Safeguarding the Intellectual Property (IP) of data has become critically important as machine learning applications continue to proliferate, and their success heavily relies on the quality of training data. While various mechanisms exist to secure data during storage, transmission, and consumption, fewer studies have been developed to detect whether they are already leaked for model training without authorization. This issue is particularly challenging due to the absence of information and control over the training process conducted by potential attackers. In this paper, we concentrate on the domain of tabular data and introduce a novel methodology, Local Distribution Shifting Synthesis (\textsc{LDSS}), to detect leaked data that are used to train classification models. The core concept behind \textsc{LDSS} involves injecting a small volume of synthetic data--characterized by local shifts in class distribution--into the owner's dataset. This enables the effective identification of models trained on leaked data through model querying alone, as the synthetic data injection results in a pronounced disparity in the predictions of models trained on leaked and modified datasets. \textsc{LDSS} is \emph{model-oblivious} and hence compatible with a diverse range of classification models, such as Naive Bayes, Decision Tree, and Random Forest. We have conducted extensive experiments on seven types of classification models across five real-world datasets. The comprehensive results affirm the reliability, robustness, fidelity, security, and efficiency of \textsc{LDSS}.

翻译：保护数据的知识产权（IP）在机器学习应用持续普及且其成功高度依赖训练数据质量的背景下变得至关重要。尽管已有多种机制确保数据在存储、传输和消费过程中的安全性，但针对检测数据是否已被未经授权用于模型训练的研究仍相对匮乏。由于缺乏对潜在攻击者训练过程的信息与控制，该问题尤具挑战性。本文聚焦表格数据领域，提出了一种新颖方法——局部分布偏移合成（LDSS），用于检测被用于训练分类模型的泄露数据。LDSS的核心思想是在数据所有者数据集中注入少量具有局部类别分布偏移特征的合成数据，从而仅通过模型查询即可有效识别基于泄露数据训练的模型——因为合成数据注入会导致基于泄露数据集与修改数据集训练的模型在预测结果上产生显著差异。LDSS具有模型无关特性，因此兼容朴素贝叶斯、决策树和随机森林等各类分类模型。我们在五个真实数据集上对七种分类模型开展了广泛实验，综合结果验证了LDSS的可靠性、鲁棒性、保真度、安全性与高效性。