Source Distinguishability under Distortion-Limited Attack: an Optimal Transport Perspective

TL;DR

This paper studies how well two sources can be distinguished when an attacker can modify data within a distortion limit, using optimal transport theory to define a security margin that quantifies attack resilience.

Contribution

It introduces the concept of Security Margin for source distinguishability under attack, linking it to optimal transport and providing methods to compute it for various source classes.

Findings

Security Margin quantifies attack tolerance for source distinguishability.

Derived upper bounds for security margin with mean square error distortion.

Computed security margins for specific source classes.

Abstract

We analyze the distinguishability of two sources in a Neyman-Pearson set-up when an attacker is allowed to modify the output of one of the two sources subject to a distortion constraint. By casting the problem in a game-theoretic framework and by exploiting the parallelism between the attacker's goal and Optimal Transport Theory, we introduce the concept of Security Margin defined as the maximum average per-sample distortion introduced by the attacker for which the two sources can be distinguished ensuring arbitrarily small, yet positive, error exponents for type I and type II error probabilities. Several versions of the problem are considered according to the available knowledge about the sources and the type of distance used to define the distortion constraint. We compute the security margin for some classes of sources and derive a general upper bound assuming that the distortion is measured in terms of the mean square error between the original and the attacked sequence.