PAC-Learning for Strategic Classification

Machine learning (ML) algorithms may be susceptible to being gamed by individuals with knowledge of the algorithm (a.k.a. Goodhart's law). Such concerns have motivated a surge of recent work on strategic classification where each data point is a self-interested agent and may strategically manipulate his features to induce a more desirable classification outcome for himself. Previous works assume agents have homogeneous preferences and all equally prefer the positive label. This paper generalizes strategic classification to settings where different data points may have different preferences over the classification outcomes. Besides a richer model, this generalization allows us to include evasion attacks in adversarial ML also as a special case of our model where positive [resp. negative] data points prefer the negative [resp. positive] label, and thus for the first time allows strategic and adversarial learning to be studied under the same framework. We introduce the strategic VC-dimension (SVC), which captures the PAC-learnability of a hypothesis class in our general strategic setup. SVC generalizes the notion of adversarial VC-dimension (AVC) introduced recently by Cullina et al. arXiv:1806.01471. We then instantiate our framework for arguably the most basic hypothesis class, i.e., linear classifiers. We fully characterize the statistical learnability of linear classifiers by pinning down its SVC and the computational tractability by pinning down the complexity of the empirical risk minimization problem. Our bound of SVC for linear classifiers also strictly generalizes the AVC bound for linear classifiers in arXiv:1806.01471. Finally, we briefly study the power of randomization in our strategic classification setup. We show that randomization may strictly increase the accuracy in general, but will not help in the special case of adversarial classification under evasion attacks.

[1]  Javier Perote,et al.  Strategy-proof estimators for simple regression , 2004, Math. Soc. Sci..

[2]  Yang Liu,et al.  Actionable Recourse in Linear Classification , 2018, FAT.

[3]  Aravindan Vijayaraghavan,et al.  On Robustness to Adversarial Examples and Polynomial Optimization , 2019, NeurIPS.

[4]  Mehryar Mohri,et al.  Revenue Optimization against Strategic Buyers , 2015, NIPS.

[5]  Heinrich von Stackelberg Market Structure and Equilibrium , 2010 .

[6]  Fabio Roli,et al.  Evasion Attacks against Machine Learning at Test Time , 2013, ECML/PKDD.

[7]  Samuel B. Williams,et al.  Association for Computing Machinery , 2009 .

[8]  Vincent Conitzer,et al.  Incentive-Aware PAC Learning , 2021, AAAI.

[9]  Vincent Conitzer,et al.  When Samples Are Strategically Selected , 2019, ICML.

[10]  Parag A. Pathak,et al.  What Really Matters in Designing School Choice Mechanisms , 2017 .

[11]  Vincent Conitzer,et al.  Computing the optimal strategy to commit to , 2006, EC '06.

[12]  Xiaotie Deng,et al.  Settling the complexity of computing two-player Nash equilibria , 2007, JACM.

[13]  Yiling Chen,et al.  Learning Strategy-Aware Linear Classifiers , 2019, NeurIPS.

[14]  Ling Huang,et al.  Stealthy poisoning attacks on PCA-based anomaly detectors , 2009, SIGMETRICS Perform. Evaluation Rev..

[15]  Tobias Scheffer,et al.  Stackelberg games for adversarial prediction problems , 2011, KDD.

[16]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[17]  Jon M. Kleinberg,et al.  How Do Classifiers Induce Agents to Invest Effort Strategically? , 2018, EC.

[18]  Prasad Raghavendra,et al.  Agnostic Learning of Monomials by Halfspaces Is Hard , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[19]  Susmita Sur-Kolay,et al.  Systematic Poisoning Attacks on and Defenses for Machine Learning in Healthcare , 2015, IEEE Journal of Biomedical and Health Informatics.

[20]  Shai Ben-David,et al.  Understanding Machine Learning - From Theory to Algorithms , 2014 .

[21]  Yevgeniy Vorobeychik,et al.  Feature Cross-Substitution in Adversarial Classification , 2014, NIPS.

[22]  Ariel D. Procaccia,et al.  Incentive compatible regression learning , 2008, SODA '08.

[23]  Mark Braverman,et al.  The Role of Randomness and Noise in Strategic Classification , 2020, FORC.

[24]  Zhiwei Steven Wu,et al.  Causal Feature Discovery through Strategic Modification , 2020, ArXiv.

[25]  Prateek Mittal,et al.  PAC-learning in the presence of adversaries , 2018, NeurIPS.

[26]  Alexey Drutsa,et al.  Optimal Pricing in Repeated Posted-Price Auctions with Different Patience of the Seller and the Buyer , 2019, NeurIPS.

[27]  Umar Syed,et al.  Learning Prices for Repeated Auctions with Strategic Buyers , 2013, NIPS.

[28]  Moritz Hardt,et al.  Strategic Classification is Causal Modeling in Disguise , 2019, ICML.

[29]  Seyed-Mohsen Moosavi-Dezfooli,et al.  Universal Adversarial Perturbations , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[30]  Nicole Immorlica,et al.  The Disparate Effects of Strategic Manipulation , 2018, FAT.

[31]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[32]  Chang Liu,et al.  Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[33]  Ariel D. Procaccia,et al.  Strategyproof Linear Regression in High Dimensions , 2018, EC.

[34]  Brian Axelrod,et al.  Causal Strategic Linear Regression , 2020, ICML.

[35]  Blaine Nelson,et al.  Poisoning Attacks against Support Vector Machines , 2012, ICML.

[36]  Christos H. Papadimitriou,et al.  Strategic Classification , 2015, ITCS.

[37]  David Lazer,et al.  Measuring Price Discrimination and Steering on E-commerce Web Sites , 2014, Internet Measurement Conference.

[38]  Anca D. Dragan,et al.  The Social Cost of Strategic Classification , 2018, FAT.

[39]  Tamer Basar,et al.  Price of Transparency in Strategic Machine Learning , 2016, ArXiv.

[40]  Seth Flaxman,et al.  EU regulations on algorithmic decision-making and a "right to explanation" , 2016, ArXiv.

[41]  Vincent Conitzer,et al.  Distinguishing Distributions When Samples Are Strategically Transformed , 2019, NeurIPS.

[42]  Aaron Roth,et al.  Strategic Classification from Revealed Preferences , 2017, EC.

[43]  Frank A. Pasquale,et al.  [89WashLRev0001] The Scored Society: Due Process for Automated Predictions , 2014 .