English
Related papers

Related papers: Transferable Clean-Label Poisoning Attacks on Deep…

200 papers

Web-scraped datasets are vulnerable to data poisoning, which can be used for backdooring deep image classifiers during training. Since training on large datasets is expensive, a model is trained once and re-used many times. Unlike…

Machine Learning · Computer Science 2024-01-23 Benjamin Schneider , Nils Lukas , Florian Kerschbaum

Clean-label (CL) attack is a form of data poisoning attack where an adversary modifies only the textual input of the training data, without requiring access to the labeling function. CL attacks are relatively unexplored in NLP, as compared…

Computation and Language · Computer Science 2023-06-01 Ashim Gupta , Amrith Krishna

The unprecedented availability of training data fueled the rapid development of powerful neural networks in recent years. However, the need for such large amounts of data leads to potential threats such as poisoning attacks: adversarial…

Machine Learning · Computer Science 2024-03-21 Fabio De Gaspari , Dorjan Hitaj , Luigi V. Mancini

Backdoor attacks pose a new threat to NLP models. A standard strategy to construct poisoned data in backdoor attacks is to insert triggers (e.g., rare words) into selected sentences and alter the original label to a target label. This…

Computation and Language · Computer Science 2022-04-28 Leilei Gan , Jiwei Li , Tianwei Zhang , Xiaoya Li , Yuxian Meng , Fei Wu , Yi Yang , Shangwei Guo , Chun Fan

Text-to-image diffusion models have achieved remarkable success in generating high-quality contents from text prompts. However, their reliance on publicly available data and the growing trend of data sharing for fine-tuning make these…

Computer Vision and Pattern Recognition · Computer Science 2025-03-14 Sangwon Jang , June Suk Choi , Jaehyeong Jo , Kimin Lee , Sung Ju Hwang

We introduce camouflaged data poisoning attacks, a new attack vector that arises in the context of machine unlearning and other settings when model retraining may be induced. An adversary first adds a few carefully crafted points to the…

Machine Learning · Computer Science 2024-08-02 Jimmy Z. Di , Jack Douglas , Jayadev Acharya , Gautam Kamath , Ayush Sekhari

Backdoor attacks are emerging threats to deep neural networks, which typically embed malicious behaviors into a victim model by injecting poisoned samples. Adversaries can activate the injected backdoor during inference by presenting the…

Cryptography and Security · Computer Science 2025-12-05 Bingyin Zhao , Yingjie Lao

Two widely used techniques for training supervised machine learning models on small datasets are Active Learning and Transfer Learning. The former helps to optimally use a limited budget to label new data. The latter uses large pre-trained…

Machine Learning · Computer Science 2021-01-28 Nicolas M. Müller , Konstantin Böttinger

Audio-based machine learning systems frequently use public or third-party data, which might be inaccurate. This exposes deep neural network (DNN) models trained on such data to potential data poisoning attacks. In this type of assault,…

Cryptography and Security · Computer Science 2024-04-09 Orson Mengara

Continual learning algorithms are typically exposed to untrusted sources that contain training data inserted by adversaries and bad actors. An adversary can insert a small number of poisoned samples, such as mislabeled samples from…

Machine Learning · Computer Science 2023-11-21 Huayu Li , Gregory Ditzler

Targeted data poisoning attacks manipulate model predictions on specific test samples by injecting malicious data into training. Yet existing evaluations report average attack success rates over randomly selected targets, obscuring true…

Machine Learning · Computer Science 2026-05-25 William Xu , Chenyu Zhang , Yihan Wang , Matthew Y. R. Yang , Zuoqiu Liu , Gautam Kamath , Yaoliang Yu , Yiwei Lu

Data poisoning attacks compromise the integrity of machine-learning models by introducing malicious training samples to influence the results during test time. In this work, we investigate backdoor data poisoning attack on deep neural…

Machine Learning · Computer Science 2019-12-04 Mahesh Subedar , Nilesh Ahuja , Ranganath Krishnan , Ibrahima J. Ndiour , Omesh Tickoo

Machine learning models have achieved great success in supervised learning tasks for end-to-end training, which requires a large amount of labeled data that is not always feasible. Recently, many practitioners have shifted to…

Machine Learning · Computer Science 2024-02-21 Yiwei Lu , Matthew Y. R. Yang , Gautam Kamath , Yaoliang Yu

Backdoor attacks threaten the deep learning supply chain by poisoning a small fraction of the training data so that a model behaves normally on clean inputs but misclassifies trigger-carrying inputs to an attacker-chosen target class.…

Cryptography and Security · Computer Science 2026-05-05 Yi Yang , Jinyang Huang , Binbin Liu , Feng-Qi Cui , Xiaokang Zhou , Zhi Liu , Jie Zhang , Meng Li

Deep Neural Networks (DNNs) are shown to be vulnerable to backdoor poisoning attacks, with most research focusing on digital triggers -- artificial patterns added to test-time inputs to induce targeted misclassification. Physical triggers,…

Cryptography and Security · Computer Science 2025-08-18 Thinh Dao , Khoa D Doan , Kok-Seng Wong

Backdoor poisoning attacks pose a well-known risk to neural networks. However, most studies have focused on lenient threat models. We introduce Silent Killer, a novel attack that operates in clean-label, black-box settings, uses a stealthy…

Cryptography and Security · Computer Science 2023-10-03 Tzvi Lederer , Gallil Maimon , Lior Rokach

In a backdoor attack, an adversary injects corrupted data into a model's training dataset in order to gain control over its predictions on images with a specific attacker-defined trigger. A typical corrupted training example requires…

Machine Learning · Computer Science 2023-10-31 Rishi D. Jha , Jonathan Hayase , Sewoong Oh

We present a certified defense to clean-label poisoning attacks under $\ell_2$-norm. These attacks work by injecting a small number of poisoning samples (e.g., 1%) that contain bounded adversarial perturbations into the training data to…

Cryptography and Security · Computer Science 2025-06-03 Sanghyun Hong , Nicholas Carlini , Alexey Kurakin

Since 2014 when Szegedy et al. showed that carefully designed perturbations of the input can lead Deep Neural Networks (DNNs) to wrongly classify its label, there has been an ongoing research to make DNNs more robust to such malicious…

Computer Vision and Pattern Recognition · Computer Science 2020-03-03 Muhammad Yaseen , Muneeb Aadil , Maria Sargsyan

With the increase in machine learning (ML) applications in different domains, incentives for deceiving these models have reached more than ever. As data is the core backbone of ML algorithms, attackers shifted their interest toward…

Cryptography and Security · Computer Science 2023-01-04 Kshitiz Aryal , Maanak Gupta , Mahmoud Abdelsalam