Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Image Shortcut Squeezing: Countering Perturbative Availability Poisons with Compression
Authors: Zhuoran Liu, Zhengyu Zhao, Martha Larson
ICML 2023 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We present extensive experiments showing that 12 state-of-the-art PAP methods are vulnerable to Image Shortcut Squeezing (ISS), which is based on simple compression. For example, on average, ISS restores the CIFAR10 model accuracy to 81.73%, surpassing the previous best preprocessing-based countermeasures by 37.97% absolute. |
| Researcher Affiliation | Academia | 1Radboud University, Nijmegen, Netherlands 2Xi an Jiaotong University, Xi an, China 3CISPA Helmholtz Center for Information Security, Saarbr ucken, Germany. |
| Pseudocode | No | The paper does not contain any explicitly labeled pseudocode or algorithm blocks. |
| Open Source Code | Yes | Our code is available at https://github.com/ liuzrcc/Image Shortcut Squeezing. |
| Open Datasets | Yes | We consider three datasets: CIFAR10 (Krizhevsky, 2009), CIFAR-100 (Krizhevsky, 2009), and a 100-class subset of Image Net (Deng et al., 2009). |
| Dataset Splits | No | While the paper specifies training and testing image counts for CIFAR-10/100 (50000 training, 10000 testing) and uses the 'official validation set for testing' for ImageNet, it does not explicitly define a separate validation split for hyperparameter tuning during training across all datasets, nor does it provide a comprehensive train/validation/test split for all setups described. |
| Hardware Specification | No | The paper does not provide specific details about the hardware used for experiments, such as exact GPU/CPU models or cloud instance specifications. |
| Software Dependencies | No | The paper mentions software components like "torchvision transforms module" but does not specify their version numbers, which are necessary for reproducible ancillary software details. |
| Experiment Setup | Yes | We train the CIFAR10/100 models for 60 epochs and the Image Net models for 100 epochs. We use SGD with a momentum of 0.9, a learning rate of 0.025, and cosine weight decay. ... If not explicitly mentioned, we use JPEG with a quality factor of 10 and bit depth reduction (BDR) with 2 bits. ... For adversarial training (AT), PGD-10 is used with a step size of 2 255, where the model is trained on CIFAR-10 for 100 epochs. We use a kernel size of 3 for both median, mean, and Gaussian smoothing (with a standard deviation of 0.1). |