Untrusted data used to train a model might have been manipulated to endow the learned model with hidden properties that the data contributor might later exploit. Data purification aims to remove such manipulations prior to training the model. We propose Mendata, a novel framework to purify manipulated training data. Starting from a small reference dataset in which a large majority of the inputs are clean, Mendata perturbs the training inputs so that they retain their utility but are distributed similarly (as measured by Wasserstein distance) to the reference data, thereby eliminating hidden properties from the learned model. A key challenge is how to find such perturbations, which we address by formulating a min-max optimization problem and developing a two-step method to iteratively solve it. We demonstrate the effectiveness of Mendata by applying it to defeat state-of-the-art data poisoning and data tracing techniques.

翻译：用于训练模型的不可信数据可能已被操纵，从而赋予学习模型数据贡献者日后可能利用的隐藏属性。数据净化旨在训练模型前去除此类操纵。我们提出Mendata，一种新颖的净化被操纵训练数据框架。从大部分输入为干净样本的小型参考数据集出发，Mendata对训练输入进行扰动，使其在保持效用的同时，在分布上与参考数据相似（以Wasserstein距离度量），从而消除学习模型中的隐藏属性。关键挑战在于如何找到此类扰动，我们通过构造极小极大优化问题并开发两步迭代求解方法加以解决。通过击败最先进的数据投毒与数据追踪技术，我们验证了Mendata的有效性。