Pengpeng Chen,Hailong Sun,Zhijun Chen

DOI: https://doi.org/10.1007/978-3-030-85896-4_14

2021-01-01

Abstract:Understanding and assessing the vulnerability of crowdsourcing learning against data poisoning attacks is the key to ensure the quality of classifiers trained from crowdsourced labeled data. Existing studies on data poisoning attacks only focus on exploring the vulnerability of crowdsourced label collection. In fact, instead of the quality of labels themselves, the performance of the trained classifier is a main concern in crowdsourcing learning. Nonetheless, the impact of data poisoning attacks on the final classifiers remains underexplored to date. We aim to bridge this gap. First, we formalize the problem of poisoning attacks, where the objective is to sabotage the trained classifier maximally. Second, we transform the problem into a bilevel min-max optimization problem for the typical learning-from-crowds model and design an efficient adversarial strategy. Extensive validation on real-world datasets demonstrates that our attack can significantly decrease the test accuracy of trained classifiers. We verified that the labels generated with our strategy can be transferred to attack a broad family of crowdsourcing learning models in a black-box setting, indicating its applicability and potential of being extended to the physical world.

Pengpeng Chen,Yongqiang Yang,Dingqi Yang,Hailong Sun,Zhijun Chen,Peng Lin

DOI: https://doi.org/10.24963/ijcai.2023/332

2023-01-01

Abstract:Understanding the vulnerability of label aggregation against data poisoning attacks is key to ensuring data quality in crowdsourced label collection. State-of-the-art attack mechanisms generally assume full knowledge of the aggregation models while failing to consider the flexibility of malicious workers in selecting which instances to label. Such a setup limits the applicability of the attack mechanisms and impedes further improvement of their success rate. This paper introduces a black-box data poisoning attack framework that finds the optimal strategies for instance selection and labeling to attack unknown label aggregation models in crowdsourcing. We formulate the attack problem on top of a generic formalization of label aggregation models and then introduce a substitution approach that attacks a substitute aggregation model in replacement of the unknown model. Through extensive validation on multiple real-world datasets, we demonstrate the effectiveness of both instance selection and model substitution in improving the success rate of attacks.

Yanjiao Chen,Xiaotian Zhu,Xueluan Gong,Xinjing Yi,Shuyang Li

DOI: https://doi.org/10.1109/tii.2022.3198481

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:With the unprecedented development of deep learning, autonomous vehicles (AVs) have achieved tremendous progress nowadays. However, AV supported by DNN models is vulnerable to data poisoning attacks, hindering the large-scale application of autonomous driving. For example, by injecting carefully designed poisons into the training dataset of the DNN model in the traffic sign recognition system, the attacker can mislead the system to make targeted misclassification or cause a reduction in model classification accuracy. In this article, we conduct a thorough investigation of the state-of-the-art data poisoning attacks and defenses against AVs. According to whether the attacker needs to manipulate the data labeling process, we divide the state-of-the-art attack approaches into two categories, i.e., dirty-label attacks and clean-label attacks. We also differentiate the existing defense methods into two categories based on whether to modify the training data or the models, i.e., data-based defenses and model-based defenses. In addition to a detailed review of attacks and defenses in each category, we also give a qualitative comparison of the existing attacks and defenses. Besides, we provide a quantitative comparison of the existing attack and defense methods through experiments. Last but not least, we pinpoint several future directions for data poisoning attacks and defenses in AVs, providing possible ways for further research.

