TY - JOUR
T1 - Optimal Attack Strategies Against Predictors - Learning from Expert Advice
AU - Truong, Anh
AU - Etesami, S. Rasoul
AU - Etesami, Jalal
AU - Kiyavash, Negar
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2018/1
Y1 - 2018/1
N2 - Motivated by many real-world examples, such as recommendation systems or sensor fusion, and aiming to capture the influence of malicious experts who intentionally degrade the performance of learning systems, we analyze optimal adversarial strategies against the weighted average prediction algorithm in the learning with expert advice framework. All but one expert is honest and the malicious expert's goal is to sabotage the performance of the algorithm by strategically providing dishonest recommendations. We formulate the problem as a Markov decision process and analyze it under various settings. For the logarithmic loss, somewhat surprisingly, we prove that the optimal strategy for the adversary is the greedy policy, i.e., lying at every step. For the absolute loss, in the 2-experts, discounted cost setting, we prove that the optimal strategy is a threshold policy, where the malicious expert tells the truth until he earns enough weight and then lies afterwards. We extend the results to the infinite horizon problem and find the exact thresholds for the stationary optimal policy. Finally, we use a mean field approach in the N-experts setting to find the optimal strategy when the predictions of the honest experts are independent and identically distributed. We justify our results using simulations throughout this paper.
AB - Motivated by many real-world examples, such as recommendation systems or sensor fusion, and aiming to capture the influence of malicious experts who intentionally degrade the performance of learning systems, we analyze optimal adversarial strategies against the weighted average prediction algorithm in the learning with expert advice framework. All but one expert is honest and the malicious expert's goal is to sabotage the performance of the algorithm by strategically providing dishonest recommendations. We formulate the problem as a Markov decision process and analyze it under various settings. For the logarithmic loss, somewhat surprisingly, we prove that the optimal strategy for the adversary is the greedy policy, i.e., lying at every step. For the absolute loss, in the 2-experts, discounted cost setting, we prove that the optimal strategy is a threshold policy, where the malicious expert tells the truth until he earns enough weight and then lies afterwards. We extend the results to the infinite horizon problem and find the exact thresholds for the stationary optimal policy. Finally, we use a mean field approach in the N-experts setting to find the optimal strategy when the predictions of the honest experts are independent and identically distributed. We justify our results using simulations throughout this paper.
KW - Learning algorithm
KW - Markov decision process
KW - dynamic programming
KW - expert advice
KW - malicious experts
KW - threshold policy
KW - weighted average prediction
UR - http://www.scopus.com/inward/record.url?scp=85021809302&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2017.2718488
DO - 10.1109/TIFS.2017.2718488
M3 - Article
AN - SCOPUS:85021809302
SN - 1556-6013
VL - 13
SP - 6
EP - 19
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
IS - 1
M1 - 7954673
ER -