-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Evaluation Metrics #4
Comments
Hi, thank you for your interest!
|
Thank you very much. This makes a lot of sense to me. |
By the way, when will the W-Bench be released? Thanks in advance! |
Hi, W-Bench will be released once our work is published. Thanks for your interest! |
Hi Shilin, thank you very much. Can you please help check the link of "VINE-B-Enc" and "VINE-B-Dec", which both navigate to the encoder link without the decoder? Thanks in advance! |
Thank you for your reminder! I have corrected it! |
Hi Shilin, I used the diffusion model as the regeneration attack (https://github.com/XuandongZhao/WatermarkAttacker) to test VINE. However, it shows VINE can only reach around 17% TPR@0.1%FPR, which is quite different from the results reported in VINE. Did you try this existing attack before? And could you please share with me which diffusion/pipeline you used to evaluate VINE under regeneration attack? Thanks in advance. |
Hi, thank you for your interest in VINE.
|
Thanks for your responses. I strictly followed the implementation (actually without any modification, just use the code they upload...) and diffusion models referenced in the work. I tried v2-1 and v1-4 with noise steps of 30, 60, 100 on both OpenImage and COCO datasets (2000 samples). The TPR@0.1%FPR is consistently much lower. |
Thanks for your responses. There might be an issue with your statistical testing process. I recommend trying other image editing methods, such as UltraEdit or image inversion, which we have provided. This can help verify the accuracy of your statistical tests and determine whether the TPR@0.1% FPR is within the expected range. |
I also tested other image editing methods, including the VAE regeneration from the same reference. Overall, they can reach similar (~10% fluctuation, which is normal) performance as reported in VINE. So, I assume the statistical testing process is OK. Regarding the diffusion one, which is also quite a standard implementation from https://github.com/XuandongZhao/WatermarkAttacker, it seems VINE is not robust against this one (tested many times with different settings, performance reached 15%-25% only on 2000 images randomly selected from each of OpenImage and COCO). Could you share the samples or the diffusion pipeline with me? |
We use the same diffusion pipeline as the one in the repository you mentioned. For sample results, you can refer to Appendix F.1 (Image Regeneration), specifically Figures 10 and 11, in our arXiv paper. We’ve been quite busy recently, but we will be releasing W-Bench soon, which will include these image editing methods and statistical testing codes. You may want to wait for its release for a more comprehensive set of tools. Thank you for your understanding. |
Many thanks. I am looking forward to seeing your implementation for W-Bench. |
Hi Shilin,
It is a great work, and thanks for releasing it to the public.
I was confused about the TPR@0.1%FPR, and from your code, it seems there is only bit accuracy. Could you please indicate how you calculate TPR? Does it require the decoded watermark exactly match the secret (say 100% bit accuracy)?
The text was updated successfully, but these errors were encountered: