Research On Data Poisoning Attack And Defense On Regression Model

With the widespread application of machine learning,machine learning algorithms are no longer the proprietary technology of Internet companies.More and more nonInternet companies use machine learning algorithms to solve problems through third parties.A malicious attacker will achieve the purpose of the attack by manipulating the third-party machine learning training process.In order to better protect the rights of victims and third parties,and improve the robustness of machine learning algorithms,this article conducts in-depth research on the attack and defense of machine learning algorithms:1.Linear Regression Data Poisoning Attack:By improving and redefining the target of the attacker in the existing attack model,we established a new optimizationbased linear regression data poisoning attack algorithm called Nopt.We verifies on multiple data sets that compared to the latest technology called Opt(IEEE S&P 2018),the Nopt attack is more effective for the training set with the same poisoning ratio.2.Logistic Regression Data Poisoning Attack:We consider the optimization of the logistic regression problem of poisoning in the confrontation training,evaluates the data poisoning attack of three logistic regression models,and verifies the effectiveness of the logistic regression data poisoning attack on multiple data sets.3.Defense algorithm innovation point:We define a new defense algorithm against linear regression algorithms,called Proda.This paper is the first work to introduce the concept of probability estimation of pollution-free data points into defense algorithms.This paper verifies in multiple data sets that Proda can significantly reduce the effectiveness of data poisoning attack algorithms.In addition,the time complexity of Proda is also lower than the latest linear regression defense algorithm TRIM(IEEE S&P 2018).We is the first batch of regression models to systematically design,develop and evaluate poisoning attacks and defenses.We hope that this work can stimulate further research to develop more powerful learning algorithms to resist poisoning attacks.