Wild Patterns Reloaded: A Survey of Machine Learning Security against Training Data Poisoning-Reference-Cited by-同舟云学术

Wild Patterns Reloaded: A Survey of Machine Learning Security against Training Data Poisoning

Published:2023-07-13 Issue:13s Volume:55 Page:1-39
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Cinà Antonio Emanuele¹^ORCID,Grosse Kathrin²^ORCID,Demontis Ambra³^ORCID,Vascon Sebastiano⁴^ORCID,Zellinger Werner⁵^ORCID,Moser Bernhard A.⁵^ORCID,Oprea Alina⁶^ORCID,Biggio Battista⁷^ORCID,Pelillo Marcello¹^ORCID,Roli Fabio⁸^ORCID

Affiliation:

1. DAIS, Ca’ Foscari University of Venice, Italy

2. VITA Lab, École Polytechnique Fédérale de Lausanne, Switzerland

3. DIEE, University of Cagliari, Italy

4. DAIS, Ca’ Foscari University of Venice and European Center for Living Technology, Italy

5. Software Competence Center Hagenberg GmbH (SCCH), Austria

6. Khoury College of Computer Sciences, Northeastern University, MA, USA

7. DIEE, University of Cagliari, CINI, and Pluribus One, Italy

8. DIBRIS, University of Genoa, CINI, and Pluribus One, Italy

Abstract

The success of machine learning is fueled by the increasing availability of computing power and large training datasets. The training data is used to learn new models or update existing ones, assuming that it is sufficiently representative of the data that will be encountered at test time. This assumption is challenged by the threat of poisoning, an attack that manipulates the training data to compromise the model’s performance at test time. Although poisoning has been acknowledged as a relevant threat in industry applications, and a variety of different attacks and defenses have been proposed so far, a complete systematization and critical review of the field is still missing. In this survey, we provide a comprehensive systematization of poisoning attacks and defenses in machine learning, reviewing more than 100 papers published in the field in the past 15 years. We start by categorizing the current threat models and attacks and then organize existing defenses accordingly. While we focus mostly on computer-vision applications, we argue that our systematization also encompasses state-of-the-art attacks and defenses for other data modalities. Finally, we discuss existing resources for research in poisoning and shed light on the current limitations and open research questions in this research field.

Funder

PRIN 2017 project RexLearn

Italian Ministry of Education, University and Research

EU’s Horizon Europe research and innovation program under the project ELSA

“TrustML: Towards Machine Learning that Humans Can Trust,”

Fondazione di Sardegna; the NRRP MUR program funded by the EU - NGEU under the project SERICS

COMET Programme managed by FFG in the COMET Module S3AI

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3585385

Reference215 articles.

1. VENOMAVE: Clean-label poisoning against speech recognition;Aghakhani Hojjat;arXiv:2010.10682,2020

2. Hojjat Aghakhani, Dongyu Meng, Yu-Xiang Wang, Christopher Kruegel, and Giovanni Vigna. 2021. Bullseye polytope: A scalable clean-label poisoning attack with improved transferability. In European Symposium on Security and Privacy (EuroS&P). 159–178.

3. Poisoning deep reinforcement learning agents with in-distribution triggers;Ashcraft Chace;arXiv:2106.07798,2021

4. Eugene Bagdasaryan, Andreas Veit, Yiqing Hua, Deborah Estrin, and Vitaly Shmatikov. 2020. How to backdoor federated learning. In 23rd International Conference on AI and Statistics. PMLR, 2938–2948.

5. Baseline pruning-based approach to trojan detection in neural networks;Bajcsy Peter;arXiv:2101.12016,2021

Cited by 29 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. The revolution and vision of explainable AI for Android malware detection and protection;Internet of Things;2024-10

2. Adversarial Machine Learning in Industry: A Systematic Literature Review;Computers & Security;2024-10

3. A Red Teaming Framework for Securing AI in Maritime Autonomous Systems;Applied Artificial Intelligence;2024-09-04

4. Data poisoning attacks in intelligent transportation systems: A survey;Transportation Research Part C: Emerging Technologies;2024-08

5. Clients Eligibility-Based Lightweight Protocol in Federated Learning: An IDS Use Case;IEEE Transactions on Network and Service Management;2024-08