arxiv: 2605.12942 · v1 · submitted 2026-05-13 · 💻 cs.CR

Recognition: unknown

From Compression to Accountability: Harmless Copyright Protection for Dataset Distillation

Yan Liang , Ziyuan Yang , Mengyu Sun , Joey Tianyi Zhou , Yi Zhang

Authors on Pith no claims yet

Pith reviewed 2026-05-14 18:44 UTC · model grok-4.3

classification 💻 cs.CR

keywords dataset distillationcopyright protectionsubpopulation biasblack-box verificationmodel tracingharmless watermarkingdata provenance

0 comments

The pith

SubPopMark embeds subpopulation biases into distilled datasets so trained models reveal their data source through predictable prediction patterns.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper shows that deep networks memorize subpopulation distributions during training and therefore exhibit systematic accuracy advantages on data drawn from those same subpopulations. It turns this memorization effect into a protection mechanism by deliberately shaping the subpopulation structure of a distilled dataset so that any model trained on it carries a detectable behavioral signature. Two optimization stages first inject a class-consistent bias across the whole dataset and then add user-specific perturbations, after which a reference bank of model outputs on standard and shifted test sets is used for black-box matching. Because the markers ride on the network's natural learning dynamics rather than on added triggers, they avoid the security problems of conventional backdoor watermarks. If the approach holds, owners of distilled datasets gain a practical way to verify unauthorized use and trace downstream models without altering training trajectories or introducing malicious behavior.

Core claim

Deep neural networks memorize subpopulation distributions in training data, producing a reliable prediction bias toward samples aligned with those memorized subpopulations. SubPopMark exploits this bias by first optimizing a distilled dataset to carry a class-consistent subpopulation structure (Copyright Verification Marker stage) and then layering user-specific perturbations (User-Specific Tracing Marker stage), while keeping the original optimization trajectory intact. A reference behavior bank is built by recording model outputs on carefully chosen test sets that include both standard and subpopulation-shifted distributions; provenance of a suspect model is recovered by matching its own输出

What carries the argument

SubPopMark, a two-stage optimization process that injects class-consistent subpopulation bias followed by user-distinguishable perturbations into distilled data, paired with a reference behavior bank for black-box signature matching.

If this is right

Distilled datasets can be released with built-in provenance tracking that survives downstream training.
Verification and user tracing operate in black-box settings by comparing output patterns on fixed test sets.
No auxiliary trigger labels or malicious backdoor behaviors are required, reducing security exposure.
The markers preserve the utility of the distilled dataset for its intended training purpose.
Multiple owners can embed distinguishable markers in the same base distilled set.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same subpopulation-bias principle could be tested on other compressed representations such as pruned models or quantized weights.
If the bias persists across architecture changes, owners gain a way to audit models whose training data source is otherwise hidden.
Regulatory regimes that require dataset provenance could treat SubPopMark-style markers as a lightweight compliance tool.
The approach raises the question of whether similar natural memorization effects exist in non-image domains such as text or graph data.

Load-bearing premise

Models trained on the protected distilled data will reliably show stronger performance on subpopulations that match the injected bias.

What would settle it

Train several models on SubPopMark-distilled data and several on unmarked distilled data of the same size; measure whether the accuracy gap on subpopulation-shifted test sets disappears or reverses.

Figures

Figures reproduced from arXiv: 2605.12942 by Joey Tianyi Zhou, Mengyu Sun, Yan Liang, Yi Zhang, Ziyuan Yang.

