Robustness Reprogramming for Representation Learning
Authors: Zhichao Hou, MohamadAli Torkamani, Hamid Krim, Xiaorui Liu
ICLR 2025 | Venue PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Comprehensive experiments and ablation studies across diverse learning models ranging from basic linear model and MLPs to shallow and modern deep Conv Nets demonstrate the effectiveness of our approaches. This work not only opens a promising and orthogonal direction for improving adversarial defenses in deep learning beyond existing methods but also provides new insights into designing more resilient AI systems with robust statistics. |
| Researcher Affiliation | Collaboration | Zhichao Hou1, Mohamad Ali Torkamani2, Hamid Krim1, Xiaorui Liu1 1North Carolina State University 2Amazon Web Services EMAIL, EMAIL, EMAIL, EMAIL |
| Pseudocode | Yes | Algorithm 1 Hybrid Architecture Require: {xd}D d=1, {ad}D d=1, λ. Initialize z(0) NRP M = z LP M = PD d=1 ad xd for k = 0, 1, . . . , K 1 do w(k) d = 1 |adxd z(k) NRP M/D| d [D] z(k+1) NRP M = D PD d=1 w(k) d adxd PD d=1 w(k) d end for return λ z LP M + (1 λ) z(K) NRP M |
| Open Source Code | Yes | Our implementation is available at https://github.com/chris-hzc/Robustness Reprogramming. |
| Open Datasets | Yes | Datasets. We conduct the experiments on MNIST Le Cun & Cortes (2005), SVHN (Netzer et al., 2011), CIFAR10 (Krizhevsky et al., 2009), and Image Net10 (Russakovsky et al., 2015) datasets. |
| Dataset Splits | No | The paper mentions using well-known datasets (MNIST, SVHN, CIFAR10, Image Net10) but does not explicitly provide specific training/test/validation dataset splits (e.g., percentages, sample counts, or citations to predefined splits with specific details) in the text. |
| Hardware Specification | No | The paper does not provide specific hardware details such as GPU models, CPU types, or memory used for running the experiments. It only mentions 'consideration for computation issue' when using narrower ResNets. |
| Software Dependencies | No | The paper shows pseudocode with `torch` functions, implying the use of PyTorch, but it does not specify any software names with version numbers (e.g., Python version, PyTorch version, CUDA version). |
| Experiment Setup | Yes | Baselines & Hyperparameter setting. For backbone Res Nets, we compare the baselines including PGD-AT (Madry, 2017), TRADES (Zhang et al., 2019), MART (Wang et al., 2019), SAT (Huang et al., 2020), and AWP (Wu et al., 2020). We train the baselines for 200 epochs with batch size 128, weight decay 2e-5, momentum 0.9, and an initial learning rate of 0.1 that is divided by 10 at the 100-th and 150-th epoch. For the backbone MLPs and Le Net, we train the vanilla models for 50 epochs. Our robustness reprogramming will fine-tune the pre-trained models for 5 epochs. |