SecTor 2025 | Interactive Network Visualization of Data Poisoning Attacks

The SecTor 2025 talk introduced an interactive approach to visualizing data‑poisoning attacks by treating machine‑learning training sets as network graphs. By mapping nodes and edges that represent data points and their relationships, the presenter demonstrated how clean and compromised datasets can be contrasted within a single workspace, making subtle manipulations observable. Key insights include the use of graph‑theoretic metrics—such as edge multiplicity and modularity—to flag anomalies, and the development of open‑source tools like GEI and the browser‑based Graph Leak for side‑by‑side comparison. Real‑world incidents, from Microsoft’s Tay to X’s Grok, underscore how injected hateful content can corrupt models, while BadNets research shows backdoor attacks succeed with as little as ten percent poisoned data. Notable examples featured a traffic‑sign classifier that misidentified a stop sign when a yellow post‑it was added, and a live demo where adding a single node to a social‑network graph altered the risk rating by 9.5 %. The presenter highlighted statistical risk scores that categorize poisoning severity based on the proportion of altered nodes, reinforcing findings from 2016‑2017 literature. The broader implication is that visual, statistical, and provenance‑based analyses can become essential defenses for organizations outsourcing model training or relying on public datasets. By exposing hidden data‑integrity issues early, these techniques help mitigate cascading security failures in downstream AI applications.