Intersecting-Boundary-Sensitive Fingerprinting for Tampering Detection of DNN Models
Authors: Bai Xiaofan, Chaoxiang He, Xiaojing Ma, Bin Benjamin Zhu, Hai Jin
ICML 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive evaluation demonstrates that IBSF surpasses existing state-of-the-art fingerprinting methods, particularly with larger subset cardinality, establishing its state-of-the-art performance in black-box tampering detection using only top-1 labels.We conduct extensive experiments on three widely used datasets, CIFAR10, GTSRB, and Image Net, to evaluate IBSF and compare it with two leading fingerprinting methods, SSF (He et al., 2019) and Public Check (Wang et al., 2023). |
| Researcher Affiliation | Collaboration | Xiaofan Bai * 1 2 3 4 5 Chaoxiang He * 1 2 3 4 5 Xiaojing Ma 1 2 3 4 5 Bin Benjamin Zhu 6 Hai Jin 7 2 3 8 ... 1 School of Cyber Science and Engineering, Huazhong University of Science and Technology ... 6Microsoft 7 School of Computer Science and Technology, Huazhong University of Science and Technology |
| Pseudocode | No | The paper does not contain any sections explicitly labeled 'Pseudocode' or 'Algorithm', nor are there structured algorithm blocks presented. |
| Open Source Code | Yes | The IBSF code is available at: https://github.com/CGCL-codes/ IBSF. |
| Open Datasets | Yes | To evaluate detection performance, three commonly used datasets are adopted: CIFAR10 (Krizhevsky, 2009), GTSRB (Stallkamp et al., 2012), and Image Net (Russakovsky et al., 2015). |
| Dataset Splits | No | The paper mentions using well-known datasets (CIFAR10, GTSRB, ImageNet) and training generative models on their 'training sets' but does not provide explicit details (percentages, sample counts, or explicit mention of standard splits) for the training, validation, and test splits used for the main DNN models being fingerprinted. |
| Hardware Specification | Yes | The assessment was conducted on a single NVIDIA RTX3090 GPU. |
| Software Dependencies | No | The paper mentions using 'Pythea (Chadebec et al., 2022)' and refers to other open-source codebases, but it does not specify explicit version numbers for the software dependencies like programming languages or libraries (e.g., 'Python 3.8', 'PyTorch 1.9'). |
| Experiment Setup | No | The paper describes details related to tampering setup (e.g., trigger size, pruning ratio) and the number of fingerprint samples generated. However, it does not explicitly provide specific experimental setup details such as hyperparameters (e.g., learning rate, batch size, number of epochs, or the value of ϵ in Eq. 12) for their proposed IBSF method in the main text. |