[PPT] - Analyzing Federated Learning through an Adversarial Lens Arjun Nitin PowerPoint Presentation

SLIDE 1

Analyzing Federated Learning through an Adversarial Lens

Arjun Nitin Bhagoji1, Supriyo Chakraborty2, Prateek Mittal1 and Seraphin Calo2

1Princeton University 2IBM Research

ICML 2019

SLIDE 2

Federated learning (with a malicious agent)

SLIDE 3

Federated learning (with a malicious agent)

McMahan et al., Communication- Efficient Learning of Deep Networks from Decentralized Data, AISTATS 2017

SLIDE 4

Federated learning (with a malicious agent)

Global Server

McMahan et al., Communication- Efficient Learning of Deep Networks from Decentralized Data, AISTATS 2017

SLIDE 5

Federated learning (with a malicious agent)

wt

G

<latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit>

wt

G

<latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit>

Global Server

. . . . . . . . .

Compute

δt+1

1

<latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit><latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit><latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit><latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit>

Compute

δt+1

2

<latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit><latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit><latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit><latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit>

8j 6= m, δt+1

j

= argmin

δ

Ltrain

{xi

j, yi j}nj i=1; wt G + δ

<latexit sha1_base64="GHZBI5SNerlo3b36fzxvNemNrjg=">ADOHicfVHLbtQwFHXCq5TXFJZsDBVSatR0qovUKUKkGABokj0IY1nIsfjTD21neA4zIwsfwFr/oQVK36DHTvEli0bqYFZnhdJfHJOde+1jlpIUVpo+hjEJ45e+78hZmLs5cuX7l6rTF3fb/MK8P4Hstlbg5TWnIpN+zwkp+WBhOVSr5QXr8sNYPXnNTily/tKOCtxXtaZEJRi1QSeMtyXJDpcR9TDR/hdUyJvCkypEul5b6jrNLsU/6eBsTanpK6MRNyP4p/Fo+tM4aKrT3mEie2QVMoCsbJv2OWB7VX+ITJ7ZjOE8nfX8fxEHyuGPx0uQwTIzoHdm7SWM+akbra1urEY6a1G8sbUFIrWN1dXcAygrvmd5r13HxBCu8lc8IZ0c1Ypri2TtCxbcVTYtqPGCia5nyVyQvKjmPtwBqnjZdmP/PL4DTBeDEfBqi8fs5A5HVmOVAqditqj8netJv+mtSqbad0EVluWYng7JKYpvjOgzcFYzK0cAKDMC7orZETWUWYhsFgIZsFwpqruO7PtW3HaknpFmbj72floHP/1PefCnOvylDmv1EQefDH8G1POCG2pzs+jGCVNoPV3/1wZhu9N1yo9UeYjvR0b432B/pRkDfgE5PkAnNYNuotoAcVoA+2gJ2gX7SGvgW3gsVgKXwfgo/h19OWsPgdM8NFXh1+CvhGi</latexit><latexit sha1_base64="dmUmBJIzwj0rRjPg+LrarRCdajg=">ADOHicfVHLbhMxFPUMr1JeLSzZGCKk0lbRTKu+QJUqQIFiFYibaU4GXkcT+rU9gwehySy/AWskfgQJCT+hB07xJYtG+6kAVJeVzPjM+dc+1rnpIUpY2ij0F45uy58xdmLs5eunzl6rW5+ev7Zd43jDdYLnNzmNKS6F5wor+WFhOFWp5Afp8cNKP3jFTSly/cKOCt5StKtFJhi1QCVzb0iWGyol7mGi+UusljGBJ1WOdLi01LedXYp90sPbmFDTVUInbkr2T+HX8qF1lChvcdE8swuYAJd2TDptcXyqPoSnzixHcN5Oun5+yAOksdti5emh2FiRPfI3k3malE9Wl/bWo1wVF+L4o2tLQBRtL65uoJjAFXVdur3r1f3nu7m8wHr0knZ3FtWSlmUzjgrbctRYwST3s6Rf8oKyY9rlTYCaKl623Ng/j+8A08FgBLza4jE7vcNRVZYjlUKnovao/F2ryL9pzb7NltO6KJvuWYng7K+xDbHVRi4IwxnVo4AUGYE3BWzI2osxDZLAQyYLlSVHc2fNuOVINSPNXC32/rQOfvqf8uBPdfhLHVbqIw4+Gf4MqOcFN9TmZtGNE6bQOln/1wZhu8l6yo9UeYjvR0b432B/pR4D3oMcH6CTmkE30W20gGK0gXbQE7SLGoihb8GtYDFYCj+En8LP4ZeT1jCY7LmBTlX49TurHhKu</latexit><latexit sha1_base64="dmUmBJIzwj0rRjPg+LrarRCdajg=">ADOHicfVHLbhMxFPUMr1JeLSzZGCKk0lbRTKu+QJUqQIFiFYibaU4GXkcT+rU9gwehySy/AWskfgQJCT+hB07xJYtG+6kAVJeVzPjM+dc+1rnpIUpY2ij0F45uy58xdmLs5eunzl6rW5+ev7Zd43jDdYLnNzmNKS6F5wor+WFhOFWp5Afp8cNKP3jFTSly/cKOCt5StKtFJhi1QCVzb0iWGyol7mGi+UusljGBJ1WOdLi01LedXYp90sPbmFDTVUInbkr2T+HX8qF1lChvcdE8swuYAJd2TDptcXyqPoSnzixHcN5Oun5+yAOksdti5emh2FiRPfI3k3malE9Wl/bWo1wVF+L4o2tLQBRtL65uoJjAFXVdur3r1f3nu7m8wHr0knZ3FtWSlmUzjgrbctRYwST3s6Rf8oKyY9rlTYCaKl623Ng/j+8A08FgBLza4jE7vcNRVZYjlUKnovao/F2ryL9pzb7NltO6KJvuWYng7K+xDbHVRi4IwxnVo4AUGYE3BWzI2osxDZLAQyYLlSVHc2fNuOVINSPNXC32/rQOfvqf8uBPdfhLHVbqIw4+Gf4MqOcFN9TmZtGNE6bQOln/1wZhu8l6yo9UeYjvR0b432B/pR4D3oMcH6CTmkE30W20gGK0gXbQE7SLGoihb8GtYDFYCj+En8LP4ZeT1jCY7LmBTlX49TurHhKu</latexit><latexit sha1_base64="S6l1zS0X+9dfzcsF1cE8gOMV+mA=">ADOHicfVHLbhMxFHWGVwmPtrBkY4iQSlNVM636iFClCpBgAaJINK0UJyOP40mc2p7B45BElr+ANT/Dn7Bjh9iyZcOdNEDC62pmfOaca1/rnCSXorBh+LESXLh46fKVpavVa9dv3FxeWb3VLKhYfyYZTIzpwktuBSaH1thJT/NDacqkfwkOXtc6idvuSlEpl/bSc7biva0SAWjFqh45T1JM0OlxANMNH+D1QYm8CTKkS6XlvqOs/XIxwN8gAk1PSV07OZk/x+LR9bZw0V2ntMJE/tGibQlY7jQUdsTMov8bETBxGcp+OBfwjiKH7asbg+PwTI3p9+yBeqYWb4e5OYzvE4eZOGO01GgDCcHd/ewtHAMqoVkdxauVd6SbsaHi2jJi6IVhbltO2qsYJL7KhkWPKfsjPZ4C6CmihdtN/XP4/vAdDEYAa+2eMrO73BUFcVEJdCpqO0Xv2sl+TetNbTpftsJnQ8t1+x8UDqU2Ga4DAN3heHMygkAyoyAu2LWp4YyC5FVIZARy5SiutI07eitiPljCR1tcj7R389D/l0Z/q+Jc6LtUnHwy/AVQL3NuqM3MupsmTKF1tv6vDcJ2s3XBj0R5iO9HRvjfoLm1GQF+FdYOH82CXEJ30D20hiK0hw7RM3SEjhFD3yp3K+uVevAh+BR8Dr6ctwaV2Z7baKGCr98BIdgPhg=</latexit>

δt+1

1

<latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit><latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit><latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit><latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit>

δt+1

2

<latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit><latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit><latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit><latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit>

McMahan et al., Communication- Efficient Learning of Deep Networks from Decentralized Data, AISTATS 2017

SLIDE 6

Federated learning (with a malicious agent)

wt

G

<latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit>

wt

G

<latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit>

Global Server

. . . . . . . . .

Compute

δt+1

1

<latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit><latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit><latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit><latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit>

Compute

δt+1

2

<latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit><latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit><latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit><latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit>

8j 6= m, δt+1

j

= argmin

δ

Ltrain

{xi

j, yi j}nj i=1; wt G + δ

<latexit sha1_base64="GHZBI5SNerlo3b36fzxvNemNrjg=">ADOHicfVHLbtQwFHXCq5TXFJZsDBVSatR0qovUKUKkGABokj0IY1nIsfjTD21neA4zIwsfwFr/oQVK36DHTvEli0bqYFZnhdJfHJOde+1jlpIUVpo+hjEJ45e+78hZmLs5cuX7l6rTF3fb/MK8P4Hstlbg5TWnIpN+zwkp+WBhOVSr5QXr8sNYPXnNTily/tKOCtxXtaZEJRi1QSeMtyXJDpcR9TDR/hdUyJvCkypEul5b6jrNLsU/6eBsTanpK6MRNyP4p/Fo+tM4aKrT3mEie2QVMoCsbJv2OWB7VX+ITJ7ZjOE8nfX8fxEHyuGPx0uQwTIzoHdm7SWM+akbra1urEY6a1G8sbUFIrWN1dXcAygrvmd5r13HxBCu8lc8IZ0c1Ypri2TtCxbcVTYtqPGCia5nyVyQvKjmPtwBqnjZdmP/PL4DTBeDEfBqi8fs5A5HVmOVAqditqj8netJv+mtSqbad0EVluWYng7JKYpvjOgzcFYzK0cAKDMC7orZETWUWYhsFgIZsFwpqruO7PtW3HaknpFmbj72floHP/1PefCnOvylDmv1EQefDH8G1POCG2pzs+jGCVNoPV3/1wZhu9N1yo9UeYjvR0b432B/pRkDfgE5PkAnNYNuotoAcVoA+2gJ2gX7SGvgW3gsVgKXwfgo/h19OWsPgdM8NFXh1+CvhGi</latexit><latexit sha1_base64="dmUmBJIzwj0rRjPg+LrarRCdajg=">ADOHicfVHLbhMxFPUMr1JeLSzZGCKk0lbRTKu+QJUqQIFiFYibaU4GXkcT+rU9gwehySy/AWskfgQJCT+hB07xJYtG+6kAVJeVzPjM+dc+1rnpIUpY2ij0F45uy58xdmLs5eunzl6rW5+ev7Zd43jDdYLnNzmNKS6F5wor+WFhOFWp5Afp8cNKP3jFTSly/cKOCt5StKtFJhi1QCVzb0iWGyol7mGi+UusljGBJ1WOdLi01LedXYp90sPbmFDTVUInbkr2T+HX8qF1lChvcdE8swuYAJd2TDptcXyqPoSnzixHcN5Oun5+yAOksdti5emh2FiRPfI3k3malE9Wl/bWo1wVF+L4o2tLQBRtL65uoJjAFXVdur3r1f3nu7m8wHr0knZ3FtWSlmUzjgrbctRYwST3s6Rf8oKyY9rlTYCaKl623Ng/j+8A08FgBLza4jE7vcNRVZYjlUKnovao/F2ryL9pzb7NltO6KJvuWYng7K+xDbHVRi4IwxnVo4AUGYE3BWzI2osxDZLAQyYLlSVHc2fNuOVINSPNXC32/rQOfvqf8uBPdfhLHVbqIw4+Gf4MqOcFN9TmZtGNE6bQOln/1wZhu8l6yo9UeYjvR0b432B/pR4D3oMcH6CTmkE30W20gGK0gXbQE7SLGoihb8GtYDFYCj+En8LP4ZeT1jCY7LmBTlX49TurHhKu</latexit><latexit sha1_base64="dmUmBJIzwj0rRjPg+LrarRCdajg=">ADOHicfVHLbhMxFPUMr1JeLSzZGCKk0lbRTKu+QJUqQIFiFYibaU4GXkcT+rU9gwehySy/AWskfgQJCT+hB07xJYtG+6kAVJeVzPjM+dc+1rnpIUpY2ij0F45uy58xdmLs5eunzl6rW5+ev7Zd43jDdYLnNzmNKS6F5wor+WFhOFWp5Afp8cNKP3jFTSly/cKOCt5StKtFJhi1QCVzb0iWGyol7mGi+UusljGBJ1WOdLi01LedXYp90sPbmFDTVUInbkr2T+HX8qF1lChvcdE8swuYAJd2TDptcXyqPoSnzixHcN5Oun5+yAOksdti5emh2FiRPfI3k3malE9Wl/bWo1wVF+L4o2tLQBRtL65uoJjAFXVdur3r1f3nu7m8wHr0knZ3FtWSlmUzjgrbctRYwST3s6Rf8oKyY9rlTYCaKl623Ng/j+8A08FgBLza4jE7vcNRVZYjlUKnovao/F2ryL9pzb7NltO6KJvuWYng7K+xDbHVRi4IwxnVo4AUGYE3BWzI2osxDZLAQyYLlSVHc2fNuOVINSPNXC32/rQOfvqf8uBPdfhLHVbqIw4+Gf4MqOcFN9TmZtGNE6bQOln/1wZhu8l6yo9UeYjvR0b432B/pR4D3oMcH6CTmkE30W20gGK0gXbQE7SLGoihb8GtYDFYCj+En8LP4ZeT1jCY7LmBTlX49TurHhKu</latexit><latexit sha1_base64="S6l1zS0X+9dfzcsF1cE8gOMV+mA=">ADOHicfVHLbhMxFHWGVwmPtrBkY4iQSlNVM636iFClCpBgAaJINK0UJyOP40mc2p7B45BElr+ANT/Dn7Bjh9iyZcOdNEDC62pmfOaca1/rnCSXorBh+LESXLh46fKVpavVa9dv3FxeWb3VLKhYfyYZTIzpwktuBSaH1thJT/NDacqkfwkOXtc6idvuSlEpl/bSc7biva0SAWjFqh45T1JM0OlxANMNH+D1QYm8CTKkS6XlvqOs/XIxwN8gAk1PSV07OZk/x+LR9bZw0V2ntMJE/tGibQlY7jQUdsTMov8bETBxGcp+OBfwjiKH7asbg+PwTI3p9+yBeqYWb4e5OYzvE4eZOGO01GgDCcHd/ewtHAMqoVkdxauVd6SbsaHi2jJi6IVhbltO2qsYJL7KhkWPKfsjPZ4C6CmihdtN/XP4/vAdDEYAa+2eMrO73BUFcVEJdCpqO0Xv2sl+TetNbTpftsJnQ8t1+x8UDqU2Ga4DAN3heHMygkAyoyAu2LWp4YyC5FVIZARy5SiutI07eitiPljCR1tcj7R389D/l0Z/q+Jc6LtUnHwy/AVQL3NuqM3MupsmTKF1tv6vDcJ2s3XBj0R5iO9HRvjfoLm1GQF+FdYOH82CXEJ30D20hiK0hw7RM3SEjhFD3yp3K+uVevAh+BR8Dr6ctwaV2Z7baKGCr98BIdgPhg=</latexit>

δt+1

1

<latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit><latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit><latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit><latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit>

δt+1

2

<latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit><latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit><latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit><latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit>

wt+1

G

= wt

G + k

X

j=1

αjδt+1

j

<latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit><latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit><latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit><latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit>

McMahan et al., Communication- Efficient Learning of Deep Networks from Decentralized Data, AISTATS 2017

SLIDE 7

Federated learning (with a malicious agent)

wt

G

<latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit>

wt

G

<latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit>

Global Server

. . . . . . . . .

Compute

δt+1

1

<latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit><latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit><latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit><latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit>

Compute

δt+1

2

<latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit><latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit><latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit><latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit>

8j 6= m, δt+1

j

= argmin

δ

Ltrain

{xi

j, yi j}nj i=1; wt G + δ

<latexit sha1_base64="GHZBI5SNerlo3b36fzxvNemNrjg=">ADOHicfVHLbtQwFHXCq5TXFJZsDBVSatR0qovUKUKkGABokj0IY1nIsfjTD21neA4zIwsfwFr/oQVK36DHTvEli0bqYFZnhdJfHJOde+1jlpIUVpo+hjEJ45e+78hZmLs5cuX7l6rTF3fb/MK8P4Hstlbg5TWnIpN+zwkp+WBhOVSr5QXr8sNYPXnNTily/tKOCtxXtaZEJRi1QSeMtyXJDpcR9TDR/hdUyJvCkypEul5b6jrNLsU/6eBsTanpK6MRNyP4p/Fo+tM4aKrT3mEie2QVMoCsbJv2OWB7VX+ITJ7ZjOE8nfX8fxEHyuGPx0uQwTIzoHdm7SWM+akbra1urEY6a1G8sbUFIrWN1dXcAygrvmd5r13HxBCu8lc8IZ0c1Ypri2TtCxbcVTYtqPGCia5nyVyQvKjmPtwBqnjZdmP/PL4DTBeDEfBqi8fs5A5HVmOVAqditqj8netJv+mtSqbad0EVluWYng7JKYpvjOgzcFYzK0cAKDMC7orZETWUWYhsFgIZsFwpqruO7PtW3HaknpFmbj72floHP/1PefCnOvylDmv1EQefDH8G1POCG2pzs+jGCVNoPV3/1wZhu9N1yo9UeYjvR0b432B/pRkDfgE5PkAnNYNuotoAcVoA+2gJ2gX7SGvgW3gsVgKXwfgo/h19OWsPgdM8NFXh1+CvhGi</latexit><latexit sha1_base64="dmUmBJIzwj0rRjPg+LrarRCdajg=">ADOHicfVHLbhMxFPUMr1JeLSzZGCKk0lbRTKu+QJUqQIFiFYibaU4GXkcT+rU9gwehySy/AWskfgQJCT+hB07xJYtG+6kAVJeVzPjM+dc+1rnpIUpY2ij0F45uy58xdmLs5eunzl6rW5+ev7Zd43jDdYLnNzmNKS6F5wor+WFhOFWp5Afp8cNKP3jFTSly/cKOCt5StKtFJhi1QCVzb0iWGyol7mGi+UusljGBJ1WOdLi01LedXYp90sPbmFDTVUInbkr2T+HX8qF1lChvcdE8swuYAJd2TDptcXyqPoSnzixHcN5Oun5+yAOksdti5emh2FiRPfI3k3malE9Wl/bWo1wVF+L4o2tLQBRtL65uoJjAFXVdur3r1f3nu7m8wHr0knZ3FtWSlmUzjgrbctRYwST3s6Rf8oKyY9rlTYCaKl623Ng/j+8A08FgBLza4jE7vcNRVZYjlUKnovao/F2ryL9pzb7NltO6KJvuWYng7K+xDbHVRi4IwxnVo4AUGYE3BWzI2osxDZLAQyYLlSVHc2fNuOVINSPNXC32/rQOfvqf8uBPdfhLHVbqIw4+Gf4MqOcFN9TmZtGNE6bQOln/1wZhu8l6yo9UeYjvR0b432B/pR4D3oMcH6CTmkE30W20gGK0gXbQE7SLGoihb8GtYDFYCj+En8LP4ZeT1jCY7LmBTlX49TurHhKu</latexit><latexit sha1_base64="dmUmBJIzwj0rRjPg+LrarRCdajg=">ADOHicfVHLbhMxFPUMr1JeLSzZGCKk0lbRTKu+QJUqQIFiFYibaU4GXkcT+rU9gwehySy/AWskfgQJCT+hB07xJYtG+6kAVJeVzPjM+dc+1rnpIUpY2ij0F45uy58xdmLs5eunzl6rW5+ev7Zd43jDdYLnNzmNKS6F5wor+WFhOFWp5Afp8cNKP3jFTSly/cKOCt5StKtFJhi1QCVzb0iWGyol7mGi+UusljGBJ1WOdLi01LedXYp90sPbmFDTVUInbkr2T+HX8qF1lChvcdE8swuYAJd2TDptcXyqPoSnzixHcN5Oun5+yAOksdti5emh2FiRPfI3k3malE9Wl/bWo1wVF+L4o2tLQBRtL65uoJjAFXVdur3r1f3nu7m8wHr0knZ3FtWSlmUzjgrbctRYwST3s6Rf8oKyY9rlTYCaKl623Ng/j+8A08FgBLza4jE7vcNRVZYjlUKnovao/F2ryL9pzb7NltO6KJvuWYng7K+xDbHVRi4IwxnVo4AUGYE3BWzI2osxDZLAQyYLlSVHc2fNuOVINSPNXC32/rQOfvqf8uBPdfhLHVbqIw4+Gf4MqOcFN9TmZtGNE6bQOln/1wZhu8l6yo9UeYjvR0b432B/pR4D3oMcH6CTmkE30W20gGK0gXbQE7SLGoihb8GtYDFYCj+En8LP4ZeT1jCY7LmBTlX49TurHhKu</latexit><latexit sha1_base64="S6l1zS0X+9dfzcsF1cE8gOMV+mA=">ADOHicfVHLbhMxFHWGVwmPtrBkY4iQSlNVM636iFClCpBgAaJINK0UJyOP40mc2p7B45BElr+ANT/Dn7Bjh9iyZcOdNEDC62pmfOaca1/rnCSXorBh+LESXLh46fKVpavVa9dv3FxeWb3VLKhYfyYZTIzpwktuBSaH1thJT/NDacqkfwkOXtc6idvuSlEpl/bSc7biva0SAWjFqh45T1JM0OlxANMNH+D1QYm8CTKkS6XlvqOs/XIxwN8gAk1PSV07OZk/x+LR9bZw0V2ntMJE/tGibQlY7jQUdsTMov8bETBxGcp+OBfwjiKH7asbg+PwTI3p9+yBeqYWb4e5OYzvE4eZOGO01GgDCcHd/ewtHAMqoVkdxauVd6SbsaHi2jJi6IVhbltO2qsYJL7KhkWPKfsjPZ4C6CmihdtN/XP4/vAdDEYAa+2eMrO73BUFcVEJdCpqO0Xv2sl+TetNbTpftsJnQ8t1+x8UDqU2Ga4DAN3heHMygkAyoyAu2LWp4YyC5FVIZARy5SiutI07eitiPljCR1tcj7R389D/l0Z/q+Jc6LtUnHwy/AVQL3NuqM3MupsmTKF1tv6vDcJ2s3XBj0R5iO9HRvjfoLm1GQF+FdYOH82CXEJ30D20hiK0hw7RM3SEjhFD3yp3K+uVevAh+BR8Dr6ctwaV2Z7baKGCr98BIdgPhg=</latexit>

δt+1

1

<latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit><latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit><latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit><latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit>

δt+1

2

<latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit><latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit><latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit><latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit>

wt+1

G

= wt

G + k

X

j=1

αjδt+1

j

<latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit><latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit><latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit><latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit>

SLIDE 8

Threat model

Single malicious agent

Information available:

No access to current updates

from other agents

Attacks with respect to previous

global state

Federated learning (with a malicious agent)

wt

G

<latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit>

wt

G

<latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit>

wt

G

<latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit>

Global Server

. . . . . . . . .