**Figure 2.** Figure 2: The overview of our proposed method. where PM and PM denote the manipulation subset and transformed distributions. Since the transformed samples follow a consistent subpopulation structure introduced during training, the infringing model assigns a higher posterior probability to the correct label compared to the reference model. Therefore, we expect: Pmark(y | x) > Psyn(y | x). (9) Consequently, the confid… view at source ↗

**Figure 3.** Figure 3: Performance analysis of SubPopMark across diverse datasets and IPC settings using the DC distillation method. All [PITH_FULL_IMAGE:figures/full_fig_p008_3.png] view at source ↗

**Figure 4.** Figure 4: Performance analysis of SubPopMark across diverse datasets and IPC settings using the DC distillation method across [PITH_FULL_IMAGE:figures/full_fig_p009_4.png] view at source ↗

**Figure 5.** Figure 5: Stable reference values of copyright verification performance gaps for reference and infringing models across various [PITH_FULL_IMAGE:figures/full_fig_p009_5.png] view at source ↗

**Figure 6.** Figure 6: Comparison of prediction distributions between infring [PITH_FULL_IMAGE:figures/full_fig_p011_6.png] view at source ↗

**Figure 7.** Figure 7: Visualization of the original and our protected distilled [PITH_FULL_IMAGE:figures/full_fig_p012_7.png] view at source ↗

**Figure 8.** Figure 8: Computational efficiency analysis. Transformer-based marker is combined with the ConvNetbased markers, the proposed framework still preserves effective copyright verification on convolutional architectures, indicating that the protection signals remain robust under heterogeneous backbone settings. VII. CONCLUSION In this paper, we propose SubPopMark, a harmless framework for copyright protection and data… view at source ↗

read the original abstract

Large-scale datasets have been a key driving force behind the rapid progress of deep learning, but their storage, computational, and energy costs have become increasingly prohibitive. Dataset distillation (DD) mitigates this problem by synthesizing compact yet informative datasets, thereby enabling efficient model training and storage. However, the ease of copying and distributing distilled datasets introduces serious risks of copyright infringement and data leakage. Existing protection methods are primarily designed for raw datasets rather than distilled datasets, and typically rely on backdoor-triggered malicious behaviors, which may raise security concerns. In this paper, we observe that deep neural networks tend to memorize subpopulation distributions during training, resulting in a systematic prediction bias, where models perform better on samples aligned with memorized subpopulations. Motivated by this observation, we propose SubPopMark, a harmless subpopulation-driven protection framework for distilled datasets. SubPopMark consists of two stages. First, the Copyright Verification Marker(CVM) optimization stage injects a class-consistent subpopulation bias while preserving the original optimization trajectory. Second, the User-Specific Tracing Marker (USTM) optimization stage further introduces user-distinguishable perturbations into the CVM-augmented data. To enable black-box verification and tracing, we construct a reference behavior bank by collecting model outputs over carefully designed test sets that cover both standard and subpopulation-shifted data distributions. The provenance of a suspicious model is then inferred by comparing its output behavior signature with the bank and identifying the most consistent reference behavior pattern.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

SubPopMark injects subpopulation biases into distilled data for black-box copyright tracing without backdoors, but the abstract leaves the survival of those biases through distillation untested.

read the letter

The paper's real move is SubPopMark: a two-stage process that first optimizes a copyright verification marker to add class-consistent subpopulation bias while keeping the original distillation trajectory intact, then adds user-specific tracing markers on top. They collect model outputs on both standard and subpopulation-shifted test sets to build a reference behavior bank, letting owners match a suspicious model's signature in black-box settings. This sidesteps the security headaches of backdoor triggers that earlier protection work used on raw data. The motivation draws from the observation that networks pick up subpopulation distributions during training and show corresponding prediction biases, which feels like a natural fit for the compressed setting of dataset distillation. It is new in the DD literature and keeps the protection harmless to downstream training performance. The soft spot is the missing evidence. The abstract describes the framework and the reference bank but shows no accuracy numbers, no ablation on how much the markers shift outputs, and no check on whether the injected bias actually persists once distillation compresses the data. Distillation methods routinely collapse fine-grained variance, so the subpopulation cues could easily get washed out or lost in optimization noise. If the full paper has experiments that quantify verification success rates and show the bias survives, that would shore it up; without them the central claim stays plausible but unproven. This is for people already working on dataset distillation or data provenance in efficient training pipelines. A reader who needs a concrete way to share synthetic sets without easy copying would get a usable framework to build on. It deserves peer review because the problem is practical and the black-box tracing angle is worth testing, even if the empirical section needs expansion.

