Targeted Attack against Deep Neural Networks via Flipping Limited Weight Bits
Authors: Jiawang Bai, Baoyuan Wu, Yong Zhang, Yiming Li, Zhifeng Li, Shu-Tao Xia
ICLR 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments demonstrate the superiority of our method in attacking DNNs. |
| Researcher Affiliation | Collaboration | Jiawang Bai 1, 2 , Baoyuan Wu 3, 4, Yong Zhang 5, Yiming Li 1, Zhifeng Li 5, Shu-Tao Xia 1, 2 1 Tsinghua Shenzhen International Graduate School, Tsinghua University ... 5 Tencent AI Lab |
| Pseudocode | Yes | Algorithm 1 Continuous optimization for the BIP problem (5). |
| Open Source Code | Yes | The code is available at: https://github.com/jiawangbai/TA-LBF. |
| Open Datasets | Yes | We conduct experiments on CIFAR-10 (Krizhevsky et al., 2009) and Image Net (Russakovsky et al., 2015). |
| Dataset Splits | Yes | Specifically, for each of the 10 classes in CIFAR-10, we perform attacks on the 100 randomly selected validation images from the other 9 classes. ... for all methods except GDA which does not employ auxiliary samples, we provide 128 and 512 auxiliary samples on CIFAR-10 and Image Net, respectively. |
| Hardware Specification | No | The paper does not specify the hardware used for experiments (e.g., specific GPU or CPU models). |
| Software Dependencies | No | The paper mentions using 'Tensor-RT solution' and pre-trained models from 'pytorch.org' but does not provide specific version numbers for these or other software dependencies. |
| Experiment Setup | Yes | On CIFAR-10, the initial k and λ are set to 5 and 100. On Image Net, λ is initialized as 104; k is initialized as 5 and 50 for Res Net and VGG, respectively. ... During each iteration, the number of gradient steps for updating ˆb is 5 and the step size is set to 0.01 on both datasets. Hyper-parameters (ρ1, ρ2, ρ3) (see Eq. (11)) are initialized as (10 4, 10 4, 10 5) on both datasets, and increase by ρi ρi 1.01, i = 1, 2, 3 after each iteration. The maximum values of (ρ1, ρ2, ρ3) are set to (50, 50, 5) on both datasets. |