Compute

δt+1

1

<latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit><latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit><latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit><latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit>

Compute

δt+1

2

<latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit><latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit><latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit><latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit>

8j 6= m, δt+1

j

= argmin

δ

Ltrain

{xi

j, yi j}nj i=1; wt G + δ

<latexit sha1_base64="GHZBI5SNerlo3b36fzxvNemNrjg=">ADOHicfVHLbtQwFHXCq5TXFJZsDBVSatR0qovUKUKkGABokj0IY1nIsfjTD21neA4zIwsfwFr/oQVK36DHTvEli0bqYFZnhdJfHJOde+1jlpIUVpo+hjEJ45e+78hZmLs5cuX7l6rTF3fb/MK8P4Hstlbg5TWnIpN+zwkp+WBhOVSr5QXr8sNYPXnNTily/tKOCtxXtaZEJRi1QSeMtyXJDpcR9TDR/hdUyJvCkypEul5b6jrNLsU/6eBsTanpK6MRNyP4p/Fo+tM4aKrT3mEie2QVMoCsbJv2OWB7VX+ITJ7ZjOE8nfX8fxEHyuGPx0uQwTIzoHdm7SWM+akbra1urEY6a1G8sbUFIrWN1dXcAygrvmd5r13HxBCu8lc8IZ0c1Ypri2TtCxbcVTYtqPGCia5nyVyQvKjmPtwBqnjZdmP/PL4DTBeDEfBqi8fs5A5HVmOVAqditqj8netJv+mtSqbad0EVluWYng7JKYpvjOgzcFYzK0cAKDMC7orZETWUWYhsFgIZsFwpqruO7PtW3HaknpFmbj72floHP/1PefCnOvylDmv1EQefDH8G1POCG2pzs+jGCVNoPV3/1wZhu9N1yo9UeYjvR0b432B/pRkDfgE5PkAnNYNuotoAcVoA+2gJ2gX7SGvgW3gsVgKXwfgo/h19OWsPgdM8NFXh1+CvhGi</latexit><latexit sha1_base64="dmUmBJIzwj0rRjPg+LrarRCdajg=">ADOHicfVHLbhMxFPUMr1JeLSzZGCKk0lbRTKu+QJUqQIFiFYibaU4GXkcT+rU9gwehySy/AWskfgQJCT+hB07xJYtG+6kAVJeVzPjM+dc+1rnpIUpY2ij0F45uy58xdmLs5eunzl6rW5+ev7Zd43jDdYLnNzmNKS6F5wor+WFhOFWp5Afp8cNKP3jFTSly/cKOCt5StKtFJhi1QCVzb0iWGyol7mGi+UusljGBJ1WOdLi01LedXYp90sPbmFDTVUInbkr2T+HX8qF1lChvcdE8swuYAJd2TDptcXyqPoSnzixHcN5Oun5+yAOksdti5emh2FiRPfI3k3malE9Wl/bWo1wVF+L4o2tLQBRtL65uoJjAFXVdur3r1f3nu7m8wHr0knZ3FtWSlmUzjgrbctRYwST3s6Rf8oKyY9rlTYCaKl623Ng/j+8A08FgBLza4jE7vcNRVZYjlUKnovao/F2ryL9pzb7NltO6KJvuWYng7K+xDbHVRi4IwxnVo4AUGYE3BWzI2osxDZLAQyYLlSVHc2fNuOVINSPNXC32/rQOfvqf8uBPdfhLHVbqIw4+Gf4MqOcFN9TmZtGNE6bQOln/1wZhu8l6yo9UeYjvR0b432B/pR4D3oMcH6CTmkE30W20gGK0gXbQE7SLGoihb8GtYDFYCj+En8LP4ZeT1jCY7LmBTlX49TurHhKu</latexit><latexit sha1_base64="dmUmBJIzwj0rRjPg+LrarRCdajg=">ADOHicfVHLbhMxFPUMr1JeLSzZGCKk0lbRTKu+QJUqQIFiFYibaU4GXkcT+rU9gwehySy/AWskfgQJCT+hB07xJYtG+6kAVJeVzPjM+dc+1rnpIUpY2ij0F45uy58xdmLs5eunzl6rW5+ev7Zd43jDdYLnNzmNKS6F5wor+WFhOFWp5Afp8cNKP3jFTSly/cKOCt5StKtFJhi1QCVzb0iWGyol7mGi+UusljGBJ1WOdLi01LedXYp90sPbmFDTVUInbkr2T+HX8qF1lChvcdE8swuYAJd2TDptcXyqPoSnzixHcN5Oun5+yAOksdti5emh2FiRPfI3k3malE9Wl/bWo1wVF+L4o2tLQBRtL65uoJjAFXVdur3r1f3nu7m8wHr0knZ3FtWSlmUzjgrbctRYwST3s6Rf8oKyY9rlTYCaKl623Ng/j+8A08FgBLza4jE7vcNRVZYjlUKnovao/F2ryL9pzb7NltO6KJvuWYng7K+xDbHVRi4IwxnVo4AUGYE3BWzI2osxDZLAQyYLlSVHc2fNuOVINSPNXC32/rQOfvqf8uBPdfhLHVbqIw4+Gf4MqOcFN9TmZtGNE6bQOln/1wZhu8l6yo9UeYjvR0b432B/pR4D3oMcH6CTmkE30W20gGK0gXbQE7SLGoihb8GtYDFYCj+En8LP4ZeT1jCY7LmBTlX49TurHhKu</latexit><latexit sha1_base64="S6l1zS0X+9dfzcsF1cE8gOMV+mA=">ADOHicfVHLbhMxFHWGVwmPtrBkY4iQSlNVM636iFClCpBgAaJINK0UJyOP40mc2p7B45BElr+ANT/Dn7Bjh9iyZcOdNEDC62pmfOaca1/rnCSXorBh+LESXLh46fKVpavVa9dv3FxeWb3VLKhYfyYZTIzpwktuBSaH1thJT/NDacqkfwkOXtc6idvuSlEpl/bSc7biva0SAWjFqh45T1JM0OlxANMNH+D1QYm8CTKkS6XlvqOs/XIxwN8gAk1PSV07OZk/x+LR9bZw0V2ntMJE/tGibQlY7jQUdsTMov8bETBxGcp+OBfwjiKH7asbg+PwTI3p9+yBeqYWb4e5OYzvE4eZOGO01GgDCcHd/ewtHAMqoVkdxauVd6SbsaHi2jJi6IVhbltO2qsYJL7KhkWPKfsjPZ4C6CmihdtN/XP4/vAdDEYAa+2eMrO73BUFcVEJdCpqO0Xv2sl+TetNbTpftsJnQ8t1+x8UDqU2Ga4DAN3heHMygkAyoyAu2LWp4YyC5FVIZARy5SiutI07eitiPljCR1tcj7R389D/l0Z/q+Jc6LtUnHwy/AVQL3NuqM3MupsmTKF1tv6vDcJ2s3XBj0R5iO9HRvjfoLm1GQF+FdYOH82CXEJ30D20hiK0hw7RM3SEjhFD3yp3K+uVevAh+BR8Dr6ctwaV2Z7baKGCr98BIdgPhg=</latexit>

δt+1

1

<latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit><latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit><latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit><latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit>

δt+1

2

<latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit><latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit><latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit><latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit>

wt+1

G

= wt

G + k

X

j=1

αjδt+1

j

<latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit><latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit><latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit><latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit>

SLIDE 9

Threat model

Single malicious agent

Information available:

No access to current updates

from other agents

Attacks with respect to previous

global state

Federated learning (with a malicious agent)

wt

G

<latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit>

wt

G

<latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit>

wt

G

<latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit><latexit sha1_base64="hCJsx0QcFUctrMwYwyHXmYZf/8=">ACLXicdZDNSgMxFIUz/tb601aXboJFcDVkSqt2JyroUsHaQqeWTJrR0CQzJBlLGeYl3Oo7+DQuBHra5ipFazohcDhfPdyb04Qc6YNQq/O3PzC4tJyYaW4ura+USpXNq91lChCWyTikeoEWFPOJG0ZjtxIpiEXDaDoYnOW/fU6VZJK/MOKY9gW8lCxnBxlodPwhH/bMb0y9XkYtqh416DSK31kBNr2lFA3nN/Tr0XDSpKpjWRb/ilPxBRBJBpSEca931UGx6KVaGEU6zop9oGmMyxLe0a6XEgupeOjk4g7vWGcAwUvZJAyfuz4kUC63HIrCdAps7/Zvl5l+sm5jwsJcyGSeGSvK1KEw4NBHMfw8HTFi+NgKTBSzt0JyhxUmxmZU9CUdkUgILAdpnkyW+vmKIExHWTZLBTmdUoJ5emqxjfA7J/i/uK65HnK9y3r16HgaZgFsgx2wBzxwAI7AObgALUABw/gETw5z86L8+a8f7XOdOZLTBTzscn6qGpUg=</latexit>

Global Server

. . . . . . . . .

Compute

δt+1

1

<latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit><latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit><latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit><latexit sha1_base64="D3aW/8S9R5G7eFMRvexSRdDWfV4=">ACSnicdVBNSxBEO3ZmETN1xqPOaTJEgElhkJxKMYDx4NZFXY2SzVPTXa2N0zdNe4LM38lyT/5I/kL/hTbykZ10haixo+vFeFa/qiVorT2n6J+k9Wn85Onq2vqz5y9evupvD70VeMkjmSlK3cswKNWFkekSONx7RCM0Hgkzr50+tE5Oq8q+43mNU4MnFhVKgkUqWl/Mxcm5AVqgnafQ/0MWun/UE63E674vdBNlz86YAt62C6kbzNi0o2Bi1JDd6Ps7SmSQBHSmps1/PGYw3yDE5wHKEFg34SFtu3/H1kCl5WLj5LfMH+OxHAeD83InYaoFN/V+vI/2njhsrtSVC2bgitvDYqG82p4l0UvFAOJel5BCdirtyeQoOJMXAbrkIE2+wOJOVMWCLkIty1oa8sxRlmLV3VCP3lqoEHfaiHCO9yY0/DA63hlk6zL5+GuzsLsNdZW/YO/aBZewz2H7ICNmGRz9oP9ZL+S38lFcplcXbf2kuXMJrtVvZW/VwizlA=</latexit>

Compute

δt+1

2

<latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit><latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit><latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit><latexit sha1_base64="wDksDghZJzr8BfzalpPBZhXvt8=">ACSnicdVBNSxBEO3ZmGjM1xqPOaTJEgElhkJ6FGMhxwVsirsbJbqnhpt7O4ZumtclmZ+S67Jf8kfyN/ITbzYs24gaixo+vFeFa/qiVorT2n6O+k9Wn8ZHXt6fqz5y9evupvD7yVeMkjmSlK3ciwKNWFkekSONJ7RCM0Hgszj93+vEFOq8q+5XmNU4MnFpVKgkUqWl/Mxcm5AVqgna69S3Qx6yd9gfpcCftit8H2XDxpwO2rIPpRvI2LyrZGLQkNXg/ztKaJgEcKamxXc8bjzXIczjFcYQWDPpJWGzf8veRKXhZufgs8QX70QA4/3ciNhpgM78Xa0j/6eNGyp3JkHZuiG08saobDSnindR8EI5lKTnEYB0Ku7K5Rk4kBQDu+UiTLzB4kxWxoAtQi7KWRvyzlKUYdbeUY3cX6oSdNiPcoz0b278YXC0NczSYXb4abC7twx3jb1h79gHlrFtsu+sAM2YpLN2Xf2g/1MfiV/ksvk6qa1lyxnNtmt6q1cA1jgs5U=</latexit>

8j 6= m, δt+1

j

= argmin

δ

Ltrain

{xi

j, yi j}nj i=1; wt G + δ

<latexit sha1_base64="GHZBI5SNerlo3b36fzxvNemNrjg=">ADOHicfVHLbtQwFHXCq5TXFJZsDBVSatR0qovUKUKkGABokj0IY1nIsfjTD21neA4zIwsfwFr/oQVK36DHTvEli0bqYFZnhdJfHJOde+1jlpIUVpo+hjEJ45e+78hZmLs5cuX7l6rTF3fb/MK8P4Hstlbg5TWnIpN+zwkp+WBhOVSr5QXr8sNYPXnNTily/tKOCtxXtaZEJRi1QSeMtyXJDpcR9TDR/hdUyJvCkypEul5b6jrNLsU/6eBsTanpK6MRNyP4p/Fo+tM4aKrT3mEie2QVMoCsbJv2OWB7VX+ITJ7ZjOE8nfX8fxEHyuGPx0uQwTIzoHdm7SWM+akbra1urEY6a1G8sbUFIrWN1dXcAygrvmd5r13HxBCu8lc8IZ0c1Ypri2TtCxbcVTYtqPGCia5nyVyQvKjmPtwBqnjZdmP/PL4DTBeDEfBqi8fs5A5HVmOVAqditqj8netJv+mtSqbad0EVluWYng7JKYpvjOgzcFYzK0cAKDMC7orZETWUWYhsFgIZsFwpqruO7PtW3HaknpFmbj72floHP/1PefCnOvylDmv1EQefDH8G1POCG2pzs+jGCVNoPV3/1wZhu9N1yo9UeYjvR0b432B/pRkDfgE5PkAnNYNuotoAcVoA+2gJ2gX7SGvgW3gsVgKXwfgo/h19OWsPgdM8NFXh1+CvhGi</latexit><latexit sha1_base64="dmUmBJIzwj0rRjPg+LrarRCdajg=">ADOHicfVHLbhMxFPUMr1JeLSzZGCKk0lbRTKu+QJUqQIFiFYibaU4GXkcT+rU9gwehySy/AWskfgQJCT+hB07xJYtG+6kAVJeVzPjM+dc+1rnpIUpY2ij0F45uy58xdmLs5eunzl6rW5+ev7Zd43jDdYLnNzmNKS6F5wor+WFhOFWp5Afp8cNKP3jFTSly/cKOCt5StKtFJhi1QCVzb0iWGyol7mGi+UusljGBJ1WOdLi01LedXYp90sPbmFDTVUInbkr2T+HX8qF1lChvcdE8swuYAJd2TDptcXyqPoSnzixHcN5Oun5+yAOksdti5emh2FiRPfI3k3malE9Wl/bWo1wVF+L4o2tLQBRtL65uoJjAFXVdur3r1f3nu7m8wHr0knZ3FtWSlmUzjgrbctRYwST3s6Rf8oKyY9rlTYCaKl623Ng/j+8A08FgBLza4jE7vcNRVZYjlUKnovao/F2ryL9pzb7NltO6KJvuWYng7K+xDbHVRi4IwxnVo4AUGYE3BWzI2osxDZLAQyYLlSVHc2fNuOVINSPNXC32/rQOfvqf8uBPdfhLHVbqIw4+Gf4MqOcFN9TmZtGNE6bQOln/1wZhu8l6yo9UeYjvR0b432B/pR4D3oMcH6CTmkE30W20gGK0gXbQE7SLGoihb8GtYDFYCj+En8LP4ZeT1jCY7LmBTlX49TurHhKu</latexit><latexit sha1_base64="dmUmBJIzwj0rRjPg+LrarRCdajg=">ADOHicfVHLbhMxFPUMr1JeLSzZGCKk0lbRTKu+QJUqQIFiFYibaU4GXkcT+rU9gwehySy/AWskfgQJCT+hB07xJYtG+6kAVJeVzPjM+dc+1rnpIUpY2ij0F45uy58xdmLs5eunzl6rW5+ev7Zd43jDdYLnNzmNKS6F5wor+WFhOFWp5Afp8cNKP3jFTSly/cKOCt5StKtFJhi1QCVzb0iWGyol7mGi+UusljGBJ1WOdLi01LedXYp90sPbmFDTVUInbkr2T+HX8qF1lChvcdE8swuYAJd2TDptcXyqPoSnzixHcN5Oun5+yAOksdti5emh2FiRPfI3k3malE9Wl/bWo1wVF+L4o2tLQBRtL65uoJjAFXVdur3r1f3nu7m8wHr0knZ3FtWSlmUzjgrbctRYwST3s6Rf8oKyY9rlTYCaKl623Ng/j+8A08FgBLza4jE7vcNRVZYjlUKnovao/F2ryL9pzb7NltO6KJvuWYng7K+xDbHVRi4IwxnVo4AUGYE3BWzI2osxDZLAQyYLlSVHc2fNuOVINSPNXC32/rQOfvqf8uBPdfhLHVbqIw4+Gf4MqOcFN9TmZtGNE6bQOln/1wZhu8l6yo9UeYjvR0b432B/pR4D3oMcH6CTmkE30W20gGK0gXbQE7SLGoihb8GtYDFYCj+En8LP4ZeT1jCY7LmBTlX49TurHhKu</latexit><latexit sha1_base64="S6l1zS0X+9dfzcsF1cE8gOMV+mA=">ADOHicfVHLbhMxFHWGVwmPtrBkY4iQSlNVM636iFClCpBgAaJINK0UJyOP40mc2p7B45BElr+ANT/Dn7Bjh9iyZcOdNEDC62pmfOaca1/rnCSXorBh+LESXLh46fKVpavVa9dv3FxeWb3VLKhYfyYZTIzpwktuBSaH1thJT/NDacqkfwkOXtc6idvuSlEpl/bSc7biva0SAWjFqh45T1JM0OlxANMNH+D1QYm8CTKkS6XlvqOs/XIxwN8gAk1PSV07OZk/x+LR9bZw0V2ntMJE/tGibQlY7jQUdsTMov8bETBxGcp+OBfwjiKH7asbg+PwTI3p9+yBeqYWb4e5OYzvE4eZOGO01GgDCcHd/ewtHAMqoVkdxauVd6SbsaHi2jJi6IVhbltO2qsYJL7KhkWPKfsjPZ4C6CmihdtN/XP4/vAdDEYAa+2eMrO73BUFcVEJdCpqO0Xv2sl+TetNbTpftsJnQ8t1+x8UDqU2Ga4DAN3heHMygkAyoyAu2LWp4YyC5FVIZARy5SiutI07eitiPljCR1tcj7R389D/l0Z/q+Jc6LtUnHwy/AVQL3NuqM3MupsmTKF1tv6vDcJ2s3XBj0R5iO9HRvjfoLm1GQF+FdYOH82CXEJ30D20hiK0hw7RM3SEjhFD3yp3K+uVevAh+BR8Dr6ctwaV2Z7baKGCr98BIdgPhg=</latexit>

δt+1

1

<latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit><latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit><latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit><latexit sha1_base64="THWwDZVG/mPRoQRJIW6OQtXKePg=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+uSZO60oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6ObIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrVcwUbWp/ZkUAYx2MEGNBs4aD8JKA6fy8u3KP/0EPujafcBlAzMrzp2utBKYpHl/v5A2FiUYFN2cf4z4knfz/oDl7NXogI8py0eMj/kokeGIMzakPGdrDMgGx/O97GlR1q14FAZEcKUswZnUXjUykC3U7QBGqEuxTlME3XCQpjF9fUdfZ6Ukla1T8hXat/b0RhQ1hamSatwItw01uJ/KmLVbjWdSuaRGcugqWkOxpqsqaKk9KDTLRITyOt1K1YXwQmEq7FqKtOkPDhaqtla4MhayWnSxWEXKi6G65VRxtXCROPkp0q/dMb/T85Geac5fz9weDwzabcbfKEPCMvCevySF5R47JhCiyJ/JF/I1+5b9yH5mv65Ge9lmZ59cQ2/rN4vQs7I=</latexit>

δt+1

2

<latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit><latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit><latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit><latexit sha1_base64="Dc7Q2VKU1KHXAQxRXbwL47fOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQRhSJau7mPRPvhYwW0LO+tyk8m0oUlmSO64LGF+i6/6X/wD/g3fxBez2xVs0QOBwzn3cm6OaIwOyNj3rHdr6/adu9v3du4/ePhot7/3+CTUrZdqImtT+zMBQRnt1AQ1GnXWeAVWGHUqLt+u/NPygduw+4bNTMwrnTlZaASZr39wthY1Eqg9DNhx8jvuTdvD9gOXs1OuBjyvIR42M+SmQ4owNKc/ZGgOywfF8L3talLVsrXIoDYQw5azBWQSPWhrV7RtUA3ISzhX0QdWBVmcX19R58npaRV7dNzSNfq3xsRbAhLK9KkBbwIN72V+C9v2mI1nkXtmhaVk1dBVWso1nRVBS21VxLNMhGQXqdbqbwADxJTYdShE1/cGoha2vBlbEQ1aKLxSpSVHR3XCtPNq4Ekw8Snaq9E9v9P/kZJhzlvP3B4PDN5tyt8kT8oy8IJy8JofkHTkmEyLJknwmX8jX7Fv2I/uZ/boa7WbnX1yDb2t342os7M=</latexit>

δt+1

m

<latexit sha1_base64="2tKnzEzLHiNILVXHjVMWUEK/uOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQrCkmjV+lZqH3ys4LaFne2SZO60oUlmSO64LGF+S1/b/+If8G/4Jr6Y3Y5gix4IHM65l3NzZG10QMa+Z707K3fv3V9sPbw0eMn6/2Np4eharyCkapM5Y+lCGC0gxFqNHBcexBWGjiS5x8X/tFX8EFX7gvOa5hYcep0qZXAJE37m7m0MS/AoGin9iTiK95O+wM2fMv4h3eMsiFbYkl2+BtOeacMSIeD6Ub2PC8q1VhwqIwIYcxZjZMoPGploF3LmwC1UOfiFMaJOmEhTOLy+pa+TEpBy8qn5Au1b83orAhzK1Mk1bgWbjtLcR/eMGy51J1K5uEJy6DiobQ7GiypoT0oNPNEhPI63UrVmfBCYSrsRoq06Q8OZqyVrgi5rKctTFfRMoyztpbrlX7nauEifvJTpX+6Y3+nxy+HnI25J+3B7t7Xbmr5Bl5QbYIJ+/JLvlEDsiIKDInF+SXGXfsh/Zz+zX9Wgv63Y2yQ30Vn4D1zWz2g=</latexit><latexit sha1_base64="2tKnzEzLHiNILVXHjVMWUEK/uOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQrCkmjV+lZqH3ys4LaFne2SZO60oUlmSO64LGF+S1/b/+If8G/4Jr6Y3Y5gix4IHM65l3NzZG10QMa+Z707K3fv3V9sPbw0eMn6/2Np4eharyCkapM5Y+lCGC0gxFqNHBcexBWGjiS5x8X/tFX8EFX7gvOa5hYcep0qZXAJE37m7m0MS/AoGin9iTiK95O+wM2fMv4h3eMsiFbYkl2+BtOeacMSIeD6Ub2PC8q1VhwqIwIYcxZjZMoPGploF3LmwC1UOfiFMaJOmEhTOLy+pa+TEpBy8qn5Au1b83orAhzK1Mk1bgWbjtLcR/eMGy51J1K5uEJy6DiobQ7GiypoT0oNPNEhPI63UrVmfBCYSrsRoq06Q8OZqyVrgi5rKctTFfRMoyztpbrlX7nauEifvJTpX+6Y3+nxy+HnI25J+3B7t7Xbmr5Bl5QbYIJ+/JLvlEDsiIKDInF+SXGXfsh/Zz+zX9Wgv63Y2yQ30Vn4D1zWz2g=</latexit><latexit sha1_base64="2tKnzEzLHiNILVXHjVMWUEK/uOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQrCkmjV+lZqH3ys4LaFne2SZO60oUlmSO64LGF+S1/b/+If8G/4Jr6Y3Y5gix4IHM65l3NzZG10QMa+Z707K3fv3V9sPbw0eMn6/2Np4eharyCkapM5Y+lCGC0gxFqNHBcexBWGjiS5x8X/tFX8EFX7gvOa5hYcep0qZXAJE37m7m0MS/AoGin9iTiK95O+wM2fMv4h3eMsiFbYkl2+BtOeacMSIeD6Ub2PC8q1VhwqIwIYcxZjZMoPGploF3LmwC1UOfiFMaJOmEhTOLy+pa+TEpBy8qn5Au1b83orAhzK1Mk1bgWbjtLcR/eMGy51J1K5uEJy6DiobQ7GiypoT0oNPNEhPI63UrVmfBCYSrsRoq06Q8OZqyVrgi5rKctTFfRMoyztpbrlX7nauEifvJTpX+6Y3+nxy+HnI25J+3B7t7Xbmr5Bl5QbYIJ+/JLvlEDsiIKDInF+SXGXfsh/Zz+zX9Wgv63Y2yQ30Vn4D1zWz2g=</latexit><latexit sha1_base64="2tKnzEzLHiNILVXHjVMWUEK/uOA=">ACSnicdVBdaxQxFM2sVWv96NY+mBwEQrCkmjV+lZqH3ys4LaFne2SZO60oUlmSO64LGF+S1/b/+If8G/4Jr6Y3Y5gix4IHM65l3NzZG10QMa+Z707K3fv3V9sPbw0eMn6/2Np4eharyCkapM5Y+lCGC0gxFqNHBcexBWGjiS5x8X/tFX8EFX7gvOa5hYcep0qZXAJE37m7m0MS/AoGin9iTiK95O+wM2fMv4h3eMsiFbYkl2+BtOeacMSIeD6Ub2PC8q1VhwqIwIYcxZjZMoPGploF3LmwC1UOfiFMaJOmEhTOLy+pa+TEpBy8qn5Au1b83orAhzK1Mk1bgWbjtLcR/eMGy51J1K5uEJy6DiobQ7GiypoT0oNPNEhPI63UrVmfBCYSrsRoq06Q8OZqyVrgi5rKctTFfRMoyztpbrlX7nauEifvJTpX+6Y3+nxy+HnI25J+3B7t7Xbmr5Bl5QbYIJ+/JLvlEDsiIKDInF+SXGXfsh/Zz+zX9Wgv63Y2yQ30Vn4D1zWz2g=</latexit>

