Uncovering the Connections Between Adversarial Transferability and Knowledge Transferability
Authors: Kaizhao Liang, Jacky Y Zhang, Boxin Wang, Zhuolin Yang, Sanmi Koyejo, Bo Li
ICML 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We conduct extensive experiments for different scenarios on diverse datasets, showing a positive correlation between adversarial transferability and knowledge transferability. |
| Researcher Affiliation | Academia | 1Department of Computer Science, the University of Illinois at Urbana-Champaign, Urbana, USA. |
| Pseudocode | No | The paper describes methods and theoretical analysis but does not include any pseudocode blocks or algorithms in a structured format. |
| Open Source Code | Yes | All code and data are available here. |
| Open Datasets | Yes | All code and data are available here. We first train 5 different architectures (Alex Net, Fully connected network, Le Net, Res Net18, Res Net50) on cifar10 (Krizhevsky et al., 2009). Then we perform transfer learning to STL10 (Coates et al., 2011). |
| Dataset Splits | No | The paper does not explicitly state specific training/validation/test splits (e.g., percentages or sample counts) or mention cross-validation setups. |
| Hardware Specification | No | The paper does not provide specific details about the hardware used for the experiments, such as GPU models, CPU types, or memory. |
| Software Dependencies | No | The paper mentions training models and using certain attack methods (PGD, T3, MI) but does not specify any software or library versions (e.g., PyTorch 1.x, Python 3.x). |
| Experiment Setup | Yes | Models Both the source model f S and target model f T are one-hidden-layer neural networks with sigmoid activation. ... we perturb the model weights of the clean source model as W := W + t V ... We use the standard ℓ2 loss as the adversarial loss function. ... we generate adversarial examples with PGD ... generate adversarial examples by the state-of-the-art whitebox attack algorithm T3 ... conduct ablation studies ... on two additional attack methods, MI (Tram er et al., 2017a), PGD-L2 and two additional ϵ with PGD, 2/225, 4/255. |