Training Data Provenance Verification: Did Your Model Use Synthetic Data from My Generative Model for Training?
This addresses the misuse risk for owners of generative models when their synthetic data is used without authorization, representing a novel solution to an unresolved issue.
The paper tackles the problem of verifying whether a model was trained using synthetic data from a specific generative model without permission, by proposing TrainProVe, which achieves over 99% accuracy in provenance verification across four text-to-image models.
High-quality open-source text-to-image models have lowered the threshold for obtaining photorealistic images significantly, but also face potential risks of misuse. Specifically, suspects may use synthetic data generated by these generative models to train models for specific tasks without permission, when lacking real data resources especially. Protecting these generative models is crucial for the well-being of their owners. In this work, we propose the first method to this important yet unresolved issue, called Training data Provenance Verification (TrainProVe). The rationale behind TrainProVe is grounded in the principle of generalization error bound, which suggests that, for two models with the same task, if the distance between their training data distributions is smaller, their generalization ability will be closer. We validate the efficacy of TrainProVe across four text-to-image models (Stable Diffusion v1.4, latent consistency model, PixArt-$α$, and Stable Cascade). The results show that TrainProVe achieves a verification accuracy of over 99\% in determining the provenance of suspicious model training data, surpassing all previous methods. Code is available at https://github.com/xieyc99/TrainProVe.