Home Research Papers Datasets State of the Art Pricing

Discover, visualize, and connect AI research papers. Explore the latest trends and insights in artificial intelligence research.

Product

Home
Research Papers
About

Support

Contact
Terms of Service
Privacy Policy

© 2026 Papersgraph. All rights reserved.

adversarial-4

Data Poisoning

3260 papers • 126 benchmarks • 313 datasets

Data Poisoning is an adversarial attack that tries to manipulate the training dataset in order to control the prediction behavior of a trained model such that the model will label malicious examples into a desired classes (e.g., labeling spam e-mails as safe). Source: Explaining Vulnerabilities to Adversarial Machine Learning through Visual Analytics

(Image credit: Papersgraph)

Benchmarks

These leaderboards are used to track progress in data-poisoning-4

Trend

Dataset

Best Model

Actions

No benchmarks available.

Libraries

i

Use these libraries to find data-poisoning-4 models and implementations

JonasGeiping/poisoning-gradient-mat…

3 papers 78

Datasets

No datasets available.

Subtasks

No subtasks available.

Most implemented papers

Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks

T. Goldstein, Mahyar Najibi, W. R. Huang, Ali Shafahi, Christoph Studer, Octavian Suciu, Tudor Dumitras•Sat Mar 31 2018

This paper explores poisoning attacks on neural nets using "clean-labels", an optimization-based method for crafting poisons, and shows that just one single poison image can control classifier behavior when transfer learning is used.

1217

Content

Introduction Benchmarks Datasets Subtasks Libraries Papers

JonasGeiping/data-poisoning

3 papers 47

0

How To Backdoor Federated Learning

Vitaly Shmatikov, Andreas Veit, Yiqing Hua, Eugene Bagdasarian, D. Estrin•Sun Jul 01 2018

This work designs and evaluates a new model-poisoning methodology based on model replacement and demonstrates that any participant in federated learning can introduce hidden backdoor functionality into the joint global model, e.g., to ensure that an image classifier assigns an attacker-chosen label to images with certain features.

2338 0

Analysis and Detectability of Offline Data Poisoning Attacks on Linear Dynamical Systems

Alessio Russo•Tue Nov 15 2022

A stealthy data poisoning attack on the least-squares estimator that can escape classical statistical tests is proposed, and the efficiency of the proposed attack is shown.

3 0

Certified Defenses for Data Poisoning Attacks

Percy Liang, Pang Wei Koh, J. Steinhardt•Thu Jun 08 2017

This work addresses the worst-case loss of a defense in the face of a determined attacker by constructing approximate upper bounds on the loss across a broad family of attacks, for defenders that first perform outlier removal followed by empirical risk minimization.

833 0

Stronger data poisoning attacks break data sanitization defenses

Percy Liang, Pang Wei Koh, J. Steinhardt•Thu Nov 01 2018

Three attacks are developed that can bypass a broad range of common data sanitization defenses, including anomaly detectors based on nearest neighbors, training loss, and singular-value decomposition, and the Karush–Kuhn–Tucker conditions.

272 0

TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents

Susmit Jha, Panagiota Kiourti, Kacper Wardega, Wenchao Li•Thu Feb 28 2019

This work focuses on Trojan attacks that augment the function of reinforcement learning policies with hidden behaviors that can be implemented through minuscule data poisoning and in-band reward modification that does not affect the reward on normal inputs.

60 0

Penalty Method for Inversion-Free Deep Bilevel Optimization

Akshay Mehra, Jihun Hamm•Thu Nov 07 2019

This paper proposes a new method for solving bilevel optimization problems using the classical penalty function approach which avoids computing the inverse and can also handle additional constraints easily and proves the convergence of the method under mild conditions and shows that the exact hypergradient is obtained asymptotically.

52 0

Radioactive data: tracing through training

Matthijs Douze, Herv'e J'egou, Alexandre Sablayrolles, C. Schmid•Sun Feb 02 2020

A new technique is proposed that makes imperceptible changes to this dataset such that any model trained on it will bear an identifiable mark, robust to data augmentation and the stochasticity of deep network optimization.

101 0

MetaPoison: Practical General-purpose Clean-label Data Poisoning

T. Goldstein, Jonas Geiping, W. R. Huang, Liam H. Fowl, Gavin Taylor•Tue Mar 31 2020

This work poses crafting poisons more generally as a bi-level optimization problem, where the inner level corresponds to training a network on a poisoned dataset and the outer level corresponding to updating those poisons to achieve a desired behavior on the trained model, and proposes MetaPoison, a first-order method to solve this optimization quickly.

218 0

Just How Toxic is Data Poisoning? A Unified Benchmark for Backdoor and Data Poisoning Attacks

John P. Dickerson, Micah Goldblum, Avi Schwarzschild, T. Goldstein, Arjun Gupta•Sun Jun 21 2020

Unified benchmarks for data poisoning and backdoor attacks are developed in order to promote fair comparison in future work and to find that existing poisoning methods have been tested in contrived scenarios, and they fail in realistic settings.

194 0

Adding a benchmark result helps the community track progress.

Data Poisoning | State-of-the-Art