1 research outputs found
Generative Poisoning Attack Method Against Neural Networks
Poisoning attack is identified as a severe security threat to machine
learning algorithms. In many applications, for example, deep neural network
(DNN) models collect public data as the inputs to perform re-training, where
the input data can be poisoned. Although poisoning attack against support
vector machines (SVM) has been extensively studied before, there is still very
limited knowledge about how such attack can be implemented on neural networks
(NN), especially DNNs. In this work, we first examine the possibility of
applying traditional gradient-based method (named as the direct gradient
method) to generate poisoned data against NNs by leveraging the gradient of the
target model w.r.t. the normal data. We then propose a generative method to
accelerate the generation rate of the poisoned data: an auto-encoder
(generator) used to generate poisoned data is updated by a reward function of
the loss, and the target NN model (discriminator) receives the poisoned data to
calculate the loss w.r.t. the normal data. Our experiment results show that the
generative method can speed up the poisoned data generation rate by up to
239.38x compared with the direct gradient method, with slightly lower model
accuracy degradation. A countermeasure is also designed to detect such
poisoning attack methods by checking the loss of the target model