all InfoSec news
Pick your Poison: Undetectability versus Robustness in Data Poisoning Attacks against Deep Image Classification. (arXiv:2305.09671v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
Deep image classification models trained on large amounts of web-scraped data
are vulnerable to data poisoning, a mechanism for backdooring models. Even a
few poisoned samples seen during training can entirely undermine the model's
integrity during inference. While it is known that poisoning more samples
enhances an attack's effectiveness and robustness, it is unknown whether
poisoning too many samples weakens an attack by making it more detectable. We
observe a fundamental detectability/robustness trade-off in data poisoning
attacks: Poisoning too few …
attacks backdooring classification data data poisoning integrity large poisoning robustness scraped training vulnerable web