Adversarial training for free!
Authors: Ali Shafahi, Mahyar Najibi, Mohammad Amin Ghiasi, Zheng Xu, John Dickerson, Christoph Studer, Larry S. Davis, Gavin Taylor, Tom Goldstein
NeurIPS 2019 | Venue PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Our free adversarial training algorithm achieves comparable robustness to PGD adversarial training on the CIFAR-10 and CIFAR-100 datasets at negligible additional cost compared to natural training, and can be 7 to 30 times faster than other strong adversarial training methods. Using a single workstation with 4 P100 GPUs and 2 days of runtime, we can train a robust model for the large-scale Image Net classification task that maintains 40% accuracy against PGD attacks. |
| Researcher Affiliation | Academia | Ali Shafahi University of Maryland EMAIL Mahyar Najibi University of Maryland EMAIL Amin Ghiasi University of Maryland EMAIL Zheng Xu University of Maryland EMAIL John Dickerson University of Maryland EMAIL Christoph Studer Cornell University EMAIL Larry S. Davis University of Maryland EMAIL Gavin Taylor United States Naval Academy EMAIL Tom Goldstein University of Maryland EMAIL |
| Pseudocode | Yes | Algorithm 1 Free Adversarial Training (Free-m) |
| Open Source Code | Yes | Adversarial Training for Free code for CIFAR-10 in TensorFlow can be found here: https://github. com/ashafahi/free_adv_train/ Image Net Adversarial Training for Free code in Pytorch can be found here: https://github.com/ mahyarnajibi/Free Adversarial Training |
| Open Datasets | Yes | Our free adversarial training algorithm achieves comparable robustness to PGD adversarial training on the CIFAR-10 and CIFAR-100 datasets at negligible additional cost compared to natural training... Image Net is a large image classification dataset of over 1 million high-res images and 1000 classes (Russakovsky et al. [2015]). |
| Dataset Splits | Yes | We train various CIFAR-10 models using the Wide-Resnet 32-10 model and standard hyperparameters used by Madry et al. [2017]. ...CIFAR-10 and CIFAR-100 models that are 7-PGD adversarially trained have natural accuracies of 87.25% and 59.87%, respectively. ...Image Net is a large image classification dataset of over 1 million high-res images and 1000 classes (Russakovsky et al. [2015]). |
| Hardware Specification | Yes | Using a single workstation with 4 P100 GPUs and 2 days of runtime, we can train a robust model for the large-scale Image Net classification task... Free training on Res Net-101 and Res Net-152 each take roughly 1.7 and 2.4 more time than Res Net-50 on the same machine, respectively. |
| Software Dependencies | No | The paper mentions the use of 'TensorFlow' for CIFAR-10 code and 'Pytorch' for ImageNet code in footnotes. However, it does not specify any version numbers for these frameworks or any other software dependencies, which are required for reproducibility. |
| Experiment Setup | Yes | In the proposed method (alg. 1), we repeat (i.e. replay) each minibatch m times before switching to the next minibatch. ...In all experiments, the training batch size was 256. ...To craft attacks, we used a step-size of 1 and the corresponding ϵ used during training. |