# data-poisoning

Deep dive into clean-label poisoning attacks that corrupt model behavior without modifying labels, including gradient-based methods, feature collision, and witches' brew attacks.

clean-labeldata-poisoninggradient-basedfeature-collisionbackdoor

專家

Data 投毒 Methods

Practical methodology for poisoning training datasets at scale, including crowdsource manipulation, web-scale dataset attacks, label flipping, feature collision, bilevel optimization for poison selection, and detection evasion techniques.

data-poisoningtrainingclean-labelfeature-collisionbilevel-optimizationdetection-evasion

專家

訓練 & Fine-Tuning 攻擊s

Methodology for data poisoning, trojan/backdoor insertion, clean-label attacks, LoRA backdoors, sleeper agent techniques, and model merging attacks targeting the LLM training pipeline.

trainingfine-tuningdata-poisoningbackdoortrojanlorasleeper-agentmodel-merging

專家

Synthetic Data 投毒

攻擊ing synthetic data generation pipelines to produce poisoned training sets, including generator manipulation, prompt poisoning, and contamination amplification.

synthetic-datadata-poisoninggenerationcontaminationpipeline-attacks

中級

對微調資料集投毒

將後門觸發植入微調資料集、規避內容過濾的乾淨標籤投毒，以及跨資料集規模的攻擊擴展——對抗性訓練資料如何危害模型行為。

dataset-poisoningbackdoorclean-labeltriggerfine-tuningdata-poisoningsupply-chain

進階

Preference Data 投毒

How adversaries manipulate human preference data used in RLHF and DPO training -- compromising labelers, generating synthetic poisoned preferences, and attacking the preference data supply chain.

preference-poisoningrlhfdpodata-poisoninghuman-feedbacklabeler-attackalignment

進階

AI 供應鏈安全概覽

AI/ML 供應鏈攻擊面的完整概覽,涵蓋模型投毒、資料投毒、相依性攻擊與與 OWASP LLM03:2025 對齊的風險評估框架。

supply-chainowasprisk-assessmentmodel-poisoningdata-poisoningdependenciesdefense

中級

特徵倉儲操縱

特徵倉儲(Feast、Tecton、Databricks)的操縱攻擊,包含特徵投毒、新鮮度攻擊與存取控制繞過。

feature-storedata-poisoningfeasttectonml-infrastructure

進階

訓練資料完整性

訓練資料完整性的保護,包含資料血緣、驗證、投毒偵測與簽章。

supply-chaindata-poisoningowasp-llm04validationprovenanceanomaly-detectiondefense

進階

CTF: RAG Infiltrator

Poison a RAG system to return attacker-controlled content for specific queries. Score based on precision of targeting and stealth of the injected documents.

ctfraginfiltrationdata-poisoning

進階

Feature 投毒攻擊s

Techniques for poisoning feature store data to manipulate model behavior: direct feature value manipulation, time-travel attacks, online/offline store consistency exploitation, and targeted entity-level feature poisoning.

feature-poisoningdata-poisoningfeature-storetime-travelonline-offline-skewtargeted-attacks

進階