Coordinated Attacks against Contextual Bandits: Fundamental Limits and Defense Mechanisms
This addresses security and efficiency challenges in online recommendation systems by providing fundamental limits and defenses against coordinated attacks, representing a strong specific gain in robust learning.
The paper tackles the problem of learning optimal policies in multitask contextual bandits when a fraction of users are adversarial, showing that adversarial users fundamentally increase the per-user interaction cost from O(1/ε²) to at least Ω̃(min(S,A)·α²/ε²), and achieves an upper bound of Õ(min(S,A)·α/ε²) using robust mean estimators.
Motivated by online recommendation systems, we propose the problem of finding the optimal policy in multitask contextual bandits when a small fraction $α< 1/2$ of tasks (users) are arbitrary and adversarial. The remaining fraction of good users share the same instance of contextual bandits with $S$ contexts and $A$ actions (items). Naturally, whether a user is good or adversarial is not known in advance. The goal is to robustly learn the policy that maximizes rewards for good users with as few user interactions as possible. Without adversarial users, established results in collaborative filtering show that $O(1/ε^2)$ per-user interactions suffice to learn a good policy, precisely because information can be shared across users. This parallelization gain is fundamentally altered by the presence of adversarial users: unless there are super-polynomial number of users, we show a lower bound of $\tildeΩ(\min(S,A) \cdot α^2 / ε^2)$ {\it per-user} interactions to learn an $ε$-optimal policy for the good users. We then show we can achieve an $\tilde{O}(\min(S,A)\cdot α/ε^2)$ upper-bound, by employing efficient robust mean estimators for both uni-variate and high-dimensional random variables. We also show that this can be improved depending on the distributions of contexts.