Robust Universal Adversarial Perturbations
Authors: Changming Xu, Gagandeep Singh
ICML 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We perform an extensive evaluation on the popular CIFAR-10 and ILSVRC 2012 datasets measuring our UAPs robustness under a wide range common, real-world transformations such as rotation, contrast changes, etc. We further show that by using a set of primitive transformations our method generalizes well to unseen transformations such as fog, JPEG compression, etc. Our results show that our method can generate UAPs up to 23% more robust than state-of-the-art baselines. |
| Researcher Affiliation | Collaboration | 1Department of Computer Science, University of Illinois Urbana-Champaign, Champaign, USA 2VMWare, California, USA. |
| Pseudocode | Yes | Algorithm 1 Robust UAP Algorithm; Algorithm 2 Stochastic Gradient Descent UAP Algorithm; Algorithm 3 Iterative Universal Perturbation Algorithm (Moosavi-Dezfooli et al. (2017)); Algorithm 4 Est Robustness |
| Open Source Code | No | The paper does not provide any specific links to source code for the methodology or explicit statements about code availability. |
| Open Datasets | Yes | We perform an extensive evaluation on the popular CIFAR-10 (Krizhevsky et al., 2009) and ILSVRC 2012 (Deng et al., 2009) datasets. |
| Dataset Splits | No | The paper mentions training on '2,000 images' and evaluating on a 'random subset (1000 images) for the test set' but does not specify a distinct validation set or the methodology for dividing the entire dataset into train/validation/test splits. |
| Hardware Specification | Yes | All experiments were performed on a desktop PC with a Ge Force RTX(TM) 3090 GPU and a 16-core Intel(R) Core(TM) i99900KS CPU @ 4.00GHz. |
| Software Dependencies | No | The paper mentions using 'standard Py Torch optimizers, Adam, Adamax, Adagrad, and RMSProp' but does not provide specific version numbers for PyTorch or any other software libraries. |
| Experiment Setup | Yes | We report the results for l2-norm with ϵ = 100 for ILSVRC 2012 and ϵ = 10 for CIFAR-10. We use ψ = 0.05 and ϕ = 0.05 resulting in n = 738 for generating samples for our Robust UAP algorithm as well as reporting robust ASR in our evaluation. The UAPs are trained on 2,000 images, other parameters for evaluation are given in Appendix K. In our experiments, we have capped all algorithms at 5 epochs or if they have achieved an ASRR of 0.95. The UAPs are trained with the same transformation set that they are evaluated on. For algorithms running PGD internally, we have capped the number of iterations to 40. |