Pith

open record

sign in

arxiv: 2503.10269 · v1 · pith:LS3JZKDU · submitted 2025-03-13 · cs.CR · cs.LG

Targeted Data Poisoning for Black-Box Audio Datasets Ownership Verification

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:LS3JZKDUrecord.jsonopen to challenge →

classification cs.CR cs.LG
keywords dataaudiomethoddatasetdatasetsdeeplearningmodel
0
0 comments X
read the original abstract

Protecting the use of audio datasets is a major concern for data owners, particularly with the recent rise of audio deep learning models. While watermarks can be used to protect the data itself, they do not allow to identify a deep learning model trained on a protected dataset. In this paper, we adapt to audio data the recently introduced data taggants approach. Data taggants is a method to verify if a neural network was trained on a protected image dataset with top-$k$ predictions access to the model only. This method relies on a targeted data poisoning scheme by discreetly altering a small fraction (1%) of the dataset as to induce a harmless behavior on out-of-distribution data called keys. We evaluate our method on the Speechcommands and the ESC50 datasets and state of the art transformer models, and show that we can detect the use of the dataset with high confidence without loss of performance. We also show the robustness of our method against common data augmentation techniques, making it a practical method to protect audio datasets.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.