Data Poisoning on Deep Learning Models

摘要

Deep learning is a form of artificial intelligence (AI) that has seen rapid development and deployment in computer software as a means to implementing AI functionality with greater efficiency and ease as compared to other alternative AI solutions, with usage seen in systems varying from search and recommendation engines to autonomous vehicles. With the demand for deep learning algorithms that can perform increasingly complex tasks in a shorter time frame growing at an exponential pace, the developments in the efficiency and productivity of algorithms has far outpaced that of the security of such algorithms, drawing concerns over the many unaddressed vulnerabilities that may be exploited to compromise the integrity of these software. This study investigated the ability of poisoning attacks, a form of attack targeting the vulnerability of deep learning training data, to compromise the integrity of a deep learning model’s classificational functionality. Experimentation involved the processing of training data sets with varying deep learning models and the incremental introduction of poisoned data sets to view the efficacy of a poisoning attack under multiple circumstances and correlate such with aspects of the model’s design conditions. Analysis of results showed evidence of a decrease of classificational ability correlating with an increase of poison percentage in the training data sets, but the scale of which the decrease occurred varied with the specified parameters in the model design. Based on this, it was concluded that poisoning can provide varying levels of damage to deep learning classificational ability depending on the parameters utilized in the model design, and methods to countermeasure such were proposed, such as increasing epoch count, implementing mechanisms bolstering model fit, and integrating input level filtration systems.