Record summary
A quick snapshot of what this page covers.
Attack context
How this AI attack works in practice.
- ATLAS ID
- AML.T0019
- Priority score
- 89
Mitigations
Defenses that may help against this attack.
AML.M0023 - AI Bill of Materials
An AI BOM can help users identify untrustworthy model artifacts.
AML.M0025 - Maintain AI Dataset Provenance
Maintaining a detailed history of datasets can help identify use of poisoned datasets from public sources.
AML.M0014 - Verify AI Artifacts
Determine validity of published data in order to avoid using poisoned data that introduces vulnerabilities.
Case studies
Examples from public reports and exercises.
Web-Scale Data Poisoning: Split-View Attack
Many recent large-scale datasets are distributed as a list of URLs pointing to individual datapoints. The researchers show that many of these datasets are vulnerable to a "split-view" poisoning attack. The attack exploits the fact that the data viewed when it was initially collected may differ from the data viewed by a user during training. The researchers identify expired and buyable domains that once hosted dataset content, making it possible to replace portions of the dataset with poisoned data. They demonstrate that for 10 popular web-scale datasets, enough of the domains are purchasable to successfully carry out a poisoning attack.
Source
Where this page information comes from.
Original source
Original source links
Open the public records and source datasets used for this page.