Towards Efficient and Effective Adversarial Training
Authors: Gaurang Sriramanan, Sravanti Addepalli, Arya Baburaj, Venkatesh Babu R
NeurIPS 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | 6 Experiments and Analysis, Overview of Datasets and Evaluations: We run extensive evaluation on the following three benchmark datasets: MNIST [18], CIFAR-10 [16] and a 100 class subset of Image Net [10, 26]. Table 1: CIFAR-10 White-box evaluation: Accuracy (%) of various defenses (rows) against different attacks for the CIFAR-10 dataset |
| Researcher Affiliation | Academia | Gaurang Sriramanan , Sravanti Addepalli , Arya Baburaj, R.Venkatesh Babu Video Analytics Lab, Department of Computational and Data Sciences Indian Institute of Science, Bangalore, India |
| Pseudocode | Yes | Algorithm 1 Nuclear Norm Adversarial Training |
| Open Source Code | Yes | Our code and pre-trained models are available here: https://github.com/val-iisc/Nu AT. |
| Open Datasets | Yes | We run extensive evaluation on the following three benchmark datasets: MNIST [18], CIFAR-10 [16] and a 100 class subset of Image Net [10, 26]. |
| Dataset Splits | Yes | For each dataset, we maintain a train-validation split that is balanced equally across all classes. We present details on the datasets, train-validation splits and model architectures in the Supplementary Section. |
| Hardware Specification | No | The paper does not explicitly describe the specific hardware used (e.g., GPU models, CPU types, memory) in its main body. The checklist indicates this information is in the Supplementary Material, which is not provided. |
| Software Dependencies | No | The paper does not provide specific ancillary software details with version numbers (e.g., “Python 3.8”, “PyTorch 1.9”). |
| Experiment Setup | Yes | The proposed regularizer in Eq.1 and Eq.2 is weighted by a factor λ, which controls the accuracy-robustness trade-off. We use the same weight λ for both adversary generation and training, which is linearly increased over the training epochs. Further, we use a novel cyclic-step learning rate schedule that incorporates the cyclic schedule in early epochs of training, and transitions to the use of a step schedule towards the end. Algorithm 1 lists Attack Size ε, Initial Noise Magnitude α, Epochs E, Learning Rate η as inputs. |