DOCSLIB.ORG

Adversarial Machine Learning∗

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Adversarial Machine Learning∗ In Proceedings of 4th ACM Workshop on Artificial Intelligence and Security, October 2011, pp. 43-58 Adversarial Machine Learning∗ Ling Huang Anthony D. Joseph Blaine Nelson Intel Labs Berkeley UC Berkeley University of Tübingen [email protected] [email protected] [email protected] tuebingen.de Benjamin I. P. Rubinstein J. D. Tygar Microsoft Research UC Berkeley [email protected] [email protected] ABSTRACT learning techniques against an adversarial opponent. To see In this paper (expanded from an invited talk at AISEC why this field is needed, is learning—the study of effective 2010), we discuss an emerging field of study: adversarial ma- machine learning techniques against an adversarial oppo- chine learning—the study of effective machine learning tech- nent. To see why this field is needed, it is helpful to recall niques against an adversarial opponent. In this paper, we: a common metaphor: security is sometimes thought of as a give a taxonomy for classifying attacks against online ma- chess game between two players. For a player to win, it is chine learning algorithms; discuss application-specific fac- not only necessary to have an effective strategy, one must tors that limit an adversary’s capabilities; introduce two also anticipate the opponent’s response to that strategy. models for modeling an adversary’s capabilities; explore the Statistical machine learning has already become an im- limits of an adversary’s knowledge about the algorithm, fea- portant tool in a security engineer’s repertoire. However, ture space, training, and input data; explore vulnerabili- machine learning in an adversarial environment requires us ties in machine learning algorithms; discuss countermeasures to anticipate that our opponent will try to cause machine against attacks; introduce the evasion challenge; and discuss learning to fail in many ways. In this paper, we discuss privacy-preserving learning techniques. both a theoretical framework for understanding adversar- ial machine learning, and then discuss a number of specific examples illustrating how these techniques succeed or fail. Categories and Subject Descriptors Advances in computing capabilities have made online sta- D.4.6 [Security and Protection]: Invasive software (e.g., tistical machine learning a practical and useful tool for solv- viruses, worms, Trojan horses); I.5.1 [Models]: Statistical; ing large-scale decision-making problems in many systems I.5.2 [Design Methodology] and networking domains, including spam filtering, network intrusion detection, and virus detection [36, 45, 60]. In these General Terms domains, a machine learning algorithm, such as a Bayesian learner or a Support Vector Machine (SVM) [14], is typically Algorithms, Design, Security, Theory periodically retrained on new input data. Unfortunately, sophisticated adversaries are well aware Keywords that online machine learning is being applied and we have Adversarial Learning, Computer Security, Game Theory, substantial evidence that they frequently attempt to break Intrusion Detection, Machine Learning, Security Metrics, many of the assumptions that practitioners make (e.g., data Spam Filters, Statistical Learning has various weak stochastic properties; independence; a sta- tionary data distribution). 1. INTRODUCTION The lack of stationarity provides ample opportunity for mischief during training (including periodic re-training) and In this paper, we discuss an emerging field of study: ad- classification stages. In many cases, the adversary is able to versarial machine learning—the study of effective machine poison the learner’s classifications, often in a highly targeted manner. For instance, an adversary can craft input data ∗This paper expands upon J. D. Tygar’s invited talk at AISec 2010 on Adversarial Machine Learning describing the that has similar feature properties to normal data (e.g., cre- SecML project at UC Berkeley, and includes material from ating a spam message that appears to be non-spam to the many of our collaborators. We kindly thank this year’s learner), or they exhibit Byzantine behaviors by crafting in- AISec organizers for allowing us to present this paper. put data that, when retrained on, causes the learner to learn an incorrect decision-making function. These sophisticated adversaries are patient and adapt their behaviors to achieve Permission to make digital or hard copies of all or part of this work for various goals, such as avoiding detection of attacks, caus- personal or classroom use is granted without fee provided that copies are ing benign input to be classified as attack input, launching not made or distributed for profit or commercial advantage and that copies focused or targeted attacks, or searching a classifier to find bear this notice and the full citation on the first page. To copy otherwise, to blind-spots in the algorithm. republish, to post on servers or to redistribute to lists, requires prior specific Adversarial machine learning is the design of machine permission and/or a fee. learning algorithms that can resist these sophisticated at- AISec’11, October 21, 2011, Chicago, Illinois, USA. Copyright 2011 ACM 978-1-4503-1003-1/11/10 ...