Robustness of Learning Models to Label Flipping Attacks

Author

Sarvagya Bhargava

Publication Date

Spring 2024

Degree Type

Master's Project

Degree Name

Master of Science in Computer Science (MSCS)

Department

Computer Science

First Advisor

Mark Stamp

Second Advisor

Navrati Saxena

Third Advisor

Genya Ishigaki

Keywords

Flipping Attacks, machine learning

Abstract

In this paper we compare traditional machine learning and deep learning models

trained on a malware dataset when subjected to adversarial attack based on label- flipping. Specifically, we investigate the robustness of different models when faced

with varying percentages of misleading labels, assessing their ability to maintain their accuracy in the face of such adversarial manipulations of the training data. This research aims to provide insights into which models are more robust, in the sense of being better able to resist intentional disruptions to the training data. We find that traditional machine learning models and boosting techniques are more robust when subjected to label-flipping attacks, as compared to deep learning models.

Recommended Citation

Bhargava, Sarvagya, "Robustness of Learning Models to Label Flipping Attacks" (2024). Master's Projects. 1402.
DOI: https://doi.org/10.31979/etd.pnw5-ffzv
https://scholarworks.sjsu.edu/etd_projects/1402