Backdoors on Manifold Learning
Christina Kreza (Radboud Universiteit Nijmegen)
Stefanos Koffas (TU Delft - Electrical Engineering, Mathematics and Computer Science)
Behrad Tajalli (Radboud Universiteit Nijmegen)
Mauro Conti (UniversitĂ degli Studi di Padova, TU Delft - Electrical Engineering, Mathematics and Computer Science)
Stjepan Picek (TU Delft - Electrical Engineering, Mathematics and Computer Science, Radboud Universiteit Nijmegen)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Recently, attackers have targeted machine learning systems, introducing various attacks. The backdoor attack is popular in this field and is usually realized through data poisoning. To the best of our knowledge, we are the first to investigate whether the backdoor attacks remain effective when manifold learning algorithms are applied to the poisoned dataset. We conducted our experiments using two manifold learning techniques (Autoencoder and UMAP) on two benchmark datasets (MNIST and CIFAR10) and two backdoor strategies (clean and dirty label). We performed an array of experiments using different parameters, finding that we could reach an attack success rate of 95% and 75% even after reducing our data to two dimensions using Autoencoders and UMAP, respectively.
help_outline