adversarial classification on social networks

Adversarial Classification on Social Networks Sixie Yu 1 Yevgeniy - PowerPoint PPT Presentation

Mar 05, 2024 •157 likes •464 views

Adversarial Classification on Social Networks Sixie Yu 1 Yevgeniy Vorobeychik 1 Scott Alfeld 2 1 Electrical Engineering and Computer Science Vanderbilt University 2 Computer Science Amherst College AAMAS 2018 ( Electrical Engineering and

  1. Adversarial Classification on Social Networks Sixie Yu 1 Yevgeniy Vorobeychik 1 Scott Alfeld 2 1 Electrical Engineering and Computer Science Vanderbilt University 2 Computer Science Amherst College AAMAS 2018 ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 1 / 21

  2. Problem Setting ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 2 / 21

  3. Motivation Over 50% adults in the U.S. regard social media as primary sources for news. [ holcomb2013news ]. Over 37 million news stories in 2016 U.S. Presidential election later proved fake. [ allcott2017social ] Anti-social posts/discussions are negatively affecting users and damage online communities. [ cheng2015antisocial ] Social network spams and phishing can defraud users and spread malwares. ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 3 / 21

  4. Traditional Defense Train a “global” detector from past data and deploy it everywhere. Ignore network structures, propagation of messgaes, and adversarial behavior. Not Adequate Adversaries can tune content to avoid being detected. Traditional learning approaches ignore network structures. The impact of detection errors. Being able to detect malicious content at multiple nodes creates a degree of redundancy. ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 4 / 21

  5. Table of Contents Continuous-Time Diffusion 1 Defender Model 2 Attacker Model 3 Stackelberg Game Formulatioin 4 Solution Approach 5 Experimental Results 6 References 7 ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 5 / 21

  6. Continuous-Time Diffusion The propagation of a message depends on both the network structure and the features of the message ( x ). ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 6 / 21

  7. Continuous-Time Diffusion The propagation of a message depends on both the network structure and the features of the message ( x ). A message started from a node s propagates to other nodes in a breadth-first search fashion. ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 6 / 21

  8. Continuous-Time Diffusion The propagation of a message depends on both the network structure and the features of the message ( x ). A message started from a node s propagates to other nodes in a breadth-first search fashion. The propagation time through an edge e is sampled from a distribution f e ( t ; w e , x ). ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 6 / 21

  9. Continuous-Time Diffusion The propagation of a message depends on both the network structure and the features of the message ( x ). A message started from a node s propagates to other nodes in a breadth-first search fashion. The propagation time through an edge e is sampled from a distribution f e ( t ; w e , x ). The time taken to affect a node i is the shortest path between s and i , where the weights of edges are propagation times associated with these edges. ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 6 / 21

  10. Continuous-Time Diffusion The propagation of a message depends on both the network structure and the features of the message ( x ). A message started from a node s propagates to other nodes in a breadth-first search fashion. The propagation time through an edge e is sampled from a distribution f e ( t ; w e , x ). The time taken to affect a node i is the shortest path between s and i , where the weights of edges are propagation times associated with these edges. A node is affected if its shortest path to s is above T , which is externally supplied. ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 6 / 21

  11. Continuous-Time Diffusion The propagation of a message depends on both the network structure and the features of the message ( x ). A message started from a node s propagates to other nodes in a breadth-first search fashion. The propagation time through an edge e is sampled from a distribution f e ( t ; w e , x ). The time taken to affect a node i is the shortest path between s and i , where the weights of edges are propagation times associated with these edges. A node is affected if its shortest path to s is above T , which is externally supplied. The influence of a message initially affecting a node s is defined as σ ( s , x ), which is the expected number of affected nodes over time window T . ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 6 / 21

  12. Table of Contents Continuous-Time Diffusion 1 Defender Model 2 Attacker Model 3 Stackelberg Game Formulatioin 4 Solution Approach 5 Experimental Results 6 References 7 ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 7 / 21