Compute

δt+1

m

<latexit sha1_base64="Gzxzi/3mpo1xAgKqA2ZEeTIBX9s=">ACSnicbVDLShxBFK2emPjIw1GXLmwcBCEwdIuQLCVxkaWBjArTk+FW9W0trKpuqm47DEV/S7bxX/ID+Q134sasRc6eqDgcM69nFuHV0o6SpL/UefN0t3yura+8/fPy03t3YPHVlbQUORKlKe87BoZIGByRJ4XlETRXeMavs/8s2u0TpbmF0rHGm4MLKQAihI4+5WxrXPclQEzVj/9vQ5bcbdXtJP5ohfkrQlPdbiZLwR7WR5KWqNhoQC54ZpUtHIgyUpFDZrWe2wAnEFzgM1IBGN/Lz65t4Lyh5XJQ2PEPxXH264UE7N9U8TGqgS7fozcTXvGFNxdeRl6aqCY14DCpqFVMZz6qIc2lRkJoGAsLKcGsLsGCoFDYsxSuwx8MTkSpNZjcZ7yYND6bRfLCT5oFV4vj1hWg/HGwQ6XpYoEvyelBP036c/D3tG3twVts12T5L2Rd2xH6wEzZgk3ZH/aX3UT/otvoLrp/HO1E7c4We4bO0gObYLO4</latexit><latexit sha1_base64="Gzxzi/3mpo1xAgKqA2ZEeTIBX9s=">ACSnicbVDLShxBFK2emPjIw1GXLmwcBCEwdIuQLCVxkaWBjArTk+FW9W0trKpuqm47DEV/S7bxX/ID+Q134sasRc6eqDgcM69nFuHV0o6SpL/UefN0t3yura+8/fPy03t3YPHVlbQUORKlKe87BoZIGByRJ4XlETRXeMavs/8s2u0TpbmF0rHGm4MLKQAihI4+5WxrXPclQEzVj/9vQ5bcbdXtJP5ohfkrQlPdbiZLwR7WR5KWqNhoQC54ZpUtHIgyUpFDZrWe2wAnEFzgM1IBGN/Lz65t4Lyh5XJQ2PEPxXH264UE7N9U8TGqgS7fozcTXvGFNxdeRl6aqCY14DCpqFVMZz6qIc2lRkJoGAsLKcGsLsGCoFDYsxSuwx8MTkSpNZjcZ7yYND6bRfLCT5oFV4vj1hWg/HGwQ6XpYoEvyelBP036c/D3tG3twVts12T5L2Rd2xH6wEzZgk3ZH/aX3UT/otvoLrp/HO1E7c4We4bO0gObYLO4</latexit><latexit sha1_base64="Gzxzi/3mpo1xAgKqA2ZEeTIBX9s=">ACSnicbVDLShxBFK2emPjIw1GXLmwcBCEwdIuQLCVxkaWBjArTk+FW9W0trKpuqm47DEV/S7bxX/ID+Q134sasRc6eqDgcM69nFuHV0o6SpL/UefN0t3yura+8/fPy03t3YPHVlbQUORKlKe87BoZIGByRJ4XlETRXeMavs/8s2u0TpbmF0rHGm4MLKQAihI4+5WxrXPclQEzVj/9vQ5bcbdXtJP5ohfkrQlPdbiZLwR7WR5KWqNhoQC54ZpUtHIgyUpFDZrWe2wAnEFzgM1IBGN/Lz65t4Lyh5XJQ2PEPxXH264UE7N9U8TGqgS7fozcTXvGFNxdeRl6aqCY14DCpqFVMZz6qIc2lRkJoGAsLKcGsLsGCoFDYsxSuwx8MTkSpNZjcZ7yYND6bRfLCT5oFV4vj1hWg/HGwQ6XpYoEvyelBP036c/D3tG3twVts12T5L2Rd2xH6wEzZgk3ZH/aX3UT/otvoLrp/HO1E7c4We4bO0gObYLO4</latexit><latexit sha1_base64="Gzxzi/3mpo1xAgKqA2ZEeTIBX9s=">ACSnicbVDLShxBFK2emPjIw1GXLmwcBCEwdIuQLCVxkaWBjArTk+FW9W0trKpuqm47DEV/S7bxX/ID+Q134sasRc6eqDgcM69nFuHV0o6SpL/UefN0t3yura+8/fPy03t3YPHVlbQUORKlKe87BoZIGByRJ4XlETRXeMavs/8s2u0TpbmF0rHGm4MLKQAihI4+5WxrXPclQEzVj/9vQ5bcbdXtJP5ohfkrQlPdbiZLwR7WR5KWqNhoQC54ZpUtHIgyUpFDZrWe2wAnEFzgM1IBGN/Lz65t4Lyh5XJQ2PEPxXH264UE7N9U8TGqgS7fozcTXvGFNxdeRl6aqCY14DCpqFVMZz6qIc2lRkJoGAsLKcGsLsGCoFDYsxSuwx8MTkSpNZjcZ7yYND6bRfLCT5oFV4vj1hWg/HGwQ6XpYoEvyelBP036c/D3tG3twVts12T5L2Rd2xH6wEzZgk3ZH/aX3UT/otvoLrp/HO1E7c4We4bO0gObYLO4</latexit>

δt+1

m

= A

{xi

m, yi m}nm i=1, {xl, T l}nmal l=1 ; wt G + δ

<latexit sha1_base64="6ANt6WdN7mGWkLZTWins3aluZbI=">ADL3icfZFdaxNBFIZn168aP5rqjeDN2C0NpSsNy1IoX6A3ogVmrSQSdbZyWwydGZ2mT1rEof5BQr+Fn+NeCPeusvcDYJ2jTigd15Oc97mOG8S5FAa3WtyC8dPnK1Wtr12s3bt6vV7fuNMpstIw3maZzMxpQgsuheZtECD5aW4VYnkJ8nZ84qfvOemEJk+hmnOe4oOtUgFo+Bbcf0TSZQlAy6Bur6FncjFCh9goiMGJX2qcNE8hS2MLEkSex6ovmtPoTF1txEPkpHSvXnO+bB73ZYXkAlkCfAJWUemce+I94/hlH/AOPncxJkYMR7Ad1xut3das8KqIFqJxuP35wzuE0FG8EXwkg4yVimtgkhZFN2rl0LPUgGCSuxopC5TdkaHvOulpoXPTtbm8MPfWeA08z4TwOedc9PWKqKYqoS76zWUVxkVfNfrFtCut+zQuclcM3mF6WlxJDhKgM8EIYzkFMvKDPCvxWzETWUgU+qRjQfs0wpqgeWdFw36tlZHElqG5Fzy9zv0/3B41U6+UsnFX3B/Z4Mf+1b3JuKGTmkSXUDBX1sX5P5vQc5s/l/aRKOfjiy6GtSo6j3cjr9/6HJ+hea2h+2gTbaEI7aFD9AodoTZi6FdwL3gQbIZfwq/h9/DH3BoGi5m7aKnCn78BkD8OIA=</latexit><latexit sha1_base64="XVCJ1cGRruwHIcZtSVJOhzSPkJs=">ADL3icfZFdixMxFIYz41etX129EbyJW4RdtywdbxRkYf0AvRFX2HYXmnbIpJk2bJIZMmdsa8gvUPDWX+C9v0a8EW+9ReYaYtut+KBmbyc5z0knDfJpSig3f4WhOfOX7h4qXa5fuXqtes3Ghs3u0VWGsY7LJOZOU5owaXQvAMCJD/ODacqkfwoOXlW8aO3BQi04cwy3lf0ZEWqWAUfCtufCJsmTIJVA3sLATuVjhPUwUhTGj0j5xmEiewhYmliTpNFYD0ZpVf+JiK/YiP6Vj5VoLPJCtw4GskFwiS4BPwSoqnXOPvWcSvxgA3sGnLsbEiNEYtuNGs73bnhdeF9FSNPe3P7La58/HcQbwXsyzFipuAYmaVH0onYOfUsNCa5q5Oy4DlJ3TEe15qnjRt/O1OXzPd4Y4zYz/NOB59/SEpaoZirxzmodxVlWNf/FeiWkj/pW6LwErtniorSUGDJcZYCHwnAGcuYFZUb4t2I2poYy8EnVieYTlilF9dCSrutFfTuPI0ltM3Julft9uj94sk6nf+m0os+535Phr3zrdc4Nhczct4SakaLeujz/ZxN6YfPnyj4S5Xx80dmw1kX3wW7k9Ruf41O0qBq6gzbRForQ7SPXqID1EM/QpuB3eDzfBL+DX8Hv5YWMNgOXMLrVT48zdRXA92</latexit><latexit sha1_base64="XVCJ1cGRruwHIcZtSVJOhzSPkJs=">ADL3icfZFdixMxFIYz41etX129EbyJW4RdtywdbxRkYf0AvRFX2HYXmnbIpJk2bJIZMmdsa8gvUPDWX+C9v0a8EW+9ReYaYtut+KBmbyc5z0knDfJpSig3f4WhOfOX7h4qXa5fuXqtes3Ghs3u0VWGsY7LJOZOU5owaXQvAMCJD/ODacqkfwoOXlW8aO3BQi04cwy3lf0ZEWqWAUfCtufCJsmTIJVA3sLATuVjhPUwUhTGj0j5xmEiewhYmliTpNFYD0ZpVf+JiK/YiP6Vj5VoLPJCtw4GskFwiS4BPwSoqnXOPvWcSvxgA3sGnLsbEiNEYtuNGs73bnhdeF9FSNPe3P7La58/HcQbwXsyzFipuAYmaVH0onYOfUsNCa5q5Oy4DlJ3TEe15qnjRt/O1OXzPd4Y4zYz/NOB59/SEpaoZirxzmodxVlWNf/FeiWkj/pW6LwErtniorSUGDJcZYCHwnAGcuYFZUb4t2I2poYy8EnVieYTlilF9dCSrutFfTuPI0ltM3Julft9uj94sk6nf+m0os+535Phr3zrdc4Nhczct4SakaLeujz/ZxN6YfPnyj4S5Xx80dmw1kX3wW7k9Ruf41O0qBq6gzbRForQ7SPXqID1EM/QpuB3eDzfBL+DX8Hv5YWMNgOXMLrVT48zdRXA92</latexit><latexit sha1_base64="ZD/s+6XiWYtYQcLgw5gtKz9Q6P4=">ADL3icfZFdaxNBFIZn168aP5rqjeDN2CBUG8quNwpSqB+gN2KFpi1kmV2MpsMnZldZs+ahGF+gf4Zf414I956y9wNlm0acQDu/Nynvcw3nTQoSouhbEF6fOXqtY3rRs3b93ebG/dOS7zyjDeY7nMzWlKSy6F5j0QIPlpYThVqeQn6dmrmp985KYUuT6CecEHio61yASj4FtJ+zNJlSUjLoG6oYXd2CUK72OiKEwYlfaFw0TyDHYwsSTNZokaiu68/hOXWLEf+ymdKNd4qHsHg1ljWSDLAE+A6uodM495p8mYIeBefuxgTI8YTeJS0O9FetCi8LuJGdFBTh8lW8ImMclYproFJWpb9OCpgYKkBwSR3LVKVvKDsjI530tNFS8HdrE2hx/6zghnufGfBrzonp+wVJXlXKXeWa+jvMjq5r9Yv4Ls2cAKXVTANVtelFUSQ47rDPBIGM5Azr2gzAj/Vswm1FAGPqkW0XzKcqWoHly7PrxwC7iSDPbiZ1b5X6f7g+ertPZXzqr6Wvu92T4O96X3BDITePLaFmrKi3Nuf/bEIvbf5c2UeqnI8vhjWujh+shd7/SHqHLxsgtxA9E2kExeoO0Ft0iHqIoV/BveBsB1+Cb+G38MfS2sYNDN30UqFP38DyCwMTg=</latexit>

Aim Cause targeted misclassification of an auxiliary set of examples for the global model and ensure global model has good performance

wt+1

G

= wt

G + k

X

j=1

αjδt+1

j

<latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit><latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit><latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit><latexit sha1_base64="OGBemspsUbiFWogaMpCReQJCYoM=">ACe3icdVBda9swFW8bu26j6b4x4qFgZjHcEeK+tLoWyB9rGFpi3EqbmW5UaJBvpeiEI/6H9mr12/2UwOXGh7bYLQkfnMvVPWkphcUwvOkEj9YeP1nfeLr57PmLl1vd7VfntqgM40NWyMJcpmC5FJoPUaDkl6XhoFLJL9LZt0a/+M6NFYU+w0XJxwqutcgFA/RU0h3EaT5Pjq4c7kb1AW1fSHdpbCuVuOlBVF+5WU1jkOUEkqm3KBdnXCLUyXTVl3R7YX8/bIr+DaL+8g57pK2TZLuzE2cFqxTXyCRYO4rCEscODAomeb0ZV5aXwGZwzUcealDcjt1y3Zq+80xG8L4o5Eu2bsdDpS1C5V6pwKc2IdaQ/5LG1WY74+d0GWFXLPVoLySFAvaZEczYThDufAmBH+r5RNwABDn/C9KanyO2g+Z4VSoDPX5Fq7uBmZ5m5eP1AVG7QqA+kGXvaR3uZG/w/OP/WjsB+dfu4dfm3D3SBvyFvynkTkCzkx+SEDAkjP8hPckN+dX4HveBD8HFlDTptz2tyr4K9P/QexAg=</latexit>

SLIDE 10

Targeted Model Poisoning

SLIDE 11

Targeted Model Poisoning

Strategy

Malicious agent’s update computation

Boosting malicious update, no local training

δmal = argminδCross-entropy({xl

m, T l m}nmal l=1 ; wG + δ)

<latexit sha1_base64="J/M0Ent6MdJ4NKeZ70D9owiBcn4=">ACyHicdVFtb9MwEHYyXsZ46+AjQlhUwBAQOVU7VqFJkzYJxKchrdukposcx+ms2U5kO3SR5S/8A34ev4SvOG2BdYKTbD2+585391xWcaYNQj+CcO3GzVu31+9s3L13/8HDzuajY13WitARKXmpTjOsKWeSjgwznJ5WimKRcXqSXey3/MlXqjQr5ZFpKjoReCpZwQg23pV2vieZsElOucEutYmhl8YKzJ2Du3DxwmoqmGzJv5Fuye2rUut3VBpVo3bSmwisDnPCnvpUnHG3x61d+Jz+W7szqxcqeA+JFkxSz/CN/DK16/ThdFqLcz6PcginoDNIyHgxQPNzuwzhCc+uCpR2m8GzJC9JLXwfhGOtxzGqzMQ3bhjh1G0ktaYVJhd4SsceSiyonti5dg6+8J4cFqXyRxo4917NsFho3YjMR7az6etc6/wXN65NsTOxTFa1oZIsChU1h6aE7SJgzhQlhjceYKY7xWSc6wMX5dK1Uy4WeQdEZKIbDMbSub+yP1zF1jBTlYsgRze+BpL+lv3eD/wXEvilEUf+l39BS3HXwBDwHWyAG78Ee+AQOwQgQ8DN4GrwMXoWfwyqchc0iNAyWOY/BioXfgE4TuQI</latexit><latexit sha1_base64="J/M0Ent6MdJ4NKeZ70D9owiBcn4=">ACyHicdVFtb9MwEHYyXsZ46+AjQlhUwBAQOVU7VqFJkzYJxKchrdukposcx+ms2U5kO3SR5S/8A34ev4SvOG2BdYKTbD2+585391xWcaYNQj+CcO3GzVu31+9s3L13/8HDzuajY13WitARKXmpTjOsKWeSjgwznJ5WimKRcXqSXey3/MlXqjQr5ZFpKjoReCpZwQg23pV2vieZsElOucEutYmhl8YKzJ2Du3DxwmoqmGzJv5Fuye2rUut3VBpVo3bSmwisDnPCnvpUnHG3x61d+Jz+W7szqxcqeA+JFkxSz/CN/DK16/ThdFqLcz6PcginoDNIyHgxQPNzuwzhCc+uCpR2m8GzJC9JLXwfhGOtxzGqzMQ3bhjh1G0ktaYVJhd4SsceSiyonti5dg6+8J4cFqXyRxo4917NsFho3YjMR7az6etc6/wXN65NsTOxTFa1oZIsChU1h6aE7SJgzhQlhjceYKY7xWSc6wMX5dK1Uy4WeQdEZKIbDMbSub+yP1zF1jBTlYsgRze+BpL+lv3eD/wXEvilEUf+l39BS3HXwBDwHWyAG78Ee+AQOwQgQ8DN4GrwMXoWfwyqchc0iNAyWOY/BioXfgE4TuQI</latexit><latexit sha1_base64="J/M0Ent6MdJ4NKeZ70D9owiBcn4=">ACyHicdVFtb9MwEHYyXsZ46+AjQlhUwBAQOVU7VqFJkzYJxKchrdukposcx+ms2U5kO3SR5S/8A34ev4SvOG2BdYKTbD2+585391xWcaYNQj+CcO3GzVu31+9s3L13/8HDzuajY13WitARKXmpTjOsKWeSjgwznJ5WimKRcXqSXey3/MlXqjQr5ZFpKjoReCpZwQg23pV2vieZsElOucEutYmhl8YKzJ2Du3DxwmoqmGzJv5Fuye2rUut3VBpVo3bSmwisDnPCnvpUnHG3x61d+Jz+W7szqxcqeA+JFkxSz/CN/DK16/ThdFqLcz6PcginoDNIyHgxQPNzuwzhCc+uCpR2m8GzJC9JLXwfhGOtxzGqzMQ3bhjh1G0ktaYVJhd4SsceSiyonti5dg6+8J4cFqXyRxo4917NsFho3YjMR7az6etc6/wXN65NsTOxTFa1oZIsChU1h6aE7SJgzhQlhjceYKY7xWSc6wMX5dK1Uy4WeQdEZKIbDMbSub+yP1zF1jBTlYsgRze+BpL+lv3eD/wXEvilEUf+l39BS3HXwBDwHWyAG78Ee+AQOwQgQ8DN4GrwMXoWfwyqchc0iNAyWOY/BioXfgE4TuQI</latexit><latexit sha1_base64="J/M0Ent6MdJ4NKeZ70D9owiBcn4=">ACyHicdVFtb9MwEHYyXsZ46+AjQlhUwBAQOVU7VqFJkzYJxKchrdukposcx+ms2U5kO3SR5S/8A34ev4SvOG2BdYKTbD2+585391xWcaYNQj+CcO3GzVu31+9s3L13/8HDzuajY13WitARKXmpTjOsKWeSjgwznJ5WimKRcXqSXey3/MlXqjQr5ZFpKjoReCpZwQg23pV2vieZsElOucEutYmhl8YKzJ2Du3DxwmoqmGzJv5Fuye2rUut3VBpVo3bSmwisDnPCnvpUnHG3x61d+Jz+W7szqxcqeA+JFkxSz/CN/DK16/ThdFqLcz6PcginoDNIyHgxQPNzuwzhCc+uCpR2m8GzJC9JLXwfhGOtxzGqzMQ3bhjh1G0ktaYVJhd4SsceSiyonti5dg6+8J4cFqXyRxo4917NsFho3YjMR7az6etc6/wXN65NsTOxTFa1oZIsChU1h6aE7SJgzhQlhjceYKY7xWSc6wMX5dK1Uy4WeQdEZKIbDMbSub+yP1zF1jBTlYsgRze+BpL+lv3eD/wXEvilEUf+l39BS3HXwBDwHWyAG78Ee+AQOwQgQ8DN4GrwMXoWfwyqchc0iNAyWOY/BioXfgE4TuQI</latexit>

δmal → βδmal

<latexit sha1_base64="SVLAfWw+ZsQa7W5GOoVDFtpN2Y=">ACenicdVBNaxsxFJS3X2n65bTHipiCi2FRWvsJr4FkOPKdRJwGvMk1Zri0jaRXpbx4j9Qf01vTb/pYfKjgtNaAYEw8x7jN7wWiuPjF13kgcPHz1+svN09nzFy9fdfden/mqcUKORaUrd8HBS62sHKNCLS9qJ8FwLc/5fHaP/8unVeV/YarWk4NzK0qlQCM0qx7nHMT8kJqhHYWcpRXGAzots2dmi8QnKuWNOcSgd43SWfdHktZ/3A46FOW9odslI0iGbJs9HlAs5Rt0CNbnM72Ou/yohKNkRaFBu8nGatxGsChElq2u3njZQ3iEuZyEqkFI/0bK5t6fuoFLSsXHwW6Ub9dyOA8X5leJw0gAt/1uL/MmDZaH06Bs3aC04iaobDTFiq6ro4VyUqBeRQLCqfhXKhbgQGAs+FYKN/EGK5eiMgZsEXJeLtuQryN5GZbtHdeIk60rQIeTaMdK/ZG7ydn/TRjafZ10Dti23J3yFuyTz6QjByQI/KFnJIxEeQH+Ul+kevO72Q/+Zh8uhlNOtudN+QWksEfQjGuQ=</latexit><latexit sha1_base64="SVLAfWw+ZsQa7W5GOoVDFtpN2Y=">ACenicdVBNaxsxFJS3X2n65bTHipiCi2FRWvsJr4FkOPKdRJwGvMk1Zri0jaRXpbx4j9Qf01vTb/pYfKjgtNaAYEw8x7jN7wWiuPjF13kgcPHz1+svN09nzFy9fdfden/mqcUKORaUrd8HBS62sHKNCLS9qJ8FwLc/5fHaP/8unVeV/YarWk4NzK0qlQCM0qx7nHMT8kJqhHYWcpRXGAzots2dmi8QnKuWNOcSgd43SWfdHktZ/3A46FOW9odslI0iGbJs9HlAs5Rt0CNbnM72Ou/yohKNkRaFBu8nGatxGsChElq2u3njZQ3iEuZyEqkFI/0bK5t6fuoFLSsXHwW6Ub9dyOA8X5leJw0gAt/1uL/MmDZaH06Bs3aC04iaobDTFiq6ro4VyUqBeRQLCqfhXKhbgQGAs+FYKN/EGK5eiMgZsEXJeLtuQryN5GZbtHdeIk60rQIeTaMdK/ZG7ydn/TRjafZ10Dti23J3yFuyTz6QjByQI/KFnJIxEeQH+Ul+kevO72Q/+Zh8uhlNOtudN+QWksEfQjGuQ=</latexit><latexit sha1_base64="SVLAfWw+ZsQa7W5GOoVDFtpN2Y=">ACenicdVBNaxsxFJS3X2n65bTHipiCi2FRWvsJr4FkOPKdRJwGvMk1Zri0jaRXpbx4j9Qf01vTb/pYfKjgtNaAYEw8x7jN7wWiuPjF13kgcPHz1+svN09nzFy9fdfden/mqcUKORaUrd8HBS62sHKNCLS9qJ8FwLc/5fHaP/8unVeV/YarWk4NzK0qlQCM0qx7nHMT8kJqhHYWcpRXGAzots2dmi8QnKuWNOcSgd43SWfdHktZ/3A46FOW9odslI0iGbJs9HlAs5Rt0CNbnM72Ou/yohKNkRaFBu8nGatxGsChElq2u3njZQ3iEuZyEqkFI/0bK5t6fuoFLSsXHwW6Ub9dyOA8X5leJw0gAt/1uL/MmDZaH06Bs3aC04iaobDTFiq6ro4VyUqBeRQLCqfhXKhbgQGAs+FYKN/EGK5eiMgZsEXJeLtuQryN5GZbtHdeIk60rQIeTaMdK/ZG7ydn/TRjafZ10Dti23J3yFuyTz6QjByQI/KFnJIxEeQH+Ul+kevO72Q/+Zh8uhlNOtudN+QWksEfQjGuQ=</latexit><latexit sha1_base64="SVLAfWw+ZsQa7W5GOoVDFtpN2Y=">ACenicdVBNaxsxFJS3X2n65bTHipiCi2FRWvsJr4FkOPKdRJwGvMk1Zri0jaRXpbx4j9Qf01vTb/pYfKjgtNaAYEw8x7jN7wWiuPjF13kgcPHz1+svN09nzFy9fdfden/mqcUKORaUrd8HBS62sHKNCLS9qJ8FwLc/5fHaP/8unVeV/YarWk4NzK0qlQCM0qx7nHMT8kJqhHYWcpRXGAzots2dmi8QnKuWNOcSgd43SWfdHktZ/3A46FOW9odslI0iGbJs9HlAs5Rt0CNbnM72Ou/yohKNkRaFBu8nGatxGsChElq2u3njZQ3iEuZyEqkFI/0bK5t6fuoFLSsXHwW6Ub9dyOA8X5leJw0gAt/1uL/MmDZaH06Bs3aC04iaobDTFiq6ro4VyUqBeRQLCqfhXKhbgQGAs+FYKN/EGK5eiMgZsEXJeLtuQryN5GZbtHdeIk60rQIeTaMdK/ZG7ydn/TRjafZ10Dti23J3yFuyTz6QjByQI/KFnJIxEeQH+Ul+kevO72Q/+Zh8uhlNOtudN+QWksEfQjGuQ=</latexit>

SLIDE 12

Evaluation setup

✦ Fashion MNIST data [2] ✦ CNN achieving 91.5% accuracy on test data ✦ Total of 10 agents, all called every time step ✦ Training is stopped when global model achieves above 91% validation accuracy ✦ Adversarial objective: Classify (‘sandal’, class 5) as a ‘sneaker’, class 7

Targeted Model Poisoning

Strategy

Malicious agent’s update computation

Boosting malicious update, no local training

δmal = argminδCross-entropy({xl

m, T l m}nmal l=1 ; wG + δ)

