面向LinUCB算法的数据投毒攻击方法
Data poisoning attacks on the LinUCB algorithm
姜伟龙 1何琨1
作者信息
- 1. 华中科技大学计算机科学与技术学院,武汉 430074
- 折叠
摘要
LinUCB算法是求解上下文多臂老虎机问题的一种典型算法,被广泛应用于新闻投放、产品推荐、医疗资源分配等场景中.目前对该算法的安全性研究略显薄弱,这就要求研究者进一步加深对该算法的攻击方式的研究,以作出具有针对性乃至泛用性的防御措施.本文提出了两种通过添加虚假数据的方式对LinUCB算法进行离线数据投毒攻击的攻击方案,即TCA方案(target context attack)与OCA方案(optimized context attack).前者是基于训练数据与目标上下文的相似性来生成投毒数据的;后者是建模一个优化问题,通过求解该问题来构造投毒数据,是前者的优化版本.实验测试表明,仅需添加少量投毒数据作为攻击成本即可实现对攻击目标的100%攻击成功率.
Abstract
The LinUCB algorithm is a typical algorithm for solving the contextual multi-armed bandit problem,which is widely used in scenarios such as news delivery,product recommendation,and medical resource allocation.There is very little research on the security of this algorithm,which requires further investigation of their attack methods in order to make targeted and even universal defense measures.In this work,we first propose two attack schemes for offline data poisoning attacks on the LinUCB algorithm by adding fake data,namely TCA(target context attack)and OCA(optimized context attack).The former generates poisoning data based on the similarity between training data and target context,while the latter models an optimization problem to construct the poisoning data,which is an optimized version of the former.Experimental evaluations show that only by adding a small amount of poisoning data we could achieve a 100%attack success rate.
关键词
上下文多臂老虎机/LinUCB算法/数据投毒攻击/白盒攻击/优化问题Key words
contextual multi-armed bandit/LinUCB/data poisoning attack/white-box attack/optimization problem引用本文复制引用
基金项目
国家自然基金(62076105)
国家自然基金(U22B2017)
出版年
2024
NETL
NSTL
万方数据