Timezone: »
Indiscriminate Data Poisoning Attacks on Neural Networks
Yiwei Lu · Gautam Kamath · Yaoliang Yu
Event URL: https://openreview.net/forum?id=G9GI1pD7w1j »
Data poisoning attacks, in which a malicious adversary aims to influence a model by injecting ``poisoned'' data into the training process, have attracted significant recent attention. In this work, we take a closer look at existing poisoning attacks and connect them with old and new algorithms for solving sequential Stackelberg games. By choosing an appropriate loss function for the attacker and optimizing with algorithms that exploit second-order information, we design poisoning attacks that are effective on neural networks. We present efficient implementations by parameterizing the attacker and allowing simultaneous and coordinated generation of tens of thousands of poisoned points, in contrast to existing methods that generate poisoned points one by one. We further perform extensive experiments that empirically explore the effect of data poisoning attacks on deep neural networks. Our paper set up a new benchmark on the possibility of performing indiscriminate data poisoning attacks on modern neural networks.
Author Information
Yiwei Lu (University of Waterloo)
Gautam Kamath (University of Waterloo)
Yaoliang Yu (University of Waterloo)
More from the Same Authors
-
2022 Poster: Optimality and Stability in Non-Convex Smooth Games »
Guojun Zhang · Pascal Poupart · Yaoliang Yu -
2022 : Choosing Public Datasets for Private Machine Learning via Gradient Subspace Distance »
Xin Gu · Gautam Kamath · Steven Wu -
2022 : Hidden Poison: Machine Unlearning Enables Camouflaged Poisoning Attacks »
Jimmy Di · Jack Douglas · Jayadev Acharya · Gautam Kamath · Ayush Sekhari -
2022 : Indiscriminate Data Poisoning Attacks on Neural Networks »
Yiwei Lu · Gautam Kamath · Yaoliang Yu -
2022 : Hidden Poison: Machine unlearning enables camouflaged poisoning attacks »
Jimmy Di · Jack Douglas · Jayadev Acharya · Gautam Kamath · Ayush Sekhari -
2022 : Geometric attacks on batch normalization »
Amur Ghose · Apurv Gupta · Yaoliang Yu · Pascal Poupart -
2023 Poster: Robust Data Valuation with Weighted Banzhaf Values »
Weida Li · Yaoliang Yu -
2023 Poster: Private Distribution Learning with Public Data: The View from Sample Compression »
Shai Ben-David · Alex Bie · Clément L Canonne · Gautam Kamath · Vikrant Singhal -
2023 Poster: Batchnorm Allows Unsupervised Radial Attacks »
Amur Ghose · Apurv Gupta · Yaoliang Yu · Pascal Poupart -
2023 Poster: Understanding Neural Network Binarization with Forward and Backward Proximal Quantizers »
Yiwei Lu · Yaoliang Yu · Xinlin Li · Vahid Partovi Nia -
2023 Poster: Hidden Poison: Machine Unlearning Enables Camouflaged Poisoning Attacks »
Jimmy Di · Jack Douglas · Jayadev Acharya · Gautam Kamath · Ayush Sekhari -
2023 Poster: Functional Renyi Differential Privacy for Generative Modeling »
Dihong Jiang · Sun Sun · Yaoliang Yu -
2023 Poster: Distribution Learnability and Robustness »
Shai Ben-David · Alex Bie · Gautam Kamath · Tosca Lechner -
2022 Spotlight: Optimality and Stability in Non-Convex Smooth Games »
Guojun Zhang · Pascal Poupart · Yaoliang Yu -
2022 : Private GANs, Revisited »
Alex Bie · Gautam Kamath · Guojun Zhang -
2022 Poster: New Lower Bounds for Private Estimation and a Generalized Fingerprinting Lemma »
