learning from untrusted data
play

Learning from Untrusted Data Moses Charikar, Jacob Steinhardt, - PowerPoint PPT Presentation

Jul 08, 2023 •137 likes •621 views

Learning from Untrusted Data Moses Charikar, Jacob Steinhardt, Gregory Valiant Symposium on the Theory of Computing June 19, 2017 (Icon credit: Annie Lin) Motivation: data poisoning attacks: 1 (Icon credit: Annie Lin) Motivation: data

  1. Learning from Untrusted Data Moses Charikar, Jacob Steinhardt, Gregory Valiant Symposium on the Theory of Computing June 19, 2017

  2. (Icon credit: Annie Lin) Motivation: data poisoning attacks: 1

  3. (Icon credit: Annie Lin) Motivation: data poisoning attacks: Question: what concepts can be learned in the presence of arbitrarily corrupted data? 1

  4. Related Work • 60 years of work on robust statistics... PCA: • XCM ’10, CLMW ’11, CSPW ’11 Mean estimation: • LRV ’16, DKKLMS ’16, DKKLMS ’17, L ’17, DBS ’17, S CV ’17 Regression: • NTN ’11, NT ’13, CCM ’13, BJK ’15 Classification: • FHKP ’09, GR ’09, KLS ’09, ABL ’14 Semi-random graphs: • FK ’01, C ’07, MMV ’12, S ’17 Other: • HM ’13, C ’14, C ’16, DKS ’16, S CV ’16 2

  5. Problem Setting Observe n points x 1 , . . . , x n 3

  6. Problem Setting Observe n points x 1 , . . . , x n Unknown subset of αn points drawn i.i.d. from p ∗ 3

  7. Problem Setting Observe n points x 1 , . . . , x n Unknown subset of αn points drawn i.i.d. from p ∗ Remaining (1 − α ) n points are arbitrary 3

  8. Problem Setting Observe n points x 1 , . . . , x n Unknown subset of αn points drawn i.i.d. from p ∗ Remaining (1 − α ) n points are arbitrary Goal: estimate parameter of interest θ ( p ∗ ) • assuming p ∗ ∈ P (e.g. bounded moments) • θ ( p ∗ ) could be mean, best fit line, ranking, etc. 3

  9. Problem Setting Observe n points x 1 , . . . , x n Unknown subset of αn points drawn i.i.d. from p ∗ Remaining (1 − α ) n points are arbitrary Goal: estimate parameter of interest θ ( p ∗ ) • assuming p ∗ ∈ P (e.g. bounded moments) • θ ( p ∗ ) could be mean, best fit line, ranking, etc. New regime: α ≪ 1 3

  10. Why Is This Possible? If e.g. α = 1 3 , estimation seems impossible: 4

  11. Why Is This Possible? If e.g. α = 1 3 , estimation seems impossible: 4

  12. Why Is This Possible? If e.g. α = 1 3 , estimation seems impossible: But can narrow down to 3 possibilities! 4

  13. Why Is This Possible? If e.g. α = 1 3 , estimation seems impossible: But can narrow down to 3 possibilities! List-decodable learning [Balcan, Blum, Vempala ’08] • output O (1 /α ) answers, one of which is approximately correct 4

  14. Why Is This Possible? If e.g. α = 1 3 , estimation seems impossible: But can narrow down to 3 possibilities! List-decodable learning [Balcan, Blum, Vempala ’08] • output O (1 /α ) answers, one of which is approximately correct Semi-verified learning • observe O (1) verified points from p ∗ 4

  15. Why Is This Possible? If e.g. α = 1 3 , estimation seems impossible: But can narrow down to 3 possibilities! List-decodable learning [Balcan, Blum, Vempala ’08] • output O (1 /α ) answers, one of which is approximately correct Semi-verified learning • observe O (1) verified points from p ∗ 4

  16. Why Care? Practical problem: data poisoning attacks • How can we build learning algorithms that are provably secure to manipulation? 5

  17. Why Care? Practical problem: data poisoning attacks • How can we build learning algorithms that are provably secure to manipulation? Fundamental problem in robust statistics • What can be learned in presence of arbitrary outliers? 5

