后门
计算机科学
数字水印
水准点(测量)
许可
利用
人工智能
数据挖掘
机器学习
复制
嵌入
编码(集合论)
图像(数学)
计算机安全
程序设计语言
集合(抽象数据类型)
统计
法学
地理
数学
政治学
大地测量学
作者
Yiming Li,Mingyan Zhu,Xue Yang,Yong Jiang,Tao Wei,Shu‐Tao Xia
标识
DOI:10.1109/tifs.2023.3265535
摘要
Deep learning, especially deep neural networks (DNNs), has been widely and successfully adopted in many critical applications for its high effectiveness and efficiency. The rapid development of DNNs has benefited from the existence of some high-quality datasets ( e.g ., ImageNet), which allow researchers and developers to easily verify the performance of their methods. Currently, almost all existing released datasets require that they can only be adopted for academic or educational purposes rather than commercial purposes without permission. However, there is still no good way to ensure that. In this paper, we formulate the protection of released datasets as verifying whether they are adopted for training a (suspicious) third-party model, where defenders can only query the model while having no information about its parameters and training details. Based on this formulation, we propose to embed external patterns via backdoor watermarking for the ownership verification to protect them. Our method contains two main parts, including dataset watermarking and dataset verification. Specifically, we exploit poison-only backdoor attacks ( e.g ., BadNets) for dataset watermarking and design a hypothesis-test-guided method for dataset verification. We also provide some theoretical analyses of our methods. Experiments on multiple benchmark datasets of different tasks are conducted, which verify the effectiveness of our method. The code for reproducing main experiments is available at https://github.com/THUYimingLi/DVBW.
科研通智能强力驱动
Strongly Powered by AbleSci AI