Some Submodular Data-Poisoning Attacks on Machine Learners

Abstract

We study data-poisoning attacks using a machine teaching framework. For a family of NP-hard attack problems we pose them as submodular function maximization, thereby inheriting efficient greedy algorithms with theoretical guarantees. We demonstrate some attacks with experiments