Training-Time Attacks against K-nearest Neighbors
Authors: Ara Vartanian, Will Rosenbaum, Scott Alfeld
AAAI 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We provide theoretical bounds and empirically demonstrate the effectiveness and practicality of our methods on synthetic and real-world datasets. |
| Researcher Affiliation | Academia | Ara Vartanian1, Will Rosenbaum2, Scott Alfeld2 1 University of Wisconsin Madison 2 Amherst College aravart@cs.wisc.edu, {wrosenbaum, salfeld}@amherst.edu |
| Pseudocode | Yes | Algorithm 1: Construct IRs, Algorithm 2: CHOPPA, Algorithm 3: GIT2ACHOPPA. |
| Open Source Code | No | The paper does not provide any explicit statements or links indicating the availability of open-source code for the methodology described. |
| Open Datasets | Yes | We consider two real-world datasets. MNIST (Le Cun, Cortes, and Burges (2010)) consists of 28 28 greyscale images of handwritten digits (d = 784). Human Activity Recognition (HAPT) (Anguita et al. (2013)). |
| Dataset Splits | No | The paper mentions using 10,000 and 6,000 points for training from MNIST and HAPT, respectively, and evaluates on a held-out set of size 1,000, but does not specify a separate validation set or split percentages for training/validation/test. |
| Hardware Specification | No | Experiments were run on 128core machines from AWS EC2. This indicates a general type of machine but lacks specific hardware models (e.g., CPU, GPU) or detailed specifications. |
| Software Dependencies | Yes | The QCLPs were solved using Mosek (Ap S (2019)). Pre-processing, plotting, and data analysis were performed with pandas (The Pandas Development Team (2020)), scikit-learn (Pedregosa et al. (2011)) and matplotlib (Hunter (2007)). Mosek is mentioned with a version number 9.2.35. |
| Experiment Setup | Yes | Every attacker uses GIT2ACHOPPA with a budget of b = 1, 5, 10, 20 and a time budget of b minutes. We train a 1NN classifier using 10,000 and 6,000 points from MNIST and HAPT, respectively, (1,000 from each class). |