Dropout Attacks
Andrew Yuan, Alina Oprea, Cheng Tan
TL;DR
This paper presents DROPOUTATTACK, a novel poisoning attack targeting the dropout mechanism in neural networks, capable of significantly degrading model performance and class-specific metrics.
Contribution
It introduces a new family of poisoning attacks that manipulate dropout selection, demonstrating their effectiveness across various scenarios.
Findings
Attack reduces target class precision by 34.6%
Attacks can halt training or impair class-specific metrics
Effective on VGG-16 with CIFAR-100
Abstract
Dropout is a common operator in deep learning, aiming to prevent overfitting by randomly dropping neurons during training. This paper introduces a new family of poisoning attacks against neural networks named DROPOUTATTACK. DROPOUTATTACK attacks the dropout operator by manipulating the selection of neurons to drop instead of selecting them uniformly at random. We design, implement, and evaluate four DROPOUTATTACK variants that cover a broad range of scenarios. These attacks can slow or stop training, destroy prediction accuracy of target classes, and sabotage either precision or recall of a target class. In our experiments of training a VGG-16 model on CIFAR-100, our attack can reduce the precision of the victim class by 34.6% (from 81.7% to 47.1%) without incurring any degradation in model accuracy
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Advanced Neural Network Applications · Anomaly Detection Techniques and Applications
MethodsDropout