Adversarial Robustness of Streaming Algorithms through Importance Sampling

Robustness against adversarial attacks has recently been at the forefront of algorithmic design for machine learning tasks. In the adversarial streaming model, an adversary gives an algorithm a sequence of adaptively chosen updates u1, . . . , un as a data stream. The goal of the algorithm is to compute or approximate some predetermined function for every prefix of the adversarial stream, but the adversary may generate future updates based on previous outputs of the algorithm. In particular, the adversary may gradually learn the random bits internally used by an algorithm to manipulate dependencies in the input. This is especially problematic as many important problems in the streaming model require randomized algorithms, as they are known to not admit any deterministic algorithms that use sublinear space. In this paper, we introduce adversarially robust streaming algorithms for central machine learning and algorithmic tasks, such as regression and clustering, as well as their more general counterparts, subspace embedding, low-rank approximation, and coreset construction. For regression and other numerical linear algebra related tasks, we consider the row arrival streaming model. Our results are based on a simple, but powerful, observation that many importance sampling-based algorithms give rise to adversarial robustness which is in contrast to sketching based algorithms, which are very prevalent in the streaming literature but suffer from adversarial attacks. In addition, we show that the well-known merge and reduce paradigm in streaming is adversarially robust. Since the merge and reduce paradigm allows coreset constructions in the streaming setting, we thus obtain robust algorithms for k-means, k-median, k-center, Bregman clustering, projective clustering, principal component analysis (PCA) and non-negative matrix factorization. To the best of our knowledge, these are the first adversarially robust results for these problems yet require no new algorithmic implementations. Finally, we empirically confirm the robustness of our algorithms on various adversarial attacks and demonstrate that by contrast, some common existing algorithms are not robust.

[1]  Yoshua Bengio,et al.  Small-GAN: Speeding Up GAN Training Using Core-sets , 2019, ICML.

[2]  Nisheeth K. Vishnoi,et al.  Coresets for clustering in Euclidean spaces: importance sampling is nearly optimal , 2020, STOC.

[3]  Vladimir Braverman,et al.  Improved Algorithms for Time Decay Streams , 2019, APPROX-RANDOM.

[4]  Haim Kaplan,et al.  Separating Adaptive Streaming from Oblivious Streaming , 2021, ArXiv.

[5]  Aaron Sidford,et al.  Dynamic Streaming Spectral Sparsification in Nearly Linear Time and Space , 2019, ArXiv.

[6]  David P. Woodruff,et al.  Near Optimal Linear Algebra in the Online and Sliding Window Models , 2020, 2020 IEEE 61st Annual Symposium on Foundations of Computer Science (FOCS).

[7]  Vladimir Braverman,et al.  One Sketch to Rule Them All: Rethinking Network Flow Monitoring with UnivMon , 2016, SIGCOMM.

[8]  Ashish Goel,et al.  Graph Sparsification via Refinement Sampling , 2010, ArXiv.

[9]  Sudipto Guha,et al.  Graph Sparsification in the Semi-streaming Model , 2009, ICALP.

[10]  Janardhan Kulkarni,et al.  Differentially Private Release of Synthetic Graphs , 2020, SODA.

[11]  Nikhil Srivastava,et al.  Graph sparsification by effective resistances , 2008, SIAM J. Comput..

[12]  Bo Zong,et al.  Robust Graph Representation Learning via Neural Sparsification , 2020, ICML.

[13]  David P. Woodruff,et al.  Coresets and sketches for high dimensional subspace approximation problems , 2010, SODA '10.

[14]  Aleksander Madry,et al.  Robustness May Be at Odds with Accuracy , 2018, ICLR.

[15]  Haim Kaplan,et al.  Adversarially Robust Streaming Algorithms via Differential Privacy , 2020, NeurIPS.

[16]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[17]  Hao Wang,et al.  Online Streaming Feature Selection , 2010, ICML.

[18]  Jakub W. Pachocki,et al.  Online Row Sampling , 2016, APPROX-RANDOM.

[19]  David P. Woodruff,et al.  Frequent Directions: Simple and Deterministic Matrix Sketching , 2015, SIAM J. Comput..

[20]  Vladimir Braverman,et al.  Data-Independent Neural Pruning via Coresets , 2020, ICLR.

[21]  Volkan Cevher,et al.  Streaming Robust Submodular Maximization: A Partitioned Thresholding Approach , 2017, NIPS.

[22]  Xin Xiao,et al.  On the Sensitivity of Shape Fitting Problems , 2012, FSTTCS.

[23]  Trevor Campbell,et al.  Coresets for Scalable Bayesian Logistic Regression , 2016, NIPS.

