Filters








250 Hits in 4.5 sec

Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks [article]

Ali Shafahi, W. Ronny Huang, Mahyar Najibi, Octavian Suciu, Christoph Studer, Tudor Dumitras, Tom Goldstein
2018 arXiv   pre-print
This paper explores poisoning attacks on neural nets. The proposed attacks use "clean-labels"; they don't require the attacker to have any control over the labeling of training data.  ...  Because the attacker does not need to control the labeling function, poisons could be entered into the training set simply by leaving them on the web and waiting for them to be scraped by a data collection  ...  While there are studies related to poisoning attacks on support vector machines [Biggio et al., 2012] or Bayesian classifiers [Nelson et al., 2008] , poisoning attacks on Deep Neural Networks (DNN)  ... 
arXiv:1804.00792v2 fatcat:5tmxu2ebejbcriv2tz76t72zvy

Can't Boil This Frog: Robustness of Online-Trained Autoencoder-Based Anomaly Detectors to Adversarial Poisoning Attacks [article]

Moshe Kravchik, Asaf Shabtai
2020 arXiv   pre-print
This finding suggests that neural network-based attack detectors used in the cyber-physical domain are more robust to poisoning than in other problem domains, such as malware detection and image processing  ...  In this paper, we present the first study focused on poisoning attacks on online-trained autoencoder-based attack detectors.  ...  [1] studied clean-label poisoning of classifiers.  ... 
arXiv:2002.02741v1 fatcat:fq5qmwd5trbjxazjvix5idwiae

Deep k-NN Defense against Clean-label Data Poisoning Attacks [article]

Neehar Peri, Neal Gupta, W. Ronny Huang, Liam Fowl, Chen Zhu, Soheil Feizi, Tom Goldstein, John P. Dickerson
2020 arXiv   pre-print
Targeted clean-label data poisoning is a type of adversarial attack on machine learning systems in which an adversary injects a few correctly-labeled, minimally-perturbed samples into the training data  ...  Our proposed defense shows that current clean-label poisoning attack strategies can be annulled, and serves as a strong yet simple-to-implement baseline defense to test future clean-label poisoning attacks  ...  Our contribution: In this paper, we initiate the study of defending against clean-label poisoning attacks on neural networks by considering feature collision [25] and convex polytope attacks [35] on  ... 
arXiv:1909.13374v3 fatcat:2djbpefppfh3tbqoajw336nzdy

Adversarial Examples Make Strong Poisons [article]

Liam Fowl, Micah Goldblum, Ping-yeh Chiang, Jonas Geiping, Wojtek Czaja, Tom Goldstein
2021 arXiv   pre-print
The adversarial machine learning literature is largely partitioned into evasion attacks on testing data and poisoning attacks on training data.  ...  This suggests that adversarial examples contain useful semantic content, just with the "wrong" labels (according to a network, but not a human).  ...  Left -heatmap of clean test predictions from network trained on label-corrected, class based targeted poisons.  ... 
arXiv:2106.10807v1 fatcat:arj2zq7k3bhg5e5njmj3fux4eq

Witches' Brew: Industrial Scale Data Poisoning via Gradient Matching [article]

Jonas Geiping, Liam Fowl, W. Ronny Huang, Wojciech Czaja, Gavin Taylor, Michael Moeller, Tom Goldstein
2021 arXiv   pre-print
We consider a particularly malicious poisoning attack that is both "from scratch" and "clean label", meaning we analyze an attack that successfully works against new, randomly initialized models, and is  ...  In this work, we focus on targeted poisoning attacks which cause a reclassification of an unmodified test image and as such breach model integrity.  ...  Transferable Clean-Label Poisoning Attacks on Deep Neural Nets. ArXiv190505897 Cs Stat, May 2019.  ... 
arXiv:2009.02276v2 fatcat:ajx3kkrg7vbgtjosxpdpqxdmzm

A Survey on Poisoning Attacks Against Supervised Machine Learning [article]

Wenjun Qiu
2022 arXiv   pre-print
We conclude this paper with potential improvements and future directions to further exploit and prevent poisoning attacks on supervised models.  ...  We present this survey paper to cover the most representative papers in poisoning attacks against supervised machine learning models.  ...  ACKNOWLEDGEMENTS We thank Baochun Li for helpful feedback on this manuscript.  ... 
arXiv:2202.02510v2 fatcat:7er7bkeivjdqhnvtmqi44rqdfq

MetaPoison: Practical General-purpose Clean-label Data Poisoning [article]

W. Ronny Huang, Jonas Geiping, Liam Fowl, Gavin Taylor, Tom Goldstein
2021 arXiv   pre-print
Existing attacks for data poisoning neural networks have relied on hand-crafted heuristics, because solving the poisoning problem directly via bilevel optimization is generally thought of as intractable  ...  MetaPoison can achieve arbitrary adversary goals -- like using poisons of one class to make a target image don the label of another arbitrarily chosen class.  ...  Yet no prior clean-label poisoning attack has been demonstrated against networks trained from scratch.  ... 
arXiv:2004.00225v2 fatcat:a3fms4d3lbcpxkzniagesxd63m

Transferable Clean-Label Poisoning Attacks on Deep Neural Nets [article]

Chen Zhu, W. Ronny Huang, Ali Shafahi, Hengduo Li, Gavin Taylor, Christoph Studer, Tom Goldstein
2019 arXiv   pre-print
Clean-label poisoning attacks inject innocuous looking (and "correctly" labeled) poison images into training data, causing a model to misclassify a targeted image after being trained on this data.  ...  To achieve this, we propose a new "polytope attack" in which poison images are designed to surround the targeted image in feature space.  ...  Here, we demonstrate an approach to produce transferable clean-label targeted poisoning attacks.  ... 
arXiv:1905.05897v2 fatcat:tgn5x2mhvrg33nsld7v6drj32e

