learning from untrusted data
play

Learning from Untrusted Data Moses Charikar, Jacob Steinhardt, - PowerPoint PPT Presentation

Jul 08, 2023 •137 likes •621 views

Learning from Untrusted Data Moses Charikar, Jacob Steinhardt, Gregory Valiant Symposium on the Theory of Computing June 19, 2017 (Icon credit: Annie Lin) Motivation: data poisoning attacks: 1 (Icon credit: Annie Lin) Motivation: data

  1. Learning from Untrusted Data Moses Charikar, Jacob Steinhardt, Gregory Valiant Symposium on the Theory of Computing June 19, 2017

  2. (Icon credit: Annie Lin) Motivation: data poisoning attacks: 1

  3. (Icon credit: Annie Lin) Motivation: data poisoning attacks: Question: what concepts can be learned in the presence of arbitrarily corrupted data? 1

  4. Related Work • 60 years of work on robust statistics... PCA: • XCM ’10, CLMW ’11, CSPW ’11 Mean estimation: • LRV ’16, DKKLMS ’16, DKKLMS ’17, L ’17, DBS ’17, S CV ’17 Regression: • NTN ’11, NT ’13, CCM ’13, BJK ’15 Classification: • FHKP ’09, GR ’09, KLS ’09, ABL ’14 Semi-random graphs: • FK ’01, C ’07, MMV ’12, S ’17 Other: • HM ’13, C ’14, C ’16, DKS ’16, S CV ’16 2

  5. Problem Setting Observe n points x 1 , . . . , x n 3

  6. Problem Setting Observe n points x 1 , . . . , x n Unknown subset of αn points drawn i.i.d. from p ∗ 3

  7. Problem Setting Observe n points x 1 , . . . , x n Unknown subset of αn points drawn i.i.d. from p ∗ Remaining (1 − α ) n points are arbitrary 3

  8. Problem Setting Observe n points x 1 , . . . , x n Unknown subset of αn points drawn i.i.d. from p ∗ Remaining (1 − α ) n points are arbitrary Goal: estimate parameter of interest θ ( p ∗ ) • assuming p ∗ ∈ P (e.g. bounded moments) • θ ( p ∗ ) could be mean, best fit line, ranking, etc. 3

  9. Problem Setting Observe n points x 1 , . . . , x n Unknown subset of αn points drawn i.i.d. from p ∗ Remaining (1 − α ) n points are arbitrary Goal: estimate parameter of interest θ ( p ∗ ) • assuming p ∗ ∈ P (e.g. bounded moments) • θ ( p ∗ ) could be mean, best fit line, ranking, etc. New regime: α ≪ 1 3

  10. Why Is This Possible? If e.g. α = 1 3 , estimation seems impossible: 4

  11. Why Is This Possible? If e.g. α = 1 3 , estimation seems impossible: 4

  12. Why Is This Possible? If e.g. α = 1 3 , estimation seems impossible: But can narrow down to 3 possibilities! 4

  13. Why Is This Possible? If e.g. α = 1 3 , estimation seems impossible: But can narrow down to 3 possibilities! List-decodable learning [Balcan, Blum, Vempala ’08] • output O (1 /α ) answers, one of which is approximately correct 4

  14. Why Is This Possible? If e.g. α = 1 3 , estimation seems impossible: But can narrow down to 3 possibilities! List-decodable learning [Balcan, Blum, Vempala ’08] • output O (1 /α ) answers, one of which is approximately correct Semi-verified learning • observe O (1) verified points from p ∗ 4

  15. Why Is This Possible? If e.g. α = 1 3 , estimation seems impossible: But can narrow down to 3 possibilities! List-decodable learning [Balcan, Blum, Vempala ’08] • output O (1 /α ) answers, one of which is approximately correct Semi-verified learning • observe O (1) verified points from p ∗ 4

  16. Why Care? Practical problem: data poisoning attacks • How can we build learning algorithms that are provably secure to manipulation? 5

  17. Why Care? Practical problem: data poisoning attacks • How can we build learning algorithms that are provably secure to manipulation? Fundamental problem in robust statistics • What can be learned in presence of arbitrary outliers? 5

  18. Why Care? Practical problem: data poisoning attacks • How can we build learning algorithms that are provably secure to manipulation? Fundamental problem in robust statistics • What can be learned in presence of arbitrary outliers? Agnostic learning of mixtures • When is it possible to learn about one mixture component, with no assumptions about the other components? 5