Referee Report

2 major / 1 minor

Summary. The paper proposes SubPopMark, a harmless subpopulation-driven protection framework for distilled datasets. It observes that DNNs memorize subpopulation distributions during training, inducing systematic prediction biases, and uses this to inject class-consistent biases via a Copyright Verification Marker (CVM) stage followed by user-specific perturbations in a User-Specific Tracing Marker (USTM) stage. Black-box verification and tracing are enabled by constructing a reference behavior bank from model outputs on standard and subpopulation-shifted test sets, allowing provenance inference by matching output signatures.

Significance. If the injected biases reliably survive distillation and produce distinguishable signatures, the framework would provide a non-malicious, black-box accountability mechanism for compressed datasets, addressing copyright risks without the security concerns of backdoor triggers. It could strengthen dataset distillation's practical deployment by enabling tracing of unauthorized model training.

major comments (2)

[Abstract and Section 3] Abstract and Section 3: The core claim that CVM/USTM-injected subpopulation biases survive distillation and yield measurable, persistent prediction shifts on shifted test distributions is load-bearing but unsupported. No quantitative results, ablation studies, or verification experiments appear in the manuscript; the abstract describes the method and motivation without empirical validation of the memorization assumption or signature distinguishability.
[Section 3] Section 3: The two-stage optimization (CVM preserving original trajectory, then USTM adding user-distinguishable perturbations) and reference behavior bank construction presuppose that fine-grained distributional cues remain after distillation. If standard DD methods (e.g., DC/DSA) already collapse subpopulation variance, the bias may be too weak or confounded by optimization noise to produce reliable signatures, directly undermining verification and tracing.

minor comments (1)

The abstract refers to 'carefully designed test sets that cover both standard and subpopulation-shifted data distributions' without specifying design criteria, coverage metrics, or how signatures are compared (e.g., distance metric or threshold).

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback and the opportunity to clarify our work. We address each major comment below and agree that additional empirical validation is required to substantiate the core claims.

read point-by-point responses

Referee: [Abstract and Section 3] Abstract and Section 3: The core claim that CVM/USTM-injected subpopulation biases survive distillation and yield measurable, persistent prediction shifts on shifted test distributions is load-bearing but unsupported. No quantitative results, ablation studies, or verification experiments appear in the manuscript; the abstract describes the method and motivation without empirical validation of the memorization assumption or signature distinguishability.

Authors: We agree that the manuscript as submitted lacks the quantitative experiments needed to validate the load-bearing claims. The current version focuses on describing the SubPopMark framework, the CVM/USTM stages, and the reference behavior bank construction, motivated by the observed DNN memorization of subpopulation distributions. In the revised manuscript we will add a full experimental section containing: (i) controlled measurements of prediction bias on standard vs. subpopulation-shifted test sets before and after distillation, (ii) ablation studies isolating CVM and USTM contributions, and (iii) end-to-end verification and tracing accuracy using the behavior bank. These additions will directly test both the memorization assumption and signature distinguishability. revision: yes
Referee: [Section 3] Section 3: The two-stage optimization (CVM preserving original trajectory, then USTM adding user-distinguishable perturbations) and reference behavior bank construction presuppose that fine-grained distributional cues remain after distillation. If standard DD methods (e.g., DC/DSA) already collapse subpopulation variance, the bias may be too weak or confounded by optimization noise to produce reliable signatures, directly undermining verification and tracing.

