Towards One Shot Search Space Poisoning in Neural Architecture Search
Nayan Saxena, Robert Wu, Rohan Jain
TL;DR
This paper demonstrates that a single-shot search space poisoning attack can significantly degrade the performance of NAS algorithms like ENAS by injecting ineffective operations, leading to up to 90% increase in error rates.
Contribution
It introduces a novel one shot search space poisoning method that exploits design flaws in ENAS to substantially impair its predictive accuracy.
Findings
Poisoning with two operations inflates error rates up to 90%.
The attack exploits specific vulnerabilities in the ENAS controller.
Performance degradation is demonstrated on CIFAR-10 dataset.
Abstract
We evaluate the robustness of a Neural Architecture Search (NAS) algorithm known as Efficient NAS (ENAS) against data agnostic poisoning attacks on the original search space with carefully designed ineffective operations. We empirically demonstrate how our one shot search space poisoning approach exploits design flaws in the ENAS controller to degrade predictive performance on classification tasks. With just two poisoning operations injected into the search space, we inflate prediction error rates for child networks upto 90% on the CIFAR-10 dataset.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Domain Adaptation and Few-Shot Learning · Advanced Neural Network Applications