Recent studies indicate that a classifier is vulnerable in an adversarial environment. The label flipping attack aims to mislead the training process. Some countermeasures have been proposed, but are usually designed for a particular classifier only, or may cause information loss. This study aims to investigate a generic model which fully utilizes the contaminated samples in learning. We assume a small untainted dataset is obtained from an application in addition to a contaminated dataset. The adversarial learning problem is formulated as transfer learning in which the influence of contaminated samples is reduced by only extracting the information similar to the untainted samples from the contaminated set using transfer learning. Our study considers a popular method, TrAdaBoost, and indicates that its performance is closely related to the initialized weights of samples. A initialization method is devised specifically for an adversarial setting to avoid assigning a large weight to the contaminated samples. The experimental results confirm that TrAdaBoost extracts only the benign knowledge from the contaminated set successfully. Moreover, our proposed initialization method significantly enhances the robustness of the model. This study presents a promising direction using transfer learning to defend against poisoning attacks.

最近的研究表明，分类器在对抗环境中很脆弱。标签翻转攻击旨在误导训练过程。已经提出了一些对策，但通常仅针对特定分类器设计，否则可能导致信息丢失。这项研究旨在研究一种通用模型，该模型可以充分利用受污染的样本进行学习。我们假设除了受污染的数据集之外，还可以从应用程序中获取一个小的未污染数据集。对抗性学习问题被表述为转移学习，其中仅通过使用转移学习从受污染集中提取与未污染样本相似的信息来减少污染样本的影响。我们的研究考虑了一种流行的方法TrAdaBoost，并表明其性能与样本的初始化权重密切相关。专门针对对抗设置设计了一种初始化方法，以避免为受污染的样本分配较大的权重。实验结果证实，TrAdaBoost仅成功地从受污染的集中提取了良性知识。此外，我们提出的初始化方法大大提高了模型的鲁棒性。这项研究提出了使用转移学习防御中毒攻击的有前途的方向。我们提出的初始化方法大大增强了模型的鲁棒性。这项研究提出了使用转移学习防御中毒攻击的有前途的方向。我们提出的初始化方法大大增强了模型的鲁棒性。这项研究提出了使用转移学习防御中毒攻击的有前途的方向。