epoch
- South America > Brazil (0.04)
- Europe > Netherlands > South Holland > Rotterdam (0.04)
- Asia > Japan (0.04)
- Media > Film (1.00)
- Leisure & Entertainment (1.00)
- Health & Medicine > Therapeutic Area > Oncology (0.68)
Fast Approximate Natural Gradient Descent in a Kronecker Factored Eigenbasis
Thomas George, César Laurent, Xavier Bouthillier, Nicolas Ballas, Pascal Vincent
Neural Information Processing Systems http://nips.cc/
- North America > Canada > Quebec > Montreal (0.04)
- Oceania > Tonga (0.04)
- North America > United States > Indiana > Hamilton County > Fishers (0.04)
8cbe9ce23f42628c98f80fa0fac8b19a-Supplemental.pdf
After training for 200 epochs, we achieve the attack success rate (ASR) of99.97% and the natural accuracy on clean data (ACC)of93.73%. Blend attack [6]: We first generate a trigger pattern where each pixel value is sampled from auniform distribution in[0,255]asshowninFigure 6(c). Input-aware Attack (IAB) [30]: The dynamic trigger varies across samples as shown in Figure 6(d). We apply two types of target label selection. Clean-labelAttack(CLB)[42]: The trigger is a3 3checkerboard at the four corners of images as shown in Figure 7(b).
Appendix
We experiment with 8 implementations of MoCaD, i.e. two different calibrators combined with four different ensembling strategies as the same as in previous experiments. For Learned-Mixin, the entropy term weight is set to the value suggested by [1]. We run each experiment five times and report the mean scores and the standard deviations. For the Dirichlet calibrator, we use the same configurationasinFEVER. Experimental Results Table 2 shows the experimental result on image classification.
- Asia > China > Shanghai > Shanghai (0.05)
- North America > United States > Colorado (0.04)
- Asia > China > Jiangsu Province > Nanjing (0.04)
- Asia > China > Shanghai > Shanghai (0.04)
- North America > United States > Colorado (0.04)
- Asia > China > Zhejiang Province (0.04)
- Asia > China > Jiangsu Province > Nanjing (0.04)