Diego
Roux Hern

Can We Rely on Error Thresholds? Practical Attacks on Proof of Learning. STEM

Abstract profile. Full document pending author claim.

Authors:

Diego Roux Hern

Date Created:

Not specified

Course Title:
Professor:

Not specified

About Paper:

Machine Learning (ML) model training can be computationally expensive. To address this, we might outsource training to computationally capable workers (i.e. servers). In doing so, we trust that these workers will perform the required computations honestly. Commonly, we might be working with untrusted third-party workers, so we need a way to verify that no malicious acts occurred during training. Proof of Learning (PoL) is a method that allows us to verify that the adequate computations to train the model were performed. To achieve this, a trace of all, or some, computations are logged. Validating a PoL claim can be done by arriving at the same computational trace, or by recomputing each step. However, this approach faces practical challenges. For example, various hardware and software implementations have introduced optimisations that have resulted in non- deterministic behaviour, causing variations in between identical runs. Additionally, using distinct hardware may also yield similar variations. Therefore, PoL protocols need to account for some error margin during validation. The relationship between this error margin and practical attacks in training is currently not well-understood, and we aim to close this gap. We'll investigate the practicality of malicious trainer attacks under different PoL error margins with different aims (e.g., to derail or bias training) and study their success rate. We believe that the findings of this project could help practitioners better understand the trade-offs between security and performance in training. Further studies and implementations need to explore deterministic, hardware-invariant ML training algorithms that can compete with current runtime performance. Keywords: Trustworthy Machine Learning; Training Attacks; AI; Cybersecurity; Practical Attacks

Source:

Purdue University / 2025

Topics:

No topics listed

Co-authors:

Diego Roux Hern

0