Gautam Kamath · Argyris Mouzakis · Vikrant Singhal -
2022 Poster: Private Estimation with Public Data »
Alex Bie · Gautam Kamath · Vikrant Singhal -
2021 Poster: Enabling Fast Differentially Private SGD via Just-in-Time Compilation and Vectorization »
Pranav Subramani · Nicholas Vadivelu · Gautam Kamath -
2021 Poster: Remember What You Want to Forget: Algorithms for Machine Unlearning »
Ayush Sekhari · Jayadev Acharya · Gautam Kamath · Ananda Theertha Suresh -
2020 Poster: The Discrete Gaussian for Differential Privacy »
Clément L Canonne · Gautam Kamath · Thomas Steinke -
2020 Social: Data Privacy: Academia, Industry, Policy, and Society »
Gautam Kamath -
2020 Poster: CoinPress: Practical Private Mean and Covariance Estimation »
Sourav Biswas · Yihe Dong · Gautam Kamath · Jonathan Ullman -
2020 Poster: Private Identity Testing for High-Dimensional Distributions »
Clément L Canonne · Gautam Kamath · Audra McMillan · Jonathan Ullman · Lydia Zakynthinou -
2020 Spotlight: Private Identity Testing for High-Dimensional Distributions »
Clément L Canonne · Gautam Kamath · Audra McMillan · Jonathan Ullman · Lydia Zakynthinou -
2019 Poster: Private Hypothesis Selection »
Mark Bun · Gautam Kamath · Thomas Steinke · Steven Wu -
2019 Poster: Multivariate Triangular Quantile Maps for Novelty Detection »
Jingjing Wang · Sun Sun · Yaoliang Yu -
2019 Poster: Differentially Private Algorithms for Learning Mixtures of Separated Gaussians »
Gautam Kamath · Or Sheffet · Vikrant Singhal · Jonathan Ullman -
2018 Poster: Deep Homogeneous Mixture Models: Representation, Separation, and Approximation »
Priyank Jaini · Pascal Poupart · Yaoliang Yu -
2017 Poster: Bregman Divergence for Stochastic Variance Reduction: Saddle-Point and Adversarial Prediction »
Zhan Shi · Xinhua Zhang · Yaoliang Yu -
2017 Spotlight: Bregman Divergence for Stochastic Variance Reduction: Saddle-Point and Adversarial Prediction »
Zhan Shi · Xinhua Zhang · Yaoliang Yu -
2017 Poster: Concentration of Multilinear Functions of the Ising Model with Applications to Network Data »
Constantinos Daskalakis · Nishanth Dikkala · Gautam Kamath -
2015 Poster: Optimal Testing for Properties of Distributions »
Jayadev Acharya · Constantinos Daskalakis · Gautam Kamath -
2015 Spotlight: Optimal Testing for Properties of Distributions »
Jayadev Acharya · Constantinos Daskalakis · Gautam Kamath -
2013 Poster: On Decomposing the Proximal Map »
Yao-Liang Yu -
2013 Oral: On Decomposing the Proximal Map »
Yao-Liang Yu -
2013 Poster: Polar Operators for Structured Sparse Estimation »
Xinhua Zhang · Yao-Liang Yu · Dale Schuurmans -
2013 Poster: Better Approximation and Faster Algorithm Using the Proximal Average »
Yao-Liang Yu -
2012 Poster: Convex Multi-view Subspace Learning »
Martha White · Yao-Liang Yu · Xinhua Zhang · Dale Schuurmans -
2012 Poster: Accelerated Training for Matrix-norm Regularization: A Boosting Approach »
Xinhua Zhang · Yao-Liang Yu · Dale Schuurmans -
2012 Poster: A Polynomial-time Form of Robust Regression »
Yao-Liang Yu · Özlem Aslan · Dale Schuurmans -
2010 Poster: Relaxed Clipping: A Global Training Method for Robust Regression and Classification »
Yao-Liang Yu · Min Yang · Linli Xu · Martha White · Dale Schuurmans -
2009 Poster: A General Projection Property for Distribution Families »
Yao-Liang Yu · Yuxi Li · Dale Schuurmans · Csaba Szepesvari