Model-Targeted Poisoning Attacks with Provable Convergence
Authors: Fnu Suya, Saeed Mahloujifar, Anshuman Suri, David Evans, Yuan Tian
ICML 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | In our experiments, it either exceeds or matches state-of-the-art attacks in terms of attack success rate and distance to the target model. |
| Researcher Affiliation | Academia | 1University of Virginia 2Princeton University. Correspondence to: Fnu Suya <suya@virginia.edu>, Saeed Mahloujifar <sfar@princeton.edu>. |
| Pseudocode | Yes | Algorithm 1 Model Targeted Poisoning |
| Open Source Code | Yes | All of our evaluation code is available at: https://github.com/suyeecav/model-targeted-poisoning. |
| Open Datasets | Yes | For the subpopulation attack experiments, we use the Adult dataset (Dua & Graff, 2017), which was used for evaluation by (Jagielski et al., 2019). [...] For the indiscriminate setting, we use the Dogfish (Koh & Liang, 2017) and MNIST 1 7 datasets (Le Cun, 1998)1. |
| Dataset Splits | No | The paper provides training and test set counts but does not explicitly mention or provide details for a separate validation dataset split. |
| Hardware Specification | No | The paper states, 'all of our experiments can be run on a typical laptop,' which is too vague to be considered a specific hardware specification. |
| Software Dependencies | No | The paper mentions using hinge loss for SVM and logistic loss for LR, and the Adam optimizer, but it does not specify version numbers for any software, libraries, or frameworks used in the experiments. |
| Experiment Setup | Yes | For SVM model, we set ϵ as 0.01 on Adult, 0.1 on MNIST 1 7 and 2.0 on Dogfish dataset. For LR model, we set ϵ as 0.05 on Adult, 0.1 on MNIST 1 7 and 1.0 on Dogfish. [...] We use Adam optimizer (Kingma & Ba, 2014) with random restarts to solve this maximization problem approximately. |