{"data":{"id":"10.48550/arxiv.1905.12121","type":"dois","attributes":{"doi":"10.48550/arxiv.1905.12121","prefix":"10.48550","suffix":"arxiv.1905.12121","identifiers":[{"identifier":"1905.12121","identifierType":"arXiv"}],"alternateIdentifiers":[{"alternateIdentifierType":"arXiv","alternateIdentifier":"1905.12121"}],"creators":[{"name":"Wang, Yizhen","nameType":"Personal","givenName":"Yizhen","familyName":"Wang","affiliation":[],"nameIdentifiers":[]},{"name":"Jha, Somesh","nameType":"Personal","givenName":"Somesh","familyName":"Jha","affiliation":[],"nameIdentifiers":[]},{"name":"Chaudhuri, Kamalika","nameType":"Personal","givenName":"Kamalika","familyName":"Chaudhuri","affiliation":[],"nameIdentifiers":[]}],"titles":[{"title":"An Investigation of Data Poisoning Defenses for Online Learning"}],"publisher":"arXiv","container":{},"publicationYear":2019,"subjects":[{"lang":"en","subject":"Machine Learning (cs.LG)","subjectScheme":"arXiv"},{"lang":"en","subject":"Cryptography and Security (cs.CR)","subjectScheme":"arXiv"},{"lang":"en","subject":"Machine Learning (stat.ML)","subjectScheme":"arXiv"},{"subject":"FOS: Computer and information sciences","subjectScheme":"Fields of Science and Technology (FOS)"},{"subject":"FOS: Computer and information sciences","schemeUri":"http://www.oecd.org/science/inno/38235147.pdf","subjectScheme":"Fields of Science and Technology (FOS)"}],"contributors":[],"dates":[{"date":"2019-05-28T22:42:29Z","dateType":"Submitted","dateInformation":"v1"},{"date":"2019-05-30T00:05:40Z","dateType":"Updated","dateInformation":"v1"},{"date":"2019-10-18T17:43:59Z","dateType":"Submitted","dateInformation":"v2"},{"date":"2019-10-21T00:18:34Z","dateType":"Updated","dateInformation":"v2"},{"date":"2020-02-19T23:44:35Z","dateType":"Submitted","dateInformation":"v3"},{"date":"2020-02-21T01:04:37Z","dateType":"Updated","dateInformation":"v3"},{"date":"2019-05","dateType":"Available","dateInformation":"v1"},{"date":"2019","dateType":"Issued"}],"language":null,"types":{"ris":"GEN","bibtex":"misc","citeproc":"article","schemaOrg":"CreativeWork","resourceType":"Article","resourceTypeGeneral":"Preprint"},"relatedIdentifiers":[],"relatedItems":[],"sizes":[],"formats":[],"version":"3","rightsList":[{"rights":"arXiv.org perpetual, non-exclusive license","rightsUri":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/"}],"descriptions":[{"description":"Data poisoning attacks -- where an adversary can modify a small fraction of training data, with the goal of forcing the trained classifier to high loss -- are an important threat for machine learning in many applications. While a body of prior work has developed attacks and defenses, there is not much general understanding on when various attacks and defenses are effective. In this work, we undertake a rigorous study of defenses against data poisoning for online