{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T04:50:19Z","timestamp":1766724619502,"version":"3.48.0"},"reference-count":33,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T00:00:00Z","timestamp":1766361600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>Machine learning (ML) has become a cornerstone of critical applications, but its vulnerability to data poisoning attacks threatens system reliability and trustworthiness. Prior studies have begun to investigate the impact of data poisoning and proposed various defense or evaluation methods; however, most efforts remain limited to quantifying performance degradation, with little systematic comparison of internal behaviors across model architectures under attack and insufficient attention to interpretability for revealing model vulnerabilities. To tackle this issue, we build a reproducible evaluation pipeline and emphasize the importance of integrating robustness with interpretability in the design of secure and trustworthy ML systems. To be specific, we propose a unified poisoning evaluation framework that systematically compares traditional ML models, deep neural networks, and large language models under three representative attack strategies including label flipping, random corruption, and adversarial insertion, at escalating severity levels of 30%, 50%, and 75%, and integrate LIME-based explanations to trace the evolution of model reasoning. Experimental results demonstrate that traditional models collapse rapidly under label noise, whereas Bayesian LSTM hybrids and large language models maintain stronger resilience. Further interpretability analysis uncovers attribution failure patterns, such as over-reliance on neutral tokens or misinterpretation of adversarial cues, providing insights beyond accuracy metrics.<\/jats:p>","DOI":"10.3390\/info17010009","type":"journal-article","created":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T03:06:02Z","timestamp":1766718362000},"page":"9","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Evaluating Model Resilience to Data Poisoning Attacks: A Comparative Study"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-4882-6417","authenticated-orcid":false,"given":"Ifiok","family":"Udoidiok","sequence":"first","affiliation":[{"name":"School of Electrical Engineering & Computer Science, University of North Dakota, Grand Forks, ND 58202, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8076-2221","authenticated-orcid":false,"given":"Fuhao","family":"Li","sequence":"additional","affiliation":[{"name":"Computer Science Department, La Sierra University, Riverside, CA 92505, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2113-2104","authenticated-orcid":false,"given":"Jielun","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Electrical Engineering & Computer Science, University of North Dakota, Grand Forks, ND 58202, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,12,22]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Tavallali, P., Behzadan, V., Alizadeh, A., Ranganath, A., and Singhal, M. (2022, January 16\u201319). Adversarial Label-Poisoning Attacks and Defense for General Multi-Class Models Based On Synthetic Reduced Nearest Neighbor. Proceedings of the International Conference on Image Processing, ICIP, Bordeaux, France.","DOI":"10.1109\/ICIP46576.2022.9897807"},{"key":"ref_2","unstructured":"Lu, Y., Kamath, G., and Yu, Y. (2023). Exploring the Limits of Model-Targeted Indiscriminate Data Poisoning Attacks. arXiv."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"4503","DOI":"10.1007\/s10489-020-02086-4","article-title":"Label flipping attacks against Naive Bayes on spam filtering systems","volume":"51","author":"Zhang","year":"2021","journal-title":"Appl. Intell."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Manthena, H., Shajarian, S., Kimmell, J., Abdelsalam, M., Khorsandroo, S., and Gupta, M. (2024). Explainable Artificial Intelligence (XAI) for Malware Analysis: A Survey of Techniques, Applications, and Open Challenges. arXiv.","DOI":"10.1109\/ACCESS.2025.3555926"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"124225","DOI":"10.1109\/ACCESS.2024.3382839","article-title":"A backdoor approach with inverted labels using dirty label-flipping attacks","volume":"13","author":"Mengara","year":"2024","journal-title":"IEEE Access"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Ji, J. (June, January 31). Investigating the Label-flipping Attacks Impact in Federated Learning. Proceedings of the 2024 5th International Conference on Information Science, Parallel and Distributed Systems, ISPDS, Guangzhou, China.","DOI":"10.1109\/ISPDS62779.2024.10667549"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Truong, L., Jones, C., Hutchinson, B., August, A., Praggastis, B., Jasper, R., Nichols, N., and Tuor, A. (2020). Systematic Evaluation of Backdoor Data Poisoning Attacks on Image Classifiers. arXiv.","DOI":"10.1109\/CVPRW50498.2020.00402"},{"key":"ref_8","unstructured":"Xue, J., Zheng, M., Hua, T., Shen, Y., Liu, Y., Boloni, L., and Lou, Q. (2023). TrojLLM: A Black-box Trojan Prompt Attack on Large Language Models. arXiv."},{"key":"ref_9","unstructured":"Jebreel, M., Mukkamala, R.R., and Vatrapu, R. (2022, January 17\u201320). Defending Label-Flipping Attacks in Federated Learning. Proceedings of the 2022 IEEE International Conference on Big Data (Big Data), Osaka, Japan."},{"key":"ref_10","unstructured":"Liu, T.Y., Yang, Y., and Mirzasoleiman, B. (December, January 28). Friendly Noise against Adversarial Noise: A Powerful Defense against Data Poisoning Attacks. Proceedings of the Advances in Neural Information Processing Systems (NeurIPS), New Orleans, LA, USA."