Open AccessPosted Content
Dataset Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses.
Micah Goldblum,Dimitris Tsipras,Chulin Xie,Xinyun Chen,Avi Schwarzschild,Dawn Song,Aleksander Madry,Bo Li,Tom Goldstein +8 more
Reads0
Chats0
TLDR
In this article, the authors systematically categorize and discuss a wide range of dataset vulnerabilities and exploits, approaches for defending against these threats, and an array of open problems in this space.Abstract:
As machine learning systems grow in scale, so do their training data requirements, forcing practitioners to automate and outsource the curation of training data in order to achieve state-of-the-art performance. The absence of trustworthy human supervision over the data collection process exposes organizations to security vulnerabilities; training data can be manipulated to control and degrade the downstream behaviors of learned models. The goal of this work is to systematically categorize and discuss a wide range of dataset vulnerabilities and exploits, approaches for defending against these threats, and an array of open problems in this space. In addition to describing various poisoning and backdoor threat models and the relationships among them, we develop their unified taxonomy.read more
Citations
More filters
Journal ArticleDOI
An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences
TL;DR: In this paper , the authors present a review of the works published until now, classifying the different types of attacks and defences proposed so far, and the classification guiding the analysis is based on the amount of control that the attacker has on the training process, and how the defender can verify the integrity of the data used for training, and to monitor the operations of the DNN at training and test time.
Journal ArticleDOI
FoggySight: A Scheme for Facial Lookup Privacy
TL;DR: FoggySight as mentioned in this paper applies adversarial examples literature to modify facial photos in a privacy-preserving manner before they are uploaded to social media, where users acting as protectors of privacy for others upload decoy photos generated by adversarial machine learning algorithms.
Posted Content
Disrupting Model Training with Adversarial Shortcuts.
TL;DR: This article proposed methods based on the notion of adversarial shortcuts, which encourage models to rely on non-robust signals rather than semantic features, and their experiments demonstrate that these measures successfully prevent deep learning models from achieving high accuracy on real, unmodified data examples.
Posted Content
Covert Channel Attack to Federated Learning Systems.
TL;DR: In this article, the authors put forward a novel attacker model aiming at turning federated learning systems into covert channels to implement a stealth communication infrastructure, where the main intuition is that, during federated training, a malicious sender can poison the global model by submitting purposely crafted examples.
References
More filters
Journal ArticleDOI
Generative Adversarial Nets
Ian Goodfellow,Jean Pouget-Abadie,Mehdi Mirza,Bing Xu,David Warde-Farley,Sherjil Ozair,Aaron Courville,Yoshua Bengio +7 more
TL;DR: A new framework for estimating generative models via an adversarial process, in which two models are simultaneously train: a generative model G that captures the data distribution and a discriminative model D that estimates the probability that a sample came from the training data rather than G.
Dissertation
Learning Multiple Layers of Features from Tiny Images
TL;DR: In this paper, the authors describe how to train a multi-layer generative model of natural images, using a dataset of millions of tiny colour images, described in the next section.
Proceedings Article
Intriguing properties of neural networks
Christian Szegedy,Wojciech Zaremba,Ilya Sutskever,Joan Bruna,Dumitru Erhan,Ian Goodfellow,Rob Fergus,Rob Fergus +7 more
TL;DR: It is found that there is no distinction between individual highlevel units and random linear combinations of high level units, according to various methods of unit analysis, and it is suggested that it is the space, rather than the individual units, that contains of the semantic information in the high layers of neural networks.
Proceedings ArticleDOI
Extracting and composing robust features with denoising autoencoders
TL;DR: This work introduces and motivate a new training principle for unsupervised learning of a representation based on the idea of making the learned representations robust to partial corruption of the input pattern.
Book ChapterDOI
Calibrating noise to sensitivity in private data analysis
TL;DR: In this article, the authors show that for several particular applications substantially less noise is needed than was previously understood to be the case, and also show the separation results showing the increased value of interactive sanitization mechanisms over non-interactive.