Keyed Non-Parametric Hypothesis Tests

TL;DR

This paper introduces keyed non-parametric hypothesis tests as a novel defense mechanism against poisoning attacks in machine learning, leveraging secret keys to prevent adversaries from misleading the tests.

Contribution

It proposes a new primitive that enhances hypothesis testing security by incorporating secret keys, providing a robust method to detect tampered datasets under adversarial conditions.

Findings

The keyed tests effectively detect tampered datasets.

The approach prevents adversaries from misleading the test conclusions.

It offers a new direction for AI security against poisoning attacks.

Abstract

The recent popularity of machine learning calls for a deeper understanding of AI security. Amongst the numerous AI threats published so far, poisoning attacks currently attract considerable attention. In a poisoning attack the opponent partially tampers the dataset used for learning to mislead the classifier during the testing phase. This paper proposes a new protection strategy against poisoning attacks. The technique relies on a new primitive called keyed non-parametric hypothesis tests allowing to evaluate under adversarial conditions the training input's conformance with a previously learned distribution $\mathfrak{D}$. To do so we use a secret key $\kappa$ unknown to the opponent. Keyed non-parametric hypothesis tests differs from classical tests in that the secrecy of $\kappa$ prevents the opponent from misleading the keyed test into concluding that a (significantly) tampered dataset belongs to $\mathfrak{D}$.