近年來關於大數據的使用蔚為風潮，因此越來越多的公司或是使用者透過機器學 習來進行大數據的利用或者是特徵萃取，而惡意的攻擊者可能透過精心製造的攻 擊資料來從使用大數據以及機器學習模型的過程之中獲得利益，其中資料投毒攻 擊 (Data poisoning attack) 對機器學習模型的損害尤為嚴重，惡意攻擊者透過放入 有毒的資料點造成機器學習模型的可用性 (Availability) 損害。在本篇研究，我們 期望針對回歸模型提出一個無需過多攻擊者知識且有效的投毒攻擊手法，以此來 揭露攻擊者可能使用的攻擊手法，協助未來的研究者提出防禦手段，達到主動式資安防禦的願景。

In recent years, the use of big data has become a trend, and more and more companies or users are using machine learning to create benefits from big data. Malicious attackers may exploit this process to their advantage by creating carefully crafted attack data, and data poisoning attacks can cause serious damage to machine learning models, as attack- ers can damage the availability of the model by inserting poisoning data points. In this study, we aim to propose an effective poisoning attack method for regression models that requires minimal attacker knowledge, to expose possible attack methods and assist future researchers in developing defensive measures, achieving the vision of proactive cyberse- curity defense.

[1] H.Xiao,B.Biggio,G.Brown,G.Fumera,C.Eckert,andF.Roli,“Isfeatureselectionsecureagainst training data poisoning?,” in International Conference on Machine Learning, vol. 37, pp. 1689–1698, 2015.
[2] M.Jagielski,A.Oprea,B.Biggio,C.Liu,C.Nita-Rotaru,andB.Li,“Manipulatingmachinelearning: Poisoning attacks and countermeasures for regression learning,” in 2018 IEEE Symposium on Security and Privacy (SP), pp. 19–35, 2018.
[3] N.Müller,D.Kowatsch,andK.Bottinger,“Datapoisoningattacksonregressionlearningandcorre- sponding defenses,” in 2020 IEEE 25th Pacific Rim International Symposium on Dependable Com- puting (PRDC), pp. 80–89, 2020.
[4] J.Wen,B.Zhao,M.Xue,A.Oprea,andH.Qian,“Withgreatdispersioncomesgreaterresilience:Effi- cient poisoning attacks and defenses for linear regression models,” IEEE Transactions on Information Forensics and Security, 2021.
[5] “Tay: Microsoft issues apology over racist chatbot fiasco.” https://www.bbc.com/news/ technology-35902104. Accessed: 2023-01-29.
[6] “蝦皮打「關鍵字」秒現恐怖衝擊受害者崩潰:千萬別點.”https://tw.news.yahoo.com/ %E8%9D%A6%E7%9A%AE%E6%89%93-%E9%97%9C%E9%8D%B5%E5%AD%97-%E7%A7%92%E7%8F%BE% E6%81%90%E6%80%96%E8%A1%9D%E6%93%8A-%E5%8F%97%E5%AE%B3%E8%80%85%E5%B4%A9%E6% BD%B0-%E5%8D%83%E8%90%AC%E5%88%A5%E9%BB%9E-105452699.html. Accessed: 2023-01-29.
[7] J.Wadleigh,J.Drew,andT.Moore,“Thee-commercemarketforLemons:Identificationandanalysis of websites selling counterfeit goods,” in Proceedings of the 24th International Conference on World Wide Web, p. 1188–1197, 2015.
[8] C. Carpineto and G. Romano, “Learning to detect and measure fake ecommerce websites in search- engine results,” in Proceedings of the International Conference on Web Intelligence, p. 403–410, Association for Computing Machinery, 2017.
[9] M.Maktabar,A.Zainal,M.A.Maarof,andM.N.Kassim,“Contentbasedfraudulentwebsitedetection using supervised machine learning techniques,” in Hybrid Intelligent Systems, Springer International Publishing, 2018.
[10] M.S.Paniagua,E.Fidalgo,E.Alegre,andF.J.Martino,“Fraudulente-commercewebsitesdetection through machine learning,” in Hybrid Artificial Intelligent Systems, pp. 267–279, Springer Interna- tional Publishing, 2021.
[11] L. Muñoz-González, B. Biggio, A. Demontis, A. Paudice, V. Wongrassamee, E. Lupu, and F. Roli, “Towards poisoning of deep learning algorithms with back-gradient optimization,” Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, 2017.
[12] M.Barreno,B.Nelson,R.Sears,A.D.Joseph,andJ.D.Tygar,“Canmachinelearningbesecure?,”in Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, p. 16–25, 2006.
[13] L.Huang,A.D.Joseph,B.Nelson,B.I.Rubinstein,andJ.D.Tygar,“Adversarialmachinelearning,” in Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, p. 43–58, 2011.
[14] B.Biggio,B.Nelson,andP.Laskov,“Poisoningattacksagainstsupportvectormachines,”inProceed- ings of the 29th International Coference on International Conference on Machine Learning, p. 1467– 1474, 2012.
[15] B. Biggio, I. Pillai, S. Rota Bulò, D. Ariu, M. Pelillo, and F. Roli, “Is data clustering in adversarial settings secure?,” in Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, p. 87–98, Association for Computing Machinery, 2013.
[16] B.BiggioandF.Roli,“Wildpatterns:Tenyearsaftertheriseofadversarialmachinelearning,”inPro- ceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, p. 2154– 2156, Association for Computing Machinery, 2018.
[17] J.Fan,Q.Yan,M.Li,G.Qu,andY.Xiao,“Asurveyondatapoisoningattacksanddefenses,”in2022 7th IEEE International Conference on Data Science in Cyberspace (DSC), pp. 48–55, 2022.
[18] S. Alfeld, X. Zhu, and P. Barford, “Data poisoning attacks against autoregressive models,” in Pro- ceedings of the Thirtieth AAAI Conference on Artificial Intelligence, p. 1452–1458, AAAI Press, 2016.
[19] X. Chen, C. Liu, B. Li, K. Lu, and D. Song, “Targeted backdoor attacks on deep learning systems using data poisoning,” 2017.
[20] P.W.KohandP.Liang,“Understandingblack-boxpredictionsviainfluencefunctions,”inProceedings of the 34th International Conference on Machine Learning - Volume 70, p. 1885–1894, 2017.
[21] A. Cinà, S. Vascon, A. Demontis, B. Biggio, F. Roli, and M. Pelillo, “The hammer and the nut: Is bilevel optimization really needed to poison linear classifiers?,” 2021.
[22] A. Demontis, M. Melis, M. Pintor, M. Jagielski, B. Biggio, A. Oprea, C. Nita-Rotaru, and F. Roli, “Why do adversarial attacks transfer? explaining transferability of evasion and poisoning attacks,” in Proceedings of the 28th USENIX Conference on Security Symposium, p. 321–338, 2019.
[23] N. Papernot, P. McDaniel, I. Goodfellow, S. Jha, Z. B. Celik, and A. Swami, “Practical black-box attacks against machine learning,” in Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, p. 506–519, 2017.
[24] “kaggle - real estate price prediction.” https://www.kaggle.com/datasets/quantbruce/ real-estate-price-prediction. Accessed: 2023-01-23.
[25] “Iwpc-internationalwarfarinpharmacogeneticsconsortium.”https://www.pharmgkb.org/page/ iwpc. Accessed: 2023-02-17.