Mistake, Manipulation and Margin Guarantees in Online Strategic Classification

TL;DR

This work studies online binary classification when arriving agents can manipulate their features at a cost, with the learner only observing manipulated inputs. It introduces three algorithms that extend max-margin ideas to the strategic setting, notably leveraging proxy data derived from agent responses to recover the maximum-margin classifier on true features. The authors prove finite-mistake and finite-manipulation guarantees for the general norm-cost setting and provide convergence results to the maximum-margin solution under i.i.d. data, along with necessity results showing the critical role of margin and norm assumptions. Empirically, the proposed methods outperform earlier strategic perceptron approaches in terms of margin, manipulation, and mistake counts on real (Prosper loan) and synthetic data, indicating practical viability for truthful and robust online decision rules.

Abstract

We consider an online strategic classification problem where each arriving agent can manipulate their true feature vector to obtain a positive predicted label, while incurring a cost that depends on the amount of manipulation. The learner seeks to predict the agent's true label given access to only the manipulated features. After the learner releases their prediction, the agent's true label is revealed. Previous algorithms such as the strategic perceptron guarantee finitely many mistakes under a margin assumption on agents' true feature vectors. However, these are not guaranteed to encourage agents to be truthful. Promoting truthfulness is intimately linked to obtaining adequate margin on the predictions, thus we provide two new algorithms aimed at recovering the maximum margin classifier in the presence of strategic agent behavior. We prove convergence, finite mistake and finite manipulation guarantees for a variety of agent cost structures. We also provide generalized versions of the strategic perceptron with mistake guarantees for different costs. Our numerical study on real and synthetic data demonstrates that the new algorithms outperform previous ones in terms of margin, number of manipulation and number of mistakes.

Figures (15)

• Figure 1: Illustration for the response $r(A,y,b)$ and proxy $s(A,y,b)$. In both figures, the solid blue line represents the maximum margin hyperplane $y_*^\top x + b_* = 0$ which separates the positive and negative agents. The blue points have label $+1$ while red points have label $-1$. The dashed gray line represents the hyperplane $y^\top x + b = \frac{2}{c} \|y\|_*$, which is the decision boundary of the classifier $x\mapsto \mathop{\mathrm{sign}}\nolimits(y^\top x + b - \frac{2}{c} \|y\|_*) = \mathop{\mathrm{\widetilde{label}}}\nolimits(x,y,b)$ being presented to the agents. The gray shaded region represents the $0 \leq y^\top x + b < \frac{2}{c} \|y\|_*$ region, i.e., it is the region in which the agents will manipulate their feature vectors. In the left figure, solid-colored and dashed points denote the true feature vectors $A$ of agents. The solid points fall outside the gray region, thus those agents will not manipulate their feature vectors. Dashed points fall inside the gray region, thus the agents in this region will manipulate to the light-shaded colored points (i.e., $r(A,y,b)$) which lie on the dashed gray line $y^\top x + b = \frac{2}{c} \|y\|_*$. Notice that the true label of the three shaded red points is $-1$, however by manipulating to the dashed gray line, they will instead be classified with an incorrect label of $+1$. On the other hand, the dashed blue point has true label $+1$, and if it does not manipulate, it would be given an incorrect label of $-1$; however, by manipulating to the light-shaded blue point, it is classified with its correct $+1$ label. In the right figure, the solid and light-shaded colored points show the agents' response vectors; note that this is all that is available to the learner, as the true feature vectors (dashed points on the left figure) are not revealed. The learner then constructs the proxy data points, which are the solid gray points. Notice that the positive manipulated point (on the blue side) is the same as the response vector, but the three manipulated negative points (on the red side) are shifted back to the line $y^\top x + b = 0$.
• Figure 2: Illustration for \ref{['lem:margin-prod']} where $\|\cdot\|=\|\cdot\|_2$.
• Figure 3: Distance $\left\|\frac{(y_t,b_t)}{\|y_t\|_2} - \frac{(y_*,b_*)}{\|y_*\|_2}\right\|_2$ between $(y_*,b_*)$ and $(y_t,b_t)$ normalized by $y_*$ and $y_t$ respectively for \ref{['alg:projected-perceptron', 'alg:data-driven', 'alg:data-driven-subgradient-averaging']} on loan data, with different margins $\rho\in\{0.01, 0.02, 0.04\}$, $2/c\in\{0.8\rho, \rho, 1.2\rho\}$, and $\sigma=0$.
• Figure 4: Distance $\left\|\frac{(y_t,b_t)}{\|y_t\|_2} - \frac{(y_*,b_*)}{\|y_*\|_2}\right\|_2$ and margin $h(y_*,b_*;\mathcal{A}^+,\mathcal{A}^-) - h(y_t,b_t;\mathcal{A}^+,\mathcal{A}^-)$ for \ref{['alg:projected-perceptron', 'alg:data-driven', 'alg:data-driven-subgradient-averaging']} on loan data for two rounds, with $\rho=0.01$, $2/c=0.8\rho$, and $\sigma=0$.
• Figure 5: Distance $\left\|\frac{(y_t,b_t)}{\|y_t\|_2} - \frac{(y_*,b_*)}{\|y_*\|_2}\right\|_2$ between $(y_*,b_*)$ and $(y_t,b_t)$ normalized by $y_*$ and $y_t$ respectively for \ref{['alg:projected-perceptron', 'alg:data-driven', 'alg:data-driven-subgradient-averaging']} on loan data, with different margins $\rho\in\{0.01, 0.02, 0.04\}$ and $2/c\in\{0.8\rho, \rho, 1.2\rho\}$ and agent response noise level $\sigma=10^{-3}$.

Theorems & Definitions (61)

• lemma 1
• proof : Proof of \ref{['lem:offset-label']}
• definition 1
• example 1
• definition 2: Online strategic classification problem
• lemma 2
• proof : Proof of \ref{['lem:classifier-proxy-inner-product']}
• lemma 3
• proof : Proof of \ref{['lem:proxy-inclusion']}
• corollary 1