Light Feature Analysis for Data Poisoning Detection
摘要
Undoubtedly, artificial intelligence has been subject of a great interest in the recent years. Its ever-growing use in industry and finance sectors has sparked some much needed inquiries concerning AI security by underlining the potential vulnerabilities that could be exploited by an attacker. Such attacks could occur during training (data poisoning, gradient poisoning etc.) or during inference (adversarial attacks, membership attacks etc.). This choice is contingent on the attacker’s final goal on how to affect the model, its performance and its predictions (backdoor implantation, invasion of privacy etc.). In this paper, we introduce a defense against data poisoning in limited memory/computation environment e.g. an embedded machine learning model in a production industry context. Therefore it is obligatory to operate in the most minimal setup possible without degrading the detection performance. We design a simple yet effective data poisoning attack to fool precedent countermeasures. We also measure the success of our method to mitigate such attacks with comparable computational complexity.