English
Related papers

Related papers: You Autocomplete Me: Poisoning Vulnerabilities in …

200 papers

Deep learning has become a cornerstone of modern artificial intelligence, enabling transformative applications across a wide range of domains. As the core element of deep learning, the quality and security of training data critically…

Cryptography and Security · Computer Science 2025-04-01 Pinlong Zhao , Weiyao Zhu , Pengfei Jiao , Di Gao , Ou Wu

Large language models (LLMs) are often fine-tuned on uncurated text datasets that adversaries can poison. Existing poisoning attacks primarily rely on fixed trigger phrases that defenses such as outlier detection, clean-data regularization,…

Cryptography and Security · Computer Science 2026-05-27 Zedian Shao , Charles Fleming , Teodora Baluta

Recently, self-supervised learning (SSL) was shown to be vulnerable to patch-based data poisoning backdoor attacks. It was shown that an adversary can poison a small part of the unlabeled data so that when a victim trains an SSL model on…

Computer Vision and Pattern Recognition · Computer Science 2023-04-05 Ajinkya Tejankar , Maziar Sanjabi , Qifan Wang , Sinong Wang , Hamed Firooz , Hamed Pirsiavash , Liang Tan

Data Poisoning (DP) is an effective attack that causes trained classifiers to misclassify their inputs. DP attacks significantly degrade a classifier's accuracy by covertly injecting attack samples into the training set. Broadly applicable…

Machine Learning · Computer Science 2022-05-13 Xi Li , David J. Miller , Zhen Xiang , George Kesidis

We introduce camouflaged data poisoning attacks, a new attack vector that arises in the context of machine unlearning and other settings when model retraining may be induced. An adversary first adds a few carefully crafted points to the…

Machine Learning · Computer Science 2024-08-02 Jimmy Z. Di , Jack Douglas , Jayadev Acharya , Gautam Kamath , Ayush Sekhari

In adversarial machine learning, new defenses against attacks on deep learning systems are routinely broken soon after their release by more powerful attacks. In this context, forensic tools can offer a valuable complement to existing…

Cryptography and Security · Computer Science 2022-06-17 Shawn Shan , Arjun Nitin Bhagoji , Haitao Zheng , Ben Y. Zhao

We introduce a new class of attacks on machine learning models. We show that an adversary who can poison a training dataset can cause models trained on this dataset to leak significant private details of training points belonging to other…

Cryptography and Security · Computer Science 2022-10-07 Florian Tramèr , Reza Shokri , Ayrton San Joaquin , Hoang Le , Matthew Jagielski , Sanghyun Hong , Nicholas Carlini

In a poisoning attack, an adversary with control over a small fraction of the training data attempts to select that data in a way that induces a corrupted model that misbehaves in favor of the adversary. We consider poisoning attacks…

Machine Learning · Computer Science 2021-04-22 Fnu Suya , Saeed Mahloujifar , Anshuman Suri , David Evans , Yuan Tian

We study backdoor poisoning attacks against image classification networks, whereby an attacker inserts a trigger into a subset of the training data, in such a way that at test time, this trigger causes the classifier to predict some target…

Cryptography and Security · Computer Science 2022-02-03 Muhammad Usman , Youcheng Sun , Divya Gopinath , Corina S. Pasareanu

Continual learning algorithms are typically exposed to untrusted sources that contain training data inserted by adversaries and bad actors. An adversary can insert a small number of poisoned samples, such as mislabeled samples from…

Machine Learning · Computer Science 2023-11-21 Huayu Li , Gregory Ditzler

Federated edge learning can be essential in supporting privacy-preserving, artificial intelligence (AI)-enabled activities in digital twin 6G-enabled Internet of Things (IoT) environments. However, we need to also consider the potential of…

Cryptography and Security · Computer Science 2023-03-22 Mohamed Amine Ferrag , Burak Kantarci , Lucas C. Cordeiro , Merouane Debbah , Kim-Kwang Raymond Choo

Targeted data poisoning attacks manipulate model predictions on specific test samples by injecting malicious data into training. Yet existing evaluations report average attack success rates over randomly selected targets, obscuring true…

Machine Learning · Computer Science 2026-05-25 William Xu , Chenyu Zhang , Yihan Wang , Matthew Y. R. Yang , Zuoqiu Liu , Gautam Kamath , Yaoliang Yu , Yiwei Lu

With the increase in machine learning (ML) applications in different domains, incentives for deceiving these models have reached more than ever. As data is the core backbone of ML algorithms, attackers shifted their interest toward…

Cryptography and Security · Computer Science 2023-01-04 Kshitiz Aryal , Maanak Gupta , Mahmoud Abdelsalam

The increasing use of large language models (LLMs) trained by third parties raises significant security concerns. In particular, malicious actors can introduce backdoors through poisoning attacks to generate undesirable outputs. While such…

Cryptography and Security · Computer Science 2024-07-19 Shuli Jiang , Swanand Ravindra Kadhe , Yi Zhou , Farhan Ahmed , Ling Cai , Nathalie Baracaldo

A recent source of concern for the security of neural networks is the emergence of clean-label dataset poisoning attacks, wherein correctly labeled poison samples are injected into the training dataset. While these poison samples look…

Machine Learning · Computer Science 2021-03-16 Hojjat Aghakhani , Dongyu Meng , Yu-Xiang Wang , Christopher Kruegel , Giovanni Vigna

As in-the-wild data are increasingly involved in the training stage, machine learning applications become more susceptible to data poisoning attacks. Such attacks typically lead to test-time accuracy degradation or controlled misprediction.…

Cryptography and Security · Computer Science 2022-11-02 Yufei Chen , Chao Shen , Yun Shen , Cong Wang , Yang Zhang

Code completion is one of the most useful features in the Integrated Development Environments (IDEs), which can accelerate software development by suggesting the next probable token based on the contextual code in real-time. Recent studies…

Software Engineering · Computer Science 2021-01-01 Fang Liu , Ge Li , Yunfei Zhao , Zhi Jin

Code completion, one of the most useful features in the Integrated Development Environments (IDEs), can accelerate software development by suggesting the libraries, APIs, and method names in real-time. Recent studies have shown that…

Software Engineering · Computer Science 2020-06-29 Fang Liu , Ge Li , Bolin Wei , Xin Xia , Zhiyi Fu , Zhi Jin

Data poisoning attacks -- where an adversary can modify a small fraction of training data, with the goal of forcing the trained classifier to high loss -- are an important threat for machine learning in many applications. While a body of…

Machine Learning · Computer Science 2020-02-21 Yizhen Wang , Somesh Jha , Kamalika Chaudhuri

Machine learning systems trained on user-provided data are susceptible to data poisoning attacks, whereby malicious users inject false training data with the aim of corrupting the learned model. While recent work has proposed a number of…

Machine Learning · Computer Science 2017-11-27 Jacob Steinhardt , Pang Wei Koh , Percy Liang