Evaluating Data Poisoning Attacks and Defenses: Toward More Resilient Protection

Research Poster Engineering 2025 Graduate Exhibition

Presentation by Chaeeun Han

Exhibition Number 133

Abstract

As machine learning becomes increasingly integral across various domains, it faces significant security threats, particularly from data poisoning attacks. These attacks introduce imperceptible manipulations into training data to corrupt models’ decision-making processes, exposing critical applications to substantial risks. Current defense methods often fall short due to high false-positive rates or computational inefficiencies, leaving systems vulnerable. In this study, we systematically evaluate state-of-the-art attack and defense models under uniform experimental conditions. We investigate their performance across various threat models, training modes, and class configurations. Our findings reveal that both attack and defense methods are highly sensitive to these parameters. Many existing defenses misclassify clean data as poisoned, especially when prior knowledge is absent. Moreover, the substantial computational resources required by current approaches significantly limit their practical application in real-world scenarios. To address these challenges, we are working on building novel defense strategies that incorporate a small set of known poisoned and clean examples into the data-cleaning process. These emerging methods aim to improve detection accuracy and computational efficiency while minimizing the removal of legitimate data. By integrating labeled subsets into defense mechanisms, our research sets the stage for the development of more robust, efficient, and resilient machine learning systems against adversarial attacks. Overall, our study provides critical insights into the limitations of current approaches and establishes a benchmark for future advancements in securing machine learning applications from evolving data poisoning threats. This work lays a foundation for enhancing security and reliability in future machine learning systems.

Importance

Data poisoning attacks pose a severe threat to machine learning systems, undermining the reliability and security of critical applications. In this study, we conduct a comprehensive evaluation of state-of-the-art attack and defense methods under standardized experimental conditions. Our analysis spans various threat models, training modes, and class configurations, revealing that many existing defenses are prone to misclassifying clean data as poisoned and suffer from high computational demands. By systematically assessing these methods, our work identifies key vulnerabilities and limitations in current approaches, providing essential insights for the development of more robust defenses. This evaluation establishes a crucial benchmark, guiding future efforts to enhance the resilience and efficiency of machine learning security measures. Ultimately, our findings propel progress in secure ML.

Comments