Loading [MathJax]/extensions/MathMenu.js
A Survey on Data Poisoning Attacks and Defenses | IEEE Conference Publication | IEEE Xplore

A Survey on Data Poisoning Attacks and Defenses


Abstract:

With the widespread deployment of data-driven services, the demand for data volumes continues to grow. At present, many applications lack reliable human supervision in th...Show More

Abstract:

With the widespread deployment of data-driven services, the demand for data volumes continues to grow. At present, many applications lack reliable human supervision in the process of data collection, which makes the collected data contain low-quality data or even malicious data. This low-quality or malicious data make AI systems potentially face much security challenges. One of the main security threats in the training phase of machine learning is data poisoning attacks, which compromise model integrity by contaminating training data to make the resulting model skewed or unusable. This paper reviews the relevant researches on data poisoning attacks in various task environments: first, the classification of attacks is summarized, then the defense methods of data poisoning attacks are sorted out, and finally, the possible research directions in the prospect.
Date of Conference: 11-13 July 2022
Date Added to IEEE Xplore: 29 September 2022
ISBN Information:
Conference Location: Guilin, China

Funding Agency:


I. Introduction

Currently, machine learning algorithms are widely used in various industries [1] –[3]. At the same time, their security has also received widespread attention from researchers. It has been shown that machine learning is potentially vulnerable to malicious attacks in both the training and inference phases, which may render the model unusable or skewed according to the attacker’s intent, with the main threat in the training phase being data poisoning attacks and the main threat in the inference phase being evasion attack. Training phase, but also a few attacks in the inference phase, so some of the backdoor attacks belong to a special kind of data poisoning attack. Data poisoning attacks can be broadly classified into two categories: availability attack and targeted attack, as shown in Fig 1. An availability attack aims to corrupt the model classifier as much as possible; a targeted attack aims to have an impact on specific data points and manipulate specific output results. In addition, two special attacks, clean-label attack [4] and label-flipping attack [5], have been studied according to the control over the training data labels.

Contact IEEE to Subscribe

References

References is not available for this document.