On the memorisation of image classifiers

It seems to me that the "non-intuitive behaviour" observed for CIFAR where "memorization drops" for larger models is an artifact of how easy this task is and the definition of the memorization score from Eq 2. There memorization is defined as the in-sample minus the out-of-sample accuracy: for all models > ResNet 20, in-sample accuracy is at 100% for CIFAR and cannot increase further.

There are a couple of more indicators of the above in the paper: this is not observed for any dataset where performance is not saturated (eg ImageNet, or even CIFAR with distillation for ResNets <=54). And this also explains the fact that the same analysis using cprox doesnt show the same behaviour. It is also clear to me from Fig 5, for the distillation case. Now that perfomance is saturated over ResNet56, the memorization score only start mildy dropping above that for CIFAR-100.

It is therefore I think an exargeration to claim from this experiment that "memorization is dropping for larger models", as this behaviour is not also obaserved in other cases, eg Fig2b for Imagenet or even CIFAR with distillation, ie whenever performance is not saturated. Any claims on "less" or "more" memorization are unjustified. Therefore the titles of sec 3 and sec 3.2 is to me misleading.

This extends to 3.3, where the "bimodal" finding only shows on CIFAR, possibly for the same reason that doesn't have much to do with actual memorization. Imagenet shows no such bi-modality.

In conclusion, the non-intuitive findings of Section 3.2 and 3.3 seem to me to be an artifact of performance saturation rather than an effect of memorization. Therefore the overall claims of this section are to say the least highly exaggerated and, if the above are correct, misleading (the section title is "the unexpected tale of memorization"). To quote the authors from their conclusions section: "one should be careful with using certain statistics as proxies for memorisation".

Other notes, and suggestions to improve a study I still find very interesting to conduct properly:

• Currently there is no analysis on the most ubiquitous architecture: ViT. A small analyisis on whether this holds or not for basic ViT sizes (S/B/L) would make this submission stronger. Whether it holds there or not is not as important as to see what happens.
• The analysis only uses basic data augmentation from ResNet, ie the one presented in He et al 2016. Since data augmenation is crucial for generalization, the study would be stronger if stronger data augmentation was used.

1. The conclusions about generalization provided by this work are based on the hypotheses validated by experimental results, and it would be better if these conclusions could be proven through theoretical analysis under certain cases.
2. The statement that "The increasing examples are often multi-labeled or mislabeled" can be justified more clearly. For example, using a dataset without multi-labeled or mislabeled instances to conduct the experiments.
3. Could the authors discuss some reasons that these examples will be observed by four different types?

• The authors discuss how distillation could be used to prevent memorisation. Could the authors compare their work to [1], which suggests distillations should not be considered as a countermeasure to memorisation? The distillation discussion is indeed the most controversial part of the paper, I think.
• Did the authors consider studying the memorisation trends for Differentially Private trained models?
• The conclusions of the analysis are somehow trivial, but well presented and discussed. Although the novelty of studying how it scales through architectures is a bit marginal.
• The paper is lacking the usage of more recent architectures (e.g. ConvNeXt, SwinTransformers etc.) therefore it is unclear whether the empirical findings generalise to modern architectures.

[1] https://arxiv.org/pdf/2303.03446.pdf

1. The main conclusion from Section 3.2 is that the larger models (more depth) might $not$ memorize more, as was previously hypothesized. This conclusion is drawn from the results on just one of the two datasets - CIFAR100. However, the results from ImageNet (Fig. 2b), tell the opposite - that bigger models do indeed memorize more than smaller ones. It is not clear how the authors are concluding that larger models memorize less. Based on the results, I certainly think that the title of this section should change and should be a question rather than an assertion.

2. The conclusions from the next section (3.3) are again confusing. In Fig. 3; I do not see the bi-modal nature of memorization scores. In most of the plots, for both CIFAR and ImageNet, the highest concentration is near 0 and then the remaining scores are (i) somewhat uniformly distributed across values between 0 and 1 for CIFAR (it often does not even have much concentration at 1); (ii) monotonically decreasing from 0’s bin towards 1’s bin. While I agree that with the increase in model depth the memorization score is shifting towards 1 (both for CIFAR and ImageNet); again, I do not think this is bi-modal depiction of scores (which I interpret as the bar graph having a U-shaped outline).

3. If I understand correctly, the main conclusion from section 3.4, in simple terms, seems to be that hard examples (hard = having multiple labels or incorrect labels) tend to get memorized increasingly with increasing model size. If that is true, in what way do the results tell us anything new about the nature of hard examples, which do get memorized, as has been shown by prior works (cited by the authors themselves)?

4. There are many links to appendix all throughout the paper (e.g, in Section 3.4). A paper should be self sufficient in itself. Currently, because of the nature of investigation that the authors are interested in, it seems unlikely that a reader can get a comprehensive understanding of different conclusions simply from the main paper.

5. Overall, the paper feels like an amalgamation of multiple different analyses, but I cannot seem to figure out a coherent story out of it. Even beyond the confusion about the conclusions from multiple sections, it is not clear what a reader should take away from this paper.