universal multi party poisoning attacks
play

Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad - PowerPoint PPT Presentation

Feb 01, 2023 ā€¢334 likes ā€¢540 views

Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed Multi-Party Learning Distributions Data Providers 1 1 Model Multi-Party Learning (Round j) Distributions

  1. Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed

  2. Multi-Party Learning Distributions Data Providers šø 1 š‘„ 1 Model š» šø š‘œ š‘„ š‘œ

  3. Multi-Party Learning (Round j) Distributions Data Providers šø 1 š‘„ 1 š» šø š‘— š‘„ š‘— Model jāˆ’1 šø š‘œ š‘„ š‘œ

  4. Multi-Party Learning (Round j) Distributions Data Providers šø 1 š‘„ 1 š» šø š‘— š‘„ š‘— Model jāˆ’1 šø š‘œ š‘„ š‘œ

  5. Multi-Party Learning (Round j) Distributions Data Providers šø 1 š‘„ 1 š‘£ š‘˜ š‘’ š‘˜ š» šø š‘— š‘„ š‘— Model jāˆ’1 šø š‘œ š‘„ š‘œ

  6. Multi-Party Learning (Round j) Distributions Data Providers šø 1 š‘„ 1 š‘£ š‘˜ š‘’ š‘˜ Model j š» šø š‘— š‘„ š‘— Model jāˆ’1 šø š‘œ š‘„ š‘œ

  7. Multi-Party Learning (Round j) Distributions Data Providers šø 1 š‘„ 1 Model j Model j Model j š» Model j šø š‘— š‘„ š‘— Model j Model j Model jāˆ’1 šø š‘œ š‘„ š‘œ

  8. Poisoning in Multi-Party Learning Distributions Data Providers An adversary (partially) controls a šø 1 š‘„ number of data providers 1 Model š» šø š‘— š‘„ š‘— šø š‘œ š‘„ š‘œ

  9. (š‘™, š‘Ÿ) -Poisoning Attack Model š‘™ (out of š‘œ ) of the parties become corrupted šø š‘— š‘„ š‘— Each corrupted party š‘„ š‘— samples from a different distribution š‘’ , ā‰¤ š‘Ÿ šø š‘— šø š‘— š‘™ = š‘œ ā†’ š‘Ÿ -Tampering [ACMPS14] [MM17] [MM18] š‘Ÿ = 1 ā†’ Static Corruption in MPC (crypto)

  10. What is the inherent power of š‘™, š‘Ÿ -poisoning adversaries against Multi-party Learning?

  11. Main Theorem: Power of š‘™, š‘Ÿ -Poisoning Let š¶ be a bad property of the model š‘ ā€¢ E.g. š¶(š‘) = 1 if š‘ misclassified an specific instance š‘¦ For any š‘œ -party learning protocol there is a š‘™, š‘Ÿ -poisoning adversary that increases Pr[š¶] from šœ— ā†’ šœ— 1āˆ’ š‘™š‘Ÿ š‘œ

  12. Main Theorem: Power of š‘™, š‘Ÿ -Poisoning Let š¶ be a bad property of the model š‘ ā€¢ E.g. š¶(š‘) = 1 if š‘ misclassified an specific instance š‘¦ For any š‘œ -party learning protocol there is a š‘™, š‘Ÿ -poisoning adversary that increases Pr[š¶] from šœ— ā†’ šœ— 1āˆ’ š‘™š‘Ÿ š‘œ Pr[š¶] Before attack š’“ š’ Pr[š¶] after attack 5% 1/2 š‘œ/2 11% 5% 1/2 š‘œ 22% 5% 1 š‘œ/2 22%

  13. Features of Attack ā€¢ Universal: provably work against any learning protocol ā€¢ In contrast with: [Bagdasaryan et al 2018; Bhagoji et al. 2018] ā€¢ Clean label: Only uses correct labels ā€¢ Similar to: [M et al 2017; Shafahi et al 2018] ā€¢ Polynomial time ā€¢ Similar to: [M and Mahmoody 2019]

  14. Ideas Behind Attack ā€¢ Main Idea: Treat protocol as random process and run a biasing attack ā€¢ The bad property is a function over the random process ā€¢ We want to bias that function, similar to attacks in coin tossing

  15. Ideas Behind Attack ā€¢ Main Idea: Treat protocol as random process and run a biasing attack ā€¢ The bad property is a function over the random process ā€¢ We want to bias that function, similar to attacks in coin tossing ā€¢ New biasing model: Generalized š‘ž -Tampering.

