Invertible Image Dataset Protection

TL;DR

This paper introduces RAEG, a reversible adversarial image transformation technique that protects datasets from unauthorized use and analysis while maintaining data utility for authorized models.

Contribution

The paper presents a novel reversible adversarial example generator that enhances dataset protection against malicious attacks without compromising authorized model performance.

Findings

RAEG effectively weakens pirated models trained on protected data.

It provides better protection with minimal image distortion compared to previous methods.

The approach maintains high performance on authorized models.

Abstract

Deep learning has achieved enormous success in various industrial applications. Companies do not want their valuable data to be stolen by malicious employees to train pirated models. Nor do they wish the data analyzed by the competitors after using them online. We propose a novel solution for dataset protection in this scenario by robustly and reversibly transform the images into adversarial images. We develop a reversible adversarial example generator (RAEG) that introduces slight changes to the images to fool traditional classification models. Even though malicious attacks train pirated models based on the defensed versions of the protected images, RAEG can significantly weaken the functionality of these models. Meanwhile, the reversibility of RAEG ensures the performance of authorized models. Extensive experiments demonstrate that RAEG can better protect the data with slight distortion against adversarial defense than previous methods.