$10.00. tacks, and the study of the capabilities and limitations of 43 attackers. In this paper, we: give a taxonomy for classifying indiscriminate fashion on a broad class of instances. Each attacks against online machine learning algorithms; discuss axis, especially this one, can potentially be a spectrum of application-specific factors that limit an adversary’s capa- choices, but for simplicity, we will categorize attacks and bilities; introduce two models for modeling an adversary’s defenses into these groupings. capabilities; explore the limits of an adversary’s knowledge about the algorithm, feature space, training, and input data; 2.1 Game Specification and Interpretation explore vulnerabilities in machine learning algorithms; dis- We model secure learning systems as a game between an cuss countermeasures against attacks; introduce the eva- attacker and a defender—the attacker manipulates data to sion challenge; and discuss privacy-preserving learning tech- mis-train or evade a learning algorithm chosen by the de- niques. fender to thwart the attacker’s objective. This game can be formalized in terms of a learning algorithm H ; and the at- 2. TAXONOMY tacker’s data corruption strategies A(train) and A(eval). The resulting game can be described as follows:1 In prior work [2], we introduced a qualitative taxonomy of attacks against a machine learning system, which has since 1. Defender Choose learning algorithm H for selecting been extended to propose a framework for quantitatively hypotheses based on observed data evaluating security threats [37]. Our taxonomy categorizes 2. Attacker Choose attack procedures A(train) and A(eval) an attack based on the following three properties: (potentially with knowledge of H ) 3. Learning: Influence Obtain dataset D(train) with contamination from Causative - Causative attacks alter the training pro- • A(train) cess through influence over the training data. Learn hypothesis: f H D(train) Exploratory - Exploratory attacks do not alter the • ← training process but use other techniques, such 4. Evaluation: D(eval) as probing the detector, to discover information Obtain dataset with contamination from • (eval) about it or its training data. A Compare predictions f (x) to y for each data point Security violation • (x, y) D(eval) Integrity - Integrity attacks result in intrusion points ∈ being classified as normal (false negatives). This game structure describes the fundamental interac- Availability - Availability attacks cause so many clas- tions between the defender and attacker in choosing H , A(train) sification errors, both false negatives and false and A(eval); these steps are depicted in Figure 1. The de- positives, that the system becomes effectively un- fender chooses H to select hypotheses that predict well re- usable. gardless of A(train) and A(eval), while the attacker chooses Privacy - In a privacy violation, the adversary ob- A(train) and A(eval) to produce poor predictions. The char- tains information from the learner, compromising acteristics specified by the taxonomy’s axes further spec- the secrecy or privacy of the system’s users. ify some aspects of this game. The influence axis deter- Specificity (a continuous spectrum) mines the structure of the game and the legal moves that Targeted - In a targeted attack, the focus is on a sin- each player can make. In exploratory attacks, the procedure gle or small set of target points. A(train) is not used in the game, and thereby the attacker Indiscriminate - An indiscriminate adversary has a only influences D(eval). Meanwhile, in the causative game more flexible goal that involves a very general the attacker also has indirect influence on f through his class of points, such as “any false negative.” choice of A(train). The specificity and security viola- The first axis describes the capability of the attacker: tion axes of the taxonomy determine which instances the whether (a) the attacker has the ability to influence the adversary would like to have misclassified during the evalua- training data that is used to construct the classifier (a caus- tion phase. In an integrity attack, the attacker desires false (train) (eval) ative attack) or (b) the attacker does not influence the learned negatives and therefore will use A and/or A to classifier, but can send new instances to the classifier and create or discover false negatives, whereas in an availability, possibly observe its decisions on these carefully crafted in- the attacker will also try to create or exploit false positives. stances (an exploratory attack). Finally, in a targeted attack the attacker only cares about The second axis indicates the type of security violation the predictions for a small number of instances, while an the attacker causes: either (a) allowing harmful instances indiscriminate attacker cares about prediction for a broad to slip through the filter as false negatives (an integrity vi- range of instances. olation); (b) creating a denial of service event in which be- nign instances are incorrectly filtered as false positives (an 3.
