adversarial regression with multiple learners
play

Adversarial Regression with Multiple Learners Liang Tong 1 Sixie Yu - PowerPoint PPT Presentation

Feb 02, 2024 •2.96k likes •3.32k views

Adversarial Regression with Multiple Learners Liang Tong 1 Sixie Yu 1 Scott Alfeld 2 Yevgeniy Vorobeychik 1 1 Electrical Engineering and Computer Science Vanderbilt University 2 Computer Science Amherst College ICML 2018 ( Electrical

  1. Adversarial Regression with Multiple Learners Liang Tong ∗ 1 Sixie Yu ∗ 1 Scott Alfeld 2 Yevgeniy Vorobeychik 1 1 Electrical Engineering and Computer Science Vanderbilt University 2 Computer Science Amherst College ICML 2018 ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 1 / 21

  2. Problem Setting ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 2 / 21

  3. Motivation Adversaries can change features at test time to cause incorrect predictions. i.e., change features of a house (i.e., square feet, #rooms) to fool online real-estate evaluation system, or make invisible changes to pictures to fool classifier. ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 3 / 21

  4. Motivation Adversaries can change features at test time to cause incorrect predictions. i.e., change features of a house (i.e., square feet, #rooms) to fool online real-estate evaluation system, or make invisible changes to pictures to fool classifier. Previous investigations of this problem pit a single learner against an adversary. [ Bruckner11 , Dalvi04 , li2014feature , zhou2012 ] ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 3 / 21

  5. Motivation Adversaries can change features at test time to cause incorrect predictions. i.e., change features of a house (i.e., square feet, #rooms) to fool online real-estate evaluation system, or make invisible changes to pictures to fool classifier. Previous investigations of this problem pit a single learner against an adversary. [ Bruckner11 , Dalvi04 , li2014feature , zhou2012 ] But an adversary’s decision is usually aimed at a collection of learners. i.e., an adversary crafts generic malwares and disseminate them widely. ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 3 / 21

  6. Motivation Adversaries can change features at test time to cause incorrect predictions. i.e., change features of a house (i.e., square feet, #rooms) to fool online real-estate evaluation system, or make invisible changes to pictures to fool classifier. Previous investigations of this problem pit a single learner against an adversary. [ Bruckner11 , Dalvi04 , li2014feature , zhou2012 ] But an adversary’s decision is usually aimed at a collection of learners. i.e., an adversary crafts generic malwares and disseminate them widely. The learners all make autonomous decisions about how to detect malicious content. ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 3 / 21

  7. Table of Contents Learner Model 1 Attacker Model 2 Multi-Learner Stackelberg Game (MLSG) 3 Existence and Uniqueness of the Equilibrium 4 Computing the MLNE 5 Robustness analysis 6 References 7 ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 4 / 21

  8. Learner Model ( X , y ): training dataset from an unknown distribution D . X = [ x 1 , ..., x m ] ⊤ and y = [ y 1 , y 2 , ..., y m ] ⊤ : x j the j th instance and y j its corresponding response variable. ′ (a modification of D ) Test data is drawn from a distribution D manipulated by the attacker. ′ ( D ) with probability β (1 − β ). An instance from D The action of the i th learner is to learn the parameters of the linear regression model: θ i , which results in ˆ y i = X θ i . The expected cost function of the i th learner: ′ ) = β E ( X ′ , y ) ∼D ′ [ ℓ ( X ′ θ i , y )] + (1 − β ) E ( X , y ) ∼D [ ℓ ( X θ i , y )] c i ( θ i , D (1) y − y || 2 where ℓ (ˆ y , y ) = || ˆ 2 . ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 5 / 21

  9. Table of Contents Learner Model 1 Attacker Model 2 Multi-Learner Stackelberg Game (MLSG) 3 Existence and Uniqueness of the Equilibrium 4 Computing the MLNE 5 Robustness analysis 6 References 7 ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 6 / 21

  10. Attacker Model ′ , y ), Every instance ( x , y ) is maliciously modified by the attacker to ( x with probability β . Assume the attacker has an instance-specific target z ( x ). ′ close to z ( x ). y = θ ⊤ The objective of the attacker: ˆ i x y − z || 2 The attacker’s objective is measured by: ℓ (ˆ y , z ) = || ˆ 2 . ′ incurs costs: R ( X ′ − X || 2 ′ , X ) = || X Transforming X to X F . The expected cost function of the attacker: n � ′ ) = ′ θ i , z ) + λ R ( X ′ , X ) c a ( { θ i } n i =1 , X ℓ ( X (2) i =1 ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 7 / 21

