What problem does this paper attempt to address?

The problem that this paper attempts to solve is the auditing of data usage in machine learning (ML) model training. Specifically, the author proposes a general - purpose framework for auditing whether an ML model has used data for training without the permission of the data owner. The importance of this problem lies in: 1. **Data Transparency and Authorization**: Many developers of large - scale ML models have not made public the sources of their training data, which has raised questions and concerns about whether appropriate authorization has been obtained to use these data. 2. **Regulatory Compliance**: Data protection regulations in recent years (such as the General Data Protection Regulation (GDPR) in Europe, the California Consumer Privacy Act (CCPA) in the United States, and PIPEDA privacy legislation in Canada) have given data owners the right to know how their data are being used. ### Research Background - **Passive Data Auditing**: Existing methods such as Membership Inference can infer whether a data sample belongs to the training set of a model, but cannot provide a quantitative error - detection guarantee. - **Active Data Auditing**: Existing methods usually require the data owner to have full control over the entire training set and are mainly focused on specific types of ML models (such as image classifiers), and it is difficult to directly generalize them to other fields. ### Proposed Solution The author proposes a general - purpose active data auditing framework, which has the following characteristics: 1. **No Assumption of Data Labeling or Task Type**: The data - marking algorithm in the framework does not rely on any specific information about data labeling or ML tasks. 2. **Quantifiable and Adjustable Error - Detection Rate**: By comparing Membership Inference and sequential hypothesis testing, a quantifiable and adjustable error - detection rate is provided. 3. **Wide Applicability**: This framework is applicable to various types of ML models, including image classifiers and Foundation Models. ### Working Principle of the Framework 1. **Data - Marking Algorithm**: Before releasing data, the data owner generates two versions for each original data. These two versions are perturbed in different ways, but still maintain the practicality of the original data in terms of vision or other aspects. Then one version is randomly selected for release, and the other version is retained. 2. **Detection Algorithm**: Through black - box access to the deployed ML model, contrastive Membership Inference is used to detect whether the released data has been used for training the model. If the model has indeed used the released data, it will be more likely to recognize the released version rather than the unreleased version. ### Experimental Verification The author has verified the effectiveness of this framework on two types of ML models: - **Image Classifiers**: The results show that this framework effectively audits the data - owner's data usage on multiple visual benchmark datasets and outperforms the existing state - of - the - art methods. - **Foundation Models**: The evaluation is extended to three different types of foundation models (self - supervised learning visual encoders, Llama 2, and CLIP), and the results indicate that this framework also exhibits efficient performance in such models. In conclusion, this paper proposes a novel and general - purpose data - auditing framework that can effectively detect unauthorized data usage under multiple ML models and settings and provides a quantifiable error - detection - rate guarantee.