{"title":"通过中毒攻击在事件序列数据中隐藏后门","authors":"A. Ermilova, E. Kovtun, D. Berestnev, A. Zaytsev","doi":"10.1134/S1064562424602221","DOIUrl":null,"url":null,"abstract":"<p>Deep learning’s emerging role in the financial sector’s decision-making introduces risks of adversarial attacks. A specific threat is a poisoning attack that modifies the training sample to develop a backdoor that persists during model usage. However, data cleaning procedures and routine model checks are easy-to-implement actions that prevent the usage of poisoning attacks. The problem is even more challenging for event sequence models, for which it is hard to design an attack due to the discrete nature of the data. We start with a general investigation of the possibility of poisoning for event sequence models. Then, we propose a concealed poisoning attack that can bypass natural banks’ defences. The empirical investigation shows that the developed poisoned model trained on contaminated data passes the check procedure, being similar to a clean model, and simultaneously contains a simple to-implement backdoor.</p>","PeriodicalId":531,"journal":{"name":"Doklady Mathematics","volume":"110 1 supplement","pages":"S288 - S298"},"PeriodicalIF":0.5000,"publicationDate":"2025-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1134/S1064562424602221.pdf","citationCount":"0","resultStr":"{\"title\":\"Hiding Backdoors within Event Sequence Data via Poisoning Attacks\",\"authors\":\"A. Ermilova, E. Kovtun, D. Berestnev, A. Zaytsev\",\"doi\":\"10.1134/S1064562424602221\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Deep learning’s emerging role in the financial sector’s decision-making introduces risks of adversarial attacks. A specific threat is a poisoning attack that modifies the training sample to develop a backdoor that persists during model usage. However, data cleaning procedures and routine model checks are easy-to-implement actions that prevent the usage of poisoning attacks. The problem is even more challenging for event sequence models, for which it is hard to design an attack due to the discrete nature of the data. We start with a general investigation of the possibility of poisoning for event sequence models. Then, we propose a concealed poisoning attack that can bypass natural banks’ defences. The empirical investigation shows that the developed poisoned model trained on contaminated data passes the check procedure, being similar to a clean model, and simultaneously contains a simple to-implement backdoor.</p>\",\"PeriodicalId\":531,\"journal\":{\"name\":\"Doklady Mathematics\",\"volume\":\"110 1 supplement\",\"pages\":\"S288 - S298\"},\"PeriodicalIF\":0.5000,\"publicationDate\":\"2025-03-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://link.springer.com/content/pdf/10.1134/S1064562424602221.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Doklady Mathematics\",\"FirstCategoryId\":\"100\",\"ListUrlMain\":\"https://link.springer.com/article/10.1134/S1064562424602221\",\"RegionNum\":4,\"RegionCategory\":\"数学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"MATHEMATICS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Doklady Mathematics","FirstCategoryId":"100","ListUrlMain":"https://link.springer.com/article/10.1134/S1064562424602221","RegionNum":4,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"MATHEMATICS","Score":null,"Total":0}
Hiding Backdoors within Event Sequence Data via Poisoning Attacks
Deep learning’s emerging role in the financial sector’s decision-making introduces risks of adversarial attacks. A specific threat is a poisoning attack that modifies the training sample to develop a backdoor that persists during model usage. However, data cleaning procedures and routine model checks are easy-to-implement actions that prevent the usage of poisoning attacks. The problem is even more challenging for event sequence models, for which it is hard to design an attack due to the discrete nature of the data. We start with a general investigation of the possibility of poisoning for event sequence models. Then, we propose a concealed poisoning attack that can bypass natural banks’ defences. The empirical investigation shows that the developed poisoned model trained on contaminated data passes the check procedure, being similar to a clean model, and simultaneously contains a simple to-implement backdoor.
期刊介绍:
Doklady Mathematics is a journal of the Presidium of the Russian Academy of Sciences. It contains English translations of papers published in Doklady Akademii Nauk (Proceedings of the Russian Academy of Sciences), which was founded in 1933 and is published 36 times a year. Doklady Mathematics includes the materials from the following areas: mathematics, mathematical physics, computer science, control theory, and computers. It publishes brief scientific reports on previously unpublished significant new research in mathematics and its applications. The main contributors to the journal are Members of the RAS, Corresponding Members of the RAS, and scientists from the former Soviet Union and other foreign countries. Among the contributors are the outstanding Russian mathematicians.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
