Attacks on Online Learners: a Teacher-Student Analysis
Authors: Riccardo Giuseppe Margiotta, Sebastian Goldt, Guido Sanguinetti
NeurIPS 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We perform a theoretical analysis of the problem in a teacher-student setup, considering different attack strategies, and obtaining analytical results for the steady state of simple linear learners. These results enable us to prove that a discontinuous transition in the learner s accuracy occurs when the attack strength exceeds a critical threshold. We then study empirically attacks on learners with complex architectures using real data, confirming the insights of our theoretical analysis. |
| Researcher Affiliation | Academia | International School for Advanced Studies, Trieste, Italy |
| Pseudocode | Yes | A Attack strategies: algorithms Table 1 summarizes the attack strategies introduced in Sec. 2.4. For clarity, we present the algorithms for data streaming in batches of size P = 1. ... Algorithm 1 Online label attacks (batch size P = 1) |
| Open Source Code | Yes | Reproducibility. The code and details for implementing our experiments are available here. |
| Open Datasets | Yes | We empirically study online data poisoning on real datasets (MNIST, CIFAR10), using architectures of varying complexities including Le Net, Res Net, and VGG. |
| Dataset Splits | No | The paper describes the use of real datasets (MNIST, CIFAR10) and the training process, but it does not specify explicit training, validation, and test dataset splits with percentages or counts. |
| Hardware Specification | Yes | Compute. We used a single NVIDIA Quadro RTX 4000 graphics card for all our experiments. |
| Software Dependencies | No | The paper mentions "Stable Baselines3" but does not provide specific version numbers for any software dependencies. |
| Experiment Setup | Yes | Parameters: C = 1, a [ 2, 3], D = 10, η = 0.02 D. Input elements sampled i.i.d. from Px = N(0, 1). ... Parameters: D = 10, η = 0.02 D (Log Reg, VGG11, Res Net18), η = 0.01 (Le Net), a [0, 1]. Averages were performed over 10 data streams of 10^5 batches and over the last 10^3 steps for each stream. |