  19. Main Theorem Observed functions: f 1 , . . . , f n Want to minimize unknown target function: ¯ f 6

  20. Main Theorem Observed functions: f 1 , . . . , f n Want to minimize unknown target function: ¯ f Key quantity: spectral norm bound on a subset I : w ∈ R d � [ ∇ f i ( w ) − ∇ ¯ √ 1 | I | max f ( w )] i ∈ I � op ≤ S. 6

  21. Main Theorem Observed functions: f 1 , . . . , f n Want to minimize unknown target function: ¯ f Key quantity: spectral norm bound on a subset I : w ∈ R d � [ ∇ f i ( w ) − ∇ ¯ √ 1 | I | max f ( w )] i ∈ I � op ≤ S. Meta-Theorem Given a spectral norm bound on an unknown subset of αn functions, learning is possible: • in the semi-verified model (for convex f i ) • in the list-decodable model (for strongly convex f i ) 6

  22. Main Theorem Observed functions: f 1 , . . . , f n Want to minimize unknown target function: ¯ f Key quantity: spectral norm bound on a subset I : w ∈ R d � [ ∇ f i ( w ) − ∇ ¯ √ 1 | I | max f ( w )] i ∈ I � op ≤ S. Meta-Theorem Given a spectral norm bound on an unknown subset of αn functions, learning is possible: • in the semi-verified model (for convex f i ) • in the list-decodable model (for strongly convex f i ) All results direct corollaries of meta-theorem! 6

  23. Corollary: Mean Estimation Setting: distribution p ∗ on R d with mean µ and bounded 1st moments: E p ∗ [ |� x − µ, v �| ] ≤ σ � v � 2 for all v ∈ R d . 7

  24. Corollary: Mean Estimation Setting: distribution p ∗ on R d with mean µ and bounded 1st moments: E p ∗ [ |� x − µ, v �| ] ≤ σ � v � 2 for all v ∈ R d . Observe αn samples from p ∗ and (1 − α ) n arbitrary points, and want to estimate µ . 7

  25. Corollary: Mean Estimation Setting: distribution p ∗ on R d with mean µ and bounded 1st moments: E p ∗ [ |� x − µ, v �| ] ≤ σ � v � 2 for all v ∈ R d . Observe αn samples from p ∗ and (1 − α ) n arbitrary points, and want to estimate µ . Theorem (Mean Estimation) If αn ≥ d , it is possible to output estimates ˆ µ 1 , . . . , ˆ µ m of the mean µ such that • m ≤ 2 /α , and O ( σ/ √ α ) w.h.p. µ j − µ � 2 = ˜ • min m j =1 � ˆ 7

  26. Corollary: Mean Estimation Setting: distribution p ∗ on R d with mean µ and bounded 1st moments: E p ∗ [ |� x − µ, v �| ] ≤ σ � v � 2 for all v ∈ R d . Observe αn samples from p ∗ and (1 − α ) n arbitrary points, and want to estimate µ . Theorem (Mean Estimation) If αn ≥ d , it is possible to output estimates ˆ µ 1 , . . . , ˆ µ m of the mean µ such that • m ≤ 2 /α , and O ( σ/ √ α ) w.h.p. µ j − µ � 2 = ˜ • min m j =1 � ˆ Alternately, it is possible to output an estimate ˆ µ given a single verified point from p ∗ . 7

  27. Comparisons Mean estimation: Bound Regime Assumption Samples σ √ 1 − α α > 1 − c 4 th moments d LRV ’16 d 3 σ (1 − α ) α > 1 − c DKKLMS ’16 sub-Gaussian σ/ √ α α > 0 1 st moments d CSV ’17 8

  28. Comparisons Mean estimation: Bound Regime Assumption Samples σ √ 1 − α α > 1 − c 4 th moments d LRV ’16 d 3 σ (1 − α ) α > 1 − c DKKLMS ’16 sub-Gaussian σ/ √ α α > 0 1 st moments d CSV ’17 Estimating mixtures: Separation Robust? σ ( k + 1 / √ α ) AM ’05 no σk KK ’10 no √ σ k AS ’12 no σ/ √ α CSV ’17 yes 8

  29. Other Results Stochastic Block Model: (sparse regime: cf. GV ’14, LLV ’15, RT ’15, RV ’16) Average Degree Robust? 1 /α 4 GV ’14 no 1 /α 2 AS ’15 no 1 /α 3 yes CSV ’17 9

  30. Other Results Stochastic Block Model: (sparse regime: cf. GV ’14, LLV ’15, RT ’15, RV ’16) Average Degree Robust? 1 /α 4 GV ’14 no 1 /α 2 AS ’15 no 1 /α 3 yes CSV ’17 Others: • discrete product distributions • exponential families • ranking 9

  31. Proof Overview (Mean Estimation) Recall goal: given n points x 1 , . . . , x n , αn drawn from p ∗ , estimate mean µ of p ∗ 10

  32. Proof Overview (Mean Estimation) Recall goal: given n points x 1 , . . . , x n , αn drawn from p ∗ , estimate mean µ of p ∗ Key tension: balance adversarial and statistical error 10

  33. Proof Overview (Mean Estimation) Recall goal: given n points x 1 , . . . , x n , αn drawn from p ∗ , estimate mean µ of p ∗ Key tension: balance adversarial and statistical error Key tension: balance adversarial and statistical error 10

  34. Proof Overview (Mean Estimation) Recall goal: given n points x 1 , . . . , x n , αn drawn from p ∗ , estimate mean µ of p ∗ Key tension: balance adversarial and statistical error Key tension: balance adversarial and statistical error Key tension: balance adversarial and statistical error 10

  35. Proof Overview (Mean Estimation) Recall goal: given n points x 1 , . . . , x n , αn drawn from p ∗ , estimate mean µ of p ∗ Key tension: balance adversarial and statistical error Key tension: balance adversarial and statistical error Key tension: balance adversarial and statistical error High-level strategy: solve convex optimization problem • if cost is low, estimation succeeds (spectral norm bound) • if cost is high, identify and remove outliers 10

  36. Proof Overview (Mean Estimation) Recall goal: given n points x 1 , . . . , x n , αn drawn from p ∗ , estimate mean µ of p ∗ Key tension: balance adversarial and statistical error Key tension: balance adversarial and statistical error Key tension: balance adversarial and statistical error High-level strategy: solve convex optimization problem • if cost is low, estimation succeeds (spectral norm bound) • if cost is high, identify and remove outliers 10

  37. Algorithm � n i =1 � x i − µ � 2 First pass: minimize µ 2 11

Recommend

Robust Learning from Untrusted Sources Nikola Konstantinov Christoph H. Lampert ICML, June 2019

Robust Learning from Untrusted Sources Nikola Konstantinov Christoph H. Lampert ICML, June 2019

Robust Learning from Untrusted Sources Nikola Konstantinov Christoph H. Lampert ICML, June 2019 Konstantinov, Lampert; IST Austria Robust Learning from Untrusted Sources Poster 156 1 / 13 Motivation Collecting data for machine learning

386 views • 28 slides
Chip-Secured Data Access: Confidential Data on Untrusted Servers L. Bouganim, P. Pucheral

Chip-Secured Data Access: Confidential Data on Untrusted Servers L. Bouganim, P. Pucheral

Chip-Secured Data Access: Confidential Data on Untrusted Servers L. Bouganim, P. Pucheral University of Versailles The need for Open Trusted Data Stores PAGE 2 Virtual teams distributed among space, time and organizations

394 views • 12 slides
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules or library untrusted

797 views • 46 slides
Deserialization of untrusted data in Java Analysis, current solutions & a new approach

Deserialization of untrusted data in Java Analysis, current solutions & a new approach

Deserialization of untrusted data in Java Analysis, current solutions & a new approach Apostolos Giannakidis OWASP London Meetup @apgiannakidis 18th May 2017 1 Whois Security Architect at Waratek Application security

587 views • 46 slides
Protecting Data in Untrusted Locations An exercise in Real World threat modeling. Jan

Protecting Data in Untrusted Locations An exercise in Real World threat modeling. Jan

Protecting Data in Untrusted Locations An exercise in Real World threat modeling. Jan Schaumann 99CE 1DC7 770A C5A8 09A6 @jschauma 0DCD 66CE 4FE9 6F6B D3D7 Me. Errday. Obligatory James Mickens This World of Ours reference.

714 views • 40 slides
Hails: Protecting Data Privacy in Untrusted Web Applications Daniel B. Giffin, Amit Levy, Deian

Hails: Protecting Data Privacy in Untrusted Web Applications Daniel B. Giffin, Amit Levy, Deian

Hails: Protecting Data Privacy in Untrusted Web Applications Daniel B. Giffin, Amit Levy, Deian Stefan, David Terei, John Mitchell, David Mazires, and Alejandro Russo Web platforms are great ! They allow third-party developers to build apps

714 views • 54 slides
Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work

Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work

Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work with Alessandro Chiesa Eli Ben-Sasson Daniel Genkin 1 Technion Cryptoday June 16, 2011 Motivation 3 Motivation INTEGRITY CONFIDENTIALITY

725 views • 50 slides
Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds Frank Wang (MIT

Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds Frank Wang (MIT

Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds Frank Wang (MIT CSAIL) , James Mickens (Harvard), Nickolai Zeldovich (MIT CSAIL), Vinod Vaikuntanathan (MIT CSAIL) 1 Motivation Boston Marathon NY Marathon

1.12k views • 95 slides
Towards Application Security on Untrusted Operating Systems Dan R. K. Ports Tal Garfinkel MIT

Towards Application Security on Untrusted Operating Systems Dan R. K. Ports Tal Garfinkel MIT

Towards Application Security on Untrusted Operating Systems Dan R. K. Ports Tal Garfinkel MIT CSAIL & VMware VMware Motivation Many applications handle sensitive data financial, medical, insurance, military... credit cards, medical

712 views • 25 slides
Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data Tyler Hunt , Zhiting Zhu,

Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data Tyler Hunt , Zhiting Zhu,

Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data Tyler Hunt , Zhiting Zhu, Yuanzhong Xu, Simon Peter, Emmett Witchel 1 Disease risk assessment: Trust issues D i s e a s e R i s k 2 Disease risk assessment: Trust

766 views • 57 slides
Access Control in Untrusted Cloud Storage using Unidirectional Re-encryption Zach Kissel, Jie

Access Control in Untrusted Cloud Storage using Unidirectional Re-encryption Zach Kissel, Jie

Access Control in Untrusted Cloud Storage using Unidirectional Re-encryption Zach Kissel, Jie Wang University of Massachusetts Lowell The Cloud Cloud storage makes many promises: Data can be accessed anywhere at any time No

698 views • 42 slides
Upgrading Transport Protocols using Untrusted Mobile Code Parveen Patel Andrew Whitaker Jay

Upgrading Transport Protocols using Untrusted Mobile Code Parveen Patel Andrew Whitaker Jay

Upgrading Transport Protocols using Untrusted Mobile Code Parveen Patel Andrew Whitaker Jay Lepreau David Wetherall ( Univ. of Washington ) Tim Stack ( Univ. of Utah ) Key Point Untrusted mobile code can allow anybody to build

365 views • 13 slides
MetaSync File Synchroniza/on Across Mul/ple Untrusted Storage

MetaSync File Synchroniza/on Across Mul/ple Untrusted Storage

MetaSync File Synchroniza/on Across Mul/ple Untrusted Storage Services Seungyeop Han (syhan@cs.washington.edu) Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,

837 views • 37 slides
Learning From Data Lecture 3 Is Learning Feasible? Outside the Data Probability to the Rescue

Learning From Data Lecture 3 Is Learning Feasible? Outside the Data Probability to the Rescue

Learning From Data Lecture 3 Is Learning Feasible? Outside the Data Probability to the Rescue Learning vs. Verification Selection Bias - A Cartoon M. Magdon-Ismail CSCI 4100/6100 recap: The Perceptron Learning Algorithm y = +1 y x

538 views • 27 slides
1 Attacks on randomization - Error repeating the question An attack:

1 Attacks on randomization - Error repeating the question An attack:

Context: Theory of variable privacy Theory of security allows binary choice for data revelation: Bob is trusted/untrusted The channel coding theorem and the If he is trusted, data is revealed to him using a perfect protocol

400 views • 5 slides
A Survey of Oblivious RAMs David Cash IBM Securely Outsourcing Memory Server Goal : Store,

A Survey of Oblivious RAMs David Cash IBM Securely Outsourcing Memory Server Goal : Store,