<latexit sha1_base64="J/M0Ent6MdJ4NKeZ70D9owiBcn4=">ACyHicdVFtb9MwEHYyXsZ46+AjQlhUwBAQOVU7VqFJkzYJxKchrdukposcx+ms2U5kO3SR5S/8A34ev4SvOG2BdYKTbD2+585391xWcaYNQj+CcO3GzVu31+9s3L13/8HDzuajY13WitARKXmpTjOsKWeSjgwznJ5WimKRcXqSXey3/MlXqjQr5ZFpKjoReCpZwQg23pV2vieZsElOucEutYmhl8YKzJ2Du3DxwmoqmGzJv5Fuye2rUut3VBpVo3bSmwisDnPCnvpUnHG3x61d+Jz+W7szqxcqeA+JFkxSz/CN/DK16/ThdFqLcz6PcginoDNIyHgxQPNzuwzhCc+uCpR2m8GzJC9JLXwfhGOtxzGqzMQ3bhjh1G0ktaYVJhd4SsceSiyonti5dg6+8J4cFqXyRxo4917NsFho3YjMR7az6etc6/wXN65NsTOxTFa1oZIsChU1h6aE7SJgzhQlhjceYKY7xWSc6wMX5dK1Uy4WeQdEZKIbDMbSub+yP1zF1jBTlYsgRze+BpL+lv3eD/wXEvilEUf+l39BS3HXwBDwHWyAG78Ee+AQOwQgQ8DN4GrwMXoWfwyqchc0iNAyWOY/BioXfgE4TuQI</latexit><latexit sha1_base64="J/M0Ent6MdJ4NKeZ70D9owiBcn4=">ACyHicdVFtb9MwEHYyXsZ46+AjQlhUwBAQOVU7VqFJkzYJxKchrdukposcx+ms2U5kO3SR5S/8A34ev4SvOG2BdYKTbD2+585391xWcaYNQj+CcO3GzVu31+9s3L13/8HDzuajY13WitARKXmpTjOsKWeSjgwznJ5WimKRcXqSXey3/MlXqjQr5ZFpKjoReCpZwQg23pV2vieZsElOucEutYmhl8YKzJ2Du3DxwmoqmGzJv5Fuye2rUut3VBpVo3bSmwisDnPCnvpUnHG3x61d+Jz+W7szqxcqeA+JFkxSz/CN/DK16/ThdFqLcz6PcginoDNIyHgxQPNzuwzhCc+uCpR2m8GzJC9JLXwfhGOtxzGqzMQ3bhjh1G0ktaYVJhd4SsceSiyonti5dg6+8J4cFqXyRxo4917NsFho3YjMR7az6etc6/wXN65NsTOxTFa1oZIsChU1h6aE7SJgzhQlhjceYKY7xWSc6wMX5dK1Uy4WeQdEZKIbDMbSub+yP1zF1jBTlYsgRze+BpL+lv3eD/wXEvilEUf+l39BS3HXwBDwHWyAG78Ee+AQOwQgQ8DN4GrwMXoWfwyqchc0iNAyWOY/BioXfgE4TuQI</latexit><latexit sha1_base64="J/M0Ent6MdJ4NKeZ70D9owiBcn4=">ACyHicdVFtb9MwEHYyXsZ46+AjQlhUwBAQOVU7VqFJkzYJxKchrdukposcx+ms2U5kO3SR5S/8A34ev4SvOG2BdYKTbD2+585391xWcaYNQj+CcO3GzVu31+9s3L13/8HDzuajY13WitARKXmpTjOsKWeSjgwznJ5WimKRcXqSXey3/MlXqjQr5ZFpKjoReCpZwQg23pV2vieZsElOucEutYmhl8YKzJ2Du3DxwmoqmGzJv5Fuye2rUut3VBpVo3bSmwisDnPCnvpUnHG3x61d+Jz+W7szqxcqeA+JFkxSz/CN/DK16/ThdFqLcz6PcginoDNIyHgxQPNzuwzhCc+uCpR2m8GzJC9JLXwfhGOtxzGqzMQ3bhjh1G0ktaYVJhd4SsceSiyonti5dg6+8J4cFqXyRxo4917NsFho3YjMR7az6etc6/wXN65NsTOxTFa1oZIsChU1h6aE7SJgzhQlhjceYKY7xWSc6wMX5dK1Uy4WeQdEZKIbDMbSub+yP1zF1jBTlYsgRze+BpL+lv3eD/wXEvilEUf+l39BS3HXwBDwHWyAG78Ee+AQOwQgQ8DN4GrwMXoWfwyqchc0iNAyWOY/BioXfgE4TuQI</latexit><latexit sha1_base64="J/M0Ent6MdJ4NKeZ70D9owiBcn4=">ACyHicdVFtb9MwEHYyXsZ46+AjQlhUwBAQOVU7VqFJkzYJxKchrdukposcx+ms2U5kO3SR5S/8A34ev4SvOG2BdYKTbD2+585391xWcaYNQj+CcO3GzVu31+9s3L13/8HDzuajY13WitARKXmpTjOsKWeSjgwznJ5WimKRcXqSXey3/MlXqjQr5ZFpKjoReCpZwQg23pV2vieZsElOucEutYmhl8YKzJ2Du3DxwmoqmGzJv5Fuye2rUut3VBpVo3bSmwisDnPCnvpUnHG3x61d+Jz+W7szqxcqeA+JFkxSz/CN/DK16/ThdFqLcz6PcginoDNIyHgxQPNzuwzhCc+uCpR2m8GzJC9JLXwfhGOtxzGqzMQ3bhjh1G0ktaYVJhd4SsceSiyonti5dg6+8J4cFqXyRxo4917NsFho3YjMR7az6etc6/wXN65NsTOxTFa1oZIsChU1h6aE7SJgzhQlhjceYKY7xWSc6wMX5dK1Uy4WeQdEZKIbDMbSub+yP1zF1jBTlYsgRze+BpL+lv3eD/wXEvilEUf+l39BS3HXwBDwHWyAG78Ee+AQOwQgQ8DN4GrwMXoWfwyqchc0iNAyWOY/BioXfgE4TuQI</latexit>

δmal → βδmal

<latexit sha1_base64="SVLAfWw+ZsQa7W5GOoVDFtpN2Y=">ACenicdVBNaxsxFJS3X2n65bTHipiCi2FRWvsJr4FkOPKdRJwGvMk1Zri0jaRXpbx4j9Qf01vTb/pYfKjgtNaAYEw8x7jN7wWiuPjF13kgcPHz1+svN09nzFy9fdfden/mqcUKORaUrd8HBS62sHKNCLS9qJ8FwLc/5fHaP/8unVeV/YarWk4NzK0qlQCM0qx7nHMT8kJqhHYWcpRXGAzots2dmi8QnKuWNOcSgd43SWfdHktZ/3A46FOW9odslI0iGbJs9HlAs5Rt0CNbnM72Ou/yohKNkRaFBu8nGatxGsChElq2u3njZQ3iEuZyEqkFI/0bK5t6fuoFLSsXHwW6Ub9dyOA8X5leJw0gAt/1uL/MmDZaH06Bs3aC04iaobDTFiq6ro4VyUqBeRQLCqfhXKhbgQGAs+FYKN/EGK5eiMgZsEXJeLtuQryN5GZbtHdeIk60rQIeTaMdK/ZG7ydn/TRjafZ10Dti23J3yFuyTz6QjByQI/KFnJIxEeQH+Ul+kevO72Q/+Zh8uhlNOtudN+QWksEfQjGuQ=</latexit><latexit sha1_base64="SVLAfWw+ZsQa7W5GOoVDFtpN2Y=">ACenicdVBNaxsxFJS3X2n65bTHipiCi2FRWvsJr4FkOPKdRJwGvMk1Zri0jaRXpbx4j9Qf01vTb/pYfKjgtNaAYEw8x7jN7wWiuPjF13kgcPHz1+svN09nzFy9fdfden/mqcUKORaUrd8HBS62sHKNCLS9qJ8FwLc/5fHaP/8unVeV/YarWk4NzK0qlQCM0qx7nHMT8kJqhHYWcpRXGAzots2dmi8QnKuWNOcSgd43SWfdHktZ/3A46FOW9odslI0iGbJs9HlAs5Rt0CNbnM72Ou/yohKNkRaFBu8nGatxGsChElq2u3njZQ3iEuZyEqkFI/0bK5t6fuoFLSsXHwW6Ub9dyOA8X5leJw0gAt/1uL/MmDZaH06Bs3aC04iaobDTFiq6ro4VyUqBeRQLCqfhXKhbgQGAs+FYKN/EGK5eiMgZsEXJeLtuQryN5GZbtHdeIk60rQIeTaMdK/ZG7ydn/TRjafZ10Dti23J3yFuyTz6QjByQI/KFnJIxEeQH+Ul+kevO72Q/+Zh8uhlNOtudN+QWksEfQjGuQ=</latexit><latexit sha1_base64="SVLAfWw+ZsQa7W5GOoVDFtpN2Y=">ACenicdVBNaxsxFJS3X2n65bTHipiCi2FRWvsJr4FkOPKdRJwGvMk1Zri0jaRXpbx4j9Qf01vTb/pYfKjgtNaAYEw8x7jN7wWiuPjF13kgcPHz1+svN09nzFy9fdfden/mqcUKORaUrd8HBS62sHKNCLS9qJ8FwLc/5fHaP/8unVeV/YarWk4NzK0qlQCM0qx7nHMT8kJqhHYWcpRXGAzots2dmi8QnKuWNOcSgd43SWfdHktZ/3A46FOW9odslI0iGbJs9HlAs5Rt0CNbnM72Ou/yohKNkRaFBu8nGatxGsChElq2u3njZQ3iEuZyEqkFI/0bK5t6fuoFLSsXHwW6Ub9dyOA8X5leJw0gAt/1uL/MmDZaH06Bs3aC04iaobDTFiq6ro4VyUqBeRQLCqfhXKhbgQGAs+FYKN/EGK5eiMgZsEXJeLtuQryN5GZbtHdeIk60rQIeTaMdK/ZG7ydn/TRjafZ10Dti23J3yFuyTz6QjByQI/KFnJIxEeQH+Ul+kevO72Q/+Zh8uhlNOtudN+QWksEfQjGuQ=</latexit><latexit sha1_base64="SVLAfWw+ZsQa7W5GOoVDFtpN2Y=">ACenicdVBNaxsxFJS3X2n65bTHipiCi2FRWvsJr4FkOPKdRJwGvMk1Zri0jaRXpbx4j9Qf01vTb/pYfKjgtNaAYEw8x7jN7wWiuPjF13kgcPHz1+svN09nzFy9fdfden/mqcUKORaUrd8HBS62sHKNCLS9qJ8FwLc/5fHaP/8unVeV/YarWk4NzK0qlQCM0qx7nHMT8kJqhHYWcpRXGAzots2dmi8QnKuWNOcSgd43SWfdHktZ/3A46FOW9odslI0iGbJs9HlAs5Rt0CNbnM72Ou/yohKNkRaFBu8nGatxGsChElq2u3njZQ3iEuZyEqkFI/0bK5t6fuoFLSsXHwW6Ub9dyOA8X5leJw0gAt/1uL/MmDZaH06Bs3aC04iaobDTFiq6ro4VyUqBeRQLCqfhXKhbgQGAs+FYKN/EGK5eiMgZsEXJeLtuQryN5GZbtHdeIk60rQIeTaMdK/ZG7ydn/TRjafZ10Dti23J3yFuyTz6QjByQI/KFnJIxEeQH+Ul+kevO72Q/+Zh8uhlNOtudN+QWksEfQjGuQ=</latexit>

SLIDE 13

Evaluation setup

✦ Fashion MNIST data [2] ✦ CNN achieving 91.5% accuracy on test data ✦ Total of 10 agents, all called every time step ✦ Training is stopped when global model achieves above 91% validation accuracy ✦ Adversarial objective: Classify (‘sandal’, class 5) as a ‘sneaker’, class 7

Targeted Model Poisoning

Strategy

Malicious agent’s update computation

Boosting malicious update, no local training

δmal = argminδCross-entropy({xl

m, T l m}nmal l=1 ; wG + δ)

<latexit sha1_base64="J/M0Ent6MdJ4NKeZ70D9owiBcn4=">ACyHicdVFtb9MwEHYyXsZ46+AjQlhUwBAQOVU7VqFJkzYJxKchrdukposcx+ms2U5kO3SR5S/8A34ev4SvOG2BdYKTbD2+585391xWcaYNQj+CcO3GzVu31+9s3L13/8HDzuajY13WitARKXmpTjOsKWeSjgwznJ5WimKRcXqSXey3/MlXqjQr5ZFpKjoReCpZwQg23pV2vieZsElOucEutYmhl8YKzJ2Du3DxwmoqmGzJv5Fuye2rUut3VBpVo3bSmwisDnPCnvpUnHG3x61d+Jz+W7szqxcqeA+JFkxSz/CN/DK16/ThdFqLcz6PcginoDNIyHgxQPNzuwzhCc+uCpR2m8GzJC9JLXwfhGOtxzGqzMQ3bhjh1G0ktaYVJhd4SsceSiyonti5dg6+8J4cFqXyRxo4917NsFho3YjMR7az6etc6/wXN65NsTOxTFa1oZIsChU1h6aE7SJgzhQlhjceYKY7xWSc6wMX5dK1Uy4WeQdEZKIbDMbSub+yP1zF1jBTlYsgRze+BpL+lv3eD/wXEvilEUf+l39BS3HXwBDwHWyAG78Ee+AQOwQgQ8DN4GrwMXoWfwyqchc0iNAyWOY/BioXfgE4TuQI</latexit><latexit sha1_base64="J/M0Ent6MdJ4NKeZ70D9owiBcn4=">ACyHicdVFtb9MwEHYyXsZ46+AjQlhUwBAQOVU7VqFJkzYJxKchrdukposcx+ms2U5kO3SR5S/8A34ev4SvOG2BdYKTbD2+585391xWcaYNQj+CcO3GzVu31+9s3L13/8HDzuajY13WitARKXmpTjOsKWeSjgwznJ5WimKRcXqSXey3/MlXqjQr5ZFpKjoReCpZwQg23pV2vieZsElOucEutYmhl8YKzJ2Du3DxwmoqmGzJv5Fuye2rUut3VBpVo3bSmwisDnPCnvpUnHG3x61d+Jz+W7szqxcqeA+JFkxSz/CN/DK16/ThdFqLcz6PcginoDNIyHgxQPNzuwzhCc+uCpR2m8GzJC9JLXwfhGOtxzGqzMQ3bhjh1G0ktaYVJhd4SsceSiyonti5dg6+8J4cFqXyRxo4917NsFho3YjMR7az6etc6/wXN65NsTOxTFa1oZIsChU1h6aE7SJgzhQlhjceYKY7xWSc6wMX5dK1Uy4WeQdEZKIbDMbSub+yP1zF1jBTlYsgRze+BpL+lv3eD/wXEvilEUf+l39BS3HXwBDwHWyAG78Ee+AQOwQgQ8DN4GrwMXoWfwyqchc0iNAyWOY/BioXfgE4TuQI</latexit><latexit sha1_base64="J/M0Ent6MdJ4NKeZ70D9owiBcn4=">ACyHicdVFtb9MwEHYyXsZ46+AjQlhUwBAQOVU7VqFJkzYJxKchrdukposcx+ms2U5kO3SR5S/8A34ev4SvOG2BdYKTbD2+585391xWcaYNQj+CcO3GzVu31+9s3L13/8HDzuajY13WitARKXmpTjOsKWeSjgwznJ5WimKRcXqSXey3/MlXqjQr5ZFpKjoReCpZwQg23pV2vieZsElOucEutYmhl8YKzJ2Du3DxwmoqmGzJv5Fuye2rUut3VBpVo3bSmwisDnPCnvpUnHG3x61d+Jz+W7szqxcqeA+JFkxSz/CN/DK16/ThdFqLcz6PcginoDNIyHgxQPNzuwzhCc+uCpR2m8GzJC9JLXwfhGOtxzGqzMQ3bhjh1G0ktaYVJhd4SsceSiyonti5dg6+8J4cFqXyRxo4917NsFho3YjMR7az6etc6/wXN65NsTOxTFa1oZIsChU1h6aE7SJgzhQlhjceYKY7xWSc6wMX5dK1Uy4WeQdEZKIbDMbSub+yP1zF1jBTlYsgRze+BpL+lv3eD/wXEvilEUf+l39BS3HXwBDwHWyAG78Ee+AQOwQgQ8DN4GrwMXoWfwyqchc0iNAyWOY/BioXfgE4TuQI</latexit><latexit sha1_base64="J/M0Ent6MdJ4NKeZ70D9owiBcn4=">ACyHicdVFtb9MwEHYyXsZ46+AjQlhUwBAQOVU7VqFJkzYJxKchrdukposcx+ms2U5kO3SR5S/8A34ev4SvOG2BdYKTbD2+585391xWcaYNQj+CcO3GzVu31+9s3L13/8HDzuajY13WitARKXmpTjOsKWeSjgwznJ5WimKRcXqSXey3/MlXqjQr5ZFpKjoReCpZwQg23pV2vieZsElOucEutYmhl8YKzJ2Du3DxwmoqmGzJv5Fuye2rUut3VBpVo3bSmwisDnPCnvpUnHG3x61d+Jz+W7szqxcqeA+JFkxSz/CN/DK16/ThdFqLcz6PcginoDNIyHgxQPNzuwzhCc+uCpR2m8GzJC9JLXwfhGOtxzGqzMQ3bhjh1G0ktaYVJhd4SsceSiyonti5dg6+8J4cFqXyRxo4917NsFho3YjMR7az6etc6/wXN65NsTOxTFa1oZIsChU1h6aE7SJgzhQlhjceYKY7xWSc6wMX5dK1Uy4WeQdEZKIbDMbSub+yP1zF1jBTlYsgRze+BpL+lv3eD/wXEvilEUf+l39BS3HXwBDwHWyAG78Ee+AQOwQgQ8DN4GrwMXoWfwyqchc0iNAyWOY/BioXfgE4TuQI</latexit>

δmal → βδmal

<latexit sha1_base64="SVLAfWw+ZsQa7W5GOoVDFtpN2Y=">ACenicdVBNaxsxFJS3X2n65bTHipiCi2FRWvsJr4FkOPKdRJwGvMk1Zri0jaRXpbx4j9Qf01vTb/pYfKjgtNaAYEw8x7jN7wWiuPjF13kgcPHz1+svN09nzFy9fdfden/mqcUKORaUrd8HBS62sHKNCLS9qJ8FwLc/5fHaP/8unVeV/YarWk4NzK0qlQCM0qx7nHMT8kJqhHYWcpRXGAzots2dmi8QnKuWNOcSgd43SWfdHktZ/3A46FOW9odslI0iGbJs9HlAs5Rt0CNbnM72Ou/yohKNkRaFBu8nGatxGsChElq2u3njZQ3iEuZyEqkFI/0bK5t6fuoFLSsXHwW6Ub9dyOA8X5leJw0gAt/1uL/MmDZaH06Bs3aC04iaobDTFiq6ro4VyUqBeRQLCqfhXKhbgQGAs+FYKN/EGK5eiMgZsEXJeLtuQryN5GZbtHdeIk60rQIeTaMdK/ZG7ydn/TRjafZ10Dti23J3yFuyTz6QjByQI/KFnJIxEeQH+Ul+kevO72Q/+Zh8uhlNOtudN+QWksEfQjGuQ=</latexit><latexit sha1_base64="SVLAfWw+ZsQa7W5GOoVDFtpN2Y=">ACenicdVBNaxsxFJS3X2n65bTHipiCi2FRWvsJr4FkOPKdRJwGvMk1Zri0jaRXpbx4j9Qf01vTb/pYfKjgtNaAYEw8x7jN7wWiuPjF13kgcPHz1+svN09nzFy9fdfden/mqcUKORaUrd8HBS62sHKNCLS9qJ8FwLc/5fHaP/8unVeV/YarWk4NzK0qlQCM0qx7nHMT8kJqhHYWcpRXGAzots2dmi8QnKuWNOcSgd43SWfdHktZ/3A46FOW9odslI0iGbJs9HlAs5Rt0CNbnM72Ou/yohKNkRaFBu8nGatxGsChElq2u3njZQ3iEuZyEqkFI/0bK5t6fuoFLSsXHwW6Ub9dyOA8X5leJw0gAt/1uL/MmDZaH06Bs3aC04iaobDTFiq6ro4VyUqBeRQLCqfhXKhbgQGAs+FYKN/EGK5eiMgZsEXJeLtuQryN5GZbtHdeIk60rQIeTaMdK/ZG7ydn/TRjafZ10Dti23J3yFuyTz6QjByQI/KFnJIxEeQH+Ul+kevO72Q/+Zh8uhlNOtudN+QWksEfQjGuQ=</latexit><latexit sha1_base64="SVLAfWw+ZsQa7W5GOoVDFtpN2Y=">ACenicdVBNaxsxFJS3X2n65bTHipiCi2FRWvsJr4FkOPKdRJwGvMk1Zri0jaRXpbx4j9Qf01vTb/pYfKjgtNaAYEw8x7jN7wWiuPjF13kgcPHz1+svN09nzFy9fdfden/mqcUKORaUrd8HBS62sHKNCLS9qJ8FwLc/5fHaP/8unVeV/YarWk4NzK0qlQCM0qx7nHMT8kJqhHYWcpRXGAzots2dmi8QnKuWNOcSgd43SWfdHktZ/3A46FOW9odslI0iGbJs9HlAs5Rt0CNbnM72Ou/yohKNkRaFBu8nGatxGsChElq2u3njZQ3iEuZyEqkFI/0bK5t6fuoFLSsXHwW6Ub9dyOA8X5leJw0gAt/1uL/MmDZaH06Bs3aC04iaobDTFiq6ro4VyUqBeRQLCqfhXKhbgQGAs+FYKN/EGK5eiMgZsEXJeLtuQryN5GZbtHdeIk60rQIeTaMdK/ZG7ydn/TRjafZ10Dti23J3yFuyTz6QjByQI/KFnJIxEeQH+Ul+kevO72Q/+Zh8uhlNOtudN+QWksEfQjGuQ=</latexit><latexit sha1_base64="SVLAfWw+ZsQa7W5GOoVDFtpN2Y=">ACenicdVBNaxsxFJS3X2n65bTHipiCi2FRWvsJr4FkOPKdRJwGvMk1Zri0jaRXpbx4j9Qf01vTb/pYfKjgtNaAYEw8x7jN7wWiuPjF13kgcPHz1+svN09nzFy9fdfden/mqcUKORaUrd8HBS62sHKNCLS9qJ8FwLc/5fHaP/8unVeV/YarWk4NzK0qlQCM0qx7nHMT8kJqhHYWcpRXGAzots2dmi8QnKuWNOcSgd43SWfdHktZ/3A46FOW9odslI0iGbJs9HlAs5Rt0CNbnM72Ou/yohKNkRaFBu8nGatxGsChElq2u3njZQ3iEuZyEqkFI/0bK5t6fuoFLSsXHwW6Ub9dyOA8X5leJw0gAt/1uL/MmDZaH06Bs3aC04iaobDTFiq6ro4VyUqBeRQLCqfhXKhbgQGAs+FYKN/EGK5eiMgZsEXJeLtuQryN5GZbtHdeIk60rQIeTaMdK/ZG7ydn/TRjafZ10Dti23J3yFuyTz6QjByQI/KFnJIxEeQH+Ul+kevO72Q/+Zh8uhlNOtudN+QWksEfQjGuQ=</latexit>

Adam for

5 epochs

Boosting by 10

SLIDE 14

Targeted Model Poisoning: Results

SLIDE 15

Targeted Model Poisoning: Results

Takeaways

1. Targeted backdoor inserted with high confidence
2. Accuracy on validation data does not suffer for

global model

3. Malicious model has low validation accuracy

0.2 0.4 0.6 0.8 1 2 4 6 8 10 12 20 40 60 80 100

Confidence Classification accuracy Time

Validation Accuracy Global Malicious objective confidence (5→7) Global Validation Accuracy Malicious (Stealth)

SLIDE 16

Targeted Model Poisoning: Results

Takeaways

1. Weight update distributions for benign and

malicious agents are very different

2. Malicious update could be ‘hidden’ inside

benign one Takeaways

1. Targeted backdoor inserted with high confidence
2. Accuracy on validation data does not suffer for

global model

3. Malicious model has low validation accuracy

0.2 0.4 0.6 0.8 1 2 4 6 8 10 12 20 40 60 80 100

Confidence Classification accuracy Time

Validation Accuracy Global Malicious objective confidence (5→7) Global Validation Accuracy Malicious (Stealth)

SLIDE 17

Targeted Model Poisoning: Alternating Minimization attack

SLIDE 18

Targeted Model Poisoning: Alternating Minimization attack

Strategy Malicious agent’s update computation Alternating minimization of benign and malicious

bjectives, with distance

constraints

SLIDE 19

Targeted Model Poisoning: Alternating Minimization attack

Strategy Malicious agent’s update computation Alternating minimization of benign and malicious

bjectives, with distance

constraints

δ0

mal = argminδCross-entropy({xl m, T l m}nmal l=1 ; wG + δ)

<latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit>

Malicious Objective

SLIDE 20

Targeted Model Poisoning: Alternating Minimization attack

Strategy Malicious agent’s update computation Alternating minimization of benign and malicious

bjectives, with distance

constraints

δ0

mal → βδ0 mal

<latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit><latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit><latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit><latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit>

δ0

mal = argminδCross-entropy({xl m, T l m}nmal l=1 ; wG + δ)

<latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit>

Malicious Objective

SLIDE 21

Targeted Model Poisoning: Alternating Minimization attack

Strategy Malicious agent’s update computation Alternating minimization of benign and malicious

bjectives, with distance

constraints

δ0

mal → βδ0 mal

<latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit><latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit><latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit><latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit>

