Robust Weight Perturbation for Adversarial Training
Authors: Chaojian Yu, Bo Han, Mingming Gong, Li Shen, Shiming Ge, Du Bo, Tongliang Liu
IJCAI 2022 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments demonstrate the superiority of the proposed method over the state-of-the-art adversarial training methods. |
| Researcher Affiliation | Collaboration | 1Trustworthy Machine Learning Lab, School of Computer Science, The University of Sydney, Australia 2Department of Computer Science, Hong Kong Baptist University, China 3School of Mathematics and Statistics, The University of Melbourne, Australia 4JD Explore Academy, China 5Institute of Information Engineering, Chinese Academy of Sciences, China 6School of Computer Science, Wuhan University, China |
| Pseudocode | Yes | Algorithm 1 Robust Weight Perturbation (RWP) |
| Open Source Code | Yes | Our implementation is based on Py Torch and the code is publicly available1. 1https://github.com/ChaojianYu/Robust-Weight-Perturbation |
| Open Datasets | Yes | We conduct extensive experiments across three benchmark datasets (CIFAR-10, CIFAR-100 and SVHN) |
| Dataset Splits | No | The paper mentions training and testing but does not explicitly detail a validation split or its size. |
| Hardware Specification | No | The paper does not provide specific hardware details (e.g., GPU/CPU models) used for running the experiments. |
| Software Dependencies | No | The paper mentions 'Py Torch' but does not specify a version number or other software dependencies with their versions. |
| Experiment Setup | Yes | For training, the network is trained for 200 epochs using SGD with momentum 0.9, weight decay 5 10 4, and an initial learning rate of 0.1. The learning rate is divided by 10 at the 100-th and 150-th epoch. Standard data augmentation including random crops with 4 pixels of padding and random horizontal flips are applied. For hyper-parameters in RWP, we set perturbation step K2 = 10 for all datasets. The minimum loss value cmin = 1.7 for CIFAR-10 and SVHN, and cmin = 4.0 for CIFAR-100. The weight perturbation budget of γ = 0.01 for AT-RWP, γ = 0.005 for TRADES-RWP and RST-RWP following literature [Wu et al., 2020]. The training attack is 10-step PGD attack with random start. We follow the same settings in [Rice et al., 2020] : for L threat model, ϵ = 8/255, step size α = 1/255 for SVHN, and α = 2/255 for both CIFAR10 and CIFAR100; for L2 threat model, ϵ = 128/255, step size α = 15/255 for all datasets, which is a standard setting for adversarial training [Madry et al., 2017]. |