Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in [1].
Stronger and Faster Wasserstein Adversarial Attacks
Authors: Kaiwen Wu, Allen Wang, Yaoliang Yu
ICML 2020 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We conduct experiments on MNIST (Le Cun, 1998), CIFAR-10 (Krizhevsky, 2009) and Image Net (Deng et al., 2009). On MNIST and CIFAR-10, we attack two deep networks used by Wong et al. (2019). On Image Net, we attack a 50-layer residual network (He et al., 2016). In Table 3, we compare (a) strength of different attacks by adversarial accuracy, i.e. model accuracy under attacks and (b) the running speed by the average number of dual iterations. |
| Researcher Affiliation | Collaboration | 1David R. Cheriton School of Computer Science, University of Waterloo 2Vector Institute. Correspondence to: Kaiwen Wu <EMAIL>. |
| Pseudocode | Yes | Algorithm 1: Dual Projection Input: G, C Rn n, x Rn, δ > 0, l = 0, u > 0 Output: Π Rn n 1 while not converged do 3 Π = argminΠ1=x,Π 0 Π G + λC 2 F 4 if Π, C > δ then l = λ 5 else u = λ |
| Open Source Code | Yes | Our implementation is available at https://github.com/watml/fast-wasserstein-adversarial. |
| Open Datasets | Yes | We conduct experiments on MNIST (Le Cun, 1998), CIFAR-10 (Krizhevsky, 2009) and Image Net (Deng et al., 2009). |
| Dataset Splits | Yes | On Image Net, we attack a 50-layer residual network (He et al., 2016). Image Net experiments are run on the first 100 samples in the validation set. |
| Hardware Specification | Yes | We thank NVIDIA Corporation (the data science grant) for donating two Titan V GPUs that enabled in part the computation in this work. |
| Software Dependencies | No | The paper does not provide specific software dependencies with version numbers. |
| Experiment Setup | Yes | FW uses a fixed decay schedule ηt = 2 t+1. Step sizes of PGD are tuned in 1, 10 1, 10 2, 10 3 . Some experiments for different step sizes are presented in 6.1. |