Synergy-of-Experts: Collaborate to Improve Adversarial Robustness
Authors: Sen Cui, Jingfeng ZHANG, Jian Liang, Bo Han, Masashi Sugiyama, Changshui Zhang
NeurIPS 2022 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Empirical experiments verify that So E outperforms various ensemble methods against white-box and transfer-based adversarial attacks. The source codes are available at https://github.com/cuis15/synergy-of-experts. In this section, we conduct experiments on a benchmark dataset to verify the effectiveness of our method in defending against white-box and transfer attacks. |
| Researcher Affiliation | Collaboration | Sen Cui1*, Jingfeng Zhang2*, Jian Liang3, Bo Han4, Masashi Sugiyama2,5, Changshui Zhang1 1Institute for Artificial Intelligence, Tsinghua University (THUAI), Beijing National Research Center for Information Science and Technology (BNRist), Department of Automation,Tsinghua University, Beijing, P.R.China 2 RIKEN Center for Advanced Intelligence Project, Tokyo, Japan 3 Alibaba Group, China 4 Hong Kong Baptist University, Hong Kong SAR, China 5 The University of Tokyo, Tokyo, Japan |
| Pseudocode | Yes | Algorithm 1,2 along with Figure 3 articulates how to learn such the collaboration. In particular, the training of our framework So E shown in Figure 4 is as follows: 1. the sub-model training: the sub-models fit adversarial samples from their own or other sub-models; 2. the collaboration training: the sub-models fit adversarial samples from the collaboration. Algorithm 1 training phase I: the sub-model training. Algorithm 2 training phase II: the collaboration training. |
| Open Source Code | Yes | The source codes are available at https://github.com/cuis15/synergy-of-experts. |
| Open Datasets | Yes | we use CIFAR10 as the data set, a classical image dataset [123] that has 50,000 training images and 10,000 test images. |
| Dataset Splits | No | The paper specifies 50,000 training images and 10,000 test images for CIFAR10, but does not explicitly mention a validation split or number of samples dedicated to validation in the main text. It refers to Appendix for training details but without access to it, explicit information is lacking. |
| Hardware Specification | No | The paper states, "The devices of computing are in Appendix." However, without access to the Appendix, the main text does not provide specific hardware details such as GPU models, CPU types, or memory specifications used for the experiments. |
| Software Dependencies | No | The paper mentions that "The training details are in Appendix." but does not provide specific software names with version numbers (e.g., PyTorch 1.9, Python 3.8) in the main text that are needed to replicate the experiment. |
| Experiment Setup | Yes | We use 50-step PGD with five random starts and the step size of ϵ/5 to attack all methods as in [10]. For the PGD attack, we select the cross-entropy loss to update the perturbations to search for adversarial samples. In particular, we randomly select 1000 samples under different ϵ. |