Threats on Machine Learning Technique by Data Poisoning Attack: A Survey

Ahmed, Ibrahim S.; Kashmoola, Manar

doi:10.1007/978-981-16-8059-5_36

Cited by 25 publications

(13 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Attacking online platforms is often possible [2,33], where the ultimate goal of an attacker is to exploit vulnerabilities in the platform's algorithms and generate malicious results that further their interests. [1,12]. Data poisoning attack is one of such harmful and practical attacks [1,41,42], where false information and malicious inputs are injected into the dataset to train a model, resulting in biased or incorrect predictions [26,38].…”

Section: Related Work 21 Data Poisoning Attackmentioning

confidence: 99%

“…On online job platforms, in general, several vulnerabilities exist: (1) it is easy to create multiple accounts of job seekers (although such clearly violates terms-of-services); (2) it is easy for job seekers to write fake experiences in their resumes (thus "fake resumes"); and (3) most of users' career trajectories that prediction models are trained with are self-reported but seldom validated due to high cost to authenticate such trajectories with official documents. A recent episode in 2022 demonstrated this vulnerability well, where 1,000 non-existent Chinese SpaceX engineers with fake profiles were found registered on LinkedIn 1 . Compared with other adversarial attacks (e.g., graph adversarial attack [4,11,46]), therefore, a data poisoning attack via fake resumes present significant advantages for adversaries to attack (while significant challenges for online job platforms to defend), yet our understanding on the attacks and potential defenses on online job platforms is rather limited.…”

mentioning

confidence: 94%

“…To mitigate this gap in understanding, using the career prediction as target downstream task, we formulate three attack scenarios: (1) company promotion attack: amplifying the likelihood of target companies in the prediction model's result; (2) company demotion attack: diminishing the likelihood of target companies in the prediction model's result; (3) user promotion attack: amplifying the likelihood of target users being matched to certain companies, and propose a novel data poisoning attack, titled FRANCIS (Fake Resume-based dAta poisoNing attaCks on onlIne job platformS), which generates realistic fake resumes to mislead career prediction models. Figure 1 illustrates a concept of FRANCIS.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Fake Resume Attacks: Data Poisoning on Online Job Platforms

Yamashita,

Tran,

Lee

2024

Proceedings of the ACM Web Conference 2024

View full text Add to dashboard Cite

While recent studies have exposed various vulnerabilities incurred from data poisoning attacks in many web services, little is known about the vulnerability on online professional job platforms (e.g., LinkedIn and Indeed). In this work, first time, we demonstrate the critical vulnerabilities found in the common Human Resources (HR) task of matching job seekers and companies on online job platforms. Capitalizing on the unrestricted format and contents of job seekers' resumes and easy creation of accounts on job platforms, we demonstrate three attack scenarios: (1) company promotion attack to increase the likelihood of target companies being recommended, (2) company demotion attack to decrease the likelihood of target companies being recommended, and (3) user promotion attack to increase the likelihood of certain users being matched to certain companies. To this end, we develop an end-to-end "fake resume" generation framework, titled FRANCIS, that induces systematic prediction errors via data poisoning. Our empirical evaluation on real-world datasets reveals that data poisoning attacks can markedly skew the results of matchmaking between job seekers and companies, regardless of underlying models, with vulnerability amplified in proportion to poisoning intensity. These findings suggest that the outputs of various services from job platforms can be potentially hacked by malicious users. Our framework is available at: https://tinyurl.com/fr-attacks. CCS CONCEPTS• Security and privacy → Web application security.

show abstract

Section: Related Work 21 Data Poisoning Attackmentioning

confidence: 99%

mentioning

confidence: 94%

mentioning

confidence: 99%

See 1 more Smart Citation

Fake Resume Attacks: Data Poisoning on Online Job Platforms

Yamashita,

Tran,

Lee

2024

Proceedings of the ACM Web Conference 2024

View full text Add to dashboard Cite

show abstract

“…Machine learning consists of two stages: the training stage and the testing stage. The poisoning attack [19,20] is the best-known attack method in the training stage, and the attacks aiming at the testing stage include the membership inference attack [21], the evasion attack [22], and the model extraction attack [23,24]. In this paper, we study security and privacy issues in the testing stage of BRFD.…”

Section: Introductionmentioning

confidence: 99%

Homomorphic encryption based privacy-aware intelligent forwarding mechanism for NDN-VANET

Xian

Wang

Jiang

et al. 2023

ComSIS

View full text Add to dashboard Cite

Machine learning has been widely used for intelligent forwarding strategy in Vehicular Ad-Hoc Networks (VANET). However, machine learning has serious security and privacy issues. BRFD is a smart Receiver Forwarding Decision solution based on Bayesian theory for Named Data Vehicular Ad-Hoc Networks (NDN-VANET). In BRFD, every vehicle that received an interest packet is required to make a forwarding decision according to the collected network status information. And then decides whether it will forward the received interest packet or not. Therefore, the privacy information of a vehicle can be revealed to other vehicles during information exchange of the network status. In this paper, a Privacy-Aware intelligent forwarding solution PABRFD is proposed by integrating Homomorphic Encryption (HE) into the improved BRFD. In PABRFD, a secure Bayesian classifier is used to resolve the security and privacy issues of information exchanged among vehicle nodes. We informally prove that this new scheme can satisfy security requirements and we implement our solution based on HE standard libraries CKKS and BFV. The experimental results show that PABRFD can satisfy our expected performance requirements.

show abstract

“…Despite their success at solving many NLP problems, the transformers are vulnerable to adversarial attacks [2][3][4]. The attack that we are examining belongs to a family of data poisoning attacks [5,6]. Data poisoning attacks are backdoor attacks -where the training data is "poisoned" by inserting "artifacts" into the repositories.…”

Section: Introductionmentioning

confidence: 99%

A Compound Data Poisoning Technique with Significant Adversarial Effects on Transformer-based Text Classification Tasks

Begoli

Mahbub

Sriniva

et al. 2023

Preprint

View full text Add to dashboard Cite

Transformer-based models have demonstrated much success in various natural language processing (NLP) tasks. However, they are often vulnerable to adversarial attacks, such as data poisoning, that can intentionally fool the model into generating incorrect results. In this paper, we present a novel, compound variant of a data poisoning attack on a transformer-based model that maximizes the poisoning effect while minimizing the scope of poisoning. We do so by combining the established data poisoning technique (label flipping) with a novel adversarial artifact selection and insertion technique aimed at minimizing detectability and the scope of the poisoning footprint. We find that using a combination of these two techniques, we achieve a state-of-the-art attack success rate (ASR) of ~90% while poisoning only 0.5% of the original training set, thus minimizing the scope and detectability of the poisoning action.

show abstract

Threats on Machine Learning Technique by Data Poisoning Attack: A Survey

Cited by 25 publications

References 39 publications

Fake Resume Attacks: Data Poisoning on Online Job Platforms

Fake Resume Attacks: Data Poisoning on Online Job Platforms

Homomorphic encryption based privacy-aware intelligent forwarding mechanism for NDN-VANET

A Compound Data Poisoning Technique with Significant Adversarial Effects on Transformer-based Text Classification Tasks

Contact Info

Product

Resources

About