Ease.ML/Snoopy: Towards Automatic Feasibility Studies for ML via Quantitative Understanding of "Data Quality for ML"

“…The notion of lowest possible error generalizes the framework proposed by Cai et al [7] in that the lowest error is naturally achieved if the features of all website are indistinguishable. Estimating the BER or its bounds using finite datasets is an extensively researched problem in the field of machine learning [5,12,15,19,20,50,55,61]. Inspired by Cover and Hart [12], Cherubin reduces the WF problem to a classification task and leverages the error of the Nearest Neighbor classifier as a proxy to estimate the lower bound for the error of any potential classifier used on predefined features.…”

“…Guided by the reasoning in observation (2) and the fact that the sum of finite-sample bias and transformation bias are positive and typically strictly larger than the tightness of the lower bound estimate, it is natural that even without having knowledge of the additional induced biases the NN-based estimators can only benefit from deterministic feature transformations in the finite-sample case. A natural consequence of this is that one can simply achieve a better estimate of the BER by not only inspecting a single representation, but rather try many different transformations and report the minimal achieved BER [55]. Note that a theoretical counterpart for NN-based MI estimators (e.g., negative finite-sample bias) is missing.…”

“…We use the original attacks/defenses with their recommended parameters, i.e., we perform no parameter tuning (Appendix B). We also implemented the kNN-based BER estimator proposed by Renggli et al [55].…”

DeepSE-WF: Unified Security Estimation for Website Fingerprinting Defenses

“…The notion of lowest possible error generalizes the framework proposed by Cai et al [7] in that the lowest error is naturally achieved if the features of all website are indistinguishable. Estimating the BER or its bounds using finite datasets is an extensively researched problem in the field of machine learning [5,12,15,19,20,50,55,61]. Inspired by Cover and Hart [12], Cherubin reduces the WF problem to a classification task and leverages the error of the Nearest Neighbor classifier as a proxy to estimate the lower bound for the error of any potential classifier used on predefined features.…”

“…Guided by the reasoning in observation (2) and the fact that the sum of finite-sample bias and transformation bias are positive and typically strictly larger than the tightness of the lower bound estimate, it is natural that even without having knowledge of the additional induced biases the NN-based estimators can only benefit from deterministic feature transformations in the finite-sample case. A natural consequence of this is that one can simply achieve a better estimate of the BER by not only inspecting a single representation, but rather try many different transformations and report the minimal achieved BER [55]. Note that a theoretical counterpart for NN-based MI estimators (e.g., negative finite-sample bias) is missing.…”

“…We use the original attacks/defenses with their recommended parameters, i.e., we perform no parameter tuning (Appendix B). We also implemented the kNN-based BER estimator proposed by Renggli et al [55].…”

DeepSE-WF: Unified Security Estimation for Website Fingerprinting Defenses