The robustness of popular multiclass machine learning models against poisoning attacks: Lessons and insights

Majdi Maabreh, Arwa Maabreh, Basheer Qolomany, Ala Al-Fuqaha

Research output: Contribution to journalArticlepeer-review

2 Scopus citations


Despite the encouraging outcomes of machine learning and artificial intelligence applications, the safety of artificial intelligence–based systems is one of the most severe challenges that need further exploration. Data set poisoning is a severe problem that may lead to the corruption of machine learning models. The attacker injects data into the data set that are faulty or mislabeled by flipping the actual labels into the incorrect ones. The word “robustness” refers to a machine learning algorithm’s ability to cope with hostile situations. Here, instead of flipping the labels randomly, we use the clustering approach to choose the training samples for label changes to influence the classifiers’ performance and the distance-based anomaly detection capacity in quarantining the poisoned samples. According to our experiments on a benchmark data set, random label flipping may have a short-term negative impact on the classifier’s accuracy. Yet, an anomaly filter would discover on average 63% of them. On the contrary, the proposed clustering-based flipping might inject dormant poisoned samples until the number of poisoned samples is enough to influence the classifiers’ performance severely; on average, the same anomaly filter would discover 25% of them. We also highlight important lessons and observations during this experiment about the performance and robustness of popular multiclass learners against training data set–poisoning attacks that include: trade-offs, complexity, categories, poisoning resistance, and hyperparameter optimization.

Original languageEnglish (US)
JournalInternational Journal of Distributed Sensor Networks
Issue number7
StatePublished - Jul 2022


  • Big Data
  • Poisoning attack
  • artificial intelligence safety
  • clustering
  • deep learning
  • machine learning
  • multiclass

ASJC Scopus subject areas

  • General Engineering
  • Computer Networks and Communications


Dive into the research topics of 'The robustness of popular multiclass machine learning models against poisoning attacks: Lessons and insights'. Together they form a unique fingerprint.

Cite this