Search papers, labs, and topics across Lattice.
This paper addresses the challenge of identifying corrupted vertices in graphs manipulated by adversaries, where the adversary can strategically add edges to obscure these vertices. The authors develop an active learning algorithm that efficiently queries to recover the corrupted vertices, achieving a query complexity that scales polynomially with the adversary's power and the graph's vertex expansion. Notably, this work reveals the critical influence of vertex expansion on the effectiveness of active learning in adversarial settings, marking a significant advancement in the field.
The query complexity of active learning algorithms can be dramatically influenced by the graph's vertex expansion, revealing a new dimension in adversarial robustness.
Motivated by real-world scenarios where malicious entities tamper with existing networks, we define a model where an adversary seeks to hide a set of \emph{corrupted vertices} inside a graph $G^*$. To this end, the adversary can add edges between the corrupted vertices, as well as edges between the corrupted vertices and $G^*$, and its power is then measured by the size of the \emph{neighborhood} of the corrupted vertices in $G^*$. Our goal is to design an active learning algorithm that efficiently finds the subset of corrupted vertices using a small number of label queries. We devise an efficient algorithm that approximately recovers the corrupted vertices with a query complexity that depends polynomially on both the power of the adversary and the \emph{vertex expansion} of $G^*$, a fundamental measure of graph connectivity. At the heart of this result is a polynomial-time algorithm, obtained by carefully adapting sum-of-squares algorithms for approximating minimum expansion, that finds a set with small vertex expansion subject to cardinality constraints. To the best of our knowledge, this is the first time that the vertex expansion is shown to play a key role in determining the query complexity of active learning algorithms robust to structural adversarial attacks.