Blind attacks on machine learners

Author(s): Beatson, Alex; Wang, Zhaoran; Liu, Han

To refer to this page use: http://arks.princeton.edu/ark:/88435/pr1bp30
DC FieldValueLanguage
dc.contributor.authorBeatson, Alex-
dc.contributor.authorWang, Zhaoran-
dc.contributor.authorLiu, Han-
dc.date.accessioned2020-04-06T17:40:00Z-
dc.date.accessioned2021-10-11T14:18:06Z-
dc.date.available2020-04-06T17:40:00Z-
dc.date.available2021-10-11T14:18:06Z-
dc.date.issued2016en_US
dc.identifier.citationBeatson, Alex, Zhaoran Wang, and Han Liu. "Blind attacks on machine learners." In Advances in Neural Information Processing Systems 29, (2016): pp. 2397-2405.en_US
dc.identifier.issn1049-5258-
dc.identifier.urihttps://papers.nips.cc/paper/6482-blind-attacks-on-machine-learners.pdf-
dc.identifier.urihttp://arks.princeton.edu/ark:/88435/pr1bp30-
dc.description.abstractThe importance of studying the robustness of learners to malicious data is well established. While much work has been done establishing both robust estimators and effective data injection attacks when the attacker is omniscient, the ability of an attacker to provably harm learning while having access to little information is largely unstudied. We study the potential of a “blind attacker” to provably limit a learner’s performance by data injection attack without observing the learner’s training set or any parameter of the distribution from which it is drawn. We provide examples of simple yet effective attacks in two settings: firstly, where an “informed learner” knows the strategy chosen by the attacker, and secondly, where a “blind learner” knows only the proportion of malicious data and some family to which the malicious distribution chosen by the attacker belongs. For each attack, we analyze minimax rates of convergence and establish lower bounds on the learner’s minimax risk, exhibiting limits on a learner’s ability to learn under data injection attack even when the attacker is “blind”.en_US
dc.format.extent2397 - 2405en_US
dc.language.isoen_USen_US
dc.relation.ispartofAdvances in Neural Information Processing Systemsen_US
dc.relation.replaceshttp://arks.princeton.edu/ark:/88435/pr1q214-
dc.relation.replaces88435/pr1q214-
dc.rightsAuthor's manuscripten_US
dc.titleBlind attacks on machine learnersen_US
dc.typeConference Articleen_US
pu.type.symplectichttp://www.symplectic.co.uk/publications/atom-terms/1.0/conference-proceedingen_US

Files in This Item:
File Description SizeFormat