Towards Certificated Model Robustness Against Weight Perturbations
Authors: Tsui-Wei Weng, Pu Zhao, Sijia Liu, Pin-Yu Chen, Xue Lin, Luca Daniel6356-6363
AAAI 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We demonstrate the effectiveness of our approach under two applications: a) weight quantization described in Sec. and b) model robustness against fault sneaking attack (Zhao et al. 2019b). To align with our theoretical results, we perform experiments under multilayer perceptron (MLP) models of various numbers of layers1. The performance is evaluated under 4 datasets, MNIST, MNIST-fashion, SVHN, and CIFAR-10. |
| Researcher Affiliation | Collaboration | 1Massachusetts Institute of Technology, Cambridge, MA 02139 2Northeastern University, Boston, MA 02115 3MIT-IBM Watson AI Lab, IBM Research, Yorktown Heights, NY 10598 |
| Pseudocode | No | The paper describes an algorithm (ADMM) and its subproblems in Proposition 1 but does not present it as a structured pseudocode block or algorithm figure. |
| Open Source Code | Yes | 1 The appendix and code are available at https://github.com/ lilyweng/Quantization. |
| Open Datasets | Yes | The performance is evaluated under 4 datasets, MNIST, MNIST-fashion, SVHN, and CIFAR-10. |
| Dataset Splits | Yes | Figure 2: Training/testing accuracy of quantization with/without certification constraints. left) MNIST-Fashion. middle) SVHN. Dashed lines denote training accuracy and solid lines represent test accuracy. |
| Hardware Specification | No | No specific hardware details (e.g., GPU/CPU models, memory amounts, or cloud instance types) used for the experiments are mentioned in the paper. |
| Software Dependencies | No | The paper mentions PyTorch and TensorFlow Lite as examples of platforms supporting weight quantization but does not specify software dependencies with version numbers for their experimental setup. |
| Experiment Setup | Yes | We consider MLP models of 2, 4, 6, 8 and 10 layers, each of which is quantized using 4, 6, and 8 bits. Here we set ϵ(k) c as a percentile of certified robustness bounds (6) over 100 training images. In the following experiments, unless specified otherwise, we choose ϵ(k) c as 50 percentile of certified robustness bounds. All the methods are initialized from the same pre-trained model of continuous weights. |