Authors: This concern is well-taken and directly tests the practical viability of the approach. Our CVM stage is explicitly formulated to inject class-consistent bias while staying close to the original distillation trajectory, and USTM adds user-specific perturbations on top. Nevertheless, whether these cues survive standard DD pipelines (DC, DSA, etc.) must be shown empirically. The revision will therefore include side-by-side comparisons against DC/DSA baselines, reporting accuracy deltas on shifted test distributions and signature-matching success rates in the behavior bank. Should the injected bias prove too weak under certain DD methods, we will document the limitation and discuss possible strengthening techniques. revision: yes

Circularity Check

0 steps flagged

SubPopMark derives protection markers from an empirical memorization observation without reducing verification to fitted parameters or self-referential constructions.

full rationale

The paper motivates its two-stage CVM/USTM injection and reference behavior bank construction directly from the stated empirical observation that DNNs memorize subpopulation distributions, leading to prediction bias. No equations, derivations, or claims in the abstract or provided text reduce the black-box verification or tracing to a tautology, a fitted input renamed as prediction, or a load-bearing self-citation chain. The behavior bank is built from outputs on explicitly designed test sets covering standard and shifted distributions, which is an independent empirical step rather than a redefinition of the injected bias. This is a standard empirical framework with no self-definitional, fitted-prediction, or uniqueness-imported circularity.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on the unproven empirical observation that DNNs systematically memorize subpopulation distributions; no free parameters or invented entities are explicitly introduced in the abstract.

axioms (1)

domain assumption Deep neural networks memorize subpopulation distributions during training, producing systematic prediction bias on aligned samples.
Stated as the motivating observation in the abstract; no independent evidence or citation provided.

pith-pipeline@v0.9.0 · 5564 in / 1107 out tokens · 39650 ms · 2026-05-14T18:44:56.198220+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

44 extracted references · 5 canonical work pages · 3 internal anchors

[1]

A comprehensive survey of dataset distillation.IEEE Transactions on Pattern Analysis and Machine Intelligence, 46(1):17–32, 2023

Shiye Lei and Dacheng Tao. A comprehensive survey of dataset distillation.IEEE Transactions on Pattern Analysis and Machine Intelligence, 46(1):17–32, 2023

2023
[2]

Bert: Pre-training of deep bidirectional transformers for language understanding

Jacob Devlin, Ming-Wei Chang, Kenton Lee, and Kristina Toutanova. Bert: Pre-training of deep bidirectional transformers for language understanding. InProceedings of the 2019 conference of the North American chapter of the association for computational linguistics: human language technologies, volume 1 (long and short papers), pages 4171– 4186, 2019

2019
[3]

Randla-net: Efficient semantic segmentation of large-scale point clouds

Qingyong Hu, Bo Yang, Linhai Xie, Stefano Rosa, Yulan Guo, Zhihua Wang, Niki Trigoni, and Andrew Markham. Randla-net: Efficient semantic segmentation of large-scale point clouds. InProceedings of the IEEE/CVF conference on computer vision and pattern recognition, pages 11108–11117, 2020

2020
[4]

Self-supervised graph transformer on large- scale molecular data.Advances in neural information processing systems, 33:12559–12571, 2020

Yu Rong, Yatao Bian, Tingyang Xu, Weiyang Xie, Ying Wei, Wenbing Huang, and Junzhou Huang. Self-supervised graph transformer on large- scale molecular data.Advances in neural information processing systems, 33:12559–12571, 2020

2020
[5]

Green ai

Roy Schwartz, Jesse Dodge, Noah A Smith, and Oren Etzioni. Green ai. Communications of the ACM, 63(12):54–63, 2020

2020
[6]

Trust the unreliability: Inward backward dynamic unreliability driven coreset selection for medical image classification, 2026

Yan Liang, Ziyuan Yang, Zhuxin Lei, Mengyu Sun, Yingyu Chen, and Yi Zhang. Trust the unreliability: Inward backward dynamic unreliability driven coreset selection for medical image classification, 2026

2026
[7]

Diversity-driven synthesis: Enhancing dataset distillation through directed weight adjustment.Advances in neural information processing systems, 37:119443–119465, 2024

Jiawei Du, Xin Zhang, Juncheng Hu, Wenxing Huang, and Joey T Zhou. Diversity-driven synthesis: Enhancing dataset distillation through directed weight adjustment.Advances in neural information processing systems, 37:119443–119465, 2024