Zhirun Zheng,Zhetao Li,Cheng Huang,Saiqin Long,Mushu Li,Xuemin Shen

DOI: https://doi.org/10.1109/tdsc.2024.3363507

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In this paper, we explore data poisoning attacks and their defenses in local differential privacy (LDP)-based crowdsensing systems. First, we construct data poisoning attacks launched by corrupted workers to subvert crowdsensing results by tampering information reported. Specifically, the attacks are formulated as a bi-level optimization problem where attackers strive to conceal their malicious behavior by delicately exploiting noise perturbation introduced by LDP protocols. In this way, the attacks can not be detected, even with the weight-based truth discovery methods. Due to the NP-hard nature of the bi-level problem, we decompose it into upper-level and lower-level sub-problems and employ the augmented Lagrangian method to iteratively solve them, ultimately identifying optimal attack strategies. Second, we propose corresponding countermeasures to defend against the attacks. The countermeasures are formulated as a minimization problem, with the objective of minimizing disruptions caused by attacks through the identification and removal of corrupted workers from crowdsensing systems. To solve the problem, we utilize a differential evolution algorithm instead of gradient-based methods since the objective function of the problem is not differentiable. Extensive experiments on real-world datasets are conducted to evaluate the performance of the proposed attacks and defenses. The evaluation results demonstrate that LDP perturbation indeed facilitates the success of data poisoning attacks, and the proposed defenses can accurately distinguish malicious behaviors disguised.

computer science, information systems, software engineering, hardware & architecture

Zhirun Zheng,Zhetao Li,Cheng Huang,Saiqin Long,Xuemin Shen

DOI: https://doi.org/10.1109/tmc.2024.3486689

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Differential privacy (DP) is widely used for protecting privacy in crowdsensing by adding noises. However, malicious attackers can exploit noise to launch covert data poisoning attacks. In this paper, we propose a game-based defense approach to resist such data poisoning attacks in DP-based crowdsensing systems. In this approach, attackers are believed to be powerful as they can refine their attack strategy based on the observations of deployed defenders' defense strategy. Specifically, the defenders formulate the defense as a functional minimization problem (which cannot be directly solved by numerical optimization algorithms because its decision variable is a set of functions), resisting data poisoning attacks by deleting data shared by identified malicious workers through the log-likelihood ratio test. To obtain a current defense strategy, the decision variable of the problem is relaxed into the coefficients of basis-based linear combinations through the variable-basis approximation, and then solved using the simulated annealing genetic algorithm. Correspondingly, the attackers formulate their attack strategy as a bi-level maximization problem (which is an NP-hard problem), biasing crowdsensing results as much as possible while remaining undetected. Since the attackers can know the defense strategy, they may bypass the defenders by constraining the expected log-likelihood ratio test. Additionally, the attackers can evade truth discovery methods deployed in crowdsensing using DP noise. To determine a current attack strategy, the bi-level problem is decomposed into upper-level and lower-level sub-problems, wherein the upper-level sub-problem is solved by the variational methods, and then these sub-problems are alternately optimized. Finally, we propose a local minimax points calculating algorithm to obtain an equilibrium point in the defenders-attackers game, thereby finding an optimal defense strategy to resist the powerful data poisoning attack. Extensive experiments on real-world and synthetic datasets show that the proposed game-based defense approach can effectively defend powerful and covert attackers.

Chenglin Miao,Qi Li,Lü Su,Mengdi Huai,Wenjun Jiang,Jing Gao

DOI: https://doi.org/10.1145/3178876.3186032

2018-01-01

Abstract:As an effective way to solicit useful information from the crowd, crowdsourcing has emerged as a popular paradigm to solve challenging tasks. However, the data provided by the participating workers are not always trustworthy. In real world, there may exist malicious workers in crowdsourcing systems who conduct the data poisoning attacks for the purpose of sabotage or financial rewards. Although data aggregation methods such as majority voting are conducted on workers» labels in order to improve data quality, they are vulnerable to such attacks as they treat all the workers equally. In order to capture the variety in the reliability of workers, the Dawid-Skene model, a sophisticated data aggregation method, has been widely adopted in practice. By conducting maximum likelihood estimation (MLE) using the expectation maximization (EM) algorithm, the Dawid-Skene model can jointly estimate each worker»s reliability and conduct weighted aggregation, and thus can tolerate the data poisoning attacks to some degree. However, the Dawid-Skene model still has weakness. In this paper, we study the data poisoning attacks against such crowdsourcing systems with the Dawid-Skene model empowered. We design an intelligent attack mechanism, based on which the attacker can not only achieve maximum attack utility but also disguise the attacking behaviors. Extensive experiments based on real-world crowdsourcing datasets are conducted to verify the desirable properties of the proposed mechanism.

