Classification Auto-Encoder based Detector against Diverse Data Poisoning Attacks

08/09/2021
by   Fereshteh Razmi, et al.
1

Poisoning attacks are a category of adversarial machine learning threats in which an adversary attempts to subvert the outcome of the machine learning systems by injecting crafted data into training data set, thus increasing the machine learning model's test error. The adversary can tamper with the data feature space, data labels, or both, each leading to a different attack strategy with different strengths. Various detection approaches have recently emerged, each focusing on one attack strategy. The Achilles heel of many of these detection approaches is their dependence on having access to a clean, untampered data set. In this paper, we propose CAE, a Classification Auto-Encoder based detector against diverse poisoned data. CAE can detect all forms of poisoning attacks using a combination of reconstruction and classification errors without having any prior knowledge of the attack strategy. We show that an enhanced version of CAE (called CAE+) does not have to employ a clean data set to train the defense model. Our experimental results on three real datasets MNIST, Fashion-MNIST and CIFAR demonstrate that our proposed method can maintain its functionality under up to 30 data and help the defended SVM classifier to regain its best accuracy.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
09/29/2019

Strong Baseline Defenses Against Clean-Label Poisoning Attacks

Targeted clean-label poisoning is a type of adversarial attack on machin...
research
02/21/2020

Adversarial Detection and Correction by Matching Prediction Distributions

We present a novel adversarial detection and correction method for machi...
research
04/18/2023

BadVFL: Backdoor Attacks in Vertical Federated Learning

Federated learning (FL) enables multiple parties to collaboratively trai...
research
11/03/2017

BoostClean: Automated Error Detection and Repair for Machine Learning

Predictive models based on machine learning can be highly sensitive to d...
research
05/22/2019

Learning to Confuse: Generating Training Time Adversarial Data with Auto-Encoder

In this work, we consider one challenging training time attack by modify...
research
01/16/2020

SCAUL: Power Side-Channel Analysis with Unsupervised Learning

Existing power analysis techniques rely on strong adversary models with ...
research
03/11/2022

An integrated Auto Encoder-Block Switching defense approach to prevent adversarial attacks

According to recent studies, the vulnerability of state-of-the-art Neura...

Please sign up or login with your details

Forgot password? Click here to reset