Why adversarial training can hurt robust accuracy
Authors: Jacob Clarysse, Julia Hörrmann, Fanny Yang
ICLR 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We first prove this phenomenon for a high-dimensional linear classification setting with noiseless observations. Using intuitive insights from the proof, we could find perturbations on standard image datasets for which this behavior persists. Specifically, it occurs for perceptible perturbations that effectively reduce class information such as object occlusions or corruptions. |
| Researcher Affiliation | Academia | Jacob Clarysse1, Julia H orrmann2, Fanny Yang1 1. Department of Computer Science, ETH Z urich 2. Department of Mathematics, ETH Z urich {jacob.clarysse;fan.yang}@inf.ethz.ch; {julia.hoerrmann}@stat.math.ethz.ch |
| Pseudocode | No | The paper does not contain structured pseudocode or algorithm blocks. |
| Open Source Code | No | The paper does not provide concrete access to source code for the methodology described. It mentions adapting code from other sources (e.g., "For all our experiments on CIFAR-10, we adjusted the code provided by Phan (2021)"), but does not state that its own code is released. |
| Open Datasets | Yes | To build the Waterbirds dataset, we use the CUB-200 dataset Welinder et al. (2010), which contains images and labels of 200 bird species, and 4 background classes (forest, jungle/bamboo, water ocean, water lake natural) of the Places dataset Zhou et al. (2017). ... We use the dataset made available by Mantec on et al. (2019). |
| Dataset Splits | Yes | For every experiment, we choose the learning rate and weight decay parameters that minimize the robust error on a hold-out dataset. |
| Hardware Specification | No | The paper does not provide specific hardware details (e.g., exact GPU/CPU models, processor types, or memory amounts) used for running its experiments. |
| Software Dependencies | No | The paper mentions software like "Open CV" and references code from "Phan (2021)" but does not provide specific version numbers for these or other key software components, which are necessary for full reproducibility. |
| Experiment Setup | Yes | We implement adversarial logistic regression using stochastic gradient descent with a learning rate of 0.01. ... train for up to 10^7 epochs. ... we use a Res Net50 or Res Net18 pretrained on the Image Net dataset for all experiments in the main text, a weight-decay of 10^-4, and train for 300 epochs using the Adam optimizer. ... For the networks trained using standard training we use a learning rate of 0.006 and for the networks trained with adversarial training we used a learning rate of 5x10^-4. We also trained with a weight decay of 10^-4, a batch size of 8 and a momentum of 0.9 for all networks. |