  16. Ideas Behind Attack ā€¢ Main Idea: Treat protocol as random process and run a biasing attack ā€¢ The bad property is a function over the random process ā€¢ We want to bias that function, similar to attacks in coin tossing ā€¢ New biasing model: Generalized š‘ž -Tampering. Let š‘” āˆ¶ š‘‰ 1 , ā€¦ , š‘‰ š‘œ ā†’ {0,1}

  17. Ideas Behind Attack ā€¢ Main Idea: Treat protocol as random process and run a biasing attack ā€¢ The bad property is a function over the random process ā€¢ We want to bias that function, similar to attacks in coin tossing ā€¢ New biasing model: Generalized š‘ž -Tampering. Let š‘” āˆ¶ š‘‰ 1 , ā€¦ , š‘‰ š‘œ ā†’ {0,1} Input blocks š‘£ 1 , š‘£ 2 , ā€¦ š‘£ š‘œ are sampled one-by one in online way:

  18. Ideas Behind Attack ā€¢ Main Idea: Treat protocol as random process and run a biasing attack ā€¢ The bad property is a function over the random process ā€¢ We want to bias that function, similar to attacks in coin tossing ā€¢ New biasing model: Generalized š‘ž -Tampering. Let š‘” āˆ¶ š‘‰ 1 , ā€¦ , š‘‰ š‘œ ā†’ {0,1} Input blocks š‘£ 1 , š‘£ 2 , ā€¦ š‘£ š‘œ are sampled one-by one in online way: š‘‰ š‘— with marginal probability 1 āˆ’ š‘ž š‘£ š‘— = į‰Š with marginal probability š‘ž

  19. Ideas Behind Attack ā€¢ Main Idea: Treat protocol as random process and run a biasing attack ā€¢ The bad property is a function over the random process ā€¢ We want to bias that function, similar to attacks in coin tossing ā€¢ New biasing model: Generalized š‘ž -Tampering. Let š‘” āˆ¶ š‘‰ 1 , ā€¦ , š‘‰ š‘œ ā†’ {0,1} Input blocks š‘£ 1 , š‘£ 2 , ā€¦ š‘£ š‘œ are sampled one-by one in online way: š‘‰ š‘— with marginal probability 1 āˆ’ š‘ž š‘£ š‘— = į‰Š with marginal probability š‘ž Our generalized p-tampering attack based on Ideas in coin tossing attacks [BOL89,IH14]

  20. Summary We show Poisoning attacks against multi-party learning protocols: ā€¢ Universal: Provably apply to any multi-party learning protocol ā€¢ Clean label: Only uses samples with correct labels ā€¢ Run in polynomial time Poster #160 ā€¢ Increase the probability of any chosen bad property

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Poisoning Attack Analysis Jeffrey Zhang Universal Multi-Party Poisoning Attacks Saeed

Poisoning Attack Analysis Jeffrey Zhang Universal Multi-Party Poisoning Attacks Saeed

Poisoning Attack Analysis Jeffrey Zhang Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed, ICML 2019 Multi-party Learning Application: Federated Learning Federated Learning : Train a centralized

589 views ā€¢ 34 slides
Poisoning Attacks: p-Tampering and Poison Frogs Simons Robustness Reading Group Bolton Bailey

Poisoning Attacks: p-Tampering and Poison Frogs Simons Robustness Reading Group Bolton Bailey

Poisoning Attacks: p-Tampering and Poison Frogs Simons Robustness Reading Group Bolton Bailey July 1, 2019 What is a Poisoning Attack? Data poisoning is an attack on machine learning models wherein the attacker adds (or modifies) examples

1.28k views ā€¢ 12 slides
DNS Poisoning: Developments, Attacks and Research Directions Suggestions for the Idle and Curious

DNS Poisoning: Developments, Attacks and Research Directions Suggestions for the Idle and Curious

DNS Poisoning Attack Scenarios Vulnerability Analysis Remedies DNS Poisoning: Developments, Attacks and Research Directions Suggestions for the Idle and Curious Researcher David Dagon 1 1 Georgia Institute of Technology Atlanta, Georgia

327 views ā€¢ 28 slides
TRANSFERABLE CLEAN-LABEL POISONING ATTACKS ON DEEP NEURAL NETS Chen Zhu*, W. Ronny Huang*^, Ali

TRANSFERABLE CLEAN-LABEL POISONING ATTACKS ON DEEP NEURAL NETS Chen Zhu*, W. Ronny Huang*^, Ali

TRANSFERABLE CLEAN-LABEL POISONING ATTACKS ON DEEP NEURAL NETS Chen Zhu*, W. Ronny Huang*^, Ali Shafahi, Hengduo Li, Gavin Taylor, Christoph Studer, Tom Goldstein * equal contribution ^ presenter WHAT IS POISONING? Training data Testing

