## Abstract

Random sampling is a fundamental primitive in modern algorithms, statistics, and machine learning, used as a generic method to obtain a small yet "representative" subset of the data. In this work, we investigate the robustness of sampling against adaptive adversarial attacks in a streaming setting: An adversary sends a stream of elements from a universe U to a sampling algorithm (e.g., Bernoulli sampling or reservoir sampling), with the goal of making the sample "very unrepresentative" of the underlying data stream. The adversary is fully adaptive in the sense that it knows the exact content of the sample at any given point along the stream, and can choose which element to send next accordingly, in an online manner. Well-known results in the static setting indicate that if the full stream is chosen in advance (non-adaptively), then a random sample of size ω(d/ϵ2) is an ϵ-approximation of the full data with good probability, where d is the VC-dimension of the underlying set system (U, R). Does this sample size suffice for robustness against an adaptive adversary? The simplistic answer is negative : We demonstrate a set system where a constant sample size (corresponding to a VC-dimension of 1) suffices in the static setting, yet an adaptive adversary can make the sample very unrepresentative, as long as the sample size is (strongly) sublinear in the stream length, using a simple and easy-to-implement attack. However, this attack is "theoretical only", requiring the set system size to (essentially) be exponential in the stream length. This is not a coincidence: We show that in order to make the sampling algorithm robust against adaptive adversaries, the modification required is solely to replace the VC-dimension term d in the sample size with the cardinality term log |R|. That is, the Bernoulli and reservoir sampling algorithms with sample size ω(log |R|/ϵ2) output a representative sample of the stream with good probability, even in the presence of an adaptive adversary. This nearly matches the bound imposed by the attack.

Original language | English |
---|---|

Title of host publication | PODS 2020 - Proceedings of the 39th ACM SIGMOD-SIGACT-SIGAI Symposium on Principles of Database Systems |

Publisher | Association for Computing Machinery |

Pages | 49-62 |

Number of pages | 14 |

ISBN (Electronic) | 9781450371087 |

DOIs | |

State | Published - 14 Jun 2020 |

Externally published | Yes |

Event | 39th ACM SIGMOD-SIGACT-SIGAI Symposium on Principles of Database Systems, PODS 2020 - Portland, United States Duration: 14 Jun 2020 → 19 Jun 2020 |

### Publication series

Name | Proceedings of the ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems |
---|

### Conference

Conference | 39th ACM SIGMOD-SIGACT-SIGAI Symposium on Principles of Database Systems, PODS 2020 |
---|---|

Country/Territory | United States |

City | Portland |

Period | 14/06/20 → 19/06/20 |

### Bibliographical note

Publisher Copyright:© 2020 Proceedings of the ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems. All rights reserved.

## Keywords

- adversarial model
- random sampling
- streaming
- ϵ-approximation