Binjie Zhang,Yixiao Ge,Yantao Shen,Shupeng Su,Fanzi Wu,Chun Yuan,Xuyuan Xu,Yexin Wang,Ying Shan

DOI: https://doi.org/10.48550/arXiv.2203.01583

2022-03-18

Abstract:Conventional model upgrades for visual search systems require offline refresh of gallery features by feeding gallery images into new models (dubbed as "backfill"), which is time-consuming and expensive, especially in large-scale applications. The task of backward-compatible representation learning is therefore introduced to support backfill-free model upgrades, where the new query features are interoperable with the old gallery features. Despite the success, previous works only investigated a close-set training scenario (i.e., the new training set shares the same classes as the old one), and are limited by more realistic and challenging open-set scenarios. To this end, we first introduce a new problem of universal backward-compatible representation learning, covering all possible data split in model upgrades. We further propose a simple yet effective method, dubbed as Universal Backward-Compatible Training (UniBCT) with a novel structural prototype refinement algorithm, to learn compatible representations in all kinds of model upgrading benchmarks in a unified manner. Comprehensive experiments on the large-scale face recognition datasets MS1Mv3 and IJB-C fully demonstrate the effectiveness of our method.

Computer Vision and Pattern Recognition

Binjie Zhang,Yixiao Ge,Yantao Shen,Yu Li,Chun Yuan,Xuyuan Xu,Yexin Wang,Ying Shan

DOI: https://doi.org/10.48550/arxiv.2201.09724

2022-01-01

Abstract:The task of hot-refresh model upgrades of image retrieval systems plays an essential role in the industry but has never been investigated in academia before. Conventional cold-refresh model upgrades can only deploy new models after the gallery is overall backfilled, taking weeks or even months for massive data. In contrast, hot-refresh model upgrades deploy the new model immediately and then gradually improve the retrieval accuracy by backfilling the gallery on-the-fly. Compatible training has made it possible, however, the problem of model regression with negative flips poses a great challenge to the stable improvement of user experience. We argue that it is mainly due to the fact that new-to-old positive query-gallery pairs may show less similarity than new-to-new negative pairs. To solve the problem, we introduce a Regression-Alleviating Compatible Training (RACT) method to properly constrain the feature compatibility while reducing negative flips. The core is to encourage the new-to-old positive pairs to be more similar than both the new-to-old negative pairs and the new-to-new negative pairs. An efficient uncertainty-based backfilling strategy is further introduced to fasten accuracy improvements. Extensive experiments on large-scale retrieval benchmarks (e.g., Google Landmark) demonstrate that our RACT effectively alleviates the model regression for one more step towards seamless model upgrades. The code will be available at https://github.com/binjiezhang/RACT_ICLR2022.

Binjie Zhang,Shupeng Su,Yixiao Ge,Xuyuan Xu,Yexin Wang,Chun Yuan,Mike Zheng Shou,Ying Shan

DOI: https://doi.org/10.48550/arXiv.2210.06954

2022-10-13

Abstract:The traditional model upgrading paradigm for retrieval requires recomputing all gallery embeddings before deploying the new model (dubbed as "backfilling"), which is quite expensive and time-consuming considering billions of instances in industrial applications. BCT presents the first step towards backward-compatible model upgrades to get rid of backfilling. It is workable but leaves the new model in a dilemma between new feature discriminativeness and new-to-old compatibility due to the undifferentiated compatibility constraints. In this work, we propose Darwinian Model Upgrades (DMU), which disentangle the inheritance and variation in the model evolving with selective backward compatibility and forward adaptation, respectively. The old-to-new heritable knowledge is measured by old feature discriminativeness, and the gallery features, especially those of poor quality, are evolved in a lightweight manner to become more adaptive in the new latent space. We demonstrate the superiority of DMU through comprehensive experiments on large-scale landmark retrieval and face recognition benchmarks. DMU effectively alleviates the new-to-new degradation and improves new-to-old compatibility, rendering a more proper model upgrading paradigm in large-scale retrieval systems.