Load more

Recommended publications
  • Kitsune: an Ensemble of Autoencoders for Online Network Intrusion Detection
    Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection Yisroel Mirsky, Tomer Doitshman, Yuval Elovici and Asaf Shabtai Ben-Gurion University of the Negev yisroel, tomerdoi @post.bgu.ac.il, elovici, shabtaia @bgu.ac.il { } { } Abstract—Neural networks have become an increasingly popu- Over the last decade many machine learning techniques lar solution for network intrusion detection systems (NIDS). Their have been proposed to improve detection performance [2], [3], capability of learning complex patterns and behaviors make them [4]. One popular approach is to use an artificial neural network a suitable solution for differentiating between normal traffic and (ANN) to perform the network traffic inspection. The benefit network attacks. However, a drawback of neural networks is of using an ANN is that ANNs are good at learning complex the amount of resources needed to train them. Many network non-linear concepts in the input data. This gives ANNs a gateways and routers devices, which could potentially host an NIDS, simply do not have the memory or processing power to great advantage in detection performance with respect to other train and sometimes even execute such models. More importantly, machine learning algorithms [5], [2]. the existing neural network solutions are trained in a supervised The prevalent approach to using an ANN as an NIDS is manner. Meaning that an expert must label the network traffic to train it to classify network traffic as being either normal and update the model manually from time to time. or some class of attack [6], [7], [8]. The following shows the In this paper, we present Kitsune: a plug and play NIDS typical approach to using an ANN-based classifier in a point which can learn to detect attacks on the local network, without deployment strategy: supervision, and in an efficient online manner.
    [Show full text]
  • An Introduction to Incremental Learning by Qiang Wu and Dave Snell
    Article from Predictive Analytics and Futurism July 2016 Issue 13 An Introduction to Incremental Learning By Qiang Wu and Dave Snell achine learning provides useful tools for predictive an- alytics. The typical machine learning problem can be described as follows: A system produces a specific out- Mput for each given input. The mechanism underlying the system can be described by a function that maps the input to the output. Human beings do not know the mechanism but can observe the inputs and outputs. The goal of a machine learning algorithm is regression, perceptron for classification and incremental princi- to infer the mechanism by a set of observations collected for the pal component analysis. input and output. Mathematically, we use (xi,yi ) to denote the i-th pair of observation of input and output. If the real mech- STOCHASTIC GRADIENT DESCENT anism of the system to produce data is described by a function In linear regression, f*(x) = wTx is a linear function of the input f*, then the true output is supposed to be f*(x ). However, due i vector. The usual choice of the loss function is the squared loss to systematic noise or measurement error, the observed output L(y,wTx) = (y-wTx)2. The gradient of L with respect to the weight y satisfies y = f*(x )+ϵ where ϵ is an unavoidable but hopefully i i i i i vector w is given by small error term. The goal then, is to learn the function f* from the n pairs of observations {(x ,y ),(x ,y ),…,(x ,y )}.
