Data Poisoning
123 papers with code • 0 benchmarks • 0 datasets
Data Poisoning is an adversarial attack that tries to manipulate the training dataset in order to control the prediction behavior of a trained model such that the model will label malicious examples into a desired classes (e.g., labeling spam e-mails as safe).
Source: Explaining Vulnerabilities to Adversarial Machine Learning through Visual Analytics
Benchmarks
These leaderboards are used to track progress in Data Poisoning
Libraries
Use these libraries to find Data Poisoning models and implementationsMost implemented papers
Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks
ashafahi/inceptionv3-transferLearn-poison
•
•
NeurIPS 2018
The proposed attacks use "clean-labels"; they don't require the attacker to have any control over the labeling of training data.
How To Backdoor Federated Learning
ebagdasa/backdoor_federated_learning
•
•
An attacker selected in a single round of federated learning can cause the global model to immediately reach 100% accuracy on the backdoor task.
Analysis and Detectability of Offline Data Poisoning Attacks on Linear Dynamical Systems
rssalessio/poisoning-data-driven-controllers
•
•
In recent years, there has been a growing interest in the effects of data poisoning attacks on data-driven control methods.
Certified Defenses for Data Poisoning Attacks
Machine learning systems trained on user-provided data are susceptible to data poisoning attacks, whereby malicious users inject false training data with the aim of corrupting the learned model.
Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning
In this work, we consider a new type of attacks, called backdoor attacks, where the attacker's goal is to create a backdoor into a learning-based authentication system, so that he can easily circumvent the system by leveraging the backdoor.
Stronger Data Poisoning Attacks Break Data Sanitization Defenses
kohpangwei/data-poisoning-journal-release
•
•
In this paper, we develop three attacks that can bypass a broad range of common data sanitization defenses, including anomaly detectors based on nearest neighbors, training loss, and singular-value decomposition.
TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents
Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time.
Penalty Method for Inversion-Free Deep Bilevel Optimization
We present results on data denoising, few-shot learning, and training-data poisoning problems in a large-scale setting.
Radioactive data: tracing through training
facebookresearch/radioactive_data
•
•
ICML 2020
The mark is robust to strong variations such as different architectures or optimization methods.
MetaPoison: Practical General-purpose Clean-label Data Poisoning
wronnyhuang/metapoison
•
•
NeurIPS 2020
Existing attacks for data poisoning neural networks have relied on hand-crafted heuristics, because solving the poisoning problem directly via bilevel optimization is generally thought of as intractable for deep models.
