Accelerating Poisoning Attack Through Momentum and Adam Algorithms

Abstract

Machine learning has demonstrated promising application prospects in the field of vehicular technology during the past decade, for instance, it effectively propelled the development of autonomous vehicles and intelligent transportation systems. However, machine learning is still vulnerable to numerous malicious attacks. Amongst them, poisoning attack is one of the most severe security threats to the training process of machine learning, where the attacker injects some poisoned samples to the training dataset to make the learned model unavailable. As the crucial part of poisoning attack is generating poisoned samples, most proposals for poisoning attack have employed traditional gradient-based optimization algorithms to optimize the poisoned samples. Nevertheless, conventional gradient-based optimization algorithms are liable to get trapped in local optimums or saddle points and have a slow rate of convergence. As a result, these problems may lead to a reduction of the poisoned samples' effect. To address these issues, we propose two improved gradient-based poisoning attack algorithms. Specifically, in order to accelerate the convergence speed, we propose the first poisoning attack algorithm by employing momentum algorithm. Also, we propose the second poisoning attack algorithm by utilizing adam algorithm, which can get rid of some local optimums and has a faster convergence speed simultaneously. After that, support vector machines (SVM), linear regression and logistics regression are chosen as exemplary algorithms to conduct our attack algorithms and the effectiveness and computational overhead of the two attack algorithms are evaluated. Finally, we propose a countermeasure algorithm, which can detect suspicious samples using mahalanobis distance.