    [Show full text]
  • Adversarial Examples: Attacks and Defenses for Deep Learning
    1 Adversarial Examples: Attacks and Defenses for Deep Learning Xiaoyong Yuan, Pan He, Qile Zhu, Xiaolin Li∗ National Science Foundation Center for Big Learning, University of Florida {chbrian, pan.he, valder}@ufl.edu, [email protected]fl.edu Abstract—With rapid progress and significant successes in a based malware detection and anomaly detection solutions are wide spectrum of applications, deep learning is being applied built upon deep learning to find semantic features [14]–[17]. in many safety-critical environments. However, deep neural net- Despite great successes in numerous applications, many of works have been recently found vulnerable to well-designed input samples, called adversarial examples. Adversarial examples are deep learning empowered applications are life crucial, raising imperceptible to human but can easily fool deep neural networks great concerns in the field of safety and security. “With great in the testing/deploying stage. The vulnerability to adversarial power comes great responsibility” [18]. Recent studies find examples becomes one of the major risks for applying deep neural that deep learning is vulnerable against well-designed input networks in safety-critical environments. Therefore, attacks and samples. These samples can easily fool a well-performed defenses on adversarial examples draw great attention. In this paper, we review recent findings on adversarial examples for deep learning model with little perturbations imperceptible to deep neural networks, summarize the methods for generating humans. adversarial examples, and propose a taxonomy of these methods. Szegedy et al. first generated small perturbations on the im- Under the taxonomy, applications for adversarial examples are ages for the image classification problem and fooled state-of- investigated.
    [Show full text]
  • Deep Learning and Neural Networks Module 4
    Deep Learning and Neural Networks Module 4 Table of Contents Learning Outcomes ......................................................................................................................... 5 Review of AI Concepts ................................................................................................................... 6 Artificial Intelligence ............................................................................................................................ 6 Supervised and Unsupervised Learning ................................................................................................ 6 Artificial Neural Networks .................................................................................................................... 8 The Human Brain and the Neural Network ........................................................................................... 9 Machine Learning Vs. Neural Network ............................................................................................... 11 Machine Learning vs. Neural Network Comparison Table (Educba, 2019) .............................................. 12 Conclusion – Machine Learning vs. Neural Network ........................................................................... 13 Real-time Speech Translation ............................................................................................................. 14 Uses of a Translator App ...................................................................................................................
    [Show full text]
  • An Online Machine Learning Algorithm for Heat Load Forecasting in District Heating Systems
    Thesis no: MGCS-2014-04 An Online Machine Learning Algorithm for Heat Load Forecasting in District Heating Systems Spyridon Provatas Faculty of Computing Blekinge Institute of Technology SE371 79 Karlskrona, Sweden This thesis is submitted to the Faculty of Computing at Blekinge Institute of Technology in partial fulllment of the requirements for the degree of Master of Science in Computer Science. The thesis is equivalent to 10 weeks of full-time studies. Contact Information: Author: Spyridon Provatas E-mail: [email protected] External advisor: Christian Johansson, PhD Chief Technology Ocer NODA Intelligent Systems AB University advisor: Niklas Lavesson, PhD Associate Professor of Computer Science Dept. Computer Science & Engineering Faculty of Computing Internet : www.bth.se Blekinge Institute of Technology Phone : +46 455 38 50 00 SE371 79 Karlskrona, Sweden Fax : +46 455 38 50 57 Abstract Context. Heat load forecasting is an important part of district heating opti- mization. In particular, energy companies aim at minimizing peak boiler usage, optimizing combined heat and power generation and planning base production. To achieve resource eciency, the energy companies need to estimate how much energy is required to satisfy the market demand. Objectives. We suggest an online machine learning algorithm for heat load fore- casting. Online algorithms are increasingly used due to their computational ef- ciency and their ability to handle changes of the predictive target variable over time. We extend the implementation of online bagging to make it compatible to regression problems and we use the Fast Incremental Model Trees with Drift De- tection (FIMT-DD) as the base model. Finally, we implement and incorporate to the algorithm a mechanism that handles missing values, measurement errors and outliers.
