Wild Patterns Reloaded: A Survey of Machine Learning Security against Training Data Poisoning

The success of machine learning is fueled by the increasing availability of computing power and large training datasets. The training data is used to learn new models or update existing ones, assuming that it is sufficiently representative of the data that will be encountered at test time. This assu...

Full description

Saved in:
Bibliographic Details
Published in:ACM computing surveys 2023-07, Vol.55 (13s), p.1-39, Article 294
Main Authors: Cinà, Antonio Emanuele, Grosse, Kathrin, Demontis, Ambra, Vascon, Sebastiano, Zellinger, Werner, Moser, Bernhard A., Oprea, Alina, Biggio, Battista, Pelillo, Marcello, Roli, Fabio
Format: Article
Language:English
Subjects:
Adversarial learning
Computing methodologies
General and reference
Machine learning
Neural networks
Surveys and overviews
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The success of machine learning is fueled by the increasing availability of computing power and large training datasets. The training data is used to learn new models or update existing ones, assuming that it is sufficiently representative of the data that will be encountered at test time. This assumption is challenged by the threat of poisoning, an attack that manipulates the training data to compromise the model’s performance at test time. Although poisoning has been acknowledged as a relevant threat in industry applications, and a variety of different attacks and defenses have been proposed so far, a complete systematization and critical review of the field is still missing. In this survey, we provide a comprehensive systematization of poisoning attacks and defenses in machine learning, reviewing more than 100 papers published in the field in the past 15 years. We start by categorizing the current threat models and attacks and then organize existing defenses accordingly. While we focus mostly on computer-vision applications, we argue that our systematization also encompasses state-of-the-art attacks and defenses for other data modalities. Finally, we discuss existing resources for research in poisoning and shed light on the current limitations and open research questions in this research field.
ISSN:0360-0300
1557-7341
DOI:10.1145/3585385