Indiscriminate Data Poisoning Attacks on Neural Networks
This work addresses security vulnerabilities in neural networks for machine learning practitioners, though it appears incremental as it builds on existing poisoning attack methods.
The authors developed efficient data poisoning attacks on neural networks by connecting poisoning attacks with Stackelberg game algorithms and optimizing with second-order methods, achieving attacks that can simultaneously generate tens of thousands of poisoned points.
Data poisoning attacks, in which a malicious adversary aims to influence a model by injecting "poisoned" data into the training process, have attracted significant recent attention. In this work, we take a closer look at existing poisoning attacks and connect them with old and new algorithms for solving sequential Stackelberg games. By choosing an appropriate loss function for the attacker and optimizing with algorithms that exploit second-order information, we design poisoning attacks that are effective on neural networks. We present efficient implementations that exploit modern auto-differentiation packages and allow simultaneous and coordinated generation of tens of thousands of poisoned points, in contrast to existing methods that generate poisoned points one by one. We further perform extensive experiments that empirically explore the effect of data poisoning attacks on deep neural networks.