Timezone: »

 
Poster
Model-Targeted Poisoning Attacks with Provable Convergence
Fnu Suya · Saeed Mahloujifar · Anshuman Suri · David Evans · Yuan Tian

Thu Jul 22 09:00 PM -- 11:00 PM (PDT) @ Virtual
in Poster Session 6 »

In a poisoning attack, an adversary who controls a small fraction of the training data attempts to select that data, so a model is induced that misbehaves in a particular way. We consider poisoning attacks against convex machine learning models and propose an efficient poisoning attack designed to induce a model specified by the adversary. Unlike previous model-targeted poisoning attacks, our attack comes with provable convergence to any attainable target model. We also provide a lower bound on the minimum number of poisoning points needed to achieve a given target model. Our method uses online convex optimization and finds poisoning points incrementally. This provides more flexibility than previous attacks which require an a priori assumption about the number of poisoning points. Our attack is the first model-targeted poisoning attack that provides provable convergence for convex models. In our experiments, it either exceeds or matches state-of-the-art attacks in terms of attack success rate and distance to the target model.

Keywords: Graphical Models · Structured Prediction · Algorithms · Social Aspects of Machine Learning · AI Safety
[ Slides

Author Information

Fnu Suya (University of Virginia)
Saeed Mahloujifar (Princeton University)
Anshuman Suri (University of Virginia)
David Evans (University of Virginia)
Yuan Tian (University of Virginia)

Related Events (a corresponding poster, oral, or spotlight)

More from the Same Authors