Summary of Wicked Oddities: Selectively Poisoning For Effective Clean-label Backdoor Attacks, by Quang H. Nguyen et al.
Wicked Oddities: Selectively Poisoning for Effective Clean-Label Backdoor Attacks
by Quang H. Nguyen, Nguyen Ngoc-Hieu, The-Anh Ta, Thanh Nguyen-Tang, Kok-Seng Wong, Hoang Thanh-Tung, Khoa D. Doan
First submitted to arxiv on: 15 Jul 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR); Computer Vision and Pattern Recognition (cs.CV)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary In this paper, researchers investigate a type of adversarial attack called clean-label attacks, which manipulate machine learning models by poisoning their training data without altering the labels. The authors focus on a specific threat model where an attacker provides only limited information to boost the success rate of such attacks in real-world scenarios. They explore various strategies for selectively poisoning a small set of training samples to achieve high attack success rates, highlighting the practical implications of these findings. The study uses benchmark datasets to demonstrate the effectiveness of these strategies. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This paper looks at ways that bad actors can trick machine learning models into making mistakes. One way they do this is by adding fake data to a model’s training set without changing what it says the data is. This makes it harder for the model to tell the difference between real and fake data, so it ends up doing what the attacker wants. The researchers in this paper think about how someone could do this with limited information and find ways to make it work better. |
Keywords
* Artificial intelligence * Machine learning
