Adversarial Classification under Gaussian Mechanism: Calibrating the Attack to Sensitivity

TL;DR

This paper analyzes how adversaries can exploit Gaussian-based differential privacy mechanisms for undetected data manipulation, introducing new thresholds and a Chernoff information-based privacy metric to improve attack detection and privacy guarantees.

Contribution

It provides the first characterization of statistical and information-theoretic attack thresholds under Gaussian DP and proposes a novel Chernoff information-based privacy metric.

Findings

Identifies thresholds for undetectable adversarial attacks.

Introduces a new Chernoff information-based privacy metric.

Supports analytical results with numerical evaluations.

Abstract

This work studies anomaly detection under differential privacy (DP) with Gaussian perturbation using both statistical and information-theoretic tools. In our setting, the adversary aims to modify the content of a statistical dataset by inserting additional data without being detected by using the DP guarantee to her own benefit. To this end, we characterize information-theoretic and statistical thresholds for the first and second-order statistics of the adversary's attack, which balances the privacy budget and the impact of the attack in order to remain undetected. Additionally, we introduce a new privacy metric based on Chernoff information for classifying adversaries under differential privacy as a stronger alternative to $(\epsilon, \delta)-$ and Kullback-Leibler DP for the Gaussian mechanism. Analytical results are supported by numerical evaluations.