Watermarking for Out-of-distribution Detection

TL;DR

This paper introduces a novel watermarking technique that leverages the reprogramming property of deep models to significantly improve out-of-distribution detection without modifying model parameters.

Contribution

The paper proposes a general watermarking methodology that enhances OOD detection by data-level manipulation, exploiting the reprogramming property of deep models.

Findings

Watermarking boosts OOD detection performance.

Reprogramming property is effective for data-level model adaptation.

Extensive experiments confirm the method's effectiveness.

Abstract

Out-of-distribution (OOD) detection aims to identify OOD data based on representations extracted from well-trained deep models. However, existing methods largely ignore the reprogramming property of deep models and thus may not fully unleash their intrinsic strength: without modifying parameters of a well-trained deep model, we can reprogram this model for a new purpose via data-level manipulation (e.g., adding a specific feature perturbation to the data). This property motivates us to reprogram a classification model to excel at OOD detection (a new task), and thus we propose a general methodology named watermarking in this paper. Specifically, we learn a unified pattern that is superimposed onto features of original data, and the model's detection capability is largely boosted after watermarking. Extensive experiments verify the effectiveness of watermarking, demonstrating the significance of the reprogramming property of deep models in OOD detection.