Dataset authorization control: protect the intellectual property of dataset via reversible feature space adversarial examples

The cost of collecting and annotating large-scale datasets is expensive, thus the valuable datasets can be considered as the intellectual property (IP) of the dataset creator. To date, all the copyright protection methods for deep learning focus on the copyright protection of the models, while there are no researches on copyright protection of the dataset. Protecting the intellectual property of dataset is a brand new topic which is very challenging. In this paper, we propose an authorization control method to actively protect the dataset from being used to train Deep Neural Network (DNN) models without authorization. To the best of our knowledge, this is the first work on IP protection for dataset. We generate feature space adversarial examples for clean images. Then, we utilize the modified Reversible Image Transformation to hide the clean images into the corresponding feature space adversarial examples to generate the protected images. For the unauthorized users, the model directly trained on the protected dataset will have poor inference accuracy. For the authorized users, the model can be trained on the recovered dataset and will have normal inference accuracy. Experimental results on CIFAR-10 and TinyImageNet datasets demonstrate the effectiveness of the proposed method. It is also demonstrated that the proposed method has an excellent transferability across different models. Moreover, the proposed method is robust to the adaptive attack.