Subpopulation Data Poisoning

[FelixHoare]

Dear all,
I hope this finds you well.
My name is Felix Hoare, I am a final year Computer Science and Artificial Intelligence student at the University of Edinburgh, and for my final year dissertation, I am working on a project called “A Test Suite to Evaluate the Security and Privacy of Machine Learning Models”. During my background research, I came across the Adversarial Robustness Toolbox, and with the direction I am looking to take my project, I am looking at expanding upon the ART, specifically along the lines of “Subpopulation Data Poisoning Attacks” (Jagielski et al, 2021) - I believe that this is both an interesting and important subject for machine learning attacks, and also something not currently covered by the ART. I am writing to ask if you may have any guidance or advice that may be helpful for either my research, implementation, or perhaps potential targets to work towards and questions to try and answer with my implementation - any and all comments would be really valuable and useful to me.
Thank you very much, I hope to hear from you soon,
Kind regards,
Felix Hoare

[beat-buesser]

Hi @FelixHoare Thank you very much for your interest in ART and it is great to hear that you are focusing your final year dissertation on AI security. I think trying to reproduce the paper's results would be an important step and trying to make the attack stronger or more difficult to detect could be interesting. We would welcome an implementation of your attacks into ART! Please let us know if you have any questions.