ML Anthology

Attacking Few-Shot Classifiers with Adversarial Support Poisoning

Elre Talea Oldewage, John F Bronskill, Richard E Turner
ICMLW 2021
/icmlw/2021/oldewage2021icmlw-attacking/

Abstract

This paper examines the robustness of deployed few-shot meta-learning systems when they are fed an imperceptibly perturbed few-shot dataset, showing that the resulting predictions on test inputs can become worse than chance. This is achieved by developing a novel attack, Adversarial Support Poisoning or ASP, which crafts a poisoned set of examples. When even a small subset of malicious data points is inserted into the support set of a meta-learner, accuracy is significantly reduced. We evaluate the new attack on a variety of few-shot classification algorithms and scenarios, and propose a form of adversarial training that significantly improves robustness against both poisoning and evasion attacks.

PDF ICMLW OpenReview Semantic Scholar

Cite

Text

Oldewage et al. "Attacking Few-Shot Classifiers with Adversarial Support Poisoning." ICML 2021 Workshops: AML, 2021.

Markdown

[Oldewage et al. "Attacking Few-Shot Classifiers with Adversarial Support Poisoning." ICML 2021 Workshops: AML, 2021.](https://mlanthology.org/icmlw/2021/oldewage2021icmlw-attacking/)

BibTeX

@inproceedings{oldewage2021icmlw-attacking,
  title     = {{Attacking Few-Shot Classifiers with Adversarial Support Poisoning}},
  author    = {Oldewage, Elre Talea and Bronskill, John F and Turner, Richard E},
  booktitle = {ICML 2021 Workshops: AML},
  year      = {2021},
  url       = {https://mlanthology.org/icmlw/2021/oldewage2021icmlw-attacking/}
}