  11. Table of Contents Learner Model 1 Attacker Model 2 Multi-Learner Stackelberg Game (MLSG) 3 Existence and Uniqueness of the Equilibrium 4 Computing the MLNE 5 Robustness analysis 6 References 7 ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 8 / 21

  12. Multi-Learner Stackelberg Game (MLSG) The MLSG has two stages, which proceeds as follow: In the first stage the learners simultaneously learn their model parameters { θ i } n i =1 . In the second stage, after observing the learners’ decision , the attacker constructs its optimal attack (manipulating X ). Assumptions The learners have complete information about β , λ , and z . Each learner has the same action space Θ ⊆ R d × 1 , which is nonempty, compact, and convex. The columns of the test data X are linearly independent. ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 9 / 21

  13. Multi-Learner Stackelberg Game (MLSG) Definition (Multi-Learner Stackelberg Equilibrium (MLSE)) An action profile ( { θ ∗ i } n i =1 , X ∗ ) is an MLSE if it satisfies θ ∗ c i ( θ i , X ∗ ( θ )) , ∀ i ∈ N i = arg min θ i ∈ Θ (3) ′ ) . X ∗ ( θ ) = arg min c a ( { θ i } n i =1 , X s.t. X ′ ∈ R m × d where θ = { θ i } n i =1 constitutes the joint actions of the learners. MLSE is a blend between a Nash equilibrium (among all learners) and a Stackelberg equilibrium (between the learners and the attacker). ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 10 / 21

  14. Multi-Learner Stackelberg Game (MLSG) Lemma (Best Response of the Attacker) Given { θ i } n i =1 , the best response of the attacker is n n � � X ∗ = ( λ X + z i ) − 1 . θ ⊤ θ i θ ⊤ i )( λ I + (4) i =1 i =1 X ∗ has a closed form, as a function of { θ i } n i =1 . With this lemma, the learners’ cost functions become: c i ( θ i , θ − i ) = βℓ ( X ∗ ( θ i , θ − i ) θ i , y ) + (1 − β ) ℓ ( X θ i , y ) . (5) X ∗ ( θ i , θ − i ) MLSG = = = = = = ⇒ Multi-Learner Nash Game (MLNG) MLNG is a game among the learners. ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 11 / 21

  15. Table of Contents Learner Model 1 Attacker Model 2 Multi-Learner Stackelberg Game (MLSG) 3 Existence and Uniqueness of the Equilibrium 4 Computing the MLNE 5 Robustness analysis 6 References 7 ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 12 / 21

  16. Existence and Uniqueness of the Equilibrium We approximate the MLNG by deriving upper bounds on the learners’ cost functions. The approximated game is denoted by: �N , Θ , ( � c i ) � . Theorem (Existence of Nash Equilibrium) �N , Θ , ( � c i ) � is a symmetric game and it has at least one symmetric equilibrium. Theorem (Uniqueness of Nash Equilibrium) �N , Θ , ( � c i ) � has an unique Nash equilibrium, and this unique NE is symmetric. The equilibrium of �N , Θ , ( � c i ) � is defined as: Multi-Learner Nash Equilibrium (MLNE) ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 13 / 21

  17. Table of Contents Learner Model 1 Attacker Model 2 Multi-Learner Stackelberg Game (MLSG) 3 Existence and Uniqueness of the Equilibrium 4 Computing the MLNE 5 Robustness analysis 6 References 7 ( Electrical Engineering and Computer Science Vanderbilt University, Computer Science Amherst College ) Adversarial Regression with Multiple Learners ICML 2018 14 / 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Multiple Regression and Logistic Regression I Dajiang Liu @PHS 525 Apr-14-2016 Multiple

Multiple Regression and Logistic Regression I Dajiang Liu @PHS 525 Apr-14-2016 Multiple

Multiple Regression and Logistic Regression I Dajiang Liu @PHS 525 Apr-14-2016 Multiple Regression Extends simple linear regression to the scenario where Multiple predictors are available Multiple regression often results in better

673 views • 17 slides
Multiple Regression Peerapat Wongchaiwat, Ph.D. wongchaiwat@hotmail.com The Multiple Regression

Multiple Regression Peerapat Wongchaiwat, Ph.D. wongchaiwat@hotmail.com The Multiple Regression

Multiple Regression Peerapat Wongchaiwat, Ph.D. wongchaiwat@hotmail.com The Multiple Regression Model Examine the linear relationship between 1 dependent (Y) & 2 or more independent variables (X i ) Multiple Regression Model with k

821 views • 47 slides
Unit 7: Multiple linear regression 1. Introduction to multiple linear regression Sta 101 - Fall

