Publication: Beta poisoning attacks against machine learning models: extensions, limitations and defenses
| dc.contributor.department | Department of Computer Engineering | |
| dc.contributor.kuauthor | Gürsoy, Mehmet Emre | |
| dc.contributor.kuauthor | Kara, Atakan | |
| dc.contributor.kuauthor | Köprücü, Nursena | |
| dc.contributor.schoolcollegeinstitute | College of Engineering | |
| dc.date.accessioned | 2024-12-29T09:36:00Z | |
| dc.date.issued | 2022 | |
| dc.description.abstract | The rise of machine learning (ML) has made ML models lucrative targets for adversarial attacks. One of these attacks is Beta Poisoning, which is a recently proposed training-time attack based on heuristic poisoning of the training dataset. While Beta Poisoning was shown to be effective against linear ML models, it was originally developed with a fixed Gaussian Kernel Density Estimator (KDE) for likelihood estimation, and its effectiveness against more advanced, non-linear ML models has not been explored. In this paper, we advance the state of the art in Beta Poisoning attacks by making three novel contributions. First, we extend the attack so that it can be executed with arbitrary KDEs and norm functions. We integrate Gaussian, Laplacian, Epanechnikov and Logistic KDEs with three norm functions, and show that the choice of KDE can significantly impact attack effectiveness, especially when attacking linear models. Second, we empirically show that Beta Poisoning attacks are ineffective against non-linear ML models (such as neural networks and multi-layer perceptrons), even with our extensions. Results imply that the effectiveness of the attack decreases as model non-linearity and complexity increase. Finally, our third contribution is the development of a discriminator-based defense against Beta Poisoning attacks. Results show that our defense strategy achieves 99% and 93% accuracy in identifying poisoning samples on MNIST and CIFAR-10 datasets, respectively. | |
| dc.description.indexedby | WOS | |
| dc.description.indexedby | Scopus | |
| dc.description.publisherscope | International | |
| dc.description.sponsoredbyTubitakEu | N/A | |
| dc.identifier.doi | 10.1109/TPS-ISA56441.2022.00031 | |
| dc.identifier.isbn | 978-1-6654-7408-5 | |
| dc.identifier.quartile | N/A | |
| dc.identifier.scopus | 2-s2.0-85150678321 | |
| dc.identifier.uri | https://doi.org/10.1109/TPS-ISA56441.2022.00031 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.14288/21888 | |
| dc.identifier.wos | 978301700021 | |
| dc.keywords | Machine learning | |
| dc.keywords | Network layers | |
| dc.keywords | Network security | |
| dc.language.iso | eng | |
| dc.publisher | IEEE | |
| dc.relation.ispartof | 2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications, TPS-ISA | |
| dc.subject | Computer science | |
| dc.subject | Artificial intelligence | |
| dc.subject | Computer science | |
| dc.title | Beta poisoning attacks against machine learning models: extensions, limitations and defenses | |
| dc.type | Conference Proceeding | |
| dspace.entity.type | Publication | |
| local.contributor.kuauthor | Kara, Atakan | |
| local.contributor.kuauthor | Köprücü, Nursena | |
| local.contributor.kuauthor | Gürsoy, Mehmet Emre | |
| local.publication.orgunit1 | College of Engineering | |
| local.publication.orgunit2 | Department of Computer Engineering | |
| relation.isOrgUnitOfPublication | 89352e43-bf09-4ef4-82f6-6f9d0174ebae | |
| relation.isOrgUnitOfPublication.latestForDiscovery | 89352e43-bf09-4ef4-82f6-6f9d0174ebae | |
| relation.isParentOrgUnitOfPublication | 8e756b23-2d4a-4ce8-b1b3-62c794a8c164 | |
| relation.isParentOrgUnitOfPublication.latestForDiscovery | 8e756b23-2d4a-4ce8-b1b3-62c794a8c164 |