pith. sign in

arxiv: 2212.02582 · v1 · pith:CEXGKYWLnew · submitted 2022-12-05 · 💻 cs.LG · cs.CR

Rethinking Backdoor Data Poisoning Attacks in the Context of Semi-Supervised Learning

classification 💻 cs.LG cs.CR
keywords learningattacksmethodspoisoningsamplessemi-superviseddataattack
0
0 comments X
read the original abstract

Semi-supervised learning methods can train high-accuracy machine learning models with a fraction of the labeled training samples required for traditional supervised learning. Such methods do not typically involve close review of the unlabeled training samples, making them tempting targets for data poisoning attacks. In this paper we investigate the vulnerabilities of semi-supervised learning methods to backdoor data poisoning attacks on the unlabeled samples. We show that simple poisoning attacks that influence the distribution of the poisoned samples' predicted labels are highly effective - achieving an average attack success rate as high as 96.9%. We introduce a generalized attack framework targeting semi-supervised learning methods to better understand and exploit their limitations and to motivate future defense strategies.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.