Safe and Robust Watermark Injection with a Single OoD Image
Authors: Shuyang Yu, Junyuan Hong, Haobo Zhang, Haotao Wang, Zhangyang Wang, Jiayu Zhou
ICLR 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | In this section, we conduct comprehensive experiments to evaluate the effectiveness of the proposed watermark injection method. Datasets. We use CIFAR-10, CIFAR-100 (Krizhevsky et al., 2009) and GTSRB (Stallkamp et al., 2012) for model utility evaluation. ... Evaluation metrics. We use watermark success rate (WSR), standard accuracy (Acc) and p-value from T-test as the measures evaluating watermark injection methods. |
| Researcher Affiliation | Academia | Department of Computer Science and Engineering, Michigan State University Department of Electrical and Computer Engineering, University of Texas at Austin |
| Pseudocode | No | The optimization process is described in text and mathematical formulas (Section 3.2 'Optimization'), but there is no clearly labeled 'Pseudocode' or 'Algorithm' block. |
| Open Source Code | Yes | Codes are available: https://github.com/illidanlab/Single_oodwatermark. |
| Open Datasets | Yes | Datasets. We use CIFAR-10, CIFAR-100 (Krizhevsky et al., 2009) and GTSRB (Stallkamp et al., 2012) for model utility evaluation. |
| Dataset Splits | No | The paper mentions using 'CIFAR-10, CIFAR-100, and GTSRB' for model utility evaluation and 'clean i.i.d. test set' for standard accuracy, but does not explicitly provide details about training/validation/test dataset splits, such as percentages, sample counts, or cross-validation setup, beyond the implicit use of test sets. |
| Hardware Specification | No | The paper does not explicitly describe the specific hardware used for experiments, such as GPU or CPU models, or details about the computing environment. |
| Software Dependencies | No | The paper mentions the use of 'SGD optimizer' and general training parameters, but does not provide specific software dependencies with version numbers, such as programming language versions or library versions (e.g., Python 3.x, PyTorch 1.x). |
| Experiment Setup | Yes | The poisoning ratio of the generated surrogate dataset is 10%. For CIFAR-10 and GTSRB, we finetune the pre-trained model for 20 epochs (first 5 epochs are with WP). For CIFAR-100, we fine-tune the pre-trained model for 30 epochs (first 15 epochs are with WP). The perturbation constraint γ in Eq. (2) is fixed at 0.1 for CIFAR-10 and GTSRB, and 0.05 for CIFAR-100. The trade-off parameter β in Eq. (1) is fixed at 6 for all the datasets. ... All the models are pretrained on clean samples until convergence, with a learning rate of 0.1, SGD optimizer, and batch size 128. |