Provably Robust Deep Learning via Adversarially Trained Smoothed Classifiers
Authors: Hadi Salman, Jerry Li, Ilya Razenshteyn, Pengchuan Zhang, Huan Zhang, Sebastien Bubeck, Greg Yang
NeurIPS 2019 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We demonstrate through extensive experimentation that our method consistently outperforms all existing provably ℓ2-robust classifiers by a significant margin on Image Net and CIFAR-10, establishing the state-of-the-art for provable ℓ2-defenses. |
| Researcher Affiliation | Industry | Hadi Salman , Greg Yang , Jerry Li, Pengchuan Zhang , Huan Zhang , Ilya Razenshteyn , Sébastien Bubeck Microsoft Research AI {hadi.salman, gregyang, jerrl, penzhan, t-huzhan, ilyaraz, sebubeck }@microsoft.com |
| Pseudocode | Yes | Pseudocode 1: SMOOTHADV-ersarial Training |
| Open Source Code | Yes | Our code and trained models are available at http://github.com/Hadisalman/smoothing-adversarial2. |
| Open Datasets | Yes | We run experiments on Image Net [8] and CIFAR-10 [19]. |
| Dataset Splits | No | While the paper mentions 'train', 'validation', and 'test' in general contexts, it does not provide specific percentages, sample counts, or explicit instructions for how the dataset was split into training, validation, and test sets to ensure reproducibility for all splits. It specifies test set sizes but not validation or training. |
| Hardware Specification | No | The paper does not provide any specific hardware details (e.g., GPU/CPU models, memory specifications) used for running its experiments. |
| Software Dependencies | No | The paper mentions software components implicitly (e.g., 'neural networks' imply deep learning frameworks) but does not provide specific version numbers for any programming languages, libraries, or other software dependencies. |
| Experiment Setup | Yes | Other than the choice of attack (SMOOTHADVPGD or SMOOTHADVDDN) for adversarial training, our experiments are distinguished based on five main hyperparameters: ϵ = maximum allowed ℓ2 perturbation of the input T = number of steps of the attack σ = std. of Gaussian noise data augmentation during training and certification mtrain = number of noise samples used to estimate (6) during training mtest = number of noise samples used to estimate (6) during evaluation. |