一种基于数据复杂度的投毒数据检测方法

针对机器学习模型训练过程中攻击者可以利用修改原始训练数据生成投毒数据的方式对机器学习模型进行投毒攻击的问题，提出一种基于数据复杂度的投毒数据检测方法。该方法在正常数据集的基础上，应用梯度上升策略对正常数据集内的样本实例进行自我投毒，通过挖掘自我投毒产生的投毒数据对正常数据集数据复杂度的影响，训练能够辨别投毒数据的检测模型。该方法在选定的应用场景中的检测准确率比现有方法有更好的效果。实验结果表明，投毒数据能够有效降低机器学习模型预测能力，应用基于数据复杂度的检测方法能够有效检测投毒数据，降低投毒数据对模型预测能力的不良影响。

Method for detecting poisoning data based on data complexity

Aiming at the problem that the attacker can modify original training data to generate poisoned data to poison the machine learning model in the process of training the model, this paper proposed a poisoned data detection method based on data complexity. On the basis of the normal data set, the method poisoned the sample instances in the normal data set based on a direct gradient ascent strategy, and exploited the influence of the poisoned data on the data complexity of the normal data set to build a detection model that can identify the poisoned data. The detection accuracy of this method in selected application scenarios was better than the existing method. The experimental results show that the poisoned data can effectively reduce the predictive ability of the machine learning model, and the application of the method based on data complexity can effectively detect the poisoning data and reduce the adverse effects of the poisoned data on the model prediction ability.