  13. Defender Model Innovations Learn and deploy heterogeneous detectors at different nodes. Explicitly considering both propagation of messages and adversarial manipulation during learning. � � � U d = α σ ( i , Θ , x ) − (1 − α ) σ ( s , Θ , z ( x )) (1) i ∈ V x ∈ D + x ∈ D − D − , D + are benign and malicious data, respectively. Θ = { θ 1 , θ 2 , · · · , θ | V | } being parameters of detectors at different nodes. The expected influence is now a function of the parameters of detectors (Θ), as well as manipulated messages ( z ( x )). x → z ( x ): adversarial manipulation. ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 8 / 21

  14. Table of Contents Continuous-Time Diffusion 1 Defender Model 2 Attacker Model 3 Stackelberg Game Formulatioin 4 Solution Approach 5 Experimental Results 6 References 7 ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 9 / 21

  15. Attacker Model Attacker’s actions Find a node s ∈ V to start propagation (reminiscent of the famous influence maximization problem). Transform x → z ( x ) in order to avoid detection. For any original malicious instance x ∈ D + : max σ ( i , Θ , z ) i , z (2) s . t || z − x || p ≤ ǫ 1 [ θ j ( z ) = 1] = 0 , ∀ j ∈ V ǫ : the attacker’s budget. θ j ( z ) = 1: the manipulated message is detected at node j . ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 10 / 21

  16. Table of Contents Continuous-Time Diffusion 1 Defender Model 2 Attacker Model 3 Stackelberg Game Formulatioin 4 Solution Approach 5 Experimental Results 6 References 7 ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 11 / 21

  17. Stackelberg Game The interaction between the defender and the attacker is modeled as a Stackelberg game. which proceeds as follow: The defender first learns Θ (the parameters of detectors at different nodes). The attacker observes Θ and construct its optimal attack against the defender. � � � max σ ( i , Θ , x ) − (1 − α ) σ ( s , Θ , z ( x )) α Θ x ∈ D + x ∈ D − i ∀ x ∈ D + : s . t . : ( s , z ( x )) ∈ arg max σ ( j , Θ , z ) j , z ∀ x ∈ D + : || z ( x ) − x || p ≤ ǫ ∀ x ∈ D + : 1 [ θ k ( x ) = 1] = 0 , ∀ k ∈ V � � The equilibrium of this game: Θ , s (Θ) , z ( x ; Θ) . ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 12 / 21

  18. Table of Contents Continuous-Time Diffusion 1 Defender Model 2 Attacker Model 3 Stackelberg Game Formulatioin 4 Solution Approach 5 Experimental Results 6 References 7 ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Classification on Social Networks AAMAS 2018 13 / 21

Recommend

Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial

Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial

Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial examples? Standard ML setup: We have training data; try to do well on withheld testing data. Adversarial/robust ML setup: We have training

672 views • 27 slides
Adversarial Training Attacks on Deep Networks and Generative Adversarial Networks Erkut Erdem

Adversarial Training Attacks on Deep Networks and Generative Adversarial Networks Erkut Erdem

images from Geris Game (Pixar, 1997) Adversarial Training Attacks on Deep Networks and Generative Adversarial Networks Erkut Erdem Aykut Erdem Levent Karacan Computer Vision Lab, Hacettepe University Outline Part 1: Attacks on

1.11k views • 72 slides
Generative Adversarial Networks Benjamin Striner CMU 11-785 March 21, 2018 Benjamin Striner

Generative Adversarial Networks Benjamin Striner CMU 11-785 March 21, 2018 Benjamin Striner

Generative Adversarial Networks Benjamin Striner CMU 11-785 March 21, 2018 Benjamin Striner (CMU 11-785) Generative Adversarial Networks March 21, 2018 1 / 79 Overview Benjamin Striner (CMU 11-785) Generative Adversarial Networks March

1k views • 82 slides
Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs William Wang 10:30 11:00 Break - 11:00 12:15 Adversarial Examples Sameer Singh 12:15 12:30 Conclusions and Question Answering William

1.75k views • 105 slides
Stronger and Faster Wasserstein Adversarial Attacks Kaiwen Wu kaiwen.wu@uwaterloo.ca Joint work

