Towards Stable and Efficient Adversarial Training against $l_1$ Bounded Adversarial Attacks
Authors: Yulun Jiang, Chen Liu, Zhichao Huang, Mathieu Salzmann, Sabine Susstrunk
ICML 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Our experimental results on various datasets demonstrate that Fast EG-l1 yields the best and most stable robustness against l1-bounded adversarial attacks among the methods of comparable computational complexity. Code and the checkpoints are available at https://github.com/IVRL/Fast Adv L1. |
| Researcher Affiliation | Collaboration | 1School of Computer and Communication Sciences, EPFL, Lausanne, Switzerland 2Department of Computer Science, City University of Hong Kong, Hong Kong, China 3Byte Dance. |
| Pseudocode | Yes | Algorithm 1 Adversarial Training with SLIDE |
| Open Source Code | Yes | Code and the checkpoints are available at https://github.com/IVRL/Fast Adv L1. |
| Open Datasets | Yes | We conduct comprehensive experiments on popular benchmarks, including CIFAR10, CIFAR100 (Krizhevsky et al., 2009) and Image Net100 (Russakovsky et al., 2015). |
| Dataset Splits | Yes | We split 4% of the samples in the training set for validation. |
| Hardware Specification | Yes | We use one NVIDIA A100 GPU for the experiments on CIFAR10 and CIFAR100; and 2 NVIDIA A100 GPUs for the experiments on Image Net100. |
| Software Dependencies | No | The paper mentions software like SGD optimizer, Preact ResNet18, and ResNet34, but it does not specify version numbers for any of the software components or libraries used (e.g., Python, PyTorch, CUDA). |
| Experiment Setup | Yes | We use Preact Res Net18 with softplus activation for experiments in CIFAR10 and CIFAR100, and use Res Net34 for experiments in Image Net100. All the models are trained with an SGD optimizer, with the momentum factor being 0.9 and the weight decay factor being 5 10 4. The training batch size is 128 for CIFAR10 and CIFAR100, and 256 for Image Net100. For CIFAR10 and CIFAR100, we train all models for 40 epochs. The learning rate is initialized to 0.05 and is divided by a factor of 10 at the 30th epoch and the 35th epoch. For Image Net100, the models are trained for 25 epochs. The learning rate is initialized to 0.05 and is divided by a factor of 10 at the 15th epoch and 20th epoch. |