A Survey of Oblivious RAMs David Cash IBM Securely Outsourcing Memory Server Goal : Store, access, and update data on an untrusted server. Mem[0] a Mem[1] b Mem[2] c Write(i,x) Read(j) Mem[i] d Client Mem[j] e Untrusted

908 views • 70 slides
Web Authentication using Third-parties in Untrusted Environments Anna Vapen PhD Thesis

Web Authentication using Third-parties in Untrusted Environments Anna Vapen PhD Thesis

Web Authentication using Third-parties in Untrusted Environments Anna Vapen PhD Thesis Presentation 2016-09-30 Supervisors: Nahid Shahmehri, Niklas Carlsson ***** 3 Agenda 1. Background 2. Research problems 3. Analysis Web

607 views • 33 slides
Learning From Data Lecture 2 The Perceptron The Learning Setup A Simple Learning Algorithm: PLA

Learning From Data Lecture 2 The Perceptron The Learning Setup A Simple Learning Algorithm: PLA

Learning From Data Lecture 2 The Perceptron The Learning Setup A Simple Learning Algorithm: PLA Other Views of Learning Is Learning Feasible: A Puzzle M. Magdon-Ismail CSCI 4100/6100 recap: The Plan 1. What is Learning? 2. Can We do it?

613 views • 25 slides
STRUCTURE INTO MACHINE LEARNING TRINITY OF AI ALGORITHMS COMPUTE DATA 2 DEEP LEARNING IS

STRUCTURE INTO MACHINE LEARNING TRINITY OF AI ALGORITHMS COMPUTE DATA 2 DEEP LEARNING IS

Anima Anandkumar BEYOND BLACK BOXES: INFUSING STRUCTURE INTO MACHINE LEARNING TRINITY OF AI ALGORITHMS COMPUTE DATA 2 DEEP LEARNING IS DATA-HUNGRY STRUCTURE-INFUSED LEARNING Learning Data Priors = + Learning Data Priors = + How

579 views • 44 slides
S iRiUS: Securing Remote Untrusted S torage NDS S 2003 Eu-Jin Goh, Hovav S hacham,

S iRiUS: Securing Remote Untrusted S torage NDS S 2003 Eu-Jin Goh, Hovav S hacham,

S iRiUS: Securing Remote Untrusted S torage NDS S 2003 Eu-Jin Goh, Hovav S hacham, Nagendra Modadugu, and Dan Boneh S tanford University Introduction S ecure network file syst ems not widespread. Why? 1. Hard to deploy No

739 views • 56 slides
InkTag: Secure Applications on an Untrusted Operating System Paper from The University of Texas

InkTag: Secure Applications on an Untrusted Operating System Paper from The University of Texas

InkTag: Secure Applications on an Untrusted Operating System Paper from The University of Texas at Austin by: Owen S. Hofmann, Kim Sangmann, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel Presented by: Kyle May and Carson Boden Outline

680 views • 26 slides
Online Metric Algorithms with Untrusted Predictions Antonios Antoniadis 1 Christian Coester 2

Online Metric Algorithms with Untrusted Predictions Antonios Antoniadis 1 Christian Coester 2

Online Metric Algorithms with Untrusted Predictions Antonios Antoniadis 1 Christian Coester 2 Marek Elias 3 Adam Polak 4 Bertrand Simon 5 1: MPI, Saarbrucken (Germany). 2: CWI, Amsterdam (Netherlands). 3: EPFL, Lausanne (Switzerland). 4:

485 views • 45 slides
Introduction to machine learning COMS 4721 Learning from data Machine learning : the study

Introduction to machine learning COMS 4721 Learning from data Machine learning : the study

Introduction to machine learning COMS 4721 Learning from data Machine learning : the study of computational mechanisms that learn from data in order to make predictions and decisions. Example 1: image classification A birdwatcher

932 views • 14 slides
Learning Aides Additional tools that can be applied to all techniques Learning From Data Lecture

Learning Aides Additional tools that can be applied to all techniques Learning From Data Lecture

Learning Aides Additional tools that can be applied to all techniques Learning From Data Lecture 27 Learning Aides Input Preprocessing Dimensionality Reduction and Feature Selection Preprocess data to account for arbitrary choices during data

430 views • 4 slides

More recommend