  18. Why Care? Practical problem: data poisoning attacks • How can we build learning algorithms that are provably secure to manipulation? Fundamental problem in robust statistics • What can be learned in presence of arbitrary outliers? Agnostic learning of mixtures • When is it possible to learn about one mixture component, with no assumptions about the other components? 5

  19. Main Theorem Observed functions: f 1 , . . . , f n Want to minimize unknown target function: ¯ f 6

  20. Main Theorem Observed functions: f 1 , . . . , f n Want to minimize unknown target function: ¯ f Key quantity: spectral norm bound on a subset I : w ∈ R d � [ ∇ f i ( w ) − ∇ ¯ √ 1 | I | max f ( w )] i ∈ I � op ≤ S. 6

  21. Main Theorem Observed functions: f 1 , . . . , f n Want to minimize unknown target function: ¯ f Key quantity: spectral norm bound on a subset I : w ∈ R d � [ ∇ f i ( w ) − ∇ ¯ √ 1 | I | max f ( w )] i ∈ I � op ≤ S. Meta-Theorem Given a spectral norm bound on an unknown subset of αn functions, learning is possible: • in the semi-verified model (for convex f i ) • in the list-decodable model (for strongly convex f i ) 6

  22. Main Theorem Observed functions: f 1 , . . . , f n Want to minimize unknown target function: ¯ f Key quantity: spectral norm bound on a subset I : w ∈ R d � [ ∇ f i ( w ) − ∇ ¯ √ 1 | I | max f ( w )] i ∈ I � op ≤ S. Meta-Theorem Given a spectral norm bound on an unknown subset of αn functions, learning is possible: • in the semi-verified model (for convex f i ) • in the list-decodable model (for strongly convex f i ) All results direct corollaries of meta-theorem! 6

  23. Corollary: Mean Estimation Setting: distribution p ∗ on R d with mean µ and bounded 1st moments: E p ∗ [ |� x − µ, v �| ] ≤ σ � v � 2 for all v ∈ R d . 7

  24. Corollary: Mean Estimation Setting: distribution p ∗ on R d with mean µ and bounded 1st moments: E p ∗ [ |� x − µ, v �| ] ≤ σ � v � 2 for all v ∈ R d . Observe αn samples from p ∗ and (1 − α ) n arbitrary points, and want to estimate µ . 7

  25. Corollary: Mean Estimation Setting: distribution p ∗ on R d with mean µ and bounded 1st moments: E p ∗ [ |� x − µ, v �| ] ≤ σ � v � 2 for all v ∈ R d . Observe αn samples from p ∗ and (1 − α ) n arbitrary points, and want to estimate µ . Theorem (Mean Estimation) If αn ≥ d , it is possible to output estimates ˆ µ 1 , . . . , ˆ µ m of the mean µ such that • m ≤ 2 /α , and O ( σ/ √ α ) w.h.p. µ j − µ � 2 = ˜ • min m j =1 � ˆ 7

  26. Corollary: Mean Estimation Setting: distribution p ∗ on R d with mean µ and bounded 1st moments: E p ∗ [ |� x − µ, v �| ] ≤ σ � v � 2 for all v ∈ R d . Observe αn samples from p ∗ and (1 − α ) n arbitrary points, and want to estimate µ . Theorem (Mean Estimation) If αn ≥ d , it is possible to output estimates ˆ µ 1 , . . . , ˆ µ m of the mean µ such that • m ≤ 2 /α , and O ( σ/ √ α ) w.h.p. µ j − µ � 2 = ˜ • min m j =1 � ˆ Alternately, it is possible to output an estimate ˆ µ given a single verified point from p ∗ . 7

  27. Comparisons Mean estimation: Bound Regime Assumption Samples σ √ 1 − α α > 1 − c 4 th moments d LRV ’16 d 3 σ (1 − α ) α > 1 − c DKKLMS ’16 sub-Gaussian σ/ √ α α > 0 1 st moments d CSV ’17 8

  28. Comparisons Mean estimation: Bound Regime Assumption Samples σ √ 1 − α α > 1 − c 4 th moments d LRV ’16 d 3 σ (1 − α ) α > 1 − c DKKLMS ’16 sub-Gaussian σ/ √ α α > 0 1 st moments d CSV ’17 Estimating mixtures: Separation Robust? σ ( k + 1 / √ α ) AM ’05 no σk KK ’10 no √ σ k AS ’12 no σ/ √ α CSV ’17 yes 8

