Diego
Roux Hern
Can We Rely on Error Thresholds? Practical Attacks on Proof of Learning. STEM
Abstract profile. Full document pending author claim.
Authors:
Diego Roux Hern
Date Created:
Not specified
Course Title:
Professor:
Not specified
About Paper:
Machine Learning (ML) model training can be computationally expensive. To address this, we might outsource training to computationally capable workers (i.e. servers). In doing so, we trust that these workers will perform the required computations honestly. Commonly, we might be working with untrusted third-party workers, so we need a way to verify that no malicious acts occurred during training. Proof of Learning (PoL) is a method that allows us to verify that the adequate computations to train the model were performed. To achieve this, a trace of all, or some, computations are logged. Validating a PoL claim can be done by arriving at the same computational trace, or by recomputing each step. However, this approach faces practical challenges. For example, various hardware and software implementations have introduced optimisations that have resulted in non- deterministic behaviour, causing variations in between identical runs. Additionally, using distinct hardware may also yield similar variations. Therefore, PoL protocols need to account for some error margin during validation. The relationship between this error margin and practical attacks in training is currently not well-understood, and we aim to close this gap. We'll investigate the practicality of malicious trainer attacks under different PoL error margins with different aims (e.g., to derail or bias training) and study their success rate. We believe that the findings of this project could help practitioners better understand the trade-offs between security and performance in training. Further studies and implementations need to explore deterministic, hardware-invariant ML training algorithms that can compete with current runtime performance. Keywords: Trustworthy Machine Learning; Training Attacks; AI; Cybersecurity; Practical Attacks
Source:
Purdue University / 2025
Topics:
No topics listed
Co-authors:
Diego Roux Hern