The Security of Latent Dirichlet Allocation

Shike Mei; Xiaojin Zhu

2015 AISTATS AISTATS 2015

The Security of Latent Dirichlet Allocation

Abstract

Latent Dirichlet allocation (LDA) is an increasingly popular tool for data analysis in many domains. If LDA output affects decision making (especially when money is involved), there is an incentive for attackers to compromise it. We ask the question: how can an attacker minimally poison the corpus so that LDA produces topics that the attacker wants the LDA user to see? Answering this question is important to characterize such attacks, and to develop defenses in the future. We give a novel bilevel optimization formulation to identify the optimal poisoning attack. We present an efficient solution (up to local optima) using descent method and implicit functions. We demonstrate poisoning attacks on LDA with extensive experiments, and discuss possible defenses.

🌉 Interdisciplinary Bridge — Artificial Intelligence and Machine Learning

📈 Trend Setter — AI Safety

🧭 Keyword Pioneer — model security

🐣 Hot Topic Early Bird — model security

🐝 Cross-Pollinator — Artificial Intelligence, Computer Science, Computer Vision, Data Science & Analytics, Deep Learning, Healthcare & Medicine, Interdisciplinary, Knowledge & Reasoning, Machine Learning, Mathematics & Optimization, Natural Language Processing, Reinforcement Learning, Security & Privacy, Speech & Audio

Authors

Shike Mei , Xiaojin Zhu

Topics

Artificial Intelligence > Core AI > AI Safety Machine Learning > Application Areas > Privacy

Keywords

model security latent dirichlet allocation bilevel optimization adversarial attack poisoning attack

Download PDF

Related papers

Near-optimal max-affine estimators for convex regression 2015

Sparse Solutions to Nonnegative Linear Systems and Applications 2015

Online Optimization : Competing with Dynamic Comparators 2015

Dimensionality estimation without distances 2015

Robust sketching for multiple square-root LASSO problems 2015