Stealthy Poisoning Attacks Bypass Defenses in Regression Settings
Javier Carnerero-Cano, Luis Mu\~noz-Gonz\'alez, Phillippa Spencer, Emil C. Lupu
TL;DR
This paper introduces a new stealthy poisoning attack model for regression models, demonstrating its ability to bypass existing defenses, and proposes a novel defense method called BayesClean that enhances robustness against such attacks.
Contribution
It presents a novel optimal stealthy attack formulation considering detectability, and introduces BayesClean, a new defense method for regression models against poisoning attacks.
Findings
Stealthy attacks can bypass current defenses.
BayesClean improves robustness against stealthy poisoning.
Normalization-based evaluation of attack effectiveness.
Abstract
Regression models are widely used in industrial processes, engineering, and in natural and physical sciences, yet their robustness to poisoning has received less attention. When it has, studies often assume unrealistic threat models and are thus less useful in practice. In this paper, we propose a novel optimal stealthy attack formulation that considers different degrees of detectability and show that it bypasses state-of-the-art defenses. We further propose a new methodology based on normalization of objectives to evaluate different trade-offs between effectiveness and detectability. Finally, we develop a novel defense (BayesClean) against stealthy attacks. BayesClean improves on previous defenses when attacks are stealthy and the number of poisoning points is significant.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Smart Grid Security and Resilience · Security and Verification in Computing