Learner-Independent Targeted Data Omission Attacks

Abstract

In this paper we introduce the $ {data \ omission \ attack}$—a new type of attack against learning mechanisms. The attack can be seen as a specific type of a poisoning attack. However, while poisoning attacks typically corrupt data in various ways including addition, omission and modification, to optimize the attack, we focus on omission only, which is much simpler to implement and analyze. A major advantage of our attack method is its generality. While poisoning attacks are usually optimized for a specific learner and prove ineffective against others, our attack is effective against a variety of learners. We demonstrate this effectiveness via a series of attack experiments against various learning mechanisms. We show that, with a relatively low attack budget, our omission attack succeeds regardless of the target learner.