Stronger and Faster Wasserstein Adversarial Attacks Kaiwen Wu kaiwen.wu@uwaterloo.ca Joint work

Stronger and Faster Wasserstein Adversarial Attacks Kaiwen Wu kaiwen.wu@uwaterloo.ca Joint work with Allen Wang and Yaoliang Yu K.Wu, A.Wang and Y.Yu Wasserstein Adversarial Attacks July 29, 2020 1 / 18 Adversarial Examples Adversarial

1.04k views • 38 slides
Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias

Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias

Confidence-Calibrated Adversarial Training Generalizing to Unseen Attacks David Stutz, Matthias Hein, Bernt Schiele 2-Minute Overview Problem: Robustness to various adversarial examples. Adversarial training on L adversarial examples:

635 views • 34 slides
Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu xiwu@cs.wisc.edu Joint work with Uyeong Jang, Jiefeng Chen, Lingjiao Chen, and Somesh Jha July 19, 2018 Xi Wu Model Confidence and Adversarial

740 views • 9 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google Brain CS 231n, Stanford University, 2017-05-30 Overview What are adversarial examples? Why do they happen? How can they be used to

868 views • 43 slides
Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Adversarial examples Adversarial examples Imperceptible perturbations to an input can change a neural network's prediction adversarial

1.06k views • 23 slides
CSC321 Lecture 22: Adversarial Learning Roger Grosse Roger Grosse CSC321 Lecture 22: Adversarial

CSC321 Lecture 22: Adversarial Learning Roger Grosse Roger Grosse CSC321 Lecture 22: Adversarial

CSC321 Lecture 22: Adversarial Learning Roger Grosse Roger Grosse CSC321 Lecture 22: Adversarial Learning 1 / 26 Overview Two topics for today: Adversarial examples: examples carefully crafted to cause an undesirable behavior (e.g.

412 views • 26 slides
Generative Adversarial Networks, Wasserstein Distance, and Adversarial Loss Zhiyu Min Alibaba

Generative Adversarial Networks, Wasserstein Distance, and Adversarial Loss Zhiyu Min Alibaba

Generative Adversarial Networks, Wasserstein Distance, and Adversarial Loss Zhiyu Min Alibaba AliMe X-Lab Outline GAN Definition and formulation Saddle point optimization Vanishing gradient Alternative objective for Generator

516 views • 25 slides
Robust Estimation and Generative Adversarial Networks Weizhi ZHU Hong Kong University of Science

Robust Estimation and Generative Adversarial Networks Weizhi ZHU Hong Kong University of Science

Robust Estimation and Generative Adversarial Networks Weizhi ZHU Hong Kong University of Science and Technology wzhuai@ust.hk April 3, 2019 Robust Estimation and Generative Adversarial Nets [GLYZ18] Generative Adversarial Nets for Robust

252 views • 24 slides
Introduction to Generative Adversarial Networks Ian Goodfellow, OpenAI Research Scientist NIPS

Introduction to Generative Adversarial Networks Ian Goodfellow, OpenAI Research Scientist NIPS

Introduction to Generative Adversarial Networks Ian Goodfellow, OpenAI Research Scientist NIPS 2016 Workshop on Adversarial Training Barcelona, 2016-12-9 Adversarial Training A phrase whose usage is in flux; a new term that applies to both

792 views • 25 slides
Graph Classification Classification Outline Introduction, Overview Classification using

Graph Classification Classification Outline Introduction, Overview Classification using

Graph Classification Classification Outline Introduction, Overview Classification using Graphs Graph classification Direct Product Kernel Predictive Toxicology example dataset Vertex classification Laplacian Kernel

605 views • 33 slides
Classification of Symmetry Classification of Symmetry Classification of Symmetry Classification

Classification of Symmetry Classification of Symmetry Classification of Symmetry Classification

Classification of Symmetry Classification of Symmetry Classification of Symmetry Classification of Symmetry Protected Topological Phases Protected Topological Phases Protected Topological Phases Protected Topological Phases in Interacting

492 views • 32 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Guest

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Guest

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Guest lecture for CS 294-131, UC Berkeley, 2016-10-05 In this presentation Intriguing Properties of Neural Networks Szegedy et al, 2013

660 views • 44 slides
On Graphs with Minimal Eternal Vertex Cover Number Veena Prabhakaran Department of Computer

On Graphs with Minimal Eternal Vertex Cover Number Veena Prabhakaran Department of Computer

Introduction Characterization Algorithms Conclusion On Graphs with Minimal Eternal Vertex Cover Number Veena Prabhakaran Department of Computer Science and Engineering, Indian Institute Of Technology, Palakkad Co-authors: Jasine Babu, L.

