Defending Regression Learners Against Poisoning Attacks
This addresses the problem of securing regression models against malicious data manipulation for applications in engineering and finance, representing a novel defense approach rather than an incremental improvement.
The paper tackles the vulnerability of regression models to poisoning attacks by introducing N-LID, a measure based on Local Intrinsic Dimensionality, to detect poisoned samples without attacker assumptions, resulting in up to 76% lower MSE compared to undefended models.
Regression models, which are widely used from engineering applications to financial forecasting, are vulnerable to targeted malicious attacks such as training data poisoning, through which adversaries can manipulate their predictions. Previous works that attempt to address this problem rely on assumptions about the nature of the attack/attacker or overestimate the knowledge of the learner, making them impractical. We introduce a novel Local Intrinsic Dimensionality (LID) based measure called N-LID that measures the local deviation of a given data point's LID with respect to its neighbors. We then show that N-LID can distinguish poisoned samples from normal samples and propose an N-LID based defense approach that makes no assumptions of the attacker. Through extensive numerical experiments with benchmark datasets, we show that the proposed defense mechanism outperforms the state of the art defenses in terms of prediction accuracy (up to 76% lower MSE compared to an undefended ridge model) and running time.