Random Normalization Aggregation for Adversarial Defense
Authors: Minjing Dong, Xinghao Chen, Yunhe Wang, Chang Xu
NeurIPS 2022 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We conduct extensive experiments on various models and datasets, and demonstrate the strong superiority of proposed algorithm.In this section, we provide sufficient evaluation of RNA module on various models and datasets. |
| Researcher Affiliation | Collaboration | Minjing Dong1, Xinghao Chen2, Yunhe Wang2, Chang Xu1 1School of Computer Science, University of Sydney 2Huawei Noah s Ark Lab mdon0736@uni.sydney.edu.au, xinghao.chen@huawei.com, yunhe.wang@huawei.com, c.xu@sydney.edu.au |
| Pseudocode | Yes | Algorithm 1 Random Normalization Aggregation with Black-box Adversarial Training |
| Open Source Code | Yes | The Py Torch code is available at https://github.com/Uni Serj/ Random-Norm-Aggregation and the Mind Spore code is available at https: //gitee.com/mindspore/models/tree/master/research/cv/RNA. |
| Open Datasets | Yes | CIFAR-10/100 We first conduct experiments on CIFAR-10/100 [31] datasets, which contain 50K training images and 10K testing images with size of 32 32 from 10/100 categories. The networks we use are Res Net-18 [31] and Wide Res Net-32 (WRN) [32].The effectiveness of proposed RNA is also evaluated on Image Net [35], which contains 1.2M training images and 50K testing images with size of 224 224 from 1000 categories. |
| Dataset Splits | No | The paper describes training and testing image counts for CIFAR-10/100 and ImageNet, but does not explicitly provide details about a validation dataset split, specific percentages for train/val/test, or mention cross-validation. |
| Hardware Specification | Yes | The experiments are performed on one V100 GPU using Pytorch [33] and Mindspore [34].The experiments are performed on eight V100 GPUs. |
| Software Dependencies | No | The paper mentions 'Pytorch [33]' and 'Mindspore [34]' as software used but does not provide specific version numbers for these or any other software dependencies. |
| Experiment Setup | Yes | The SGD optimizer with a momentum of 0.9 is used. The weight decay is set to 5 10 4. The initial learning rate is set to 0.1 with a piecewise decay learning rate scheduler. All the baselines are trained with 200 epochs with a batch size of 128. The PGD-10 with ϵ = 8/255 and step size of 2/255 is adopted in the adversarial training setting. The SGD optimizer with a momentum of 0.9 is used. The weight decay is set to 1 10 4. The initial learning rate is set to 0.02 with a cosine learning rate scheduler. We load a pretrained Res Net-50 and then adversarailly train the network for 60 epochs with a batch size of 512. The PGD-2 with ϵ = 4/255 is adopted in the adversarial training setting. |