[24]  Grigory Yaroslavtsev,et al.  Adversarially Robust Submodular Maximization under Knapsack Constraints , 2019, KDD.

[25]  Andreas Krause,et al.  Practical Coreset Constructions for Machine Learning , 2017, 1703.06476.

[26]  Vladimir Braverman,et al.  New Frameworks for Offline and Streaming Coreset Constructions , 2016, ArXiv.

[27]  Ji Liu,et al.  Gradient Sparsification for Communication-Efficient Distributed Optimization , 2017, NeurIPS.

[28]  Dan Feldman,et al.  Coresets for Gaussian Mixture Models of Any Shape , 2019, ArXiv.

[29]  Dan Feldman,et al.  Data-Dependent Coresets for Compressing Neural Networks with Applications to Generalization Bounds , 2018, ICLR.

[30]  Volkan Cevher,et al.  Robust Submodular Maximization: A Non-Uniform Partitioning Approach , 2017, ICML.

[31]  Ravi Kumar,et al.  Sampling algorithms: lower bounds and applications , 2001, STOC '01.

[32]  Feifei Li,et al.  At-the-time and Back-in-time Persistent Sketches , 2021, SIGMOD Conference.

[33]  Aleksander Madry,et al.  Towards Deep Learning Models Resistant to Adversarial Attacks , 2017, ICLR.

[34]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[35]  João Gama,et al.  Machine learning for streaming data: state of the art, challenges, and opportunities , 2019, SKDD.

[36]  Jayadev Misra,et al.  Finding Repeated Elements , 1982, Sci. Comput. Program..

[37]  Murad Tukan,et al.  On Coresets for Support Vector Machines , 2020, TAMC.

[38]  Xin Xiao,et al.  A near-linear algorithm for projective clustering integer points , 2012, SODA.

[39]  Noga Alon,et al.  Adversarial laws of large numbers and optimal regret in online classification , 2021, STOC.

[40]  Christian Sohler,et al.  StreamKM++: A clustering algorithm for data streams , 2010, JEAL.

[41]  Tight Bounds for Adversarially Robust Streams and Sliding Windows via Difference Estimators , 2020, 2021 IEEE 62nd Annual Symposium on Foundations of Computer Science (FOCS).

[42]  Logan Engstrom,et al.  Synthesizing Robust Adversarial Examples , 2017, ICML.

[43]  David P. Woodruff,et al.  Strong Coresets for k-Median and Subspace Approximation: Goodbye Dimension , 2018, 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS).

[44]  David P. Woodruff,et al.  A Framework for Adversarially Robust Streaming Algorithms , 2020, SIGMOD Rec..

[45]  Michael Langberg,et al.  A unified framework for approximating and clustering data , 2011, STOC.

[46]  Zhi-Hua Zhou,et al.  Learning With Feature Evolvable Streams , 2017, IEEE Transactions on Knowledge and Data Engineering.

[47]  Ryan A. Rossi,et al.  The Network Data Repository with Interactive Graph Analytics and Visualization , 2015, AAAI.

[48]  Srinivasan Parthasarathy,et al.  Local graph sparsification for scalable clustering , 2011, SIGMOD '11.

[49]  Talel Abdessalem,et al.  River: machine learning for streaming data in Python , 2020, J. Mach. Learn. Res..

[50]  Piotr Indyk,et al.  Maintaining Stream Statistics over Sliding Windows , 2002, SIAM J. Comput..

[51]  D. Freedman On Tail Probabilities for Martingales , 1975 .

[52]  Dan Feldman,et al.  Introduction to Core-sets: an Updated Survey , 2020, ArXiv.

[53]  Michael B. Cohen,et al.  Input Sparsity Time Low-rank Approximation via Ridge Leverage Score Sampling , 2015, SODA.

[54]  Graham Cormode,et al.  Sketch Algorithms for Estimating Point Queries in NLP , 2012, EMNLP.

[55]  David P. Woodruff,et al.  How robust are linear sketches to adaptive inputs? , 2012, STOC '13.

[56]  Michael B. Cohen,et al.  Dimensionality Reduction for k-Means Clustering and Low Rank Approximation , 2014, STOC.

[57]  David P. Woodruff,et al.  On Coresets for Logistic Regression , 2018, NeurIPS.

[58]  Eylon Yogev,et al.  The Adversarial Robustness of Sampling , 2019, IACR Cryptol. ePrint Arch..

[59]  David R. Karger,et al.  Approximating s – t Minimum Cuts in ~ O(n 2 ) Time , 2007 .