While machine learning systems are known to be vulnerable to data-manipulation attacks at both training and deployment time, little is known about how to adapt attacks when the defender transforms data prior to model estimation. We consider the setting where the defender Bob first transforms the data then learns a model from the result; Alice, the attacker, perturbs Bob’s input data prior to him transforming it. We develop a general-purpose “plug and play” framework for gradient-based attacks based on matrix differentials, focusing on ordinary least-squares linear regression. This allows learning algorithms and data transformations to be paired and composed arbitrarily: attacks can be adapted through the use of the chain rule—analogous to backpropagation on neural network parameters—to compositional learning maps. Bestresponse attacks can be computed through matrix multiplications from a library of attack matrices for transformations and learners. Our treatment of linear regression extends state-ofthe-art attacks at training time, by permitting the attacker to affect both features and targets optimally and simultaneously. We explore several transformations broadly used across machine learning with a driving motivation for our work being autogressive modeling. There, Bob transforms a univariate time series into a matrix of observations and vector of target values which can then be fed into standard learners. Under this learning reduction, a perturbation from Alice to a single value of the time series affects features of several data points along with target values.
In assessing the sound environment of a park, visitor noise along trails may be important because of its affect upon: (1) the un-altered park environment, (2) wildlife, and (3) other park visitors. Just as noise in residential communities has been correlated with population density we set out to see if the noise level along trails would correlate with visitor density. In the summer of 2011, measurements were made using two sites, one on each of two trails. These measurements included one second Leq measurements at an array of four trailside microphones, and recording of the number of park visitors entering the measurement zone during each minute. Examination of the data revealed little correlation between a 5 min measurement of the Leq and density of trail visitors. The problem was that the smallest time increment in which we could accurately portray the number of park visitors was about 5 min, using the one minute totals, and in a 5 min period visitor noise would rarely equal or exceed the measurement ambient. Thus, no relation between visitor density and trailside noise could be developed. Additional analysis was done with data to better understand the limiting factors to the measurement.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.