  29. Other Results Stochastic Block Model: (sparse regime: cf. GV ’14, LLV ’15, RT ’15, RV ’16) Average Degree Robust? 1 /α 4 GV ’14 no 1 /α 2 AS ’15 no 1 /α 3 yes CSV ’17 9

  30. Other Results Stochastic Block Model: (sparse regime: cf. GV ’14, LLV ’15, RT ’15, RV ’16) Average Degree Robust? 1 /α 4 GV ’14 no 1 /α 2 AS ’15 no 1 /α 3 yes CSV ’17 Others: • discrete product distributions • exponential families • ranking 9

  31. Proof Overview (Mean Estimation) Recall goal: given n points x 1 , . . . , x n , αn drawn from p ∗ , estimate mean µ of p ∗ 10

  32. Proof Overview (Mean Estimation) Recall goal: given n points x 1 , . . . , x n , αn drawn from p ∗ , estimate mean µ of p ∗ Key tension: balance adversarial and statistical error 10

  33. Proof Overview (Mean Estimation) Recall goal: given n points x 1 , . . . , x n , αn drawn from p ∗ , estimate mean µ of p ∗ Key tension: balance adversarial and statistical error Key tension: balance adversarial and statistical error 10

  34. Proof Overview (Mean Estimation) Recall goal: given n points x 1 , . . . , x n , αn drawn from p ∗ , estimate mean µ of p ∗ Key tension: balance adversarial and statistical error Key tension: balance adversarial and statistical error Key tension: balance adversarial and statistical error 10

  35. Proof Overview (Mean Estimation) Recall goal: given n points x 1 , . . . , x n , αn drawn from p ∗ , estimate mean µ of p ∗ Key tension: balance adversarial and statistical error Key tension: balance adversarial and statistical error Key tension: balance adversarial and statistical error High-level strategy: solve convex optimization problem • if cost is low, estimation succeeds (spectral norm bound) • if cost is high, identify and remove outliers 10

  36. Proof Overview (Mean Estimation) Recall goal: given n points x 1 , . . . , x n , αn drawn from p ∗ , estimate mean µ of p ∗ Key tension: balance adversarial and statistical error Key tension: balance adversarial and statistical error Key tension: balance adversarial and statistical error High-level strategy: solve convex optimization problem • if cost is low, estimation succeeds (spectral norm bound) • if cost is high, identify and remove outliers 10

  37. Algorithm � n i =1 � x i − µ � 2 First pass: minimize µ 2 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Robust Learning from Untrusted Sources Nikola Konstantinov Christoph H. Lampert ICML, June 2019

Robust Learning from Untrusted Sources Nikola Konstantinov Christoph H. Lampert ICML, June 2019

Robust Learning from Untrusted Sources Nikola Konstantinov Christoph H. Lampert ICML, June 2019 Konstantinov, Lampert; IST Austria Robust Learning from Untrusted Sources Poster 156 1 / 13 Motivation Collecting data for machine learning

386 views • 28 slides
Chip-Secured Data Access: Confidential Data on Untrusted Servers L. Bouganim, P. Pucheral

Chip-Secured Data Access: Confidential Data on Untrusted Servers L. Bouganim, P. Pucheral

Chip-Secured Data Access: Confidential Data on Untrusted Servers L. Bouganim, P. Pucheral University of Versailles The need for Open Trusted Data Stores PAGE 2 Virtual teams distributed among space, time and organizations

394 views • 12 slides
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules or library untrusted

797 views • 46 slides
Deserialization of untrusted data in Java Analysis, current solutions & a new approach

Deserialization of untrusted data in Java Analysis, current solutions & a new approach

Deserialization of untrusted data in Java Analysis, current solutions & a new approach Apostolos Giannakidis OWASP London Meetup @apgiannakidis 18th May 2017 1 Whois Security Architect at Waratek Application security

587 views • 46 slides
Protecting Data in Untrusted Locations An exercise in Real World threat modeling. Jan

Protecting Data in Untrusted Locations An exercise in Real World threat modeling. Jan

Protecting Data in Untrusted Locations An exercise in Real World threat modeling. Jan Schaumann 99CE 1DC7 770A C5A8 09A6 @jschauma 0DCD 66CE 4FE9 6F6B D3D7 Me. Errday. Obligatory James Mickens This World of Ours reference.

