Dataset Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses

Micah Goldblum; Dimitris Tsipras; Chulin Xie; Xinyun Chen; Avi Schwarzschild; Dawn Song; Aleksander Madry; Bo Li; Tom Goldstein

doi:10.1109/TPAMI.2022.3162397

Dataset Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses

Micah Goldblum
, Dimitris Tsipras
, Chulin Xie
, Xinyun Chen
, Avi Schwarzschild
, Dawn Song
, Aleksander Madry
, Bo Li
, Tom Goldstein

Siebel School of Computing and Data Science

Research output: Contribution to journal › Article › peer-review

Abstract

As machine learning systems grow in scale, so do their training data requirements, forcing practitioners to automate and outsource the curation of training data in order to achieve state-of-the-art performance. The absence of trustworthy human supervision over the data collection process exposes organizations to security vulnerabilities; training data can be manipulated to control and degrade the downstream behaviors of learned models. The goal of this work is to systematically categorize and discuss a wide range of dataset vulnerabilities and exploits, approaches for defending against these threats, and an array of open problems in this space.

Original language	English (US)
Pages (from-to)	1563-1580
Number of pages	18
Journal	IEEE transactions on pattern analysis and machine intelligence
Volume	45
Issue number	2
DOIs	https://doi.org/10.1109/TPAMI.2022.3162397
State	Published - Feb 1 2023

Keywords

Data poisoning
backdoor attacks
dataset security

ASJC Scopus subject areas

Software
Computer Vision and Pattern Recognition
Computational Theory and Mathematics
Applied Mathematics
Artificial Intelligence

Online availability

10.1109/TPAMI.2022.3162397

Library availability

Discover UIUC Full Text

Cite this

@article{38cc668783f049c5abd246fa9b87bf2c,

title = "Dataset Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses",

abstract = "As machine learning systems grow in scale, so do their training data requirements, forcing practitioners to automate and outsource the curation of training data in order to achieve state-of-the-art performance. The absence of trustworthy human supervision over the data collection process exposes organizations to security vulnerabilities; training data can be manipulated to control and degrade the downstream behaviors of learned models. The goal of this work is to systematically categorize and discuss a wide range of dataset vulnerabilities and exploits, approaches for defending against these threats, and an array of open problems in this space.",

keywords = "Data poisoning, backdoor attacks, dataset security",

author = "Micah Goldblum and Dimitris Tsipras and Chulin Xie and Xinyun Chen and Avi Schwarzschild and Dawn Song and Aleksander Madry and Bo Li and Tom Goldstein",

note = "Publisher Copyright: {\textcopyright} 1979-2012 IEEE.",

year = "2023",

month = feb,

day = "1",

doi = "10.1109/TPAMI.2022.3162397",

language = "English (US)",

volume = "45",

pages = "1563--1580",

journal = "IEEE transactions on pattern analysis and machine intelligence",

issn = "0162-8828",

publisher = "IEEE Computer Society",

number = "2",

}

TY - JOUR

T1 - Dataset Security for Machine Learning

T2 - Data Poisoning, Backdoor Attacks, and Defenses

AU - Goldblum, Micah

AU - Tsipras, Dimitris

AU - Xie, Chulin

AU - Chen, Xinyun

AU - Schwarzschild, Avi

AU - Song, Dawn

AU - Madry, Aleksander

AU - Li, Bo

AU - Goldstein, Tom

PY - 2023/2/1

Y1 - 2023/2/1

N2 - As machine learning systems grow in scale, so do their training data requirements, forcing practitioners to automate and outsource the curation of training data in order to achieve state-of-the-art performance. The absence of trustworthy human supervision over the data collection process exposes organizations to security vulnerabilities; training data can be manipulated to control and degrade the downstream behaviors of learned models. The goal of this work is to systematically categorize and discuss a wide range of dataset vulnerabilities and exploits, approaches for defending against these threats, and an array of open problems in this space.

AB - As machine learning systems grow in scale, so do their training data requirements, forcing practitioners to automate and outsource the curation of training data in order to achieve state-of-the-art performance. The absence of trustworthy human supervision over the data collection process exposes organizations to security vulnerabilities; training data can be manipulated to control and degrade the downstream behaviors of learned models. The goal of this work is to systematically categorize and discuss a wide range of dataset vulnerabilities and exploits, approaches for defending against these threats, and an array of open problems in this space.

KW - Data poisoning

KW - backdoor attacks

KW - dataset security

UR - https://www.scopus.com/pages/publications/85147252483

UR - https://www.scopus.com/pages/publications/85147252483#tab=citedBy

U2 - 10.1109/TPAMI.2022.3162397

DO - 10.1109/TPAMI.2022.3162397

M3 - Article

C2 - 35333711

AN - SCOPUS:85147252483

SN - 0162-8828

VL - 45

SP - 1563

EP - 1580

JO - IEEE transactions on pattern analysis and machine intelligence

JF - IEEE transactions on pattern analysis and machine intelligence

IS - 2

ER -

Dataset Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses

Abstract

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this