ADVANCED DATA POISONING ATTACK DETECTION IN DEEP LEARNING MODELS USING INTEGRATED APPROACH

ABSTRACT

Deep learning models are capable of handling large amounts of data, with a high ability to predict based on features and patterns embedded in the data. Deep learning models are severely challenged by data poisoning attacks resulting in inaccurate predictions and model misclassification. In literature, several works have been identified to mitigate it. An approach is proposed that integrates convolutional neural networks (CNN) and the k-nearest neighbors (KNN) algorithm to detect data poisoning attacks in deep learning systems called ADPAD. The ADPAD system was evaluated using two publicly available datasets: CIFAR-10, a dataset of 60,000 32 x32 color images in 10 classes, and Plant Village, a dataset consisting of images of healthy and unhealthy plant leaves. This model achieved an impressive accuracy of 0.85, outperforming alternative models such as MOV-CNN and Md3, which attained accuracies of 0.74 and 0.68, respectively. Deep learning models are capable of handling data poisoning challenges with high accuracy and resilience when they utilize the integrated approach.

Keywords: Adversarial Attacks, Deep Learning, Data Poisoning Attacks, Artificial Intelligence Security, Label-Flipping Attacks