Optimal Attack Strategies Against Predictors - Learning from Expert Advice

Anh Truong, S. Rasoul Etesami, Jalal Etesami, Negar Kiyavash

Publikation: Beitrag in FachzeitschriftArtikelBegutachtung

7 Zitate (Scopus)

Abstract

Motivated by many real-world examples, such as recommendation systems or sensor fusion, and aiming to capture the influence of malicious experts who intentionally degrade the performance of learning systems, we analyze optimal adversarial strategies against the weighted average prediction algorithm in the learning with expert advice framework. All but one expert is honest and the malicious expert's goal is to sabotage the performance of the algorithm by strategically providing dishonest recommendations. We formulate the problem as a Markov decision process and analyze it under various settings. For the logarithmic loss, somewhat surprisingly, we prove that the optimal strategy for the adversary is the greedy policy, i.e., lying at every step. For the absolute loss, in the 2-experts, discounted cost setting, we prove that the optimal strategy is a threshold policy, where the malicious expert tells the truth until he earns enough weight and then lies afterwards. We extend the results to the infinite horizon problem and find the exact thresholds for the stationary optimal policy. Finally, we use a mean field approach in the N-experts setting to find the optimal strategy when the predictions of the honest experts are independent and identically distributed. We justify our results using simulations throughout this paper.

OriginalspracheEnglisch
Aufsatznummer7954673
Seiten (von - bis)6-19
Seitenumfang14
FachzeitschriftIEEE Transactions on Information Forensics and Security
Jahrgang13
Ausgabenummer1
DOIs
PublikationsstatusVeröffentlicht - Jan. 2018
Extern publiziertJa

Fingerprint

Untersuchen Sie die Forschungsthemen von „Optimal Attack Strategies Against Predictors - Learning from Expert Advice“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren