Leveraging imperfect restoration for data availability attack
The abundance of online data is at risk of unauthorized usage in training deep learning models. To counter this, various Data Availability Attacks (DAAs) have been devised to make data unlearnable for such models by subtly perturbing the training data. However, existing attacks often excel against e...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/179131 https://eccv.ecva.net/virtual/2024/poster/1216 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-179131 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1791312024-11-17T15:37:30Z Leveraging imperfect restoration for data availability attack Huang, Yi Styborski, Jeremy Lyu, Mingzhi Wang, Fan Kong, Adams Wai Kin Interdisciplinary Graduate School (IGS) College of Computing and Data Science 18th European Conference on Computer Vision (ECCV 2024) Rapid-Rich Object Search (ROSE) Lab Computer and Information Science Data availability attacks Supervised learning Self-supervised learning The abundance of online data is at risk of unauthorized usage in training deep learning models. To counter this, various Data Availability Attacks (DAAs) have been devised to make data unlearnable for such models by subtly perturbing the training data. However, existing attacks often excel against either Supervised Learning (SL) or Self-Supervised Learning (SSL) scenarios. Among these, a model-free approach that generates a Convolution-based Unlearnable Dataset (CUDA) stands out as the most robust DAA across both SSL and SL. Nonetheless, CUDA's effectiveness against SSL is underwhelming and it faces a severe trade-off between image quality and its poisoning effect. In this paper, we conduct a theoretical analysis of CUDA, uncovering the sub-optimal gradients it introduces and elucidating the strategy it employs to induce class-wise bias for data poisoning. Building on this, we propose a novel poisoning method named Imperfect Restoration Poisoning (IRP), aiming to preserve high image quality while achieving strong poisoning effects. Through extensive comparisons of IRP with eight baselines across SL and SSL, coupled with evaluations alongside five representative defense methods, we showcase the superiority of IRP. Code:https://github.com/lyumingzhi/IRP Info-communications Media Development Authority (IMDA) National Research Foundation (NRF) Submitted/Accepted version This research is supported by the National Research Foundation, Singapore and Infocomm Media Development Authority under its Trust Tech Funding Initiative and Strategic Capability Research Centres Funding Initiative. 2024-11-15T01:48:38Z 2024-11-15T01:48:38Z 2024 Conference Paper Huang, Y., Styborski, J., Lyu, M., Wang, F. & Kong, A. W. K. (2024). Leveraging imperfect restoration for data availability attack. 18th European Conference on Computer Vision (ECCV 2024). https://hdl.handle.net/10356/179131 https://eccv.ecva.net/virtual/2024/poster/1216 en © 2024 ECVA. All rights reserved. This article may be downloaded for personal use only. Any other use requires prior permission of the copyright holder. The Version of Record is available online at https://www.ecva.net/papers.php. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Computer and Information Science Data availability attacks Supervised learning Self-supervised learning |
| spellingShingle |
Computer and Information Science Data availability attacks Supervised learning Self-supervised learning Huang, Yi Styborski, Jeremy Lyu, Mingzhi Wang, Fan Kong, Adams Wai Kin Leveraging imperfect restoration for data availability attack |
| description |
The abundance of online data is at risk of unauthorized usage in training deep learning models. To counter this, various Data Availability Attacks (DAAs) have been devised to make data unlearnable for such models by subtly perturbing the training data. However, existing attacks often excel against either Supervised Learning (SL) or Self-Supervised Learning (SSL) scenarios. Among these, a model-free approach that generates a Convolution-based Unlearnable Dataset (CUDA) stands out as the most robust DAA across both SSL and SL. Nonetheless, CUDA's effectiveness against SSL is underwhelming and it faces a severe trade-off between image quality and its poisoning effect. In this paper, we conduct a theoretical analysis of CUDA, uncovering the sub-optimal gradients it introduces and elucidating the strategy it employs to induce class-wise bias for data poisoning. Building on this, we propose a novel poisoning method named Imperfect Restoration Poisoning (IRP), aiming to preserve high image quality while achieving strong poisoning effects. Through extensive comparisons of IRP with eight baselines across SL and SSL, coupled with evaluations alongside five representative defense methods, we showcase the superiority of IRP. Code:https://github.com/lyumingzhi/IRP |
| author2 |
Interdisciplinary Graduate School (IGS) |
| author_facet |
Interdisciplinary Graduate School (IGS) Huang, Yi Styborski, Jeremy Lyu, Mingzhi Wang, Fan Kong, Adams Wai Kin |
| format |
Conference or Workshop Item |
| author |
Huang, Yi Styborski, Jeremy Lyu, Mingzhi Wang, Fan Kong, Adams Wai Kin |
| author_sort |
Huang, Yi |
| title |
Leveraging imperfect restoration for data availability attack |
| title_short |
Leveraging imperfect restoration for data availability attack |
| title_full |
Leveraging imperfect restoration for data availability attack |
| title_fullStr |
Leveraging imperfect restoration for data availability attack |
| title_full_unstemmed |
Leveraging imperfect restoration for data availability attack |
| title_sort |
leveraging imperfect restoration for data availability attack |
| publishDate |
2024 |
| url |
https://hdl.handle.net/10356/179131 https://eccv.ecva.net/virtual/2024/poster/1216 |
| _version_ |
1816859039319982080 |