English
Related papers

Related papers: Preventing Clean Label Poisoning using Gaussian Mi…

200 papers

Deep neural networks (DNNs) are vulnerable to backdoor attack, which does not affect the network's performance on clean data but would manipulate the network behavior once a trigger pattern is added. Existing defense methods have greatly…

Machine Learning · Computer Science 2025-04-08 Min Liu , Alberto Sangiovanni-Vincentelli , Xiangyu Yue

Deep neural networks (DNNs) are vulnerable to adversarial samples crafted by adding imperceptible perturbations to clean data, potentially leading to incorrect and dangerous predictions. Adversarial purification has been an effective means…

Machine Learning · Computer Science 2024-12-12 Shuhai Zhang , Jiahao Yang , Hui Luo , Jie Chen , Li Wang , Feng Liu , Bo Han , Mingkui Tan

With the rise of third parties in the machine learning pipeline, the service provider in "Machine Learning as a Service" (MLaaS), or external data contributors in online learning, or the retraining of existing models, the need to ensure the…

Cryptography and Security · Computer Science 2021-05-20 Jialin Wen , Benjamin Zi Hao Zhao , Minhui Xue , Alina Oprea , Haifeng Qian

We study the problem of robust learning under clean-label data-poisoning attacks, where the attacker injects (an arbitrary set of) correctly-labeled examples to the training set to fool the algorithm into making mistakes on specific test…

Machine Learning · Computer Science 2021-07-08 Avrim Blum , Steve Hanneke , Jian Qian , Han Shao

In a backdoor attack, an adversary injects corrupted data into a model's training dataset in order to gain control over its predictions on images with a specific attacker-defined trigger. A typical corrupted training example requires…

Machine Learning · Computer Science 2023-10-31 Rishi D. Jha , Jonathan Hayase , Sewoong Oh

Human Activity Recognition (HAR) is a problem of interpreting sensor data to human movement using an efficient machine learning (ML) approach. The HAR systems rely on data from untrusted users, making them susceptible to data poisoning…

Cryptography and Security · Computer Science 2022-08-18 Abdur R. Shahid , Ahmed Imteaj , Peter Y. Wu , Diane A. Igoche , Tauhidul Alam

Large Language Models (LLMs) have advanced Graph Neural Networks (GNNs) by enriching node representations with semantic features, giving rise to LLM-enhanced GNNs that achieve notable performance gains. However, the robustness of these…

Machine Learning · Computer Science 2026-03-30 Yuhang Ma , Jie Wang , Zheng Yan

Backdoor poisoning attacks pose a well-known risk to neural networks. However, most studies have focused on lenient threat models. We introduce Silent Killer, a novel attack that operates in clean-label, black-box settings, uses a stealthy…

Cryptography and Security · Computer Science 2023-10-03 Tzvi Lederer , Gallil Maimon , Lior Rokach

Generalization of machine learning models can be severely compromised by data poisoning, where adversarial changes are applied to the training data. This vulnerability has led to interest in certifying (i.e., proving) that such changes up…

Machine Learning · Computer Science 2025-07-16 Lukas Gosch , Mahalakshmi Sabanayagam , Debarghya Ghoshdastidar , Stephan Günnemann

Machine learning models are highly vulnerable to label flipping, i.e., the adversarial modification (poisoning) of training labels to compromise performance. Thus, deriving robustness certificates is important to guarantee that test…

Machine Learning · Computer Science 2025-03-04 Mahalakshmi Sabanayagam , Lukas Gosch , Stephan Günnemann , Debarghya Ghoshdastidar

Learning from noisy labels (LNL) is crucial in deep learning, in which one of the approaches is to identify clean-label samples from poorly-annotated datasets. Such an identification is challenging because the conventional LNL problem,…

Machine Learning · Computer Science 2025-09-26 Cuong Nguyen , Thanh-Toan Do , Gustavo Carneiro

At present, backdoor attacks attract attention as they do great harm to deep learning models. The adversary poisons the training data making the model being injected with a backdoor after being trained unconsciously by victims using the…

Cryptography and Security · Computer Science 2023-03-06 Shengfang Zhai , Qingni Shen , Xiaoyi Chen , Weilong Wang , Cong Li , Yuejian Fang , Zhonghai Wu

Federated learning (FL) combined with local differential privacy (LDP) enables privacy-preserving model training across decentralized data sources. However, the decentralized data-management paradigm leaves LDPFL vulnerable to participants…

Cryptography and Security · Computer Science 2025-09-08 Zijian Wang , Wei Tong , Tingxuan Han , Haoyu Chen , Tianling Zhang , Yunlong Mao , Sheng Zhong

As machine learning becomes widely used for automated decisions, attackers have strong incentives to manipulate the results and models generated by machine learning algorithms. In this paper, we perform the first systematic study of…

Cryptography and Security · Computer Science 2021-09-29 Matthew Jagielski , Alina Oprea , Battista Biggio , Chang Liu , Cristina Nita-Rotaru , Bo Li

Deep learning (DL) models for natural language-to-code generation have become integral to modern software development pipelines. However, their heavy reliance on large amounts of data, often collected from unsanitized online sources,…

Cryptography and Security · Computer Science 2025-09-01 Cristina Improta

Traditional deep learning networks (DNN) exhibit intriguing vulnerabilities that allow an attacker to force them to fail at their task. Notorious attacks such as the Fast Gradient Sign Method (FGSM) and the more powerful Projected Gradient…

Machine Learning · Computer Science 2022-02-16 Jasser Jasser , Ivan Garibay

This paper investigates some of the risks introduced by "LLM poisoning," the intentional or unintentional introduction of malicious or biased data during model training. We demonstrate how a seemingly improved LLM, fine-tuned on a limited…

Cryptography and Security · Computer Science 2025-11-05 Patrick Karlsen , Even Eilertsen

In adversarial machine learning, new defenses against attacks on deep learning systems are routinely broken soon after their release by more powerful attacks. In this context, forensic tools can offer a valuable complement to existing…

Cryptography and Security · Computer Science 2022-06-17 Shawn Shan , Arjun Nitin Bhagoji , Haitao Zheng , Ben Y. Zhao

Backdoor attacks manipulate model predictions by inserting innocuous triggers into training and test data. We focus on more realistic and more challenging clean-label attacks where the adversarial training examples are correctly labeled.…

Machine Learning · Computer Science 2023-10-31 Wencong You , Zayd Hammoudeh , Daniel Lowd

The drastic increase of data quantity often brings the severe decrease of data quality, such as incorrect label annotations, which poses a great challenge for robustly training Deep Neural Networks (DNNs). Existing learning \mbox{methods}…

Machine Learning · Computer Science 2022-03-18 Qizhou Wang , Bo Han , Tongliang Liu , Gang Niu , Jian Yang , Chen Gong