δ00

mal = argminδ Cross-entropy

{xi

m, yi m}n i=1; wG + βδ0 mal + δ

+ρkδδconsk2

2

<latexit sha1_base64="bpGqatx5D7OXRuiowl4CsCBvZi8=">ADfnicfVJb9MwGHVWLqPcNnjkxaKCbCVpNpgFZpUGBK8IZEu0l1GxzXa3FdrBd2uL5F/DA70P8GZx2Ky23T3J8dM6xP8fHSZ4xbcLwe7BSunT5ytXVa+XrN27eur2fqel5VAR2iQyk+okwZpmTNCmYSajJ7mimCcZPU5ODwv9+DNVmknxwUxy2uG4L1jKCDaeitd+oIRb1KOZwW5jI0aGjo3lOHPwACKs+pyJ2C543MxqKTWO1QYJfOJgyijqdlE3piOY95l25Pi1xs2UHkula4514axa/hY4gSajBcbOsbzNu6qWOuQaRYf2C2ClYNJERnC+LOAr7Yg0ih/SHP4lq3Fq9VwmpY29/brcGwWtsL61Hdg70wqj/dhVE1nFalsfXty0cAwFG8HnxFPUmG3P8YybDW7SjMTcdiZRjJqCujoaY5Jqe4T9seCsyp7thpCg4+8EwPplL5IQycsosrLOZaT3jinRybgf5dK8i/ae2hSfc7lol8aKgs0bpMINGwiJS2GOKEpNPMBEMX9WSAZYWJ8GUk6IhIzrHoWdRy7ahjUdEjSW0lcm5Z9yG5uTz6Ux3/UseF+or6e1L0rafe5VRhI9UjO3032FvP5/ZmJjZ/Lx0Hwl3Pr6LjOC/QatWjTx+H1UaL8GsVsE9cB9sg8Aw3wBhyBJiDBi6Af5MGnEig9LO2UnsysK8H5mrtgqUr7PwG5wCqW</latexit><latexit sha1_base64="o3NR/rwYsUwyoLX4pYQ6qUzsbFs=">ADfnicfVLdbtMwGHUWfsb42+CSG4sKtgErSbXBJjRpMCS4QyJdpPqNnJcp7UW28F2WIvnJ+CW56Ad0K8DE67lZa/T3J8dM6xP8fHaZEzbaLoe7AQXrh46fLilaWr167fuLm8cqulZakIbRKZS3WUYk1zJmjTMJPTo0JRzNOcHqbH+5V+JEqzaR4b0YF7XDcFyxjBtPJcs/UMot6tHcYLe6miBDh8ZynDu4CxFWfc5EYmc8buLYV1LrDSqMksXIQZTzKwhb8yGCe+yR6Pqi1xi2W7sula4Z146SV7BhxCl1GA429Y3mLZ1Y8dUg0ix/sCsV6waSIhOZ8SNGXy+B5FC+0OeJo1uI1muRfWosb212YBRvbEV7cQ7HmxF8c6TRjXo3HV9ta/fCoWv309SFaCz6gnScn9j5Eca92Oo8J0LFaGkZy6JVRqWmByjPu07aHAnOqOHafg4D3P9GAmlR/CwDE7u8JirvWIp97JsRno37WK/JvWLk23bFMFKWhgkwaZWUOjYRVpLDHFCUmH3mAiWL+rJAMsMLE+OCXkKAnRHKORc+ilmvHYuqHmlma7Fz87oPyU3lkz/V4S91WKkvqb8nRd946m1BFTZSPbDjd4O9Wz+n42Jic3Pc/eRcufjO8I/hu0GvXY43dxbe8FmNQiuAPugjUQg6dgD7wGB6AJSPA86AdF8CE4f1wI3w8sS4EZ2tug7kKt38Cet0r7A=</latexit><latexit sha1_base64="o3NR/rwYsUwyoLX4pYQ6qUzsbFs=">ADfnicfVLdbtMwGHUWfsb42+CSG4sKtgErSbXBJjRpMCS4QyJdpPqNnJcp7UW28F2WIvnJ+CW56Ad0K8DE67lZa/T3J8dM6xP8fHaZEzbaLoe7AQXrh46fLilaWr167fuLm8cqulZakIbRKZS3WUYk1zJmjTMJPTo0JRzNOcHqbH+5V+JEqzaR4b0YF7XDcFyxjBtPJcs/UMot6tHcYLe6miBDh8ZynDu4CxFWfc5EYmc8buLYV1LrDSqMksXIQZTzKwhb8yGCe+yR6Pqi1xi2W7sula4Z146SV7BhxCl1GA429Y3mLZ1Y8dUg0ix/sCsV6waSIhOZ8SNGXy+B5FC+0OeJo1uI1muRfWosb212YBRvbEV7cQ7HmxF8c6TRjXo3HV9ta/fCoWv309SFaCz6gnScn9j5Eca92Oo8J0LFaGkZy6JVRqWmByjPu07aHAnOqOHafg4D3P9GAmlR/CwDE7u8JirvWIp97JsRno37WK/JvWLk23bFMFKWhgkwaZWUOjYRVpLDHFCUmH3mAiWL+rJAMsMLE+OCXkKAnRHKORc+ilmvHYuqHmlma7Fz87oPyU3lkz/V4S91WKkvqb8nRd946m1BFTZSPbDjd4O9Wz+n42Jic3Pc/eRcufjO8I/hu0GvXY43dxbe8FmNQiuAPugjUQg6dgD7wGB6AJSPA86AdF8CE4f1wI3w8sS4EZ2tug7kKt38Cet0r7A=</latexit><latexit sha1_base64="xa40SpmTZi3T5MqG/LGuh2EwYQ=">ADfnicfVJb9MwGHUWLmPcOnjkxaKCDdhKEq2wCk0aDAleENiF6nuIsd1WmuxHWyHtfL8C/iFiD+D03aj5fZJjo/Ofbn+DgrC6ZNFH0PlsIrV69dX76xcvPW7Tt3G6v3DrWsFKEHRBZSHWdY04IJemCYKehxqSjmWUGPstO9Wj/6SpVmUnw245L2OB4IljOCjafSxg+UcYv6tDYra2lyNCRsRwXDu5AhNWAM5HaOY+bOvaU1HqTCqNkOXYQFTQ368gb81HKT9jGuP4il1q2E7sTK9wrL52l7+AziDJqMJxv6xtctnUTx6UGkWKDoXlSs2oITqfEzfn8MUeRArtD3meJidJ2mhGrSjZbm8lMGol7agTdzxoR3HnxRaMW9GkmBW+lq8A31Jam4/zFSYK27cVSansXKMFJQt4IqTUtMTvGAdj0UmFPds5MUHzkmT7MpfJDGDh51dYzLUe8w7OTZD/btWk3/TupXJt3uWibIyVJBpo7wqoJGwjhT2maLEFGMPMFHMnxWSIVaYGB/8ChL0jEjOsehbdOi6c+iukeW2bs3KLuQ3KX8tmf6uiXOqrVt9Tfk6IfPWxpAobqZ7aybvB3jqb/2djYmrz8J9ZNz5+C4ygv8Gh0kr9vhT3Nx9MwtyGTwAD8E6iMFLsAveg31wAEjwOhgEZfAlBOHjcDN8PrUuBbM198FChds/AfGtKMQ=</latexit>

Benign Objective Distance Constraint

δ0

mal = argminδCross-entropy({xl m, T l m}nmal l=1 ; wG + δ)

<latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit>

Malicious Objective

SLIDE 22

Targeted Model Poisoning: Alternating Minimization attack

Strategy Malicious agent’s update computation Alternating minimization of benign and malicious

bjectives, with distance

constraints

δ0

mal → βδ0 mal

<latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit><latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit><latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit><latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit>

Repeat:

For every step w.r.t. to the malicious loss, take 10 steps for the benign loss

δ00

mal = argminδ Cross-entropy

{xi

m, yi m}n i=1; wG + βδ0 mal + δ

+ρkδδconsk2

2

<latexit sha1_base64="bpGqatx5D7OXRuiowl4CsCBvZi8=">ADfnicfVJb9MwGHVWLqPcNnjkxaKCbCVpNpgFZpUGBK8IZEu0l1GxzXa3FdrBd2uL5F/DA70P8GZx2Ky23T3J8dM6xP8fHSZ4xbcLwe7BSunT5ytXVa+XrN27eur2fqel5VAR2iQyk+okwZpmTNCmYSajJ7mimCcZPU5ODwv9+DNVmknxwUxy2uG4L1jKCDaeitd+oIRb1KOZwW5jI0aGjo3lOHPwACKs+pyJ2C543MxqKTWO1QYJfOJgyijqdlE3piOY95l25Pi1xs2UHkula4514axa/hY4gSajBcbOsbzNu6qWOuQaRYf2C2ClYNJERnC+LOAr7Yg0ih/SHP4lq3Fq9VwmpY29/brcGwWtsL61Hdg70wqj/dhVE1nFalsfXty0cAwFG8HnxFPUmG3P8YybDW7SjMTcdiZRjJqCujoaY5Jqe4T9seCsyp7thpCg4+8EwPplL5IQycsosrLOZaT3jinRybgf5dK8i/ae2hSfc7lol8aKgs0bpMINGwiJS2GOKEpNPMBEMX9WSAZYWJ8GUk6IhIzrHoWdRy7ahjUdEjSW0lcm5Z9yG5uTz6Ux3/UseF+or6e1L0rafe5VRhI9UjO3032FvP5/ZmJjZ/Lx0Hwl3Pr6LjOC/QatWjTx+H1UaL8GsVsE9cB9sg8Aw3wBhyBJiDBi6Af5MGnEig9LO2UnsysK8H5mrtgqUr7PwG5wCqW</latexit><latexit sha1_base64="o3NR/rwYsUwyoLX4pYQ6qUzsbFs=">ADfnicfVLdbtMwGHUWfsb42+CSG4sKtgErSbXBJjRpMCS4QyJdpPqNnJcp7UW28F2WIvnJ+CW56Ad0K8DE67lZa/T3J8dM6xP8fHaZEzbaLoe7AQXrh46fLilaWr167fuLm8cqulZakIbRKZS3WUYk1zJmjTMJPTo0JRzNOcHqbH+5V+JEqzaR4b0YF7XDcFyxjBtPJcs/UMot6tHcYLe6miBDh8ZynDu4CxFWfc5EYmc8buLYV1LrDSqMksXIQZTzKwhb8yGCe+yR6Pqi1xi2W7sula4Z146SV7BhxCl1GA429Y3mLZ1Y8dUg0ix/sCsV6waSIhOZ8SNGXy+B5FC+0OeJo1uI1muRfWosb212YBRvbEV7cQ7HmxF8c6TRjXo3HV9ta/fCoWv309SFaCz6gnScn9j5Eca92Oo8J0LFaGkZy6JVRqWmByjPu07aHAnOqOHafg4D3P9GAmlR/CwDE7u8JirvWIp97JsRno37WK/JvWLk23bFMFKWhgkwaZWUOjYRVpLDHFCUmH3mAiWL+rJAMsMLE+OCXkKAnRHKORc+ilmvHYuqHmlma7Fz87oPyU3lkz/V4S91WKkvqb8nRd946m1BFTZSPbDjd4O9Wz+n42Jic3Pc/eRcufjO8I/hu0GvXY43dxbe8FmNQiuAPugjUQg6dgD7wGB6AJSPA86AdF8CE4f1wI3w8sS4EZ2tug7kKt38Cet0r7A=</latexit><latexit sha1_base64="o3NR/rwYsUwyoLX4pYQ6qUzsbFs=">ADfnicfVLdbtMwGHUWfsb42+CSG4sKtgErSbXBJjRpMCS4QyJdpPqNnJcp7UW28F2WIvnJ+CW56Ad0K8DE67lZa/T3J8dM6xP8fHaZEzbaLoe7AQXrh46fLilaWr167fuLm8cqulZakIbRKZS3WUYk1zJmjTMJPTo0JRzNOcHqbH+5V+JEqzaR4b0YF7XDcFyxjBtPJcs/UMot6tHcYLe6miBDh8ZynDu4CxFWfc5EYmc8buLYV1LrDSqMksXIQZTzKwhb8yGCe+yR6Pqi1xi2W7sula4Z146SV7BhxCl1GA429Y3mLZ1Y8dUg0ix/sCsV6waSIhOZ8SNGXy+B5FC+0OeJo1uI1muRfWosb212YBRvbEV7cQ7HmxF8c6TRjXo3HV9ta/fCoWv309SFaCz6gnScn9j5Eca92Oo8J0LFaGkZy6JVRqWmByjPu07aHAnOqOHafg4D3P9GAmlR/CwDE7u8JirvWIp97JsRno37WK/JvWLk23bFMFKWhgkwaZWUOjYRVpLDHFCUmH3mAiWL+rJAMsMLE+OCXkKAnRHKORc+ilmvHYuqHmlma7Fz87oPyU3lkz/V4S91WKkvqb8nRd946m1BFTZSPbDjd4O9Wz+n42Jic3Pc/eRcufjO8I/hu0GvXY43dxbe8FmNQiuAPugjUQg6dgD7wGB6AJSPA86AdF8CE4f1wI3w8sS4EZ2tug7kKt38Cet0r7A=</latexit><latexit sha1_base64="xa40SpmTZi3T5MqG/LGuh2EwYQ=">ADfnicfVJb9MwGHUWLmPcOnjkxaKCDdhKEq2wCk0aDAleENiF6nuIsd1WmuxHWyHtfL8C/iFiD+D03aj5fZJjo/Ofbn+DgrC6ZNFH0PlsIrV69dX76xcvPW7Tt3G6v3DrWsFKEHRBZSHWdY04IJemCYKehxqSjmWUGPstO9Wj/6SpVmUnw245L2OB4IljOCjafSxg+UcYv6tDYra2lyNCRsRwXDu5AhNWAM5HaOY+bOvaU1HqTCqNkOXYQFTQ368gb81HKT9jGuP4il1q2E7sTK9wrL52l7+AziDJqMJxv6xtctnUTx6UGkWKDoXlSs2oITqfEzfn8MUeRArtD3meJidJ2mhGrSjZbm8lMGol7agTdzxoR3HnxRaMW9GkmBW+lq8A31Jam4/zFSYK27cVSansXKMFJQt4IqTUtMTvGAdj0UmFPds5MUHzkmT7MpfJDGDh51dYzLUe8w7OTZD/btWk3/TupXJt3uWibIyVJBpo7wqoJGwjhT2maLEFGMPMFHMnxWSIVaYGB/8ChL0jEjOsehbdOi6c+iukeW2bs3KLuQ3KX8tmf6uiXOqrVt9Tfk6IfPWxpAobqZ7aybvB3jqb/2djYmrz8J9ZNz5+C4ygv8Gh0kr9vhT3Nx9MwtyGTwAD8E6iMFLsAveg31wAEjwOhgEZfAlBOHjcDN8PrUuBbM198FChds/AfGtKMQ=</latexit>

Benign Objective Distance Constraint

δ0

mal = argminδCross-entropy({xl m, T l m}nmal l=1 ; wG + δ)

<latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit>

Malicious Objective

SLIDE 23

Targeted Model Poisoning: Alternating Minimization attack

Takeaway Malicious objective is met while maintaining high validation accuracy for malicious model

0.2 0.4 0.6 0.8 1 2 4 6 8 10 12 20 40 60 80 100

Confidence Classification accuracy Time

Val. Acc. Global
Conf. (5→7) Global
Val. Acc. Mal. (stealth)

Strategy Malicious agent’s update computation Alternating minimization of benign and malicious

bjectives, with distance

constraints

δ0

mal → βδ0 mal

<latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit><latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit><latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit><latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit>

Repeat:

For every step w.r.t. to the malicious loss, take 10 steps for the benign loss

δ00

mal = argminδ Cross-entropy

{xi

m, yi m}n i=1; wG + βδ0 mal + δ

+ρkδδconsk2

2

<latexit sha1_base64="bpGqatx5D7OXRuiowl4CsCBvZi8=">ADfnicfVJb9MwGHVWLqPcNnjkxaKCbCVpNpgFZpUGBK8IZEu0l1GxzXa3FdrBd2uL5F/DA70P8GZx2Ky23T3J8dM6xP8fHSZ4xbcLwe7BSunT5ytXVa+XrN27eur2fqel5VAR2iQyk+okwZpmTNCmYSajJ7mimCcZPU5ODwv9+DNVmknxwUxy2uG4L1jKCDaeitd+oIRb1KOZwW5jI0aGjo3lOHPwACKs+pyJ2C543MxqKTWO1QYJfOJgyijqdlE3piOY95l25Pi1xs2UHkula4514axa/hY4gSajBcbOsbzNu6qWOuQaRYf2C2ClYNJERnC+LOAr7Yg0ih/SHP4lq3Fq9VwmpY29/brcGwWtsL61Hdg70wqj/dhVE1nFalsfXty0cAwFG8HnxFPUmG3P8YybDW7SjMTcdiZRjJqCujoaY5Jqe4T9seCsyp7thpCg4+8EwPplL5IQycsosrLOZaT3jinRybgf5dK8i/ae2hSfc7lol8aKgs0bpMINGwiJS2GOKEpNPMBEMX9WSAZYWJ8GUk6IhIzrHoWdRy7ahjUdEjSW0lcm5Z9yG5uTz6Ux3/UseF+or6e1L0rafe5VRhI9UjO3032FvP5/ZmJjZ/Lx0Hwl3Pr6LjOC/QatWjTx+H1UaL8GsVsE9cB9sg8Aw3wBhyBJiDBi6Af5MGnEig9LO2UnsysK8H5mrtgqUr7PwG5wCqW</latexit><latexit sha1_base64="o3NR/rwYsUwyoLX4pYQ6qUzsbFs=">ADfnicfVLdbtMwGHUWfsb42+CSG4sKtgErSbXBJjRpMCS4QyJdpPqNnJcp7UW28F2WIvnJ+CW56Ad0K8DE67lZa/T3J8dM6xP8fHaZEzbaLoe7AQXrh46fLilaWr167fuLm8cqulZakIbRKZS3WUYk1zJmjTMJPTo0JRzNOcHqbH+5V+JEqzaR4b0YF7XDcFyxjBtPJcs/UMot6tHcYLe6miBDh8ZynDu4CxFWfc5EYmc8buLYV1LrDSqMksXIQZTzKwhb8yGCe+yR6Pqi1xi2W7sula4Z146SV7BhxCl1GA429Y3mLZ1Y8dUg0ix/sCsV6waSIhOZ8SNGXy+B5FC+0OeJo1uI1muRfWosb212YBRvbEV7cQ7HmxF8c6TRjXo3HV9ta/fCoWv309SFaCz6gnScn9j5Eca92Oo8J0LFaGkZy6JVRqWmByjPu07aHAnOqOHafg4D3P9GAmlR/CwDE7u8JirvWIp97JsRno37WK/JvWLk23bFMFKWhgkwaZWUOjYRVpLDHFCUmH3mAiWL+rJAMsMLE+OCXkKAnRHKORc+ilmvHYuqHmlma7Fz87oPyU3lkz/V4S91WKkvqb8nRd946m1BFTZSPbDjd4O9Wz+n42Jic3Pc/eRcufjO8I/hu0GvXY43dxbe8FmNQiuAPugjUQg6dgD7wGB6AJSPA86AdF8CE4f1wI3w8sS4EZ2tug7kKt38Cet0r7A=</latexit><latexit sha1_base64="o3NR/rwYsUwyoLX4pYQ6qUzsbFs=">ADfnicfVLdbtMwGHUWfsb42+CSG4sKtgErSbXBJjRpMCS4QyJdpPqNnJcp7UW28F2WIvnJ+CW56Ad0K8DE67lZa/T3J8dM6xP8fHaZEzbaLoe7AQXrh46fLilaWr167fuLm8cqulZakIbRKZS3WUYk1zJmjTMJPTo0JRzNOcHqbH+5V+JEqzaR4b0YF7XDcFyxjBtPJcs/UMot6tHcYLe6miBDh8ZynDu4CxFWfc5EYmc8buLYV1LrDSqMksXIQZTzKwhb8yGCe+yR6Pqi1xi2W7sula4Z146SV7BhxCl1GA429Y3mLZ1Y8dUg0ix/sCsV6waSIhOZ8SNGXy+B5FC+0OeJo1uI1muRfWosb212YBRvbEV7cQ7HmxF8c6TRjXo3HV9ta/fCoWv309SFaCz6gnScn9j5Eca92Oo8J0LFaGkZy6JVRqWmByjPu07aHAnOqOHafg4D3P9GAmlR/CwDE7u8JirvWIp97JsRno37WK/JvWLk23bFMFKWhgkwaZWUOjYRVpLDHFCUmH3mAiWL+rJAMsMLE+OCXkKAnRHKORc+ilmvHYuqHmlma7Fz87oPyU3lkz/V4S91WKkvqb8nRd946m1BFTZSPbDjd4O9Wz+n42Jic3Pc/eRcufjO8I/hu0GvXY43dxbe8FmNQiuAPugjUQg6dgD7wGB6AJSPA86AdF8CE4f1wI3w8sS4EZ2tug7kKt38Cet0r7A=</latexit><latexit sha1_base64="xa40SpmTZi3T5MqG/LGuh2EwYQ=">ADfnicfVJb9MwGHUWLmPcOnjkxaKCDdhKEq2wCk0aDAleENiF6nuIsd1WmuxHWyHtfL8C/iFiD+D03aj5fZJjo/Ofbn+DgrC6ZNFH0PlsIrV69dX76xcvPW7Tt3G6v3DrWsFKEHRBZSHWdY04IJemCYKehxqSjmWUGPstO9Wj/6SpVmUnw245L2OB4IljOCjafSxg+UcYv6tDYra2lyNCRsRwXDu5AhNWAM5HaOY+bOvaU1HqTCqNkOXYQFTQ368gb81HKT9jGuP4il1q2E7sTK9wrL52l7+AziDJqMJxv6xtctnUTx6UGkWKDoXlSs2oITqfEzfn8MUeRArtD3meJidJ2mhGrSjZbm8lMGol7agTdzxoR3HnxRaMW9GkmBW+lq8A31Jam4/zFSYK27cVSansXKMFJQt4IqTUtMTvGAdj0UmFPds5MUHzkmT7MpfJDGDh51dYzLUe8w7OTZD/btWk3/TupXJt3uWibIyVJBpo7wqoJGwjhT2maLEFGMPMFHMnxWSIVaYGB/8ChL0jEjOsehbdOi6c+iukeW2bs3KLuQ3KX8tmf6uiXOqrVt9Tfk6IfPWxpAobqZ7aybvB3jqb/2djYmrz8J9ZNz5+C4ygv8Gh0kr9vhT3Nx9MwtyGTwAD8E6iMFLsAveg31wAEjwOhgEZfAlBOHjcDN8PrUuBbM198FChds/AfGtKMQ=</latexit>

Benign Objective Distance Constraint

δ0

mal = argminδCross-entropy({xl m, T l m}nmal l=1 ; wG + δ)

<latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit>

Malicious Objective

SLIDE 24

Targeted Model Poisoning: Alternating Minimization attack

Takeaway Shape and range match closely due to distance constraint Takeaway Malicious objective is met while maintaining high validation accuracy for malicious model

0.2 0.4 0.6 0.8 1 2 4 6 8 10 12 20 40 60 80 100

Confidence Classification accuracy Time

Val. Acc. Global
Conf. (5→7) Global
Val. Acc. Mal. (stealth)

Strategy Malicious agent’s update computation Alternating minimization of benign and malicious

bjectives, with distance

constraints

δ0

mal → βδ0 mal

<latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit><latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit><latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit><latexit sha1_base64="zVk37AnjomAR2N02F+4MmPeucUs=">ACfHicdVBdixMxFE3Hr3X96uqjDwarKIhDprTr9m3BFXxcwe4udEq5yWTasElmSO5YS5hf5K/xUf0vYtqt4C7ugcDhnHs5uYfXWnlk7EcnuXHz1u07O3d3791/8PBRd+/xia8aJ+RYVLpyZxy81MrKMSrU8qx2EgzX8pSfv1/7p1+k86qyn3FVy6mBuVWlEoBRmnU/5NyEvJAaoX01CznKrxgM6LaluVPzBYJz1ZLmXCLQa2dn3R5LWf9gOhTlvaHbJSNIhmybLQ/oFnKNuiRLY5ne51neVGJxkiLQoP3k4zVOA3gUAkt2928bIGcQ5zOYnUgpF+Gjb3tvRlVApaVi4+i3Sj/rsRwHi/MjxOGsCFv+qtxf95kwbLg2lQtm5QWnERVDaYkX5dFCOSlQryIB4VT8KxULcCAwVnwphZt4g5VLURkDtg5L5dtyNeRvAzL9oprxNHWFaDUbRjpX97o9eTk36asT7NOgdsm25O+QpeU5ek4y8I4fkIzkmYyLIN/Kd/CS/Or+TF8mb5O3FaNLZ7jwhl5Ds/wE1C8cb</latexit>

Repeat:

