Paper Info
Title
Mitigating Poisoning Attacks on Machine Learning Models: A Data Provenance Based Approach.
Abstract
The use of machine learning models has become ubiquitous. Their predictions are used to make decisions about healthcare, security, investments and many other critical applications. Given this pervasiveness, it is not surprising that adversaries have an incentive to manipulate machine learning models to their advantage. One way of manipulating a model is through a poisoning or causative attack in which the adversary feeds carefully crafted poisonous data points into the training set. Taking advantage of recently developed tamper-free provenance frameworks, we present a methodology that uses contextual information about the origin and transformation of data points in the training set to identify poisonous data, thereby enabling online and regularly re-trained machine learning applications to consume data sources in potentially adversarial environments. To the best of our knowledge, this is the first approach to incorporate provenance information as part of a filtering algorithm to detect causative attacks. We present two variations of the methodology - one tailored to partially trusted data sets and the other to fully untrusted data sets. Finally, we evaluate our methodology against existing methods to detect poison data and show an improvement in the detection rate.
Year
DOI
Venue
2017
10.1145/3128572.3140450
AISec@CCS
Field
DocType
ISBN
Data point,Contextual information,Data set,Incentive,Filter (signal processing),Adversarial machine learning,Artificial intelligence,Adversary,Engineering,Machine learning,Adversarial system
Conference
978-1-4503-5202-4
Citations 
PageRank 
References 
3
0.43
0
Authors
4
Name
Order
Citations
PageRank
Nathalie Baracaldo111112.47
Bryant Chen2175.07
Heiko Ludwig31278147.99
Jaehoon Amir Safavi460.81