Online Data Poisoning Attacks

We study data poisoning attacks in the online learning setting, where training data arrive sequentially, and the attacker is eavesdropping the data stream and has the ability to contaminate the current data point to affect the online learning process. We formulate the optimal online attack problem as a stochastic optimal control problem, and provide a systematic solution using tools from model predictive control and deep reinforcement learning. We further provide theoretical analysis on the regret suffered by the attacker for not knowing the true data sequence. Experiments validate our control approach in generating near-optimal attacks on both supervised and unsupervised learning tasks.

[1]  J. Bezdek,et al.  FCM: The fuzzy c-means clustering algorithm , 1984 .

[2]  Pravin Varaiya,et al.  Stochastic Systems: Estimation, Identification, and Adaptive Control , 1986 .

[3]  A. Isidori,et al.  Adaptive control of linearizable systems , 1989 .

[4]  L. Holmström,et al.  Asymptotic bounds for the expected L 1 error of a multivariate kernel density estimator , 1992 .

[5]  Ian Postlethwaite,et al.  Multivariable Feedback Control: Analysis and Design , 1996 .

[6]  B. Pasik-Duncan,et al.  Adaptive Control , 1996, IEEE Control Systems.

[7]  Claude-Nicolas Fiechter,et al.  PAC adaptive control of linear systems , 1997, COLT '97.

[8]  David Q. Mayne,et al.  Constrained model predictive control: Stability and optimality , 2000, Autom..

[9]  Michael Kearns,et al.  Near-Optimal Reinforcement Learning in Polynomial Time , 2002, Machine Learning.

[10]  Lorenz T. Biegler,et al.  On the implementation of an interior-point filter line-search algorithm for large-scale nonlinear programming , 2006, Math. Program..

[11]  J. Doug Tygar,et al.  Adversarial machine learning , 2019, AISec '11.

[12]  Blaine Nelson,et al.  Poisoning Attacks against Support Vector Machines , 2012, ICML.

[13]  Cristina Nita-Rotaru,et al.  On the Practicality of Integrity Attacks on Document-Level Sentiment Analysis , 2014, AISec '14.

[14]  Xiaojin Zhu,et al.  Using Machine Teaching to Identify Optimal Training-Set Attacks on Machine Learners , 2015, AAAI.

[15]  Claudia Eckert,et al.  Support vector machines under adversarial label contamination , 2015, Neurocomputing.

[16]  Yuval Tassa,et al.  Continuous control with deep reinforcement learning , 2015, ICLR.

[17]  Yevgeniy Vorobeychik,et al.  Data Poisoning Attacks on Factorization-Based Collaborative Filtering , 2016, NIPS.

[18]  Doreen Meier,et al.  Introduction To Stochastic Control Theory , 2016 .

[19]  Paul Barford,et al.  Data Poisoning Attacks against Autoregressive Models , 2016, AAAI.

[20]  Fabio Roli,et al.  Towards Poisoning of Deep Learning Algorithms with Back-gradient Optimization , 2017, AISec@CCS.

[21]  Percy Liang,et al.  Understanding Black-box Predictions via Influence Functions , 2017, ICML.

[22]  Iain Dunning,et al.  JuMP: A Modeling Language for Mathematical Optimization , 2015, SIAM Rev..

[23]  Alberto Bemporad,et al.  Predictive Control for Linear and Hybrid Systems , 2017 .

[24]  Rémi Munos,et al.  Minimax Regret Bounds for Reinforcement Learning , 2017, ICML.

[25]  Brent Lagesse,et al.  Analysis of Causative Attacks against SVMs Learning from Data Streams , 2017, IWSPA@CODASPY.

[26]  Le Song,et al.  Iterative Machine Teaching , 2017, ICML.

[27]  Dawn Xiaodong Song,et al.  Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning , 2017, ArXiv.

[28]  Xiaojin Zhu,et al.  An Optimal Control View of Adversarial Machine Learning , 2018, ArXiv.

[29]  Xiaojin Zhu,et al.  Training Set Camouflage , 2018, GameSec.

[30]  Lihong Li,et al.  Data Poisoning Attacks in Contextual Bandits , 2018, GameSec.

[31]  Yizhen Wang,et al.  Data Poisoning Attacks against Online Learning , 2018, ArXiv.

[32]  Lihong Li,et al.  Adversarial Attacks on Stochastic Bandits , 2018, NeurIPS.

[33]  Avinatan Hassidim,et al.  Online Linear Quadratic Control , 2018, ICML.

[34]  Xiaojin Zhu,et al.  An Optimal Control Approach to Sequential Machine Teaching , 2018, AISTATS.

[35]  Xiaojin Zhu,et al.  Optimal Adversarial Attack on Autoregressive Models , 2019, ArXiv.

[36]  Sham M. Kakade,et al.  Online Control with Adversarial Disturbances , 2019, ICML.

[37]  Nikolai Matni,et al.  On the Sample Complexity of the Linear Quadratic Regulator , 2017, Foundations of Computational Mathematics.