Targeted Data Poisoning for Black-Box Audio Datasets Ownership Verification

• URL: http://arxiv.org/abs/2503.10269v1
• Date: Thu, 13 Mar 2025 11:25:25 GMT
• Title: Targeted Data Poisoning for Black-Box Audio Datasets Ownership Verification
• Authors: Wassim Bouaziz, El-Mahdi El-Mhamdi, Nicolas Usunier,
• Abstract summary: In this paper, we adapt to audio data the recently introduced data taggants approach.<n>Data taggants is a method to verify if a neural network was trained on a protected image dataset.<n>We show that our method can detect the use of the dataset with high confidence without loss of performance.
• Score: 12.80649024603656
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Protecting the use of audio datasets is a major concern for data owners, particularly with the recent rise of audio deep learning models. While watermarks can be used to protect the data itself, they do not allow to identify a deep learning model trained on a protected dataset. In this paper, we adapt to audio data the recently introduced data taggants approach. Data taggants is a method to verify if a neural network was trained on a protected image dataset with top-$k$ predictions access to the model only. This method relies on a targeted data poisoning scheme by discreetly altering a small fraction (1%) of the dataset as to induce a harmless behavior on out-of-distribution data called keys. We evaluate our method on the Speechcommands and the ESC50 datasets and state of the art transformer models, and show that we can detect the use of the dataset with high confidence without loss of performance. We also show the robustness of our method against common data augmentation techniques, making it a practical method to protect audio datasets.

Related papers

• CBW: Towards Dataset Ownership Verification for Speaker Verification via Clustering-based Backdoor Watermarking [85.68235482145091]
  Large-scale speech datasets have become valuable intellectual property.<n>We propose a novel dataset ownership verification method.<n>Our approach introduces a clustering-based backdoor watermark (CBW)<n>We conduct extensive experiments on benchmark datasets, verifying the effectiveness and robustness of our method against potential adaptive attacks.
  arXiv  Detail & Related papers  (2025-03-02T02:02:57Z)
• Data Taggants: Dataset Ownership Verification via Harmless Targeted Data Poisoning [12.80649024603656]
  This paper introduces data taggants, a novel non-backdoor dataset ownership verification technique. We validate our approach through comprehensive and realistic experiments on ImageNet1k using ViT and ResNet models with state-of-the-art training recipes.
  arXiv  Detail & Related papers  (2024-10-09T12:49:23Z)
• Mendata: A Framework to Purify Manipulated Training Data [12.406255198638064]
  We propose Mendata, a framework to purify manipulated training data. Mendata perturbs the training inputs so that they retain their utility but are distributed similarly to the reference data. We demonstrate the effectiveness of Mendata by applying it to defeat state-of-the-art data poisoning and data tracing techniques.
  arXiv  Detail & Related papers  (2023-12-03T04:40:08Z)
• Did You Train on My Dataset? Towards Public Dataset Protection with Clean-Label Backdoor Watermarking [54.40184736491652]
  We propose a backdoor-based watermarking approach that serves as a general framework for safeguarding public-available data. By inserting a small number of watermarking samples into the dataset, our approach enables the learning model to implicitly learn a secret function set by defenders. This hidden function can then be used as a watermark to track down third-party models that use the dataset illegally.
  arXiv  Detail & Related papers  (2023-03-20T21:54:30Z)
• The Devil's Advocate: Shattering the Illusion of Unexploitable Data using Diffusion Models [14.018862290487617]
  We show that a carefully designed denoising process can counteract the data-protecting perturbations. Our approach, called AVATAR, delivers state-of-the-art performance against a suite of recent availability attacks.
  arXiv  Detail & Related papers  (2023-03-15T10:20:49Z)
• On-the-fly Denoising for Data Augmentation in Natural Language Understanding [101.46848743193358]
  We propose an on-the-fly denoising technique for data augmentation that learns from soft augmented labels provided by an organic teacher model trained on the cleaner original data. Our method can be applied to general augmentation techniques and consistently improve the performance on both text classification and question-answering tasks.
  arXiv  Detail & Related papers  (2022-12-20T18:58:33Z)
• Device-Directed Speech Detection: Regularization via Distillation for Weakly-Supervised Models [13.456066434598155]
  We address the problem of detecting speech directed to a device that does not contain a specific wake-word. Specifically, we focus on audio coming from a touch-based invocation.
  arXiv  Detail & Related papers  (2022-03-30T01:27:39Z)
• Attentive Prototypes for Source-free Unsupervised Domain Adaptive 3D Object Detection [85.11649974840758]
  3D object detection networks tend to be biased towards the data they are trained on. We propose a single-frame approach for source-free, unsupervised domain adaptation of lidar-based 3D object detectors.
  arXiv  Detail & Related papers  (2021-11-30T18:42:42Z)
• Open-sourced Dataset Protection via Backdoor Watermarking [87.15630326131901]
  We propose a emphbackdoor embedding based dataset watermarking method to protect an open-sourced image-classification dataset. We use a hypothesis test guided method for dataset verification based on the posterior probability generated by the suspicious third-party model.
  arXiv  Detail & Related papers  (2020-10-12T16:16:27Z)
• Radioactive data: tracing through training [130.2266320167683]
  We propose a new technique, emphradioactive data, that makes imperceptible changes to this dataset such that any model trained on it will bear an identifiable mark. Given a trained model, our technique detects the use of radioactive data and provides a level of confidence (p-value) Our method is robust to data augmentation and backdoority of deep network optimization.
  arXiv  Detail & Related papers  (2020-02-03T18:41:08Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.