Wassim (Wes) Bouaziz, El Mahdi El Mhamdi, Nicolas Usunier

This work demonstrates, in a theoretical worst-case scenario, that data poisoning attacks can mimick gradient attacks by inverting gradients. This work demonstrates an empirical upper-bound on the damage that can be achieved by data poisoning attacks. While more constrained than gradient attacks, we demonstrate that data poisoning attacks still have room for effective attacks.

Updated: