Enhancing the Antidote: Improved Pointwise Certifications against Poisoning Attacks
نویسندگان
چکیده
Poisoning attacks can disproportionately influence model behaviour by making small changes to the training corpus. While defences against specific poisoning do exist, they in general not provide any guarantees, leaving them potentially countered novel attacks. In contrast, examining worst-case behaviours Certified Defences make it possible guarantees of robustness a sample adversarial modifying finite number samples, known as pointwise certification. We achieve this exploiting both Differential Privacy and Sampled Gaussian Mechanism ensure invariance prediction for each testing instance numbers poisoned examples. doing so, our provides that are more than twice large those provided prior certifications.
منابع مشابه
Poisoning Attacks against Support Vector Machines
We investigate a family of poisoning attacks against Support Vector Machines (SVM). Such attacks inject specially crafted training data that increases the SVM’s test error. Central to the motivation for these attacks is the fact that most learning algorithms assume that their training data comes from a natural or well-behaved distribution. However, this assumption does not generally hold in sec...
متن کاملData Poisoning Attacks against Autoregressive Models
Forecasting models play a key role in money-making ventures in many different markets. Such models are often trained on data from various sources, some of which may be untrustworthy. An actor in a given market may be incentivised to drive predictions in a certain direction to their own benefit. Prior analyses of intelligent adversaries in a machine-learning context have focused on regression an...
متن کاملLabel Sanitization against Label Flipping Poisoning Attacks
Many machine learning systems rely on data collected in the wild from untrusted sources, exposing the learning algorithms to data poisoning. Attackers can inject malicious data in the training dataset to subvert the learning process, compromising the performance of the algorithm producing errors in a targeted or an indiscriminate way. Label flipping attacks are a special case of data poisoning,...
متن کاملEnhancing network robustness against malicious attacks.
In a recent work [Schneider et al., Proc. Natl. Acad. Sci. USA 108, 3838 (2011)], the authors proposed a simple measure for network robustness under malicious attacks on nodes. Using a greedy algorithm, they found that the optimal structure with respect to this quantity is an onion structure in which high-degree nodes form a core surrounded by rings of nodes with decreasing degree. However, in ...
متن کاملNeed for antidote for aluminium phosphide poisoning.
Human toxicity of aluminium phosphide occurs due to the toxic effects of phosphine which is liberated in stomach on ingestion (1). The effect is worse in the presence of hydrochloric acid in the stomach. It is widely absorbed from gastrointestinal tract and has cytotoxic action as it inhibits mitochondrial respiration. It affects almost all systems i.e. gastrointestinal, cardiovascular, respira...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Proceedings of the ... AAAI Conference on Artificial Intelligence
سال: 2023
ISSN: ['2159-5399', '2374-3468']
DOI: https://doi.org/10.1609/aaai.v37i7.26065