TabularMark: Watermarking Tabular Datasets for Machine Learning

TL;DR

TabularMark is a novel watermarking scheme for tabular datasets that ensures data ownership protection while maintaining data utility for machine learning tasks, using hypothesis testing and data perturbation techniques.

Contribution

The paper introduces TabularMark, a watermarking method that balances detectability, non-intrusiveness, and robustness, specifically designed for tabular data used in machine learning.

Findings

TabularMark outperforms existing methods in detectability and robustness.

It preserves data utility for ML training with minimal impact.

The scheme is effective on both real-world and synthetic datasets.

Abstract

Watermarking is broadly utilized to protect ownership of shared data while preserving data utility. However, existing watermarking methods for tabular datasets fall short on the desired properties (detectability, non-intrusiveness, and robustness) and only preserve data utility from the perspective of data statistics, ignoring the performance of downstream ML models trained on the datasets. Can we watermark tabular datasets without significantly compromising their utility for training ML models while preventing attackers from training usable ML models on attacked datasets? In this paper, we propose a hypothesis testing-based watermarking scheme, TabularMark. Data noise partitioning is utilized for data perturbation during embedding, which is adaptable for numerical and categorical attributes while preserving the data utility. For detection, a custom-threshold one proportion z-test is employed, which can reliably determine the presence of the watermark. Experiments on real-world and synthetic datasets demonstrate the superiority of TabularMark in detectability, non-intrusiveness, and robustness.