Mohan Li,Yanbin Sun,Hui Lu,Sabita Maharjan,Zhihong Tian

DOI: https://doi.org/10.1109/jiot.2019.2962914

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:Crowdsensing systems collect various types of data from sensors embedded on mobile devices owned by individuals. These individuals are commonly referred to as workers that complete tasks published by crowdsensing systems. Because of the relative lack of control over worker identities, crowdsensing systems are susceptible to data poisoning attacks which interfering with data analysis results by injecting fake data conflicting with ground truth. Frameworks like TruthFinder can resolve data conflicts by evaluating the trustworthiness of the data providers. These frameworks somehow make crowdsensing systems more robust since they can limit the impact of dirty data by reducing the value of unreliable workers. However, previous work has shown that TruthFinder may also be affected by the data poisoning attack when the malicious workers have access to global information. In this article, we focus on partially observable data poisoning attacks in crowdsensing systems. We show that even if the malicious workers only have access to local information, they can find effective data poisoning attack strategies to interfere with crowdsensing systems with TruthFinder. First, we formally model the problem of partially observable data poisoning attack against crowdsensing systems. Then, we propose a data poisoning attack method based on deep reinforcement learning, which helps malicious workers jeopardize with TruthFinder while hiding themselves. Based on the method, the malicious workers can learn from their attack attempts and evolve the poisoning strategies continuously. Finally, we conduct experiments on real-life data sets to verify the effectiveness of the proposed method.

Yang Ba,Michelle V. Mancenido,Erin K. Chiou,Rong Pan

2024-04-04

Abstract:As crowdsourcing emerges as an efficient and cost-effective method for obtaining labels for machine learning datasets, it is important to assess the quality of crowd-provided data, so as to improve analysis performance and reduce biases in subsequent machine learning tasks. Given the lack of ground truth in most cases of crowdsourcing, we refer to data quality as annotators' consistency and credibility. Unlike the simple scenarios where Kappa coefficient and intraclass correlation coefficient usually can apply, online crowdsourcing requires dealing with more complex situations. We introduce a systematic method for evaluating data quality and detecting spamming threats via variance decomposition, and we classify spammers into three categories based on their different behavioral patterns. A spammer index is proposed to assess entire data consistency and two metrics are developed to measure crowd worker's credibility by utilizing the Markov chain and generalized random effects models. Furthermore, we showcase the practicality of our techniques and their advantages by applying them on a face verification task with both simulation and real-world data collected from two crowdsourcing platforms.

Human-Computer Interaction,Machine Learning,Applications

Guang Yang,Shibo He,Junshan Zhang,Zhiguo Shi

DOI: https://doi.org/10.1109/tvt.2019.2950907

IF: 6.8

2019-01-01

IEEE Transactions on Vehicular Technology

Abstract:Crowdsensing has been recognized as a promising data collection paradigm, in which a platform outsources sensing tasks to a large number of users. However, requesting users to report raw data may give rise to many practical concerns, such as a significant overhead of communication and central processing, besides users' privacy concerns. In many scenarios (e.g, advertising and recommendation), the data collector directly benefits from statistical aggregation of raw data. Thus motivated, we consider the data collection problem based on user's local histograms, which is intimately related to the fundamental trade-off between the platform's accuracy and users' privacy. Because of users' social relationship, their data are often correlated, indicating that users' privacy may be leaked from others' data. To tackle this challenge, we first utilize Gaussian Markov random fields to model the correlation structure embedded in users' data. The data collection is modeled as a Stackelberg game where the platform decides its reward policy and users decide their noise levels while taking into account the social coupling among users. For the reward policy design, we first establish the relationship between users' Nash equilibrium and the payment mechanism, and then optimize the platform's accuracy under a budget constraint. Further, since the noise levels are users' private information, they may use falsified noise levels to achieve higher payoffs, which in turn impairs the crowdsensing performance. It turns out that with the insight into the correlation structure among users' data, the information asymmetry can be overcome based on peer prediction. We revisit the payment mechanism to guarantee dominant truthfulness of each user's strategy. Theoretical analysis and numerical results demonstrate the effectiveness of the proposed mechanism.

