Label Sanitization against Label Flipping Poisoning Attacks
نویسندگان
چکیده
Many machine learning systems rely on data collected in the wild from untrusted sources, exposing the learning algorithms to data poisoning. Attackers can inject malicious data in the training dataset to subvert the learning process, compromising the performance of the algorithm producing errors in a targeted or an indiscriminate way. Label flipping attacks are a special case of data poisoning, where the attacker can control the labels assigned to a fraction of the training points. Even if the capabilities of the attacker are constrained, these attacks have been shown to be effective to significantly degrade the performance of the system. In this paper we propose an efficient algorithm to perform optimal label flipping poisoning attacks and a mechanism to detect and relabel suspicious data points, mitigating the effect of such poisoning attacks.
منابع مشابه
Support vector machines under adversarial label contamination
Machine learning algorithms are increasingly being applied in security-related tasks such as spam and malware detection, although their security properties against deliberate attacks have not yet been widely understood. Intelligent and adaptive attackers may indeed exploit specific vulnerabilities exposed by machine learning techniques to violate system security. Being robust to adversarial dat...
متن کاملTargeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning
Deep learning models have achieved high performance on many tasks, and thus have been applied to many security-critical scenarios. For example, deep learning-based face recognition systems have been used to authenticate users to access many security-sensitive applications like payment apps. Such usages of deep learning systems provide the adversaries with sufficient incentives to perform attack...
متن کاملEfficient Label Contamination Attacks Against Black-Box Learning Models
Label contamination attack (LCA) is an important type of data poisoning attack where an attacker manipulates the labels of training data to make the learned model beneficial to him. Existing work on LCA assumes that the attacker has full knowledge of the victim learning model, whereas the victim model is usually a black-box to the attacker. In this paper, we develop a Projected Gradient Ascent ...
متن کاملAn Empirical Analysis of XSS Sanitization in Web Application Frameworks
Filtering or sanitization is the predominant mechanism in today’s applications to defend against cross-site scripting (XSS) attacks. XSS sanitization can be difficult to get right as it ties in closely with the parsing behavior of the browser. This paper explains some of the subtleties of ensuring correct sanitization, as well as common pitfalls. We study several emerging web application framew...
متن کاملEnzyme-Linked Immunosorbent Assay of Progesterone in Serum Using Penicillinase as Label
An enzyme-linked immunosorbent assay (ELISA) for progesterone measurement in serum or plasma samples using penicillinase as label enzyme is reported. A C3 and C11 derivatives of progesterone were prepared and conjugated to bovin serum albumin (BSA). Polyclonal antibody against these two immunogens were prepared in New Zealand white rabbits. Purified Ig fractions of antibodies were immobilized o...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2018