Learner-Independent Targeted Data Omission Attacks

Guy Barash, Onn Shehory, Sarit Kraus, Eitan Farchi

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

In this paper we introduce the data omission attack—a new type of attack against learning mechanisms. The attack can be seen as a specific type of a poisoning attack. However, while poisoning attacks typically corrupt data in various ways including addition, omission and modification, to optimize the attack, we focus on omission only, which is much simpler to implement and analyze. A major advantage of our attack method is its generality. While poisoning attacks are usually optimized for a specific learner and prove ineffective against others, our attack is effective against a variety of learners. We demonstrate this effectiveness via a series of attack experiments against various learning mechanisms. We show that, with a relatively low attack budget, our omission attack succeeds regardless of the target learner.

Original languageEnglish
Title of host publicationEngineering Dependable and Secure Machine Learning Systems - Third International Workshop, EDSMLS 2020, Revised Selected Papers
EditorsOnn Shehory, Eitan Farchi, Guy Barash
PublisherSpringer Science and Business Media Deutschland GmbH
Pages23-41
Number of pages19
ISBN (Print)9783030621438
DOIs
StatePublished - 2020
Event3rd International Workshop on Engineering Dependable and Secure Machine Learning Systems, EDSMLS 2020 - New York City, United States
Duration: 7 Feb 20207 Feb 2020

Publication series

NameCommunications in Computer and Information Science
Volume1272
ISSN (Print)1865-0929
ISSN (Electronic)1865-0937

Conference

Conference3rd International Workshop on Engineering Dependable and Secure Machine Learning Systems, EDSMLS 2020
Country/TerritoryUnited States
CityNew York City
Period7/02/207/02/20

Bibliographical note

Publisher Copyright:
© 2020, Springer Nature Switzerland AG.

Keywords

  • Adversarial ML
  • Machine learning

Fingerprint

Dive into the research topics of 'Learner-Independent Targeted Data Omission Attacks'. Together they form a unique fingerprint.

Cite this