تقرير
Strong Data Augmentation Sanitizes Poisoning and Backdoor Attacks Without an Accuracy Tradeoff
العنوان: | Strong Data Augmentation Sanitizes Poisoning and Backdoor Attacks Without an Accuracy Tradeoff |
---|---|
المؤلفون: | Borgnia, Eitan, Cherepanova, Valeriia, Fowl, Liam, Ghiasi, Amin, Geiping, Jonas, Goldblum, Micah, Goldstein, Tom, Gupta, Arjun |
سنة النشر: | 2020 |
المجموعة: | Computer Science |
مصطلحات موضوعية: | Computer Science - Cryptography and Security, Computer Science - Machine Learning |
الوصف: | Data poisoning and backdoor attacks manipulate victim models by maliciously modifying training data. In light of this growing threat, a recent survey of industry professionals revealed heightened fear in the private sector regarding data poisoning. Many previous defenses against poisoning either fail in the face of increasingly strong attacks, or they significantly degrade performance. However, we find that strong data augmentations, such as mixup and CutMix, can significantly diminish the threat of poisoning and backdoor attacks without trading off performance. We further verify the effectiveness of this simple defense against adaptive poisoning methods, and we compare to baselines including the popular differentially private SGD (DP-SGD) defense. In the context of backdoors, CutMix greatly mitigates the attack while simultaneously increasing validation accuracy by 9%. Comment: Authors ordered alphabetically |
نوع الوثيقة: | Working Paper |
URL الوصول: | http://arxiv.org/abs/2011.09527 |
رقم الأكسشن: | edsarx.2011.09527 |
قاعدة البيانات: | arXiv |
الوصف غير متاح. |