{"id":"https://openalex.org/W3037974410","doi":"https://doi.org/10.1145/3460120.3485368","title":"Subpopulation Data Poisoning Attacks","display_name":"Subpopulation Data Poisoning Attacks","publication_year":2021,"publication_date":"2021-11-12","ids":{"openalex":"https://openalex.org/W3037974410","doi":"https://doi.org/10.1145/3460120.3485368","mag":"3037974410"},"language":"en","primary_location":{"id":"doi:10.1145/3460120.3485368","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3485368","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2006.14026","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5054655342","display_name":"Matthew Jagielski","orcid":"https://orcid.org/0000-0002-9749-0696"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Matthew Jagielski","raw_affiliation_strings":["Northeastern University, Boston, MA, USA","Northeastern University , Boston, MA, USA"],"affiliations":[{"raw_affiliation_string":"Northeastern University, Boston, MA, USA","institution_ids":["https://openalex.org/I12912129"]},{"raw_affiliation_string":"Northeastern University , Boston, MA, USA","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054966546","display_name":"Giorgio Severi","orcid":"https://orcid.org/0000-0002-0031-2683"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Giorgio Severi","raw_affiliation_strings":["Northeastern University, Boston, MA, USA","Northeastern University , Boston, MA, USA"],"affiliations":[{"raw_affiliation_string":"Northeastern University, Boston, MA, USA","institution_ids":["https://openalex.org/I12912129"]},{"raw_affiliation_string":"Northeastern University , Boston, MA, USA","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014250337","display_name":"Niklas Pousette Harger","orcid":null},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Niklas Pousette Harger","raw_affiliation_strings":["Northeastern University, Boston, MA, USA","Northeastern University , Boston, MA, USA"],"affiliations":[{"raw_affiliation_string":"Northeastern University, Boston, MA, USA","institution_ids":["https://openalex.org/I12912129"]},{"raw_affiliation_string":"Northeastern University , Boston, MA, USA","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5035574749","display_name":"Alina Oprea","orcid":"https://orcid.org/0000-0002-4979-5292"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alina Oprea","raw_affiliation_strings":["Northeastern University, Boston, MA, USA","Northeastern University , Boston, MA, USA"],"affiliations":[{"raw_affiliation_string":"Northeastern University, Boston, MA, USA","institution_ids":["https://openalex.org/I12912129"]},{"raw_affiliation_string":"Northeastern University , Boston, MA, USA","institution_ids":["https://openalex.org/I12912129"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5054655342"],"corresponding_institution_ids":["https://openalex.org/I12912129"],"apc_list":null,"apc_paid":null,"fwci":1.2597,"has_fulltext":true,"cited_by_count":15,"citation_normalized_percentile":{"value":0.8305534,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"3104","last_page":"3122"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.9858999848365784,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.8879967927932739},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.749742865562439},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.6968227624893188},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.6269835233688354},{"id":"https://openalex.org/keywords/modular-design","display_name":"Modular design","score":0.5560787320137024},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.544675350189209},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.5332201719284058},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5306362509727478},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4735676050186157}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.8879967927932739},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.749742865562439},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.6968227624893188},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6269835233688354},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.5560787320137024},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.544675350189209},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.5332201719284058},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5306362509727478},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4735676050186157},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/3460120.3485368","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3485368","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2006.14026","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2006.14026","pdf_url":"https://arxiv.org/pdf/2006.14026","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"mag:3037974410","is_oa":true,"landing_page_url":"https://arxiv.org/pdf/2006.14026.pdf","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},{"id":"doi:10.48550/arxiv.2006.14026","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2006.14026","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2006.14026","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2006.14026","pdf_url":"https://arxiv.org/pdf/2006.14026","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"sustainable_development_goals":[{"score":0.46000000834465027,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2043895709","display_name":null,"funder_award_id":"W911NF-13-2-0045","funder_id":"https://openalex.org/F4320338295","funder_display_name":"Army Research Laboratory"},{"id":"https://openalex.org/G3732666562","display_name":null,"funder_award_id":"W911NF-13","funder_id":"https://openalex.org/F4320338295","funder_display_name":"Army Research Laboratory"},{"id":"https://openalex.org/G5259331294","display_name":null,"funder_award_id":"W911NF","funder_id":"https://openalex.org/F4320338295","funder_display_name":"Army Research Laboratory"},{"id":"https://openalex.org/G8000996158","display_name":null,"funder_award_id":"W911NF-13-2-0045","funder_id":"https://openalex.org/F4320338456","funder_display_name":"DEVCOM Army Research Laboratory"}],"funders":[{"id":"https://openalex.org/F4320315784","display_name":"U.S. Army