Blind Attacks on Machine Learners
Authors: Alex Beatson, Zhaoran Wang, Han Liu
NeurIPS 2016 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Theoretical | We study the potential of a blind attacker to provably limit a learner s performance by data injection attack without observing the learner s training set or any parameter of the distribution from which it is drawn. We provide examples of simple yet effective attacks in two settings: firstly, where an informed learner knows the strategy chosen by the attacker, and secondly, where a blind learner knows only the proportion of malicious data and some family to which the malicious distribution chosen by the attacker belongs. For each attack, we analyze minimax rates of convergence and establish lower bounds on the learner s minimax risk, exhibiting limits on a learner s ability to learn under data injection attack even when the attacker is blind . |
| Researcher Affiliation | Academia | Alex Beatson Department of Computer Science Princeton University abeatson@princeton.edu Zhaoran Wang Department of Operations Research and Financial Engineering Princeton University zhaoran@princeton.edu Han Liu Department of Operations Research and Financial Engineering Princeton University hanliu@princeton.edu |
| Pseudocode | No | The paper does not contain structured pseudocode or algorithm blocks. |
| Open Source Code | No | The paper does not provide any statement or link indicating access to source code for the methodology described. |
| Open Datasets | No | The paper does not provide concrete access information for a publicly available or open dataset. It refers to theoretical distributions (Fθ, Gφ) and estimation problems like mean estimation and linear regression, but no specific datasets are used or referenced for public access. |
| Dataset Splits | No | The paper focuses on theoretical analysis and does not describe experiments with specific dataset split information for training, validation, or testing. |
| Hardware Specification | No | The paper is theoretical and does not describe any specific hardware used for running experiments. |
| Software Dependencies | No | The paper is theoretical and does not specify any software dependencies with version numbers. |
| Experiment Setup | No | The paper focuses on theoretical analysis and does not provide specific experimental setup details such as hyperparameter values, training configurations, or system-level settings. |