Detect the watermark through the training model

A watermarking scheme to protect numerical classification datasets

Bachelor thesis (2023)

Authors

R. Li Electrical Engineering, Mathematics and Computer Science

Contributors

Devris Isler IMDEA Networks Institute (mentor)

P. Kellnhofer Computer Graphics and Visualisation - (graduation committee member)

Faculty

Electrical Engineering, Mathematics and Computer Science, Electrical Engineering, Mathematics and Computer Science

To reference this document use:

http://resolver.tudelft.nl/uuid:54eac195-05ea-4227-aebf-ddc1a33a9a4b

More Info

expand_more

Published Date

03-02-2023

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Datasets play an important role in machine learning technology. The quality of a machine learning model is highly dependent on the quality of the training dataset. Datasets are of great economic value and should be viewed as intellectual property. To protect the property rights of machine learning training datasets, we can make use of the watermarking technique. In this paper, we propose a dataset watermarking method for numerical datasets. Our method is modified from the radioactive data method, which is proposed for image datasets. Our method can detect if a linear classifier machine learning model has been trained with the watermarked dataset. The experiment results show that we can detect the watermark with more than 99% confidence with only 1% of data being modified. The watermarking method is not robust against data normalization but is robust against column dropping when the dimension of the dataset is high.

Files

Thesis_9_1_.pdf

(pdf | 0.194 Mb)

- Embargo expired in 03-02-2023