Redactor: Targeted Disinformation Generation using Probabilistic
Decision Boundaries
- URL: http://arxiv.org/abs/2202.02902v1
- Date: Mon, 7 Feb 2022 01:43:25 GMT
- Title: Redactor: Targeted Disinformation Generation using Probabilistic
Decision Boundaries
- Authors: Geon Heo, Steven Euijong Whang
- Abstract summary: We study the problem of targeted disinformation where the goal is to lower the accuracy of inference attacks on a specific target.
We show that our problem is best solved by finding the closest points to the target in the input space that will be labeled as a different class.
We also propose techniques for making the disinformation realistic.
- Score: 7.303121062667876
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Information leakage is becoming a critical problem as various information
becomes publicly available by mistake, and machine learning models train on
that data to provide services. As a result, one's private information could
easily be memorized by such trained models. Unfortunately, deleting information
is out of the question as the data is already exposed to the Web or third-party
platforms. Moreover, we cannot necessarily control the labeling process and the
model trainings by other parties either. In this setting, we study the problem
of targeted disinformation where the goal is to lower the accuracy of inference
attacks on a specific target (e.g., a person's profile) only using data
insertion. While our problem is related to data privacy and defenses against
exploratory attacks, our techniques are inspired by targeted data poisoning
attacks with some key differences. We show that our problem is best solved by
finding the closest points to the target in the input space that will be
labeled as a different class. Since we do not control the labeling process, we
instead conservatively estimate the labels probabilistically by combining
decision boundaries of multiple classifiers using data programming techniques.
We also propose techniques for making the disinformation realistic. Our
experiments show that a probabilistic decision boundary can be a good proxy for
labelers, and that our approach outperforms other targeted poisoning methods
when using end-to-end training on real datasets.
Related papers
- Pseudo-Probability Unlearning: Towards Efficient and Privacy-Preserving Machine Unlearning [59.29849532966454]
We propose PseudoProbability Unlearning (PPU), a novel method that enables models to forget data to adhere to privacy-preserving manner.
Our method achieves over 20% improvements in forgetting error compared to the state-of-the-art.
arXiv Detail & Related papers (2024-11-04T21:27:06Z) - Data Selection for Transfer Unlearning [14.967546081883034]
We advocate for a relaxed definition of unlearning that does not address privacy applications.
We propose a new method that uses a mechanism for selecting relevant examples from an auxiliary "static" dataset.
We find that our method outperforms the gold standard "exact unlearning" on several datasets.
arXiv Detail & Related papers (2024-05-16T20:09:41Z) - Corrective Machine Unlearning [22.342035149807923]
We formalize Corrective Machine Unlearning as the problem of mitigating the impact of data affected by unknown manipulations on a trained model.
We find most existing unlearning methods, including retraining-from-scratch without the deletion set, require most of the manipulated data to be identified for effective corrective unlearning.
One approach, Selective Synaptic Dampening, achieves limited success, unlearning adverse effects with just a small portion of the manipulated samples in our setting.
arXiv Detail & Related papers (2024-02-21T18:54:37Z) - FlatMatch: Bridging Labeled Data and Unlabeled Data with Cross-Sharpness
for Semi-Supervised Learning [73.13448439554497]
Semi-Supervised Learning (SSL) has been an effective way to leverage abundant unlabeled data with extremely scarce labeled data.
Most SSL methods are commonly based on instance-wise consistency between different data transformations.
We propose FlatMatch which minimizes a cross-sharpness measure to ensure consistent learning performance between the two datasets.
arXiv Detail & Related papers (2023-10-25T06:57:59Z) - Canary in a Coalmine: Better Membership Inference with Ensembled
Adversarial Queries [53.222218035435006]
We use adversarial tools to optimize for queries that are discriminative and diverse.
Our improvements achieve significantly more accurate membership inference than existing methods.
arXiv Detail & Related papers (2022-10-19T17:46:50Z) - Truth Serum: Poisoning Machine Learning Models to Reveal Their Secrets [53.866927712193416]
We show that an adversary who can poison a training dataset can cause models trained on this dataset to leak private details belonging to other parties.
Our attacks are effective across membership inference, attribute inference, and data extraction.
Our results cast doubts on the relevance of cryptographic privacy guarantees in multiparty protocols for machine learning.
arXiv Detail & Related papers (2022-03-31T18:06:28Z) - A Survey on Semi-Supervised Learning for Delayed Partially Labelled Data
Streams [10.370629574634092]
This survey pays special attention to methods that leverage unlabelled data in a semi-supervised setting.
We discuss the delayed labelling issue, which impacts both fully supervised and semi-supervised methods.
arXiv Detail & Related papers (2021-06-16T23:14:20Z) - Instance Correction for Learning with Open-set Noisy Labels [145.06552420999986]
We use the sample selection approach to handle open-set noisy labels.
The discarded data are seen to be mislabeled and do not participate in training.
We modify the instances of discarded data to make predictions for the discarded data consistent with given labels.
arXiv Detail & Related papers (2021-06-01T13:05:55Z) - Gradient-based Data Subversion Attack Against Binary Classifiers [9.414651358362391]
In this work, we focus on label contamination attack in which an attacker poisons the labels of data to compromise the functionality of the system.
We exploit the gradients of a differentiable convex loss function with respect to the predicted label as a warm-start and formulate different strategies to find a set of data instances to contaminate.
Our experiments show that the proposed approach outperforms the baselines and is computationally efficient.
arXiv Detail & Related papers (2021-05-31T09:04:32Z) - Adversarial Knowledge Transfer from Unlabeled Data [62.97253639100014]
We present a novel Adversarial Knowledge Transfer framework for transferring knowledge from internet-scale unlabeled data to improve the performance of a classifier.
An important novel aspect of our method is that the unlabeled source data can be of different classes from those of the labeled target data, and there is no need to define a separate pretext task.
arXiv Detail & Related papers (2020-08-13T08:04:27Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.