Watermarking for Out-of-distribution Detection
- URL: http://arxiv.org/abs/2210.15198v1
- Date: Thu, 27 Oct 2022 06:12:32 GMT
- Title: Watermarking for Out-of-distribution Detection
- Authors: Qizhou Wang, Feng Liu, Yonggang Zhang, Jing Zhang, Chen Gong,
Tongliang Liu, Bo Han
- Abstract summary: Out-of-distribution (OOD) detection aims to identify OOD data based on representations extracted from well-trained deep models.
We propose a general methodology named watermarking in this paper.
We learn a unified pattern that is superimposed onto features of original data, and the model's detection capability is largely boosted after watermarking.
- Score: 76.20630986010114
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Out-of-distribution (OOD) detection aims to identify OOD data based on
representations extracted from well-trained deep models. However, existing
methods largely ignore the reprogramming property of deep models and thus may
not fully unleash their intrinsic strength: without modifying parameters of a
well-trained deep model, we can reprogram this model for a new purpose via
data-level manipulation (e.g., adding a specific feature perturbation to the
data). This property motivates us to reprogram a classification model to excel
at OOD detection (a new task), and thus we propose a general methodology named
watermarking in this paper. Specifically, we learn a unified pattern that is
superimposed onto features of original data, and the model's detection
capability is largely boosted after watermarking. Extensive experiments verify
the effectiveness of watermarking, demonstrating the significance of the
reprogramming property of deep models in OOD detection.
Related papers
- Exploiting Diffusion Prior for Out-of-Distribution Detection [11.11093497717038]
Out-of-distribution (OOD) detection is crucial for deploying robust machine learning models.
We present a novel approach for OOD detection that leverages the generative ability of diffusion models and the powerful feature extraction capabilities of CLIP.
arXiv Detail & Related papers (2024-06-16T23:55:25Z) - DetDiffusion: Synergizing Generative and Perceptive Models for Enhanced Data Generation and Perception [78.26734070960886]
Current perceptive models heavily depend on resource-intensive datasets.
We introduce perception-aware loss (P.A. loss) through segmentation, improving both quality and controllability.
Our method customizes data augmentation by extracting and utilizing perception-aware attribute (P.A. Attr) during generation.
arXiv Detail & Related papers (2024-03-20T04:58:03Z) - Model Reprogramming Outperforms Fine-tuning on Out-of-distribution Data in Text-Image Encoders [56.47577824219207]
In this paper, we unveil the hidden costs associated with intrusive fine-tuning techniques.
We introduce a new model reprogramming approach for fine-tuning, which we name Reprogrammer.
Our empirical evidence reveals that Reprogrammer is less intrusive and yields superior downstream models.
arXiv Detail & Related papers (2024-03-16T04:19:48Z) - Approximations to the Fisher Information Metric of Deep Generative Models for Out-Of-Distribution Detection [2.3749120526936465]
We show that deep generative models consistently infer higher log-likelihoods for OOD data than data they were trained on.
We use the gradient of a data point with respect to the parameters of the deep generative model for OOD detection, based on the simple intuition that OOD data should have larger gradient norms than training data.
Our empirical results indicate that this method outperforms the Typicality test for most deep generative models and image dataset pairings.
arXiv Detail & Related papers (2024-03-03T11:36:35Z) - Unleashing Mask: Explore the Intrinsic Out-of-Distribution Detection
Capability [70.72426887518517]
Out-of-distribution (OOD) detection is an indispensable aspect of secure AI when deploying machine learning models in real-world applications.
We propose a novel method, Unleashing Mask, which aims to restore the OOD discriminative capabilities of the well-trained model with ID data.
Our method utilizes a mask to figure out the memorized atypical samples, and then finetune the model or prune it with the introduced mask to forget them.
arXiv Detail & Related papers (2023-06-06T14:23:34Z) - Robust Out-of-Distribution Detection on Deep Probabilistic Generative
Models [0.06372261626436676]
Out-of-distribution (OOD) detection is an important task in machine learning systems.
Deep probabilistic generative models facilitate OOD detection by estimating the likelihood of a data sample.
We propose a new detection metric that operates without outlier exposure.
arXiv Detail & Related papers (2021-06-15T06:36:10Z) - Why Normalizing Flows Fail to Detect Out-of-Distribution Data [51.552870594221865]
Normalizing flows fail to distinguish between in- and out-of-distribution data.
We demonstrate that flows learn local pixel correlations and generic image-to-latent-space transformations.
We show that by modifying the architecture of flow coupling layers we can bias the flow towards learning the semantic structure of the target data.
arXiv Detail & Related papers (2020-06-15T17:00:01Z) - Unsupervised Anomaly Detection with Adversarial Mirrored AutoEncoders [51.691585766702744]
We propose a variant of Adversarial Autoencoder which uses a mirrored Wasserstein loss in the discriminator to enforce better semantic-level reconstruction.
We put forward an alternative measure of anomaly score to replace the reconstruction-based metric.
Our method outperforms the current state-of-the-art methods for anomaly detection on several OOD detection benchmarks.
arXiv Detail & Related papers (2020-03-24T08:26:58Z) - Likelihood Regret: An Out-of-Distribution Detection Score For
Variational Auto-encoder [6.767885381740952]
probabilistic generative models can assign higher likelihoods on certain types of out-of-distribution samples.
We propose Likelihood Regret, an efficient OOD score for VAEs.
arXiv Detail & Related papers (2020-03-06T00:30:38Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.