Pages

Thursday, June 03, 2021

Data Fabric Poisoning and Strange Fruits

 ABC bosses block Four Corners episode linking PM to QAnon figure



Subject: How data manipulation could be used to trick fraud detection algorithms on e-commerce sites

Source: Help Net Security
https://www.helpnetsecurity.com/2021/05/24/fraud-detection-algorithms/

As the marketing of almost every advanced cybersecurity product will tell you, artificial intelligence is already being used in many products and services that secure computing infrastructure. But you probably haven’t heard much about the need to secure the machine learning applications that are becoming increasingly widespread in the services you use day-to-day.Whether we recognize it or not, AI applications are already shaping our consciousness. Machine learning-based recommendation mechanisms on platforms like YouTube, Facebook, TikTok, Netflix, Twitter, and Spotify are designed to keep users hooked to their platforms and engaged with content and ads. These systems are also vulnerable to abuse via attacks known as data poisoning.

Manipulation of these mechanisms is commonplace, and a plethora of services exist online to facilitate these actions. No technical skills are required to do this – simply get out your credit card and pay for likes, subscribes, followers, views, retweets, reviews, or whatever you need. Because the damage from these attacks remains tricky to quantify in dollars – and the costs are generally absorbed by users or society itself – most platforms only address the potential corruption of their models when forced to by lawmakers or regulators.

However, data poisoning attacks are possible against any model that is trained on untrusted data. In this article, we’ll show how this works against fraud detection algorithms designed for an e-commerce site. If this sort of attack turns out to be easy, that’s not the kind of thing online retailers can afford to ignore.

What is data poisoning?…The art of generating data poison – For our experiment, we generated a small dataset to illustrate how an e-commerce fraud detection model works. With that data, we trained algorithms to classify the data points in that set. Linear regression and Support Vector Machines (SVM) models were chosen since these models are commonly used to perform these types of classification operations.

We used a gradient ascent approach to optimally generate one or more poisoned data points based on either a denial-of-service or backdooring attack strategy, and then studied what happened to the model’s accuracy and decision boundaries after it was trained on new data that included the poisoned data points. Naturally, in order to achieve each of the attack goals, multiple poisoned data points were required.




Dave Taube has won a computer, a whitewater rafting trip, and several grills. There’s also the kayak, the powder-blue Coors Light onesie, and the Bruce Springsteen tickets. He recently took home $10,000 from Cost Plus World Market in its “World of Joy” sweepstakes. Recently, he found himself in the running for a trip to Antarctica, which would be the thirty-sixth vacation he’s won. His photo and caption, submitted in response to the prompt, “Tell us what you miss about international travel,” got enough votes to make the top 20. Next, the entries went to judging. In Taube’s photo, he’s slung with cameras and wearing safari duds, half-smiling, with a silver goatee. Strategically, he submitted his caption as a poem to make his entry distinct.

Taube, who is 65 and a decades-long resident of the Pacific Northwest, is a sweeper, a term that distinguishes the committed competitor from the casual, onetime entrant. Each day, he enters about 60 sweepstakes—which are random draws—and contests—which are judged.

And this:

Years ago, he entered a contest for “the most boring person in the Pacific Northwest.” He won a whitewater rafting trip, a plane ride, and a certificate for a tandem parachute jump. He sold the certificate.

He is producing…”contest liquidity”?  Publicity?  Contest legitimacy?  In any case he is paid for his labors, albeit in kind.  Here is the full story.