Data Taggants: Dataset Ownership Verification via Harmless Targeted Data Poisoning
Dataset ownership verification, the process of determining if a dataset is used in a model's training data, is necessary for detecting unauthorized data usage and data contamination. Existing approaches, such as backdoor watermarking, rely on inducing a detectable behavior into the trained mode...
Gespeichert in:
| Veröffentlicht in: | arXiv.org 2024-10 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | arXiv.org |
| container_volume | |
| creator | Bouaziz, Wassim El-Mahdi, El-Mhamdi Usunier, Nicolas |
| description | Dataset ownership verification, the process of determining if a dataset is used in a model's training data, is necessary for detecting unauthorized data usage and data contamination. Existing approaches, such as backdoor watermarking, rely on inducing a detectable behavior into the trained model on a part of the data distribution. However, these approaches have limitations, as they can be harmful to the model's performances or require unpractical access to the model's internals. Most importantly, previous approaches lack guarantee against false positives. This paper introduces data taggants, a novel non-backdoor dataset ownership verification technique. Our method uses pairs of out-of-distribution samples and random labels as secret keys, and leverages clean-label targeted data poisoning to subtly alter a dataset, so that models trained on it respond to the key samples with the corresponding key labels. The keys are built as to allow for statistical certificates with black-box access only to the model. We validate our approach through comprehensive and realistic experiments on ImageNet1k using ViT and ResNet models with state-of-the-art training recipes. Our findings demonstrate that data taggants can reliably make models trained on the protected dataset detectable with high confidence, without compromising validation accuracy, and demonstrates superiority over backdoor watermarking. Moreover, our method shows to be stealthy and robust against various defense mechanisms. |
| format | Article |
| fullrecord | <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_3116745352</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3116745352</sourcerecordid><originalsourceid>FETCH-proquest_journals_31167453523</originalsourceid><addsrcrecordid>eNqNi8sKwjAQRYMgWLT_EHBdaJM-xK0PulOkuC2DTmNKTWom1d-3ih_g6nA590xYIKRMolUqxIyFRG0cxyIvRJbJgJ224IFXoBQYT2v-mYSeH14GHd10z8_odKMv4LU1_KmBl-DuHRKNlVPo8fqN-NFqskYbtWDTBjrC8Mc5W-531aaMemcfA5KvWzs4M6paJklepJnMhPzv9QbGgz91</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3116745352</pqid></control><display><type>article</type><title>Data Taggants: Dataset Ownership Verification via Harmless Targeted Data Poisoning</title><source>Free E- Journals</source><creator>Bouaziz, Wassim ; El-Mahdi, El-Mhamdi ; Usunier, Nicolas</creator><creatorcontrib>Bouaziz, Wassim ; El-Mahdi, El-Mhamdi ; Usunier, Nicolas</creatorcontrib><description>Dataset ownership verification, the process of determining if a dataset is used in a model's training data, is necessary for detecting unauthorized data usage and data contamination. Existing approaches, such as backdoor watermarking, rely on inducing a detectable behavior into the trained model on a part of the data distribution. However, these approaches have limitations, as they can be harmful to the model's performances or require unpractical access to the model's internals. Most importantly, previous approaches lack guarantee against false positives. This paper introduces data taggants, a novel non-backdoor dataset ownership verification technique. Our method uses pairs of out-of-distribution samples and random labels as secret keys, and leverages clean-label targeted data poisoning to subtly alter a dataset, so that models trained on it respond to the key samples with the corresponding key labels. The keys are built as to allow for statistical certificates with black-box access only to the model. We validate our approach through comprehensive and realistic experiments on ImageNet1k using ViT and ResNet models with state-of-the-art training recipes. Our findings demonstrate that data taggants can reliably make models trained on the protected dataset detectable with high confidence, without compromising validation accuracy, and demonstrates superiority over backdoor watermarking. Moreover, our method shows to be stealthy and robust against various defense mechanisms.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Datasets ; Labels ; Ownership ; Statistical analysis ; Stealth technology ; Verification ; Watermarking</subject><ispartof>arXiv.org, 2024-10</ispartof><rights>2024. