Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Attacks on Online Learners: a Teacher-Student Analysis
Authors: Riccardo Giuseppe Margiotta, Sebastian Goldt, Guido Sanguinetti
NeurIPS 2023 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We perform a theoretical analysis of the problem in a teacher-student setup, considering different attack strategies, and obtaining analytical results for the steady state of simple linear learners. These results enable us to prove that a discontinuous transition in the learner s accuracy occurs when the attack strength exceeds a critical threshold. We then study empirically attacks on learners with complex architectures using real data, confirming the insights of our theoretical analysis. |
| Researcher Affiliation | Academia | International School for Advanced Studies, Trieste, Italy |
| Pseudocode | Yes | A Attack strategies: algorithms Table 1 summarizes the attack strategies introduced in Sec. 2.4. For clarity, we present the algorithms for data streaming in batches of size P = 1. ... Algorithm 1 Online label attacks (batch size P = 1) |
| Open Source Code | Yes | Reproducibility. The code and details for implementing our experiments are available here. |
| Open Datasets | Yes | We empirically study online data poisoning on real datasets (MNIST, CIFAR10), using architectures of varying complexities including Le Net, Res Net, and VGG. |
| Dataset Splits | No | The paper describes the use of real datasets (MNIST, CIFAR10) and the training process, but it does not specify explicit training, validation, and test dataset splits with percentages or counts. |
| Hardware Specification | Yes | Compute. We used a single NVIDIA Quadro RTX 4000 graphics card for all our experiments. |
| Software Dependencies | No | The paper mentions "Stable Baselines3" but does not provide specific version numbers for any software dependencies. |
| Experiment Setup | Yes | Parameters: C = 1, a [ 2, 3], D = 10, η = 0.02 D. Input elements sampled i.i.d. from Px = N(0, 1). ... Parameters: D = 10, η = 0.02 D (Log Reg, VGG11, Res Net18), η = 0.01 (Le Net), a [0, 1]. Averages were performed over 10 data streams of 10^5 batches and over the last 10^3 steps for each stream. |