218 views ā€¢ 19 slides
Poisoning Attacks on Federated Le Learning-based In Intrusion Detection System Thien Duc

Poisoning Attacks on Federated Le Learning-based In Intrusion Detection System Thien Duc

Poisoning Attacks on Federated Le Learning-based In Intrusion Detection System Thien Duc Nguyen, Phillip Rieger, Markus Miettinen, Ahmad-Reza Sadeghi Typical IoT Devices 2 IoT The S stands for Security 3 Mirai: Largest Disruptive

508 views ā€¢ 33 slides
2019 Research Experience for Undergraduates Detection of Data Poisoning Attacks on Image

2019 Research Experience for Undergraduates Detection of Data Poisoning Attacks on Image

2019 Research Experience for Undergraduates Detection of Data Poisoning Attacks on Image Classification Models Harsh Kachhadia Co-Advisors: Dr. Amin Alipour and Dr. Ioannis Kakadiaris Motivation Deep Learning models, due to their

204 views ā€¢ 19 slides
CICN Community Information-Centric Networking FD.io: The Universal Dataplane Fd.io Scope :

CICN Community Information-Centric Networking FD.io: The Universal Dataplane Fd.io Scope :

CICN Community Information-Centric Networking FD.io: The Universal Dataplane Fd.io Scope : Project at Linux Foundation Network IO - NIC/vNIC <-> cores/threads Multi-party Packet Processing Multi-project

680 views ā€¢ 26 slides
Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views ā€¢ 36 slides
Adversarial Attacks on Node Embeddings via Graph Poisoning Aleksandar Bojchevski, Stephan

Adversarial Attacks on Node Embeddings via Graph Poisoning Aleksandar Bojchevski, Stephan

Adversarial Attacks on Node Embeddings via Graph Poisoning Aleksandar Bojchevski, Stephan Gnnemann Technical University of Munich ICML 2019 Node embeddings are used to Classify scientific papers Recommend items Classify proteins

336 views ā€¢ 21 slides
Automatic Disfluency Automatic Disfluency Detection in Multi-party Detection in Multi-party

Automatic Disfluency Automatic Disfluency Detection in Multi-party Detection in Multi-party

German Research Center for Artificial Intelligence GmbH Automatic Disfluency Automatic Disfluency Detection in Multi-party Detection in Multi-party www.amiproject.org Conversations Conversations Feast, 30th September 2009 , 30th September

322 views ā€¢ 28 slides
Resilient Networking 6: Attacks on DNS 1 Chapter Outline Overview of DNS Known attacks

Resilient Networking 6: Attacks on DNS 1 Chapter Outline Overview of DNS Known attacks

Resilient Networking 6: Attacks on DNS 1 Chapter Outline Overview of DNS Known attacks on DNS Denial-of-Service Cache Poisoning Securing DNS Split-Split-DNS DNSSEC 2 DNS The Domain Name System Naming Service

1.15k views ā€¢ 46 slides
Multi-Party Computation in Presence of Corrupted Majorities Dominik Raub Institute of

Multi-Party Computation in Presence of Corrupted Majorities Dominik Raub Institute of

Multi-Party Computation in Presence of Corrupted Majorities Dominik Raub Institute of Theoretical Computer Science ETH Zrich on joint work with R. Knzler, J. Mller-Quade, C. Lucas, U. Maurer, M. Fitzi Metaguse, 2009/10/04 Multi-Party

1.04k views ā€¢ 83 slides
Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done Party!!!!!! Party!!!!!! Curling Orientation Party!!!!!! Party!!!!!! Party!!!!!! National day parade Airport picking-uping Party!!!!!!

1.18k views ā€¢ 69 slides
Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan

Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan

Constant-Round Asynchronous Multi-Party Computation Based on One-Way Functions Sandro Coretti (New York University) Juan Garay (Yahoo Research) Martin Hirt (ETH Zurich) Vassilis Zikas (RPI) Secure Multi-Party Computation (MPC) [Yao82, GMW87,

677 views ā€¢ 47 slides
CARBON MONOXIDE POISONING The Silent Killer PATHOPHYSIOLOGY OF CARBON MONOXIDE 1. CO poisoning

CARBON MONOXIDE POISONING The Silent Killer PATHOPHYSIOLOGY OF CARBON MONOXIDE 1. CO poisoning

CARBON MONOXIDE POISONING The Silent Killer PATHOPHYSIOLOGY OF CARBON MONOXIDE 1. CO poisoning is the most common exposure poisoning in the United States and the rest of the world. 2. It is an odorless, colorless gas that can cause sudden