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Mahbooba, B., Timilsina, M., Sahal, R., and Serrano, M. (2021). Explainable artificial intelligence (XAI) to enhance trust management in intrusion detection systems using decision tree model. Complexity, 2021.","DOI":"10.1155\/2021\/6634811"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Ali, M., and Zhang, J. (2024, January 28\u201329). Exploring the Effectiveness of Synthetic Data in Network Intrusion Detection through XAI. Proceedings of the 2024 Cyber Awareness and Research Symposium (CARS), Grand Forks, ND, USA.","DOI":"10.1109\/CARS61786.2024.10778756"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Patil, S., Varadarajan, V., Mazhar, S.M., Sahibzada, A., Ahmed, N., Sinha, O., Kumar, S., Shaw, K., and Kotecha, K. (2022). Explainable artificial intelligence for intrusion detection system. Electronics, 11.","DOI":"10.3390\/electronics11193079"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Arreche, O., Guntur, T., and Abdallah, M. (2024). Xai-ids: Toward proposing an explainable artificial intelligence framework for enhancing network intrusion detection systems. Appl. Sci., 14.","DOI":"10.3390\/app14104170"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"71024","DOI":"10.1109\/ACCESS.2024.3402446","article-title":"XAI-IoT: An explainable AI framework for enhancing anomaly detection in IoT systems","volume":"12","author":"Gummadi","year":"2024","journal-title":"IEEE Access"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"48583","DOI":"10.1109\/ACCESS.2024.3383431","article-title":"XAI-ADS: An explainable artificial intelligence framework for enhancing anomaly detection in autonomous driving systems","volume":"12","author":"Nazat","year":"2024","journal-title":"IEEE Access"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Dunn, C., Moustafa, N., and Turnbull, B. (2020). Robustness evaluations of sustainable machine learning models against data poisoning attacks in the internet of things. Sustainability, 12.","DOI":"10.3390\/su12166434"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"540","DOI":"10.1109\/TSUSC.2023.3293269","article-title":"On the Robustness of Random Forest Against Untargeted Data Poisoning: An Ensemble-Based Approach","volume":"8","author":"Anisetti","year":"2023","journal-title":"IEEE Trans. Sustain. Comput."},{"key":"ref_19","unstructured":"Insua, D.R., Naveiro, R., Gallego, V., and Poulos, J. (2020). Adversarial machine learning: Bayesian perspectives. arXiv."},{"key":"ref_20","unstructured":"Pawelczyk, M., Di, J.Z., Lu, Y., Kamath, G., Sekhari, A., and Neel, S. (2024). Machine Unlearning Fails to Remove Data Poisoning Attacks. arXiv."},{"key":"ref_21","first-page":"703","article-title":"Cybersecurity challenges in the age of AI: Theoretical approaches and practical solutions","volume":"5","author":"Familoni","year":"2024","journal-title":"Comput. Sci. Res. J."},{"key":"ref_22","first-page":"26","article-title":"Machine Learning Security Against Data Poisoning: Are We There Yet?","volume":"57","author":"Grosse","year":"2024","journal-title":"Computer"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Alahmed, S., Alasad, Q., Yuan, J.S., and Alawad, M. (2024). Impacting Robustness in Deep Learning-Based NIDS through Poisoning Attacks. Algorithms, 17.","DOI":"10.3390\/a17040155"},{"key":"ref_24","unstructured":"Cheng, H., Fan, Y., Wang, Z., Guo, Y., Wu, J., Jiang, J., and Zhang, X. (2021, January 2\u20139). Semi-supervised learning with reweighting for robust deep learning. Proceedings of the AAAI Conference on Artificial Intelligence, Virtually."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"6693","DOI":"10.1109\/TIFS.2024.3420126","article-title":"A robust privacy-preserving federated learning model against model poisoning attacks","volume":"19","author":"Yazdinejad","year":"2024","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_26","first-page":"649","article-title":"Character-level convolutional networks for text classification","volume":"28","author":"Zhang","year":"2015","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_27","unstructured":"Zhou, C., Zhang, M., Li, J., Liu, Y., Chen, T., and Liu, T. (2023). LoRA: Low-Rank Adaptation of Large Language Models. arXiv."},{"key":"ref_28","unstructured":"Liu, X., Si, S., Zhu, X., Li, Y., and Hsieh, C.J. (2019, January 8\u201314). A Unified Framework for Data Poisoning Attack to Graph-based Semi-supervised Learning. Proceedings of the Advances in Neural Information Processing Systems, Vancouver, BC, Canada."},{"key":"ref_29","unstructured":"Sokol, K., Hepburn, A., Santos-Rodr\u00edguez, R., and Flach, P.A. (2019). bLIMEy: Surrogate Prediction Explanations Beyond LIME. arXiv."},{"key":"ref_30","unstructured":"Maas, A.L., Daly, R.E., Pham, P.T., Huang, D., Ng, A.Y., and Potts, C. (2011, January 19\u201324). Learning word vectors for sentiment analysis. Proceedings of the 49th Annual Meeting of the Association for Computational Linguistics: Human Language Technologies, Portland, Oregon."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Shovon, A.R., Sun, Y., Micinski, K., Gilray, T., and Kumar, S. (2025, January 9\u201311). Multi-node multi-gpu datalog. Proceedings of the 39th ACM International Conference on Supercomputing, Salt Lake City, UT, USA.","DOI":"10.1145\/3721145.3730431"},{"key":"ref_32","unstructured":"Moritz, P., Nishihara, R., Wang, S., Tumanov, A., Liaw, R., Liang, E., Elibol, M., Yang, Z., Paul, W., and Jordan, M.I. (2018, January 8\u201310). Ray: A distributed framework for emerging AI applications. Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18), Carlsbad, CA, USA."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Rezaei, H., Taheri, R., and Shojafar, M. (2025). FedLLMGuard: A federated large language model for anomaly detection in 5G networks. Comput. Netw., 269.","DOI":"10.1016\/j.comnet.2025.111473"}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/17\/1\/9\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T03:19:28Z","timestamp":1766719168000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/17\/1\/9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,22]]},"references-count":33,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,1]]}},"alternative-id":["info17010009"],"URL":"https:\/\/doi.org\/10.3390\/info17010009","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,22]]}}}