Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning

Matthew Jagielski; Alina Oprea; Battista Biggio; Chang Liu; Cristina Nita-Rotaru; Bo Li

doi:10.1109/SP.2018.00057

Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning

Matthew Jagielski, Alina Oprea, Battista Biggio, Chang Liu, Cristina Nita-Rotaru, Bo Li

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

As machine learning becomes widely used for automated decisions, attackers have strong incentives to manipulate the results and models generated by machine learning algorithms. In this paper, we perform the first systematic study of poisoning attacks and their countermeasures for linear regression models. In poisoning attacks, attackers deliberately influence the training data to manipulate the results of a predictive model. We propose a theoretically-grounded optimization framework specifically designed for linear regression and demonstrate its effectiveness on a range of datasets and models. We also introduce a fast statistical attack that requires limited knowledge of the training process. Finally, we design a new principled defense method that is highly resilient against all poisoning attacks. We provide formal guarantees about its convergence and an upper bound on the effect of poisoning attacks when the defense is deployed. We evaluate extensively our attacks and defenses on three realistic datasets from health care, loan assessment, and real estate domains.

Original language	English (US)
Title of host publication	Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	19-35
Number of pages	17
ISBN (Electronic)	9781538643525
DOIs	https://doi.org/10.1109/SP.2018.00057
State	Published - Jul 23 2018
Externally published	Yes
Event	39th IEEE Symposium on Security and Privacy, SP 2018 - San Francisco, United States Duration: May 21 2018 → May 23 2018

Publication series

Name	Proceedings - IEEE Symposium on Security and Privacy
Volume	2018-May
ISSN (Print)	1081-6011

Other

Other	39th IEEE Symposium on Security and Privacy, SP 2018
Country/Territory	United States
City	San Francisco
Period	5/21/18 → 5/23/18

Keywords

adversarial machine learning
poisoning attacks
robust linear regression

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Software
Computer Networks and Communications

Online availability

10.1109/SP.2018.00057

Library availability

Discover UIUC Full Text

Cite this

Jagielski, M., Oprea, A., Biggio, B., Liu, C., Nita-Rotaru, C., & Li, B. (2018). Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. In Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018 (pp. 19-35). Article 8418594 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2018-May). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SP.2018.00057

Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. / Jagielski, Matthew; Oprea, Alina; Biggio, Battista et al.
Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018. Institute of Electrical and Electronics Engineers Inc., 2018. p. 19-35 8418594 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2018-May).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Jagielski, M, Oprea, A, Biggio, B, Liu, C, Nita-Rotaru, C & Li, B 2018, Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. in Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018., 8418594, Proceedings - IEEE Symposium on Security and Privacy, vol. 2018-May, Institute of Electrical and Electronics Engineers Inc., pp. 19-35, 39th IEEE Symposium on Security and Privacy, SP 2018, San Francisco, United States, 5/21/18. https://doi.org/10.1109/SP.2018.00057

Jagielski M, Oprea A, Biggio B, Liu C, Nita-Rotaru C, Li B. Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. In Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018. Institute of Electrical and Electronics Engineers Inc. 2018. p. 19-35. 8418594. (Proceedings - IEEE Symposium on Security and Privacy). doi: 10.1109/SP.2018.00057

@inproceedings{244de33c499c4fb0815f7d2866b0a22a,

title = "Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning",

abstract = "As machine learning becomes widely used for automated decisions, attackers have strong incentives to manipulate the results and models generated by machine learning algorithms. In this paper, we perform the first systematic study of poisoning attacks and their countermeasures for linear regression models. In poisoning attacks, attackers deliberately influence the training data to manipulate the results of a predictive model. We propose a theoretically-grounded optimization framework specifically designed for linear regression and demonstrate its effectiveness on a range of datasets and models. We also introduce a fast statistical attack that requires limited knowledge of the training process. Finally, we design a new principled defense method that is highly resilient against all poisoning attacks. We provide formal guarantees about its convergence and an upper bound on the effect of poisoning attacks when the defense is deployed. We evaluate extensively our attacks and defenses on three realistic datasets from health care, loan assessment, and real estate domains.",

keywords = "adversarial machine learning, poisoning attacks, robust linear regression",

author = "Matthew Jagielski and Alina Oprea and Battista Biggio and Chang Liu and Cristina Nita-Rotaru and Bo Li",

note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 39th IEEE Symposium on Security and Privacy, SP 2018 ; Conference date: 21-05-2018 Through 23-05-2018",

year = "2018",

month = jul,

day = "23",

doi = "10.1109/SP.2018.00057",

language = "English (US)",

series = "Proceedings - IEEE Symposium on Security and Privacy",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "19--35",

booktitle = "Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018",

address = "United States",

}

TY - GEN

T1 - Manipulating Machine Learning

T2 - 39th IEEE Symposium on Security and Privacy, SP 2018

AU - Jagielski, Matthew

AU - Oprea, Alina

AU - Biggio, Battista

AU - Liu, Chang

AU - Nita-Rotaru, Cristina

AU - Li, Bo

PY - 2018/7/23

Y1 - 2018/7/23

N2 - As machine learning becomes widely used for automated decisions, attackers have strong incentives to manipulate the results and models generated by machine learning algorithms. In this paper, we perform the first systematic study of poisoning attacks and their countermeasures for linear regression models. In poisoning attacks, attackers deliberately influence the training data to manipulate the results of a predictive model. We propose a theoretically-grounded optimization framework specifically designed for linear regression and demonstrate its effectiveness on a range of datasets and models. We also introduce a fast statistical attack that requires limited knowledge of the training process. Finally, we design a new principled defense method that is highly resilient against all poisoning attacks. We provide formal guarantees about its convergence and an upper bound on the effect of poisoning attacks when the defense is deployed. We evaluate extensively our attacks and defenses on three realistic datasets from health care, loan assessment, and real estate domains.

AB - As machine learning becomes widely used for automated decisions, attackers have strong incentives to manipulate the results and models generated by machine learning algorithms. In this paper, we perform the first systematic study of poisoning attacks and their countermeasures for linear regression models. In poisoning attacks, attackers deliberately influence the training data to manipulate the results of a predictive model. We propose a theoretically-grounded optimization framework specifically designed for linear regression and demonstrate its effectiveness on a range of datasets and models. We also introduce a fast statistical attack that requires limited knowledge of the training process. Finally, we design a new principled defense method that is highly resilient against all poisoning attacks. We provide formal guarantees about its convergence and an upper bound on the effect of poisoning attacks when the defense is deployed. We evaluate extensively our attacks and defenses on three realistic datasets from health care, loan assessment, and real estate domains.

KW - adversarial machine learning

KW - poisoning attacks

KW - robust linear regression

UR - http://www.scopus.com/inward/record.url?scp=85050640069&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85050640069&partnerID=8YFLogxK

U2 - 10.1109/SP.2018.00057

DO - 10.1109/SP.2018.00057

M3 - Conference contribution

AN - SCOPUS:85050640069

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 19

EP - 35

BT - Proceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 21 May 2018 through 23 May 2018

ER -

Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this