Project lead, main contributor, correspondence to alexandre.rame@isir.upmc.fr. Equal experimental contribution, order determined at random. Further information and resources related to this project can be found on this website.

Proceedings of the International Conference on Machine Learning 2024

This perspective enable a more direct comprehension of how the learning trajectory influences generalization error.

This perspective enable a more direct comprehension of how the learning trajectory influences generalization error.

In a backdoor attack, an adversary injects corrupted data into a model's training dataset in order to gain control over its predictions on images with a specific attacker-defined trigger. A typical corrupted training example requires altering both the image, by applying the trigger, and the label. Models trained on clean images, therefore, were considered safe from backdoor attacks. However, in some common machine learning scenarios, the training labels are provided by potentially malicious third-parties. This includes crowd-sourced annotation and knowledge distillation. We, hence, investigate a fundamental question: can we launch a successful backdoor attack by only corrupting labels?

Until now, no tabular method has consistently outperformed classical supervised learning, which ignores these shifts.