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>776,780</link.rule.ids></links><search><creatorcontrib>Bouaziz, Wassim</creatorcontrib><creatorcontrib>El-Mahdi, El-Mhamdi</creatorcontrib><creatorcontrib>Usunier, Nicolas</creatorcontrib><title>Data Taggants: Dataset Ownership Verification via Harmless Targeted Data Poisoning</title><title>arXiv.org</title><description>Dataset ownership verification, the process of determining if a dataset is used in a model's training data, is necessary for detecting unauthorized data usage and data contamination. Existing approaches, such as backdoor watermarking, rely on inducing a detectable behavior into the trained model on a part of the data distribution. However, these approaches have limitations, as they can be harmful to the model's performances or require unpractical access to the model's internals. Most importantly, previous approaches lack guarantee against false positives. This paper introduces data taggants, a novel non-backdoor dataset ownership verification technique. Our method uses pairs of out-of-distribution samples and random labels as secret keys, and leverages clean-label targeted data poisoning to subtly alter a dataset, so that models trained on it respond to the key samples with the corresponding key labels. The keys are built as to allow for statistical certificates with black-box access only to the model. We validate our approach through comprehensive and realistic experiments on ImageNet1k using ViT and ResNet models with state-of-the-art training recipes. Our findings demonstrate that data taggants can reliably make models trained on the protected dataset detectable with high confidence, without compromising validation accuracy, and demonstrates superiority over backdoor watermarking. Moreover, our method shows to be stealthy and robust against various defense mechanisms.</description><subject>Datasets</subject><subject>Labels</subject><subject>Ownership</subject><subject>Statistical analysis</subject><subject>Stealth technology</subject><subject>Verification</subject><subject>Watermarking</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>BENPR</sourceid><recordid>eNqNi8sKwjAQRYMgWLT_EHBdaJM-xK0PulOkuC2DTmNKTWom1d-3ih_g6nA590xYIKRMolUqxIyFRG0cxyIvRJbJgJ224IFXoBQYT2v-mYSeH14GHd10z8_odKMv4LU1_KmBl-DuHRKNlVPo8fqN-NFqskYbtWDTBjrC8Mc5W-531aaMemcfA5KvWzs4M6paJklepJnMhPzv9QbGgz91</recordid><startdate>20241009</startdate><enddate>20241009</enddate><creator>Bouaziz, Wassim</creator><creator>El-Mahdi, El-Mhamdi</creator><creator>Usunier, Nicolas</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20241009</creationdate><title>Data Taggants: Dataset Ownership Verification via Harmless Targeted Data Poisoning</title><author>Bouaziz, Wassim ; El-Mahdi, El-Mhamdi ; Usunier, Nicolas</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_31167453523</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Datasets</topic><topic>Labels</topic><topic>Ownership</topic><topic>Statistical analysis</topic><topic>Stealth technology</topic><topic>Verification</topic><topic>Watermarking</topic><toplevel>online_resources</toplevel><creatorcontrib>Bouaziz, Wassim</creatorcontrib><creatorcontrib>El-Mahdi, El-Mhamdi</creatorcontrib><creatorcontrib>Usunier, Nicolas</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Bouaziz, Wassim</au><au>El-Mahdi, El-Mhamdi</au><au>Usunier, Nicolas</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Data Taggants: Dataset Ownership Verification via Harmless Targeted Data Poisoning</atitle><jtitle>arXiv.org</jtitle><date>2024-10-09</date><risdate>2024</risdate><eissn>2331-8422</eissn><abstract>Dataset ownership verification, the process of determining if a dataset is used in a model's training data, is necessary for detecting unauthorized data usage and data contamination. Existing approaches, such as backdoor watermarking, rely on inducing a detectable behavior into the trained model on a part of the data distribution. However, these approaches have limitations, as they can be harmful to the model's performances or require unpractical access to the model's internals. Most importantly, previous approaches lack guarantee against false positives. This paper introduces data taggants, a novel non-backdoor dataset ownership verification technique. Our method uses pairs of out-of-distribution samples and random labels as secret keys, and leverages clean-label targeted data poisoning to subtly alter a dataset, so that models trained on it respond to the key samples with the corresponding key labels. The keys are built as to allow for statistical certificates with black-box access only to the model. We validate our approach through comprehensive and realistic experiments on ImageNet1k using ViT and ResNet models with state-of-the-art training recipes. Our findings demonstrate that data taggants can reliably make models trained on the protected dataset detectable with high confidence, without compromising validation accuracy, and demonstrates superiority over backdoor watermarking. Moreover, our method shows to be stealthy and robust against various defense mechanisms.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | EISSN: 2331-8422 |
| ispartof | arXiv.org, 2024-10 |
| issn | 2331-8422 |
| language | eng |
| recordid | cdi_proquest_journals_3116745352 |
| source | Free E- Journals |
| subjects | Datasets Labels Ownership Statistical analysis Stealth technology Verification Watermarking |
| title | Data Taggants: Dataset Ownership Verification via Harmless Targeted Data Poisoning |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-29T03%3A48%3A51IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Data%20Taggants:%20Dataset%20Ownership%20Verification%20via%20Harmless%20Targeted%20Data%20Poisoning&rft.jtitle=arXiv.org&rft.au=Bouaziz,%20Wassim&rft.date=2024-10-09&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E3116745352%3C/proquest%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=3116745352&rft_id=info:pmid/&rfr_iscdi=true |