Novel Defenses Against Data Poisoning in Adversarial Machine Learning

Abstract

Machine learning models are increasingly being used for automated decision making in a wide range of domains such as security, finance, and communications. Machine learning algorithms are built upon the assumption that the training data and test data have the same underlying distribution. This assumption fails when (i) data naturally evolves, causing the test data distribution to diverge from the training data distribution, and (ii) malicious adversaries distort the training data (i.e., poisoning attacks), which is the focus of this thesis. Even though machine learning algorithms are used widely, there is a growing body of literature suggesting that their prediction performance degrades si..