last 10 epochs. On CIFAR-10 dataset we apply random crops and random mirroring of the images as data augmentation. For training we use MMR-Universal as in (9) with k B linearly (wrt the epoch) decreasing from 20% to 5% of the total number of hidden units of the network architecture. We also use a training schedule for λp where we linearly increase it from λp/10 to λp during the first 10 epochs. |