The perturbation analysis of linear solvers applied to systems arising broadly in machine learning settings -- for instance, when using linear regression models -- establishes an important perspective when reframing these analyses through the lens of a data poisoning attack. By analyzing solvers' responses to such attacks, this work aims to contribute to the development of more robust linear solvers and provide insights into poisoning attacks on linear solvers. In particular, we investigate how the errors in the input data will affect the fitting error and accuracy of the solution from a linear system-solving algorithm under perturbations common in adversarial attacks. We propose data perturbation through two distinct knowledge levels, developing a poisoning optimization and studying two methods of perturbation: Label-guided Perturbation (LP) and Unconditioning Perturbation (UP). Existing works mainly focus on deriving the worst-case perturbation bound from a theoretical perspective, and the analysis is often limited to specific kinds of linear system solvers. Under the circumstance that the data is intentionally perturbed -- as is the case with data poisoning -- we seek to understand how different kinds of solvers react to these perturbations, identifying those algorithms most impacted by different types of adversarial attacks.
翻译:在机器学习场景中广泛应用的线性系统求解器(例如使用线性回归模型时)的扰动分析,通过数据投毒攻击的视角重新审视这些分析,建立了一个重要的研究方向。通过分析求解器对此类攻击的响应,本研究旨在为开发更鲁棒的线性求解器做出贡献,并为针对线性求解器的投毒攻击提供见解。具体而言,我们研究了在对抗攻击常见的扰动下,输入数据中的误差将如何影响线性系统求解算法所得解的拟合误差与精度。我们通过两种不同的知识水平提出数据扰动方法,构建了一种投毒优化框架,并研究了两种扰动方法:标签引导扰动(LP)和无条件扰动(UP)。现有工作主要侧重于从理论角度推导最坏情况下的扰动边界,且分析通常局限于特定类型的线性系统求解器。在数据被故意扰动(即数据投毒)的情况下,我们试图理解不同类型的求解器如何响应这些扰动,从而识别出最易受不同类型对抗攻击影响的算法。