A Framework of Randomized Selection Based Certified Defenses Against Data Poisoning Attacks

09/18/2020
by   Ruoxin Chen, et al.
0

Neural network classifiers are vulnerable to data poisoning attacks, as attackers can degrade or even manipulate their predictions thorough poisoning only a few training samples. However, the robustness of heuristic defenses is hard to measure. Random selection based defenses can achieve certified robustness by averaging the classifiers' predictions on the sub-datasets sampled from the training set. This paper proposes a framework of random selection based certified defenses against data poisoning attacks. Specifically, we prove that the random selection schemes that satisfy certain conditions are robust against data poisoning attacks. We also derive the analytical form of the certified radius for the qualified random selection schemes. The certified radius of bagging derived by our framework is tighter than the previous work. Our framework allows users to improve robustness by leveraging prior knowledge about the training set and the poisoning model. Given higher level of prior knowledge, we can achieve higher certified accuracy both theoretically and practically. According to the experiments on three benchmark datasets: MNIST 1/7, MNIST, and CIFAR-10, our method outperforms the state-of-the-art.

READ FULL TEXT
research
08/02/2023

Isolation and Induction: Training Robust Deep Neural Networks against Model Stealing Attacks

Despite the broad application of Machine Learning models as a Service (M...
research
11/06/2018

MixTrain: Scalable Training of Verifiably Robust Neural Networks

Making neural networks robust against adversarial inputs has resulted in...
research
09/14/2020

A Game Theoretic Analysis of Additive Adversarial Attacks and Defenses

Research in adversarial learning follows a cat and mouse game between at...
research
09/28/2022

On the Robustness of Ensemble-Based Machine Learning Against Data Poisoning

Machine learning is becoming ubiquitous. From financial to medicine, mac...
research
05/09/2020

Provable Robust Classification via Learned Smoothed Densities

Smoothing classifiers and probability density functions with Gaussian ke...
research
10/12/2022

How to Sift Out a Clean Data Subset in the Presence of Data Poisoning?

Given the volume of data needed to train modern machine learning models,...
research
08/21/2020

Defending Regression Learners Against Poisoning Attacks

Regression models, which are widely used from engineering applications t...

Please sign up or login with your details

Forgot password? Click here to reset