Towards Class-Oriented Poisoning Attacks Against Neural Networks [article]

Bingyin Zhao, Yingjie Lao
2021 arXiv   pre-print
Poisoning attacks on machine learning systems compromise the model performance by deliberately injecting malicious samples in the training dataset to influence the training process.  ...  Using newly defined metrics at the class level, we demonstrate the effectiveness of the proposed class-oriented poisoning attacks on various models (e.g., LeNet-5, Vgg-9, and ResNet-50) over a wide range  ...  goal of the COEG attack for the neural network models (see Section 5) .  ... 
arXiv:2008.00047v2 fatcat:uavhhfqm2bfebi3ph7lkxqli7q

Active Learning Under Malicious Mislabeling and Poisoning Attacks [article]

Jing Lin, Ryan Luley, Kaiqi Xiong
2021 arXiv   pre-print
Deep neural networks usually require large labeled datasets for training to achieve state-of-the-art performance in many tasks, such as image classification and natural language processing.  ...  To check the performance of the proposed method under an adversarial setting, i.e., malicious mislabeling and data poisoning attacks, we perform an extensive evaluation on the reduced CIFAR-10 dataset,  ...  This material is based on research sponsored by the Air Force Research Laboratory under agreement number FA8750-20-3-1004. The U.S.  ... 
arXiv:2101.00157v4 fatcat:xgvtdfkjozbddduysi2s4cxwmi

PoisHygiene: Detecting and Mitigating Poisoning Attacks in Neural Networks [article]

Junfeng Guo, Ting Wang, Cong Liu
2020 arXiv   pre-print
The black-box nature of deep neural networks (DNNs) facilitates attackers to manipulate the behavior of DNN through data poisoning.  ...  Being able to detect and mitigate poisoning attacks, typically categorized into backdoor and adversarial poisoning (AP), is critical in enabling safe adoption of DNNs in many application domains.  ...  Poison Frog can achieve > 99% attack success rate under a more restricted attack model. The clean-label property clearly makes such AP attacks be more threatening in practice.  ... 
arXiv:2003.11110v2 fatcat:kwcteiojxbcj5hz5kvxop3oe24

Bullseye Polytope: A Scalable Clean-Label Poisoning Attack with Improved Transferability [article]

Hojjat Aghakhani, Dongyu Meng, Yu-Xiang Wang, Christopher Kruegel, Giovanni Vigna
2021 arXiv   pre-print
A recent source of concern for the security of neural networks is the emergence of clean-label dataset poisoning attacks, wherein correctly labeled poison samples are injected into the training dataset  ...  We propose a scalable and transferable clean-label poisoning attack against transfer learning, which creates poison images with their center close to the target image in the feature space.  ...  Our work focuses on clean-label poisoning attacks, a branch of poisoning attacks wherein the attacker does not have any control over the labeling process.  ... 
arXiv:2005.00191v3 fatcat:6dm42rzhyfbmvg4wxoxhgep2dm

Just How Toxic is Data Poisoning? A Unified Benchmark for Backdoor and Data Poisoning Attacks [article]

Avi Schwarzschild, Micah Goldblum, Arjun Gupta, John P Dickerson, Tom Goldstein
2021 arXiv   pre-print
A recent survey of industry practitioners found that data poisoning is the number one concern among threats ranging from model stealing to adversarial attacks.  ...  Data poisoning and backdoor attacks manipulate training data in order to cause models to fail during inference.  ...  A Synopsis of Triggerless and Backdoor Data Poisoning Early poisoning attacks targeted support vector machines and simple neural networks (Biggio et al., 2012; Koh & Liang, 2017) .  ... 
arXiv:2006.12557v3 fatcat:3th2xa7vz5f4depd25vcmqatmm

Poison as a Cure: Detecting Neutralizing Variable-Sized Backdoor Attacks in Deep Neural Networks [article]

Alvin Chan, Yew-Soon Ong
2019 arXiv   pre-print
It is made up of several parts: one to extract a backdoor poison signal, detect poison target and base classes, and filter out poisoned from clean samples with proven guarantees.  ...  Deep learning models have recently shown to be vulnerable to backdoor poisoning, an insidious attack where the victim model predicts clean images correctly but classifies the same images as the target  ...  Poison frogs! targeted clean-label poisoning attacks on neu- ral networks. In Advances in Neural Information Processing Systems, pages 6103-6113, 2018.  ... 
arXiv:1911.08040v1 fatcat:bp427gc2azd27lzsz2dnrskzcm

Backdoor Learning Curves: Explaining Backdoor Poisoning Beyond Influence Functions [article]

Antonio Emanuele Cinà, Kathrin Grosse, Sebastiano Vascon, Ambra Demontis, Battista Biggio, Fabio Roli, Marcello Pelillo
2022 arXiv   pre-print
Our analysis unveils the intriguing existence of a region in the hyperparameter space in which the accuracy on clean test samples is still high while backdoor attacks are ineffective, thereby suggesting  ...  Backdoor attacks inject poisoning samples during training, with the goal of forcing a machine learning model to output an attacker-chosen class when presented a specific trigger at test time.  ...  To this end, the poisoning samples typically need not only to embed such a backdoor trigger themselves, but also to be labeled as the attacker-chosen class.  ... 
arXiv:2106.07214v3 fatcat:ejynm73sqjgo7axe7jo5tni3fe
« Previous Showing results 1 — 15 out of 250 results