Robust Decentralized Online Learning against Targeted and Untargeted Malicious Data Feature Manipulation

Motivated by real-world applications, we study the problem of decentralized online learning with dynamic feedback delays in the presence of malicious data generators under different threat models. In this problem, multiple agents collaborate to classify the features of streaming data samples generated online and receive dynamically delayed feedback on the ground-truth labels. While some data generators are benign, others—due to internal motives or external factors such as cyberattacks—may maliciously manipulate data features to compromise the classification performance. In this work, we first investigate the targeted attacks by malicious data generators, i.e., feature manipulation with aims to gain preferred classification outcomes from the agents. In response, we propose two robust algorithms, RDOC-TO and RDOC-TC, countering ordinary and clairvoyant adversaries that can access certain outdated and the latest classification models of the agents, respectively. Subsequently, we address the untargeted attacks by malicious data generators, which aim to disrupt the classification outcomes without targeting any particular class, by proposing another algorithm, RDOC-U. Our theoretical analysis establishes that all three proposed algorithms achieve sublinear regret bounds. The evaluations conducted in the application of network traffic classification with two real-world datasets demonstrate the competitiveness of the proposed algorithms compared to advanced baselines.