Among the modalities of medical data, the clinical summaries have higher risks to be attacked because they are generated by third-party companies.
In this work, we propose a new framework to enable the generation of adversarial inputs irrespective of the input type and task domain.
On CIFAR10, a non-robust LeNet model has a 21. 63% error rate, while a model created using verifiable training and a L-infinity robustness criterion of 8/255, has an error rate of 57. 10%.
Backdoor attacks mislead machine-learning models to output an attacker-specified class when presented a specific trigger at test time.
We also demonstrate that when malicious training participants tend to implant backdoors during model training, CALTRAIN can accurately and precisely discover the poisoned and mislabeled training data that lead to the runtime mispredictions.
While machine learning (ML) models are being increasingly trusted to make decisions in different and varying areas, the safety of systems using such models has become an increasing concern.
Machine learning models are vulnerable to simple model stealing attacks if the adversary can obtain output labels for chosen inputs.
To overcome this limitation, we present Distributed Infinite Tucker (DINTUCKER), a large-scale nonlinear tensor decomposition algorithm on MAPREDUCE.