Computer Vision and Pattern Recognition

Yantao Shen,Yuanjun Xiong,Wei Xia,Stefano Soatto

DOI: https://doi.org/10.1109/cvpr42600.2020.00640

2020-06-01

Abstract:We propose a way to learn visual features that are compatible with previously computed ones even when they have different dimensions and are learned via different neural network architectures and loss functions. Compatible means that, if such features are used to compare images, then “new” features can be compared directly to “old” features, so they can be used interchangeably. This enables visual search systems to bypass computing new features for all previously seen images when updating the embedding models, a process known as backfilling. Backward compatibility is critical to quickly deploy new embedding models that leverage ever-growing large-scale training datasets and improvements in deep learning architectures and training methods. We propose a framework to train embedding models, called backward-compatible training (BCT), as a first step towards backward compatible representation learning. In experiments on learning embeddings for face recognition, models trained with BCT successfully achieve backward compatibility without sacrificing accuracy, thus enabling backfill-free model updates of visual embeddings.

Seonguk Seo,Mustafa Gokhan Uzunbas,Bohyung Han,Sara Cao,Ser-Nam Lim

2024-12-20

Abstract:Backfilling is the process of re-extracting all gallery embeddings from upgraded models in image retrieval systems. It inevitably requires a prohibitively large amount of computational cost and even entails the downtime of the service. Although backward-compatible learning sidesteps this challenge by tackling query-side representations, this leads to suboptimal solutions in principle because gallery embeddings cannot benefit from model upgrades. We address this dilemma by introducing an online backfilling algorithm, which enables us to achieve a progressive performance improvement during the backfilling process while not sacrificing the final performance of new model after the completion of backfilling. To this end, we first propose a simple distance rank merge technique for online backfilling. Then, we incorporate a reverse transformation module for more effective and efficient merging, which is further enhanced by adopting a metric-compatible contrastive learning approach. These two components help to make the distances of old and new models compatible, resulting in desirable merge results during backfilling with no extra computational overhead. Extensive experiments show the effectiveness of our framework on four standard benchmarks in various settings.

Computer Vision and Pattern Recognition,Information Retrieval,Machine Learning

Yu Liang,Yufeng Zhang,Shiliang Zhang,Yaowei Wang,Sheng Xiao,Rong Xiao,Xiaoyu Wang

DOI: https://doi.org/10.48550/arxiv.2308.06948

2023-01-01

Abstract:Backward-compatible training circumvents the need for expensive updates to the old gallery database when deploying an advanced new model in the retrieval system. Previous methods achieved backward compatibility by aligning prototypes of the new model with the old one, yet they often overlooked the distribution of old features, limiting their effectiveness when the low quality of the old model results in a weakly feature discriminability. Instance-based methods like L2 regression take into account the distribution of old features but impose strong constraints on the performance of the new model itself. In this paper, we propose MixBCT, a simple yet highly effective backward-compatible training method that serves as a unified framework for old models of varying qualities. We construct a single loss function applied to mixed old and new features to facilitate backward-compatible training, which adaptively adjusts the constraint domain for new features based on the distribution of old features. We conducted extensive experiments on the large-scale face recognition datasets MS1Mv3 and IJB-C to verify the effectiveness of our method. The experimental results clearly demonstrate its superiority over previous methods. Code is available at https://github.com/yuleung/MixBCT .

Seonguk Seo,Mustafa Gokhan Uzunbas,Bohyung Han,Sara Cao,Joena Zhang,Taipeng Tian,Ser-Nam Lim

DOI: https://doi.org/10.48550/arXiv.2301.03767

2023-01-10

Computer Vision and Pattern Recognition

Abstract:Backfilling is the process of re-extracting all gallery embeddings from upgraded models in image retrieval systems. It inevitably requires a prohibitively large amount of computational cost and even entails the downtime of the service. Although backward-compatible learning sidesteps this challenge by tackling query-side representations, this leads to suboptimal solutions in principle because gallery embeddings cannot benefit from model upgrades. We address this dilemma by introducing an online backfilling algorithm, which enables us to achieve a progressive performance improvement during the backfilling process while not sacrificing the final performance of new model after the completion of backfilling. To this end, we first propose a simple distance rank merge technique for online backfilling. Then, we incorporate a reverse transformation module for more effective and efficient merging, which is further enhanced by adopting a metric-compatible contrastive learning approach. These two components help to make the distances of old and new models compatible, resulting in desirable merge results during backfilling with no extra computational overhead. Extensive experiments show the effectiveness of our framework on four standard benchmarks in various settings.

