Stealthy Poisoning Attacks Bypass Defenses in Regression Settings
This work addresses security vulnerabilities in regression models used in industrial and scientific applications, offering incremental improvements in defense mechanisms against stealthy poisoning attacks.
The paper tackles the problem of poisoning attacks on regression models by proposing a stealthy attack formulation that bypasses existing defenses, and introduces a new defense called BayesClean that improves robustness when attacks are stealthy and involve many poisoning points.
Regression models are widely used in industrial processes, engineering, and in natural and physical sciences, yet their robustness to poisoning has received less attention. When it has, studies often assume unrealistic threat models and are thus less useful in practice. In this paper, we propose a novel optimal stealthy attack formulation that considers different degrees of detectability and show that it bypasses state-of-the-art defenses. We further propose a new methodology based on normalization of objectives to evaluate different trade-offs between effectiveness and detectability. Finally, we develop a novel defense (BayesClean) against stealthy attacks. BayesClean improves on previous defenses when attacks are stealthy and the number of poisoning points is significant.