2024
[8]

On the diversity and realism of distilled dataset: An efficient dataset distillation paradigm

Peng Sun, Bei Shi, Daiwei Yu, and Tao Lin. On the diversity and realism of distilled dataset: An efficient dataset distillation paradigm. InProceedings of the IEEE/CVF conference on computer vision and pattern recognition, pages 9390–9399, 2024

2024
[9]

Dataset condensation with distribution matching

Bo Zhao and Hakan Bilen. Dataset condensation with distribution matching. InProceedings of the IEEE/CVF winter conference on applications of computer vision, pages 6514–6523, 2023

2023
[10]

Teddy: Efficient large-scale dataset distillation via taylor-approximated matching

Ruonan Yu, Songhua Liu, Jingwen Ye, and Xinchao Wang. Teddy: Efficient large-scale dataset distillation via taylor-approximated matching. InEuropean Conference on Computer Vision, pages 1–17. Springer, 2024

2024
[11]

Poisoned distillation: Injecting backdoors into distilled datasets without raw data access

Ziyuan Yang, Ming Yan, Yi Zhang, and Joey Tianyi Zhou. Poisoned distillation: Injecting backdoors into distilled datasets without raw data access. InProceedings of the AAAI Conference on Artificial Intelligence, volume 40, pages 1444–1452, 2026

2026
[12]

Dataset distillation.arXiv preprint arXiv:1811.10959, 2018

Tongzhou Wang, Jun-Yan Zhu, Antonio Torralba, and Alexei A Efros. Dataset distillation.arXiv preprint arXiv:1811.10959, 2018

work page arXiv 2018
[13]

Backdoor attacks against dataset distillation.arXiv preprint arXiv:2301.01197, 2023

Yugeng Liu, Zheng Li, Michael Backes, Yun Shen, and Yang Zhang. Backdoor attacks against dataset distillation.arXiv preprint arXiv:2301.01197, 2023

work page arXiv 2023
[14]

Efficient dataset distillation using random feature approximation.Advances in Neural Information Processing Systems, 35:13877–13891, 2022

Noel Loo, Ramin Hasani, Alexander Amini, and Daniela Rus. Efficient dataset distillation using random feature approximation.Advances in Neural Information Processing Systems, 35:13877–13891, 2022

2022
[15]

Provable and efficient dataset distillation for kernel ridge regression.Advances in Neural Information Processing Systems, 37:88739–88771, 2024

Yilan Chen, Wei Huang, and Tsui-Wei Weng. Provable and efficient dataset distillation for kernel ridge regression.Advances in Neural Information Processing Systems, 37:88739–88771, 2024

2024
[16]

Dataset condensation with gradient matching

Bo Zhao, Konda Reddy Mopuri, and Hakan Bilen. Dataset condensation with gradient matching. InNinth International Conference on Learning Representations 2021, 2021

2021
[17]

Dataset condensation with differentiable siamese augmentation

Bo Zhao and Hakan Bilen. Dataset condensation with differentiable siamese augmentation. InInternational Conference on Machine Learning, pages 12674–12685. PMLR, 2021

2021
[18]

Efficient industrial dataset distillation with textual trajectory matching

Muquan Li, Qian Dong, Dongyang Zhang, Ke Qin, and Guangchun Luo. Efficient industrial dataset distillation with textual trajectory matching. IEEE Transactions on Industrial Informatics, pages 1–12, 2026

2026
[19]

Dataset distillation by matching training trajectories

George Cazenavette, Tongzhou Wang, Antonio Torralba, Alexei A Efros, and Jun-Yan Zhu. Dataset distillation by matching training trajectories. InProceedings of the IEEE/CVF conference on computer vision and pattern recognition, pages 4750–4759, 2022

2022
[20]

