Data poisoning refers to a method of attack in which an adversary deliberately introduces misleading or harmful data into a 機械学習 (ML) training dataset. The objective of this malicious act is to compromise the integrity of the ML model, leading to incorrect predictions or classifications when the model is deployed in real-world applications.
多くの機械学習において systems, the quality and reliability of the 訓練データ are crucial for the model’s performance. When an attacker successfully implements data poisoning, they can manipulate the learning process by injecting biased or false information. This can result in a model that performs poorly, behaves unpredictably, or even serves the attacker’s goals by making specific predictions that benefit them.
データ汚染はさまざまな形態を取ることがあります。
- ラベル反転: 特定のデータポイントのラベルを変更して、訓練中にモデルを誤導する。
- バックドア攻撃: Inserting specific data patterns that cause the model to behave incorrectly only when those patterns are present.
- 外れ値追加: Introducing extreme or unusual data points that skew the model’s understanding of the normal データ分布.
データ汚染を軽減するには、堅牢な戦略を含む複数の方法が必要です。 データ検証 techniques, 異常検知, and using diverse training datasets to minimize the impact of any single source of data corruption. Continuous monitoring and updating of models can also help to reduce the risk of data poisoning attacks.