A Backdoor Approach with Inverted Labels Using Dirty Label-Flipping Attacks
This addresses security vulnerabilities in audio ML systems using public data, but it is incremental as it builds on existing label-flipping attack methods.
The paper tackles the problem of data poisoning attacks on audio-based machine learning systems by proposing a backdoor attack called 'DirtyFlipping' that uses dirty label techniques to insert triggers, enabling stealthy manipulation of deep neural network models.
Audio-based machine learning systems frequently use public or third-party data, which might be inaccurate. This exposes deep neural network (DNN) models trained on such data to potential data poisoning attacks. In this type of assault, attackers can train the DNN model using poisoned data, potentially degrading its performance. Another type of data poisoning attack that is extremely relevant to our investigation is label flipping, in which the attacker manipulates the labels for a subset of data. It has been demonstrated that these assaults may drastically reduce system performance, even for attackers with minimal abilities. In this study, we propose a backdoor attack named 'DirtyFlipping', which uses dirty label techniques, "label-on-label", to input triggers (clapping) in the selected data patterns associated with the target class, thereby enabling a stealthy backdoor.