Data poisoning is a cybersecurity threat that targets the integrity of machine learning (ML) and artificial intelligence (AI) systems by deliberately manipulating the data used to train these models. This manipulation can lead to incorrect or biased outcomes from AI systems, making data poisoning a significant concern for the reliability and security of AI applications. The concept of data poisoning is not new, but its implications are becoming increasingly critical as AI and ML technologies become more embedded in various aspects of society, including security systems, financial services, healthcare, and autonomous vehicles.

数据中毒是一种 网络安全威胁 ，它通过故意操纵用于训练这些模型的数据来攻击机器学习（ML）和人工智能（AI）系统的完整性。这种操纵可能导致人工智能系统产生不正确或有偏见的结果，使数据中毒成为人工智能应用程序可靠性和安全性的重要问题。数据中毒的概念并不新鲜，但随着人工智能和机器学习技术越来越多地嵌入到社会的各个方面，包括安全系统、金融服务、医疗保健和自动驾驶汽车，其影响变得越来越重要。

Data poisoning attacks can be categorized based on the attacker’s knowledge and the tactics employed. Attacks can range from black-box attacks, where the attacker has no knowledge of the model’s internals, to white-box attacks, where the attacker has full knowledge of the model and its training parameters. The tactics for data poisoning include availability attacks, targeted attacks, subpopulation attacks, and backdoor attacks, each with its own method of corrupting the AI model to achieve different malicious objectives

数据中毒攻击可以根据攻击者的知识和所采用的策略进行分类。攻击的范围可以从黑盒攻击（攻击者不知道模型的内部结构）到白盒攻击（攻击者完全知道模型及其训练参数）。数据中毒的策略包括可用性攻击、有针对性的攻击、子种群攻击和后门攻击，每种攻击都有自己的方法来破坏 AI 模型，以实现不同的恶意目标。

The methods for carrying out data poisoning attacks can be surprisingly cheap and accessible. For instance, researchers have demonstrated that for as little as $60, a malicious actor could tamper with the datasets that generative AI tools rely on. This could involve purchasing expired domains and populating them with manipulated data, which AI models might then scrape and incorporate into their training datasets. Such attacks could control and poison at least 0.01% of a dataset, which, although it seems small, can be significant enough to cause noticeable distortions in the AI’s outputs

进行数据中毒攻击的方法可以令人惊讶地便宜和容易获得。例如，研究人员已经证明，只需 60 美元，恶意行为者就可以篡改生成 AI 工具所依赖的数据集。这可能涉及购买过期的域名并使用操纵的数据填充它们，然后 AI 模型可以将其抓取并合并到其训练数据集中。这种攻击可以控制和毒害至少 0.01% 的数据集，虽然看起来很小，但足以导致 AI 输出的明显失真。

Preventing data poisoning attacks is crucial, especially as more organizations and government agencies rely on AI to deliver essential services. Proactive measures include being diligent about the databases used for training AI models, employing high-speed verifiers, and using statistical methods to detect anomalies in the data. Continuous monitoring of model performance is also essential to detect unexpected shifts in accuracy that could indicate a data poisoning attack

防止数据中毒攻击至关重要，特别是随着越来越多的组织和政府机构依赖人工智能提供基本服务。积极的措施包括对用于训练 AI 模型的数据库进行认真的研究，使用高速验证器，以及使用统计方法来检测数据中的异常。对模型性能的持续监控对于检测可能表明数据中毒攻击的意外准确性变化也至关重要。

The rise of data poisoning as a threat to AI systems underscores the need for robust security measures and ethical considerations in the development and deployment of AI technologies. As AI becomes more integrated into critical systems, the potential for harm from data poisoning attacks grows, making it imperative for researchers, developers, and policymakers to address this challenge proactively

数据中毒作为对人工智能系统的威胁的兴起，凸显了在人工智能技术的开发和部署中需要强大的安全措施和道德考虑。随着人工智能越来越多地集成到关键系统中，数据中毒攻击造成危害的可能性越来越大，研究人员、开发人员和政策制定者必须积极应对这一挑战。