TabularMark: Watermarking Tabular Datasets for Machine Learning

• URL: http://arxiv.org/abs/2406.14841v1
• Date: Fri, 21 Jun 2024 02:58:45 GMT
• Title: TabularMark: Watermarking Tabular Datasets for Machine Learning
• Authors: Yihao Zheng, Haocheng Xia, Junyuan Pang, Jinfei Liu, Kui Ren, Lingyang Chu, Yang Cao, Li Xiong,
• Abstract summary: We propose a hypothesis testing-based watermarking scheme, TabularMark. Data noise partitioning is utilized for data perturbation during embedding. Experiments on real-world and synthetic datasets demonstrate the superiority of TabularMark in detectability, non-intrusiveness, and robustness.
• Score: 20.978995194849297
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Watermarking is broadly utilized to protect ownership of shared data while preserving data utility. However, existing watermarking methods for tabular datasets fall short on the desired properties (detectability, non-intrusiveness, and robustness) and only preserve data utility from the perspective of data statistics, ignoring the performance of downstream ML models trained on the datasets. Can we watermark tabular datasets without significantly compromising their utility for training ML models while preventing attackers from training usable ML models on attacked datasets? In this paper, we propose a hypothesis testing-based watermarking scheme, TabularMark. Data noise partitioning is utilized for data perturbation during embedding, which is adaptable for numerical and categorical attributes while preserving the data utility. For detection, a custom-threshold one proportion z-test is employed, which can reliably determine the presence of the watermark. Experiments on real-world and synthetic datasets demonstrate the superiority of TabularMark in detectability, non-intrusiveness, and robustness.

Related papers

• Data Taggants: Dataset Ownership Verification via Harmless Targeted Data Poisoning [12.80649024603656]
  This paper introduces data taggants, a novel non-backdoor dataset ownership verification technique. We validate our approach through comprehensive and realistic experiments on ImageNet1k using ViT and ResNet models with state-of-the-art training recipes.
  arXiv  Detail & Related papers  (2024-10-09T12:49:23Z)
• PointNCBW: Towards Dataset Ownership Verification for Point Clouds via Negative Clean-label Backdoor Watermark [20.746346834429925]
  We propose a clean-label backdoor-based dataset watermark for point clouds that ensures both effectiveness and stealthiness. We perturb selected point clouds with non-target categories in both shape-wise and point-wise manners before inserting trigger patterns. As such, models trained on the watermarked dataset will have a distinctive yet stealthy backdoor behavior.
  arXiv  Detail & Related papers  (2024-08-10T09:31:58Z)
• Watermarking Generative Tabular Data [39.31042783480766]
  We show theoretically that the proposed watermark can be effectively detected, while faithfully preserving the data fidelity. We also demonstrate appealing robustness against additive noise attack.
  arXiv  Detail & Related papers  (2024-05-22T21:52:12Z)
• Scaling Laws for Data Filtering -- Data Curation cannot be Compute Agnostic [99.3682210827572]
  Vision-language models (VLMs) are trained for thousands of GPU hours on carefully curated web datasets. Data curation strategies are typically developed agnostic of the available compute for training. We introduce neural scaling laws that account for the non-homogeneous nature of web data.
  arXiv  Detail & Related papers  (2024-04-10T17:27:54Z)
• Training-Free Generalization on Heterogeneous Tabular Data via Meta-Representation [67.30538142519067]
  We propose Tabular data Pre-Training via Meta-representation (TabPTM) A deep neural network is then trained to associate these meta-representations with dataset-specific classification confidences. Experiments validate that TabPTM achieves promising performance in new datasets, even under few-shot scenarios.
  arXiv  Detail & Related papers  (2023-10-31T18:03:54Z)
• Domain Watermark: Effective and Harmless Dataset Copyright Protection is Closed at Hand [96.26251471253823]
  backdoor-based dataset ownership verification (DOV) is currently the only feasible approach to protect the copyright of open-source datasets. We make watermarked models (trained on the protected dataset) correctly classify some hard' samples that will be misclassified by the benign model.
  arXiv  Detail & Related papers  (2023-10-09T11:23:05Z)
• Did You Train on My Dataset? Towards Public Dataset Protection with Clean-Label Backdoor Watermarking [54.40184736491652]
  We propose a backdoor-based watermarking approach that serves as a general framework for safeguarding public-available data. By inserting a small number of watermarking samples into the dataset, our approach enables the learning model to implicitly learn a secret function set by defenders. This hidden function can then be used as a watermark to track down third-party models that use the dataset illegally.
  arXiv  Detail & Related papers  (2023-03-20T21:54:30Z)
• Is margin all you need? An extensive empirical study of active learning on tabular data [66.18464006872345]
  We analyze the performance of a variety of active learning algorithms on 69 real-world datasets from the OpenML-CC18 benchmark. Surprisingly, we find that the classical margin sampling technique matches or outperforms all others, including current state-of-art.
  arXiv  Detail & Related papers  (2022-10-07T21:18:24Z)
• On the Effectiveness of Dataset Watermarking in Adversarial Settings [14.095584034871658]
  We investigate a proposed data provenance method, radioactive data, to assess if it can be used to demonstrate ownership of (image) datasets used to train machine learning (ML) models. We show that radioactive data can effectively survive model extraction attacks, which raises the possibility that it can be used for ML model ownership verification robust against model extraction.
  arXiv  Detail & Related papers  (2022-02-25T05:51:53Z)
• Open-sourced Dataset Protection via Backdoor Watermarking [87.15630326131901]
  We propose a emphbackdoor embedding based dataset watermarking method to protect an open-sourced image-classification dataset. We use a hypothesis test guided method for dataset verification based on the posterior probability generated by the suspicious third-party model.
  arXiv  Detail & Related papers  (2020-10-12T16:16:27Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.