Mole Recruitment: Poisoning of Image Classifiers via Selective Batch Sampling
| dc.contributor.author | Wisdom, Ethan | |
| dc.contributor.author | Gokhale, Tejas | |
| dc.contributor.author | Xiao, Chaowei | |
| dc.contributor.author | Yang, Yezhou | |
| dc.date.accessioned | 2024-02-27T19:24:02Z | |
| dc.date.available | 2024-02-27T19:24:02Z | |
| dc.date.issued | 2023-03-30 | |
| dc.description.abstract | In this work, we present a data poisoning attack that confounds machine learning models without any manipulation of the image or label. This is achieved by simply leveraging the most confounding natural samples found within the training data itself, in a new form of a targeted attack coined "Mole Recruitment." We define moles as the training samples of a class that appear most similar to samples of another class, and show that simply restructuring training batches with an optimal number of moles can lead to significant degradation in the performance of the targeted class. We show the efficacy of this novel attack in an offline setting across several standard image classification datasets, and demonstrate the real-world viability of this attack in a continual learning (CL) setting. Our analysis reveals that state-of-the-art models are susceptible to Mole Recruitment, thereby exposing a previously undetected vulnerability of image classifiers. Code can be found here: http://github.com/wisdeth14/MoleRecruitment | |
| dc.description.sponsorship | This work was supported by NSF grants #1750082, #2101052. EW was partially supported by ASU Fulton Engineering Schools’ Dean’s fellowship. | |
| dc.description.uri | https://arxiv.org/abs/2303.17080 | |
| dc.format.extent | 15 pages | |
| dc.genre | journal articles | |
| dc.genre | preprints | |
| dc.identifier | doi:10.13016/m2jbvd-akcq | |
| dc.identifier.uri | https://doi.org/10.48550/arXiv.2303.17080 | |
| dc.identifier.uri | http://hdl.handle.net/11603/31720 | |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department Collection | |
| dc.rights | This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author. | |
| dc.rights | Attribution-NonCommercial-NoDerivs 4.0 International | en |
| dc.rights.uri | https://creativecommons.org/licenses/by-nc-nd/4.0/ | |
| dc.title | Mole Recruitment: Poisoning of Image Classifiers via Selective Batch Sampling | |
| dc.type | Text | |
| dcterms.creator | https://orcid.org/0000-0002-5593-2804 |