Indiscriminate Poisoning Attacks on Unsupervised Contrastive Learning

Indiscriminate data poisoning attacks are quite effective against supervised learning. However, not much is known about their impact on unsupervised contrastive learning (CL). This paper is the first to consider indiscriminate poisoning attacks of contrastive learning. We propose Contrastive Poisoning (CP), the first effective such attack on CL. We empirically show that Contrastive Poisoning, not only drastically reduces the performance of CL algorithms, but also attacks supervised learning models, making it the most generalizable indiscriminate poisoning attack. We also show that CL algorithms with a momentum encoder are more robust to indiscriminate poisoning, and propose a new countermeasure based on matrix completion. Research on indiscriminate poisoning attacks has attracted much attention in recent years due Figure 1: Accuracy of the victim model when to concerns about unauthorized or even illegal facing the current SOTA in indiscriminate data exploitation of online personal data (Prabhu & poisoning attacks (Fowl et al., 2021a). It shows Birhane, 2021; Carlini et al., 2021). One example that past indiscriminate poisoning while highly is reported by Hill & Krolik where a commercial effective on victim models that use supervised company collected billions of face images learning is mostly ineffective when the victim to build their face recognition model without acquiring uses unsupervised contrastive learning (SimCLR, any consent. All prior works on indiscriminate poisoning of deep learning are in the context of supervised learning (SL), and use a cross-entropy loss. However, advances in modern machine learning have shown that unsupervised contrastive learning (CL) can achieve the same accuracy or even exceed the performance of supervised learning on core machine learning tasks (Azizi et al., 2021; Radford et al., 2021; Chen et al., 2020b; 2021; Tian et al., 2021; Jaiswal et al., 2021).