Synthesizing Robust Adversarial Examples
Authors: Anish Athalye, Logan Engstrom, Andrew Ilyas, Kevin Kwok
ICML 2018 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We take the first 1000 images in the Image Net validation set, randomly choose a target class for each image, and use EOT to synthesize an adversarial example that is robust over the chosen distribution. We use a fixed λ in our Lagrangian to constrain visual similarity. For each adversarial example, we evaluate over 1000 random transformations sampled from the distribution at evaluation time. Table 1 summarizes the results. |
| Researcher Affiliation | Collaboration | 1Massachusetts Institute of Technology 2Lab Six. |
| Pseudocode | No | The paper describes algorithms and optimization procedures in text but does not contain structured pseudocode or explicitly labeled algorithm blocks. |
| Open Source Code | No | No explicit statement or link to open-source code for the described methodology was found in the paper. The paper only links to a video demonstrating results. |
| Open Datasets | Yes | In our experiments, we use Tensor Flow s standard pretrained Inception V3 classifier (Szegedy et al., 2015) which has 78.0% top-1 accuracy on Image Net. |
| Dataset Splits | Yes | We take the first 1000 images in the Image Net validation set, randomly choose a target class for each image, and use EOT to synthesize an adversarial example that is robust over the chosen distribution. |
| Hardware Specification | No | No specific hardware details (like GPU/CPU models, memory, or cloud instance types) used for running experiments are provided in the paper. |
| Software Dependencies | No | The paper mentions 'Tensor Flow s standard pretrained Inception V3 classifier' but does not provide specific version numbers for TensorFlow or any other software dependencies. |
| Experiment Setup | Yes | We use a fixed λ in our Lagrangian to constrain visual similarity. ... We searched over several λ values in our Lagrangian for each example / target class pair. In our final evaluation, we used the example with the smallest λ that still maintained 90% adversariality over 100 held out, random transformations. ... we approximate the expectation over transformation by taking the mean loss over batches of size 40; furthermore, due to the computational expense of computing new poses, we reuse up to 80% of the batch at each iteration, but enforce that each batch contain at least 8 new poses. |