Data Poisoning Attack Aiming the Vulnerability of Continual Learning

TL;DR

This paper reveals that regularization-based continual learning models are vulnerable to data poisoning attacks that can degrade performance on specific tasks, highlighting the need for more robust methods.

Contribution

The paper introduces a simple task-specific data poisoning attack targeting regularization-based continual learning models, demonstrating their susceptibility and the importance of robustness.

Findings

The attack successfully degrades performance on targeted tasks.

EWC and SI are vulnerable to the proposed poisoning attack.

Results highlight the need for developing robust continual learning models.

Abstract

Generally, regularization-based continual learning models limit access to the previous task data to imitate the real-world constraints related to memory and privacy. However, this introduces a problem in these models by not being able to track the performance on each task. In essence, current continual learning methods are susceptible to attacks on previous tasks. We demonstrate the vulnerability of regularization-based continual learning methods by presenting a simple task-specific data poisoning attack that can be used in the learning process of a new task. Training data generated by the proposed attack causes performance degradation on a specific task targeted by the attacker. We experiment with the attack on the two representative regularization-based continual learning methods, Elastic Weight Consolidation (EWC) and Synaptic Intelligence (SI), trained with variants of MNIST dataset. The experiment results justify the vulnerability proposed in this paper and demonstrate the importance of developing continual learning models that are robust to adversarial attacks.