Manipulating SGD with Data Ordering Attacks
Dez 6, 2021
Sprecher:innen
Ilja Shumailov
Řečník · 0 sledujících
Zakhar Shumaylov
Řečník · 0 sledujících
Dmitry Kazhdan
Řečník · 0 sledujících
Yiren Zhao
Řečník · 0 sledujících
Nicolas Papernot
Řečník · 0 sledujících
Murat A. Erdogdu
Řečník · 0 sledujících
Ross Anderson
Řečník · 0 sledujících
Über
Machine learning is vulnerable to a wide variety of attacks. It is now well understood that by changing the underlying data distribution, an adversary can poison the model trained with it or introduce backdoors. In this paper we present a novel class of training-time attacks that require no changes to the underlying dataset or model architecture, but instead only change the order in which data are supplied to the model. In particular, we find that the attacker can either prevent the model from learning, or poison it to learn behaviours specified by the attacker. Furthermore, we find that even a single adversarially-ordered epoch can be enough to slow down model learning, or even to reset all of the learning progress. Indeed, the attacks presented here are not specific to the model or dataset, but rather target the stochastic nature of modern learning procedures. We extensively evaluate our attacks on computer vision and natural language benchmarks to find that the adversary can disrupt model training and even introduce backdoors.Machine learning is vulnerable to a wide variety of attacks. It is now well understood that by changing the underlying data distribution, an adversary can poison the model trained with it or introduce backdoors. In this paper we present a novel class of training-time attacks that require no changes to the underlying dataset or model architecture, but instead only change the order in which data are supplied to the model. In particular, we find that the attacker can either prevent the model from l…
Organisator
NeurIPS 2021
Účet · 1,9k sledujících
Über NeurIPS 2021
Neural Information Processing Systems (NeurIPS) is a multi-track machine learning and computational neuroscience conference that includes invited talks, demonstrations, symposia and oral and poster presentations of refereed papers. Following the conference, there are workshops which provide a less formal setting.
Gefällt euch das Format? Vertraut auf SlidesLive, um euer nächstes Event festzuhalten!
Professionelle Aufzeichnung und Livestreaming – weltweit.
Freigeben
Empfohlene Videos
Präsentationen, deren Thema, Kategorie oder Sprecher:in ähnlich sind
Adversarial Robustness with Non-uniform Perturbations
Zhlédnout později
Pro uložení prezentace do věčného trezoru hlasovalo 0 diváků, což je 0.0 %
Improving Calibration through the Relationship with Adversarial Robustness
Zhlédnout později
Yao Qin, …
Pro uložení prezentace do věčného trezoru hlasovalo 0 diváků, což je 0.0 %
Linear-Time Gromov Wasserstein Distances using Low Rank Couplings and Costs
Zhlédnout později
Pro uložení prezentace do věčného trezoru hlasovalo 0 diváků, což je 0.0 %
Representing Hyperbolic Space Accurately using Multi-Component Floats
Zhlédnout později
Tao Yu, …
Pro uložení prezentace do věčného trezoru hlasovalo 0 diváků, což je 0.0 %
Detecting Individual Decision-Making Style: Exploring Behavioral Stylometry in Chess
Zhlédnout později
Pro uložení prezentace do věčného trezoru hlasovalo 0 diváků, což je 0.0 %
Tight Accounting in the Shuffle Model of Differential Privacy
Zhlédnout později
Pro uložení prezentace do věčného trezoru hlasovalo 0 diváků, což je 0.0 %