Robust Classification via a Single Diffusion Model
Authors: Huanran Chen, Yinpeng Dong, Zhengyi Wang, Xiao Yang, Chengqi Duan, Hang Su, Jun Zhu
ICML 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We empirically compare our method with various state-of-the-art methods against strong adaptive attacks, which are integrated with Auto Attack (Croce & Hein, 2020) for more comprehensive evaluations. ... On CIFAR-10 (Krizhevsky & Hinton, 2009), RDC achieves 75.67% robust accuracy under the ℓ∞ norm threat model with ϵ = 8/255, exhibiting a +4.77% improvement over the state-of-the-art adversarial training method (Wang et al., 2023b)... |
| Researcher Affiliation | Collaboration | 1School of Computer Science, Beijing Institute of Technology 2Dept. of Comp. Sci. and Tech., Institute for AI, Tsinghua Bosch Joint ML Center, THBI Lab, BNRist Center, Tsinghua University, Beijing, 100084, China 3Real AI 4Zhongguancun Laboratory, Beijing, 100080, China. |
| Pseudocode | Yes | Algorithm 1 Robust Diffusion Classifier (RDC) |
| Open Source Code | Yes | Code is available at https://github.com/huanranchen/ Diffusion Classifier. |
| Open Datasets | Yes | On CIFAR-10 (Krizhevsky & Hinton, 2009)... |
| Dataset Splits | No | The paper mentions training on CIFAR-10 and evaluating on a subset of the CIFAR-10 test set. While it implicitly uses a validation process for hyperparameter tuning or model selection (e.g., in ablation studies), it does not explicitly define a separate validation dataset split with specific percentages or counts for reproducibility beyond the test set. |
| Hardware Specification | Yes | We conduct Direct Attack on 1 A40 GPUs due to the large memory cost of computational graphs for second-order derivatives. We use 2 3090 GPUs for other experiments. |
| Software Dependencies | No | The paper refers to using specific diffusion models, e.g., “off-the-shelf conditional diffusion model in Karras et al. (2022)”, but does not list general software dependencies like Python, PyTorch/TensorFlow, or CUDA versions. |
| Experiment Setup | Yes | In likelihood maximization, we set the optimization steps N = 5, momentum decay factor µ = 1, optimization budget η = 8/255 (see Sec. 4.5 for an ablation study), step size γ = 0.1. For each timestep, we only sample one ϵ to estimate Eϵ[wt ϵθ(xt, t, y) ϵ 2 2]. |