The efficacy of availability poisoning, a method of poisoning data by injecting imperceptible perturbations to prevent its use in model training, has been a hot subject of investigation. Previous research suggested that it was difficult to effectively counteract such poisoning attacks. However, the introduction of various defense methods has challenged this notion. Due to the rapid progress in this field, the performance of different novel methods cannot be accurately validated due to variations in experimental setups. To further evaluate the attack and defense capabilities of these poisoning methods, we have developed a benchmark -- APBench for assessing the efficacy of adversarial poisoning. APBench consists of 9 state-of-the-art availability poisoning attacks, 8 defense algorithms, and 4 conventional data augmentation techniques. We also have set up experiments with varying different poisoning ratios, and evaluated the attacks on multiple datasets and their transferability across model architectures. We further conducted a comprehensive evaluation of 2 additional attacks specifically targeting unsupervised models. Our results reveal the glaring inadequacy of existing attacks in safeguarding individual privacy. APBench is open source and available to the deep learning community: https://github.com/lafeat/apbench.

翻译：可用性投毒是一种通过注入不可察觉扰动来污染数据，从而阻止其用于模型训练的方法，其有效性一直是研究热点。以往研究表明，有效抵御此类投毒攻击相当困难。然而，多种防御方法的引入对这一观点提出了挑战。由于该领域研究进展迅速，实验设置的不同导致各类新方法的性能无法得到准确验证。为进一步评估这些投毒方法的攻击与防御能力，我们开发了一个基准——APBench，用于衡量对抗性投毒的效果。APBench包含9种最先进的可用性投毒攻击方法、8种防御算法以及4种传统数据增强技术。我们还设置了不同投毒比例的实验，在多个数据集上评估了攻击效果及其在不同模型架构间的可迁移性。此外，我们专门针对无监督模型额外评估了2种攻击方法。实验结果表明，现有攻击在保护个人隐私方面存在明显不足。APBench已开源并向深度学习社区开放：https://github.com/lafeat/apbench。