Robust Nonparametric Regression under Poisoning Attack

Authors

  • Puning Zhao Zhejiang Lab, Hangzhou, Zhejiang, China
  • Zhiguo Wan Zhejiang Lab, Hangzhou, Zhejiang, China

DOI:

https://doi.org/10.1609/aaai.v38i15.29644

Keywords:

ML: Learning Theory, ML: Information Theory

Abstract

This paper studies robust nonparametric regression, in which an adversarial attacker can modify the values of up to q samples from a training dataset of size N. Our initial solution is an M-estimator based on Huber loss minimization. Compared with simple kernel regression, i.e. the Nadaraya-Watson estimator, this method can significantly weaken the impact of malicious samples on the regression performance. We provide the convergence rate as well as the corresponding minimax lower bound. The result shows that, with proper bandwidth selection, supremum error is minimax optimal. The L2 error is optimal with relatively small q, but is suboptimal with larger q. The reason is that this estimator is vulnerable if there are many attacked samples concentrating in a small region. To address this issue, we propose a correction method by projecting the initial estimate to the space of Lipschitz functions. The final estimate is nearly minimax optimal for arbitrary q, up to a logarithmic factor.
AAAI-24 / IAAI-24 / EAAI-24 Proceedings Cover

Downloads

Published

2024-03-24

How to Cite

Zhao, P., & Wan, Z. (2024). Robust Nonparametric Regression under Poisoning Attack. Proceedings of the AAAI Conference on Artificial Intelligence, 38(15), 17007-17015. https://doi.org/10.1609/aaai.v38i15.29644

Issue

Vol. 38 No. 15: AAAI-24 Technical Tracks 15

Section

AAAI Technical Track on Machine Learning VI