Paper 2018/854

Universal Multi-Party Poisoning Attacks

Saeed Mahloujifar, Mahammad Mahmoody, and Ameer Mohammed

Abstract

In this work, we demonstrate universal multi-party poisoning attacks that adapt and apply to any multi-party learning process with arbitrary interaction pattern between the parties. More generally, we introduce and study (k,p)-poisoning attacks in which an adversary controls k[m] of the parties, and for each corrupted party Pi, the adversary submits some poisoned data Ti on behalf of Pi that is still "(1p)-close" to the correct data Ti (e.g., 1p fraction of Ti is still honestly generated). We prove that for any "bad" property B of the final trained hypothesis h (e.g., h failing on a particular test example or having "large" risk) that has an arbitrarily small constant probability of happening without the attack, there always is a (k,p)-poisoning attack that increases the probability of B from μ to by μ1pk/m=μ+Ω(pk/m). Our attack only uses clean labels, and it is online. More generally, we prove that for any bounded function defined over an -step random process , an adversary who can override each of the blocks with \emph{even dependent} probability can increase the expected output by at least .

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Published elsewhere. Minor revision. ICML 2019
Keywords
BiasingCoin-TossingPoisoningMulti-party learning
Contact author(s)
mohammad @ virginia edu
History
2021-11-04: revised
2018-09-20: received
See all versions
Short URL
https://ia.cr/2018/854
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/854,
      author = {Saeed Mahloujifar and Mahammad Mahmoody and Ameer Mohammed},
      title = {Universal Multi-Party Poisoning Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/854},
      year = {2018},
      url = {https://eprint.iacr.org/2018/854}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.