Online Data Poisoning Attacks

Xuezhou Zhang, Xiaojin Zhu, Laurent Lessard
Proceedings of the 2nd Conference on Learning for Dynamics and Control, PMLR 120:201-210, 2020.

Abstract

We study data poisoning attacks in the online learning setting, where training data arrive sequentially, and the attacker is eavesdropping the data stream and has the ability to contaminate the current data point to affect the online learning process. We formulate the optimal online attack problem as a stochastic optimal control problem, and provide a systematic solution using tools from model predictive control and deep reinforcement learning. We further provide theoretical analysis on the regret suffered by the attacker for not knowing the true data sequence. Experiments validate our control approach in generating near-optimal attacks on both supervised and unsupervised learning tasks.

Cite this Paper

BibTeX
@InProceedings{pmlr-v120-zhang20b, title = {Online Data Poisoning Attacks}, author = {Zhang, Xuezhou and Zhu, Xiaojin and Lessard, Laurent}, booktitle = {Proceedings of the 2nd Conference on Learning for Dynamics and Control}, pages = {201--210}, year = {2020}, editor = {Bayen, Alexandre M. and Jadbabaie, Ali and Pappas, George and Parrilo, Pablo A. and Recht, Benjamin and Tomlin, Claire and Zeilinger, Melanie}, volume = {120}, series = {Proceedings of Machine Learning Research}, month = {10--11 Jun}, publisher = {PMLR}, pdf = {http://proceedings.mlr.press/v120/zhang20b/zhang20b.pdf}, url = {https://proceedings.mlr.press/v120/zhang20b.html}, abstract = {We study data poisoning attacks in the online learning setting, where training data arrive sequentially, and the attacker is eavesdropping the data stream and has the ability to contaminate the current data point to affect the online learning process. We formulate the optimal online attack problem as a stochastic optimal control problem, and provide a systematic solution using tools from model predictive control and deep reinforcement learning. We further provide theoretical analysis on the regret suffered by the attacker for not knowing the true data sequence. Experiments validate our control approach in generating near-optimal attacks on both supervised and unsupervised learning tasks.} }
Endnote
%0 Conference Paper %T Online Data Poisoning Attacks %A Xuezhou Zhang %A Xiaojin Zhu %A Laurent Lessard %B Proceedings of the 2nd Conference on Learning for Dynamics and Control %C Proceedings of Machine Learning Research %D 2020 %E Alexandre M. Bayen %E Ali Jadbabaie %E George Pappas %E Pablo A. Parrilo %E Benjamin Recht %E Claire Tomlin %E Melanie Zeilinger %F pmlr-v120-zhang20b %I PMLR %P 201--210 %U https://proceedings.mlr.press/v120/zhang20b.html %V 120 %X We study data poisoning attacks in the online learning setting, where training data arrive sequentially, and the attacker is eavesdropping the data stream and has the ability to contaminate the current data point to affect the online learning process. We formulate the optimal online attack problem as a stochastic optimal control problem, and provide a systematic solution using tools from model predictive control and deep reinforcement learning. We further provide theoretical analysis on the regret suffered by the attacker for not knowing the true data sequence. Experiments validate our control approach in generating near-optimal attacks on both supervised and unsupervised learning tasks.
APA
Zhang, X., Zhu, X. & Lessard, L.. (2020). Online Data Poisoning Attacks. Proceedings of the 2nd Conference on Learning for Dynamics and Control, in Proceedings of Machine Learning Research 120:201-210 Available from https://proceedings.mlr.press/v120/zhang20b.html.

Related Material