ETD

• catastrophic forgetting
• continual learning
• data poisoning
• deep learning

As machine learning is increasingly deployed in critical applications, concerns about its reliability and robustness have grown, with numerous studies demonstrating its vulnerability to adversarial attacks, most notably data poisoning. Although poisoning has been studied extensively in offline learning, its implications for continual learning remain largely unexplored. We address this gap by analyzing BrainWash, a recently proposed data poisoning attack designed to induce forgetting in task-incremental learners. We show that Brainwash-poisoned samples exhibit statistical signatures that might be exploited to detect and filter them, assuming a sufficiently large set of trusted data were available. Since such an assumption may not hold in practice, we introduce PROACT—PROjection and Activation Constrained Training—a defense strategy that enables learning from poisoned inputs while mitigating the forgetting they would otherwise cause. PROACT leverages model inversion to reconstruct proxy data from past tasks and augments parameter regularization with two additional components: gradient projection and representation-level regularization. Through extensive experiments across multiple regularization-based continual learning methods, we demonstrate that PROACT substantially reduces BrainWash-induced forgetting, even under the most challenging attack scenarios.