Preventing Unauthorized Use of Proprietary Data: Poisoning for Secure Dataset Release
Liam Fowl, Ping-yeh Chiang, Micah Goldblum, Jonas Geiping, Arpit Bansal, Wojtek Czaja, Tom Goldstein
TL;DR
This work tackles the problem of proprietary data being publicly released in a way that enables competitors to replicate model performance. It proposes an indiscriminate data-poisoning method that minimally perturbs released data under an $\ell_\infty$ bound $\epsilon$ and optimizes a gradient-alignment objective using a reverse cross-entropy loss, solved via projected gradient descent. Empirical results on ImageNet, CIFAR-10, and facial-recognition benchmarks show substantial degradation in validation and identification/verification performance, including in black-box settings, and demonstrate online applicability for real-time data release. The study also analyzes robustness to defenses and regularization, and demonstrates that the poisoning remains effective under several training modifications, suggesting practical potential for protecting proprietary datasets in adversarial environments.
Abstract
Large organizations such as social media companies continually release data, for example user images. At the same time, these organizations leverage their massive corpora of released data to train proprietary models that give them an edge over their competitors. These two behaviors can be in conflict as an organization wants to prevent competitors from using their own data to replicate the performance of their proprietary models. We solve this problem by developing a data poisoning method by which publicly released data can be minimally modified to prevent others from train-ing models on it. Moreover, our method can be used in an online fashion so that companies can protect their data in real time as they release it.We demonstrate the success of our approach onImageNet classification and on facial recognition.