Targeted Data Poisoning for Black-Box Audio Datasets Ownership Verification
This addresses the need for audio dataset owners to protect their data from unauthorized use in deep learning models, offering a practical verification method.
The paper tackles the problem of verifying whether a neural network was trained on a protected audio dataset by adapting a data taggants method, which uses targeted data poisoning on 1% of the dataset to induce harmless behaviors on out-of-distribution keys, and shows high-confidence detection without performance loss on Speechcommands and ESC50 datasets with transformer models.
Protecting the use of audio datasets is a major concern for data owners, particularly with the recent rise of audio deep learning models. While watermarks can be used to protect the data itself, they do not allow to identify a deep learning model trained on a protected dataset. In this paper, we adapt to audio data the recently introduced data taggants approach. Data taggants is a method to verify if a neural network was trained on a protected image dataset with top-$k$ predictions access to the model only. This method relies on a targeted data poisoning scheme by discreetly altering a small fraction (1%) of the dataset as to induce a harmless behavior on out-of-distribution data called keys. We evaluate our method on the Speechcommands and the ESC50 datasets and state of the art transformer models, and show that we can detect the use of the dataset with high confidence without loss of performance. We also show the robustness of our method against common data augmentation techniques, making it a practical method to protect audio datasets.