Stephen Gould,Weixuan Sun,Zheyuan Liu,Damien Teney,Yicong Hong

DOI: https://doi.org/10.1109/WACV57701.2024.00565

2023-03-29

Abstract:Composed image retrieval searches for a target image based on a multi-modal user query comprised of a reference image and modification text describing the desired changes. Existing approaches to solving this challenging task learn a mapping from the (reference image, modification text)-pair to an image embedding that is then matched against a large image corpus. One area that has not yet been explored is the reverse direction, which asks the question, what reference image when modified as described by the text would produce the given target image? In this work we propose a bi-directional training scheme that leverages such reversed queries and can be applied to existing composed image retrieval architectures with minimum changes, which improves the performance of the model. To encode the bi-directional query we prepend a learnable token to the modification text that designates the direction of the query and then finetune the parameters of the text embedding module. We make no other changes to the network architecture. Experiments on two standard datasets show that our novel approach achieves improved performance over a baseline BLIP-based model that itself already achieves competitive performance. Our code is released at https://github.com/Cuberick-Orion/Bi-Blip4CIR

Computer Science

Qiang Liu,Tongqing Zhou,Zhiping Cai,Yuan,Ming Xu,Jiaohua Qin,Wentao Ma

DOI: https://doi.org/10.1016/j.ipm.2023.103471

IF: 7.466

2023-01-01

Information Processing & Management

Abstract:Image retrieval, empowered by deep metric learning, is undoubtedly a building block in today’s media-sharing practices, but it also poses a severe risk of digging user privacy via retrieval. State-of-the-art countermeasures are built on adversarial learning, which would spoil the image-sharing mood with significant latency. To relieve the cumbersome experience of such data-centric approaches, we propose a plug-and-play privacy-preserving design (MIP) against image retrieval violations by exploring the rule-based triggering characteristics of model backdoors. The basic idea is to inject a privacy-preserving backdoor into the global retrieval model via backdoor learning, thus preventing shared images with such triggers from being searched. At its core, two types of triplet loss functions are invented, namely, imperceptible loss for normal retrieval performance and privacy-sensitive loss for disturbing retrieval with deliberate privacy backdoor injection. Extensive experiments on four widely used, realistic datasets showcase that MIP provides an outstanding privacy-preserving (backdoor) success rate, e.g., the poisoned retrieval mAP could be reduced to 0.33% (98.12%↓) in CUB-200, 0.04% (99.84%↓) in In-Shop, 0.64% (99.59%↓) in CARS196 and 0.01% (99.98%↓) in SOP, respectively, while maintaining similar normal retrieval performance (average 0.02%↓); provides a superior efficiency (7 orders of latency reduction) than the baselines. Besides, as a model-centric solution, MIP yields imperceptible visual changes and is demonstrated to resist potential black-box defenses (e.g., image filtering) and white-box defenses (e.g., fine-pruning). The code and data will be made available at https://github.com/lqsunshine/MIP.

Simone Ricci,Niccolò Biondi,Federico Pernici,Alberto Del Bimbo

2024-08-16

Abstract:Visual retrieval systems face significant challenges when updating models with improved representations due to misalignment between the old and new representations. The costly and resource-intensive backfilling process involves recalculating feature vectors for images in the gallery set whenever a new model is introduced. To address this, prior research has explored backward-compatible training methods that enable direct comparisons between new and old representations without backfilling. Despite these advancements, achieving a balance between backward compatibility and the performance of independently trained models remains an open problem. In this paper, we address it by expanding the representation space with additional dimensions and learning an orthogonal transformation to achieve compatibility with old models and, at the same time, integrate new information. This transformation preserves the original feature space's geometry, ensuring that our model aligns with previous versions while also learning new data. Our Orthogonal Compatible Aligned (OCA) approach eliminates the need for re-indexing during model updates and ensures that features can be compared directly across different model updates without additional mapping functions. Experimental results on CIFAR-100 and ImageNet-1k demonstrate that our method not only maintains compatibility with previous models but also achieves state-of-the-art accuracy, outperforming several existing methods.

