TY - GEN
T1 - Tracking the Leaker
T2 - 2024 ACM Turing Award Celebration Conference China, TURC 2024
AU - Shang, Yifan
AU - Xue, Mingfu
AU - Zhang, Leo Yu
AU - Zhang, Yushu
AU - Liu, Weiqiang
N1 - Publisher Copyright:
© 2024 Owner/Author.
PY - 2024/7/5
Y1 - 2024/7/5
N2 - Presently, numerous enterprises provide machine learning cloud services. However, the service provider may exploit user-uploaded data for unauthorized model retraining or illicit collection of user data for commercial model development. This study introduces a traceable dataset watermarking technique designed to ascertain the trustworthiness of third-party providers offering machine learning cloud services. In the event of a data breach, the source can be traced back to the suspicious third-party responsible for data leakage. Specifically, we propose a method that employs the clean-label backdoor attack framework to infer whether a third-party model is trained using user data. A watermark, associated with the encoding and designed as a trigger, is injected into the dataset through a trained autoencoder. Experimental evaluation on three datasets proves the effectiveness of the proposed method, yielding over 93% accuracy on average under normal conditions. A series of pruning and fine-tuning attacks were carried out on the method, with the results indicating that these attacks have a minimal impact and confirming the method's robustness.
AB - Presently, numerous enterprises provide machine learning cloud services. However, the service provider may exploit user-uploaded data for unauthorized model retraining or illicit collection of user data for commercial model development. This study introduces a traceable dataset watermarking technique designed to ascertain the trustworthiness of third-party providers offering machine learning cloud services. In the event of a data breach, the source can be traced back to the suspicious third-party responsible for data leakage. Specifically, we propose a method that employs the clean-label backdoor attack framework to infer whether a third-party model is trained using user data. A watermark, associated with the encoding and designed as a trigger, is injected into the dataset through a trained autoencoder. Experimental evaluation on three datasets proves the effectiveness of the proposed method, yielding over 93% accuracy on average under normal conditions. A series of pruning and fine-tuning attacks were carried out on the method, with the results indicating that these attacks have a minimal impact and confirming the method's robustness.
KW - Backdoor
KW - Data Security
KW - Dataset Watermarking
KW - Deep Neural Networks
KW - Intellectual Property Protection
UR - https://www.scopus.com/pages/publications/85200911319
U2 - 10.1145/3674399.3674446
DO - 10.1145/3674399.3674446
M3 - 会议稿件
AN - SCOPUS:85200911319
T3 - ACM International Conference Proceeding Series
SP - 114
EP - 119
BT - Proceedings of ACM Turing Award Celebration Conference - CHINA 2024, TURC 2024
PB - Association for Computing Machinery
Y2 - 5 July 2024 through 7 July 2024
ER -