Summary of Certified Robustness to Data Poisoning in Gradient-based Training, by Philip Sosnin et al.
Certified Robustness to Data Poisoning in Gradient-Based Training
by Philip Sosnin, Mark N. Müller, Maximilian Baader, Calvin Tsay, Matthew Wicker
First submitted to arxiv on: 9 Jun 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR); Computer Vision and Pattern Recognition (cs.CV)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The proposed framework provides the first provable guarantees on the behavior of machine learning models trained with potentially manipulated data, addressing the open problem of model robustness against poisoning and backdoor attacks. The framework leverages convex relaxations to bound the set of all possible parameter updates for a given poisoning threat model, allowing it to certify robustness against untargeted and targeted poisoning, as well as backdoor attacks. This approach provides bounds on worst-case behavior, including model performance and backdoor success rate. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Machine learning models are at risk when they’re trained with flawed data. In this research, scientists developed a new method to ensure that these models behave safely even if the training data is manipulated. The method uses math to bound the possible outcomes of the model’s behavior, making it difficult for attackers to exploit the model. This innovation could improve the reliability of machine learning in important applications like energy management, medical imaging, and self-driving cars. |
Keywords
» Artificial intelligence » Machine learning
