Backdoors on Manifold Learning

Christina Kreza; Stefanos Koffas; Behrad Tajalli; Mauro Conti; Stjepan Picek

doi:10.1145/3649403.3656484

Backdoors on Manifold Learning

Christina Kreza, Stefanos Koffas, Behrad Tajalli, Mauro Conti, Stjepan Picek

Cyber Security

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

80 Downloads (Pure)

Abstract

Recently, attackers have targeted machine learning systems, introducing various attacks. The backdoor attack is popular in this field and is usually realized through data poisoning. To the best of our knowledge, we are the first to investigate whether the backdoor attacks remain effective when manifold learning algorithms are applied to the poisoned dataset. We conducted our experiments using two manifold learning techniques (Autoencoder and UMAP) on two benchmark datasets (MNIST and CIFAR10) and two backdoor strategies (clean and dirty label). We performed an array of experiments using different parameters, finding that we could reach an attack success rate of 95% and 75% even after reducing our data to two dimensions using Autoencoders and UMAP, respectively.

Original language	English
Title of host publication	WiseML 2024 - Proceedings of the 2024 ACM Workshop on Wireless Security and Machine Learning
Publisher	ACM
Pages	1-7
Number of pages	7
ISBN (Electronic)	9798400706028
DOIs	https://doi.org/10.1145/3649403.3656484
Publication status	Published - 2024
Event	2024 ACM Workshop on Wireless Security and Machine Learning, WiseML 2024 - Seoul, Korea, Republic of Duration: 30 May 2024 → …

Publication series

Name	WiseML 2024 - Proceedings of the 2024 ACM Workshop on Wireless Security and Machine Learning

Conference

Conference	2024 ACM Workshop on Wireless Security and Machine Learning, WiseML 2024
Country/Territory	Korea, Republic of
City	Seoul
Period	30/05/24 → …

Keywords

autoencoders
backdoor attacks
manifold learning
umap

Access to Document

10.1145/3649403.3656484

3649403.3656484Final published version, 2.06 MBLicence: CC BY

Cite this

@inproceedings{035f7dbcb3b34fd88783439dc1650553,

title = "Backdoors on Manifold Learning",

abstract = "Recently, attackers have targeted machine learning systems, introducing various attacks. The backdoor attack is popular in this field and is usually realized through data poisoning. To the best of our knowledge, we are the first to investigate whether the backdoor attacks remain effective when manifold learning algorithms are applied to the poisoned dataset. We conducted our experiments using two manifold learning techniques (Autoencoder and UMAP) on two benchmark datasets (MNIST and CIFAR10) and two backdoor strategies (clean and dirty label). We performed an array of experiments using different parameters, finding that we could reach an attack success rate of 95% and 75% even after reducing our data to two dimensions using Autoencoders and UMAP, respectively.",

keywords = "autoencoders, backdoor attacks, manifold learning, umap",

author = "Christina Kreza and Stefanos Koffas and Behrad Tajalli and Mauro Conti and Stjepan Picek",

year = "2024",

doi = "10.1145/3649403.3656484",

language = "English",

series = "WiseML 2024 - Proceedings of the 2024 ACM Workshop on Wireless Security and Machine Learning",

publisher = "ACM",

pages = "1--7",

booktitle = "WiseML 2024 - Proceedings of the 2024 ACM Workshop on Wireless Security and Machine Learning",

address = "United States",

note = "2024 ACM Workshop on Wireless Security and Machine Learning, WiseML 2024 ; Conference date: 30-05-2024",

}

Kreza, C, Koffas, S, Tajalli, B, Conti, M & Picek, S 2024, Backdoors on Manifold Learning. in WiseML 2024 - Proceedings of the 2024 ACM Workshop on Wireless Security and Machine Learning. WiseML 2024 - Proceedings of the 2024 ACM Workshop on Wireless Security and Machine Learning, ACM, pp. 1-7, 2024 ACM Workshop on Wireless Security and Machine Learning, WiseML 2024, Seoul, Korea, Republic of, 30/05/24. https://doi.org/10.1145/3649403.3656484

Backdoors on Manifold Learning. / Kreza, Christina; Koffas, Stefanos; Tajalli, Behrad et al.
WiseML 2024 - Proceedings of the 2024 ACM Workshop on Wireless Security and Machine Learning. ACM, 2024. p. 1-7 (WiseML 2024 - Proceedings of the 2024 ACM Workshop on Wireless Security and Machine Learning).

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Backdoors on Manifold Learning

AU - Kreza, Christina

AU - Koffas, Stefanos

AU - Tajalli, Behrad

AU - Conti, Mauro

AU - Picek, Stjepan

PY - 2024

Y1 - 2024

N2 - Recently, attackers have targeted machine learning systems, introducing various attacks. The backdoor attack is popular in this field and is usually realized through data poisoning. To the best of our knowledge, we are the first to investigate whether the backdoor attacks remain effective when manifold learning algorithms are applied to the poisoned dataset. We conducted our experiments using two manifold learning techniques (Autoencoder and UMAP) on two benchmark datasets (MNIST and CIFAR10) and two backdoor strategies (clean and dirty label). We performed an array of experiments using different parameters, finding that we could reach an attack success rate of 95% and 75% even after reducing our data to two dimensions using Autoencoders and UMAP, respectively.

AB - Recently, attackers have targeted machine learning systems, introducing various attacks. The backdoor attack is popular in this field and is usually realized through data poisoning. To the best of our knowledge, we are the first to investigate whether the backdoor attacks remain effective when manifold learning algorithms are applied to the poisoned dataset. We conducted our experiments using two manifold learning techniques (Autoencoder and UMAP) on two benchmark datasets (MNIST and CIFAR10) and two backdoor strategies (clean and dirty label). We performed an array of experiments using different parameters, finding that we could reach an attack success rate of 95% and 75% even after reducing our data to two dimensions using Autoencoders and UMAP, respectively.

KW - autoencoders

KW - backdoor attacks

KW - manifold learning

KW - umap

UR - http://www.scopus.com/inward/record.url?scp=85195912058&partnerID=8YFLogxK

U2 - 10.1145/3649403.3656484

DO - 10.1145/3649403.3656484

M3 - Conference contribution

AN - SCOPUS:85195912058

T3 - WiseML 2024 - Proceedings of the 2024 ACM Workshop on Wireless Security and Machine Learning

SP - 1

EP - 7

BT - WiseML 2024 - Proceedings of the 2024 ACM Workshop on Wireless Security and Machine Learning

PB - ACM

T2 - 2024 ACM Workshop on Wireless Security and Machine Learning, WiseML 2024

Y2 - 30 May 2024

ER -

Backdoors on Manifold Learning

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this