Bullseye Polytope: A Scalable Clean-Label Poisoning Attack with Improved Transferability

• Published in: 2021 IEEE European Symposium on Security and Privacy (EuroS&P) pp. 159 - 178
• Main Authors: Aghakhani, Hojjat, Meng, Dongyu, Wang, Yu-Xiang, Kruegel, Christopher, Vigna, Giovanni
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.09.2021
• Subjects: Dataset Poisoning; Machine Learning Robustness; Neural networks; Observers; Robustness; Security; Toxicology; Training; Transfer learning

A recent source of concern for the security of neural networks is the emergence of clean-label dataset poisoning attacks, wherein correctly labeled poison samples are injected into the training dataset. While these poison samples look legitimate to the human observer, they contain malicious characte...