Stronger data poisoning attacks break data sanitization defenses
نویسندگان
چکیده
Machine learning models trained on data from the outside world can be corrupted by poisoning attacks that inject malicious points into models’ training sets. A common defense against these is sanitization: first filter out anomalous before model. In this paper, we develop three bypass a broad range of sanitization defenses, including anomaly detectors based nearest neighbors, loss, and singular-value decomposition. By adding just 3% poisoned data, our successfully increase test error Enron spam detection dataset 3 to 24% IMDB sentiment classification 12 29%. contrast, existing which do not explicitly account for defenses are defeated them. Our two ideas: (i) coordinate place near one another, (ii) formulate each attack as constrained optimization problem, with constraints designed ensure evade detection. As involves solving an expensive bilevel correspond different ways approximating influence functions; minimax duality; Karush–Kuhn–Tucker (KKT) conditions. results underscore need more robust attacks.
منابع مشابه
Certified Defenses for Data Poisoning Attacks
Machine learning systems trained on user-provided data are susceptible to data poisoning attacks, whereby malicious users inject false training data with the aim of corrupting the learned model. While recent work has proposed a number of attacks and defenses, little is understood about the worst-case loss of a defense in the face of a determined attacker. We address this by constructing approxi...
متن کاملLabel Sanitization against Label Flipping Poisoning Attacks
Many machine learning systems rely on data collected in the wild from untrusted sources, exposing the learning algorithms to data poisoning. Attackers can inject malicious data in the training dataset to subvert the learning process, compromising the performance of the algorithm producing errors in a targeted or an indiscriminate way. Label flipping attacks are a special case of data poisoning,...
متن کاملData Poisoning Attacks against Autoregressive Models
Forecasting models play a key role in money-making ventures in many different markets. Such models are often trained on data from various sources, some of which may be untrustworthy. An actor in a given market may be incentivised to drive predictions in a certain direction to their own benefit. Prior analyses of intelligent adversaries in a machine-learning context have focused on regression an...
متن کاملData-plane Defenses against Routing Attacks on Tor
Tor is susceptible to traffic correlation attacks in which an adversary who observes flows entering and leaving the anonymity network can apply statistical techniques to correlate flows and de-anonymize their endpoints. While an adversary may not be naturally positioned to conduct such attacks, a recent study shows that the Internet’s control-plane can be manipulated to increase an adversary’s ...
متن کاملData sanitization in association rule mining based on impact factor
Data sanitization is a process that is used to promote the sharing of transactional databases among organizations and businesses, it alleviates concerns for individuals and organizations regarding the disclosure of sensitive patterns. It transforms the source database into a released database so that counterparts cannot discover the sensitive patterns and so data confidentiality is preserved ag...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Machine Learning
سال: 2021
ISSN: ['0885-6125', '1573-0565']
DOI: https://doi.org/10.1007/s10994-021-06119-y