Dropout Attacks
This addresses security vulnerabilities in deep learning for practitioners, though it is incremental as it builds on existing poisoning attack methods.
The paper tackles the problem of poisoning neural networks by manipulating the dropout operator, introducing DROPOUTATTACK variants that can reduce precision of a target class by 34.6% without degrading overall model accuracy.
Dropout is a common operator in deep learning, aiming to prevent overfitting by randomly dropping neurons during training. This paper introduces a new family of poisoning attacks against neural networks named DROPOUTATTACK. DROPOUTATTACK attacks the dropout operator by manipulating the selection of neurons to drop instead of selecting them uniformly at random. We design, implement, and evaluate four DROPOUTATTACK variants that cover a broad range of scenarios. These attacks can slow or stop training, destroy prediction accuracy of target classes, and sabotage either precision or recall of a target class. In our experiments of training a VGG-16 model on CIFAR-100, our attack can reduce the precision of the victim class by 34.6% (from 81.7% to 47.1%) without incurring any degradation in model accuracy