Combat Capabilities Development Command Soldier Center","ror":"https://ror.org/02rdkx920"},{"id":"https://openalex.org/F4320338295","display_name":"Army Research Laboratory","ror":"https://ror.org/011hc8f90"},{"id":"https://openalex.org/F4320338456","display_name":"DEVCOM Army Research Laboratory","ror":null}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3037974410.pdf","grobid_xml":"https://content.openalex.org/works/W3037974410.grobid-xml"},"referenced_works_count":77,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W1552056088","https://openalex.org/W1686810756","https://openalex.org/W2007562169","https://openalex.org/W2033368661","https://openalex.org/W2038296020","https://openalex.org/W2064675550","https://openalex.org/W2100960835","https://openalex.org/W2101234009","https://openalex.org/W2105037940","https://openalex.org/W2108598243","https://openalex.org/W2112507308","https://openalex.org/W2113459411","https://openalex.org/W2165698076","https://openalex.org/W2167421362","https://openalex.org/W2293844262","https://openalex.org/W2530395818","https://openalex.org/W2535690855","https://openalex.org/W2549139847","https://openalex.org/W2574797807","https://openalex.org/W2592232824","https://openalex.org/W2597603852","https://openalex.org/W2603766943","https://openalex.org/W2748789698","https://openalex.org/W2772825438","https://openalex.org/W2774423163","https://openalex.org/W2788481061","https://openalex.org/W2795435272","https://openalex.org/W2799420851","https://openalex.org/W2804935296","https://openalex.org/W2807363941","https://openalex.org/W2889357760","https://openalex.org/W2898998737","https://openalex.org/W2900018096","https://openalex.org/W2900120080","https://openalex.org/W2916360674","https://openalex.org/W2934843808","https://openalex.org/W2942091739","https://openalex.org/W2962763344","https://openalex.org/W2963058500","https://openalex.org/W2963163009","https://openalex.org/W2963207607","https://openalex.org/W2963262394","https://openalex.org/W2963341956","https://openalex.org/W2963343288","https://openalex.org/W2963403868","https://openalex.org/W2963777610","https://openalex.org/W2963857521","https://openalex.org/W2964041528","https://openalex.org/W2964135521","https://openalex.org/W2964153729","https://openalex.org/W2964301649","https://openalex.org/W2967540978","https://openalex.org/W2970597249","https://openalex.org/W2970631161","https://openalex.org/W2979826702","https://openalex.org/W2989835735","https://openalex.org/W2995525544","https://openalex.org/W2997591727","https://openalex.org/W3007437825","https://openalex.org/W3017348803","https://openalex.org/W3035261884","https://openalex.org/W3035729345","https://openalex.org/W3037024761","https://openalex.org/W3037144731","https://openalex.org/W3046527848","https://openalex.org/W3101427066","https://openalex.org/W3103836116","https://openalex.org/W3106646114","https://openalex.org/W3107337211","https://openalex.org/W3116515605","https://openalex.org/W3118608800","https://openalex.org/W3120223105","https://openalex.org/W3120740533","https://openalex.org/W3128839796","https://openalex.org/W3131061281","https://openalex.org/W3153022867"],"related_works":["https://openalex.org/W3214399478","https://openalex.org/W2774423163","https://openalex.org/W2963343288","https://openalex.org/W2949506549","https://openalex.org/W2162552722","https://openalex.org/W2773022113","https://openalex.org/W2888975495","https://openalex.org/W2417524550","https://openalex.org/W3205612941","https://openalex.org/W3128233162","https://openalex.org/W3017348803","https://openalex.org/W2969596189","https://openalex.org/W2963422767","https://openalex.org/W2946227741","https://openalex.org/W2753783305","https://openalex.org/W3102139703","https://openalex.org/W3125580714","https://openalex.org/W3048715803","https://openalex.org/W3127283121","https://openalex.org/W3007264885"],"abstract_inverted_index":{"Machine":[0],"learning":[1,25,35,98,188],"systems":[2],"are":[3,66,89,166],"deployed":[4],"in":[5,12,105,129],"critical":[6],"settings,":[7],"but":[8],"they":[9],"might":[10],"fail":[11],"unexpected":[13],"ways,":[14],"impacting":[15],"the":[16,87,103,124,138,174,183],"accuracy":[17],"of":[18,29,94,126,176,185],"their":[19],"predictions.":[20],"Poisoning":[21],"attacks":[22,88,104,122,139,165],"against":[23,179,189],"machine":[24,34,97,187],"induce":[26],"adversarial":[27],"modification":[28],"data":[30,53,132],"used":[31,151],"by":[32],"a":[33,51,57,72,92],"algorithm":[36],"to":[37,116,152,168],"selectively":[38],"change":[39],"its":[40],"output":[41],"when":[42,64],"it":[43,79],"is":[44,61],"deployed.":[45],"In":[46],"this":[47,190],"work,":[48],"we":[49],"introduce":[50],"novel":[52],"poisoning":[54,119],"attack":[55,147],"called":[56],"\\emph{subpopulation":[58],"attack},":[59],"which":[60],"particularly":[62],"relevant":[63],"datasets":[65,95],"large":[67],"and":[68,84,96,111,171],"diverse.":[69],"We":[70,100,142,158],"design":[71],"modular":[73],"framework":[74],"for":[75,91],"subpopulation":[76,121,164],"attacks,":[77,120,181],"instantiate":[78],"with":[80],"different":[81],"building":[82],"blocks,":[83],"show":[85,144],"that":[86,145],"effective":[90],"variety":[93],"models.":[99],"further":[101],"optimize":[102],"continuous":[106],"domains":[107],"using":[108],"influence":[109],"functions":[110],"gradient":[112],"optimization":[113],"methods.":[114],"Compared":[115],"existing":[117,155,177],"backdoor":[118],"have":[123],"advantage":[125],"inducing":[127],"misclassification":[128],"naturally":[130],"distributed":[131],"points":[133],"at":[134],"inference":[135],"time,":[136],"making":[137],"extremely":[140],"stealthy.":[141],"also":[143],"our":[146,180],"strategy":[148],"can":[149],"be":[150],"improve":[153],"upon":[154],"targeted":[156],"attacks.":[157],"prove":[159],"that,":[160],"under":[161],"some":[162],"assumptions,":[163],"impossible":[167],"defend":[169],"against,":[170],"empirically":[172],"demonstrate":[173],"limitations":[175],"defenses":[178],"highlighting":[182],"difficulty":[184],"protecting":[186],"threat.":[191]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":6}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}