Revisiting Adversarial Robustness Distillation from the Perspective of Robust Fairness
Authors: Xinli Yue, Mou Ningping, Qian Wang, Lingchen Zhao
NeurIPS 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments show that Fair-ARD surpasses both state-of-the-art ARD methods and existing robust fairness algorithms in terms of robust fairness (e.g., the worst-class robustness under Auto Attack is improved by at most 12.3% and 5.3% using Res Net18 on CIFAR10, respectively), while also slightly improving overall robustness. Our code is available at: https://github.com/NISP-official/Fair-ARD. |
| Researcher Affiliation | Academia | Xinli Yue, Ningping Mou, Qian Wang, Lingchen Zhao Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China {xinliyue, ningpingmou, qianwang, lczhaocs}@whu.edu.cn |
| Pseudocode | Yes | And the algorithms of their fair version Fair-ARD, Fair-IAD, Fair-RSLAD, and Fair-MTARD are in Appendix A. |
| Open Source Code | Yes | Our code is available at: https://github.com/NISP-official/Fair-ARD. |
| Open Datasets | Yes | We conduct the experiments on four benchmark datasets, CIFAR-10, CIFAR-100 [20], SVHN [27], and Tiny-Image Net [21]. |
| Dataset Splits | No | The paper uses standard benchmark datasets but does not explicitly state the train/validation/test split percentages or sample counts within the main text for its own experiments. |
| Hardware Specification | No | No specific hardware details (like GPU models, CPU types, or memory) used for running experiments are provided in the paper. |
| Software Dependencies | No | The paper does not provide specific ancillary software details with version numbers (e.g., library or solver names like PyTorch, TensorFlow, or scikit-learn with their versions) needed to replicate the experiment. |
| Experiment Setup | Yes | We use the stochastic gradient descent (SGD) optimizer with an initial learning rate of 0.1, a momentum of 0.9, and a weight decay of 2e-4 to train the networks. The batch size is set as 128. For the baseline methods, i.e., SAT, TRADES, ARD, IAD, RSLAD, and MTARD, we strictly follow their original settings. For the version improved by our proposed method, namely Fair-ARD, Fair-IAD, Fair-RSLAD, and Fair-MTARD, we also follow the original settings of the non-fair training version. Additionally, we search for the hyperparameter β on CIFAR10 using Fair-ARD and determine β = 2. We adopt β = 2 for all other fair adversarial robustness distillation methods and other datasets. |