Paper 2019/764

The Adversarial Robustness of Sampling

Omri Ben-Eliezer and Eylon Yogev

Abstract

Random sampling is a fundamental primitive in modern algorithms, statistics, and machine learning, used as a generic method to obtain a small yet ``representative'' subset of the data. In this work, we investigate the robustness of sampling against adaptive adversarial attacks in a streaming setting: An adversary sends a stream of elements from a universe $U$ to a sampling algorithm (e.g., Bernoulli sampling or reservoir sampling), with the goal of making the sample ``very unrepresentative'' of the underlying data stream. The adversary is fully adaptive in the sense that it knows the exact content of the sample at any given point along the stream, and can choose which element to send next accordingly, in an online manner. Well-known results in the static setting indicate that if the full stream is chosen in advance (non-adaptively), then a random sample of size $\Omega(d / \varepsilon^2)$ is an $\varepsilon$-approximation of the full data with good probability, where $d$ is the VC-dimension of the underlying set system $(U, \mathcal{R})$. Does this sample size suffice for robustness against an adaptive adversary? The simplistic answer is \emph{negative}: We demonstrate a set system where a constant sample size (corresponding to a VC-dimension of $1$) suffices in the static setting, yet an adaptive adversary can make the sample very unrepresentative, as long as the sample size is (strongly) sublinear in the stream length, using a simple and easy-to-implement attack. However, this attack is ``theoretical only'', requiring the set system size to (essentially) be exponential in the stream length. This is not a coincidence: We show that in order to make the sampling algorithm robust against adaptive adversaries, the modification required is solely to replace the VC-dimension term $d$ in the sample size with the cardinality term $\log |\mathcal{R}|$. That is, the Bernoulli and reservoir sampling algorithms with sample size $\Omega(\log |\mathcal{R}|/\varepsilon^2)$ output a representative sample of the stream with good probability, even in the presence of an adaptive adversary. This nearly matches the bound imposed by the attack.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint. MINOR revision.
Keywords
random samplingadversarial modelepsilon-approximationstreaming algorithm
Contact author(s)
eylony @ gmail com
History
2019-07-02: received
Short URL
https://ia.cr/2019/764
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/764,
      author = {Omri Ben-Eliezer and Eylon Yogev},
      title = {The Adversarial Robustness of Sampling},
      howpublished = {Cryptology ePrint Archive, Paper 2019/764},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/764}},
      url = {https://eprint.iacr.org/2019/764}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.