The Autoencoding Variational Autoencoder
Authors: Taylan Cemgil, Sumedh Ghaisas, Krishnamurthy Dvijotham, Sven Gowal, Pushmeet Kohli
NeurIPS 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Our experimental analysis reveals that encoders trained with our self-consistency approach lead to representations that are robust (insensitive) to perturbations in the input introduced by adversarial attacks. We provide experimental results on the Color Mnist and Celeb A benchmark datasets that quantify the properties of the learned representations and compare the approach with a baseline that is specifically trained for the desired property. |
| Researcher Affiliation | Academia | 34th Conference on Neural Information Processing Systems (NeurIPS 2020), Vancouver, Canada. No explicit institutional affiliations or email domains are provided for the authors within the main body of the paper to allow for precise classification. |
| Pseudocode | Yes | In the appendix 1, we provide pseudocode with a stop-gradients primitive to avoid using contributions of dependent terms of q to the gradient computation. |
| Open Source Code | No | The paper does not provide any explicit statements about releasing source code or include a link to a code repository. |
| Open Datasets | Yes | Experiments are conducted on datasets color MNIST and Celeb A, using both MLP and Convnet architectures in the former, and only Convnet in the latter (for details see Appendix F). |
| Dataset Splits | No | The paper mentions training and testing but does not provide specific dataset split percentages or sample counts for training, validation, or test sets in the provided text. It refers to 'Appendix F' for details, which is not included. |
| Hardware Specification | No | The paper does not provide specific hardware details (e.g., GPU/CPU models, memory) used for running its experiments. |
| Software Dependencies | No | The paper does not provide specific software dependencies or version numbers (e.g., library names with versions) needed to replicate the experiments. |
| Experiment Setup | Yes | In all models, we use a latent space dimension of 64. The learned representations will be evaluated by their robustness against adversarial perturbations. For the evaluation of adversarial accuracy we employ a three step process, i) first we train an encoder-decoder pair agnostic to any classification task, and ii) subsequently, we freeze the encoder parameters and use the mean mapping f µ as a representation to train a linear classifier on top. Thus, each task specific classifier will share the common representation learned by the encoder. Finally, iii) we evaluate the adversarial accuracy of the resulting classifiers. For this, we compute an adversarial perturbation δ such that kδk1 using projected gradient descent (PGD). Here, is the attack radius and the optimization goal is changing the classification decision to a different class. The adversarial accuracy is reported in terms of percentage of examples where the attack is not able to find an adversarial example. |