X-Mark: Saliency-Guided Robust Dataset Ownership Verification for Medical Imaging

High-quality medical imaging datasets are essential for training deep learning models, but their unauthorized use raises serious copyright and ethical concerns. Medical imaging presents a unique challenge for existing dataset ownership verification methods designed for natural images, as static watermark patterns generated in fixed-scale images scale poorly dynamic and high-resolution scans with limited visual diversity and subtle anatomical structures, while preserving diagnostic quality. In this paper, we propose X-Mark, a sample-specific clean-label watermarking method for chest x-ray copyright protection. Specifically, X-Mark uses a conditional U-Net to generate unique perturbations within salient regions of each sample. We design a multi-component training objective to ensure watermark efficacy, robustness against dynamic scaling processes while preserving diagnostic quality and visual-distinguishability. We incorporate Laplacian regularization into our training objective to penalize high-frequency perturbations and achieve watermark scale-invariance. Ownership verification is performed in a black-box setting to detect characteristic behaviors in suspicious models. Extensive experiments on CheXpert verify the effectiveness of X-Mark, achieving WSR of 100% and reducing probability of false positives in Ind-M scenario by 12%, while demonstrating resistance to potential adaptive attacks.

Key Contributions

Sample-specific clean-label backdoor watermarking via a conditional U-Net with EigenCAM-based saliency conditioning, generating perturbations localized to anatomically salient regions of chest X-rays.
Laplacian regularization in the watermark generator to penalize high-frequency perturbations, achieving scale-invariance and robustness to dynamic downsampling typical of high-resolution medical scans.
Multi-component training objective balancing watermark efficacy, diagnostic quality preservation, and visual distinguishability; validated on CheXpert with 100% WSR and 12% false-positive reduction.

🛡️ Threat Analysis

Output Integrity Attack

Embeds watermarks in training data (chest X-rays) so that any model trained on the data exhibits verifiable characteristic behavior, enabling dataset provenance and ownership verification. Per the guidelines, training data watermarking to detect unauthorized model training maps to ML09 (output integrity / content provenance), not ML05, because the watermark is in the data rather than model weights.

Details

Domains

vision

Model Types

cnn

Threat Tags

training_timeblack_box

Datasets

CheXpert

Applications

Key Contributions

🛡️ Threat Analysis

Details

Similar Papers

SSCL-BW: Sample-Specific Clean-Label Backdoor Watermarking for Dataset Ownership Verification

Open Set Face Forgery Detection via Dual-Level Evidence Collection

Efficient and Verifiable Privacy-Preserving Convolutional Computation for CNN Inference with Untrusted Clouds

FreqDebias: Towards Generalizable Deepfake Detection via Consistency-Driven Frequency Debiasing

MarkSplatter: Generalizable Watermarking for 3D Gaussian Splatting Model via Splatter Image Structure

SpectraNet: FFT-assisted Deep Learning Classifier for Deepfake Face Detection

ConcealGS: Concealing Invisible Copyright Information in 3D Gaussian Splatting

HMARK: Radioactive Multi-Bit Semantic-Latent Watermarking for Diffusion Models