Provable Guarantees against Data Poisoning Using Self-Expansion and Compatibility. (arXiv:2105.03692v2 [cs.LG] UPDATED)

As deep learning datasets grow larger and less curated, backdoor data
poisoning attacks, which inject malicious poisoned data into the training
dataset, have drawn increasing attention in both academia and industry.

We identify an incompatibility property of the interaction of clean and
poisoned data with the training algorithm, specifically that including poisoned
data in the training dataset does not improve model accuracy on clean data and
vice-versa. Leveraging this property, we develop an algorithm that iteratively
refines subsets of the …

data data poisoning poisoning