4.7 Article

De-Pois: An Attack-Agnostic Defense against Data Poisoning Attacks

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY (2021)

Get Full Text
Add to Collection

Journal

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
Volume 16, Issue -, Pages 3412-3425

Publisher

IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/TIFS.2021.3080522

Keywords

Data models; Training; Testing; Predictive models; Computational modeling; Training data; Task analysis; Machine learning; data poisoning attack; attack-agnostic defense; generative adversarial network

Categories

Computer Science, Theory & Methods Engineering, Electrical & Electronic

Funding

  1. National Natural Science Foundation of China [61872416, 52031009, 62002104, 62071192]
  2. Fundamental Research Funds for the Central Universities of China [2019kfyXJJS017]
  3. special fund for Wuhan Yellow Crane Talents (Excellent Young Scholar)
  4. Hubei Key Laboratory of Transportation Internet of Things [2019IOT004]
  5. National Science Foundation [NSF 2038029, NSF 1564097]
  6. IBM faculty award

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

Machine learning techniques are vulnerable to data poisoning attacks, with current defense techniques largely attack-specific. De-Pois is proposed as an attack-agnostic defense, utilizing a mimic model trained to imitate the behavior of a target model trained by clean samples. By leveraging Generative Adversarial Networks (GANs), De-Pois is able to effectively detect poisoned data without explicit knowledge of ML algorithms or types of poisoning attacks.
Machine learning techniques have been widely applied to various applications. However, they are potentially vulnerable to data poisoning attacks, where sophisticated attackers can disrupt the learning procedure by injecting a fraction of malicious samples into the training dataset. Existing defense techniques against poisoning attacks are largely attack-specific: they are designed for one specific type of attacks but do not work for other types, mainly due to the distinct principles they follow. Yet few general defense strategies have been developed. In this paper, we propose De-Pois, an attack-agnostic defense against poisoning attacks. The key idea of De-Pois is to train a mimic model the purpose of which is to imitate the behavior of the target model trained by clean samples. We take advantage of Generative Adversarial Networks (GANs) to facilitate informative training data augmentation as well as the mimic model construction. By comparing the prediction differences between the mimic model and the target model, De-Pois is thus able to distinguish the poisoned samples from clean ones, without explicit knowledge of any ML algorithms or types of poisoning attacks. We implement four types of poisoning attacks and evaluate De-Pois with five typical defense methods on different realistic datasets. The results demonstrate that De-Pois is effective and efficient for detecting poisoned data against all the four types of poisoning attacks, with both the accuracy and F1-score over 0.9 on average.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.7
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available
Webinars Posters Questions Hubs Funding Journals Papers Connect Collections Reviewers About Us FAQs Mobile App Privacy Policy Terms of Use
© Peeref 2019-2024. All rights reserved.