ABSTRACT
Machine learning (ML) algorithms are vulnerable to poisoning attacks, where a fraction of the training data is manipulated to deliberately degrade the algorithms' performance. Optimal attacks can be formulated as bilevel optimization problems and help to assess their robustness in worst case scenarios. We show that current approaches, which typically assume that hyperparameters remain constant, lead to an overly pessimistic view of the algorithms' robustness and of the impact of regularization. We propose a novel optimal attack formulation that considers the effect of the attack on the hyperparameters and models the attack as a multiobjective bilevel optimization problem. This allows us to formulate optimal attacks, learn hyperparameters, and evaluate robustness under worst case conditions. We apply this attack formulation to several ML classifiers using L2 and L1 regularization. Our evaluation on multiple datasets shows that choosing an "a priori" constant value for the regularization hyperparameter can be detrimental to the performance of the algorithms. This confirms the limitations of previous strategies and evidences the benefits of using L2 and L1 regularization to dampen the effect of poisoning attacks, when hyperparameters are learned using a small trusted dataset. Additionally, our results show that the use of regularization plays an important robustness and stability role in complex models, such as deep neural networks (DNNs), where the attacker can have more flexibility to manipulate the decision boundary.
ABSTRACT
In the last years, many passive electromagnetic sensors have been reported. Some of these sensors are used for measuring harmful substances. Moreover, the response of these sensors is usually obtained with laboratory equipment. This approach highly increases the total cost and complexity of the sensing system. In this work, a novel low-cost and portable Internet-of-Things (IoT) reader for passive wireless electromagnetic sensors is proposed. The reader is used to interrogate the sensors within a short-range wireless link avoiding the direct contact with the substances under test. The IoT functionalities of the reader allows remote sensing from computers and handheld devices. For that purpose, the proposed design is based on four functional layers: the radiating layer, the RF interface, the IoT mini-computer and the power unit. In this paper a demonstrator of the proposed reader is designed and manufactured. The demonstrator shows, through the remote measurement of different substances, that the proposed system can estimate the dielectric permittivity. It has been demonstrated that a linear approximation with a small error can be extracted from the reader measurements. It is remarkable that the proposed reader can be used with other type of electromagnetic sensors, which transduce the magnitude variations in the frequency domain.
