We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Defending Against Adversarial Denial-of-Service Data Poisoning Attacks

Abstract: Data poisoning is one of the most relevant security threats against machine learning and data-driven technologies. Since many applications rely on untrusted training data, an attacker can easily craft malicious samples and inject them into the training dataset to degrade the performance of machine learning models. As recent work has shown, such Denial-of-Service (DoS) data poisoning attacks are highly effective. To mitigate this threat, we propose a new approach of detecting DoS poisoned instances. In comparison to related work, we deviate from clustering and anomaly detection based approaches, which often suffer from the curse of dimensionality and arbitrary anomaly threshold selection. Rather, our defence is based on extracting information from the training data in such a generalized manner that we can identify poisoned samples based on the information present in the unpoisoned portion of the data. We evaluate our defence against two DoS poisoning attacks and seven datasets, and find that it reliably identifies poisoned instances. In comparison to related work, our defence improves false positive / false negative rates by at least 50%, often more.
Comments: Published at ACSAC DYNAMICS 2020
Subjects: Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI)
Cite as: arXiv:2104.06744 [cs.CR]
  (or arXiv:2104.06744v3 [cs.CR] for this version)

Submission history

From: Nicolas Michael Müller [view email]
[v1] Wed, 14 Apr 2021 09:52:36 GMT (3605kb,D)
[v2] Wed, 21 Apr 2021 14:32:01 GMT (3605kb,D)
[v3] Tue, 30 Nov 2021 15:43:09 GMT (3606kb,D)

Link back to: arXiv, form interface, contact.