Computer Vision and Pattern Recognition

Qiang Liu,Yanlong Qiu,Tongqing Zhou,Ming Xu,Jiaohua Qin,Wentao Ma,Fan Zhang,Zhiping Cai

DOI: https://doi.org/10.1109/tcsvt.2024.3489886

IF: 5.859

2024-01-01

IEEE Transactions on Circuits and Systems for Video Technology

Abstract:Deep cross-modal retrieval, with its effective and efficient search capabilities, has gained widespread adoption in today’s media-sharing practices yet raises concerns regarding potential threats to user data privacy. The cutting-edge data-centric countermeasures usually adopt adversarial learning, i.e., laboriously crafting the proper perturbation for each image, resulting in the noticeable noise in adversarial examples that greatly undermines the aesthetic appeal of image sharing. To address this issue, we propose a novel Model-centric Cross-modal Privacy-preserving framework (MCP), wherein the pre-defined invisible backdoor is seamlessly integrated into the global retrieval model via backdoor learning, thereby effectively preventing shared images containing such triggers from being retrieved. Specifically, we introduce a simple yet effective cross-modal backdoor learning algorithm that alternately optimizes two losses: 1) a privacy-preserving loss for perturbing retrieval with a user-injected trigger and 2) the standard utility loss for maintaining normal retrieval performance. Compared to state-of-the-art methods, MCP excels in providing excellent stealthiness, manifesting in a notable improvement of approximately 100% in SSIM metrics. Furthermore, it achieves an outstanding privacy-preserving (backdoor) success rate, as evidenced by a substantial mAP reduction of 22.3% (for FashionVC), 11.5% (for NUS-WIDE), and 21.8% (for MIRFlickr-25K) in poisoned retrieval, while maintaining similar normal retrieval performance. Additionally, MCP exhibits robust resistance against potential black-box defenses (e.g., trigger filtering) and white-box defenses (e.g., fine-tuning and model pruning). The code and data are available at https://github.com/lqsunshine/MCP.

Jiajie Zhang,Bingsheng Zhang,Jiancheng Lin

DOI: https://doi.org/10.1109/EuroSPW.2019.00030

2019-01-01

Abstract:This work investigates the image privacy problem in the context of social networking under the threat of reverse image search. We introduce a new concept called recessive social networking. Unlike conventional privacy-preserving social networking, in our setting, the aim is to deceive machine learning algorithms that used in reverse image search, while still enabling unaffected ubiquitous social networking among humans. We, for the first time, ultilize adversarial example technique as a defensive mechanism to protect image privacy against content-based image search algorithms in the context of social networking. Finally, rigorous evaluations are conducted to demonstrate the effectiveness, transferability, and robustness of the proposed countermeasure.

Young Kyun Jang,Ser-nam Lim

2024-05-23

Abstract:Modern retrieval systems often struggle with upgrading to new and more powerful models due to the incompatibility of embeddings between the old and new models. This necessitates a costly process known as backfilling, which involves re-computing the embeddings for a large number of data samples. In vision, Backward-compatible Training (BT) has been proposed to ensure that the new model aligns with the old model's embeddings. This paper extends the concept of vision-only BT to the field of cross-modal retrieval, marking the first attempt to address Cross-modal BT (XBT). Our goal is to achieve backward-compatibility between Vision-Language Pretraining (VLP) models, such as CLIP, for the cross-modal retrieval task. To address XBT challenges, we propose an efficient solution: a projection module that maps the new model's embeddings to those of the old model. This module, pretrained solely with text data, significantly reduces the number of image-text pairs required for XBT learning, and, once it is pretrained, it avoids using the old model during training. Furthermore, we utilize parameter-efficient training strategies that improve efficiency and preserve the off-the-shelf new model's knowledge by avoiding any modifications. Experimental results on cross-modal retrieval datasets demonstrate the effectiveness of XBT and its potential to enable backfill-free upgrades when a new VLP model emerges.