714 views • 40 slides
Hails: Protecting Data Privacy in Untrusted Web Applications Daniel B. Giffin, Amit Levy, Deian

Hails: Protecting Data Privacy in Untrusted Web Applications Daniel B. Giffin, Amit Levy, Deian

Hails: Protecting Data Privacy in Untrusted Web Applications Daniel B. Giffin, Amit Levy, Deian Stefan, David Terei, John Mitchell, David Mazires, and Alejandro Russo Web platforms are great ! They allow third-party developers to build apps

714 views • 54 slides
Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work

Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work

Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work with Alessandro Chiesa Eli Ben-Sasson Daniel Genkin 1 Technion Cryptoday June 16, 2011 Motivation 3 Motivation INTEGRITY CONFIDENTIALITY

725 views • 50 slides
Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds Frank Wang (MIT

Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds Frank Wang (MIT

Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds Frank Wang (MIT CSAIL) , James Mickens (Harvard), Nickolai Zeldovich (MIT CSAIL), Vinod Vaikuntanathan (MIT CSAIL) 1 Motivation Boston Marathon NY Marathon

1.12k views • 95 slides
Towards Application Security on Untrusted Operating Systems Dan R. K. Ports Tal Garfinkel MIT

Towards Application Security on Untrusted Operating Systems Dan R. K. Ports Tal Garfinkel MIT

Towards Application Security on Untrusted Operating Systems Dan R. K. Ports Tal Garfinkel MIT CSAIL & VMware VMware Motivation Many applications handle sensitive data financial, medical, insurance, military... credit cards, medical

712 views • 25 slides
Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data Tyler Hunt , Zhiting Zhu,

Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data Tyler Hunt , Zhiting Zhu,

Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data Tyler Hunt , Zhiting Zhu, Yuanzhong Xu, Simon Peter, Emmett Witchel 1 Disease risk assessment: Trust issues D i s e a s e R i s k 2 Disease risk assessment: Trust

766 views • 57 slides
Access Control in Untrusted Cloud Storage using Unidirectional Re-encryption Zach Kissel, Jie

Access Control in Untrusted Cloud Storage using Unidirectional Re-encryption Zach Kissel, Jie

Access Control in Untrusted Cloud Storage using Unidirectional Re-encryption Zach Kissel, Jie Wang University of Massachusetts Lowell The Cloud Cloud storage makes many promises: Data can be accessed anywhere at any time No

698 views • 42 slides
Upgrading Transport Protocols using Untrusted Mobile Code Parveen Patel Andrew Whitaker Jay

Upgrading Transport Protocols using Untrusted Mobile Code Parveen Patel Andrew Whitaker Jay

Upgrading Transport Protocols using Untrusted Mobile Code Parveen Patel Andrew Whitaker Jay Lepreau David Wetherall ( Univ. of Washington ) Tim Stack ( Univ. of Utah ) Key Point Untrusted mobile code can allow anybody to build

365 views • 13 slides
MetaSync File Synchroniza/on Across Mul/ple Untrusted Storage

MetaSync File Synchroniza/on Across Mul/ple Untrusted Storage

MetaSync File Synchroniza/on Across Mul/ple Untrusted Storage Services Seungyeop Han (syhan@cs.washington.edu) Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,

837 views • 37 slides
Learning From Data Lecture 3 Is Learning Feasible? Outside the Data Probability to the Rescue

Learning From Data Lecture 3 Is Learning Feasible? Outside the Data Probability to the Rescue

Learning From Data Lecture 3 Is Learning Feasible? Outside the Data Probability to the Rescue Learning vs. Verification Selection Bias - A Cartoon M. Magdon-Ismail CSCI 4100/6100 recap: The Perceptron Learning Algorithm y = +1 y x

538 views • 27 slides
1 Attacks on randomization - Error repeating the question An attack:

