Toward Optimal Adversarial Policies in the Multiplicative Learning System with a Malicious Expert release_asbk4ly4mncslkha4n6fxuvm4m

by S. Rasoul Etesami, Negar Kiyavash, Vincent Leon, H. Vincent Poor

Released as a article .

2020  

Abstract

We consider a learning system based on the conventional multiplicative weight (MW) rule that combines experts' advice to predict a sequence of true outcomes. It is assumed that one of the experts is malicious and aims to impose the maximum loss on the system. The loss of the system is naturally defined to be the aggregate absolute difference between the sequence of predicted outcomes and the true outcomes. We consider this problem under both offline and online settings. In the offline setting where the malicious expert must choose its entire sequence of decisions a priori, we show somewhat surprisingly that a simple greedy policy of always reporting false prediction is asymptotically optimal with an approximation ratio of 1+O(√(ln N/N)), where N is the total number of prediction stages. In particular, we describe a policy that closely resembles the structure of the optimal offline policy. For the online setting where the malicious expert can adaptively make its decisions, we show that the optimal online policy can be efficiently computed by solving a dynamic program in O(N^3). Our results provide a new direction for vulnerability assessment of commonly used learning algorithms to adversarial attacks where the threat is an integral part of the system.
In text/plain format

Archived Files and Locations

application/pdf  631.1 kB
file_qkkaq43itbhy3mxasjjkt3eux4
arxiv.org (repository)
web.archive.org (webarchive)
Read Archived PDF
Preserved and Accessible
Type  article
Stage   submitted
Date   2020-09-18
Version   v2
Language   en ?
arXiv  2001.00543v2
Work Entity
access all versions, variants, and formats of this works (eg, pre-prints)
Catalog Record
Revision: 6d88aa4d-6b2a-418c-9a4f-c4271fe26a4c
API URL: JSON