About

Data Poisoning is an adversarial attack that tries to manipulate the training dataset in order to control the prediction behavior of a trained model such that the model will label malicious examples into a desired classes (e.g., labeling spam e-mails as safe).

Source: Explaining Vulnerabilities to Adversarial Machine Learning through Visual Analytics

Benchmarks

No evaluation results yet. Help compare methods by submit evaluation metrics.

Greatest papers with code

Backdoor Learning: A Survey

17 Jul 2020THUYimingLi/backdoor-learning-resources

Backdoor attack intends to embed hidden backdoor into deep neural networks (DNNs), such that the attacked model performs well on benign samples, whereas its prediction will be maliciously changed if the hidden backdoor is activated by the attacker-defined trigger.

ADVERSARIAL ATTACK DATA POISONING

How To Backdoor Federated Learning

2 Jul 2018ebagdasa/backdoor_federated_learning

An attacker selected in a single round of federated learning can cause the global model to immediately reach 100% accuracy on the backdoor task.

ANOMALY DETECTION DATA POISONING FEDERATED LEARNING

Using Trusted Data to Train Deep Networks on Labels Corrupted by Severe Noise

NeurIPS 2018 mmazeika/glc

We utilize trusted data by proposing a loss correction technique that utilizes trusted examples in a data-efficient manner to mitigate the effects of label noise on deep neural network classifiers.

DATA POISONING

Just How Toxic is Data Poisoning? A Unified Benchmark for Backdoor and Data Poisoning Attacks

22 Jun 2020aks2203/poisoning-benchmark

Data poisoning and backdoor attacks manipulate training data in order to cause models to fail during inference.

DATA POISONING

A Distributed Trust Framework for Privacy-Preserving Machine Learning

3 Jun 2020OpenMined/PyDentity

Privacy-preserving techniques distribute computation in order to ensure that data remains in the control of the owner while learning takes place.

DATA POISONING FEDERATED LEARNING

Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks

NeurIPS 2018 ashafahi/inceptionv3-transferLearn-poison

The proposed attacks use "clean-labels"; they don't require the attacker to have any control over the labeling of training data.

DATA POISONING FACE RECOGNITION TRANSFER LEARNING

Data Poisoning Attacks Against Federated Learning Systems

16 Jul 2020git-disl/DataPoisoning_FL

Federated learning (FL) is an emerging paradigm for distributed training of large-scale deep neural networks in which participants' data remains on their own devices with only model updates being shared with a central server.

DATA POISONING FEDERATED LEARNING

Witches' Brew: Industrial Scale Data Poisoning via Gradient Matching

ICLR 2021 JonasGeiping/poisoning-gradient-matching

In this work, we focus on a particularly malicious poisoning attack that is both "from scratch" and"clean label", meaning we analyze an attack that successfully works against new, randomly initialized models, and is nearly imperceptible to humans, all while perturbing only a small fraction of the training data.

DATA POISONING

MetaPoison: Practical General-purpose Clean-label Data Poisoning

NeurIPS 2020 JonasGeiping/poisoning-gradient-matching

Existing attacks for data poisoning neural networks have relied on hand-crafted heuristics, because solving the poisoning problem directly via bilevel optimization is generally thought of as intractable for deep models.

AUTOML BILEVEL OPTIMIZATION DATA POISONING META-LEARNING

Radioactive data: tracing through training

ICML 2020 facebookresearch/radioactive_data

The mark is robust to strong variations such as different architectures or optimization methods.

DATA AUGMENTATION DATA POISONING