Closed thuwzy closed 1 year ago
weilinie
commented
1 year ago Hi @thuwzy, your script looks correct to me. Can you also try the standard version of Attack Linf with eps=8/255? Because the reported robust Acc is the lower value of these two settings.
thuwzy
commented
1 year ago Hi @weilinie , I tried standard version of Attack Linf with eps=8/255, with --fix-rand command. I got 51.56%. May be there should be some specification on the setting of odeint?
weilinie
commented
1 year ago @thuwzy Just wanted to check if you can successfully reproduce the ODE results?
thuwzy
commented
1 year ago @weilinie No, I cannot reproduce the ODE results. It seems that the performance of ODE defense is better than the reported results of ODE defense in the paper.
weilinie
commented
1 year ago OK, let me check what configurations we used to report the ODE results and get back here.
thuwzy
commented
1 year ago Thanks!
weilinie
commented
1 year ago @thuwzy Thanks for your feedback. I added the run scripts for getting the ODE results: run_cifar_rand_inf_ode.sh and run_cifar_stand_inf_ode.sh. I think the main difference from your previous configuration is to make sure --step_size 1e-3. Let me know if they work.
thuwzy
commented
1 year ago Thanks! I will try.
thuwzy
commented
1 year ago I run your new scripts and got the reported results same as the paper. Thanks!
weilinie
commented
1 year ago Nice! That's very good to know.
I tried to run attack on ODE. However, the results differ a lot from the reported results in the paper. I got the accuracy of 68% of Linf attack on cifar10 with 8/255. However, the reported result in the paper is 39.86%. Here is my script. Is it anything wrong?