English
Related papers

Related papers: You Autocomplete Me: Poisoning Vulnerabilities in …

200 papers

The performance of a machine learning-based malware classifier depends on the large and updated training set used to induce its model. In order to maintain an up-to-date training set, there is a need to continuously collect benign and…

Cryptography and Security · Computer Science 2020-11-02 Tzvika Shapira , David Berend , Ishai Rosenberg , Yang Liu , Asaf Shabtai , Yuval Elovici

Deep neural networks are vulnerable to a range of adversaries. A particularly pernicious class of vulnerabilities are backdoors, where model predictions diverge in the presence of subtle triggers in inputs. An attacker can implant a…

Machine Learning · Computer Science 2022-12-20 Goutham Ramakrishnan , Aws Albarghouthi

Web-scraped datasets are vulnerable to data poisoning, which can be used for backdooring deep image classifiers during training. Since training on large datasets is expensive, a model is trained once and re-used many times. Unlike…

Machine Learning · Computer Science 2024-01-23 Benjamin Schneider , Nils Lukas , Florian Kerschbaum

In this work, we study literature in Explainable AI and Safe AI to understand poisoning of neural models of code. In order to do so, we first establish a novel taxonomy for Trojan AI for code, and present a new aspect-based classification…

Software Engineering · Computer Science 2024-04-22 Aftab Hussain , Md Rafiqul Islam Rabin , Toufique Ahmed , Navid Ayoobi , Bowen Xu , Prem Devanbu , Mohammad Amin Alipour

Genomic foundation models trained on DNA sequences have demonstrated remarkable capabilities across diverse biological tasks, from variant effect prediction to genome design. These models are typically trained on massive, publicly sourced…

Genomics · Quantitative Biology 2026-03-31 Charalampos Koilakos , Ioannis Mouratidis , Ilias Georgakopoulos-Soares

Instruction tuning is an effective technique to align large language models (LLMs) with human intents. In this work, we investigate how an adversary can exploit instruction tuning by injecting specific instruction-following examples into…

Cryptography and Security · Computer Science 2023-10-31 Manli Shu , Jiongxiao Wang , Chen Zhu , Jonas Geiping , Chaowei Xiao , Tom Goldstein

Deep learning models have achieved high performance on many tasks, and thus have been applied to many security-critical scenarios. For example, deep learning-based face recognition systems have been used to authenticate users to access many…

Cryptography and Security · Computer Science 2017-12-18 Xinyun Chen , Chang Liu , Bo Li , Kimberly Lu , Dawn Song

In the domain of large language models (LLMs), in-context learning (ICL) has been recognized for its innovative ability to adapt to new tasks, relying on examples rather than retraining or fine-tuning. This paper delves into the critical…

Cryptography and Security · Computer Science 2025-06-03 Pengfei He , Han Xu , Yue Xing , Hui Liu , Makoto Yamada , Jiliang Tang

Data poisoning is one of the most relevant security threats against machine learning and data-driven technologies. Since many applications rely on untrusted training data, an attacker can easily craft malicious samples and inject them into…

Cryptography and Security · Computer Science 2021-12-01 Nicolas M. Müller , Simon Roschmann , Konstantin Böttinger

Model poisoning attacks are critical security threats to Federated Learning (FL). Existing model poisoning attacks suffer from two key limitations: 1) they achieve suboptimal effectiveness when defenses are deployed, and/or 2) they require…

Cryptography and Security · Computer Science 2025-08-14 Yueqi Xie , Minghong Fang , Neil Zhenqiang Gong

Training pipelines for machine learning (ML) based malware classification often rely on crowdsourced threat feeds, exposing a natural attack injection point. In this paper, we study the susceptibility of feature-based ML malware classifiers…

Cryptography and Security · Computer Science 2021-01-12 Giorgio Severi , Jim Meyer , Scott Coull , Alina Oprea

Modern machine learning pipelines leverage large amounts of public data, making it infeasible to guarantee data quality and leaving models open to poisoning and backdoor attacks. Provably bounding model behavior under such attacks remains…

Machine Learning · Computer Science 2024-10-31 Philip Sosnin , Mark N. Müller , Maximilian Baader , Calvin Tsay , Matthew Wicker

We investigate security concerns of the emergent instruction tuning paradigm, that models are trained on crowdsourced datasets with task instructions to achieve superior performance. Our studies demonstrate that an attacker can inject…

Computation and Language · Computer Science 2024-04-04 Jiashu Xu , Mingyu Derek Ma , Fei Wang , Chaowei Xiao , Muhao Chen

AI-powered coding assistant tools have revolutionized the software engineering ecosystem. However, prior work has demonstrated that these tools are vulnerable to poisoning attacks. In a poisoning attack, an attacker intentionally injects…

Cryptography and Security · Computer Science 2023-12-12 Sanghak Oh , Kiho Lee , Seonhye Park , Doowon Kim , Hyoungshick Kim

Backdoor data poisoning attacks have recently been demonstrated in computer vision research as a potential safety risk for machine learning (ML) systems. Traditional data poisoning attacks manipulate training data to induce unreliability of…

Computer Vision and Pattern Recognition · Computer Science 2020-04-27 Loc Truong , Chace Jones , Brian Hutchinson , Andrew August , Brenda Praggastis , Robert Jasper , Nicole Nichols , Aaron Tuor

Software language models have achieved promising results predicting code completion usages, and several industry studies have described successful IDE integrations. Recently, accuracy in autocompletion prediction improved 12.8% from…

Software Engineering · Computer Science 2021-10-14 Wen Zhou , Seohyun Kim , Vijayaraghavan Murali , Gareth Ari Aye

As machine learning systems grow in scale, so do their training data requirements, forcing practitioners to automate and outsource the curation of training data in order to achieve state-of-the-art performance. The absence of trustworthy…

Machine Learning · Computer Science 2021-04-02 Micah Goldblum , Dimitris Tsipras , Chulin Xie , Xinyun Chen , Avi Schwarzschild , Dawn Song , Aleksander Madry , Bo Li , Tom Goldstein

Data poisoning attacks, in which an adversary corrupts a training set with the goal of inducing specific desired mistakes, have raised substantial concern: even just the possibility of such an attack can make a user no longer trust the…

Machine Learning · Computer Science 2022-03-09 Maria-Florina Balcan , Avrim Blum , Steve Hanneke , Dravyansh Sharma

Recommender systems have become an integral part of online services to help users locate specific information in a sea of data. However, existing studies show that some recommender systems are vulnerable to poisoning attacks, particularly…

Cryptography and Security · Computer Science 2024-04-24 Thanh Toan Nguyen , Quoc Viet Hung Nguyen , Thanh Tam Nguyen , Thanh Trung Huynh , Thanh Thi Nguyen , Matthias Weidlich , Hongzhi Yin

Poisoning attacks can compromise the safety of large language models (LLMs) by injecting malicious documents into their training data. Existing work has studied pretraining poisoning assuming adversaries control a percentage of the training…