Data Poisoning
123 papers with code • 0 benchmarks • 0 datasets
Data Poisoning is an adversarial attack that tries to manipulate the training dataset in order to control the prediction behavior of a trained model such that the model will label malicious examples into a desired classes (e.g., labeling spam e-mails as safe).
Source: Explaining Vulnerabilities to Adversarial Machine Learning through Visual Analytics
Benchmarks
These leaderboards are used to track progress in Data Poisoning
Libraries
Use these libraries to find Data Poisoning models and implementationsMost implemented papers
Just How Toxic is Data Poisoning? A Unified Benchmark for Backdoor and Data Poisoning Attacks
Data poisoning and backdoor attacks manipulate training data in order to cause models to fail during inference.
Data Poisoning Attacks Against Federated Learning Systems
Federated learning (FL) is an emerging paradigm for distributed training of large-scale deep neural networks in which participants' data remains on their own devices with only model updates being shared with a central server.
Witches' Brew: Industrial Scale Data Poisoning via Gradient Matching
We consider a particularly malicious poisoning attack that is both "from scratch" and "clean label", meaning we analyze an attack that successfully works against new, randomly initialized models, and is nearly imperceptible to humans, all while perturbing only a small fraction of the training data.
Data Poisoning Attacks on Regression Learning and Corresponding Defenses
Adversarial data poisoning is an effective attack against machine learning and threatens model integrity by introducing poisoned data into the training dataset.
Adversarial Examples Make Strong Poisons
The adversarial machine learning literature is largely partitioned into evasion attacks on testing data and poisoning attacks on training data.
Bilevel Optimization with a Lower-level Contraction: Optimal Sample Complexity without Warm-start
We analyse a general class of bilevel problems, in which the upper-level problem consists in the minimization of a smooth objective function and the lower-level problem is to find the fixed point of a smooth contraction map.
Autoregressive Perturbations for Data Poisoning
Unfortunately, existing methods require knowledge of both the target architecture and the complete dataset so that a surrogate network can be trained, the parameters of which are used to generate the attack.
Adversarial Robustness of Representation Learning for Knowledge Graphs
This thesis argues that state-of-the-art KGE models are vulnerable to data poisoning attacks, that is, their predictive performance can be degraded by systematically crafted perturbations to the training knowledge graph.
Not All Poisons are Created Equal: Robust Training against Data Poisoning
Data poisoning causes misclassification of test time target examples by injecting maliciously crafted samples in the training data.
Run-Off Election: Improved Provable Defense against Data Poisoning Attacks
Based on this approach, we propose DPA+ROE and FA+ROE defense methods based on Deep Partition Aggregation (DPA) and Finite Aggregation (FA) approaches from prior work.