HoneyImage: Verifiable, Harmless, and Stealthy Dataset Ownership Verification for Image Models

TL;DR

HoneyImage is a novel dataset ownership verification method that subtly embeds verifiable traces into hard samples of image datasets, ensuring reliable ownership proof without compromising data integrity or model performance.

Contribution

It introduces a new technique for dataset ownership verification that balances effectiveness, imperceptibility, and dataset integrity, addressing limitations of existing methods.

Findings

Achieves high verification accuracy across multiple datasets and models.

Maintains dataset integrity and model performance with minimal modifications.

Proves practical for protecting proprietary image datasets in AI applications.

Abstract

Image-based AI models are increasingly deployed across a wide range of domains, including healthcare, security, and consumer applications. However, many image datasets carry sensitive or proprietary content, raising critical concerns about unauthorized data usage. Data owners therefore need reliable mechanisms to verify whether their proprietary data has been misused to train third-party models. Existing solutions, such as backdoor watermarking and membership inference, face inherent trade-offs between verification effectiveness and preservation of data integrity. In this work, we propose HoneyImage, a novel method for dataset ownership verification in image recognition models. HoneyImage selectively modifies a small number of hard samples to embed imperceptible yet verifiable traces, enabling reliable ownership verification while maintaining dataset integrity. Extensive experiments across four benchmark datasets and multiple model architectures show that HoneyImage consistently achieves strong verification accuracy with minimal impact on downstream performance while maintaining imperceptible. The proposed HoneyImage method could provide data owners with a practical mechanism to protect ownership over valuable image datasets, encouraging safe sharing and unlocking the full transformative potential of data-driven AI.