Defending Against Adversarial Denial-of-Service Data Poisoning Attacks
This addresses security threats for machine learning applications relying on untrusted training data, representing an incremental advance in defense mechanisms.
The paper tackles the problem of Denial-of-Service data poisoning attacks on machine learning models by proposing a new detection approach that identifies poisoned samples using information from unpoisoned data, achieving at least 50% improvement in false positive/false negative rates compared to related work.
Data poisoning is one of the most relevant security threats against machine learning and data-driven technologies. Since many applications rely on untrusted training data, an attacker can easily craft malicious samples and inject them into the training dataset to degrade the performance of machine learning models. As recent work has shown, such Denial-of-Service (DoS) data poisoning attacks are highly effective. To mitigate this threat, we propose a new approach of detecting DoS poisoned instances. In comparison to related work, we deviate from clustering and anomaly detection based approaches, which often suffer from the curse of dimensionality and arbitrary anomaly threshold selection. Rather, our defence is based on extracting information from the training data in such a generalized manner that we can identify poisoned samples based on the information present in the unpoisoned portion of the data. We evaluate our defence against two DoS poisoning attacks and seven datasets, and find that it reliably identifies poisoned instances. In comparison to related work, our defence improves false positive / false negative rates by at least 50%, often more.