- Particularly large scale machine learning applications, like federated learning requires huge amount of data to be ingested as part of the training from multiple sources. As these sources cannot be trusted and also making sanity checks on these data can also be expensive. Hence, it opens up a opportunity for an adversary to corrupt the data
- Specifically for more insidiuous attacks like backdoor attacks, where the adversary intends to embed a backdoor in a prediction model such that its prediction is being altered on the specific test input samples which are being modified to activate the model in a certain manner. And as the model does not behave differently on the clean samples, the model can be deployed without knowing about the backdoor
- From most of research works, it has been found out that only a small amount of corrupted data is enough to plant a backdoor in a neural network
- A experim