Stratified Adversarial Robustness with Rejection
Authors: Jiefeng Chen, Jayaram Raghuram, Jihye Choi, Xi Wu, Yingyu Liang, Somesh Jha
ICML 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Experiments on image datasets demonstrate that the proposed method significantly outperforms existing methods under strong adaptive attacks. For instance, on CIFAR10, CPR reduces the total robust loss (for different rejection losses) by at least 7.3% under both seen and unseen attacks. |
| Researcher Affiliation | Collaboration | 1Department of Computer Sciences, University of Wisconsin at Madison 2Google. |
| Pseudocode | Yes | Algorithm 1 CONSISTENT PREDICTION-BASED REJECTION |
| Open Source Code | Yes | The code for our work can be found at https:// github.com/jfc43/stratified-adv-rej. |
| Open Datasets | Yes | We use the MNIST (Le Cun, 1998), SVHN (Netzer et al., 2011), and CIFAR-10 (Krizhevsky et al., 2009) datasets. |
| Dataset Splits | Yes | We use the last 1,000 images of the test set as a held-out validation set for selecting the hyperparameters of the methods (e.g., the rejection threshold). |
| Hardware Specification | Yes | We ran all our experiments with Py Torch and NVDIA Ge Force RTX 2080Ti GPUs. |
| Software Dependencies | No | The paper mentions 'Py Torch' but does not specify a version number. Other software mentioned (e.g., 'SGD') are general algorithms without versioned dependencies. |
| Experiment Setup | Yes | On MNIST, we set ϵ = 0.1 (such that prej = 1%), m = 20, and η = 0.01. On SVHN and CIFAR-10, we set ϵ = 0.0055 (such that prej = 5%), m = 10, and η = 0.001. |