Generative Poisoning Using Random Discriminators

TL;DR

ShortcutGen is a fast, label-free generative data poisoning method using a random discriminator, achieving state-of-the-art robustness and transferability with simple augmentation strategies.

Contribution

It introduces ShortcutGen, a novel, efficient data poisoning approach leveraging a random discriminator, outperforming existing methods in speed and robustness.

Findings

ShortcutGen is faster and simpler to train than DeepConfuse.

Augmentation strategies improve ShortcutGen's robustness.

Combining augmentation methods yields state-of-the-art results in transfer scenarios.

Abstract

We introduce ShortcutGen, a new data poisoning attack that generates sample-dependent, error-minimizing perturbations by learning a generator. The key novelty of ShortcutGen is the use of a randomly-initialized discriminator, which provides spurious shortcuts needed for generating poisons. Different from recent, iterative methods, our ShortcutGen can generate perturbations with only one forward pass in a label-free manner, and compared to the only existing generative method, DeepConfuse, our ShortcutGen is faster and simpler to train while remaining competitive. We also demonstrate that integrating a simple augmentation strategy can further boost the robustness of ShortcutGen against early stopping, and combining augmentation and non-augmentation leads to new state-of-the-art results in terms of final validation accuracy, especially in the challenging, transfer scenario. Lastly, we speculate, through uncovering its working mechanism, that learning a more general representation space could allow ShortcutGen to work for unseen data.