{"id":"https://openalex.org/W4307416506","doi":"https://doi.org/10.48550/arxiv.2210.13631","title":"On the Robustness of Dataset Inference","display_name":"On the Robustness of Dataset Inference","publication_year":2022,"publication_date":"2022-10-24","ids":{"openalex":"https://openalex.org/W4307416506","doi":"https://doi.org/10.48550/arxiv.2210.13631"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2210.13631","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2210.13631","pdf_url":"https://arxiv.org/pdf/2210.13631","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2210.13631","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5022661875","display_name":"Sebastian Szyller","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Szyller, Sebastian","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100422092","display_name":"Rui Zhang","orcid":"https://orcid.org/0000-0002-8132-6250"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Rui","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100414637","display_name":"Jian Liu","orcid":"https://orcid.org/0000-0001-9104-2975"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Jian","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5081137894","display_name":"N. Asokan","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Asokan, N.","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5022661875"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"cited_by_count":2,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12357","display_name":"Digital Media Forensic Detection","score":0.9661999940872192,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9616000056266785,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.831798791885376},{"id":"https://openalex.org/keywords/correctness","display_name":"Correctness","score":0.8229566812515259},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8041595816612244},{"id":"https://openalex.org/keywords/suspect","display_name":"Suspect","score":0.7231126427650452},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.6580405235290527},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.6430574655532837},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.5397319793701172},{"id":"https://openalex.org/keywords/subspace-topology","display_name":"Subspace topology","score":0.4558990001678467},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4380103647708893},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4092424809932709},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3761346936225891},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.34038519859313965},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.2087199091911316}],"concepts":[{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.831798791885376},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.8229566812515259},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8041595816612244},{"id":"https://openalex.org/C2778223634","wikidata":"https://www.wikidata.org/wiki/Q224952","display_name":"Suspect","level":2,"score":0.7231126427650452},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.6580405235290527},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.6430574655532837},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.5397319793701172},{"id":"https://openalex.org/C32834561","wikidata":"https://www.wikidata.org/wiki/Q660730","display_name":"Subspace topology","level":2,"score":0.4558990001678467},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4380103647708893},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4092424809932709},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3761346936225891},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34038519859313965},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.2087199091911316},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"pmh:oai:arXiv.org:2210.13631","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2210.13631","pdf_url":"https://arxiv.org/pdf/2210.13631","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"pmh:oai:aaltodoc.aalto.fi:123456789/139172","is_oa":true,"landing_page_url":"https://openreview.net/forum?id=LKz5SqIXPJ","pdf_url":"https://openreview.net/pdf?id=LKz5SqIXPJ","source":{"id":"https://openalex.org/S4306401662","display_name":"Aaltodoc (Aalto University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I9927081","host_organization_name":"Aalto University","host_organization_lineage":["https://openalex.org/I9927081"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"publishedVersion"},{"id":"doi:10.48550/arxiv.2210.13631","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2210.13631","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2210.13631","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2210.13631","pdf_url":"https://arxiv.org/pdf/2210.13631","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.7599999904632568,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W3197016913","https://openalex.org/W2389153751","https://openalex.org/W4386728183","https://openalex.org/W2185015567","https://openalex.org/W2394191954","https://openalex.org/W2113933481","https://openalex.org/W4292622136","https://openalex.org/W2559305818","https://openalex.org/W2065201438","https://openalex.org/W2153316700"],"abstract_inverted_index":{"Machine":[0],"learning":[1],"(ML)":[2],"models":[3],"are":[4],"costly":[5],"to":[6,34,47,102,183,225,237,255],"train":[7],"as":[8,157],"they":[9,23],"can":[10,87,143,202],"require":[11],"a":[12,50,60,116,125,215,239,244],"significant":[13],"amount":[14],"of":[15,43,62,75,82,113,127,208,262,267],"data,":[16],"computational":[17,91],"resources":[18],"and":[19,106,273],"technical":[20],"expertise.":[21],"Thus,":[22],"constitute":[24],"valuable":[25],"intellectual":[26],"property":[27],"that":[28,49,133,162,176,191,233],"needs":[29],"protection":[30],"from":[31,57,136,153,195,243],"adversaries":[32,86],"wanting":[33],"steal":[35],"them.":[36],"Ownership":[37],"verification":[38,64,270],"techniques":[39,65],"allow":[40],"the":[41,128,154,179,206,248,253,260,265],"victims":[42],"model":[44,52,148,240],"stealing":[45],"attacks":[46],"demonstrate":[48,232],"suspect":[51,170],"was":[53],"in":[54,80,124,167,178,271],"fact":[55],"stolen":[56,216,245],"theirs.":[58],"Although":[59],"number":[61],"ownership":[63,269],"based":[66],"on":[67],"watermarking":[68],"or":[69,90],"fingerprinting":[70,94],"have":[71],"been":[72,100],"proposed,":[73],"most":[74],"them":[76],"fall":[77],"short":[78],"either":[79],"terms":[81],"security":[83],"guarantees":[84],"(well-equipped":[85],"evade":[88],"verification)":[89],"cost.":[92],"A":[93],"technique,":[95],"Dataset":[96],"Inference":[97],"(DI),":[98],"has":[99],"shown":[101],"offer":[103],"better":[104],"robustness":[105],"efficiency":[107],"than":[108],"prior":[109],"methods.":[110],"The":[111],"authors":[112],"DI":[114,134,163,177,192,204,235,251],"provided":[115],"correctness":[117],"proof":[118],"for":[119,276],"linear":[120],"(suspect)":[121],"models.":[122,171],"However,":[123],"subspace":[126],"same":[129,155],"setting,":[130],"we":[131,189,231,258],"prove":[132,161],"suffers":[135,194],"high":[137,186],"false":[138,196],"positives":[139],"(FPs)":[140],"--":[141,199,247],"it":[142],"incorrectly":[144],"identify":[145,238],"an":[146,200,226],"independent":[147],"trained":[149,242],"with":[150,185],"non-overlapping":[151],"data":[152],"distribution":[156],"stolen.":[158],"We":[159,172],"further":[160],"also":[164,193],"triggers":[165],"FPs":[166],"realistic,":[168],"non-linear":[169],"then":[173],"confirm":[174],"empirically":[175],"black-box":[180,234],"setting":[181,249],"leads":[182],"FPs,":[184],"confidence.":[187],"Second,":[188],"show":[190],"negatives":[197],"(FNs)":[198],"adversary":[201],"fool":[203],"(at":[205],"cost":[207],"incurring":[209],"some":[210],"accuracy":[211],"loss)":[212],"by":[213],"regularising":[214],"model's":[217],"decision":[218],"boundaries":[219],"using":[220],"adversarial":[221],"training,":[222],"thereby":[223],"leading":[224],"FN.":[227],"To":[228],"this":[229],"end,":[230],"fails":[236],"adversarially":[241],"dataset":[246],"where":[250],"is":[252],"hardest":[254],"evade.":[256],"Finally,":[257],"discuss":[259],"implications":[261],"our":[263],"findings,":[264],"viability":[266],"fingerprinting-based":[268],"general,":[272],"suggest":[274],"directions":[275],"future":[277],"work.":[278]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1}],"updated_date":"2026-04-22T08:38:42.863108","created_date":"2025-10-10T00:00:00"}