Computer Vision and Pattern Recognition,Artificial Intelligence

Shengsen Wu,Liang Chen,Yihang Lou,Yan Bai,Tao Bai,Minghua Deng,Ling-Yu Duan

DOI: https://doi.org/10.1609/aaai.v36i3.20175

2022-01-01

Proceedings of the AAAI Conference on Artificial Intelligence

Abstract:In object re-identification (ReID), the development of deep learning techniques often involves model updates and deployment. It is unbearable to re-embedding and re-index with the system suspended when deploying new models. Therefore, backward-compatible representation is proposed to enable ``new'' features to be compared with ``old'' features directly, which means that the database is active when there are both ``new'' and ``old'' features in it. Thus we can scroll-refresh the database or even do nothing on the database to update. The existing backward-compatible methods either require a strong overlap between old and new training data or simply conduct constraints at the instance level. Thus they are difficult in handling complicated cluster structures and are limited in eliminating the impact of outliers in old embeddings, resulting in a risk of damaging the discriminative capability of new features. In this work, we propose a Neighborhood Consensus Contrastive Learning (NCCL) method. With no assumptions about the new training data, we estimate the sub-cluster structures of old embeddings. A new embedding is constrained with multiple old embeddings in both embedding space and discrimination space at the sub-class level. The effect of outliers diminished, as the multiple samples serve as ``mean teachers''. Besides, we propose a scheme to filter the old embeddings with low credibility, further improving the compatibility robustness. Our method ensures the compatibility without impairing the accuracy of the new model. It can even improve the new model's accuracy in most scenarios.

Chong Wen Liu,Zhaowei Shang,Yuan Yan Tang

DOI: https://doi.org/10.1016/j.neucom.2016.04.056

IF: 6

2016-01-01

Neurocomputing

Abstract:Using images that are dispersed in a network can improve image classification performance; however, it is easy to leak the image holders' privacy. In this paper, we present a novel method that considers both image classification performance and the image holders' privacy-preservation. Our method contains four stages; the feature extraction stage follows the Bag-of-Features (BoF) framework, but it introduces significantly novel stages in the training, classification and ensemble stages. In the training stage, we split the image classification into many one-vs.-one classification problems; a set of binary classifiers as weak learners are learned on a local machine, to classify each image in an autonomous system. In the classification stage, a local machine sends features of unlabeled images to each image autonomous system, and then, each image autonomous system and local machine finish a prediction task under their own trained model. Afterward, the image autonomous systems send their prediction labels back to the local system. In the ensemble stage, we gather all of the prediction labels from the image autonomous systems and design an ensemble system to ensemble them into final classification results. This ensemble system must consider both the efficiency of the different trained models in each image autonomous system and the efficiency of the trained model on each class in the one-vs.-one classification problems. During the whole process, only the features of unlabeled images and prediction labels are transmitted in the network, which largely reduces the risk of privacy leakage. We conducted experiments on the network environment, to prove that our method has preferable performance. Our first experiment demonstrates that the performance of our method achieves state-of-the-art performance on four public dataset benchmarks, which shows that our method has competitive performance. The second experiment shows that our method achieves state-of-the-art performance with even fewer training samples, which means that there is less communication overhead and better privacy-preservation.

Kejun Zhang,Shaofei Xu,Yutuo Song,Yuwei Xu,Pengcheng Li,Xiang Yang,Bing Zou,Wenbin Wang

DOI: https://doi.org/10.3390/sym16081084

2024-08-23

Symmetry

Abstract:Preserving the privacy of the ever-increasing multimedia data on the cloud while providing accurate and fast retrieval services has become a hot topic in information security. However, existing relevant schemes still have significant room for improvement in accuracy and speed. Therefore, this paper proposes a privacy-preserving image–text retrieval scheme called PITR. To enhance model performance with minimal parameter training, we freeze all parameters of a multimodal pre-trained model and incorporate trainable modules along with either a general adapter or a specialized adapter, which are used to enhance the model's ability to perform zero-shot image classification and cross-modal retrieval in general or specialized datasets, respectively. To preserve the privacy of outsourced data on the cloud and the privacy of the user's retrieval process, we employ asymmetric scalar-product-preserving encryption technology suitable for inner product calculation, and we employ distributed index storage technology and construct a two-level security model. We construct a hierarchical index structure to speed up query matching among massive high-dimensional index vectors. Experimental results demonstrate that our scheme can provide users with secure, accurate, fast cross-modal retrieval service while preserving data privacy.

