Summary of Indiscriminate Data Poisoning Attacks on Pre-trained Feature Extractors, by Yiwei Lu et al.
Indiscriminate Data Poisoning Attacks on Pre-trained Feature Extractors
by Yiwei Lu, Matthew Y.R. Yang, Gautam Kamath, Yaoliang Yu
First submitted to arxiv on: 20 Feb 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The paper explores the vulnerability of machine learning models to indiscriminate data poisoning attacks in self-supervised learning methods. Specifically, it examines how these attacks can affect downstream tasks that apply pre-trained feature extractors. The authors propose two types of attacks: input space attacks and feature targeted attacks. Input space attacks modify existing attacks to craft poisoned data directly, while feature targeted attacks mitigate optimization challenges by acquiring target parameters, finding poisoned features, and inverting them back to the input space. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary The paper investigates how machine learning models can be attacked using fake data in self-supervised learning methods. It shows that pre-trained models are more vulnerable than those trained from scratch. The authors propose two types of attacks: one that modifies existing attacks and another that targets specific features. They test these attacks on popular tasks and find that some models are more susceptible to them. |
Keywords
* Artificial intelligence * Machine learning * Optimization * Self supervised
