Second-Order Provable Defenses against Adversarial Attacks
Authors: Sahil Singla, Soheil Feizi
ICML 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Our numerical results show that CRT leads to significantly higher certified robust accuracy compared to interval-bound propagation (IBP) based training. We achieve certified robust accuracy 69.79%, 57.78% and 53.19% while IBP-based methods achieve 44.96%, 44.74% and 44.66% on 2,3 and 4 layer networks respectively on the MNIST-dataset. |
| Researcher Affiliation | Academia | Department of Computer Science, University of Maryland, College Park. Correspondence to: Sahil Singla <ssingla@cs.umd.edu>, Soheil Feizi <sfeizi@cs.umd.edu>. |
| Pseudocode | No | The paper does not contain structured pseudocode or algorithm blocks. |
| Open Source Code | No | The paper does not provide any statement or link indicating that the source code for the methodology is openly available. |
| Open Datasets | Yes | on the MNIST-dataset. ... on the MNIST dataset (Le Cun & Cortes, 2010) and Table 4 for the Fashion-MNIST dataset (Xiao et al., 2017) |
| Dataset Splits | No | The paper mentions using the MNIST and Fashion-MNIST datasets but does not explicitly provide the training, validation, and test dataset split percentages or sample counts needed for reproduction beyond stating that certificates are computed over 150 test images. |
| Hardware Specification | Yes | We use a single NVIDIA Ge Force RTX 2080 Ti GPU. |
| Software Dependencies | No | The paper does not provide specific software dependency details, such as library names with version numbers, required to replicate the experiments. |
| Experiment Setup | Yes | where ℓdenotes the cross entropy loss, y is the true label of the input x(0), t is the attack target and γ is the regularization coefficient for penalizing large curvature values. ... For CROWN-IBP, we vary the final beta hyperparameter between 0.8 and 3, and use the model with best certified accuracy. |