BriefGPT.xyz
May, 2023
数据污染攻击中的不可检测性与鲁棒性:选择你的毒药
Pick your Poison: Undetectability versus Robustness in Data Poisoning Attacks against Deep Image Classification
HTML
PDF
Nils Lukas, Florian Kerschbaum
TL;DR
本文研究了深度图像分类模型中毒的问题,提出了两种防御方案进行后处理,利用少量的受信任的图像标签对修复模型,防御效果优于现有的方案,并指出了检测/鲁棒性权衡关系和攻击的适应能力问题。
Abstract
deep image classification
models trained on large amounts of web-scraped data are vulnerable to
data poisoning
, a mechanism for backdooring models. Even a few poisoned samples seen during training can entirely un
→