Data Poisoning Attack Aiming the Vulnerability of Continual Learning
This highlights a security risk in continual learning systems, which is incremental as it exposes a known vulnerability in existing methods.
The paper demonstrates that regularization-based continual learning methods are vulnerable to task-specific data poisoning attacks, showing performance degradation on targeted tasks when models like EWC and SI are trained on poisoned MNIST variants.
Generally, regularization-based continual learning models limit access to the previous task data to imitate the real-world constraints related to memory and privacy. However, this introduces a problem in these models by not being able to track the performance on each task. In essence, current continual learning methods are susceptible to attacks on previous tasks. We demonstrate the vulnerability of regularization-based continual learning methods by presenting a simple task-specific data poisoning attack that can be used in the learning process of a new task. Training data generated by the proposed attack causes performance degradation on a specific task targeted by the attacker. We experiment with the attack on the two representative regularization-based continual learning methods, Elastic Weight Consolidation (EWC) and Synaptic Intelligence (SI), trained with variants of MNIST dataset. The experiment results justify the vulnerability proposed in this paper and demonstrate the importance of developing continual learning models that are robust to adversarial attacks.