# poisoning

syntheticpracticaldatapoisoningtraining

合成資料投毒(實務)

合成資料投毒攻擊的實作演練,附詳細程式範例。

data-trainingweb-crawlpoisoninginternet-scale

大規模網路爬蟲投毒

大規模執行網路爬蟲投毒,以影響未來的模型訓練資料集。

data-trainingweb-scalepoisoningcrawl

網路規模資料投毒

針對現代機器學習管線所用網路爬取資料集的大規模投毒攻擊。

embeddingpoisoningtechniquesretrieval

嵌入投毒技術

透過對訓練資料或嵌入空間投毒,扭曲向量表徵的技術。

embeddingRAGpoisoningretrieval

RAG 檢索投毒

對 RAG 系統使用的知識庫進行投毒,影響檢索結果並引導下游生成輸出。

fine-tuningadapterpoisoningattacks

適配器投毒攻擊

對公開共享的適配器與 LoRA 權重進行投毒，以危害下游使用者。

fine-tuningsafety-datapoisoningalignment

安全資料集投毒

透過對安全評估資料集與安全導向微調資料投毒攻擊安全訓練管線，破壞安全訓練。

adversarial-mlfundamentalsevasionpoisoningintermediate

對抗式 ML：核心概念

對抗式機器學習的歷史與基本原理——擾動攻擊、逃避與投毒、穩健性——將古典對抗式 ML 銜接至 LLM 特有攻擊。

code-suggestionpoisoningsupply-chain

程式碼建議投毒（前沿研究）

投毒訓練資料與套件生態系以影響 AI 程式碼建議：不安全模式播種、套件名稱混淆、木馬程式碼注入，與供應鏈風險。

frontierfederated-learningpoisoning

聯邦學習模型投毒

針對聯邦學習系統的模型投毒攻擊及其相應防禦。

frontier-researchsynthetic-datapoisoningtraining

合成資料投毒

針對合成資料生成管線的投毒攻擊,以及對下游模型的影響。

model-registrymlflowwandbsupply-chainpoisoningartifact-security

模型註冊表投毒

針對模型註冊表的投毒攻擊,包含 Typo-squatting、依賴混淆與供應鏈劫持。

labscurriculumpoisoningadvanced

Lab: Training Curriculum Poisoning

Exploit training data ordering and curriculum learning to amplify the impact of small numbers of poisoned examples.

labsfederated-learningpoisoningadvanced

Lab: Federated Learning Poisoning Attacks

Execute model 投毒 attacks in a federated learning simulation by manipulating local model updates.

labfederated-learningpoisoningexperthands-on

Lab: Federated Learning Poisoning Attack

動手實作 for understanding and simulating 投毒 attacks against federated learning systems, where a malicious participant corrupts the shared model through crafted 梯度 updates.

advancedlabgradientguidedpoisoninglabs

Gradient-Guided Data 投毒

Use gradient information from open-source models to craft optimally poisoned training examples.

Advanced RAG Poisoning Techniques

Execute sophisticated RAG 投毒 including 梯度-guided document crafting.

labsragpoisoningadvanced

ctfsupply-chaindependenciespoisoningadvanced

CTF：供應鏈攻擊

尋找並利用 ML 供應鏈漏洞，包括遭入侵相依、被投毒模型、被植後門訓練資料與惡意模型檔。練習 ML 特有的供應鏈安全評估。

labexpertpipelinepoisoningsupply-chainhands-on

實作：ML 流水線投毒

Compromise an end-to-end machine learning pipeline by attacking data ingestion, preprocessing, training, evaluation, and deployment stages. 學習 to identify and exploit weaknesses across the full ML lifecycle.

labsfederated-learningpoisoningexpert

Federated Learning 投毒攻擊

執行模型投毒 attacks in a federated learning setting through adversarial participant manipulation.

labragpoisoningadvanceddata-attacks

實驗室: 進階 RAG 投毒

動手實驗室,主題為crafting documents that reliably get retrieved與influence RAG responses for specific target queries.

contextintermediatelabpoisoningwindowlabs

上下文 Window 投毒實驗室

利用 context window management to inject persistent adversarial content that influences future model responses.

實驗室: 代理記憶投毒

動手lab exploring how conversational memory in AI agents can be poisoned to alter future behavior,inject persistent instructions,exfiltrate data across sessions.

labmemorypoisoning