Keywords: data poisoning, backdoor attacks, semi-supervised learning
TL;DR: We show that simple backdoor attacks on unlabeled samples in semi-supervised learning are surprisingly effective, and we identify and analyze unique characteristics of these attacks.
Abstract: Semi-supervised learning methods can train high-accuracy machine learning models with a fraction of the labeled training samples required for traditional supervised learning. Such methods do not typically involve close review of the unlabeled training samples, making them tempting targets for data poisoning attacks. In this paper, we show that simple backdoor attacks on unlabeled samples in the FixMatch semi-supervised learning algorithm are surprisingly effective - achieving an average attack success rate as high as 96.9%. We identify unique characteristics of backdoor attacks against FixMatch that can provide practitioners with a better understanding of the vulnerabilities of their models to backdoor attacks.
0 Replies
Loading