Towards Effective Data Poisoning for Imbalanced Classification
Abstract
Targeted Clean-label Data Poisoning Attacks (TCPDA) aim to manipulate training samples in a label-consistent manner to gain malicious control over targeted samples' output during deployment. A prominent class of TCDPA methods, gradient-matching based data-poisoning methods, utilize a small subset of training class samples to match the poisoned gradient of a target sample. However, their effectiveness is limited when attacking imbalanced datasets because of gradient mis-match due to training time data balancing techniques like Re-weighting and Re-sampling. In this paper, we propose two modifications that eliminate this gradient-mismatch and thereby enhance the efficacy of gradient-matching-based TCDPA on imbalanced datasets. Our methods achieve notable improvements of up to 32% (Re-sampling) and 51% (Re-weighting) in terms of Attack Effect Success Rate on MNIST and CIFAR10.
Cite
Text
Mishra et al. "Towards Effective Data Poisoning for Imbalanced Classification." ICML 2023 Workshops: AdvML-Frontiers, 2023.Markdown
[Mishra et al. "Towards Effective Data Poisoning for Imbalanced Classification." ICML 2023 Workshops: AdvML-Frontiers, 2023.](https://mlanthology.org/icmlw/2023/mishra2023icmlw-effective/)BibTeX
@inproceedings{mishra2023icmlw-effective,
title = {{Towards Effective Data Poisoning for Imbalanced Classification}},
author = {Mishra, Snigdha Sushil and He, Hao and Wang, Hao},
booktitle = {ICML 2023 Workshops: AdvML-Frontiers},
year = {2023},
url = {https://mlanthology.org/icmlw/2023/mishra2023icmlw-effective/}
}