Data Poisoning Attacks in MultiParty Learning
[edit]
Proceedings of the 36th International Conference on Machine Learning, PMLR 97:42744283, 2019.
Abstract
In this work, we demonstrate universal multiparty poisoning attacks that adapt and apply to any multiparty learning process with arbitrary interaction pattern between the parties. More generally, we introduce and study $(k,p)$poisoning attacks in which an adversary controls $k\in[m]$ of the parties, and for each corrupted party $P_i$, the adversary submits some poisoned data $T’_i$ on behalf of $P_i$ that is still "$(1p)$close" to the correct data $T_i$ (e.g., $1p$ fraction of $T’_i$ is still honestly generated).We prove that for any "bad" property $B$ of the final trained hypothesis $h$ (e.g., $h$ failing on a particular test example or having "large" risk) that has an arbitrarily small constant probability of happening without the attack, there always is a $(k,p)$poisoning attack that increases the probability of $B$ from $\mu$ to by $\mu^{1p \cdot k/m} = \mu + \Omega(p \cdot k/m)$. Our attack only uses clean labels, and it is online, as it only knows the the data shared so far.
Related Material


