Indiscriminate Data Poisoning Attacks on Neural Networks

TL;DR

This paper introduces advanced data poisoning attack methods on neural networks by leveraging Stackelberg game algorithms, enabling efficient generation of large-scale poisoned datasets and demonstrating their effectiveness through extensive experiments.

Contribution

It connects poisoning attacks with Stackelberg game algorithms and develops efficient, scalable methods for generating poisoned data points for neural networks.

Findings

Poisoning attacks are effective against deep neural networks.

New algorithms enable simultaneous generation of thousands of poisoned points.

Extensive experiments demonstrate attack success and scalability.

Abstract

Data poisoning attacks, in which a malicious adversary aims to influence a model by injecting "poisoned" data into the training process, have attracted significant recent attention. In this work, we take a closer look at existing poisoning attacks and connect them with old and new algorithms for solving sequential Stackelberg games. By choosing an appropriate loss function for the attacker and optimizing with algorithms that exploit second-order information, we design poisoning attacks that are effective on neural networks. We present efficient implementations that exploit modern auto-differentiation packages and allow simultaneous and coordinated generation of tens of thousands of poisoned points, in contrast to existing methods that generate poisoned points one by one. We further perform extensive experiments that empirically explore the effect of data poisoning attacks on deep neural networks.