Zhetao Li,Zhirun Zheng,Suiming Guo,Bin Guo,Fu Xiao,Kui Ren

DOI: https://doi.org/10.1109/tmc.2022.3173642

IF: 6.075

2022-01-01

IEEE Transactions on Mobile Computing

Abstract:Although crowdsensing has emerged as a popular information collection paradigm, its security and privacy vulnerabilities have come to the forefront in recent years. However, one big limitation of previous research is that the security domain and the privacy domain are typically considered separately. Therefore, it is unclear whether the defense methods in the privacy domain will have unexpected impact on the security domain. To bridge this gap, in this paper, we propose a novel Disguise-based Data Poisoning Attack (DDPA) against the differentially private crowdsensing systems empowered with the truth discovery method. Specifically, we propose a novel stealth strategy, i.e., disguising the malicious behavior as privacy behavior, to avoid being detected by truth discovery methods. With this stealth strategy, the shortcoming of failing to maximize the attack effectiveness is avoided naturally through structuring a bi-level optimization problem, which can be solved with the alternating optimization algorithm. Moreover, we show that the differentially private crowdsensing systems are vulnerable to data poisoning attacks, and enhancing the level of privacy will bring more serious security threats. Finally, the evaluation results on the real-world dataset Emotion and the synthetic dataset SynData demonstrate that DDPA can not only achieve maximum utility damage but also remain undetected.

Guang Yang,Shibo He,Zhiguo Shi

DOI: https://doi.org/10.1109/jiot.2016.2560518

IF: 10.6

2016-01-01

IEEE Internet of Things Journal

Abstract:The past few years have witnessed the dramatic popularity of large-scale social networks where malicious nodes detection is one of the fundamental problems. Most existing works focus on actively detecting malicious nodes by verifying signal correlation or behavior consistency. It may not work well in large-scale social networks since the number of users is extremely large and the difference between normal users and malicious users is inconspicuous. In this paper, we propose a novel approach that leverages the power of users to perform the detection task. We design incentive mechanisms to encourage the participation of users under two scenarios: 1) full information and 2) partial information. In full information scenario, we design a specific incentive scheme for users according to their preferences, which can provide the desirable detection result and minimize overall cost. In partial information scenario, assuming that we only have statistical information about users, we first transform the incentive mechanism design to an optimization problem, and then design the optimal incentive scheme under different system parameters by solving the optimization problem. We perform extensive simulations to validate the analysis and demonstrate the impact of system factors on the overall cost.

