Are You Tampering with My Data?Show others and affiliations
2019 (English)In: Computer Vision – ECCV 2018 Workshops: Proceedings, Part II / [ed] Laura Leal-Taixé & Stefan Roth, Springer, 2019, p. 296-312Conference paper, Published paper (Refereed)
Abstract [en]
We propose a novel approach towards adversarial attacks on neural networks (NN), focusing on tampering the data used for training instead of generating attacks on trained models. Our network-agnostic method creates a backdoor during training which can be exploited at test time to force a neural network to exhibit abnormal behaviour. We demonstrate on two widely used datasets (CIFAR-10 and SVHN) that a universal modification of just one pixel per image for all the images of a class in the training set is enough to corrupt the training procedure of several state-of-the-art deep neural networks, causing the networks to misclassify any images to which the modification is applied. Our aim is to bring to the attention of the machine learning community, the possibility that even learning-based methods that are personally trained on public datasets can be subject to attacks by a skillful adversary.
Place, publisher, year, edition, pages
Springer, 2019. p. 296-312
Series
Lecture Notes in Computer Science ; 11130
Keywords [en]
Adversarial attack, Machine learning, Deep neural networks, Data poisoning
National Category
Computer Sciences
Research subject
Machine Learning
Identifiers
URN: urn:nbn:se:ltu:diva-73147DOI: 10.1007/978-3-030-11012-3_25ISI: 000594380500025Scopus ID: 2-s2.0-85061797135ISBN: 978-3-030-11011-6 (print)OAI: oai:DiVA.org:ltu-73147DiVA, id: diva2:1295180
Conference
15th European Conference on Computer Vision (ECCV), September 8-14, Munich, Germany
2019-03-112019-03-112021-12-13Bibliographically approved