    [Show full text]
  • Online Machine Learning: Incremental Online Learning Part 2
    Online Machine Learning: Incremental Online Learning Part 2 Insights Article Danny Butvinik Chief Data Scientist | NICE Actimize Copyright © 2020 NICE Actimize. All rights reserved. 1 Abstract Incremental and online machine learning recently have received more and more attention, especially in the context of learning from real-time data streams as opposed to a traditional assumption of complete data availability. Although a variety of different methods are available, it often remains unclear which are most suitable for specific tasks, and how they perform in comparison to each other. This article reviews the eight popular incremental methods representing distinct algorithm classes. Introduction My previous article served as an introduction to online machine learning. This article will provide an overview of a few online incremental learning algorithms (or instance-based incremental learning), that is, the model is learning each example as it arrives. Classical batch machine learning approaches, in which all data are simultaneously accessed, do not meet the requirements to handle the sheer volume in the given time. This leads to more and more accumulated data that are unprocessed. Furthermore, these approaches do not continuously integrate new information into already constructed models, but instead regularly reconstruct new models from scratch. This is not only very time consuming but also leads to potentially outdated models. Overcoming this situation requires a paradigm shift to sequential data processing in a streaming scheme. This not only allows us to use information as soon as it is available, leading to models that are always up to date, but also reduces the costs for data storage and maintenance.
    [Show full text]
  • Data Mining, Machine Learning and Big Data Analytics
    International Transaction of Electrical and Computer Engineers System, 2017, Vol. 4, No. 2, 55-61 Available online at http://pubs.sciepub.com/iteces/4/2/2 ©Science and Education Publishing DOI:10.12691/iteces-4-2-2 Data Mining, Machine Learning and Big Data Analytics Lidong Wang* Department of Engineering Technology, Mississippi Valley State University, Itta Bena, MS, USA *Corresponding author: [email protected] Abstract This paper analyses deep learning and traditional data mining and machine learning methods; compares the advantages and disadvantage of the traditional methods; introduces enterprise needs, systems and data, IT challenges, and Big Data in an extended service infrastructure. The feasibility and challenges of the applications of deep learning and traditional data mining and machine learning methods in Big Data analytics are also analyzed and presented. Keywords: big data, Big Data analytics, data mining, machine learning, deep learning, information technology, data engineering Cite This Article: Lidong Wang, “Data Mining, Machine Learning and Big Data Analytics.” International Transaction of Electrical and Computer Engineers System, vol. 4, no. 2 (2017): 55-61. doi: 10.12691/iteces-4-2-2. PCA can be used to reduce the observed variables into a smaller number of principal components [3]. 1 . Introduction Factor analysis is another method for dimensionality reduction. It is useful for understanding the underlying Data mining focuses on the knowledge discovery of reasons for the correlations among a group of variables. data. Machine learning concentrates on prediction based The main applications of factor analysis are reducing the on training and learning. Data mining uses many machine number of variables and detecting structure in the learning methods; machine learning also uses data mining relationships among variables.
    [Show full text]
  • Merlyn.AI Prudent Investing Just Got Simpler and Safer
    Merlyn.AI Prudent Investing Just Got Simpler and Safer by Scott Juds October 2018 1 Merlyn.AI Prudent Investing Just Got Simpler and Safer We Will Review: • Logistics – Where to Find Things • Brief Summary of our Base Technology • How Artificial Intelligence Will Help • Brief Summary of How Merlyn.AI Works • The Merlyn.AI Strategies and Portfolios • Importing Strategies and Building Portfolios • Why AI is “Missing in Action” on Wall Street? 2 Merlyn.AI … Why It Matters 3 Simply Type In Logistics: Merlyn.AI 4 Videos and Articles Archive 6 Merlyn.AI Builds On (and does not have to re-discover) Other Existing Knowledge It Doesn’t Have to Reinvent All of this From Scratch Merlyn.AI Builds On Top of SectorSurfer First Proved Momentum in Market Data Merlyn.AI Accepts This Re-Discovery Not Necessary Narasiman Jegadeesh Sheridan Titman Emory University U. of Texas, Austin Academic Paper: “Returns to Buying Winners and Selling Losers: Implications for Stock Market Efficiency” (1993) Formally Confirmed Momentum in Market Data Merlyn.AI Accepts This Re-Discovery Not Necessary Eugene Fama Kenneth French Nobel Prize, 2013 Dartmouth College “the premier market anomaly” that’s “above suspicion.” Academic Paper - 2008: “Dissecting Anomalies” Proved Signal-to-Noise Ratio Controls the Probability of Making the Right Decision Claude Shannon National Medal of Science, 1966 Merlyn.AI Accepts This Re-Discovery Not Necessary Matched Filter Theory Design for Optimum J. H. Van Vleck Signal-to-Noise Ratio Noble Prize, 1977 Think Outside of the Box Merlyn.AI Accepts This Re-Discovery Not Necessary Someplace to Start Designed for Performance Differential Signal Processing Removes Common Mode Noise (Relative Strength) Samuel H.
