Online Data Poisoning Attack
This addresses security vulnerabilities in online learning systems for applications like real-time data processing, though it is incremental as it extends existing poisoning attack methods to the online setting.
The paper tackles the problem of data poisoning attacks in online learning where training items arrive sequentially, and the attacker can perturb current items without knowledge of future data or the data distribution. The result is a control approach using model predictive control and deep reinforcement learning that generates near-optimal attacks, validated on supervised and unsupervised tasks.
We study data poisoning attacks in the online setting where training items arrive sequentially, and the attacker may perturb the current item to manipulate online learning. Importantly, the attacker has no knowledge of future training items nor the data generating distribution. We formulate online data poisoning attack as a stochastic optimal control problem, and solve it with model predictive control and deep reinforcement learning. We also upper bound the suboptimality suffered by the attacker for not knowing the data generating distribution. Experiments validate our control approach in generating near-optimal attacks on both supervised and unsupervised learning tasks.