Scaling up dataset distillation to imagenet-1k with constant memory

Justin Cui, Ruochen Wang, Si Si, and Cho-Jui Hsieh. Scaling up dataset distillation to imagenet-1k with constant memory. InInternational Conference on Machine Learning, pages 6565–6590. PMLR, 2023

2023
[21]

Halftone image watermarking by content aware double-sided embedding error diffusion.IEEE Transactions on Image Processing, 27(7):3387– 3402, 2018

Yuanfang Guo, Oscar C Au, Rui Wang, Lu Fang, and Xiaochun Cao. Halftone image watermarking by content aware double-sided embedding error diffusion.IEEE Transactions on Image Processing, 27(7):3387– 3402, 2018

2018
[22]

Robust digital watermarking techniques for copyright protection of digital data: A survey

Poonam Kadian, Shiafali M Arora, and Nidhi Arora. Robust digital watermarking techniques for copyright protection of digital data: A survey. Wireless Personal Communications, 118(4):3225–3249, 2021

2021
[23]

Identity-based encryption transformation for flexible sharing of encrypted data in public cloud.IEEE Transactions on Information Forensics and Security, 15:3168–3180, 2020

Hua Deng, Zheng Qin, Qianhong Wu, Zhenyu Guan, Robert H Deng, Yujue Wang, and Yunya Zhou. Identity-based encryption transformation for flexible sharing of encrypted data in public cloud.IEEE Transactions on Information Forensics and Security, 15:3168–3180, 2020

2020
[24]

Visual privacy protection via mapping distortion

Yiming Li, Peidong Liu, Yong Jiang, and Shu-Tao Xia. Visual privacy protection via mapping distortion. InICASSP 2021-2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 3740–3744. IEEE, 2021

2021
[25]

Multinomial random forest.Pattern Recognition, 122:108331, 2022

Jiawang Bai, Yiming Li, Jiawei Li, Xue Yang, Yong Jiang, and Shu-Tao Xia. Multinomial random forest.Pattern Recognition, 122:108331, 2022

2022
[26]

Black-box dataset ownership verification via backdoor watermarking

Yiming Li, Mingyan Zhu, Xue Yang, Yong Jiang, Tao Wei, and Shu-Tao Xia. Black-box dataset ownership verification via backdoor watermarking. IEEE Transactions on Information Forensics and Security, 18:2318–2332, 2023

2023
[27]

Did you train on my dataset? towards public dataset protection with cleanlabel backdoor watermarking.ACM SIGKDD Explorations Newsletter, 25(1):43–53, 2023

Ruixiang Tang, Qizhang Feng, Ninghao Liu, Fan Yang, and Xia Hu. Did you train on my dataset? towards public dataset protection with cleanlabel backdoor watermarking.ACM SIGKDD Explorations Newsletter, 25(1):43–53, 2023

2023
[28]

Zero-sacrifice persistent- robustness adversarial defense for pre-trained encoders

Zhuxin Lei, Ziyuan Yang, and Yi Zhang. Zero-sacrifice persistent- robustness adversarial defense for pre-trained encoders. InProceedings of the International Conference on Learning Representations, 2026

2026
[29]

Statistical behavior and consistency of classification methods based on convex risk minimization.The Annals of Statistics, 32(1):56–85, 2004

Tong Zhang. Statistical behavior and consistency of classification methods based on convex risk minimization.The Annals of Statistics, 32(1):56–85, 2004

2004
[30]

Learning transferable visual models from natural language supervision

Alec Radford, Jong Wook Kim, Chris Hallacy, Aditya Ramesh, Gabriel Goh, Sandhini Agarwal, Girish Sastry, Amanda Askell, Pamela Mishkin, Jack Clark, et al. Learning transferable visual models from natural language supervision. InInternational conference on machine learning, pages 8748–8763. PmLR, 2021

2021
[31]

Multiscale structural similarity for image quality assessment

Zhou Wang, Eero P Simoncelli, and Alan C Bovik. Multiscale structural similarity for image quality assessment. InThe thrity-seventh asilomar conference on signals, systems & computers, 2003, volume 2, pages 1398–1402. Ieee, 2003

