Transferable Availability Poisoning Attacks
Yiyong Liu, Michael Backes, Xiao Zhang
TL;DR
This paper introduces Transferable Poisoning, a novel data poisoning method that creates perturbations to degrade model performance across various learning algorithms, especially in contrastive learning, by leveraging intrinsic data properties and gradient information.
Contribution
The paper proposes a new transferable poisoning attack that improves attack transferability across different algorithms and paradigms, addressing limitations of prior methods.
Findings
Significant decrease in attack effectiveness when using different learning algorithms.
Transferable poisoning achieves high success across multiple models and paradigms.
Enhanced unlearnability in contrastive learning through intrinsic data characteristics.
Abstract
We consider availability data poisoning attacks, where an adversary aims to degrade the overall test accuracy of a machine learning model by crafting small perturbations to its training data. Existing poisoning strategies can achieve the attack goal but assume the victim to employ the same learning method as what the adversary uses to mount the attack. In this paper, we argue that this assumption is strong, since the victim may choose any learning algorithm to train the model as long as it can achieve some targeted performance on clean data. Empirically, we observe a large decrease in the effectiveness of prior poisoning attacks if the victim employs an alternative learning algorithm. To enhance the attack transferability, we propose Transferable Poisoning, which first leverages the intrinsic characteristics of alignment and uniformity to enable better unlearnability within contrastive…
Peer Reviews
Decision·Submitted to ICLR 2024
The paper provides an interesting contribution to a significant topic, the transferability of poisoning attacks across diverse learning paradigms, an area that has seen limited exploration. The authors introduce a straightforward and intuitive yet effective method, which is tested on a broad range of experiments. The manuscript is well-written overall, though there is space for improvement.
I believe this work has two main weaknesses: 1. There is little emphasis on the motivation for studying transferability across learning paradigms, which limits the impact of the findings. It would greatly benefit the paper to explain the practical contexts where this kind of transferability might be relevant, offering concrete examples and detailing how the conducted experiments address these cases. This is particularly crucial given the pragmatic nature of the contribution. 2. While the frequ
1. The paper proposes an indiscriminate attack with increased transferability. 2. The paper show the attack's effectiveness empirically.
1. The attack is non-practical; it needs the training data to be compromised completely. 2. The attack (when not 100% training samples are compromised) is not effective in supervised learning algorithms. 3. The frequency analyses are not scientifically rigorous. 4. The novelty of this new poisoning attack is weak. 5. No defense was discussed. Detailed comments: [Poisoning 100% of the Training Data Is Non-Practical] I am confident that the paper studies a non-practical scenario: an adversary
The topic of transferable poisoning attacks is very interesting. In the real world, an attacker is unable to know the learning method that would be used to train the model. Experiments have been done for SOTA learning paradigms in recent years.
This attack (and all previous attacks) needs to poison almost 100% of the dataset to perform well, which is unrealistic in practice. Although this setup is aligned with previous works. An inconsistency in writing. Section 3.2 mentioned “our method aims to generate poisoning perturbations characterized by high frequency.” But this logic is not reflected in the method design. The experiment is not very systematic. Baseline methods are only compared on the CIFAR-10 dataset. In Figure 3, poisonin
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAutopsy Techniques and Outcomes · Anomaly Detection Techniques and Applications · COVID-19 diagnosis using AI
MethodsContrastive Learning