WEKO3
アイテム
Parameter Matching Attack: Enhancing Practical Applicability of Availability Attacks
https://ipsj.ixsq.nii.ac.jp/records/240995
https://ipsj.ixsq.nii.ac.jp/records/24099513cab78c-d27d-47f5-becc-8f60fbffc56c
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-CSS2024249.pdf (428.4 kB)
2026年10月15日からダウンロード可能です。
|
Copyright (c) 2024 by the Information Processing Society of Japan
|
|
| 非会員:¥660, IPSJ:学会員:¥330, CSEC:会員:¥0, SPT:会員:¥0, DLIB:会員:¥0 | ||
| Item type | Symposium(1) | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2024-10-15 | |||||||||
| タイトル | ||||||||||
| 言語 | en | |||||||||
| タイトル | Parameter Matching Attack: Enhancing Practical Applicability of Availability Attacks | |||||||||
| タイトル | ||||||||||
| 言語 | en | |||||||||
| タイトル | Parameter Matching Attack: Enhancing Practical Applicability of Availability Attacks | |||||||||
| 言語 | ||||||||||
| 言語 | eng | |||||||||
| キーワード | ||||||||||
| 主題Scheme | Other | |||||||||
| 主題 | Availability attack, Data poisoning, Data security | |||||||||
| 資源タイプ | ||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_5794 | |||||||||
| 資源タイプ | conference paper | |||||||||
| 著者所属 | ||||||||||
| RIKEN AIP | ||||||||||
| 著者所属 | ||||||||||
| Tokyo Institute of Technology; RIKEN AIP | ||||||||||
| 著者所属(英) | ||||||||||
| en | ||||||||||
| RIKEN AIP | ||||||||||
| 著者所属(英) | ||||||||||
| en | ||||||||||
| Tokyo Institute of Technology; RIKEN AIP | ||||||||||
| 著者名 |
Yu, Zhe
× Yu, Zhe
× Jun, Sakuma
|
|||||||||
| 著者名(英) |
Yu, Zhe
× Yu, Zhe
× Jun, Sakuma
|
|||||||||
| 論文抄録 | ||||||||||
| 内容記述タイプ | Other | |||||||||
| 内容記述 | The widespread use of personal data for training machine learning models raises significant privacy concerns, as individuals have limited control over how their public data is subsequently utilized. Availability attacks have emerged as a means for data owners to safeguard their data by designing imperceptible perturbations that degrade model performance when incorporated into training datasets. However, existing availability attacks exhibit limitations in practical applicability, particularly when only a portion of the data can be perturbed. To address this challenge, we propose a novel availability attack approach termed Parameter Matching Attack (PMA). PMA is the first availability attack that works when only a portion of data can be perturbed. PMA optimizes perturbations so that when the model is trained on a mixture of clean and perturbed data, the resulting model will approach a model designed to perform poorly. Experimental results across four datasets demonstrate that PMA outperforms existing methods, achieving significant model performance degradation when a part of the training data is perturbed. | |||||||||
| 論文抄録(英) | ||||||||||
| 内容記述タイプ | Other | |||||||||
| 内容記述 | The widespread use of personal data for training machine learning models raises significant privacy concerns, as individuals have limited control over how their public data is subsequently utilized. Availability attacks have emerged as a means for data owners to safeguard their data by designing imperceptible perturbations that degrade model performance when incorporated into training datasets. However, existing availability attacks exhibit limitations in practical applicability, particularly when only a portion of the data can be perturbed. To address this challenge, we propose a novel availability attack approach termed Parameter Matching Attack (PMA). PMA is the first availability attack that works when only a portion of data can be perturbed. PMA optimizes perturbations so that when the model is trained on a mixture of clean and perturbed data, the resulting model will approach a model designed to perform poorly. Experimental results across four datasets demonstrate that PMA outperforms existing methods, achieving significant model performance degradation when a part of the training data is perturbed. | |||||||||
| 書誌情報 |
コンピュータセキュリティシンポジウム2024論文集 p. 1869-1876, 発行日 2024-10-15 |
|||||||||
| 出版者 | ||||||||||
| 言語 | ja | |||||||||
| 出版者 | 情報処理学会 | |||||||||
