Towards Deep Learning Models Resistant to Adversarial Attacks
Authors: Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, Adrian Vladu
ICLR 2018 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We conduct a careful experimental study of the optimization landscape corresponding to this saddle point formulation... Building on the above insights, we train networks on MNIST and CIFAR10 that are robust to a wide range of adversarial attacks |
| Researcher Affiliation | Academia | Aleksander M adry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, Adrian Vladu Department of Electrical Engineering and Computer Science Massachusetts Institute of Technology Cambridge, MA 02139, USA {madry,amakelov,ludwigs,tsipras,avladu}@mit.edu |
| Pseudocode | No | The paper does not contain any structured pseudocode or algorithm blocks. |
| Open Source Code | Yes | Overall, these findings suggest that secure neural networks are within reach. In order to further support this claim, we have invited the community to attempt attacks against our MNIST and CIFAR10 networks in the form of an open challenge1,2. 1https://github.com/Madry Lab/mnist_challenge 2https://github.com/Madry Lab/cifar10_challenge |
| Open Datasets | Yes | We train networks on MNIST and CIFAR10 that are robust to a wide range of adversarial attacks... For both MNIST and CIFAR10, our adversary of choice will be projected gradient descent... |
| Dataset Splits | No | The paper mentions “training set” and “evaluation set” but does not explicitly provide details for a “validation” set or comprehensive split percentages for all three. |
| Hardware Specification | No | The paper does not specify the exact hardware (e.g., GPU models, CPU types, or memory) used for running the experiments. It only mentions “computing resources” generally. |
| Software Dependencies | No | The paper refers to “Tensor flow models repository” for Resnet models but does not specify version numbers for any software dependencies like TensorFlow, PyTorch, or other libraries. |
| Experiment Setup | Yes | We run 40 iterations of projected gradient descent as our adversary, with a step size of 0.01... We train and evaluate against perturbations of size ε = 0.3. We use a network consisting of two convolutional layers with 32 and 64 filters respectively, each followed by 2 2 max-pooling, and a fully connected layer of size 1024. ... For the CIFAR10 dataset... PGD adversary with ℓ projected gradient descent again, this time using 7 steps of size 2, and a total ε = 8. For our hardest adversary we chose 20 steps with the same settings. |