holisticai.robustness.attackers.LinRegGDPoisoner

class holisticai.robustness.attackers.LinRegGDPoisoner(poison_proportion=0.2, num_inits=1, max_iter=15, initializer='inf_flip', eta=0.01, beta=0.05, sigma=0.9, eps=0.001, objective=0, opty=True)

LinRegGDPoisoner implements a gradient-based poisoning attack for regression models by using an ordinary least squares regression model at its core. The attack involves calculating gradients, selecting poison points based on these gradients, assigning response values to amplify their effect, and iterating this process to generate the desired number of poisoned points.

Parameters

poison_proportionfloat

The proportion of points to flip. Default is 0.2.

num_initsint

The number of initializations. Default is 1.

max_iterint

The maximum number of iterations. Default is 15.

initializerstr

The initialization method. Default is ‘inf_flip’. Options are ‘inf_flip’. ‘adaptive’, ‘randflip’ and ‘randflipnobd’.

etafloat

Gradient descent step size. Default is 0.01.

betafloat

Decay rate for line search. Default is 0.05.

sigmafloat

Line search stop condition. Default is 0.9.

epsfloat

Poisoning stop condition. Default is 1e-3.

objectiveint

Objective function to optimize. Default is 0.

optybool

Whether to optimize y. Default is True.

References

[1]

Jagielski, M., Oprea, A., Biggio, B., Liu, C., Nita-Rotaru, C., & Li, B. (2018, May). Manipulating machine learning: Poisoning attacks and countermeasures for regression learning. In 2018 IEEE symposium on security and privacy (SP) (pp. 19-35). IEEE.

generate(X_train, y_train, categorical_mask=None, return_only_poisoned=False)

Parameters

X_trainpandas.DataFrame

The training data features.

y_trainpandas.Series

The training data labels.

categorical_masknumpy.ndarray, optional

A boolean mask indicating which columns in X_train are categorical.

return_only_poisonedbool, optional

If True, return only the poisoned data points. Otherwise, return the entire dataset including the poisoned points.

Returns

pandas.DataFrame

The features of the dataset including the poisoned points.

pandas.Series

The labels of the dataset including the poisoned points.

Notes

If return_only_poisoned is True, the original dataset is not modified. Otherwise, the original dataset is concatenated with the poisoned points.

learn_model(x, y, clf)

Trains a Ridge regression model.

Parameters

xarray-like, shape (n_samples, n_features)

The input samples.

yarray-like, shape (n_samples,)

The target values.

clfobject

The model object.

Returns

object

The trained model.

float

The regularization parameter.