Imperial College London
Portrait Picture

Professor Emil Lupu

Faculty of EngineeringDepartment of Computing

Professor of Computer Systems
 
 
 
//

Contact

 

e.c.lupu Website

 
 
//

Location

 

564Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@unpublished{Carnerero-Cano:2021,
author = {Carnerero-Cano, J and Muñoz-González, L and Spencer, P and Lupu, EC},
publisher = {arXiv},
title = {Regularization can help mitigate poisoning attacks... with the right  hyperparameters},
url = {http://arxiv.org/abs/2105.10948v1},
year = {2021}
}
Download

RIS format (EndNote, RefMan)

TY  - UNPB
AB  - Machine learning algorithms are vulnerable to poisoning attacks, where afraction of the training data is manipulated to degrade the algorithms'performance. We show that current approaches, which typically assume thatregularization hyperparameters remain constant, lead to an overly pessimisticview of the algorithms' robustness and of the impact of regularization. Wepropose a novel optimal attack formulation that considers the effect of theattack on the hyperparameters, modelling the attack as a \emph{minimax bileveloptimization problem}. This allows to formulate optimal attacks, selecthyperparameters and evaluate robustness under worst case conditions. We applythis formulation to logistic regression using $L_2$ regularization, empiricallyshow the limitations of previous strategies and evidence the benefits of using$L_2$ regularization to dampen the effect of poisoning attacks.
AU  - Carnerero-Cano,J
AU  - Muñoz-González,L
AU  - Spencer,P
AU  - Lupu,EC
PB  - arXiv
PY  - 2021///
TI  - Regularization can help mitigate poisoning attacks... with the right  hyperparameters
UR  - http://arxiv.org/abs/2105.10948v1
UR  - http://hdl.handle.net/10044/1/89188
ER  -
Download