Ping Zhao,Hongbo Jiang,Jie Li,Zhu Xiao,Daibo Liu,Ju Ren,Deke Guo

DOI: https://doi.org/10.1109/tnse.2021.3103919

IF: 6.6

2021-07-01

IEEE Transactions on Network Science and Engineering

Abstract:Location data are often aggregated to support a wide range of applications, such as mobility management, point-of-interest recommendation, map inferences, and so on. However, these aggregated results might suffer from poisoning attacks when adversaries deliberately send poisoned locations to the aggregator, namely, garbage in, garbage out. Most existing work focuses on poisoning attacks in anomaly detection, crowd sensing, recommendation, and machine learning models. One observation motivating our work is that poisoning attacks in the context of data aggregation introduce new challenges along with distinguished features compared to anomaly detection, recommendation systems and machine learning models. As such, in this paper, we concentrate on the inputs to data aggregation and introduce the first optimal attack framework that launches poisoning attacks on location data aggregation (PALDA) and disguises the attacking behaviors. Specifically, we first formalize the poisoning attack as a min-max optimization problem and then design an iterative algorithm to address the optimization problem. Moreover, we theoretically prove the convergence of the proposed optimization algorithm and extend the attack strategy optimization to more practical settings where PALDA is applicable to any linear decomposable aggregation model executed by an aggregator. Finally, simulations on six real-world mobility datasets have demonstrated the risks entailed by poisoning attacks with data aggregation.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Lei Yang,Mengyuan Zhang,Shibo He,Ming Li,Junshan Zhang

DOI: https://doi.org/10.1145/3209582.3209598

2018-01-01

Abstract:We develop an auction framework for privacy-preserving data aggregation in mobile crowdsensing, where the platform plays the role as an auctioneer to recruit workers for a sensing task. In this framework, the workers are allowed to report privacy-preserving versions of their data to protect their data privacy; and the platform selects workers based on their sensing capabilities, which aims to address the drawbacks of game-theoretic models that cannot ensure the accuracy level of the aggregated result, due to the existence of multiple Nash Equilibria. Observe that in this auction based framework, there exists externalities among workers' data privacy, because the data privacy of each worker depends on both her injected noise and the total noise in the aggregated result that is intimately related to which workers are selected to fulfill the task. To achieve a desirable accuracy level of the data aggregation in a cost-effective manner, we explicitly characterize the externalities, i.e., the impact of the noise added by each worker on both the data privacy and the accuracy of the aggregated result. Further, we explore the problem structure, characterize the hidden monotonicity property of the problem, and determine the critical bid of workers, which makes it possible to design a truthful, individually rational and computationally efficient incentive mechanism. The proposed incentive mechanism can recruit a set of workers to approximately minimize the cost of purchasing private sensing data from workers subject to the accuracy requirement of the aggregated result. We validate the proposed scheme through theoretical analysis as well as extensive simulations.

Pang Wei Koh,Jacob Steinhardt,Percy Liang

DOI: https://doi.org/10.48550/arXiv.1811.00741

2021-12-03

Abstract:Machine learning models trained on data from the outside world can be corrupted by data poisoning attacks that inject malicious points into the models' training sets. A common defense against these attacks is data sanitization: first filter out anomalous training points before training the model. In this paper, we develop three attacks that can bypass a broad range of common data sanitization defenses, including anomaly detectors based on nearest neighbors, training loss, and singular-value decomposition. By adding just 3% poisoned data, our attacks successfully increase test error on the Enron spam detection dataset from 3% to 24% and on the IMDB sentiment classification dataset from 12% to 29%. In contrast, existing attacks which do not explicitly account for these data sanitization defenses are defeated by them. Our attacks are based on two ideas: (i) we coordinate our attacks to place poisoned points near one another, and (ii) we formulate each attack as a constrained optimization problem, with constraints designed to ensure that the poisoned points evade detection. As this optimization involves solving an expensive bilevel problem, our three attacks correspond to different ways of approximating this problem, based on influence functions; minimax duality; and the Karush-Kuhn-Tucker (KKT) conditions. Our results underscore the need to develop more robust defenses against data poisoning attacks.

