changed if man file

_posts/2024-10-07-ifman.md

@@ -10,7 +10,7 @@ authors:
 bibliography: blog_ifman.bib
 paper_url: https://arxiv.org/pdf/2409.05208
 code_url: https://github.com/infinite-pursuits/influence-based-attributions-can-be-manipulated
-description: Influence Functions are a standard tool for attributing predictions to training data in a principled manner and are widely used in applications such as data valuation and fairness. In this work, we present realistic incentives to manipulate influence-based attributions and investigate whether these attributions can be *systematically* tampered by an adversary. We show that this is indeed possible for logistic regression models trained on ResNet feature embeddings and standard tabular fairness datasets and provide efficient attacks with backward-friendly implementations. Our work raises questions on the reliability of influence-based attributions in adversarial circumstances. Code is available at [https://github.com/infinite-pursuits/influence-based-attributions-can-be-manipulated](https://github.com/infinite-pursuits/influence-based-attributions-can-be-manipulated).
+description: Influence Functions are a standard tool for attributing predictions to training data in a principled manner and are widely used in applications such as data valuation and fairness. In this work, we present realistic incentives to manipulate influence-based attributions and investigate whether these attributions can be systematically tampered by an adversary. We show that this is indeed possible for logistic regression models trained on ResNet feature embeddings and standard tabular fairness datasets and provide efficient attacks with backward-friendly implementations. Our work raises questions on the reliability of influence-based attributions in adversarial circumstances. Code is available at [https://github.com/infinite-pursuits/influence-based-attributions-can-be-manipulated](https://github.com/infinite-pursuits/influence-based-attributions-can-be-manipulated).
 
 
 ---
@@ -60,9 +60,10 @@ This contribution is of independent technical interest, as the literature has on
 
 All our experiments are on multi-class logistic regression models trained on ResNet50 embeddings for standard vision datasets. Our results are as follows.
 
-1. **Our Single-Target attack performs better than a non-influence Baseline.** Consider a non-influence baseline attack for increasing the importance of a training sample : reweigh the training loss, with a high weight on the loss for the target sample. Our attack has a significantly
+<ol>
+<li><strong>**Our Single-Target attack performs better than a non-influence Baseline.** Consider a non-influence baseline attack for increasing the importance of a training sample : reweigh the training loss, with a high weight on the loss for the target sample. Our attack has a significantly
 higher success rate as compared to the baseline with a much smaller accuracy drop under all
-settings, as shown in the table below.
+settings, as shown in the table below.</strong></li>
 
 <div class='l-body' align="center">
 <img class="img-fluid rounded z-depth-1" src="{{ site.baseurl }}/assets/img/2024-10-ifman/baselinevsours.png">
@@ -103,6 +104,7 @@ We also anticipate our attack to work better with smaller training sets, as ther
 
 For a logistic regression family of models and any target influence ranking $k\in\mathbb{N}$, there exists a training set $Z_{\rm train}$, test set $Z_{\rm test}$ and target sample $z_{\rm target} \in Z_{\rm train}$, such that no model in the family can have the target sample $z_{\rm target}$ in top- $k$ influence rankings.
 
+</ol>
 
 *Kindly check the paper for ablation study on our attack objective and more details on the experiments.*