    [Show full text]
  • Tianbao Yang
    Tianbao Yang Contact 101 MacLean Hall Voice: (517) 505-0391 Information Iowa City, IA 52242 Email: [email protected] URL: http://www.cs.uiowa.edu/~tyng Research Machine Learning, Optimization, and Application in Big Data Analytics Interests Affiliations Department of Computer Science, The University of Iowa Iowa Informatics Initiative Applied Mathematical and Computational Sciences Program Appointments Assistant Professor 2014 - Present Department of Computer Science, The University of Iowa, Iowa City, IA Researcher, NEC Laboratories America, Inc., Cupertino, CA 2013 - 2014 Researcher, GE Global Research, San Ramon, CA 2012 - 2013 Education Michigan State University, East Lansing, Michigan, USA Doctor of Philosophy, Computer Science and Engineering 2012 Advisor: Dr. Rong Jin University of Science and Technology of China, Hefei, Anhui, China Bachelor of Engineering, Automation 2007 Honors and • NSF CAREER Award, 2019. Awards • Dean's Excellence in Research Scholar, 2019. • Old Gold Fellowship, UIowa, 2015. • Excellence in Teaching, Berlin-Blank Center, UIowa, 2015. • Runner-up, Detection competition in Large Scale Visual Recognition Challenge, 2013. • Best Student Paper Award, The 25th Conference of Learning Theory (COLT), 2012. Publications Refereed Journal Publications: 1. Lijun Zhang, Tianbao Yang, Rong Jin, Zhi-hua Zhou. Relative Error Bound Analysis for Nu- clear Norm Regularized Matrix Completion. Journal of Machine Learning Research (JMLR), 2019. (minor revision). 2. Tianbao Yang, Qihang Lin. RSG: Beating Subgradient Method without Smoothness and/or Strong Convexity. Journal of Machine Learning Research (JMLR), 2018. 3. Tianbao Yang, Lijun Zhang, Rong Jin, Shenghuo Zhu, Zhi-Hua Zhou. A Simple Homotopy Proximal Mapping for Compressive Sensing. Machine Learning, 2018. 4. Yongan Tang, Jianxin He, Xiaoli Gao, Tianbao Yang, Xiangqun Zeng.
    [Show full text]
  • Learning to Generate Corrective Patches Using Neural Machine Translation
    JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2015 1 Learning to Generate Corrective Patches Using Neural Machine Translation Hideaki Hata, Member, IEEE, Emad Shihab, Senior Member, IEEE, and Graham Neubig Abstract—Bug fixing is generally a manually-intensive task. However, recent work has proposed the idea of automated program repair, which aims to repair (at least a subset of) bugs in different ways such as code mutation, etc. Following in the same line of work as automated bug repair, in this paper we aim to leverage past fixes to propose fixes of current/future bugs. Specifically, we propose Ratchet, a corrective patch generation system using neural machine translation. By learning corresponding pre-correction and post-correction code in past fixes with a neural sequence-to-sequence model, Ratchet is able to generate a fix code for a given bug-prone code query. We perform an empirical study with five open source projects, namely Ambari, Camel, Hadoop, Jetty and Wicket, to evaluate the effectiveness of Ratchet. Our findings show that Ratchet can generate syntactically valid statements 98.7% of the time, and achieve an F1-measure between 0.29 – 0.83 with respect to the actual fixes adopted in the code base. In addition, we perform a qualitative validation using 20 participants to see whether the generated statements can be helpful in correcting bugs. Our survey showed that Ratchet’s output was considered to be helpful in fixing the bugs on many occasions, even if fix was not 100% correct. Index Terms—patch generation, corrective patches, neural machine translation, change reuse.