Unit 7: Multiple linear regression 1. Introduction to multiple linear regression Sta 101 - Fall

Announcements Unit 7: Multiple linear regression 1. Introduction to multiple linear regression Sta 101 - Fall 2018 Project questions? Duke University, Department of Statistical Science Dr. Abrahamsen Slides posted at

537 views • 10 slides
Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr & Dan Boneh NeurIPS 2019 Adversarial examples 88% Tabby Cat 99% Guacamole Szegedy et al., 2014 Goodfellow et al., 2015 Athalye, 2017 Adversarial

564 views • 23 slides
Business Statistics CONTENTS Multiple regression Dummy regressors Assumptions of regression

Business Statistics CONTENTS Multiple regression Dummy regressors Assumptions of regression

MULTIPLE REGRESSION ANALYSIS AND OTHER ISSUES Business Statistics CONTENTS Multiple regression Dummy regressors Assumptions of regression analysis Predicting with regression analysis Old exam question Further study MULTIPLE REGRESSION The

721 views • 24 slides
Multiple Regression Review Instructor: G. William Schwert 275-2470

Multiple Regression Review Instructor: G. William Schwert 275-2470

Multiple Regression APS 425- Advanced Managerial Data Analysis APS 425 Fall 2015 Multiple Regression Review Instructor: G. William Schwert 275-2470 schwert@schwert.ssb.rochester.edu Multiple Regression Model We have studied the

460 views • 21 slides
Multiple Linear Regression James H. Steiger Department of Psychology and Human Development

Multiple Linear Regression James H. Steiger Department of Psychology and Human Development

Introduction The Multiple Regression Model Setting Up a Multiple Regression Model Multiple Linear Regression James H. Steiger Department of Psychology and Human Development Vanderbilt University Multilevel Regression Modeling, 2009

709 views • 41 slides
Multiple Regression Analysis Independent Variables Mechanics and Interpretation of OLS

Multiple Regression Analysis Independent Variables Mechanics and Interpretation of OLS

Motivation for Multiple Regression The Model with k Multiple Regression Analysis Independent Variables Mechanics and Interpretation of OLS Interpreting the OLS Caio Vigo Regression Line The Expected Value of the OLS The University of

2.75k views • 89 slides
Multiple Regression and Logistic Regression II Dajiang Liu @PHS 525 Apr-19-2016 Materials from

Multiple Regression and Logistic Regression II Dajiang Liu @PHS 525 Apr-19-2016 Materials from

Multiple Regression and Logistic Regression II Dajiang Liu @PHS 525 Apr-19-2016 Materials from Last Time Multiple regression model: Include multiple predictors in the model = + + +

345 views • 23 slides
Notation ^ y = b 0 + b 1 x 1 + b 2 x 2 + b 3 x 3 +. . .+ b k x k 0 = the y -intercept, or the

Notation ^ y = b 0 + b 1 x 1 + b 2 x 2 + b 3 x 3 +. . .+ b k x k 0 = the y -intercept, or the

Multiple Regression Multiple Regression Definition Definition Multiple Regression Equation Multiple Regression Equation A linear relationship between a dependent A linear relationship between a dependent variable y and two or more independent

453 views • 10 slides
Multiple Regression Rick Balkin, Ph.D., LPC-S, NCC Department of Counseling Texas A & M

Multiple Regression Rick Balkin, Ph.D., LPC-S, NCC Department of Counseling Texas A & M

Multiple Regression Rick Balkin, Ph.D., LPC-S, NCC Department of Counseling Texas A & M University-Commerce Rick_balkin@tamu-commerce.edu Balkin, R. S. (2008). Multiple Regression vs. ANOVA The purpose of multiple regression is to

413 views • 30 slides
Chapter 13 Multiple Regression and Model Building Multiple Regression Models The General

Chapter 13 Multiple Regression and Model Building Multiple Regression Models The General

Chapter 13 Multiple Regression and Model Building Multiple Regression Models The General Multiple Regression Model ... y x x x 0 1 1 2 2 k k is the dependent variable y are

621 views • 43 slides
Multiple Linear Regression Recall: a regression model describes how a dependent variable (or

Multiple Linear Regression Recall: a regression model describes how a dependent variable (or

ST 430/514 Introduction to Regression Analysis/Statistics for Management and the Social Sciences II Multiple Linear Regression Recall: a regression model describes how a dependent variable (or response ) Y is affected, on average, by one or more

526 views • 21 slides
R05 - Multiple Regression STAT 587 (Engineering) Iowa State University October 30, 2020

R05 - Multiple Regression STAT 587 (Engineering) Iowa State University October 30, 2020

