PAC-Learning for Strategic Classification

Machine learning (ML) algorithms may be susceptible to being gamed by individuals with knowledge of the algorithm (a.k.a. Goodhart's law). Such concerns have motivated a surge of recent work on strategic classification where each data point is a self-interested agent and may strategically manipulate his features to induce a more desirable classification outcome for himself. Previous works assume agents have homogeneous preferences and all equally prefer the positive label. This paper generalizes strategic classification to settings where different data points may have different preferences over the classification outcomes. Besides a richer model, this generalization allows us to include evasion attacks in adversarial ML also as a special case of our model where positive [resp. negative] data points prefer the negative [resp. positive] label, and thus for the first time allows strategic and adversarial learning to be studied under the same framework. We introduce the strategic VC-dimension (SVC), which captures the PAC-learnability of a hypothesis class in our general strategic setup. SVC generalizes the notion of adversarial VC-dimension (AVC) introduced recently by Cullina et al. arXiv:1806.01471. We then instantiate our framework for arguably the most basic hypothesis class, i.e., linear classifiers. We fully characterize the statistical learnability of linear classifiers by pinning down its SVC and the computational tractability by pinning down the complexity of the empirical risk minimization problem. Our bound of SVC for linear classifiers also strictly generalizes the AVC bound for linear classifiers in arXiv:1806.01471. Finally, we briefly study the power of randomization in our strategic classification setup. We show that randomization may strictly increase the accuracy in general, but will not help in the special case of adversarial classification under evasion attacks.

[1]  Aaron Roth,et al.  Strategic Classification from Revealed Preferences , 2017, EC.

[2]  Yang Liu,et al.  Actionable Recourse in Linear Classification , 2018, FAT.

[3]  Tamer Basar,et al.  Price of Transparency in Strategic Machine Learning , 2016, ArXiv.

[4]  Vincent Conitzer,et al.  Computing the optimal strategy to commit to , 2006, EC '06.

[5]  Prateek Mittal,et al.  PAC-learning in the presence of adversaries , 2018, NeurIPS.

[6]  Fabio Roli,et al.  Evasion Attacks against Machine Learning at Test Time , 2013, ECML/PKDD.

[7]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[8]  Aravindan Vijayaraghavan,et al.  On Robustness to Adversarial Examples and Polynomial Optimization , 2019, NeurIPS.

[9]  Christos H. Papadimitriou,et al.  Strategic Classification , 2015, ITCS.

[10]  Yevgeniy Vorobeychik,et al.  Feature Cross-Substitution in Adversarial Classification , 2014, NIPS.

[11]  Ling Huang,et al.  Stealthy poisoning attacks on PCA-based anomaly detectors , 2009, SIGMETRICS Perform. Evaluation Rev..

[12]  Jon M. Kleinberg,et al.  How Do Classifiers Induce Agents to Invest Effort Strategically? , 2018, EC.

[13]  Chang Liu,et al.  Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[14]  David Lazer,et al.  Measuring Price Discrimination and Steering on E-commerce Web Sites , 2014, Internet Measurement Conference.

[15]  Zhiwei Steven Wu,et al.  Gaming Helps! Learning from Strategic Interactions in Natural Dynamics , 2021, AISTATS.

[16]  Vincent Conitzer,et al.  When Samples Are Strategically Selected , 2019, ICML.

[17]  Vincent Conitzer,et al.  Distinguishing Distributions When Samples Are Strategically Transformed , 2019, NeurIPS.

[18]  Susmita Sur-Kolay,et al.  Systematic Poisoning Attacks on and Defenses for Machine Learning in Healthcare , 2015, IEEE Journal of Biomedical and Health Informatics.

[19]  Seyed-Mohsen Moosavi-Dezfooli,et al.  Universal Adversarial Perturbations , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[20]  Ariel D. Procaccia,et al.  Incentive compatible regression learning , 2008, SODA '08.

[21]  Mark Braverman,et al.  The Role of Randomness and Noise in Strategic Classification , 2020, FORC.

[22]  Ariel D. Procaccia,et al.  Strategyproof Linear Regression in High Dimensions , 2018, EC.

[23]  Shai Ben-David,et al.  Understanding Machine Learning: From Theory to Algorithms , 2014 .

[24]  Xiaotie Deng,et al.  Settling the complexity of computing two-player Nash equilibria , 2007, JACM.

[25]  Javier Perote,et al.  Strategy-proof estimators for simple regression , 2004, Math. Soc. Sci..

[26]  Brian Axelrod,et al.  Causal Strategic Linear Regression , 2020, ICML.

[27]  Vincent Conitzer,et al.  Incentive-Aware PAC Learning , 2021, AAAI.

[28]  Yang Liu,et al.  Learning Strategy-Aware Linear Classifiers , 2020, NeurIPS.

[29]  Umar Syed,et al.  Learning Prices for Repeated Auctions with Strategic Buyers , 2013, NIPS.

[30]  Mehryar Mohri,et al.  Revenue Optimization against Strategic Buyers , 2015, NIPS.

[31]  Blaine Nelson,et al.  Poisoning Attacks against Support Vector Machines , 2012, ICML.

[32]  Nicole Immorlica,et al.  The Disparate Effects of Strategic Manipulation , 2018, FAT.

[33]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[34]  Anca D. Dragan,et al.  The Social Cost of Strategic Classification , 2018, FAT.

[35]  Moritz Hardt,et al.  Strategic Classification is Causal Modeling in Disguise , 2019, ICML.

[36]  Seth Flaxman,et al.  EU regulations on algorithmic decision-making and a "right to explanation" , 2016, ArXiv.

[37]  Frank A. Pasquale,et al.  [89WashLRev0001] The Scored Society: Due Process for Automated Predictions , 2014 .

[38]  Prasad Raghavendra,et al.  Agnostic Learning of Monomials by Halfspaces Is Hard , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[39]  Tobias Scheffer,et al.  Stackelberg games for adversarial prediction problems , 2011, KDD.

[40]  Alexey Drutsa,et al.  Optimal Pricing in Repeated Posted-Price Auctions with Different Patience of the Seller and the Buyer , 2019, NeurIPS.