For every step w.r.t. to the malicious loss, take 10 steps for the benign loss

δ00

mal = argminδ Cross-entropy

{xi

m, yi m}n i=1; wG + βδ0 mal + δ

+ρkδδconsk2

2

<latexit sha1_base64="bpGqatx5D7OXRuiowl4CsCBvZi8=">ADfnicfVJb9MwGHVWLqPcNnjkxaKCbCVpNpgFZpUGBK8IZEu0l1GxzXa3FdrBd2uL5F/DA70P8GZx2Ky23T3J8dM6xP8fHSZ4xbcLwe7BSunT5ytXVa+XrN27eur2fqel5VAR2iQyk+okwZpmTNCmYSajJ7mimCcZPU5ODwv9+DNVmknxwUxy2uG4L1jKCDaeitd+oIRb1KOZwW5jI0aGjo3lOHPwACKs+pyJ2C543MxqKTWO1QYJfOJgyijqdlE3piOY95l25Pi1xs2UHkula4514axa/hY4gSajBcbOsbzNu6qWOuQaRYf2C2ClYNJERnC+LOAr7Yg0ih/SHP4lq3Fq9VwmpY29/brcGwWtsL61Hdg70wqj/dhVE1nFalsfXty0cAwFG8HnxFPUmG3P8YybDW7SjMTcdiZRjJqCujoaY5Jqe4T9seCsyp7thpCg4+8EwPplL5IQycsosrLOZaT3jinRybgf5dK8i/ae2hSfc7lol8aKgs0bpMINGwiJS2GOKEpNPMBEMX9WSAZYWJ8GUk6IhIzrHoWdRy7ahjUdEjSW0lcm5Z9yG5uTz6Ux3/UseF+or6e1L0rafe5VRhI9UjO3032FvP5/ZmJjZ/Lx0Hwl3Pr6LjOC/QatWjTx+H1UaL8GsVsE9cB9sg8Aw3wBhyBJiDBi6Af5MGnEig9LO2UnsysK8H5mrtgqUr7PwG5wCqW</latexit><latexit sha1_base64="o3NR/rwYsUwyoLX4pYQ6qUzsbFs=">ADfnicfVLdbtMwGHUWfsb42+CSG4sKtgErSbXBJjRpMCS4QyJdpPqNnJcp7UW28F2WIvnJ+CW56Ad0K8DE67lZa/T3J8dM6xP8fHaZEzbaLoe7AQXrh46fLilaWr167fuLm8cqulZakIbRKZS3WUYk1zJmjTMJPTo0JRzNOcHqbH+5V+JEqzaR4b0YF7XDcFyxjBtPJcs/UMot6tHcYLe6miBDh8ZynDu4CxFWfc5EYmc8buLYV1LrDSqMksXIQZTzKwhb8yGCe+yR6Pqi1xi2W7sula4Z146SV7BhxCl1GA429Y3mLZ1Y8dUg0ix/sCsV6waSIhOZ8SNGXy+B5FC+0OeJo1uI1muRfWosb212YBRvbEV7cQ7HmxF8c6TRjXo3HV9ta/fCoWv309SFaCz6gnScn9j5Eca92Oo8J0LFaGkZy6JVRqWmByjPu07aHAnOqOHafg4D3P9GAmlR/CwDE7u8JirvWIp97JsRno37WK/JvWLk23bFMFKWhgkwaZWUOjYRVpLDHFCUmH3mAiWL+rJAMsMLE+OCXkKAnRHKORc+ilmvHYuqHmlma7Fz87oPyU3lkz/V4S91WKkvqb8nRd946m1BFTZSPbDjd4O9Wz+n42Jic3Pc/eRcufjO8I/hu0GvXY43dxbe8FmNQiuAPugjUQg6dgD7wGB6AJSPA86AdF8CE4f1wI3w8sS4EZ2tug7kKt38Cet0r7A=</latexit><latexit sha1_base64="o3NR/rwYsUwyoLX4pYQ6qUzsbFs=">ADfnicfVLdbtMwGHUWfsb42+CSG4sKtgErSbXBJjRpMCS4QyJdpPqNnJcp7UW28F2WIvnJ+CW56Ad0K8DE67lZa/T3J8dM6xP8fHaZEzbaLoe7AQXrh46fLilaWr167fuLm8cqulZakIbRKZS3WUYk1zJmjTMJPTo0JRzNOcHqbH+5V+JEqzaR4b0YF7XDcFyxjBtPJcs/UMot6tHcYLe6miBDh8ZynDu4CxFWfc5EYmc8buLYV1LrDSqMksXIQZTzKwhb8yGCe+yR6Pqi1xi2W7sula4Z146SV7BhxCl1GA429Y3mLZ1Y8dUg0ix/sCsV6waSIhOZ8SNGXy+B5FC+0OeJo1uI1muRfWosb212YBRvbEV7cQ7HmxF8c6TRjXo3HV9ta/fCoWv309SFaCz6gnScn9j5Eca92Oo8J0LFaGkZy6JVRqWmByjPu07aHAnOqOHafg4D3P9GAmlR/CwDE7u8JirvWIp97JsRno37WK/JvWLk23bFMFKWhgkwaZWUOjYRVpLDHFCUmH3mAiWL+rJAMsMLE+OCXkKAnRHKORc+ilmvHYuqHmlma7Fz87oPyU3lkz/V4S91WKkvqb8nRd946m1BFTZSPbDjd4O9Wz+n42Jic3Pc/eRcufjO8I/hu0GvXY43dxbe8FmNQiuAPugjUQg6dgD7wGB6AJSPA86AdF8CE4f1wI3w8sS4EZ2tug7kKt38Cet0r7A=</latexit><latexit sha1_base64="xa40SpmTZi3T5MqG/LGuh2EwYQ=">ADfnicfVJb9MwGHUWLmPcOnjkxaKCDdhKEq2wCk0aDAleENiF6nuIsd1WmuxHWyHtfL8C/iFiD+D03aj5fZJjo/Ofbn+DgrC6ZNFH0PlsIrV69dX76xcvPW7Tt3G6v3DrWsFKEHRBZSHWdY04IJemCYKehxqSjmWUGPstO9Wj/6SpVmUnw245L2OB4IljOCjafSxg+UcYv6tDYra2lyNCRsRwXDu5AhNWAM5HaOY+bOvaU1HqTCqNkOXYQFTQ368gb81HKT9jGuP4il1q2E7sTK9wrL52l7+AziDJqMJxv6xtctnUTx6UGkWKDoXlSs2oITqfEzfn8MUeRArtD3meJidJ2mhGrSjZbm8lMGol7agTdzxoR3HnxRaMW9GkmBW+lq8A31Jam4/zFSYK27cVSansXKMFJQt4IqTUtMTvGAdj0UmFPds5MUHzkmT7MpfJDGDh51dYzLUe8w7OTZD/btWk3/TupXJt3uWibIyVJBpo7wqoJGwjhT2maLEFGMPMFHMnxWSIVaYGB/8ChL0jEjOsehbdOi6c+iukeW2bs3KLuQ3KX8tmf6uiXOqrVt9Tfk6IfPWxpAobqZ7aybvB3jqb/2djYmrz8J9ZNz5+C4ygv8Gh0kr9vhT3Nx9MwtyGTwAD8E6iMFLsAveg31wAEjwOhgEZfAlBOHjcDN8PrUuBbM198FChds/AfGtKMQ=</latexit>

Benign Objective Distance Constraint

δ0

mal = argminδCross-entropy({xl m, T l m}nmal l=1 ; wG + δ)

<latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit><latexit sha1_base64="+1V7VtyagHXve5ilOYiCbnVH9U=">ACyXicdVFtb9MwEHbC2xhvHXxEAosKrQiInKqFVWjSpE0CiS9DWrdJTRc5rtNZs51gO7TF8if+Af+Of8JHnDbAOsFJth7fc+e7ey4rOdMGoR9BeO36jZu3Nm5v3rl7/6D1tbDY1UitAhKXihTjOsKWeSDg0znJ6WimKRcXqSXezX/MkXqjQr5JFZlHQs8FSynBFsvCtfU8yYZMJ5Qa7dQmhs6NFZg7B3fh6oXVDpPk31DXcviq0fk2lUW5cJ3EJgKb8y3c5eKM/7qL4Tn8t3Y3dm5VoF9y7J8ln6Hr6El75+kbaKELdnX6vC1HU7aNBPCgj+LBmx6MI7S0NmjsMN0KniaTglTC90E41noUo9KMfeOGEU7dZlJpWmJygad05KHEguqxXYrn4HPvmcC8UP5IA5feyxkWC60XIvOR9Wz6Klc7/8WNKpPvjC2TZWoJKtCecWhKWC9CThihLDFx5gopjvFZJzrDAxfl9rVTLhZ5B0RgohsJzYWjb3R+qZu8IKctCwBHN74Gkv6W/d4P/BcTeKUR/6rX3UCPuBngMnoEOiMFbsAc+gEMwBAT8DJ4E20En/Bh+Dufh1VoGDQ5j8Cahd9+Ab6w5Dk=</latexit>

Malicious Objective

SLIDE 25

In summary…

More details and results in

ur poster (#144 tonight in

the Pacific Ballroom) ✦ Quantitative weight update statistics-based stealth results ✦Attacks on Byzantine-resilient aggregation mechanisms ✦Connections between model poisoning and interpretability

SLIDE 26

✦ Federated learning is vulnerable to model

poisoning attacks

In summary…

More details and results in

ur poster (#144 tonight in

the Pacific Ballroom) ✦ Quantitative weight update statistics-based stealth results ✦Attacks on Byzantine-resilient aggregation mechanisms ✦Connections between model poisoning and interpretability

SLIDE 27

✦ Federated learning is vulnerable to model

poisoning attacks

✦ Detection strategies make attacks more

challenging, but can be overcome by white-box attackers

In summary…

More details and results in

ur poster (#144 tonight in

the Pacific Ballroom) ✦ Quantitative weight update statistics-based stealth results ✦Attacks on Byzantine-resilient aggregation mechanisms ✦Connections between model poisoning and interpretability

SLIDE 28

✦ Federated learning is vulnerable to model

poisoning attacks

✦ Detection strategies make attacks more

challenging, but can be overcome by white-box attackers

✦ Open research question: Can we develop

distributed learning algorithms robust to model poisoning attacks?

In summary…

More details and results in

ur poster (#144 tonight in

the Pacific Ballroom) ✦ Quantitative weight update statistics-based stealth results ✦Attacks on Byzantine-resilient aggregation mechanisms ✦Connections between model poisoning and interpretability

SLIDE 29

Thank you for listening!

[1] McMahan et al., Communication-Efficient Learning

f Deep Networks from Decentralized Data, AISTATS

2017 [2] Xiao et al., Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms, arXiv preprint arXiv:1708.07747, 2017 [3] Alber et al., iNNvestigate neural networks!, arXiv preprint arXiv:1808.04260, 2018

Collaborators References

SLIDE 30

Backup slides

SLIDE 31

Adversarial challenges

SLIDE 32

Adversarial challenges

1. No access to other agents’ updates at time t: Adversary has no access to current

updates from the other agents when attempting model poisoning 

SLIDE 33

Adversarial challenges

1. No access to other agents’ updates at time t: Adversary has no access to current

updates from the other agents when attempting model poisoning 

Approach: Generate malicious update with respect to , i.e. assume

wt

G

<latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit>

wt

G ≈ wt+1 G

<latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit>

SLIDE 34

Adversarial challenges

1. No access to other agents’ updates at time t: Adversary has no access to current

updates from the other agents when attempting model poisoning 

2. Averaging with other agents: Updates from other agents could render malicious

agent’s update ineffective 

Approach: Generate malicious update with respect to , i.e. assume

wt

G

<latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit>

wt

G ≈ wt+1 G

<latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit>

SLIDE 35

Adversarial challenges

1. No access to other agents’ updates at time t: Adversary has no access to current

updates from the other agents when attempting model poisoning 

2. Averaging with other agents: Updates from other agents could render malicious

agent’s update ineffective 

Approach: Generate malicious update with respect to , i.e. assume

wt

G

<latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit>

wt

G ≈ wt+1 G

<latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit>

Approach: Boost malicious update to overcome effect of scaling

SLIDE 36

Adversarial challenges

1. No access to other agents’ updates at time t: Adversary has no access to current

updates from the other agents when attempting model poisoning 

2. Averaging with other agents: Updates from other agents could render malicious

agent’s update ineffective 

3. Randomness in choice of agents: Malicious agent is not chosen in every iteration if

large number of agents 

Approach: Generate malicious update with respect to , i.e. assume

wt

G

<latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit>

wt

G ≈ wt+1 G

<latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit>

Approach: Boost malicious update to overcome effect of scaling

SLIDE 37

Adversarial challenges

1. No access to other agents’ updates at time t: Adversary has no access to current

updates from the other agents when attempting model poisoning 

2. Averaging with other agents: Updates from other agents could render malicious

agent’s update ineffective 

3. Randomness in choice of agents: Malicious agent is not chosen in every iteration if

large number of agents 

4. Avoid detection: Server may detect based on effect on accuracy on validation data or

weight update statistics

Approach: Generate malicious update with respect to , i.e. assume

wt

G

<latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit>

wt

G ≈ wt+1 G

<latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit>

Approach: Boost malicious update to overcome effect of scaling

SLIDE 38

Adversarial challenges

1. No access to other agents’ updates at time t: Adversary has no access to current

updates from the other agents when attempting model poisoning 

2. Averaging with other agents: Updates from other agents could render malicious

agent’s update ineffective 

3. Randomness in choice of agents: Malicious agent is not chosen in every iteration if

large number of agents 

4. Avoid detection: Server may detect based on effect on accuracy on validation data or

weight update statistics

Approach: Generate malicious update with respect to , i.e. assume

wt

G

<latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit><latexit sha1_base64="TOvSKS0/P7tUcN4qF29Oy7PQw1Y=">ACq3icfVHbhMxEHWwm3Fh5sYiQEBKRN0qgeasACV4QRZC0anaJZp3Z1KrtXdle0sjaL+CV/gv/gZvEi7hNpI1R+ec0YxnslIK6xj72ouXLx0+crO1fa16zdu3trduz2RWU4jnghC3OcgUpNI6cBKPS4OgMolH2dmzRj/6gMaKQr9zyxJTBXMtcsHBeokyfLF9MV7+rpbod1W9/0O9R1u0N2DAeBjBg8fBxn8ZdtoO2cThdK/1MZkVvFKoHZdg7SRmpUs9GCe4xLqdVBZL4Gcwx0mAGhTa1K9Grun9wMxoXpjwtKMr9tcKD8rapcqCU4E7tb9rDfk3bVK5fD/1QpeVQ83XjfJKUlfQ5v90JgxyJ5cBADcizEr5KRjgLmypnWhc8EIp0DOfjOtJnPqk6ZHlvhPX9bYedlf/kBd/quc/1fNGfY5hTwZfBep1iQZcYR76BMxcQbBu8v9sQq9tIW/tI1PN+b7fiP4bjHvdOA3/c7B080hd8hdco8IDF5Qg7IS3JIRoQT6Rz+RL9Ch6G51EydoatTY1d8hWRPgNLEfZcw=</latexit>

wt

G ≈ wt+1 G

<latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit><latexit sha1_base64="Hq8jqvJ0DisMmdLRrIg1+WijYlY=">ACwnicfVHLjtMwFHXDayivDixZYFEhIZCqpGphuhvBSLBDBLtjNSE6sa96ZiJH9gObRWyZMWnsIWP4W9w2jJQXleyfHTOubr2uanOuXVh+K0RnDt/4eKlncvNK1evXb/R2r05sqowDIdM5cocp2Ax5xKHjrscj7VBEGmOR+np01o/eo/GciVfu6XGRMBM8owzcJ6atO7EaTafPHtTuorGoLVRC3pGPYyqSasdsLuXr/XpWGn2w8H0cCDfhgNHvVo1AlX1SabOpzsNj7FU8UKgdKxHKwdR6F2SQnGcZj1YwLixrYKcxw7KEgTYpVz+p6D3PTGmjD/S0RX7a0cJwtqlSL1TgDuxv2s1+TdtXLhsLym51IVDydaDsiKnTtE6FjrlBpnLlx4AM9y/lbITMCcD68ZS5wzJQTIaRmPqnGUlHE9I83KdlRV27pPrzqT53+qi5/qolYP0Odk8IWnXmo04JR5UMZgZgK8dXP/z8bl2ubvrTxSUa/vx47ov8Go24k8ftVr7z/ZLHKH3CZ3yX0Skcdknzwnh2RIGPlIPpMv5GtwELwN3gV2bQ0am5bZKuCD98BiZriEw=</latexit>

Approach: Boost malicious update to overcome effect of scaling Approach: Improve on baseline by adding benign training and distance constraints

SLIDE 39

Strategy Malicious agent’s update computation Joint minimization of benign and malicious

bjectives, with distance

constraints

Stealthy Model Poisoning

Benign Objective Malicious Objective Distance Constraint

δmal = argmin

δ

L

{xi

m, yi m}nm i=1; wG + δ

+ βL
{xl, T l}nmal

l=1 ; wG + δ

+ ρkδ δconsk2

2

<latexit sha1_base64="2NkVr+zB9hbKe1ZjUdHZqjGafFg=">ADpXicfVJdb9MwFE1WPkb52uCRF4sKMWCrktDCKjRpAiR42MSQ2m5S3UaO67TWbCeyHdbK8y9A4hX+Gv8Gpy2shY0rJb4659xj+14nOaNKB8FPf61y7fqNm+u3qrfv3L13f2PzQVdlhcSkgzOWyZMEKcKoIB1NSMnuSIJ4wcJ6fvSv74C5GKZqKtpznpczQSNKUYaQfFm74PE27gkDCNbGygJhNtOGLWgj0AkRxKhx8obHgADKS6i0AHZxOYj6g29PyD1093QvtwIiY2zeOPIs/gBdgqRhASUdj/WyGEo3AZibzb0GbLs9YKUPW/gsH+gKy2VPOc4APF+hd8AlF8SZUO4m8DyOBlG8UQvqQbTbEQgqEfNoBW2XNIMwtarBgjrwSxq3iKOXNO+wmGC06Exgwp1QuDXPcNkpiRmwVForkCJ+iEem5VCBOVN/MhmXBE4cMQZpJ9wkNZuhyhUFcqSlPnJIjPVZ/cyV4GdcrdLrbN1TkhSYCzdKCwZ0BsrJgyGVBGs2dQnCkrqzAjxGEmHt3kcVCnKGM86RGBrYtb2wb2C5R5KaWmjtKu/mYP/QZ/+ykwt2UrLvieuTJIcO+pQTiXQmn5vZ60JOulj/J6NiLnPrSj8Sbt34fs8IXJ10o3r4sh59btT23y4Gue498h57W17ovfb2vY/ekdfxsD/2v/nf/R+Vp5XDSrvSnUvX/EXNQ28lKvEvJMg05g=</latexit>

SLIDE 40

Strategy Malicious agent’s update computation Joint minimization of benign and malicious

bjectives, with distance

constraints

Stealthy Model Poisoning

Benign Objective Malicious Objective Distance Constraint

Experiment settings

Boosting by 10 ( )
Adam for 10 epochs
Cross-entropy loss
Constrain w.r.t. previous

cumulative update from other agents

β = 10

<latexit sha1_base64="h1yJ0xDNnoGJzAMiU5spdEXuvg=">ACq3icfVHbhMxEHWwm3lj7yYhEhISidYuAPiBVhQdeEWQtGp2VY2d2dSqLyvbSxqt9gt47Wv5L/4GbxIuocBI1hydc0YznuGlkj6k6bdOcuXqtes31m52b92+c/fe+sb9obeVEzgQVl3yMGjkgYHQaFh6VD0FzhAT93eoHn9F5ac2nMCsx1zAxspACQqSOMo4B6CvK0uP1XtrfSdnOc0YvA9ZP59Ejy9g/3uh8ycZWVBpNEAq8H7G0DHkNLkihsOlmlcSxClMcBShAY0+r+cjN/RZMa0sC4+E+ic/b2iBu39TPo1BO/J9aS/5NG1WheJnX0pRVQCMWjYpK0WBp+386lg5FULMIQDgZ6XiByIELfUzQxOhdUazLjOhs2I5XW9uBF3WNs6rzYtr8lKeX1bNf6lmrvsG4J4fvIvW+RAfBuid1Bm6iIVqX+X82aRa2mFf2wXUTz/fjRvTfYLjVZ9v9rQ/Pert7y0OukQfkIXlMGHlBdslbsk8GRBDzskF+Zo8T4mR0m2sCadZc0mWYkEvwOD7thI</latexit>

ρ = 1e − 4

<latexit sha1_base64="lpLSxcn6fKqS/RfueLmRpfSZtnM=">ACrHicfVHLahRBFK1pH4njK9Glm8JBEMGmK4ZoFkKILtyIETKTQHcTbtfcnilSj6aq2snQ9Bdk7Va/y7+xemZ8jFEvFHU451zu5dyiksL5JPnWi65dv3FzY/NW/adu/fub20/GDlTW45DbqSxpwU4lELj0Asv8bSyCKqQeFKcv+n0k09onTD62M8rzBVMtCgFBx+oNLNTQ19Ths93z7YGSbyfsP09Rq8CFieLGpBVHZ1t9y6zseG1Qu25BOdSlQ+b8B6wSW2/ax2WAE/hwmAWpQ6PJmsXNLnwRmTEtjw9OeLtjfOxpQzs1VEZwK/NT9qXk37S09uWrvBG6qj1qvhxU1pJ6Q7sA6FhY5F7OAwBuRdiV8ilY4D7E1M80zrhRCvS4yUZtyvIm62YUZTNgbuF+Ws/SnPrqoXv9SLTn2LISeL7wP1oUIL3thnTQZ2oiBYV/bEIvbeFfy6NQbTjfjxvRf4PRTsxexDsfdwcHh6tDbpJH5DF5Sh5SQ7IO3JEhoQTQz6TL+RrFEfHURrlS2vUW/U8JGsVld8BQnHYlQ=</latexit>

δmal = argmin

δ

L

{xi

m, yi m}nm i=1; wG + δ

+ βL
{xl, T l}nmal

l=1 ; wG + δ

+ ρkδ δconsk2

2

<latexit sha1_base64="2NkVr+zB9hbKe1ZjUdHZqjGafFg=">ADpXicfVJdb9MwFE1WPkb52uCRF4sKMWCrktDCKjRpAiR42MSQ2m5S3UaO67TWbCeyHdbK8y9A4hX+Gv8Gpy2shY0rJb4659xj+14nOaNKB8FPf61y7fqNm+u3qrfv3L13f2PzQVdlhcSkgzOWyZMEKcKoIB1NSMnuSIJ4wcJ6fvSv74C5GKZqKtpznpczQSNKUYaQfFm74PE27gkDCNbGygJhNtOGLWgj0AkRxKhx8obHgADKS6i0AHZxOYj6g29PyD1093QvtwIiY2zeOPIs/gBdgqRhASUdj/WyGEo3AZibzb0GbLs9YKUPW/gsH+gKy2VPOc4APF+hd8AlF8SZUO4m8DyOBlG8UQvqQbTbEQgqEfNoBW2XNIMwtarBgjrwSxq3iKOXNO+wmGC06Exgwp1QuDXPcNkpiRmwVForkCJ+iEem5VCBOVN/MhmXBE4cMQZpJ9wkNZuhyhUFcqSlPnJIjPVZ/cyV4GdcrdLrbN1TkhSYCzdKCwZ0BsrJgyGVBGs2dQnCkrqzAjxGEmHt3kcVCnKGM86RGBrYtb2wb2C5R5KaWmjtKu/mYP/QZ/+ykwt2UrLvieuTJIcO+pQTiXQmn5vZ60JOulj/J6NiLnPrSj8Sbt34fs8IXJ10o3r4sh59btT23y4Gue498h57W17ovfb2vY/ekdfxsD/2v/nf/R+Vp5XDSrvSnUvX/EXNQ28lKvEvJMg05g=</latexit>

SLIDE 41

Stealthy Model Poisoning: Results and Weight update

SLIDE 42

Stealthy Model Poisoning: Results and Weight update

0.2 0.4 0.6 0.8 1 2 4 6 8 10 12 14 16 20 40 60 80 100 Confidence Classification accuracy Time

Val. Acc. Global
Conf. (5!7) Global
Val. Acc. Mal. (stealthy poison)
Val. Acc. Mal. (targeted poison)

(a) Confidence on malicious objective and accuracy on valida- (b)

Takeaways

1. Malicious objective is met
2. Improved validation accuracy compared

to Targeted Model Poisoning

SLIDE 43

Stealthy Model Poisoning: Results and Weight update

0.2 0.4 0.6 0.8 1 2 4 6 8 10 12 14 16 20 40 60 80 100 Confidence Classification accuracy Time

Val. Acc. Global
Conf. (5!7) Global
Val. Acc. Mal. (stealthy poison)
Val. Acc. Mal. (targeted poison)

(a) Confidence on malicious objective and accuracy on valida- (b)

Takeaways

1. Malicious objective is met
2. Improved validation accuracy compared

to Targeted Model Poisoning Takeaway Closer match between weight updates for benign and malicious agents

SLIDE 44

Weight update distance spread (attack stealth measure)

Spread of distances between all the benign agents and between the malicious agent and the benign agents

