摘要
LinUCB算法是求解上下文多臂老虎机问题的一种典型算法,被广泛应用于新闻投放、产品推荐、医疗资源分配等场景中.目前对该算法的安全性研究略显薄弱,这就要求研究者进一步加深对该算法的攻击方式的研究,以作出具有针对性乃至泛用性的防御措施.本文提出了两种通过添加虚假数据的方式对LinUCB算法进行离线数据投毒攻击的攻击方案,即TCA方案(target context attack)与OCA方案(optimized context attack).前者是基于训练数据与目标上下文的相似性来生成投毒数据的;后者是建模一个优化问题,通过求解该问题来构造投毒数据,是前者的优化版本.实验测试表明,仅需添加少量投毒数据作为攻击成本即可实现对攻击目标的100%攻击成功率.
The LinUCB algorithm is a typical algorithm for solving the contextual multi-armed bandit problem,which is widely used in scenarios such as news delivery,product recommendation,and medical resource allocation.There is very little research on the security of this algorithm,which requires further investigation of their attack methods in order to make targeted and even universal defense measures.In this work,we first propose two attack schemes for offline data poisoning attacks on the LinUCB algorithm by adding fake data,namely TCA(target context attack)and OCA(optimized context attack).The former generates poisoning data based on the similarity between training data and target context,while the latter models an optimization problem to construct the poisoning data,which is an optimized version of the former.Experimental evaluations show that only by adding a small amount of poisoning data we could achieve a 100%attack success rate.
作者
姜伟龙
何琨
Weilong JIANG;Kun HE(School of Computer Science&Technology,Huazhong University of Science and Technology,Wuhan 430074,China)
出处
《中国科学:信息科学》
CSCD
北大核心
2024年第7期1569-1587,共19页
Scientia Sinica(Informationis)
基金
国家自然基金(批准号:62076105,U22B2017)资助项目。
