Which model should I use?

[dongyp13]

Hi,

I'm testing the robustness (by PGD) of the provided models on CIFAR10 with perturbation epsilon=8/255.

Which one of cifar_resnet_2px.pth and cifar_resnet_8px.pth should I use for evaluation? I found that cifar_resnet_2px.pth gives much higher accuracy and robustness against PGD than cifar_resnet_8px.pth.

Looking forward for your reply.

[riceric22]

Hey there, the different models achieve different tradeoffs between provable adversarial robustness and standard accuracy. The 8px model will be more robust at larger radii but less robust at the smaller 2px radii, and so both models are equally valuable in demonstrating the tradeoffs at stake.