English
Related papers

Related papers: Poisoning Bayesian Inference via Data Deletion and…

200 papers

Regression models are widely used in industrial processes, engineering, and in natural and physical sciences, yet their robustness to poisoning has received less attention. When it has, studies often assume unrealistic threat models and are…

Machine Learning · Computer Science 2026-03-03 Javier Carnerero-Cano , Luis Muñoz-González , Phillippa Spencer , Emil C. Lupu

We present a data poisoning attack -- Phantom Transfer -- with the property that, even if you know precisely how the poison was placed into an otherwise benign dataset, you cannot filter it out. We achieve this by modifying subliminal…

Cryptography and Security · Computer Science 2026-02-06 Andrew Draganov , Tolga H. Dur , Anandmayi Bhongade , Mary Phuong

Machine learning models, especially deep neural networks have been shown to be susceptible to privacy attacks such as membership inference where an adversary can detect whether a data point was used for training a black-box model. Such…

Machine Learning · Computer Science 2020-07-20 Shruti Tople , Amit Sharma , Aditya Nori

Training pipelines for machine learning (ML) based malware classification often rely on crowdsourced threat feeds, exposing a natural attack injection point. In this paper, we study the susceptibility of feature-based ML malware classifiers…

Cryptography and Security · Computer Science 2021-01-12 Giorgio Severi , Jim Meyer , Scott Coull , Alina Oprea

Poisoning attacks are a category of adversarial machine learning threats in which an adversary attempts to subvert the outcome of the machine learning systems by injecting crafted data into training data set, thus increasing the machine…

Machine Learning · Computer Science 2024-10-28 Fereshteh Razmi , Li Xiong

Without direct access to the client's data, federated learning (FL) is well-known for its unique strength in data privacy protection among existing distributed machine learning techniques. However, its distributive and iterative nature…

Machine Learning · Computer Science 2026-04-14 Hanxi Guo , Hao Wang , Tao Song , Tianhang Zheng , Yang Hua , Haibing Guan , Xiangyu Zhang

Preference learning is a central component for aligning current LLMs, but this process can be vulnerable to data poisoning attacks. To address this concern, we introduce PoisonBench, a benchmark for evaluating large language models'…

Cryptography and Security · Computer Science 2025-06-09 Tingchen Fu , Mrinank Sharma , Philip Torr , Shay B. Cohen , David Krueger , Fazl Barez

Machine learning (ML) models, e.g., deep neural networks (DNNs), are vulnerable to adversarial examples: malicious inputs modified to yield erroneous model outputs, while appearing unmodified to human observers. Potential attacks include…

Cryptography and Security · Computer Science 2017-03-21 Nicolas Papernot , Patrick McDaniel , Ian Goodfellow , Somesh Jha , Z. Berkay Celik , Ananthram Swami

Web-scraped datasets are vulnerable to data poisoning, which can be used for backdooring deep image classifiers during training. Since training on large datasets is expensive, a model is trained once and re-used many times. Unlike…

Machine Learning · Computer Science 2024-01-23 Benjamin Schneider , Nils Lukas , Florian Kerschbaum

Federated Learning (FL) is a technique that allows multiple parties to train a shared model collaboratively without disclosing their private data. It has become increasingly popular due to its distinct privacy advantages. However, FL models…

Machine Learning · Computer Science 2024-10-04 Syed Irfan Ali Meerza , Jian Liu

Data-poisoning based backdoor attacks aim to insert backdoor into models by manipulating training datasets without controlling the training process of the target model. Existing attack methods mainly focus on designing triggers or fusion…

Cryptography and Security · Computer Science 2023-07-17 Zihao Zhu , Mingda Zhang , Shaokui Wei , Li Shen , Yanbo Fan , Baoyuan Wu

Traditional adversarial attacks rely upon the perturbations generated by gradients from the network which are generally safeguarded by gradient guided search to provide an adversarial counterpart to the network. In this paper, we propose a…

Computer Vision and Pattern Recognition · Computer Science 2022-03-08 Ujjwal Upadhyay , Prerana Mukherjee

As machine learning systems grow in scale, so do their training data requirements, forcing practitioners to automate and outsource the curation of training data in order to achieve state-of-the-art performance. The absence of trustworthy…

Machine Learning · Computer Science 2021-04-02 Micah Goldblum , Dimitris Tsipras , Chulin Xie , Xinyun Chen , Avi Schwarzschild , Dawn Song , Aleksander Madry , Bo Li , Tom Goldstein

Deep image classification models trained on vast amounts of web-scraped data are susceptible to data poisoning - a mechanism for backdooring models. A small number of poisoned samples seen during training can severely undermine a model's…

Cryptography and Security · Computer Science 2023-06-30 Nils Lukas , Florian Kerschbaum

Data Poisoning (DP) is an effective attack that causes trained classifiers to misclassify their inputs. DP attacks significantly degrade a classifier's accuracy by covertly injecting attack samples into the training set. Broadly applicable…

Machine Learning · Computer Science 2022-05-13 Xi Li , David J. Miller , Zhen Xiang , George Kesidis

As machine learning models become increasingly complex, concerns about their robustness and trustworthiness have become more pressing. A critical vulnerability of these models is data poisoning attacks, where adversaries deliberately alter…

Machine Learning · Computer Science 2024-10-14 Isha Gupta , Hidde Lycklama , Emanuel Opel , Evan Rose , Anwar Hithnawi

Machine learning (ML) models are known to be vulnerable to a number of attacks that target the integrity of their predictions or the privacy of their training data. To carry out these attacks, a black-box adversary must typically possess…

Cryptography and Security · Computer Science 2023-09-06 Dudi Biton , Aditi Misra , Efrat Levy , Jaidip Kotak , Ron Bitton , Roei Schuster , Nicolas Papernot , Yuval Elovici , Ben Nassi

Models can expose sensitive information about their training data. In an attribute inference attack, an adversary has partial knowledge of some training records and access to a model trained on those records, and infers the unknown values…

Cryptography and Security · Computer Science 2022-09-07 Bargav Jayaraman , David Evans

Adversarial reprogramming allows stealing computational resources by repurposing machine learning models to perform a different task chosen by the attacker. For example, a model trained to recognize images of animals can be reprogrammed to…

Computer Science and Game Theory · Computer Science 2022-11-08 Yang Zheng , Xiaoyi Feng , Zhaoqiang Xia , Xiaoyue Jiang , Maura Pintor , Ambra Demontis , Battista Biggio , Fabio Roli

Machine learning (ML) models have been widely applied to various applications, including image classification, text generation, audio recognition, and graph data analysis. However, recent studies have shown that ML models are vulnerable to…

Machine Learning · Computer Science 2022-02-04 Hongsheng Hu , Zoran Salcic , Lichao Sun , Gillian Dobbie , Philip S. Yu , Xuyun Zhang