Poisons That Are Learned Faster Are More Effective
Abstract
Imperceptible poisoning attacks on entire datasets have recently been touted as methods for protecting data privacy. However, among a number of defenses preventing the practical use of these techniques, early-stopping stands out as a simple, yet effective defense. To gauge poisons’ vulnerability to early-stopping, we benchmark error-minimizing, error-maximizing, and synthetic poisons in terms of peak test accuracy over 100 epochs and make a number of surprising observations. First, we find that poisons that reach a low training loss faster have lower peak test accuracy. Second, we find that a current state-of-the-art error-maximizing poison is 7× less effective when poison training is stopped at epoch 8. Third, we find that stronger, more transferable adversarial attacks do not make stronger poisons. We advocate for evaluating poisons in terms of peak test accuracy.
Cite
Text
Segura et al. "Poisons That Are Learned Faster Are More Effective." IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, 2022. doi:10.1109/CVPRW56347.2022.00033Markdown
[Segura et al. "Poisons That Are Learned Faster Are More Effective." IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, 2022.](https://mlanthology.org/cvprw/2022/segura2022cvprw-poisons/) doi:10.1109/CVPRW56347.2022.00033BibTeX
@inproceedings{segura2022cvprw-poisons,
title = {{Poisons That Are Learned Faster Are More Effective}},
author = {Segura, Pedro Sandoval and Singla, Vasu and Fowl, Liam and Geiping, Jonas and Goldblum, Micah and Jacobs, David and Goldstein, Tom},
booktitle = {IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops},
year = {2022},
pages = {197-204},
doi = {10.1109/CVPRW56347.2022.00033},
url = {https://mlanthology.org/cvprw/2022/segura2022cvprw-poisons/}
}