Perspectives on Adversarial Machine Learning in Intelligent Information Systems

Zhuoran Liu • Boek • paperback

• Samenvatting
  Free download at https://doi.org/10.54195/9789465150727
  
  Information systems provide users with tailored information services by collecting, processing, and managing data from diverse sources. Two important, representative, modern intelligent information systems are retrieval systems, which take a user query as input to provide query-relevant information, and recommender systems, which take user-item interaction logs as input to provide related personalized recommendations. The current advancement of intelligent information systems is substantially driven by machine learning, especially deep learning, where models are built on large-scale data sets.
  
  Accumulated externally sourced data is an essential part of the data used in building intelligent systems, where user-contributed media content and interactions are taken to represent users' preferences and to model patterns.
  The current state-of-the-art commercial intelligent systems are primarily advanced by leveraging externally sourced content with the help of machine learning. However, the data-driven nature of these systems gives rise to issues and opportunities for both owners and users of intelligent information systems.
  On the one hand, system owners cannot guarantee the integrity and quality of externally sourced data, so publicly accessible systems may encounter unknown data-caused threats. Such threats, when exploited by malicious parties, could severely harm the end users and owners of information systems.
  On the other hand, users may be unaware of and disagree with how intelligent systems are using and benefiting from their data, especially when they are not certain about their willingness to consent. Misuse of externally sourced data could also potentially harm the users and, later, the owners in the long term.
  
  Adversarial machine learning studies the threats to machine learning models, where most attacks focus on data modifications by exploiting the models' data dependency. This thesis focuses on implications that arise for intelligent information systems because these systems make use of data that is drawn from the outside and can be modified by a user standing outside of the system using adversarial machine learning. The issues arise for all possible different types of input and they fall into two categories. First, from the system owner's perspective, adversarial machine learning can give rise to security issues.
  Second, from the user's perspective, it can represent opportunities for users to improve their privacy or protect their data. Each chapter in this thesis takes one of the two perspectives on adversarial machine learning in intelligent information systems.
  
  In Chapter 2, from the system owner's perspective, we explore the influence of externally sourced adversarial items in the background collections of recommender systems. We investigate the threats to representative recommender systems that use images to address the cold start, including systems with existing countermeasures. In particular, we look into the practical vulnerabilities of visually-aware recommender systems by conducting adversarial item promotion in different threat scenarios where adversaries have gradually less knowledge of the system. We demonstrate that adversarial images targeting the recommendation ranking mechanism may open recommender systems to potential adversarial threats.
  
  In Chapter 3, from the user's perspective, we show that users can protect their data by poisoning, but special attention needs to be paid to stronger adversaries. In particular, we revise the methodologies of availability poisoning for data misuse protection and find that poisoning samples are surrogate-dependent. According to this finding, we introduce a series of compression-based mitigation methods and demonstrate their effectiveness against different types of poisoning methods. In addition, we conduct an in-depth analysis of poisons' dependency on different training stages of surrogate models and provide an analysis of possible adaptive poisoning methods against compression-based mitigation methods. We show that availability poisoning is fragile but still promising in mitigating the misuse of externally sourced data for training.
  
  In Chapter 4, from the user's perspective, we examine and mitigate the privacy risks of externally sourced profiles against bag-based attribute profiling. We provide experiments showing that deep bag-based profile-level classifiers pose a strong privacy threat. Especially, bag-based classifiers that use early or intermediate fusion are potentially more dangerous than approaches that use late fusion, i.e., predict at the item level before aggregating to reach a final prediction. We introduce three pivoting additions to resist bag-based profiling, which we study under different threat scenarios. We show that it is possible for users to resist bag-based attribute profiling by adversarially adding pivoting additions to existing profiles.
  
  In Chapter 5, from the user's perspective, we investigate the influence of externally sourced adversarial image queries on content-based image information retrieval systems. We propose an unsupervised method to generate adversarial image queries that misdirect content-based image retrieval models. We demonstrate the influences of adversarial queries against local, global, and neural feature-based image retrieval systems. We show that the similarity between images in an intelligent information retrieval system can be adjusted in a guided manner to change the results that match a given image query, which benefits users' privacy. Adversarial queries benefit the privacy of users who want to share the image content with others but wish to withhold the semantics.
  
  Based on our findings, we suggest that system owners revisit the necessity of leveraging externally sourced data, and we suggest that users pay attention to potential privacy risks caused by private data exploitation and take the initiative. We emphasize the uncertainty of data collection outside information systems and recommend future research directions to combat privacy and security threats.
• Productinformatie
  Binding : Paperback
  Distributievorm : Boek (print, druk)
  Formaat : 170mm x 240mm
  Aantal pagina's : 151
  Uitgeverij : Radboud University Press
  ISBN : 9789465150727
  Datum publicatie : 04-2025
  
• Inhoudsopgave
  niet beschikbaar
• Reviews (0 uit 0 reviews)
  Wil je meer weten over hoe reviews worden verzameld? Lees onze uitleg hier.