Blind Attacks on Machine Learners
نویسندگان
چکیده
The importance of studying the robustness of learners to malicious data is well established. While much work has been done establishing both robust estimators and effective data injection attacks when the attacker is omniscient, the ability of an attacker to provably harm learning while having access to little information is largely unstudied. We study the potential of a “blind attacker” to provably limit a learner’s performance by data injection attack without observing the learner’s training set or any parameter of the distribution from which it is drawn. We provide examples of simple yet effective attacks in two settings: firstly, where an “informed learner” knows the strategy chosen by the attacker, and secondly, where a “blind learner” knows only the proportion of malicious data and some family to which the malicious distribution chosen by the attacker belongs. For each attack, we analyze minimax rates of convergence and establish lower bounds on the learner’s minimax risk, exhibiting limits on a learner’s ability to learn under data injection attack even when the attacker is “blind”.
منابع مشابه
Using Machine Teaching to Identify Optimal Training-Set Attacks on Machine Learners
We investigate a problem at the intersection of machine learning and security: training-set attacks on machine learners. In such attacks an attacker contaminates the training data so that a specific learning algorithm would produce a model profitable to the attacker. Understanding training-set attacks is important as more intelligent agents (e.g. spam filters and robots) are equipped with learn...
متن کاملSome Submodular Data-Poisoning Attacks on Machine Learners
The security community has long recognized the threats of data-poisoning attacks (a.k.a. causative attacks) on machine learning systems [1–6, 9, 10, 12, 16], where an attacker modifies the training data, so that the learning algorithm arrives at a “wrong” model that is useful to the attacker. To quantify the capacity and limits of such attacks, we need to know first how the attacker may modify ...
متن کاملIncreasing the Capacity and PSNR in Blind Watermarking Resist Against Cropping Attacks
Watermarking has increased dramatically in recent years in the Internet and digital media. Watermarking is one of the powerful tools to protect copyright. Local image features have been widely used in watermarking techniques based on feature points. In various papers, the invariance feature has been used to obtain the robustness against attacks. The purpose of this research was based on local f...
متن کاملComparison between Intravenous Sodium Valproate and Subcutaneous Sumatriptan for Treatment of Acute Migraine Attacks; Double-Blind Randomized Clinical Trial
Background: Sodium valproate (SV) has been approved for migraine prophylaxis and its intravenous form is used to treat acute migraine attacks. We compared the efficacy and safety of intravenous SV and subcutaneous Sumatriptan in managing acute migraine attacks. Methods: This double-blind randomized clinical trial divided 90 patients into two groups: one group received 400 mg of intravenous SV a...
متن کاملAPL: Audio Programming Language for Blind Learners
Programming languages have been increasingly mapping end-users needs and mental models. They have expanded the number of users who can program or learn how to program. They are focused on sighted users. This study introduces APL, an Audio Programming Language for blind learners. APL is a programming language with audio-based interfaces to assist blind learners to develop problem solving and alg...
متن کامل