Javier Carnerero Cano

Javier Carnerero Cano

Ph.D. Student in Computing

Javier Carnerero Cano is a final-year PhD student in the Resilient Information Systems Security (RISS) Group in the Department of Computing at Imperial College London. His current interests are adversarial machine learning and its intersections with bilevel optimisation, Generative Adversarial Networks (GANs), and federated learning. He focuses on data poisoning attacks, where attackers can manipulate training data collected from untrusted sources to subvert learning and degrade the machine learning model's performance. In his PhD project, he actively collaborates with the Defence Science and Technology Laboratory (Dstl). He did a research internship in summer 2022 at IBM Research on machine learning security and machine unlearning. His background is also in telecommunications engineering, electromagnetic sensors and antennas.

Scroll down for more details...

Indiscriminate Data Poisoning Attacks Against Supervised Learning

Lightning Talk

In this talk I will summarise some of the work done in my PhD over the past few years on data poisoning. Our focus is on indiscriminate data poisoning attacks in worst-case scenarios against supervised learning, considering the machine learning pipeline: data sanitisation, hyperparameter learning, and training. We propose a novel attack formulation that considers the effect of the attack on the model’s hyperparameters. We apply this attack formulation to several ML classifiers using L2 regularisation. Our evaluation shows the benefits of using regularisation to help mitigate poisoning attacks, when hyperparameters are learnt using a trusted dataset. We then propose a novel stealthy attack formulation against regression models via multiobjective bilevel optimisation, where the two objectives are attack effectiveness and detectability. We experimentally show that state-of-the-art defences do not mitigate these stealthy attacks.