Exploring Vulnerabilities of Semi-Supervised Learning to Simple Backdoor Attacks
Abstract
Semi-supervised learning methods can train high-accuracy machine learning models with a fraction of the labeled training samples required for traditional supervised learning. Such methods do not typically involve close review of the unlabeled training samples, making them tempting targets for data poisoning attacks. In this paper, we show that simple backdoor attacks on unlabeled samples in the FixMatch semi-supervised learning algorithm are surprisingly effective - achieving an average attack success rate as high as 96.9%. We identify unique characteristics of backdoor attacks against FixMatch that can provide practitioners with a better understanding of the vulnerabilities of their models to backdoor attacks.
Cite
Text
Connor and Emanuele. "Exploring Vulnerabilities of Semi-Supervised Learning to Simple Backdoor Attacks." ICLR 2023 Workshops: BANDS, 2023.Markdown
[Connor and Emanuele. "Exploring Vulnerabilities of Semi-Supervised Learning to Simple Backdoor Attacks." ICLR 2023 Workshops: BANDS, 2023.](https://mlanthology.org/iclrw/2023/connor2023iclrw-exploring/)BibTeX
@inproceedings{connor2023iclrw-exploring,
title = {{Exploring Vulnerabilities of Semi-Supervised Learning to Simple Backdoor Attacks}},
author = {Connor, Marissa Catherine and Emanuele, Vincent},
booktitle = {ICLR 2023 Workshops: BANDS},
year = {2023},
url = {https://mlanthology.org/iclrw/2023/connor2023iclrw-exploring/}
}