1 Attacks on randomization - Error repeating the question An attack:

Context: Theory of variable privacy Theory of security allows binary choice for data revelation: Bob is trusted/untrusted The channel coding theorem and the If he is trusted, data is revealed to him using a perfect protocol

400 views • 5 slides
A Survey of Oblivious RAMs David Cash IBM Securely Outsourcing Memory Server Goal : Store,

A Survey of Oblivious RAMs David Cash IBM Securely Outsourcing Memory Server Goal : Store,

A Survey of Oblivious RAMs David Cash IBM Securely Outsourcing Memory Server Goal : Store, access, and update data on an untrusted server. Mem[0] a Mem[1] b Mem[2] c Write(i,x) Read(j) Mem[i] d Client Mem[j] e Untrusted

908 views • 70 slides
What if Meaning is Indeterminate? Ramsification and Semantic Indeterminacy Hannes Leitgeb LMU

What if Meaning is Indeterminate? Ramsification and Semantic Indeterminacy Hannes Leitgeb LMU

What if Meaning is Indeterminate? Ramsification and Semantic Indeterminacy Hannes Leitgeb LMU Munich August 2019 What if meaning is indeterminate? Can we still (more or less) do classical semantics as we want to? The following statements seem

793 views • 29 slides
Testing for Tensions Between Datasets David Parkinson University of Queensland In collaboration

Testing for Tensions Between Datasets David Parkinson University of Queensland In collaboration

Testing for Tensions Between Datasets David Parkinson University of Queensland In collaboration with Shahab Joudaki (Oxford) Outline Introduction Statistical Inference Methods Linear models Example using WL and CMB data

476 views • 25 slides
The Security-Privacy tension: recent developments in the U.K. and elsewhere James Davenport

The Security-Privacy tension: recent developments in the U.K. and elsewhere James Davenport

The Security-Privacy tension: recent developments in the U.K. and elsewhere James Davenport Hebron & Medlock Professor of Information Technology University of Bath (U.K.) 16 January 2014 Overall Thesis When it comes to security/privacy,

419 views • 18 slides
Forces MCV4U: Calculus & Vectors A force is a push or a pull on an object. A force has both a

Forces MCV4U: Calculus & Vectors A force is a push or a pull on an object. A force has both a

g e o m e t r i c v e c t o r s g e o m e t r i c v e c t o r s Forces MCV4U: Calculus & Vectors A force is a push or a pull on an object. A force has both a magnitude and a direction, so it can be represented by a vector. A force, F ,

183 views • 3 slides
Chest Radiology Highlights: Tips, Tricks and Things You Should Never Miss! Case #1 1

Chest Radiology Highlights: Tips, Tricks and Things You Should Never Miss! Case #1 1

10/28/2015 Chest Radiology Highlights: Tips, Tricks and Things You Should Never Miss! Case #1 1 10/28/2015 Checklist Lines, tubes and foreign bodies Endotracheal tubes 2 10/28/2015 Airway landmarks 3 10/28/2015 3-7 cm What is

673 views • 64 slides
Evaluation and Treatment of Evaluation and Treatment of Pulmonary Arterial Hypertension

Evaluation and Treatment of Evaluation and Treatment of Pulmonary Arterial Hypertension

Presenter Disclosure Information Evaluation and Treatment of Evaluation and Treatment of Pulmonary Arterial Hypertension Pulmonary Arterial Hypertension I will not discuss off label use or investigational Advanced Lung Disease Course, May

389 views • 10 slides
BNSSG Mental Health and Well Being Strategy update An overview of MH in our the system Why have

BNSSG Mental Health and Well Being Strategy update An overview of MH in our the system Why have

BNSSG Mental Health and Well Being Strategy update An overview of MH in our the system Why have a Healthier Together Mental Health and Well being Strategy? In BNSSG, mental ill health results in poorer physical health and reduced life

408 views • 18 slides
A Reflection of Gods Character I am THE LAW I am THE LAW What makes law LAW? King

A Reflection of Gods Character I am THE LAW I am THE LAW What makes law LAW? King

A Reflection of Gods Character I am THE LAW I am THE LAW What makes law LAW? King Charles II King Charles II King Charles II Ian Gillan Smoke on the waaaa-ter King Charles II Ian Gillan King Charles II King Charles II King

1.21k views • 85 slides

More recommend