Machine Learning,Cryptography and Security

Jialin Wen,Benjamin Zi Hao Zhao,Minhui Xue,Alina Oprea,Haifeng Qian

DOI: https://doi.org/10.48550/arXiv.2006.11928

2021-05-19

Abstract:With the rise of third parties in the machine learning pipeline, the service provider in "Machine Learning as a Service" (MLaaS), or external data contributors in online learning, or the retraining of existing models, the need to ensure the security of the resulting machine learning models has become an increasingly important topic. The security community has demonstrated that without transparency of the data and the resulting model, there exist many potential security risks, with new risks constantly being discovered. In this paper, we focus on one of these security risks -- poisoning attacks. Specifically, we analyze how attackers may interfere with the results of regression learning by poisoning the training datasets. To this end, we analyze and develop a new poisoning attack algorithm. Our attack, termed Nopt, in contrast with previous poisoning attack algorithms, can produce larger errors with the same proportion of poisoning data-points. Furthermore, we also significantly improve the state-of-the-art defense algorithm, termed TRIM, proposed by Jagielsk et al. (IEEE S&P 2018), by incorporating the concept of probability estimation of clean data-points into the algorithm. Our new defense algorithm, termed Proda, demonstrates an increased effectiveness in reducing errors arising from the poisoning dataset through optimizing ensemble models. We highlight that the time complexity of TRIM had not been estimated; however, we deduce from their work that TRIM can take exponential time complexity in the worst-case scenario, in excess of Proda's logarithmic time. The performance of both our proposed attack and defense algorithms is extensively evaluated on four real-world datasets of housing prices, loans, health care, and bike sharing services. We hope that our work will inspire future research to develop more robust learning algorithms immune to poisoning attacks.

Cryptography and Security,Machine Learning

Yanxu Zhu,Hong Wen,Runhui Zhao,Yixin Jiang,Qiang Liu,Peng Zhang

DOI: https://doi.org/10.3390/s23094509

IF: 3.9

2023-05-05

Sensors

Abstract:Data poisoning attack is a well-known attack against machine learning models, where malicious attackers contaminate the training data to manipulate critical models and predictive outcomes by masquerading as terminal devices. As this type of attack can be fatal to the operation of a smart grid, addressing data poisoning is of utmost importance. However, this attack requires solving an expensive two-level optimization problem, which can be challenging to implement in resource-constrained edge environments of the smart grid. To mitigate this issue, it is crucial to enhance efficiency and reduce the costs of the attack. This paper proposes an online data poisoning attack framework based on the online regression task model. The framework achieves the goal of manipulating the model by polluting the sample data stream that arrives at the cache incrementally. Furthermore, a point selection strategy based on sample loss is proposed in this framework. Compared to the traditional random point selection strategy, this strategy makes the attack more targeted, thereby enhancing the attack’s efficiency. Additionally, a batch-polluting strategy is proposed in this paper, which synchronously updates the poisoning points based on the direction of gradient ascent. This strategy reduces the number of iterations required for inner optimization and thus reduces the time overhead. Finally, multiple experiments are conducted to compare the proposed method with the baseline method, and the evaluation index of loss over time is proposed to demonstrate the effectiveness of the method. The results show that the proposed method outperforms the existing baseline method in both attack effectiveness and overhead.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yanxu Zhu,Hong Wen,Jinsong Wu,Runhui Zhao

DOI: https://doi.org/10.3934/mbe.2023788

2023-09-15

Abstract:The deep integration of edge computing and Artificial Intelligence (AI) in IoT (Internet of Things)-enabled smart cities has given rise to new edge AI paradigms that are more vulnerable to attacks such as data and model poisoning and evasion of attacks. This work proposes an online poisoning attack framework based on the edge AI environment of IoT-enabled smart cities, which takes into account the limited storage space and proposes a rehearsal-based buffer mechanism to manipulate the model by incrementally polluting the sample data stream that arrives at the appropriately sized cache. A maximum-gradient-based sample selection strategy is presented, which converts the operation of traversing historical sample gradients into an online iterative computation method to overcome the problem of periodic overwriting of the sample data cache after training. Additionally, a maximum-loss-based sample pollution strategy is proposed to solve the problem of each poisoning sample being updated only once in basic online attacks, transforming the bi-level optimization problem from offline mode to online mode. Finally, the proposed online gray-box poisoning attack algorithms are implemented and evaluated on edge devices of IoT-enabled smart cities using an online data stream simulated with offline open-grid datasets. The results show that the proposed method outperforms the existing baseline methods in both attack effectiveness and overhead.

