Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Vulnerable Data-Aware Adversarial Training
Authors: Yuqi Feng, Jiahao Fan, Yanan Sun
NeurIPS 2025 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | The experiments are conducted in terms of adversarial training and robust neural architecture search on CIFAR-10, CIFAR-100, and Image Net-1K. The results demonstrate that VDAT is up to 76% more efficient than state-of-the-art FAT methods, while achieving improvements regarding the natural accuracy and adversarial accuracy in both scenarios. Furthermore, the visualizations and ablation studies show the effectiveness of both core components designed in VDAT. |
| Researcher Affiliation | Academia | Yuqi Feng, Jiahao Fan, Yanan Sun College of Computer Science, Sichuan University EMAIL, EMAIL, EMAIL |
| Pseudocode | Yes | Algorithm 1 VDAT Algorithm 2 General Workflow of Robust NAS with VDAT |
| Open Source Code | Yes | Question: Does the paper provide open access to the data and code, with sufficient instructions to faithfully reproduce the main experimental results, as described in supplemental material? Answer: [Yes] Justification: The data and code will be publicly available. |
| Open Datasets | Yes | The experiments are conducted in terms of adversarial training and robust neural architecture search on CIFAR-10, CIFAR-100, and Image Net-1K. Besides, the benchmark datasets for adversarial training or robust NAS are CIFAR-10, CIFAR-100 [31], and Image Net-1K [12]. To further demonstrate the scalability of VDAT in the scenario of robust NAS, we perform experiments on both NAS-Bench-101 [52] and NAS-Bench-201 [15] search spaces. |
| Dataset Splits | Yes | Algorithm 2 General Workflow of Robust NAS with VDAT ... 3: Divide X into two halves, i.e., X Train and X Valid. B.3.1 Settings for Training Architectures Searched The experimental settings for the adversarial training follow the convention in the previous study [22, 17, 19]. The PGD adversarial training is adopted to train the derived architectures [35] on CIFAR-10, CIFAR-100, and Image Net-16-120. |
| Hardware Specification | Yes | Please note that all the experiments are performed on the NVIDIA RTX 3090 GPU. |
| Software Dependencies | No | The paper does not explicitly list specific software components with version numbers (e.g., Python, PyTorch, CUDA versions). |
| Experiment Setup | Yes | For the adversarial training on CIFAR-10 and CIFAR-100, the total epoch is set to 110. Meanwhile, the batch size is set to 128, the learning rate is set to 0.1, the momentum is set to 0.9, and the weight decay is set to 10^-4. The learning rate is decayed by the factor 0.1 at the 100-th and 105-th epochs, respectively. As for the adversarial training on Image Net-1K, the total epoch is set to 60. Besides, the batch size is set to 512, while the momentum, the weight decay, and the learning rate are set to the same values as those on CIFAR-10 and CIFAR-100. The learning rate is decayed by the factor 0.1 at the 20-th and 40-th epochs, respectively. Besides, the hyperparameter τ of VDAT is set to five and the interval T is set to ten. The adversarial perturbation adopted before the vulnerability calculation is generated by the FGSM attack. |