L2

<latexit sha1_base64="MfZBb7miRWUhZrN4uqzFU4g5LAw=">ACpHicfVFLbxMxEJ5seZTwaovEhYtFBEIcovWqgeYWAQcORbQqStl+B1ZlOra3tle0mj1f4CxBV+Gxd+C96kPMJrJGs+fd83mvFMWuTCujD80go2Ll2+cnXzWv6jZu3bm9t74ysLg3HIde5Nicps5gLhUMnXI4nhUEm0xyP07PnjX78Ho0VWr1xiwITyWZKZIz56mj/Uk02eqE3TDa6+1GJOxGvbBP+x70Qtp/sktoN1xGZ3D38Os7ADiYbLc+xFPNS4nK8ZxZO6Zh4ZKGSd4jnU7Li0WjJ+xGY49VEyiTarlrDV54JkpybTxTzmyZH+tqJi0diFT75TMndrftYb8mzYuXbaXVEIVpUPFV42yMidOk+bjZCoMcpcvPGDcCD8r4afMO78etqxwjnXUjI1reJRPaZJFTc90qzq0Lpe19NsXv+Q53+q5z/V80Z9gX5PBl956nWBhjltHlcxMzPJvPUi/8m1Mrm89o+Uln7832/Efk3GEVd6vEh7QyewSo24R7ch0dA4SkM4CUcwBA4zOAjfILPwcNgPzgKhitr0LqouQNrEbz9BuDI1+E=</latexit><latexit sha1_base64="lGyHA8gNsQMyszT+qjwOHyEoy8=">ACpHicfVHLbhMxFHWGVwmvFiQ2bCwiEGIR2aMGml1UWLAolVJWikzRB7nTmrVj5HtIY1G8wWILXwFf8FPsOFb8CTlEV5Xsu7ROefqXt+bFVI4T8iXVnTh4qXLVzautq9dv3Hz1ubW7ZEzpeUw5EYae5wxB1JoGHrhJRwXFpjKJBxlp8a/egtWCeMfu0XBaSKzbTIBWc+UId7k3iy2SFdEu/0tmNMunGP9Gk/gB6h/SfbmHbJMjqDuwdfxafdz/uTrda7ZGp4qUB7LplzY0oKn1bMesEl1O2kdFAwfspmMA5QMwUurZaz1vhBYKY4NzY87fGS/bWiYsq5hcqCUzF/4n7XGvJv2rj0+U5aCV2UHjRfNcpLib3BzcfxVFjgXi4CYNyKMCvmJ8wy7sN62omGOTdKMT2tklE9pmVND2yvOrQul7Xs3xe/5Dnf6pnP9WzRn0OYU8WXgbqVQGWeWMfVwmzM8WC9Tz/zyb0yhby2j4yVYfzfb8R/jcYxV0a8AHtDHbRKjbQPXQfPUIUPUD9ALtoyHiaIbeow/oY/Qw2osOo+HKGrXOa+6gtYjefAN0v9md</latexit><latexit sha1_base64="lGyHA8gNsQMyszT+qjwOHyEoy8=">ACpHicfVHLbhMxFHWGVwmvFiQ2bCwiEGIR2aMGml1UWLAolVJWikzRB7nTmrVj5HtIY1G8wWILXwFf8FPsOFb8CTlEV5Xsu7ROefqXt+bFVI4T8iXVnTh4qXLVzautq9dv3Hz1ubW7ZEzpeUw5EYae5wxB1JoGHrhJRwXFpjKJBxlp8a/egtWCeMfu0XBaSKzbTIBWc+UId7k3iy2SFdEu/0tmNMunGP9Gk/gB6h/SfbmHbJMjqDuwdfxafdz/uTrda7ZGp4qUB7LplzY0oKn1bMesEl1O2kdFAwfspmMA5QMwUurZaz1vhBYKY4NzY87fGS/bWiYsq5hcqCUzF/4n7XGvJv2rj0+U5aCV2UHjRfNcpLib3BzcfxVFjgXi4CYNyKMCvmJ8wy7sN62omGOTdKMT2tklE9pmVND2yvOrQul7Xs3xe/5Dnf6pnP9WzRn0OYU8WXgbqVQGWeWMfVwmzM8WC9Tz/zyb0yhby2j4yVYfzfb8R/jcYxV0a8AHtDHbRKjbQPXQfPUIUPUD9ALtoyHiaIbeow/oY/Qw2osOo+HKGrXOa+6gtYjefAN0v9md</latexit><latexit sha1_base64="vU3NtfEqp3HVOWF2pZdDd4z34iQ=">ACpHicfVHbhMxEHWwm3Xh5sYhAiIfIXjXQvFWUBx6KCpJK2WXyOvMplZ9WdneptFqvwD1tXwbf4M3CZdwG8mao3POaMYzWSGF84R8bU3bt6fWfjbve/QcPH21ubQ+dKS2HATfS2NOMOZBCw8AL+G0sMBUJuEkOz9o9JMLsE4Y/dHPC0gVm2qRC858oI4Px/F4s0O6JN7r7caYdOMe6dN+AD1C+y93Me2SRXTQKo7GW63PycTwUoH2XDLnRpQUPq2Y9YJLqNtJ6aBg/JxNYRSgZgpcWi1mrfHTwExwbmx42uMF+2tFxZRzc5UFp2L+zP2uNeTftFHp8720EroPWi+bJSXEnuDm4/jibDAvZwHwLgVYVbMz5hl3If1tBMNM26UYnpSJcN6RNMqaXpkedWhdb2uZ/ms/iHP/lQvf6qXjfoGwp4svAvU+wIs8a+qBJmp4oF6yr/zyb0hby2j4yVYfzfb8R/jcYxl0a8Afa2X+9OuQGeoyeoOeIoldoH71FR2iAOJqiK3SNvkTPosPoOBosrVFrVbOD1iL69A3xsNX8</latexit>

30 40 50 60 70 80 90 100 110 2 4 6 8 10 12 14 16

Distance Time

Targeted Model Poisoning (Benign) Targeted Model Poisoning (Malicious) Stealthy Model Poisoning (Benign) Stealthy Model Poisoning (Malicious) Alternating Minimization (Benign) Alternating Minimization (Malicious)

SLIDE 45

Weight update distance spread (attack stealth measure)

Spread of distances between all the benign agents and between the malicious agent and the benign agents

L2

<latexit sha1_base64="MfZBb7miRWUhZrN4uqzFU4g5LAw=">ACpHicfVFLbxMxEJ5seZTwaovEhYtFBEIcovWqgeYWAQcORbQqStl+B1ZlOra3tle0mj1f4CxBV+Gxd+C96kPMJrJGs+fd83mvFMWuTCujD80go2Ll2+cnXzWv6jZu3bm9t74ysLg3HIde5Nicps5gLhUMnXI4nhUEm0xyP07PnjX78Ho0VWr1xiwITyWZKZIz56mj/Uk02eqE3TDa6+1GJOxGvbBP+x70Qtp/sktoN1xGZ3D38Os7ADiYbLc+xFPNS4nK8ZxZO6Zh4ZKGSd4jnU7Li0WjJ+xGY49VEyiTarlrDV54JkpybTxTzmyZH+tqJi0diFT75TMndrftYb8mzYuXbaXVEIVpUPFV42yMidOk+bjZCoMcpcvPGDcCD8r4afMO78etqxwjnXUjI1reJRPaZJFTc90qzq0Lpe19NsXv+Q53+q5z/V80Z9gX5PBl956nWBhjltHlcxMzPJvPUi/8m1Mrm89o+Uln7832/Efk3GEVd6vEh7QyewSo24R7ch0dA4SkM4CUcwBA4zOAjfILPwcNgPzgKhitr0LqouQNrEbz9BuDI1+E=</latexit><latexit sha1_base64="lGyHA8gNsQMyszT+qjwOHyEoy8=">ACpHicfVHLbhMxFHWGVwmvFiQ2bCwiEGIR2aMGml1UWLAolVJWikzRB7nTmrVj5HtIY1G8wWILXwFf8FPsOFb8CTlEV5Xsu7ROefqXt+bFVI4T8iXVnTh4qXLVzautq9dv3Hz1ubW7ZEzpeUw5EYae5wxB1JoGHrhJRwXFpjKJBxlp8a/egtWCeMfu0XBaSKzbTIBWc+UId7k3iy2SFdEu/0tmNMunGP9Gk/gB6h/SfbmHbJMjqDuwdfxafdz/uTrda7ZGp4qUB7LplzY0oKn1bMesEl1O2kdFAwfspmMA5QMwUurZaz1vhBYKY4NzY87fGS/bWiYsq5hcqCUzF/4n7XGvJv2rj0+U5aCV2UHjRfNcpLib3BzcfxVFjgXi4CYNyKMCvmJ8wy7sN62omGOTdKMT2tklE9pmVND2yvOrQul7Xs3xe/5Dnf6pnP9WzRn0OYU8WXgbqVQGWeWMfVwmzM8WC9Tz/zyb0yhby2j4yVYfzfb8R/jcYxV0a8AHtDHbRKjbQPXQfPUIUPUD9ALtoyHiaIbeow/oY/Qw2osOo+HKGrXOa+6gtYjefAN0v9md</latexit><latexit sha1_base64="lGyHA8gNsQMyszT+qjwOHyEoy8=">ACpHicfVHLbhMxFHWGVwmvFiQ2bCwiEGIR2aMGml1UWLAolVJWikzRB7nTmrVj5HtIY1G8wWILXwFf8FPsOFb8CTlEV5Xsu7ROefqXt+bFVI4T8iXVnTh4qXLVzautq9dv3Hz1ubW7ZEzpeUw5EYae5wxB1JoGHrhJRwXFpjKJBxlp8a/egtWCeMfu0XBaSKzbTIBWc+UId7k3iy2SFdEu/0tmNMunGP9Gk/gB6h/SfbmHbJMjqDuwdfxafdz/uTrda7ZGp4qUB7LplzY0oKn1bMesEl1O2kdFAwfspmMA5QMwUurZaz1vhBYKY4NzY87fGS/bWiYsq5hcqCUzF/4n7XGvJv2rj0+U5aCV2UHjRfNcpLib3BzcfxVFjgXi4CYNyKMCvmJ8wy7sN62omGOTdKMT2tklE9pmVND2yvOrQul7Xs3xe/5Dnf6pnP9WzRn0OYU8WXgbqVQGWeWMfVwmzM8WC9Tz/zyb0yhby2j4yVYfzfb8R/jcYxV0a8AHtDHbRKjbQPXQfPUIUPUD9ALtoyHiaIbeow/oY/Qw2osOo+HKGrXOa+6gtYjefAN0v9md</latexit><latexit sha1_base64="vU3NtfEqp3HVOWF2pZdDd4z34iQ=">ACpHicfVHbhMxEHWwm3Xh5sYhAiIfIXjXQvFWUBx6KCpJK2WXyOvMplZ9WdneptFqvwD1tXwbf4M3CZdwG8mao3POaMYzWSGF84R8bU3bt6fWfjbve/QcPH21ubQ+dKS2HATfS2NOMOZBCw8AL+G0sMBUJuEkOz9o9JMLsE4Y/dHPC0gVm2qRC858oI4Px/F4s0O6JN7r7caYdOMe6dN+AD1C+y93Me2SRXTQKo7GW63PycTwUoH2XDLnRpQUPq2Y9YJLqNtJ6aBg/JxNYRSgZgpcWi1mrfHTwExwbmx42uMF+2tFxZRzc5UFp2L+zP2uNeTftFHp8720EroPWi+bJSXEnuDm4/jibDAvZwHwLgVYVbMz5hl3If1tBMNM26UYnpSJcN6RNMqaXpkedWhdb2uZ/ms/iHP/lQvf6qXjfoGwp4svAvU+wIs8a+qBJmp4oF6yr/zyb0hby2j4yVYfzfb8R/jcYxl0a8Afa2X+9OuQGeoyeoOeIoldoH71FR2iAOJqiK3SNvkTPosPoOBosrVFrVbOD1iL69A3xsNX8</latexit>

Benign for all 3 attacks

30 40 50 60 70 80 90 100 110 2 4 6 8 10 12 14 16

Distance Time

Targeted Model Poisoning (Benign) Targeted Model Poisoning (Malicious) Stealthy Model Poisoning (Benign) Stealthy Model Poisoning (Malicious) Alternating Minimization (Benign) Alternating Minimization (Malicious)

SLIDE 46

Weight update distance spread (attack stealth measure)

Spread of distances between all the benign agents and between the malicious agent and the benign agents

L2

<latexit sha1_base64="MfZBb7miRWUhZrN4uqzFU4g5LAw=">ACpHicfVFLbxMxEJ5seZTwaovEhYtFBEIcovWqgeYWAQcORbQqStl+B1ZlOra3tle0mj1f4CxBV+Gxd+C96kPMJrJGs+fd83mvFMWuTCujD80go2Ll2+cnXzWv6jZu3bm9t74ysLg3HIde5Nicps5gLhUMnXI4nhUEm0xyP07PnjX78Ho0VWr1xiwITyWZKZIz56mj/Uk02eqE3TDa6+1GJOxGvbBP+x70Qtp/sktoN1xGZ3D38Os7ADiYbLc+xFPNS4nK8ZxZO6Zh4ZKGSd4jnU7Li0WjJ+xGY49VEyiTarlrDV54JkpybTxTzmyZH+tqJi0diFT75TMndrftYb8mzYuXbaXVEIVpUPFV42yMidOk+bjZCoMcpcvPGDcCD8r4afMO78etqxwjnXUjI1reJRPaZJFTc90qzq0Lpe19NsXv+Q53+q5z/V80Z9gX5PBl956nWBhjltHlcxMzPJvPUi/8m1Mrm89o+Uln7832/Efk3GEVd6vEh7QyewSo24R7ch0dA4SkM4CUcwBA4zOAjfILPwcNgPzgKhitr0LqouQNrEbz9BuDI1+E=</latexit><latexit sha1_base64="lGyHA8gNsQMyszT+qjwOHyEoy8=">ACpHicfVHLbhMxFHWGVwmvFiQ2bCwiEGIR2aMGml1UWLAolVJWikzRB7nTmrVj5HtIY1G8wWILXwFf8FPsOFb8CTlEV5Xsu7ROefqXt+bFVI4T8iXVnTh4qXLVzautq9dv3Hz1ubW7ZEzpeUw5EYae5wxB1JoGHrhJRwXFpjKJBxlp8a/egtWCeMfu0XBaSKzbTIBWc+UId7k3iy2SFdEu/0tmNMunGP9Gk/gB6h/SfbmHbJMjqDuwdfxafdz/uTrda7ZGp4qUB7LplzY0oKn1bMesEl1O2kdFAwfspmMA5QMwUurZaz1vhBYKY4NzY87fGS/bWiYsq5hcqCUzF/4n7XGvJv2rj0+U5aCV2UHjRfNcpLib3BzcfxVFjgXi4CYNyKMCvmJ8wy7sN62omGOTdKMT2tklE9pmVND2yvOrQul7Xs3xe/5Dnf6pnP9WzRn0OYU8WXgbqVQGWeWMfVwmzM8WC9Tz/zyb0yhby2j4yVYfzfb8R/jcYxV0a8AHtDHbRKjbQPXQfPUIUPUD9ALtoyHiaIbeow/oY/Qw2osOo+HKGrXOa+6gtYjefAN0v9md</latexit><latexit sha1_base64="lGyHA8gNsQMyszT+qjwOHyEoy8=">ACpHicfVHLbhMxFHWGVwmvFiQ2bCwiEGIR2aMGml1UWLAolVJWikzRB7nTmrVj5HtIY1G8wWILXwFf8FPsOFb8CTlEV5Xsu7ROefqXt+bFVI4T8iXVnTh4qXLVzautq9dv3Hz1ubW7ZEzpeUw5EYae5wxB1JoGHrhJRwXFpjKJBxlp8a/egtWCeMfu0XBaSKzbTIBWc+UId7k3iy2SFdEu/0tmNMunGP9Gk/gB6h/SfbmHbJMjqDuwdfxafdz/uTrda7ZGp4qUB7LplzY0oKn1bMesEl1O2kdFAwfspmMA5QMwUurZaz1vhBYKY4NzY87fGS/bWiYsq5hcqCUzF/4n7XGvJv2rj0+U5aCV2UHjRfNcpLib3BzcfxVFjgXi4CYNyKMCvmJ8wy7sN62omGOTdKMT2tklE9pmVND2yvOrQul7Xs3xe/5Dnf6pnP9WzRn0OYU8WXgbqVQGWeWMfVwmzM8WC9Tz/zyb0yhby2j4yVYfzfb8R/jcYxV0a8AHtDHbRKjbQPXQfPUIUPUD9ALtoyHiaIbeow/oY/Qw2osOo+HKGrXOa+6gtYjefAN0v9md</latexit><latexit sha1_base64="vU3NtfEqp3HVOWF2pZdDd4z34iQ=">ACpHicfVHbhMxEHWwm3Xh5sYhAiIfIXjXQvFWUBx6KCpJK2WXyOvMplZ9WdneptFqvwD1tXwbf4M3CZdwG8mao3POaMYzWSGF84R8bU3bt6fWfjbve/QcPH21ubQ+dKS2HATfS2NOMOZBCw8AL+G0sMBUJuEkOz9o9JMLsE4Y/dHPC0gVm2qRC858oI4Px/F4s0O6JN7r7caYdOMe6dN+AD1C+y93Me2SRXTQKo7GW63PycTwUoH2XDLnRpQUPq2Y9YJLqNtJ6aBg/JxNYRSgZgpcWi1mrfHTwExwbmx42uMF+2tFxZRzc5UFp2L+zP2uNeTftFHp8720EroPWi+bJSXEnuDm4/jibDAvZwHwLgVYVbMz5hl3If1tBMNM26UYnpSJcN6RNMqaXpkedWhdb2uZ/ms/iHP/lQvf6qXjfoGwp4svAvU+wIs8a+qBJmp4oF6yr/zyb0hby2j4yVYfzfb8R/jcYxl0a8Afa2X+9OuQGeoyeoOeIoldoH71FR2iAOJqiK3SNvkTPosPoOBosrVFrVbOD1iL69A3xsNX8</latexit>

Benign for all 3 attacks Targeted poison

30 40 50 60 70 80 90 100 110 2 4 6 8 10 12 14 16

Distance Time

Targeted Model Poisoning (Benign) Targeted Model Poisoning (Malicious) Stealthy Model Poisoning (Benign) Stealthy Model Poisoning (Malicious) Alternating Minimization (Benign) Alternating Minimization (Malicious)

SLIDE 47

Weight update distance spread (attack stealth measure)

Spread of distances between all the benign agents and between the malicious agent and the benign agents

L2

<latexit sha1_base64="MfZBb7miRWUhZrN4uqzFU4g5LAw=">ACpHicfVFLbxMxEJ5seZTwaovEhYtFBEIcovWqgeYWAQcORbQqStl+B1ZlOra3tle0mj1f4CxBV+Gxd+C96kPMJrJGs+fd83mvFMWuTCujD80go2Ll2+cnXzWv6jZu3bm9t74ysLg3HIde5Nicps5gLhUMnXI4nhUEm0xyP07PnjX78Ho0VWr1xiwITyWZKZIz56mj/Uk02eqE3TDa6+1GJOxGvbBP+x70Qtp/sktoN1xGZ3D38Os7ADiYbLc+xFPNS4nK8ZxZO6Zh4ZKGSd4jnU7Li0WjJ+xGY49VEyiTarlrDV54JkpybTxTzmyZH+tqJi0diFT75TMndrftYb8mzYuXbaXVEIVpUPFV42yMidOk+bjZCoMcpcvPGDcCD8r4afMO78etqxwjnXUjI1reJRPaZJFTc90qzq0Lpe19NsXv+Q53+q5z/V80Z9gX5PBl956nWBhjltHlcxMzPJvPUi/8m1Mrm89o+Uln7832/Efk3GEVd6vEh7QyewSo24R7ch0dA4SkM4CUcwBA4zOAjfILPwcNgPzgKhitr0LqouQNrEbz9BuDI1+E=</latexit><latexit sha1_base64="lGyHA8gNsQMyszT+qjwOHyEoy8=">ACpHicfVHLbhMxFHWGVwmvFiQ2bCwiEGIR2aMGml1UWLAolVJWikzRB7nTmrVj5HtIY1G8wWILXwFf8FPsOFb8CTlEV5Xsu7ROefqXt+bFVI4T8iXVnTh4qXLVzautq9dv3Hz1ubW7ZEzpeUw5EYae5wxB1JoGHrhJRwXFpjKJBxlp8a/egtWCeMfu0XBaSKzbTIBWc+UId7k3iy2SFdEu/0tmNMunGP9Gk/gB6h/SfbmHbJMjqDuwdfxafdz/uTrda7ZGp4qUB7LplzY0oKn1bMesEl1O2kdFAwfspmMA5QMwUurZaz1vhBYKY4NzY87fGS/bWiYsq5hcqCUzF/4n7XGvJv2rj0+U5aCV2UHjRfNcpLib3BzcfxVFjgXi4CYNyKMCvmJ8wy7sN62omGOTdKMT2tklE9pmVND2yvOrQul7Xs3xe/5Dnf6pnP9WzRn0OYU8WXgbqVQGWeWMfVwmzM8WC9Tz/zyb0yhby2j4yVYfzfb8R/jcYxV0a8AHtDHbRKjbQPXQfPUIUPUD9ALtoyHiaIbeow/oY/Qw2osOo+HKGrXOa+6gtYjefAN0v9md</latexit><latexit sha1_base64="lGyHA8gNsQMyszT+qjwOHyEoy8=">ACpHicfVHLbhMxFHWGVwmvFiQ2bCwiEGIR2aMGml1UWLAolVJWikzRB7nTmrVj5HtIY1G8wWILXwFf8FPsOFb8CTlEV5Xsu7ROefqXt+bFVI4T8iXVnTh4qXLVzautq9dv3Hz1ubW7ZEzpeUw5EYae5wxB1JoGHrhJRwXFpjKJBxlp8a/egtWCeMfu0XBaSKzbTIBWc+UId7k3iy2SFdEu/0tmNMunGP9Gk/gB6h/SfbmHbJMjqDuwdfxafdz/uTrda7ZGp4qUB7LplzY0oKn1bMesEl1O2kdFAwfspmMA5QMwUurZaz1vhBYKY4NzY87fGS/bWiYsq5hcqCUzF/4n7XGvJv2rj0+U5aCV2UHjRfNcpLib3BzcfxVFjgXi4CYNyKMCvmJ8wy7sN62omGOTdKMT2tklE9pmVND2yvOrQul7Xs3xe/5Dnf6pnP9WzRn0OYU8WXgbqVQGWeWMfVwmzM8WC9Tz/zyb0yhby2j4yVYfzfb8R/jcYxV0a8AHtDHbRKjbQPXQfPUIUPUD9ALtoyHiaIbeow/oY/Qw2osOo+HKGrXOa+6gtYjefAN0v9md</latexit><latexit sha1_base64="vU3NtfEqp3HVOWF2pZdDd4z34iQ=">ACpHicfVHbhMxEHWwm3Xh5sYhAiIfIXjXQvFWUBx6KCpJK2WXyOvMplZ9WdneptFqvwD1tXwbf4M3CZdwG8mao3POaMYzWSGF84R8bU3bt6fWfjbve/QcPH21ubQ+dKS2HATfS2NOMOZBCw8AL+G0sMBUJuEkOz9o9JMLsE4Y/dHPC0gVm2qRC858oI4Px/F4s0O6JN7r7caYdOMe6dN+AD1C+y93Me2SRXTQKo7GW63PycTwUoH2XDLnRpQUPq2Y9YJLqNtJ6aBg/JxNYRSgZgpcWi1mrfHTwExwbmx42uMF+2tFxZRzc5UFp2L+zP2uNeTftFHp8720EroPWi+bJSXEnuDm4/jibDAvZwHwLgVYVbMz5hl3If1tBMNM26UYnpSJcN6RNMqaXpkedWhdb2uZ/ms/iHP/lQvf6qXjfoGwp4svAvU+wIs8a+qBJmp4oF6yr/zyb0hby2j4yVYfzfb8R/jcYxl0a8Afa2X+9OuQGeoyeoOeIoldoH71FR2iAOJqiK3SNvkTPosPoOBosrVFrVbOD1iL69A3xsNX8</latexit>

Stealthy poison Benign for all 3 attacks Targeted poison

30 40 50 60 70 80 90 100 110 2 4 6 8 10 12 14 16

Distance Time

Targeted Model Poisoning (Benign) Targeted Model Poisoning (Malicious) Stealthy Model Poisoning (Benign) Stealthy Model Poisoning (Malicious) Alternating Minimization (Benign) Alternating Minimization (Malicious)

SLIDE 48

Weight update distance spread (attack stealth measure)

Spread of distances between all the benign agents and between the malicious agent and the benign agents

L2

<latexit sha1_base64="MfZBb7miRWUhZrN4uqzFU4g5LAw=">ACpHicfVFLbxMxEJ5seZTwaovEhYtFBEIcovWqgeYWAQcORbQqStl+B1ZlOra3tle0mj1f4CxBV+Gxd+C96kPMJrJGs+fd83mvFMWuTCujD80go2Ll2+cnXzWv6jZu3bm9t74ysLg3HIde5Nicps5gLhUMnXI4nhUEm0xyP07PnjX78Ho0VWr1xiwITyWZKZIz56mj/Uk02eqE3TDa6+1GJOxGvbBP+x70Qtp/sktoN1xGZ3D38Os7ADiYbLc+xFPNS4nK8ZxZO6Zh4ZKGSd4jnU7Li0WjJ+xGY49VEyiTarlrDV54JkpybTxTzmyZH+tqJi0diFT75TMndrftYb8mzYuXbaXVEIVpUPFV42yMidOk+bjZCoMcpcvPGDcCD8r4afMO78etqxwjnXUjI1reJRPaZJFTc90qzq0Lpe19NsXv+Q53+q5z/V80Z9gX5PBl956nWBhjltHlcxMzPJvPUi/8m1Mrm89o+Uln7832/Efk3GEVd6vEh7QyewSo24R7ch0dA4SkM4CUcwBA4zOAjfILPwcNgPzgKhitr0LqouQNrEbz9BuDI1+E=</latexit><latexit sha1_base64="lGyHA8gNsQMyszT+qjwOHyEoy8=">ACpHicfVHLbhMxFHWGVwmvFiQ2bCwiEGIR2aMGml1UWLAolVJWikzRB7nTmrVj5HtIY1G8wWILXwFf8FPsOFb8CTlEV5Xsu7ROefqXt+bFVI4T8iXVnTh4qXLVzautq9dv3Hz1ubW7ZEzpeUw5EYae5wxB1JoGHrhJRwXFpjKJBxlp8a/egtWCeMfu0XBaSKzbTIBWc+UId7k3iy2SFdEu/0tmNMunGP9Gk/gB6h/SfbmHbJMjqDuwdfxafdz/uTrda7ZGp4qUB7LplzY0oKn1bMesEl1O2kdFAwfspmMA5QMwUurZaz1vhBYKY4NzY87fGS/bWiYsq5hcqCUzF/4n7XGvJv2rj0+U5aCV2UHjRfNcpLib3BzcfxVFjgXi4CYNyKMCvmJ8wy7sN62omGOTdKMT2tklE9pmVND2yvOrQul7Xs3xe/5Dnf6pnP9WzRn0OYU8WXgbqVQGWeWMfVwmzM8WC9Tz/zyb0yhby2j4yVYfzfb8R/jcYxV0a8AHtDHbRKjbQPXQfPUIUPUD9ALtoyHiaIbeow/oY/Qw2osOo+HKGrXOa+6gtYjefAN0v9md</latexit><latexit sha1_base64="lGyHA8gNsQMyszT+qjwOHyEoy8=">ACpHicfVHLbhMxFHWGVwmvFiQ2bCwiEGIR2aMGml1UWLAolVJWikzRB7nTmrVj5HtIY1G8wWILXwFf8FPsOFb8CTlEV5Xsu7ROefqXt+bFVI4T8iXVnTh4qXLVzautq9dv3Hz1ubW7ZEzpeUw5EYae5wxB1JoGHrhJRwXFpjKJBxlp8a/egtWCeMfu0XBaSKzbTIBWc+UId7k3iy2SFdEu/0tmNMunGP9Gk/gB6h/SfbmHbJMjqDuwdfxafdz/uTrda7ZGp4qUB7LplzY0oKn1bMesEl1O2kdFAwfspmMA5QMwUurZaz1vhBYKY4NzY87fGS/bWiYsq5hcqCUzF/4n7XGvJv2rj0+U5aCV2UHjRfNcpLib3BzcfxVFjgXi4CYNyKMCvmJ8wy7sN62omGOTdKMT2tklE9pmVND2yvOrQul7Xs3xe/5Dnf6pnP9WzRn0OYU8WXgbqVQGWeWMfVwmzM8WC9Tz/zyb0yhby2j4yVYfzfb8R/jcYxV0a8AHtDHbRKjbQPXQfPUIUPUD9ALtoyHiaIbeow/oY/Qw2osOo+HKGrXOa+6gtYjefAN0v9md</latexit><latexit sha1_base64="vU3NtfEqp3HVOWF2pZdDd4z34iQ=">ACpHicfVHbhMxEHWwm3Xh5sYhAiIfIXjXQvFWUBx6KCpJK2WXyOvMplZ9WdneptFqvwD1tXwbf4M3CZdwG8mao3POaMYzWSGF84R8bU3bt6fWfjbve/QcPH21ubQ+dKS2HATfS2NOMOZBCw8AL+G0sMBUJuEkOz9o9JMLsE4Y/dHPC0gVm2qRC858oI4Px/F4s0O6JN7r7caYdOMe6dN+AD1C+y93Me2SRXTQKo7GW63PycTwUoH2XDLnRpQUPq2Y9YJLqNtJ6aBg/JxNYRSgZgpcWi1mrfHTwExwbmx42uMF+2tFxZRzc5UFp2L+zP2uNeTftFHp8720EroPWi+bJSXEnuDm4/jibDAvZwHwLgVYVbMz5hl3If1tBMNM26UYnpSJcN6RNMqaXpkedWhdb2uZ/ms/iHP/lQvf6qXjfoGwp4svAvU+wIs8a+qBJmp4oF6yr/zyb0hby2j4yVYfzfb8R/jcYxl0a8Afa2X+9OuQGeoyeoOeIoldoH71FR2iAOJqiK3SNvkTPosPoOBosrVFrVbOD1iL69A3xsNX8</latexit>