learning. First, we study four standard defenses in a powerful threat model, and provide conditions under which they can allow or resist rapid poisoning. We then consider a weaker and more realistic threat model, and show that the success of the adversary in the presence of data poisoning defenses there depends on the \"ease\" of the learning problem.","descriptionType":"Abstract"}],"geoLocations":[],"fundingReferences":[],"xml":"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPHJlc291cmNlIHhtbG5zPSJodHRwOi8vZGF0YWNpdGUub3JnL3NjaGVtYS9rZXJuZWwtNCIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnNjaGVtYUxvY2F0aW9uPSJodHRwOi8vZGF0YWNpdGUub3JnL3NjaGVtYS9rZXJuZWwtNCBodHRwOi8vc2NoZW1hLmRhdGFjaXRlLm9yZy9tZXRhL2tlcm5lbC00LjMvbWV0YWRhdGEueHNkIj4KICA8aWRlbnRpZmllciBpZGVudGlmaWVyVHlwZT0iRE9JIj4xMC40ODU1MC9BUlhJVi4xOTA1LjEyMTIxPC9pZGVudGlmaWVyPgogIDxhbHRlcm5hdGVJZGVudGlmaWVycz4KICAgIDxhbHRlcm5hdGVJZGVudGlmaWVyIGFsdGVybmF0ZUlkZW50aWZpZXJUeXBlPSJhclhpdiI+MTkwNS4xMjEyMTwvYWx0ZXJuYXRlSWRlbnRpZmllcj4KICA8L2FsdGVybmF0ZUlkZW50aWZpZXJzPgogIDxjcmVhdG9ycz4KICAgIDxjcmVhdG9yPgogICAgICA8Y3JlYXRvck5hbWUgbmFtZVR5cGU9IlBlcnNvbmFsIj5XYW5nLCBZaXpoZW48L2NyZWF0b3JOYW1lPgogICAgICA8Z2l2ZW5OYW1lPllpemhlbjwvZ2l2ZW5OYW1lPgogICAgICA8ZmFtaWx5TmFtZT5XYW5nPC9mYW1pbHlOYW1lPgogICAgPC9jcmVhdG9yPgogICAgPGNyZWF0b3I+CiAgICAgIDxjcmVhdG9yTmFtZSBuYW1lVHlwZT0iUGVyc29uYWwiPkpoYSwgU29tZXNoPC9jcmVhdG9yTmFtZT4KICAgICAgPGdpdmVuTmFtZT5Tb21lc2g8L2dpdmVuTmFtZT4KICAgICAgPGZhbWlseU5hbWU+SmhhPC9mYW1pbHlOYW1lPgogICAgPC9jcmVhdG9yPgogICAgPGNyZWF0b3I+CiAgICAgIDxjcmVhdG9yTmFtZSBuYW1lVHlwZT0iUGVyc29uYWwiPkNoYXVkaHVyaSwgS2FtYWxpa2E8L2NyZWF0b3JOYW1lPgogICAgICA8Z2l2ZW5OYW1lPkthbWFsaWthPC9naXZlbk5hbWU+CiAgICAgIDxmYW1pbHlOYW1lPkNoYXVkaHVyaTwvZmFtaWx5TmFtZT4KICAgIDwvY3JlYXRvcj4KICA8L2NyZWF0b3JzPgogIDx0aXRsZXM+CiAgICA8dGl0bGU+QW4gSW52ZXN0aWdhdGlvbiBvZiBEYXRhIFBvaXNvbmluZyBEZWZlbnNlcyBmb3IgT25saW5lIExlYXJuaW5nPC90aXRsZT4KICA8L3RpdGxlcz4KICA8cHVibGlzaGVyPmFyWGl2PC9wdWJsaXNoZXI+CiAgPHB1YmxpY2F0aW9uWWVhcj4yMDE5PC9wdWJsaWNhdGlvblllYXI+CiAgPHN1YmplY3RzPgogICAgPHN1YmplY3QgeG1sOmxhbmc9ImVuIiBzdWJqZWN0U2NoZW1lPSJhclhpdiI+TWFjaGluZSBMZWFybmluZyAoY3MuTEcpPC9zdWJqZWN0PgogICAgPHN1YmplY3QgeG1sOmxhbmc9ImVuIiBzdWJqZWN0U2NoZW1lPSJhclhpdiI+Q3J5cHRvZ3JhcGh5IGFuZCBTZWN1cml0eSAoY3MuQ1IpPC9zdWJqZWN0PgogICAgPHN1YmplY3QgeG1sOmxhbmc9ImVuIiBzdWJqZWN0U2NoZW1lPSJhclhpdiI+TWFjaGluZSBMZWFybmluZyAoc3RhdC5NTCk8L3N1YmplY3Q+CiAgICA8c3ViamVjdCBzdWJqZWN0U2NoZW1lPSJGaWVsZHMgb2YgU2NpZW5jZSBhbmQgVGVjaG5vbG9neSAoRk9TKSI+Rk9TOiBDb21wdXRlciBhbmQgaW5mb3JtYXRpb24gc2NpZW5jZXM8L3N1YmplY3Q+CiAgPC9zdWJqZWN0cz4KICA8ZGF0ZXM+CiAgICA8ZGF0ZSBkYXRlVHlwZT0iU3VibWl0dGVkIiBkYXRlSW5mb3JtYXRpb249InYxIj4yMDE5LTA1LTI4VDIyOjQyOjI5WjwvZGF0ZT4KICAgIDxkYXRlIGRhdGVUeXBlPSJVcGRhdGVkIiBkYXRlSW5mb3JtYXRpb249InYxIj4yMDE5LTA1LTMwVDAwOjA1OjQwWjwvZGF0ZT4KICAgIDxkYXRlIGRhdGVUeXBlPSJTdWJtaXR0ZWQiIGRhdGVJbmZvcm1hdGlvbj0idjIiPjIwMTktMTAtMThUMTc6NDM6NTlaPC9kYXRlPgogICAgPGRhdGUgZGF0ZVR5cGU9IlVwZGF0ZWQiIGRhdGVJbmZvcm1hdGlvbj0idjIiPjIwMTktMTAtMjFUMDA6MTg6MzRaPC9kYXRlPgogICAgPGRhdGUgZGF0ZVR5cGU9IlN1Ym1pdHRlZCIgZGF0ZUluZm9ybWF0aW9uPSJ2MyI+MjAyMC0wMi0xOVQyMzo0NDozNVo8L2RhdGU+CiAgICA8ZGF0ZSBkYXRlVHlwZT0iVXBkYXRlZCIgZGF0ZUluZm9ybWF0aW9uPSJ2MyI+MjAyMC0wMi0yMVQwMTowNDozN1o8L2RhdGU+CiAgICA8ZGF0ZSBkYXRlVHlwZT0iQXZhaWxhYmxlIiBkYXRlSW5mb3JtYXRpb249InYxIj4yMDE5LTA1PC9kYXRlPgogIDwvZGF0ZXM+CiAgPHJlc291cmNlVHlwZSByZXNvdXJjZVR5cGVHZW5lcmFsPSJQcmVwcmludCI+QXJ0aWNsZTwvcmVzb3VyY2VUeXBlPgogIDx2ZXJzaW9uPjM8L3ZlcnNpb24+CiAgPHJpZ2h0c0xpc3Q+CiAgICA8cmlnaHRzIHJpZ2h0c1VSST0iaHR0cDovL2FyeGl2Lm9yZy9saWNlbnNlcy9ub25leGNsdXNpdmUtZGlzdHJpYi8xLjAvIj5hclhpdi5vcmcgcGVycGV0dWFsLCBub24tZXhjbHVzaXZlIGxpY2Vuc2U8L3JpZ2h0cz4KICA8L3JpZ2h0c0xpc3Q+CiAgPGRlc2NyaXB0aW9ucz4KICAgIDxkZXNjcmlwdGlvbiBkZXNjcmlwdGlvblR5cGU9IkFic3RyYWN0Ij5EYXRhIHBvaXNvbmluZyBhdHRhY2tzIC0tIHdoZXJlIGFuIGFkdmVyc2FyeSBjYW4gbW9kaWZ5IGEgc21hbGwgZnJhY3Rpb24gb2YgdHJhaW5pbmcgZGF0YSwgd2l0aCB0aGUgZ29hbCBvZiBmb3JjaW5nIHRoZSB0cmFpbmVkIGNsYXNzaWZpZXIgdG8gaGlnaCBsb3NzIC0tIGFyZSBhbiBpbXBvcnRhbnQgdGhyZWF0IGZvciBtYWNoaW5lIGxlYXJuaW5nIGluIG1hbnkgYXBwbGljYXRpb25zLiBXaGlsZSBhIGJvZHkgb2YgcHJpb3Igd29yayBoYXMgZGV2ZWxvcGVkIGF0dGFja3MgYW5kIGRlZmVuc2VzLCB0aGVyZSBpcyBub3QgbXVjaCBnZW5lcmFsIHVuZGVyc3RhbmRpbmcgb24gd2hlbiB2YXJpb3VzIGF0dGFja3MgYW5kIGRlZmVuc2VzIGFyZSBlZmZlY3RpdmUuIEluIHRoaXMgd29yaywgd2UgdW5kZXJ0YWtlIGEgcmlnb3JvdXMgc3R1ZHkgb2YgZGVmZW5zZXMgYWdhaW5zdCBkYXRhIHBvaXNvbmluZyBmb3Igb25saW5lIGxlYXJuaW5nLiBGaXJzdCwgd2Ugc3R1ZHkgZm91ciBzdGFuZGFyZCBkZWZlbnNlcyBpbiBhIHBvd2VyZnVsIHRocmVhdCBtb2RlbCwgYW5kIHByb3ZpZGUgY29uZGl0aW9ucyB1bmRlciB3aGljaCB0aGV5IGNhbiBhbGxvdyBvciByZXNpc3QgcmFwaWQgcG9pc29uaW5nLiBXZSB0aGVuIGNvbnNpZGVyIGEgd2Vha2VyIGFuZCBtb3JlIHJlYWxpc3RpYyB0aHJlYXQgbW9kZWwsIGFuZCBzaG93IHRoYXQgdGhlIHN1Y2Nlc3Mgb2YgdGhlIGFkdmVyc2FyeSBpbiB0aGUgcHJlc2VuY2Ugb2YgZGF0YSBwb2lzb25pbmcgZGVmZW5zZXMgdGhlcmUgZGVwZW5kcyBvbiB0aGUgImVhc2UiIG9mIHRoZSBsZWFybmluZyBwcm9ibGVtLjwvZGVzY3JpcHRpb24+CiAgPC9kZXNjcmlwdGlvbnM+CjwvcmVzb3VyY2U+","url":"https://arxiv.org/abs/1905.12121","contentUrl":null,"metadataVersion":0,"schemaVersion":"http://datacite.org/schema/kernel-4","source":"mds","isActive":true,"state":"findable","reason":null,"viewCount":0,"viewsOverTime":[],"downloadCount":0,"downloadsOverTime":[],"referenceCount":0,"citationCount":0,"citationsOverTime":[],"partCount":0,"partOfCount":0,"versionCount":0,"versionOfCount":0,"created":"2022-02-28T12:34:05.000Z","registered":"2022-02-28T12:34:09.000Z","published":"2019","updated":"2022-02-28T12:34:09.000Z"},"relationships":{"client":{"data":{"id":"arxiv.content","type":"clients"}},"provider":{"data":{"id":"arxiv","type":"providers"}},"media":{"data":{"id":"10.48550/arxiv.1905.12121","type":"media"}},"references":{"data":[]},"citations":{"data":[]},"parts":{"data":[]},"partOf":{"data":[]},"versions":{"data":[]},"versionOf":{"data":[]}}}}