Pith. sign in

REVIEW 14 cited by

Not yet reviewed by Pith; the record is open.

This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.

SPECIMEN: schema-true, not a live event

T0 review · schema-true

One-sentence machine reading of the paper's core claim.

pith:XXXXXXXX · record.json · timestamp

arxiv 1206.6389 v3 pith:ERE56V6G submitted 2012-06-27 cs.LG cs.CRstat.ML

Poisoning Attacks against Support Vector Machines

classification cs.LG cs.CRstat.ML
keywords attacksdataerrorgradientascentattackdemonstrateincreases
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved
0 comments
read the original abstract

We investigate a family of poisoning attacks against Support Vector Machines (SVM). Such attacks inject specially crafted training data that increases the SVM's test error. Central to the motivation for these attacks is the fact that most learning algorithms assume that their training data comes from a natural or well-behaved distribution. However, this assumption does not generally hold in security-sensitive settings. As we demonstrate, an intelligent adversary can, to some extent, predict the change of the SVM's decision function due to malicious input and use this ability to construct malicious data. The proposed attack uses a gradient ascent strategy in which the gradient is computed based on properties of the SVM's optimal solution. This method can be kernelized and enables the attack to be constructed in the input space even for non-linear kernels. We experimentally demonstrate that our gradient ascent procedure reliably identifies good local maxima of the non-convex validation error surface, which significantly increases the classifier's test error.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 14 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. $\pi$Creds: Privately Inferred Credentials

    cs.CR 2026-06 unverdicted novelty 7.0

    πCreds produces privacy-preserving verifiable credentials via trusted LLM inference on authenticated data, expanding claim types to unstructured sources and formalizing SCAE and ACPP threat models.

  2. The Curse of Recursion: Training on Generated Data Makes Models Forget

    cs.LG 2023-05 conditional novelty 7.0

    Use of model-generated content in training causes irreversible loss of distribution tails, termed model collapse, in VAEs, GMMs, and LLMs.

  3. Structural Adversarial Attacks on Relational Deep Learning under Integrity Constraints

    cs.LG 2026-07 conditional novelty 6.0

    Gradient-guided rewiring of foreign-key edges in relational databases degrades GNN predictions on regression tasks while preserving schema integrity constraints.

  4. Regret-Guaranteed Safe Switching: LQR Setting with Unknown Dynamics

    eess.SY 2026-06 unverdicted novelty 6.0

    Proposes a regret-minimizing algorithm for safe mode switching in unknown-dynamics LQR that achieves expected regret O(|M|^{1/4} n_s^{3/4} + n_m) under infinite mode visits.

  5. Landseer: Exploring the Machine Learning Defense Landscape

    cs.CR 2026-05 unverdicted novelty 6.0

    Landseer offers a containerized modular system to integrate and evaluate combinations of machine learning defenses, with an initial analysis of 35 defenses highlighting replicability challenges.

  6. Deep Privacy Funnel Model: From a Discriminative to a Generative Approach with an Application to Face Recognition

    cs.LG 2024-04 unverdicted novelty 6.0

    Introduces Generative Privacy Funnel (GenPF) and deep variational PF (DVPF) models that extend the privacy funnel to generative settings and provide a controllable privacy-utility trade-off with reduced sensitive attr...

  7. Laundering AI Authority with Adversarial Examples

    cs.CR 2026-05 unverdicted novelty 5.0

    Adversarial examples enable AI authority laundering by causing production VLMs to give authoritative but wrong responses on subtly perturbed images, with success rates of 22-100% using decade-old attack methods.

  8. Survival of the Cheapest: Cost-Aware Hardware Adaptation for Adversarial Robustness

    cs.CR 2024-09 unverdicted novelty 5.0

    A decision-support framework applies AFT models to show Nvidia L4 GPUs yield 20% longer adversarial survival time at 75% lower cost than V100, with inference latency as the strongest robustness predictor.

  9. Clustering Unsupervised Representations as Defense against Poisoning Attacks on Speech Commands Classification System

    cs.SD 2026-06 unverdicted novelty 4.0

    Clustering DINO representations via K-means and LDA filters poisoned speech samples, reducing attack success rate from 99.75% to 0.25% at 10% poisoning level.

  10. FoggyTrust: Robust Federated Learning with Hierarchical Trust Networks

    cs.LG 2026-06 unverdicted novelty 4.0

    FoggyTrust is a hierarchical extension of FLTrust that localizes trust computation to fog nodes and combines it with heterogeneity-aware optimizers, reporting over 50% gains on CIFAR-10 under Krum and Trim attacks.

  11. Comparative Insights on Adversarial Machine Learning from Industry and Academia: A User-Study Approach

    cs.CR 2026-02 unverdicted novelty 4.0

    Surveys indicate cybersecurity education correlates with higher concern for adversarial ML threats, and CTF-based challenges effectively engage students in learning about data poisoning attacks.

  12. Enabling Adversarial Robustness in AI Models through Kubeflow MLOps

    cs.CR 2026-05 unverdicted novelty 3.0

    A Kubeflow-based MLOps architecture detects FGSM adversarial attacks on deployed AI models and automatically applies PGD-based adversarial training to recover accuracy.

  13. Robustness Analysis of Machine Learning Models for IoT Intrusion Detection Under Data Poisoning Attacks

    cs.CR 2026-04 unverdicted novelty 3.0

    Ensemble models like Random Forest and Gradient Boosting maintain more stable performance than Logistic Regression and Deep Neural Networks under label manipulation and outlier-based poisoning attacks on IoT intrusion...

  14. DP2Guard: A Lightweight and Byzantine-Robust Privacy-Preserving Federated Learning Scheme for Industrial IoT

    cs.CR 2025-07 unverdicted novelty 3.0

    DP2Guard is a proposed lightweight PPFL framework that combines gradient masking for privacy, hybrid anomaly detection via SVD and clustering for Byzantine robustness, trust-based adaptive aggregation, and blockchain ...