multidisciplinary sciences

Hui Wu,Min Wang,Wengang Zhou,Houqiang Li

2023-01-01

Abstract:Asymmetric image retrieval aims to deploy compatible models on platforms of different resources to achieve a balance between computational efficiency and retrieval accuracy. The most critical issue is how to align the output features of different models. Despite the great progress, existing approaches apply strong constraints so that features or neighbor structures are strictly aligned across different models. However, such a one-to-one constraint is too strict to be well preserved for the query models with low capacity. Considering that the primary concern of the users is the rank of the returned images, we propose a generic rank preserving framework, which achieves feature compatibility and the order consistency between query and gallery models simultaneously. Specifically, we propose two alternatives to instantiate the framework. One realizes straightforward rank order preservation by directly preserving the consistency of the sorting results. To make sorting process differentiable, the Heaviside step function in sorting is approximated by the sigmoid function. The other aims to preserve a learnable monotonic mapping relationship between the returned similarity scores of query and gallery models. The mapped similarity scores of gallery model are considered as pseudo-supervision to guide the query model training. Extensive experiments on various large-scale datasets demonstrate the superiority of our two proposed methods.

Yifei Zhou,Zilu Li,Abhinav Shrivastava,Hengshuang Zhao,Antonio Torralba,Taipeng Tian,Ser-Nam Lim

2023-08-28

Abstract:Modern retrieval system often requires recomputing the representation of every piece of data in the gallery when updating to a better representation model. This process is known as backfilling and can be especially costly in the real world where the gallery often contains billions of samples. Recently, researchers have proposed the idea of Backward Compatible Training (BCT) where the new representation model can be trained with an auxiliary loss to make it backward compatible with the old representation. In this way, the new representation can be directly compared with the old representation, in principle avoiding the need for any backfilling. However, followup work shows that there is an inherent tradeoff where a backward compatible representation model cannot simultaneously maintain the performance of the new model itself. This paper reports our ``not-so-surprising'' finding that adding extra dimensions to the representation can help here. However, we also found that naively increasing the dimension of the representation did not work. To deal with this, we propose Backward-compatible Training with a novel Basis Transformation ($BT^2$). A basis transformation (BT) is basically a learnable set of parameters that applies an orthonormal transformation. Such a transformation possesses an important property whereby the original information contained in its input is retained in its output. We show in this paper how a BT can be utilized to add only the necessary amount of additional dimensions. We empirically verify the advantage of $BT^2$ over other state-of-the-art methods in a wide range of settings. We then further extend $BT^2$ to other challenging yet more practical settings, including significant change in model architecture (CNN to Transformers), modality change, and even a series of updates in the model architecture mimicking the evolution of deep learning models.

Computer Vision and Pattern Recognition

Junwei Han,Lei Guo

DOI: https://doi.org/10.1117/12.476252

2003-01-01

Abstract:Content-based image retrieval has become an active research topic for more than one decade. Nevertheless, current image retrieval systems still have major difficulties bridging the gap between the user's implied concept and the low-level image description. To address the difficulties, this paper presents a novel image retrieval model integrating long-term learning with short-term learning. This model constructs a semantic image link network by long-term learning which simply accumulates previous users' relevance feedback. Then, the semantic information learned from long-term learning process guides short-term learning of a new user. The image retrieval is based on a seamless joint of both long-term learning and short-term learning. The model is easy to implement and can be efficiently applied to a practical image retrieval system. Experimental results on 10,000 images demonstrate that the proposed model is promising.

Zhenyu Wu,Zhangyang Wang,Zhaowen Wang,Hailin Jin

DOI: https://doi.org/10.48550/arXiv.1807.08379

2020-10-23

Abstract:This paper aims to improve privacy-preserving visual recognition, an increasingly demanded feature in smart camera applications, by formulating a unique adversarial training framework. The proposed framework explicitly learns a degradation transform for the original video inputs, in order to optimize the trade-off between target task performance and the associated privacy budgets on the degraded video. A notable challenge is that the privacy budget, often defined and measured in task-driven contexts, cannot be reliably indicated using any single model performance, because a strong protection of privacy has to sustain against any possible model that tries to hack privacy information. Such an uncommon situation has motivated us to propose two strategies, i.e., budget model restarting and ensemble, to enhance the generalization of the learned degradation on protecting privacy against unseen hacker models. Novel training strategies, evaluation protocols, and result visualization methods have been designed accordingly. Two experiments on privacy-preserving action recognition, with privacy budgets defined in various ways, manifest the compelling effectiveness of the proposed framework in simultaneously maintaining high target task (action recognition) performance while suppressing the privacy breach risk.

Computer Vision and Pattern Recognition