2003
[32]

Secure hash standard (shs).Fips pub, 180(4):2012, 2012

Fips Pub. Secure hash standard (shs).Fips pub, 180(4):2012, 2012

2012
[33]

Adam: A method for stochastic optimization.(No Title), 2014

Kingma Diederik. Adam: A method for stochastic optimization.(No Title), 2014

2014
[34]

Imagenet classification with deep convolutional neural networks.Advances in neural information processing systems, 25, 2012

Alex Krizhevsky, Ilya Sutskever, and Geoffrey E Hinton. Imagenet classification with deep convolutional neural networks.Advances in neural information processing systems, 25, 2012

2012
[35]

Imagenet classification with deep convolutional neural networks.Communications of the ACM, 60(6):84–90, 2017

Alex Krizhevsky, Ilya Sutskever, and Geoffrey E Hinton. Imagenet classification with deep convolutional neural networks.Communications of the ACM, 60(6):84–90, 2017

2017
[36]

Very Deep Convolutional Networks for Large-Scale Image Recognition

Karen Simonyan and Andrew Zisserman. Very deep convolutional net- works for large-scale image recognition.arXiv preprint arXiv:1409.1556, 2014

work page internal anchor Pith review Pith/arXiv arXiv 2014
[37]

Deep residual learning for image recognition

Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. Deep residual learning for image recognition. InProceedings of the IEEE conference on computer vision and pattern recognition, pages 770–778, 2016

2016
[38]

Towards lossless dataset distillation via difficulty-aligned 14 trajectory matching

Ziyao Guo, Kai Wang, George Cazenavette, Hui Li, Kaipeng Zhang, and Yang You. Towards lossless dataset distillation via difficulty-aligned 14 trajectory matching. InThe Twelfth International Conference on Learning Representations, 2024

2024
[39]

Learning multiple layers of features from tiny images

Alex Krizhevsky, Geoffrey Hinton, et al. Learning multiple layers of features from tiny images. 2009

2009
[40]

Fashion-MNIST: a Novel Image Dataset for Benchmarking Machine Learning Algorithms

Han Xiao, Kashif Rasul, and Roland V ollgraf. Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms.arXiv preprint arXiv:1708.07747, 2017

work page internal anchor Pith review Pith/arXiv arXiv 2017
[41]

Reading digits in natural images with unsupervised feature learning

Yuval Netzer, Tao Wang, Adam Coates, Alessandro Bissacco, Baolin Wu, Andrew Y Ng, et al. Reading digits in natural images with unsupervised feature learning. InNIPS workshop on deep learning and unsupervised feature learning, volume 2011, page 4. Granada, 2011

2011
[42]

An Image is Worth 16x16 Words: Transformers for Image Recognition at Scale

Alexey Dosovitskiy, Lucas Beyer, Alexander Kolesnikov, Dirk Weis- senborn, Xiaohua Zhai, Thomas Unterthiner, Mostafa Dehghani, Matthias Minderer, Georg Heigold, Sylvain Gelly, et al. An image is worth 16x16 words: Transformers for image recognition at scale.arXiv preprint arXiv:2010.11929, 2020

work page internal anchor Pith review Pith/arXiv arXiv 2010
[43]

Going deeper with image transformers

Hugo Touvron, Matthieu Cord, Alexandre Sablayrolles, Gabriel Synnaeve, and Herv´e J´egou. Going deeper with image transformers. InProceedings of the IEEE/CVF International Conference on Computer Vision (ICCV), pages 32–42, October 2021

2021
[44]

Swin transformer: Hierarchical vision transformer using shifted windows

Ze Liu, Yutong Lin, Yue Cao, Han Hu, Yixuan Wei, Zheng Zhang, Stephen Lin, and Baining Guo. Swin transformer: Hierarchical vision transformer using shifted windows. InProceedings of the IEEE/CVF international conference on computer vision, pages 10012–10022, 2021. 15

2021