Poisoning Attacks against Support Vector Machines
read the original abstract
We investigate a family of poisoning attacks against Support Vector Machines (SVM). Such attacks inject specially crafted training data that increases the SVM's test error. Central to the motivation for these attacks is the fact that most learning algorithms assume that their training data comes from a natural or well-behaved distribution. However, this assumption does not generally hold in security-sensitive settings. As we demonstrate, an intelligent adversary can, to some extent, predict the change of the SVM's decision function due to malicious input and use this ability to construct malicious data. The proposed attack uses a gradient ascent strategy in which the gradient is computed based on properties of the SVM's optimal solution. This method can be kernelized and enables the attack to be constructed in the input space even for non-linear kernels. We experimentally demonstrate that our gradient ascent procedure reliably identifies good local maxima of the non-convex validation error surface, which significantly increases the classifier's test error.
This paper has not been read by Pith yet.
Forward citations
Cited by 8 Pith papers
-
The Curse of Recursion: Training on Generated Data Makes Models Forget
Use of model-generated content in training causes irreversible loss of distribution tails, termed model collapse, in VAEs, GMMs, and LLMs.
-
Deep Privacy Funnel Model: From a Discriminative to a Generative Approach with an Application to Face Recognition
Introduces Generative Privacy Funnel (GenPF) and deep variational PF (DVPF) models that extend the privacy funnel to generative settings and provide a controllable privacy-utility trade-off with reduced sensitive attr...
-
Laundering AI Authority with Adversarial Examples
Adversarial examples enable AI authority laundering by causing production VLMs to give authoritative but wrong responses on subtly perturbed images, with success rates of 22-100% using decade-old attack methods.
-
Survival of the Cheapest: Cost-Aware Hardware Adaptation for Adversarial Robustness
A decision-support framework applies AFT models to show Nvidia L4 GPUs yield 20% longer adversarial survival time at 75% lower cost than V100, with inference latency as the strongest robustness predictor.
-
Comparative Insights on Adversarial Machine Learning from Industry and Academia: A User-Study Approach
Surveys indicate cybersecurity education correlates with higher concern for adversarial ML threats, and CTF-based challenges effectively engage students in learning about data poisoning attacks.
-
Enabling Adversarial Robustness in AI Models through Kubeflow MLOps
A Kubeflow-based MLOps architecture detects FGSM adversarial attacks on deployed AI models and automatically applies PGD-based adversarial training to recover accuracy.
-
Robustness Analysis of Machine Learning Models for IoT Intrusion Detection Under Data Poisoning Attacks
Ensemble models like Random Forest and Gradient Boosting maintain more stable performance than Logistic Regression and Deep Neural Networks under label manipulation and outlier-based poisoning attacks on IoT intrusion...
-
DP2Guard: A Lightweight and Byzantine-Robust Privacy-Preserving Federated Learning Scheme for Industrial IoT
DP2Guard is a proposed lightweight PPFL framework that combines gradient masking for privacy, hybrid anomaly detection via SVD and clustering for Byzantine robustness, trust-based adaptive aggregation, and blockchain ...
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.