    [Show full text]
  • NIPS 2017 Workshop Book
    NIPS 2017 Workshop book Schedule Highlights Generated Fri Dec 18, 2020 Workshop organizers make last-minute changes to their schedule. Download this document again to get the lastest changes, or use the NIPS mobile application. Dec. 8, 2017 101 A Learning in the Presence of Strategic Behavior Haghtalab, Mansour, Roughgarden, Syrgkanis, Wortman Vaughan 101 B Visually grounded interaction and language Strub, de Vries, Das, Kottur, Lee, Malinowski, Pietquin, Parikh, Batra, Courville, Mary 102 A+B Advances in Modeling and Learning Interactions from Complex Data Dasarathy, Kolar, Baraniuk 102 C 6th Workshop on Automated Knowledge Base Construction (AKBC) Pujara, Arad, Dalvi Mishra, Rocktäschel 102 C Synergies in Geometric Data Analysis (TWO DAYS) Meila, Chazal, Chen 103 A+B Competition track Escalera, Weimer 104 A Machine Learning for Health (ML4H) - What Parts of Healthcare are Ripe for Disruption by Machine Learning Right Now? Beam, Beam, Fiterau, Fiterau, Schulam, Schulam, Fries, Fries, Hughes, Hughes, Wiltschko, Wiltschko, Snoek, Snoek, Antropova, Antropova, Ranganath, Ranganath, Jedynak, Jedynak, Naumann, Naumann, Dalca, Dalca, Dalca, Dalca, Althoff, Althoff, ASTHANA, ASTHANA, Tandon, Tandon, Kandola, Kandola, Ratner, Ratner, Kale, Kale, Shalit, Shalit, Ghassemi, Ghassemi, Kohane, Kohane 104 B Acting and Interacting in the Real World: Challenges in Robot Learning Posner, Hadsell, Riedmiller, Wulfmeier, Paul 104 C Deep Learning for Physical Sciences Baydin, Prabhat, Cranmer, Wood 201 A Machine Learning for Audio Signal Processing (ML4Audio)
    [Show full text]
  • 1 Machine Learning and Microeconomics
    1 Machine Learning and Microeconomics RAFAEL M. FRONGILLO, Harvard University The focus of my research is on theoretical problems at the interface between ma- chine learning and microeconomics. This interface is broad, spanning domains such as crowdsourcing and prediction markets, to finance and algorithmic game theory. I am particularly interested in applying machine learning theory to economic domains, such as using coordinate descent to understand market behavior, and conversely using economic models to develop more robust and realistic techniques for machine learning. Online Learning in Economics Broadly speaking, online (machine) learning algorithms are those which make predic- tions “on the fly” as data points arrive, rather than waiting for all the training data to predict. These algorithms often have performance guarantees which hold even in the presence of an adversary who chooses the worst possible data stream. The dynamic nature and strong guarantees of these algorithms make them useful tools for model- ing agent behavior. While I have contributed to online learning itself, in my masters thesis [18] as well as more recently [26], I present here some applications to economics. Robust option pricing. Would the prices of financial derivatives change if investors assumed that the stock market fluctuations were chosen by an adversary? That is what my coauthors and I set out to understand when we applied techniques from online learning to financial derivative pricing, asking how much higher a price an investor would pay for such a contract if the only alternative was to trade by herself in a stock market personally dead-set against her. Surprisingly, we found in [4;2] that under mild assumptions on the stock market volatility, the pricing would not change—that is, the stock market is already as adversarial as possible! These results have strong ties to game-theoretic probability and recent work unifying online learning algorithms.
    [Show full text]