A BIC-Based Mixture Model Defense Against Data Poisoning Attacks on Classifiers

Xi Li, David J. Miller, Zhen Xiang, George Kesidis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Data Poisoning (DP) is an effective attack which degrades a trained classifier's accuracy through covert injection of attack samples into the training set. We propose an unsupervised Bayesian Information Criterion (BIC)-based mixture model defense against DP attacks that: 1) addresses the most challenging embedded DP scenario wherein, if DP is present, the poisoned samples are an a priori unknown subset of the training set, and with no clean validation set available; 2) applies a mixture model to both well-fit potentially multi-modal class distributions and capture poisoned samples within a small subset of the mixture components; 3) jointly identifies poisoned components and samples by minimizing the BIC cost defined over the whole training set. Our experimental results demonstrate the effectiveness of our defense under strong DP attacks, as well as its superiority over other works.

Original languageEnglish (US)
Title of host publicationProceedings of the 2023 IEEE 33rd International Workshop on Machine Learning for Signal Processing, MLSP 2023
EditorsDanilo Comminiello, Michele Scarpiniti
PublisherIEEE Computer Society
ISBN (Electronic)9798350324112
DOIs
StatePublished - 2023
Event33rd IEEE International Workshop on Machine Learning for Signal Processing, MLSP 2023 - Rome, Italy
Duration: Sep 17 2023Sep 20 2023

Publication series

NameIEEE International Workshop on Machine Learning for Signal Processing, MLSP
Volume2023-September
ISSN (Print)2161-0363
ISSN (Electronic)2161-0371

Conference

Conference33rd IEEE International Workshop on Machine Learning for Signal Processing, MLSP 2023
Country/TerritoryItaly
CityRome
Period9/17/239/20/23

All Science Journal Classification (ASJC) codes

  • Human-Computer Interaction
  • Signal Processing

Cite this