R05 - Multiple Regression STAT 587 (Engineering) Iowa State University October 30, 2020 Multiple regression model Multiple regression Recall the simple linear regression model is ind N ( i , 2 ) , Y i i = 0 + 1 X i The

578 views • 37 slides
Multiple and Logistic Regression IV Dajiang Liu @PHS 525 Apr-21 st -2016 Review of Last Two

Multiple and Logistic Regression IV Dajiang Liu @PHS 525 Apr-21 st -2016 Review of Last Two

Multiple and Logistic Regression IV Dajiang Liu @PHS 525 Apr-21 st -2016 Review of Last Two Classes Linear regression model: Logistic regression model Deal with binary outcomes Why is multiple (simple) linear regression model

260 views • 15 slides
Week 3: Multiple Linear Regression Polynomials, log transformation, categorical variables,

Week 3: Multiple Linear Regression Polynomials, log transformation, categorical variables,

BUS41100 Applied Regression Analysis Week 3: Multiple Linear Regression Polynomials, log transformation, categorical variables, interactions & main effects Max H. Farrell The University of Chicago Booth School of Business Multiple vs

915 views • 56 slides
Scientific Computing I Conclusion and Outlook Michael Bader Lehrstuhl Informatik V Winter

Scientific Computing I Conclusion and Outlook Michael Bader Lehrstuhl Informatik V Winter

Scientific Computing I Michael Bader The Simulation Pipeline Scientific Computing I Conclusion and Outlook Michael Bader Lehrstuhl Informatik V Winter 2005/2006 Scientific The Simulation Pipeline Computing I Michael Bader The

522 views • 20 slides
Atheist Day What Type of Fool Are You? The Fool Proper The fool says in his heart, There

Atheist Day What Type of Fool Are You? The Fool Proper The fool says in his heart, There

Atheist Day What Type of Fool Are You? The Fool Proper The fool says in his heart, There is no God. Psalm 14:1 (ESV) What Type of Fool Are You? The Fool Proper And he[Jesus] told them a parable, saying, The land of a rich

417 views • 16 slides
Verification Techniques for Object Invariants Peter Mller Microsoft Research Joint work with

Verification Techniques for Object Invariants Peter Mller Microsoft Research Joint work with

A Unified Framework for Verification Techniques for Object Invariants Peter Mller Microsoft Research Joint work with Sophia Drossopoulou and Adrian Francalanza 2 Object Invariants Express consistency criteria of objects Support

503 views • 18 slides
Bounded independence plus noise fools products Chin Ho Lee Northeastern University Elad

Bounded independence plus noise fools products Chin Ho Lee Northeastern University Elad

Bounded independence plus noise fools products Chin Ho Lee Northeastern University Elad Haramaty Emanuele Viola Harvard University Northeastern University 1 Outline 1. Bounded independence, noise, product tests 2. Main Result 3.

1.03k views • 38 slides
CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Online Time: Monday, 5:20 PM - 8:10 PM Last Class 1. Stack-based buffer overflow-1 a. Brief history of buffer overflow b.

873 views • 73 slides
OpenStack based telco clouds Todays Panel Sunil Sood Moderator Ericsson VP, IT & Cloud

OpenStack based telco clouds Todays Panel Sunil Sood Moderator Ericsson VP, IT & Cloud

OpenStack Summit - Sydney I pity the fool that builds his own cloud. Panel Discussion Ericsson (Moderator) AT&T SKT Overcoming NTT challenges of OpenStack based telco clouds Todays Panel Sunil Sood Moderator Ericsson VP, IT

724 views • 7 slides
Words & their Meaning: Distributional Semantics CMSC 470 Marine Carpuat Slides credit: Dan

Words & their Meaning: Distributional Semantics CMSC 470 Marine Carpuat Slides credit: Dan

Words & their Meaning: Distributional Semantics CMSC 470 Marine Carpuat Slides credit: Dan Jurafsky Reminders Read the syllabus Respond to office hour survey on piazza TODAY Get started on homework 1 due Tue Sep 3 by 1:00pm

616 views • 40 slides
by learning the Distributions of Adversarial Examples Boqing Gong Joint work with Yandong Li,

by learning the Distributions of Adversarial Examples Boqing Gong Joint work with Yandong Li,

by learning the Distributions of Adversarial Examples Boqing Gong Joint work with Yandong Li, Lijun Li, Liqiang Wang, & Tong Zhang Published in ICML 2019 Intriguing properties of deep neural networks (DNNs) Szegedy, C., Zaremba, W.,

750 views • 43 slides

More recommend