Papers
Topics
Authors
Recent
Search
2000 character limit reached

Interactive Trimming against Evasive Online Data Manipulation Attacks: A Game-Theoretic Approach

Published 15 Mar 2024 in cs.CR and cs.DB | (2403.10313v1)

Abstract: With the exponential growth of data and its crucial impact on our lives and decision-making, the integrity of data has become a significant concern. Malicious data poisoning attacks, where false values are injected into the data, can disrupt machine learning processes and lead to severe consequences. To mitigate these attacks, distance-based defenses, such as trimming, have been proposed, but they can be easily evaded by white-box attackers. The evasiveness and effectiveness of poisoning attack strategies are two sides of the same coin, making game theory a promising approach. However, existing game-theoretical models often overlook the complexities of online data poisoning attacks, where strategies must adapt to the dynamic process of data collection. In this paper, we present an interactive game-theoretical model to defend online data manipulation attacks using the trimming strategy. Our model accommodates a complete strategy space, making it applicable to strong evasive and colluding adversaries. Leveraging the principle of least action and the Euler-Lagrange equation from theoretical physics, we derive an analytical model for the game-theoretic process. To demonstrate its practical usage, we present a case study in a privacy-preserving data collection system under local differential privacy where a non-deterministic utility function is adopted. Two strategies are devised from this analytical model, namely, Tit-for-tat and Elastic. We conduct extensive experiments on real-world datasets, which showcase the effectiveness and accuracy of these two strategies.

Authors (4)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (35)
  1. Reid A. Johnson Andrea Dal Pozzolo, Olivier Caelen and Gianluca Bontempi. Openml datasets. https://www.openml.org/search?type=data&sort=runs&id=1597&status=active, 2015.
  2. The evolution of cooperation. science, 211(4489):1390–1396, 1981.
  3. Stealthy targeted data poisoning attack on knowledge graphs. In 2021 IEEE 37th International Conference on Data Engineering (ICDE), pages 2069–2074. IEEE, 2021.
  4. Poisoning attacks against support vector machines. arXiv preprint arXiv:1206.6389, 2012.
  5. Data poisoning attacks to local differential privacy protocols. In 30th USENIX Security Symposium (USENIX Security 21), pages 947–964, 2021.
  6. Zoo: Zeroth order optimization based black-box attacks to deep neural networks without training substitute models. In Proceedings of the 10th ACM workshop on artificial intelligence and security, pages 15–26, 2017.
  7. Manipulation attacks in local differential privacy. In 2021 IEEE Symposium on Security and Privacy (SP), pages 883–900. IEEE, 2021.
  8. Differential aggregation against general colluding attackers. In 2023 IEEE 39th International Conference on Data Engineering (ICDE), pages 2180–2193, Los Alamitos, CA, USA, apr 2023. IEEE Computer Society.
  9. Collecting high-dimensional and correlation-constrained data with local differential privacy. In 2021 18th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), pages 1–9. IEEE, 2021.
  10. Local privacy and statistical minimax rates. In 2013 IEEE 54th Annual Symposium on Foundations of Computer Science, pages 429–438. IEEE, 2013.
  11. Collecting multi-type and correlation-constrained streaming sensor data with local differential privacy. ACM Transactions on Sensor Networks, 2023.
  12. Ldpguard: Defenses against data poisoning attacks to local differential privacy protocols. IEEE Transactions on Knowledge and Data Engineering, 2024.
  13. Manipulating machine learning: Poisoning attacks and countermeasures for regression learning. In 2018 IEEE symposium on security and privacy (SP), pages 19–35. IEEE, 2018.
  14. Security analysis of online centroid anomaly detection. The Journal of Machine Learning Research, 13(1):3681–3724, 2012.
  15. Stronger data poisoning attacks break data sanitization defenses. Machine Learning, pages 1–47, 2022.
  16. Joseph Louis Lagrange. Mécanique analytique, volume 1. Mallet-Bachelier, 1853.
  17. Curie: A method for protecting svm classifier from poisoning attack. arXiv preprint arXiv:1606.01584, 2016.
  18. Fine-grained poisoning attacks to local differential privacy protocols for mean and variance estimation. arXiv preprint arXiv:2205.11782, 2022.
  19. Delving into transferable adversarial examples and black-box attacks. arXiv preprint arXiv:1611.02770, 2016.
  20. Using machine teaching to identify optimal training-set attacks on machine learners. In Proceedings of the aaai conference on artificial intelligence, volume 29, 2015.
  21. Towards poisoning of deep learning algorithms with back-gradient optimization. In Proceedings of the 10th ACM workshop on artificial intelligence and security, pages 27–38, 2017.
  22. On the practicality of integrity attacks on document-level sentiment analysis. In Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop, pages 83–93, 2014.
  23. Tit for tat in heterogeneous populations. Nature, 355(6357):250–253, 1992.
  24. Mixed strategy game model against data poisoning attacks. In 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pages 39–43. IEEE, 2019.
  25. The pick-up time in a day extracted from 2018 January New York Taxi data. Taxi dataset. https://www.kaggle.com/code/wti200/exploratory-analysis-nyc-taxi-trip, 2018.
  26. Fedrecattack: model poisoning attack to federated recommendation. In 2022 IEEE 38th International Conference on Data Engineering (ICDE), pages 2643–2655. IEEE, 2022.
  27. Poisonrec: an adaptive data poisoning framework for attacking black-box recommender systems. In 2020 IEEE 36th International Conference on Data Engineering (ICDE), pages 157–168. IEEE, 2020.
  28. Certified defenses for data poisoning attacks. Advances in neural information processing systems, 30, 2017.
  29. Ldprecover: Recovering frequencies from poisoning attacks against local differential privacy, 2024.
  30. UCI. Uci datasets. http://archive.ics.uci.edu/datasets, 2023.
  31. Fedattack: Effective and covert poisoning attack on federated recommendation via hard sampling. In Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, pages 4164–4172, 2022.
  32. Adversarial label flips attack on support vector machines. In ECAI 2012, pages 870–875. IOS Press, 2012.
  33. Planning data poisoning attacks on heterogeneous recommender systems in a multiplayer setting. In 2023 IEEE 39th International Conference on Data Engineering (ICDE), pages 2510–2523. IEEE, 2023.
  34. A game-theoretic defense against data poisoning attacks in distributed support vector machines. In 2017 IEEE 56th Annual Conference on Decision and Control (CDC), pages 4582–4587. IEEE, 2017.
  35. Binarizedattack: Structural poisoning attacks to graph-based anomaly detection. In 2022 IEEE 38th International Conference on Data Engineering (ICDE), pages 14–26. IEEE, 2022.

Summary

No one has generated a summary of this paper yet.

Sign Up to Summarize

Paper to Video (Beta)

No one has generated a video about this paper yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Generate Now

Collections

Sign up for free to add this paper to one or more collections.

Sign Up