Provably Reliable Conformal Prediction Sets in the Presence of Data Poisoning
Yan Scholten, Stephan G\"unnemann
TL;DR
This paper introduces reliable conformal prediction sets that maintain coverage guarantees even under data poisoning attacks by using aggregation methods on predictions from multiple data partitions.
Contribution
It proposes the first efficient method for conformal prediction with provable reliability under poisoning, using smoothed scores and multiple calibration sets.
Findings
Achieves strong reliability under poisoning attacks
Maintains coverage and utility on clean data
Validates approach on image classification tasks
Abstract
Conformal prediction provides model-agnostic and distribution-free uncertainty quantification through prediction sets that are guaranteed to include the ground truth with any user-specified probability. Yet, conformal prediction is not reliable under poisoning attacks where adversaries manipulate both training and calibration data, which can significantly alter prediction sets in practice. As a solution, we propose reliable prediction sets (RPS): the first efficient method for constructing conformal prediction sets with provable reliability guarantees under poisoning. To ensure reliability under training poisoning, we introduce smoothed score functions that reliably aggregate predictions of classifiers trained on distinct partitions of the training data. To ensure reliability under calibration poisoning, we construct multiple prediction sets, each calibrated on distinct subsets of the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNeural Networks and Applications · Anomaly Detection Techniques and Applications