Summary of Can Targeted Clean-label Poisoning Attacks Generalize?, by Zhizhen Chen et al.
Can Targeted Clean-Label Poisoning Attacks Generalize?
by Zhizhen Chen, Subrat Kishore Dutta, Zhengyu Zhao, Chenhao Lin, Chao Shen, Xiao Zhang
First submitted to arxiv on: 5 Dec 2024
Categories
- Main: Computer Vision and Pattern Recognition (cs.CV)
- Secondary: Cryptography and Security (cs.CR); Machine Learning (cs.LG)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary A novel targeted poisoning attack, designed to compromise a machine learning model’s prediction on specific target samples, is explored in this paper. The proposed method leverages both the direction and magnitude of model gradients, aiming to generalize well across various target variations. Extensive experiments demonstrate that our approach consistently outperforms existing attacks, such as the cosine similarity-based attack, achieving high success rates while maintaining overall accuracy. For instance, on two image benchmark datasets, our method achieves a 20.95% higher attack success rate compared to the cosine similarity-based attack, with similar overall accuracy averaged across four models. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary In this paper, researchers investigate how machine learning models can be tricked into making mistakes on specific pictures or objects. They want to see if an attack that works well on one type of picture will also work well on a different type. The authors test their idea by creating many fake pictures and seeing which ones are most effective at fooling the model. Their results show that their method is better than others at tricking the model into making mistakes, especially when the model is trained to recognize animals or objects from different angles. |
Keywords
» Artificial intelligence » Cosine similarity » Machine learning
