Loading...

Clean-Label Data Poisoning Attack Methods Enhancement in Deep Learning Models

Nadi, Sina | 2022

159 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 55633 (19)
  4. University: Sharif University of Technology
  5. Department: Computer Engineering
  6. Advisor(s): Rohban, Mohammad Hossein
  7. Abstract:
  8. In recent years, deep learning models have become one of the most widely used models in the field of artificial intelligence by showing high accuracy in various applications, in some of which the accuracy and correctness of the output of the models are very important, and in case of an error, there will be a possibility of chaotic events. Along with the progress of deep learning models, attacks have also been introduced in this field that severely compromises the security of such models and affects the accuracy and correctness of their output. Data poisoning is an attack on deep learning models wherein the attacker manipulates some data examples and adds these poisoned data to the victim's model's training set to change the model's outputs at test time. Clean-Label data poisoning is a data poisoning attack wherein the attacker does not have any control over the labeling stage of training data. In this attack, the attacker adds a perturbation to some data and publishes the instances. The goal is to change the output of the victim's model on specific data in the test stage. Although several defense methods have been proposed in this field, still no defense method has been introduced that can resist recently introduced attacks and methods. In this thesis, we will introduce an effective defense method, against this type of attack, based on a geometric view of normal samples and manipulated and poisoned samples in subspaces with different dimensions. We will also describe another defense method based on purifier models. Our research shows that our defense method can reduce the attack success rate to zero in several models
  9. Keywords:
  10. Deep Learning ; Adversarial Attacks ; Data Manipulation ; Poisoning Data ; Purifier

 Digital Object List