SLIDE 1
METAPOISON: LEARNING TO CRAFT POISON
- W. Ronny Huang,* Jonas Geiping,*
Liam Fowl,^ Tom Goldstein
NeurIPS MetaLearn 2019 *Equal Contribution ^Speaker University of Maryland
METAPOISON: LEARNING TO CRAFT POISON W. Ronny Huang,* Jonas - - PowerPoint PPT Presentation
METAPOISON: LEARNING TO CRAFT POISON W. Ronny Huang,* Jonas - - PowerPoint PPT Presentation
METAPOISON: LEARNING TO CRAFT POISON W. Ronny Huang,* Jonas Geiping,* Liam Fowl,^ Tom Goldstein *Equal Contribution ^Speaker University of Maryland NeurIPS MetaLearn 2019 DATA POISONING Training data Testing example Plane Frog Base
SLIDE 2
SLIDE 3
Training data Base Testing example Plane Poison! + = Frog
DATA POISONING
SLIDE 4
Training data Base Testing example Plane Poison! + = Frog
DATA POISONING
SLIDE 5
LEARNING TO CRAFT
Training phase
Forward + Backward
Poison
Initial weights
Testing phase
Forward Adversarial loss
Target
Updated weights
SLIDE 6
LEARNING TO CRAFT
Training phase
Forward + Backward
Poison
Initial weights
Testing phase
Forward Adversarial loss
Target
Updated weights
Backprop to the poison!
SLIDE 7
Low training loss
POISONED TRAINING DYNAMICS
Weight space
θi θi+1 θi−1
⋯
θN
⋯
θ0
without poison data
NeurIPS Metalearn 19 (spotlight) Huang*, Geiping*, Fowl, Taylor, Goldstein, “MetaPoison: Learning to...”
SLIDE 8
Low training loss
POISONED TRAINING DYNAMICS
Weight space
θi θi+1 θi−1
⋯
θN
⋯
θ0
⋯ ⋯
θN
with poison data without poison data
NeurIPS Metalearn 19 (spotlight) Huang*, Geiping*, Fowl, Taylor, Goldstein, “MetaPoison: Learning to...”
SLIDE 9
Low training loss
POISONED TRAINING DYNAMICS
Weight space
θi θi+1 θi−1
⋯
θN
⋯
θ0
⋯ ⋯
θN
Low adversarial loss
with poison data without poison data
NeurIPS Metalearn 19 (spotlight) Huang*, Geiping*, Fowl, Taylor, Goldstein, “MetaPoison: Learning to...”
SLIDE 10
true class (1%)
adversarial class (81%)
classified as Validation accuracy 85% (no drop) Target cause Victim model ResNet18 5000 poisons (10%)
SLIDE 11
true class 3%
adversarial class 92%