METAPOISON: LEARNING TO CRAFT POISON W. Ronny Huang,* Jonas Geiping,* Liam Fowl,^ Tom Goldstein *Equal Contribution ^Speaker University of Maryland NeurIPS MetaLearn 2019
DATA POISONING Training data Testing example Plane Frog Base
DATA POISONING Training data Testing example Plane Frog Base Poison! + =
DATA POISONING Training data Testing example Plane Frog Base Poison! + =
LEARNING TO CRAFT Initial weights Training phase Poison Updated Forward + Backward weights Testing phase Target Forward Adversarial loss
LEARNING TO CRAFT Initial weights Training phase Poison Updated Forward + Backward weights Testing phase Target Forward Adversarial loss Backprop to the poison!
POISONED TRAINING DYNAMICS Weight space θ i θ i +1 θ i − 1 ⋯ without poison data Low ⋯ θ N θ 0 training loss NeurIPS Metalearn 19 (spotlight) Huang* , Geiping*, Fowl, Taylor, Goldstein, “MetaPoison: Learning to...”
POISONED TRAINING DYNAMICS Weight space θ i θ i +1 θ i − 1 ⋯ without poison data Low ⋯ θ N θ 0 training ⋯ with poison data loss ⋯ θ N NeurIPS Metalearn 19 (spotlight) Huang* , Geiping*, Fowl, Taylor, Goldstein, “MetaPoison: Learning to...”
POISONED TRAINING DYNAMICS Weight space θ i θ i +1 θ i − 1 ⋯ without poison data Low ⋯ θ N θ 0 training ⋯ with poison data loss ⋯ θ N Low adversarial loss NeurIPS Metalearn 19 (spotlight) Huang* , Geiping*, Fowl, Taylor, Goldstein, “MetaPoison: Learning to...”
adversarial class (81%) Victim model ResNet18 Validation accuracy 85% (no drop) true class (1%) Target 5000 poisons (10%) cause classified as
adversarial class 92% Victim model ResNet18 Validation accuracy true class 3% 85% (no drop) Target 5000 poisons (10%) cause classified as
Recommend
More recommend
