Self-Supervised Adversarial Training via Diverse Augmented Queries and Self-Supervised Double Perturbation
Authors: Ruize Zhang, Sheng Tang, Juan Cao
NeurIPS 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We conduct experiments on CIFAR-10 and CIFAR-100, the commonly used datasets in previous works. On CIFAR-100, our proposed method improves over 2% on Auto Attack [7] and clean data results with Res Net-34. On CIFAR-10, our method improves over 1% on Auto Attack [7] and over 2% on clean data results with Res Net-34. The experimental results demonstrate the effectiveness of our method across SSL frameworks, models and datasets. |
| Researcher Affiliation | Academia | Ruize Zhang Institute of Computing Technology, Chinese Academy of Sciences University of Chinese Academy of Sciences Beijing, China zhangruize21b@ict.ac.cn Sheng Tang Institute of Computing Technology, Chinese Academy of Sciences University of Chinese Academy of Sciences Beijing, China ts@ict.ac.cn Juan Cao Institute of Computing Technology, Chinese Academy of Sciences University of Chinese Academy of Sciences Beijing, China caojuan@ict.ac.cn |
| Pseudocode | No | The paper provides mathematical formulations but no explicitly labeled pseudocode or algorithm blocks. |
| Open Source Code | No | Our code is available at https://github.com/rzzhang222/DAQ-SDP. (However, the NeurIPS Paper Checklist states: "The URL of the code will be released if got accepted." with a 'No' answer for open access to code, indicating it's not currently open.) |
| Open Datasets | Yes | We conduct experiments on CIFAR-10 and CIFAR-100, the commonly used datasets in previous works. |
| Dataset Splits | No | The paper explicitly mentions train and test sets but does not provide specific details or percentages for a validation split. |
| Hardware Specification | Yes | All experiments are conducted on 2 RTX 3090 GPUs. |
| Software Dependencies | No | The paper does not provide specific version numbers for software dependencies like Python, PyTorch, or CUDA. |
| Experiment Setup | Yes | All SSL models in our method are first trained with clean data for 1000 epochs, then adversarially trained with 5-step PGD attack with the epsilon size of 8/255. Methods in previous works are adversarially trained for 1000 epoches as mentioned in their papers. The robustness is evaluated with Auto Attack [7] and PGD attack with 20 iterations and epsilon size of 8/255. λ is set to 2. We use double adversarial perturbation after 60 epochs of training and weight perturbation size constraint of 0.002. The SLF and AFF finetuning details are the same as previous works [14, 38] with 25 steps of training and initial learning rate of 0.1. |