198 views ā€¢ 15 slides
Data Poisoning Attack cks on Stoch chastic c Bandits Fang Liu and Ness Shroff Outline

Data Poisoning Attack cks on Stoch chastic c Bandits Fang Liu and Ness Shroff Outline

Data Poisoning Attack cks on Stoch chastic c Bandits Fang Liu and Ness Shroff Outline Background q What are bandits? q Motivations Data poisoning attacks on stochastic bandits q Offline model q Online model q Simulation results

218 views ā€¢ 17 slides
Brokered Agreements in Multi-Party Machine Learning 10th ACM SIGOPS Asia-Pacific Workshop on

Brokered Agreements in Multi-Party Machine Learning 10th ACM SIGOPS Asia-Pacific Workshop on

Brokered Agreements in Multi-Party Machine Learning 10th ACM SIGOPS Asia-Pacific Workshop on Systems (APSys 2019) Clement Fung, Ivan Beschastnikh University of British Columbia 1 The emerging ML economy With the explosion of machine

596 views ā€¢ 42 slides
Parties to a Mortgage loan of funds Owner-Debtor Creditor-Lender Borrower (Mortgagee)

Parties to a Mortgage loan of funds Owner-Debtor Creditor-Lender Borrower (Mortgagee)

Parties to a Mortgage loan of funds Owner-Debtor Creditor-Lender Borrower (Mortgagee) (Mortgagor) Security Interest (SI) in real property Parties to Note and Deed of Trust Loan of Funds Owner-Debtor Creditor-Lender

189 views ā€¢ 4 slides
Multi Party Computation: From Theory to Practice Nigel P . Smart Department of Computer

Multi Party Computation: From Theory to Practice Nigel P . Smart Department of Computer

Multi Party Computation: From Theory to Practice Nigel P . Smart Department of Computer Science, University Of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB. January 8, 2013 Nigel P . Smart Multi Party

604 views ā€¢ 28 slides
Political Science 17 . 20 Introduction to American Politics Professor Devin Caughey MIT

Political Science 17 . 20 Introduction to American Politics Professor Devin Caughey MIT

Political Science 17 . 20 Introduction to American Politics Professor Devin Caughey MIT Department of Political Science and Partisanship Parties Lecture 14 (March 2, 2013) 1 / 13 Outline What Are Parties? 1 Why Do Parties Exist? 2 How Do

186 views ā€¢ 14 slides
Transport Refrigeration Unit Enforcement Work Group Meeting July 29, 2020 1 Updated Concept for

Transport Refrigeration Unit Enforcement Work Group Meeting July 29, 2020 1 Updated Concept for

Transport Refrigeration Unit Enforcement Work Group Meeting July 29, 2020 1 Updated Concept for TRU Regulation Facility Registration, Fees, and Compliance Plan Reporting Expanded TRU Registration Requirements TRU Emission Standards

403 views ā€¢ 15 slides
Reducing Communication Channels in MPC Marcel Keller 1,2 Dragos Rotaru 1,3 Nigel Smart 1,3 T im

Reducing Communication Channels in MPC Marcel Keller 1,2 Dragos Rotaru 1,3 Nigel Smart 1,3 T im

Reducing Communication Channels in MPC Marcel Keller 1,2 Dragos Rotaru 1,3 Nigel Smart 1,3 T im Wood 1,3 1 University of Bristol 2 Data61 3 KU Leuven/COSIC ESAT 1/35 Outline Goal Generalising MPC Tools Performing MPC 2/35 Outline Goal

753 views ā€¢ 72 slides
Towards Measuring Adversarial Twitter Interactions against Candidates in the US Midterm Elections

Towards Measuring Adversarial Twitter Interactions against Candidates in the US Midterm Elections

Towards Measuring Adversarial Twitter Interactions against Candidates in the US Midterm Elections Yiqing Hua Thomas Ristenpart Mor Naaman Cornell Tech, Cornell University Presentation for ICWSM 2020 Find the slides and paper on

357 views ā€¢ 21 slides
Armor Within: Defending against Vulnerabilities in Third-Party Libraries Sameed Ali , Prashant

Armor Within: Defending against Vulnerabilities in Third-Party Libraries Sameed Ali , Prashant

Armor Within: Defending against Vulnerabilities in Third-Party Libraries Sameed Ali , Prashant Anantharaman, Sean Smith Dartmouth College, NH, USA sameed.ali.gr@dartmouth.edu 1 Outline Motivation Our Evaluation Conclusions Approaches 2

381 views ā€¢ 27 slides

More recommend