708 views • 31 slides
Cooperative Multiagent Patrolling for Detecting Multiple Illegal Actions Under Uncertainty Best

Cooperative Multiagent Patrolling for Detecting Multiple Illegal Actions Under Uncertainty Best

Cooperative multiagent patrolling DEC-POMDPs with context Experiments Conclusion Cooperative Multiagent Patrolling for Detecting Multiple Illegal Actions Under Uncertainty Best Paper ICTAI 2016 Aur elie Beynier 19 juin 2017 1 / 26

498 views • 29 slides
Computing Game-Theoretic Solutions for Security Vincent Conitzer Dmytro Korzhyk Dmytro Korzhyk

Computing Game-Theoretic Solutions for Security Vincent Conitzer Dmytro Korzhyk Dmytro Korzhyk

Computing Game-Theoretic Solutions for Security Vincent Conitzer Dmytro Korzhyk Dmytro Korzhyk Joshua Letchford Joshua Letchford Duke University overview article: V. Conitzer. Computing Game-Theoretic Solutions and Applications to Security.

542 views • 37 slides
Artificial Intelligence in Robotics Lecture 13: Patrolling Viliam Lis Artificial Intelligence

Artificial Intelligence in Robotics Lecture 13: Patrolling Viliam Lis Artificial Intelligence

Artificial Intelligence in Robotics Lecture 13: Patrolling Viliam Lis Artificial Intelligence Center Department of Computer Science, Faculty of Electrical Eng. Czech Technical University in Prague Mathematical programming LP MILP Some of

866 views • 24 slides
Introduction to Game Theory (1) Mehdi Dastani BBL-521 M.M.Dastani@uu.nl Game Theory What is

Introduction to Game Theory (1) Mehdi Dastani BBL-521 M.M.Dastani@uu.nl Game Theory What is

Introduction to Game Theory (1) Mehdi Dastani BBL-521 M.M.Dastani@uu.nl Game Theory What is the subject matter of game theory and which phenomena does it help us understand? What is the problem of game theory? What are the

637 views • 26 slides
Equivalences of pushdown systems are hard Petr Jan car Dept of Computer Science Technical

Equivalences of pushdown systems are hard Petr Jan car Dept of Computer Science Technical

Equivalences of pushdown systems are hard Petr Jan car Dept of Computer Science Technical University Ostrava (FEI V SB-TUO), Czech Republic www.cs.vsb.cz/jancar FoSSaCS14, part of ETAPS 2014 Grenoble, 11 Apr 2014 Petr Jan car (TU

994 views • 84 slides
Semantics and Verification 2005 Lecture 6 Hennessy-Milner logic and temporal properties lattice

Semantics and Verification 2005 Lecture 6 Hennessy-Milner logic and temporal properties lattice

Introduction Lattice Theory Tarskis Fixed Point Theorem Semantics and Verification 2005 Lecture 6 Hennessy-Milner logic and temporal properties lattice theory, Tarskis fixed point theorem computing fixed points on finite lattices

350 views • 11 slides
Adaptive Strategies in RoboCup Soccer University of Hamburg Faculty of Mathematics, Informatics

Adaptive Strategies in RoboCup Soccer University of Hamburg Faculty of Mathematics, Informatics

MIN Faculty Department of Informatics Adaptive Strategies in RoboCup Soccer University of Hamburg Faculty of Mathematics, Informatics and Natural Science Department of Informatics Technical Aspects of Multimodal Systems v 12.11.18 | L UCA K

367 views • 24 slides

More recommend