Stealthy poison Alt.min. Benign for all 3 attacks Targeted poison

30 40 50 60 70 80 90 100 110 2 4 6 8 10 12 14 16

Distance Time

Targeted Model Poisoning (Benign) Targeted Model Poisoning (Malicious) Stealthy Model Poisoning (Benign) Stealthy Model Poisoning (Malicious) Alternating Minimization (Benign) Alternating Minimization (Malicious)

SLIDE 49

Weight update distance spread (attack stealth measure)

Spread of distances between all the benign agents and between the malicious agent and the benign agents

L2

<latexit sha1_base64="MfZBb7miRWUhZrN4uqzFU4g5LAw=">ACpHicfVFLbxMxEJ5seZTwaovEhYtFBEIcovWqgeYWAQcORbQqStl+B1ZlOra3tle0mj1f4CxBV+Gxd+C96kPMJrJGs+fd83mvFMWuTCujD80go2Ll2+cnXzWv6jZu3bm9t74ysLg3HIde5Nicps5gLhUMnXI4nhUEm0xyP07PnjX78Ho0VWr1xiwITyWZKZIz56mj/Uk02eqE3TDa6+1GJOxGvbBP+x70Qtp/sktoN1xGZ3D38Os7ADiYbLc+xFPNS4nK8ZxZO6Zh4ZKGSd4jnU7Li0WjJ+xGY49VEyiTarlrDV54JkpybTxTzmyZH+tqJi0diFT75TMndrftYb8mzYuXbaXVEIVpUPFV42yMidOk+bjZCoMcpcvPGDcCD8r4afMO78etqxwjnXUjI1reJRPaZJFTc90qzq0Lpe19NsXv+Q53+q5z/V80Z9gX5PBl956nWBhjltHlcxMzPJvPUi/8m1Mrm89o+Uln7832/Efk3GEVd6vEh7QyewSo24R7ch0dA4SkM4CUcwBA4zOAjfILPwcNgPzgKhitr0LqouQNrEbz9BuDI1+E=</latexit><latexit sha1_base64="lGyHA8gNsQMyszT+qjwOHyEoy8=">ACpHicfVHLbhMxFHWGVwmvFiQ2bCwiEGIR2aMGml1UWLAolVJWikzRB7nTmrVj5HtIY1G8wWILXwFf8FPsOFb8CTlEV5Xsu7ROefqXt+bFVI4T8iXVnTh4qXLVzautq9dv3Hz1ubW7ZEzpeUw5EYae5wxB1JoGHrhJRwXFpjKJBxlp8a/egtWCeMfu0XBaSKzbTIBWc+UId7k3iy2SFdEu/0tmNMunGP9Gk/gB6h/SfbmHbJMjqDuwdfxafdz/uTrda7ZGp4qUB7LplzY0oKn1bMesEl1O2kdFAwfspmMA5QMwUurZaz1vhBYKY4NzY87fGS/bWiYsq5hcqCUzF/4n7XGvJv2rj0+U5aCV2UHjRfNcpLib3BzcfxVFjgXi4CYNyKMCvmJ8wy7sN62omGOTdKMT2tklE9pmVND2yvOrQul7Xs3xe/5Dnf6pnP9WzRn0OYU8WXgbqVQGWeWMfVwmzM8WC9Tz/zyb0yhby2j4yVYfzfb8R/jcYxV0a8AHtDHbRKjbQPXQfPUIUPUD9ALtoyHiaIbeow/oY/Qw2osOo+HKGrXOa+6gtYjefAN0v9md</latexit><latexit sha1_base64="lGyHA8gNsQMyszT+qjwOHyEoy8=">ACpHicfVHLbhMxFHWGVwmvFiQ2bCwiEGIR2aMGml1UWLAolVJWikzRB7nTmrVj5HtIY1G8wWILXwFf8FPsOFb8CTlEV5Xsu7ROefqXt+bFVI4T8iXVnTh4qXLVzautq9dv3Hz1ubW7ZEzpeUw5EYae5wxB1JoGHrhJRwXFpjKJBxlp8a/egtWCeMfu0XBaSKzbTIBWc+UId7k3iy2SFdEu/0tmNMunGP9Gk/gB6h/SfbmHbJMjqDuwdfxafdz/uTrda7ZGp4qUB7LplzY0oKn1bMesEl1O2kdFAwfspmMA5QMwUurZaz1vhBYKY4NzY87fGS/bWiYsq5hcqCUzF/4n7XGvJv2rj0+U5aCV2UHjRfNcpLib3BzcfxVFjgXi4CYNyKMCvmJ8wy7sN62omGOTdKMT2tklE9pmVND2yvOrQul7Xs3xe/5Dnf6pnP9WzRn0OYU8WXgbqVQGWeWMfVwmzM8WC9Tz/zyb0yhby2j4yVYfzfb8R/jcYxV0a8AHtDHbRKjbQPXQfPUIUPUD9ALtoyHiaIbeow/oY/Qw2osOo+HKGrXOa+6gtYjefAN0v9md</latexit><latexit sha1_base64="vU3NtfEqp3HVOWF2pZdDd4z34iQ=">ACpHicfVHbhMxEHWwm3Xh5sYhAiIfIXjXQvFWUBx6KCpJK2WXyOvMplZ9WdneptFqvwD1tXwbf4M3CZdwG8mao3POaMYzWSGF84R8bU3bt6fWfjbve/QcPH21ubQ+dKS2HATfS2NOMOZBCw8AL+G0sMBUJuEkOz9o9JMLsE4Y/dHPC0gVm2qRC858oI4Px/F4s0O6JN7r7caYdOMe6dN+AD1C+y93Me2SRXTQKo7GW63PycTwUoH2XDLnRpQUPq2Y9YJLqNtJ6aBg/JxNYRSgZgpcWi1mrfHTwExwbmx42uMF+2tFxZRzc5UFp2L+zP2uNeTftFHp8720EroPWi+bJSXEnuDm4/jibDAvZwHwLgVYVbMz5hl3If1tBMNM26UYnpSJcN6RNMqaXpkedWhdb2uZ/ms/iHP/lQvf6qXjfoGwp4svAvU+wIs8a+qBJmp4oF6yr/zyb0hby2j4yVYfzfb8R/jcYxl0a8Afa2X+9OuQGeoyeoOeIoldoH71FR2iAOJqiK3SNvkTPosPoOBosrVFrVbOD1iL69A3xsNX8</latexit>

Stealthy poison Alt.min. Benign for all 3 attacks Adding distance constraints reduces distinguishability of malicious update Takeaway Targeted poison

30 40 50 60 70 80 90 100 110 2 4 6 8 10 12 14 16

Distance Time

Targeted Model Poisoning (Benign) Targeted Model Poisoning (Malicious) Stealthy Model Poisoning (Benign) Stealthy Model Poisoning (Malicious) Alternating Minimization (Benign) Alternating Minimization (Malicious)

SLIDE 50

Estimation to improve attacks

ˆ wt

G = ˆ

wt−1

G

+ ˆ δ[k]\m + αmδt

m

<latexit sha1_base64="NbJliDCLJ9JzA9UVs7qZE3wfzbg=">ADB3icfVHLjtMwFHXDayiP6cCSjUWFhEBUSdXCdIE0AiTYIAaJdkZqQnTjOK1V24lsh05l5QMQH8MOsWXLH/AXbGF03ag5XUly0fnOtrnZsUnGnj+18a3pmz585f2LnYvHT5ytXd1t61kc5LReiQ5DxXxwloypmkQ8Mp8eFoiASTo+S2eNaP3pDlWa5fGUWBY0ETCTLGAHjqLiVhlMwNkyefXaxE/xQ7xBWHMvqBx595QUNkwpN1BVsR3PIhxqagSTpcaiql3AiynEAm84Y+HebX9jt/d7/e62O90+/4gGDjQ94PB/R4Ov6y2mhdh/Fe412Y5qQUVBrCQetx4BcmsqAMI5xWzbDUtAygwkdOyhBUB3ZRwVvuWYFGe5ckcavGQ3OywIrRcicU4BZqp/12ryb9q4Nl+ZJksSkMlWQ3KSo5NjutscoUJYvHACimPsrJlNQIzbQDOUdE5yIUCmNhxV4yCyYT0jyWw7qKptvc7/pz/Uz35pZ7U6hPqclL0uaNeFSBydUdG4KaCHDW9f0/G5Mrm7u38khE5dZ3uiP8bzDqdgKHX/baB4/Wi9xBN9BNdBsF6AE6QM/QIRoigj6jr+gb+u69d57H7yPK6vXWPdcR1vlfoBROL+mA=</latexit><latexit sha1_base64="NbJliDCLJ9JzA9UVs7qZE3wfzbg=">ADB3icfVHLjtMwFHXDayiP6cCSjUWFhEBUSdXCdIE0AiTYIAaJdkZqQnTjOK1V24lsh05l5QMQH8MOsWXLH/AXbGF03ag5XUly0fnOtrnZsUnGnj+18a3pmz585f2LnYvHT5ytXd1t61kc5LReiQ5DxXxwloypmkQ8Mp8eFoiASTo+S2eNaP3pDlWa5fGUWBY0ETCTLGAHjqLiVhlMwNkyefXaxE/xQ7xBWHMvqBx595QUNkwpN1BVsR3PIhxqagSTpcaiql3AiynEAm84Y+HebX9jt/d7/e62O90+/4gGDjQ94PB/R4Ov6y2mhdh/Fe412Y5qQUVBrCQetx4BcmsqAMI5xWzbDUtAygwkdOyhBUB3ZRwVvuWYFGe5ckcavGQ3OywIrRcicU4BZqp/12ryb9q4Nl+ZJksSkMlWQ3KSo5NjutscoUJYvHACimPsrJlNQIzbQDOUdE5yIUCmNhxV4yCyYT0jyWw7qKptvc7/pz/Uz35pZ7U6hPqclL0uaNeFSBydUdG4KaCHDW9f0/G5Mrm7u38khE5dZ3uiP8bzDqdgKHX/baB4/Wi9xBN9BNdBsF6AE6QM/QIRoigj6jr+gb+u69d57H7yPK6vXWPdcR1vlfoBROL+mA=</latexit><latexit sha1_base64="NbJliDCLJ9JzA9UVs7qZE3wfzbg=">ADB3icfVHLjtMwFHXDayiP6cCSjUWFhEBUSdXCdIE0AiTYIAaJdkZqQnTjOK1V24lsh05l5QMQH8MOsWXLH/AXbGF03ag5XUly0fnOtrnZsUnGnj+18a3pmz585f2LnYvHT5ytXd1t61kc5LReiQ5DxXxwloypmkQ8Mp8eFoiASTo+S2eNaP3pDlWa5fGUWBY0ETCTLGAHjqLiVhlMwNkyefXaxE/xQ7xBWHMvqBx595QUNkwpN1BVsR3PIhxqagSTpcaiql3AiynEAm84Y+HebX9jt/d7/e62O90+/4gGDjQ94PB/R4Ov6y2mhdh/Fe412Y5qQUVBrCQetx4BcmsqAMI5xWzbDUtAygwkdOyhBUB3ZRwVvuWYFGe5ckcavGQ3OywIrRcicU4BZqp/12ryb9q4Nl+ZJksSkMlWQ3KSo5NjutscoUJYvHACimPsrJlNQIzbQDOUdE5yIUCmNhxV4yCyYT0jyWw7qKptvc7/pz/Uz35pZ7U6hPqclL0uaNeFSBydUdG4KaCHDW9f0/G5Mrm7u38khE5dZ3uiP8bzDqdgKHX/baB4/Wi9xBN9BNdBsF6AE6QM/QIRoigj6jr+gb+u69d57H7yPK6vXWPdcR1vlfoBROL+mA=</latexit><latexit sha1_base64="NbJliDCLJ9JzA9UVs7qZE3wfzbg=">ADB3icfVHLjtMwFHXDayiP6cCSjUWFhEBUSdXCdIE0AiTYIAaJdkZqQnTjOK1V24lsh05l5QMQH8MOsWXLH/AXbGF03ag5XUly0fnOtrnZsUnGnj+18a3pmz585f2LnYvHT5ytXd1t61kc5LReiQ5DxXxwloypmkQ8Mp8eFoiASTo+S2eNaP3pDlWa5fGUWBY0ETCTLGAHjqLiVhlMwNkyefXaxE/xQ7xBWHMvqBx595QUNkwpN1BVsR3PIhxqagSTpcaiql3AiynEAm84Y+HebX9jt/d7/e62O90+/4gGDjQ94PB/R4Ov6y2mhdh/Fe412Y5qQUVBrCQetx4BcmsqAMI5xWzbDUtAygwkdOyhBUB3ZRwVvuWYFGe5ckcavGQ3OywIrRcicU4BZqp/12ryb9q4Nl+ZJksSkMlWQ3KSo5NjutscoUJYvHACimPsrJlNQIzbQDOUdE5yIUCmNhxV4yCyYT0jyWw7qKptvc7/pz/Uz35pZ7U6hPqclL0uaNeFSBydUdG4KaCHDW9f0/G5Mrm7u38khE5dZ3uiP8bzDqdgKHX/baB4/Wi9xBN9BNdBsF6AE6QM/QIRoigj6jr+gb+u69d57H7yPK6vXWPdcR1vlfoBROL+mA=</latexit>

ˆ δ[k]\m = δt−1

[k]\m

<latexit sha1_base64="D1nVs6RHQbU8adP5DTkzy5zubXQ=">AC7nicfVFdixMxFE3Hr7V+bFcfQkWQTLTGl1+yAs6oMg4gq2uzAZSya904YmSHJ2C1hfoHvomvprxDf9J2baqltdvRByOdcbnJuWghubBh+bQTnzl+4eGncvPK1WvXd1t7N0YmLzWDIctFro9TakBwBUPLrYDjQgOVqYCjdP6k1o/egjY8V6/tsoBE0qniGWfUemrceo7JjFpHUunIBISlVTV28TzBxICVXJUGywo/wviU42z96MzbONWO+yE3f1+r4vDTrcfDqKB/0wGjzo4agTrqNnU43mu8I5OclRKUZYIaE0dhYRNHteVMQNUkpYGCsjmdQuyhohJM4la/rvAdz0xwlmt/lMUr9nSHo9KYpUy9U1I7M39qNXmWFpc208cV0VpQbH1oKwU2Oa4jhBPuAZmxdIDyjT3b8VsRjVl1gfdJAoWLJeSqokjoyqOEkfqGWnm2lFVbetptqh+yYu/1ZPf6kmtPgWfk4YXnpZgKY21/coXoqbdu7v/ZuFrb/L2VR7pa38d4X+DUbcTefyq1z54vFnkDrqFbqO7KEIP0QF6hg7REDH0GX1B39D3oAjeBx+Cj2tr0Nj03ERbFXz6AUim9KE=</latexit><latexit sha1_base64="D1nVs6RHQbU8adP5DTkzy5zubXQ=">AC7nicfVFdixMxFE3Hr7V+bFcfQkWQTLTGl1+yAs6oMg4gq2uzAZSya904YmSHJ2C1hfoHvomvprxDf9J2baqltdvRByOdcbnJuWghubBh+bQTnzl+4eGncvPK1WvXd1t7N0YmLzWDIctFro9TakBwBUPLrYDjQgOVqYCjdP6k1o/egjY8V6/tsoBE0qniGWfUemrceo7JjFpHUunIBISlVTV28TzBxICVXJUGywo/wviU42z96MzbONWO+yE3f1+r4vDTrcfDqKB/0wGjzo4agTrqNnU43mu8I5OclRKUZYIaE0dhYRNHteVMQNUkpYGCsjmdQuyhohJM4la/rvAdz0xwlmt/lMUr9nSHo9KYpUy9U1I7M39qNXmWFpc208cV0VpQbH1oKwU2Oa4jhBPuAZmxdIDyjT3b8VsRjVl1gfdJAoWLJeSqokjoyqOEkfqGWnm2lFVbetptqh+yYu/1ZPf6kmtPgWfk4YXnpZgKY21/coXoqbdu7v/ZuFrb/L2VR7pa38d4X+DUbcTefyq1z54vFnkDrqFbqO7KEIP0QF6hg7REDH0GX1B39D3oAjeBx+Cj2tr0Nj03ERbFXz6AUim9KE=</latexit><latexit sha1_base64="D1nVs6RHQbU8adP5DTkzy5zubXQ=">AC7nicfVFdixMxFE3Hr7V+bFcfQkWQTLTGl1+yAs6oMg4gq2uzAZSya904YmSHJ2C1hfoHvomvprxDf9J2baqltdvRByOdcbnJuWghubBh+bQTnzl+4eGncvPK1WvXd1t7N0YmLzWDIctFro9TakBwBUPLrYDjQgOVqYCjdP6k1o/egjY8V6/tsoBE0qniGWfUemrceo7JjFpHUunIBISlVTV28TzBxICVXJUGywo/wviU42z96MzbONWO+yE3f1+r4vDTrcfDqKB/0wGjzo4agTrqNnU43mu8I5OclRKUZYIaE0dhYRNHteVMQNUkpYGCsjmdQuyhohJM4la/rvAdz0xwlmt/lMUr9nSHo9KYpUy9U1I7M39qNXmWFpc208cV0VpQbH1oKwU2Oa4jhBPuAZmxdIDyjT3b8VsRjVl1gfdJAoWLJeSqokjoyqOEkfqGWnm2lFVbetptqh+yYu/1ZPf6kmtPgWfk4YXnpZgKY21/coXoqbdu7v/ZuFrb/L2VR7pa38d4X+DUbcTefyq1z54vFnkDrqFbqO7KEIP0QF6hg7REDH0GX1B39D3oAjeBx+Cj2tr0Nj03ERbFXz6AUim9KE=</latexit><latexit sha1_base64="D1nVs6RHQbU8adP5DTkzy5zubXQ=">AC7nicfVFdixMxFE3Hr7V+bFcfQkWQTLTGl1+yAs6oMg4gq2uzAZSya904YmSHJ2C1hfoHvomvprxDf9J2baqltdvRByOdcbnJuWghubBh+bQTnzl+4eGncvPK1WvXd1t7N0YmLzWDIctFro9TakBwBUPLrYDjQgOVqYCjdP6k1o/egjY8V6/tsoBE0qniGWfUemrceo7JjFpHUunIBISlVTV28TzBxICVXJUGywo/wviU42z96MzbONWO+yE3f1+r4vDTrcfDqKB/0wGjzo4agTrqNnU43mu8I5OclRKUZYIaE0dhYRNHteVMQNUkpYGCsjmdQuyhohJM4la/rvAdz0xwlmt/lMUr9nSHo9KYpUy9U1I7M39qNXmWFpc208cV0VpQbH1oKwU2Oa4jhBPuAZmxdIDyjT3b8VsRjVl1gfdJAoWLJeSqokjoyqOEkfqGWnm2lFVbetptqh+yYu/1ZPf6kmtPgWfk4YXnpZgKY21/coXoqbdu7v/ZuFrb/L2VR7pa38d4X+DUbcTefyq1z54vFnkDrqFbqO7KEIP0QF6hg7REDH0GX1B39D3oAjeBx+Cj2tr0Nj03ERbFXz6AUim9KE=</latexit>

Attack Targeted Model Poisoning Alternating Minimization Estimation None Previous step None Previous step t = 2 0.63 0.82 0.17 0.47 t = 3 0.93 0.98 0.34 0.89 t = 4 0.99 1.0 0.88 1.0

Estimating update from other agents Previous step estimation: Improvement in attack confidence (CNN on Fashion MNIST, 10 agents)

SLIDE 51

Results on Adult Census dataset

0.2 0.4 0.6 0.8 1 5 10 15 20 25 30 35 40 20 40 60 80 100 Confidence Classification accuracy Time

Val. Acc. Global
Conf. (5→7) Global
Val. Acc. Mal. (stealth)

(a) Targeted model poisoning (b) Comparison of weight update distributions for targeted model poisoning

0.2 0.4 0.6 0.8 1 5 10 15 20 25 30 35 40 20 40 60 80 100 Confidence Classification accuracy Time

Val. Acc. Global
Conf. (5→7) Global
Val. Acc. Mal. (stealth)

(c) Stealthy model poisoning with λ = 20 and ρ = 1e−4 (d) Comparison of weight update distributions for stealthy model poisoning

0.2 0.4 0.6 0.8 1 5 10 15 20 25 30 35 40 20 40 60 80 100 Confidence Classification accuracy Time

Val. Acc. Global
Conf. (5→7) Global
Val. Acc. Mal. (stealth)

(e) Alternating minimization with λ = 20 and ρ = 1e−4 and 10 epochs for the malicious agent (f) Comparison of weight update distributions for alternating minimization

SLIDE 52

Results on 100 agents

0.2 0.4 0.6 0.8 1 5 10 15 20 25 30 35 40 45 50 20 40 60 80 100 Confidence Classification accuracy Time

Val. Acc. Global
Conf. Global (5→7)

(a) Targeted model poisoning with λ = 100.

0.2 0.4 0.6 0.8 1 5 10 15 20 25 30 35 40 45 50 20 40 60 80 100 Confidence Classification accuracy Time

Val. Acc. Global
Conf. Global (5→7)
Val. Acc. Mal. (Stealth)

(b) Alternating minimization with λ = 100, 100 epochs for the malicious agent and 10 steps for the stealth objective for every step of the benign objective.

SLIDE 53

Attack with 10 targets

0.2 0.4 0.6 0.8 1 5 10 15 20 25 30 35 40 20 40 60 80 100 Confidence Classification accuracy Time

Val. Acc. Global
Mal. Obj. (Fraction of targets)
Val. Acc. Mal. (stealth)

(a) Targeted model poisoning.

0.2 0.4 0.6 0.8 1 5 10 15 20 25 30 35 40 20 40 60 80 100 Confidence Classification accuracy Time

Val. Acc. Global
Mal. Obj. (Fraction of targets)
Val. Acc. Mal. (stealth)

(b) Alternating minimization with 10 epochs for the malicious agent and 10 steps for the stealth objective for every step of the benign objective.

SLIDE 54

Fragility of interpretability

Using a suite of interpretability techniques [3] to compare global model decisions

SLIDE 55

Fragility of interpretability

Global model trained using only benign agents Using a suite of interpretability techniques [3] to compare global model decisions

SLIDE 56

Fragility of interpretability

Global model trained using only benign agents Global model trained with one malicious model and the rest benign Using a suite of interpretability techniques [3] to compare global model decisions

SLIDE 57

Fragility of interpretability

Global model trained using only benign agents Global model trained with one malicious model and the rest benign Only two which appear to be significantly visually different Using a suite of interpretability techniques [3] to compare global model decisions

SLIDE 58

Attacks on Byzantine-resilient aggregation

0.2 0.4 0.6 0.8 1 5 10 15 20 25 30 35 40 20 40 60 80 100 Confidence Classification accuracy Time

Val. Acc. Global (Krum)
Mal. Conf. Global (Krum)
Val. Acc. Global (Coomed)
Mal. Conf. Global (Coomed)
f
f

mod-

f

mechanisms

Takeaways

1. Adding resilience against attackers aiming to prevent convergence is ineffective

against model poisoning attacks

2. Krum chooses update closest to all others distance-constrained attacks are

effective

⇒

SLIDE 59

What next?

✦ Convergence: prove good performance of global models ✦ Scalability: implementing attacks at scale ✦ Robustness: behavior of poisoned models in parameter space ✦ Generalizability: behavior in input space around poisoned points