BagFlip: A Certified Defense against Data Poisoning
Zhang, Yuhao, Albarghouthi, Aws, D'Antoni, Loris
–arXiv.org Artificial Intelligence
Machine learning models are vulnerable to data-poisoning attacks, in which an attacker maliciously modifies the training set to change the prediction of a learned model. In a trigger-less attack, the attacker can modify the training set but not the test inputs, while in a backdoor attack the attacker can also modify test inputs. Existing model-agnostic defense approaches either cannot handle backdoor attacks or do not provide effective certificates (i.e., a proof of a defense). We present BagFlip, a model-agnostic certified approach that can effectively defend against both trigger-less and backdoor attacks. We evaluate BagFlip on image classification and malware detection datasets. BagFlip is equal to or more effective than the state-of-the-art approaches for trigger-less attacks and more effective than the state-of-the-art approaches for backdoor attacks.
arXiv.org Artificial Intelligence
Oct-16-2022
- Country:
- Africa > Ethiopia
- Addis Ababa > Addis Ababa (0.04)
- Asia
- Europe
- Austria > Vienna (0.14)
- France > Hauts-de-France
- Greece (0.04)
- United Kingdom
- England > Greater London
- London (0.04)
- Scotland > City of Edinburgh
- Edinburgh (0.04)
- England > Greater London
- North America
- Canada
- British Columbia > Metro Vancouver Regional District
- Vancouver (0.04)
- Quebec > Montreal (0.04)
- British Columbia > Metro Vancouver Regional District
- Puerto Rico > San Juan
- San Juan (0.04)
- United States
- California
- Los Angeles County > Long Beach (0.04)
- San Diego County > San Diego (0.04)
- San Francisco County > San Francisco (0.14)
- New York > New York County
- New York City (0.04)
- Wisconsin > Dane County
- Madison (0.04)
- California
- Canada
- Africa > Ethiopia
- Genre:
- Overview > Innovation (0.54)
- Research Report (1.00)
- Industry:
- Information Technology > Security & Privacy (1.00)
- Technology: