Hard Work Does Not Always Pay Off: Poisoning Attacks on Neural Architecture Search

arXiv:2405.06073v1 Announce Type: cross
Abstract: In this paper, we study the robustness of "data-centric" approaches to finding neural network architectures (known as neural architecture search) to data distribution shifts. To audit this robustness, we present a data poisoning attack, when injected to the training data used for architecture search that can prevent the victim algorithm from finding an architecture with optimal accuracy. We first define the attack objective for crafting poisoning samples that can induce the victim to generate sub-optimal …

architecture architectures arxiv attack attacks audit cs.cr cs.lg data data poisoning distribution hard network neural network pay poisoning poisoning attacks robustness search shifts study training training data work