Ming-Hsun Yang,Y. -W. Peter Hong,Tsang-Yi Wang,Jwo-Yuh Wu

DOI: https://doi.org/10.1109/icc.2019.8761925

2019-01-01

Abstract:This work proposes efficient methods for the detection of malicious crowdsourcing workers using only privacy-aware group queries. In the proposed system, the crowdsourcing platform first issues a series of standard tasks to the workers, and allows users (i.e., data owners) to access aggregate responses from the workers through group queries that can be described by sparse encoding vectors. The identities of workers associated with individual responses are not explicitly revealed. By exploiting the sparse nature of the encoding vectors, we first propose an approximate maximum a posteriori probability (Approx. MAP) detector to perform the detection. Then, to further reduce computational complexity, we devise a generalized likelihood ratio test (GLRT) where probable malicious workers are first identified before a simple hypothesis test is performed. The identification of malicious workers is performed by a low-complexity probability-based rule that exploits a certain sparse structure inherent in the crowd data as well as the associated statistical assumptions. Computer simulations show that the proposed methods outperform the conventional energy detector.

Yang Liu,Mingyan Liu

DOI: https://doi.org/10.1145/2796314.2745874

2015-06-24

ACM SIGMETRICS Performance Evaluation Review

Abstract:We consider a crowd-sourcing problem where in the process of labeling massive datasets, multiple labelers with unknown annotation quality must be selected to perform the labeling task for each incoming data sample or task, with the results aggregated using for example simple or weighted majority voting rule. In this paper we approach this labeler selection problem in an online learning framework, whereby the quality of the labeling outcome by a specific set of labelers is estimated so that the learning algorithm over time learns to use the most effective combinations of labelers. This type of online learning in some sense falls under the family of multi-armed bandit (MAB) problems, but with a distinct feature not commonly seen: since the data is unlabeled to begin with and the labelers' quality is unknown, their labeling outcome (or reward in the MAB context) cannot be directly verified; it can only be estimated against the crowd and known probabilistically. We design an efficient online algorithm LS_OL using a simple majority voting rule that can differentiate high- and low-quality labelers over time, and is shown to have a regret (w.r.t. always using the optimal set of labelers) of O(log 2 T) uniformly in time under mild assumptions on the collective quality of the crowd, thus regret free in the average sense. We discuss performance improvement by using a more sophisticated majority voting rule, and show how to detect and filter out "bad" (dishonest, malicious or very incompetent) labelers to further enhance the quality of crowd-sourcing. Extension to the case when a labeler's quality is task-type dependent is also discussed using techniques from the literature on continuous arms. We present numerical results using both simulation and a real dataset on a set of images labeled by Amazon Mechanic Turks (AMT).

Qianqian Xu,Jiechao Xiong,Xiaochun Cao,Yuan Yao

DOI: https://doi.org/10.48550/arXiv.1605.05860

2016-06-16

Abstract:With the rapid growth of crowdsourcing platforms it has become easy and relatively inexpensive to collect a dataset labeled by multiple annotators in a short time. However due to the lack of control over the quality of the annotators, some abnormal annotators may be affected by position bias which can potentially degrade the quality of the final consensus labels. In this paper we introduce a statistical framework to model and detect annotator's position bias in order to control the false discovery rate (FDR) without a prior knowledge on the amount of biased annotators - the expected fraction of false discoveries among all discoveries being not too high, in order to assure that most of the discoveries are indeed true and replicable. The key technical development relies on some new knockoff filters adapted to our problem and new algorithms based on the Inverse Scale Space dynamics whose discretization is potentially suitable for large scale crowdsourcing data analysis. Our studies are supported by experiments with both simulated examples and real-world data. The proposed framework provides us a useful tool for quantitatively studying annotator's abnormal behavior in crowdsourcing data arising from machine learning, sociology, computer vision, multimedia, etc.

Machine Learning