Exhibitors & Products
Events & Speakers

One common attack is the adversarial attack. This involves using examples that lead to the manipulation of results. In the context to artificial neural networks, an altered input signal is used that leads to intentionally induced misclassifications. This approach is particularly evident in attacks on image recognitions. Here, manipulations of image data lead to false-looking results in the recognition of image objects by artificial neural networks. The faulty classifications are hardly or not at all perceivable by the human observer. This erroneous classification is created by a manipulation of pixel values in the image, which is not perceptible to the human eye and is thereby overlaid with a noise pattern. Other well-known examples lead to misclassification in traffic sign recognition in autonomous driving systems.

What is data poisoning and how can users protect themselves?
The quality of the information provided by machine learning models is significantly influenced by the data with which they are trained or queried. If these are not systematically checked for correctness, attackers can deliberately inject manipulated data in order to compromise the model's statements. Data poisoning can thus be applied to data to be analyzed by the model or to data, used to train AI models. Potentially at risk are almost all known AI methods, from deep learning in neural networks, to supervized learning in statistical regression-based methods. When attacking training datasets, attackers try, for example, to specifically change labels or manipulate values in datasets. Attackers can disguise these manipulations by not corrupting all training data, but by interspersing altered data sets in a statistical distribution in training data. Skilled attackers thereby alter data sets over an extended period of time. This makes the attack difficult to detect via monitoring systems and filters for statistical deviations.

Blind trust in data is the gateway for data poisoning. Moreover, any AI model can serve as a "parent model" for new ones. This means that an undetected attack on learning data is passed on in the process. If the learning model is transferred, the "poisoned" data will also be included. Therefore, it is important to protect data for these learning models. There are numerous working approaches worldwide to learn from experiences with ML security attacks and to develop effective methods to defend against them.

It is proven in the past that it is very difficult to detect and reliably defend against data poisoning attacks. Attackers can even effectively circumvent multiple defenses applied in parallel. One of the most promising defenses against adversarial attacks is training with AI to prevent the manipulation.