17
views
0
recommends
+1 Recommend
0 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Model-Targeted Poisoning Attacks: Provable Convergence and Certified Bounds

      Preprint
      , , ,

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Machine learning systems that rely on training data collected from untrusted sources are vulnerable to poisoning attacks, in which adversaries controlling some of the collected data are able to induce a corrupted model. In this paper, we consider poisoning attacks where there is an adversary who has a particular target classifier in mind and hopes to induce a classifier close to that target by adding as few poisoning points as possible. We propose an efficient poisoning attack based on online convex optimization. Unlike previous model-targeted poisoning attacks, our attack comes with provable convergence to any achievable target classifier. The distance from the induced classifier to the target classifier is inversely proportional to the square root of the number of poisoning points. We also provide a certified lower bound on the minimum number of poisoning points needed to achieve a given target classifier. We report on experiments showing our attack has performance that is similar to or better than the state-of-the-art attacks in terms of attack success rate and distance to the target model, while providing the advantages of provable convergence, and the efficiency benefits associated with being an online attack that can determine near-optimal poisoning points incrementally.

          Related collections

          Author and article information

          Journal
          29 June 2020
          Article
          2006.16469
          7fbe2c69-4f88-47c6-877a-0898322cb004

          http://arxiv.org/licenses/nonexclusive-distrib/1.0/

          History
          Custom metadata
          21 pages, code available at: https://github.com/suyeecav/model-targeted-poisoning
          cs.LG cs.AI cs.CR stat.ML

          Security & Cryptology,Machine learning,Artificial intelligence
          Security & Cryptology, Machine learning, Artificial intelligence

          Comments

          Comment on this article